1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "update_hap_token_test.h"
17 #include "gtest/gtest.h"
18 #include <thread>
19
20 #include "access_token.h"
21 #include "access_token_error.h"
22 #include "accesstoken_common_log.h"
23 #include "accesstoken_service_ipc_interface_code.h"
24 #include "nativetoken_kit.h"
25 #include "permission_grant_info.h"
26 #include "permission_state_change_info_parcel.h"
27 #include "string_ex.h"
28 #include "test_common.h"
29 #include "tokenid_kit.h"
30 #include "token_setproc.h"
31
32 using namespace testing::ext;
33 namespace OHOS {
34 namespace Security {
35 namespace AccessToken {
36 namespace {
37 static const std::string TEST_BUNDLE_NAME = "ohos";
38 static const int TEST_USER_ID = 0;
39 static const int THREAD_NUM = 3;
40 static constexpr int32_t CYCLE_TIMES = 100;
41 static const int INVALID_APPIDDESC_LEN = 10244;
42 static const int32_t INDEX_ZERO = 0;
43 static uint64_t g_selfTokenId = 0;
44 static constexpr int32_t API_VERSION_EIGHT = 8;
45 const std::string APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM = "enterprise_mdm";
46 const std::string OVER_SIZE_STR =
47 "AAANSUhEUgAAABUAAAAXCAIAAABrvZPKAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAEXRFWHRTb2Z0d2FyZQBTbmlwYXN0ZV0Xzt0A"
48 "FBSURBVDiN7ZQ/S8NQFMVPxU/QCx06GBzrkqUZ42rBbHWUBDqYxSnUoTxXydCSycVsgltfBiFDR8HNdHGxY4nQQAPvMzwHsWn+KM"
49 "vj3He5vIaUEjV0UAfe85X83KMBT7N75JEXVdSlfEAVfPRyZ5yfIrBoUkVlMU82Hkp8wu9ddt1vFew4sIiIiKwgzcXIvN7GTZOvpZ"
50 "D3I1NZvmdCXz+XOv5wJANKHOVYjRTAghxIyh0FHKb+0QQH5+kXf2zkYGAG0oFr5RfnK8DAGkwY19wliRT2L448vjv0YGQFVa8VKd";
51 static MockNativeToken* g_mock;
52
53 PermissionStateFull g_infoManagerCameraState = {
54 .permissionName = "ohos.permission.CAMERA",
55 .isGeneral = true,
56 .resDeviceID = {"local2"},
57 .grantStatus = {PermissionState::PERMISSION_DENIED},
58 .grantFlags = {0}
59 };
60
61 PermissionStateFull g_infoManagerMicrophoneState = {
62 .permissionName = "ohos.permission.MICROPHONE",
63 .isGeneral = true,
64 .resDeviceID = {"local2"},
65 .grantStatus = {PermissionState::PERMISSION_DENIED},
66 .grantFlags = {0}
67 };
68
69 HapInfoParams g_testHapInfoParams = {
70 .userID = 0,
71 .bundleName = "UpdateHapTokenTest",
72 .instIndex = 0,
73 .appIDDesc = "UpdateHapTokenTest",
74 .apiVersion = TestCommon::DEFAULT_API_VERSION,
75 .isSystemApp = true,
76 .appDistributionType = ""
77 };
78
79 PermissionDef g_permDef = {
80 .permissionName = "ohos.permission.test1",
81 .bundleName = "accesstoken_test",
82 .grantMode = 1,
83 .availableLevel = APL_NORMAL,
84 .label = "label3",
85 .labelId = 1,
86 .description = "open the door",
87 .descriptionId = 1,
88 .availableType = MDM
89 };
90
91 HapPolicyParams g_testPolicyParams = {
92 .apl = APL_SYSTEM_CORE,
93 .domain = "test_domain",
94 .permList = { g_permDef },
95 .permStateList = { g_infoManagerCameraState, g_infoManagerMicrophoneState },
96 .aclRequestedList = {},
97 .preAuthorizationInfo = {}
98 };
99 };
100
SetUpTestCase()101 void UpdateHapTokenTest::SetUpTestCase()
102 {
103 g_selfTokenId = GetSelfTokenID();
104 TestCommon::SetTestEvironment(g_selfTokenId);
105
106 // native process with MANAGER_HAP_ID
107 g_mock = new (std::nothrow) MockNativeToken("foundation");
108 }
109
TearDownTestCase()110 void UpdateHapTokenTest::TearDownTestCase()
111 {
112 AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
113 AccessTokenKit::DeleteToken(tokenID);
114
115 tokenID = AccessTokenKit::GetHapTokenID(
116 g_testHapInfoParams.userID, g_testHapInfoParams.bundleName, g_testHapInfoParams.instIndex);
117 AccessTokenKit::DeleteToken(tokenID);
118
119 if (g_mock != nullptr) {
120 delete g_mock;
121 g_mock = nullptr;
122 }
123 EXPECT_EQ(0, SetSelfTokenID(g_selfTokenId));
124 TestCommon::ResetTestEvironment();
125 }
126
SetUp()127 void UpdateHapTokenTest::SetUp()
128 {
129 LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok.");
130 HapInfoParams info = {
131 .userID = TEST_USER_ID,
132 .bundleName = TEST_BUNDLE_NAME,
133 .instIndex = 0,
134 .appIDDesc = "appIDDesc",
135 .apiVersion = TestCommon::DEFAULT_API_VERSION
136 };
137
138 HapPolicyParams policy = {
139 .apl = APL_NORMAL,
140 .domain = "domain"
141 };
142 policy.permStateList.emplace_back(g_infoManagerCameraState);
143 policy.permStateList.emplace_back(g_infoManagerMicrophoneState);
144
145 AccessTokenIDEx tokenIdEx = {0};
146 EXPECT_EQ(RET_SUCCESS, TestCommon::AllocTestHapToken(info, policy, tokenIdEx));
147 ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx);
148 }
149
TearDown()150 void UpdateHapTokenTest::TearDown()
151 {
152 }
153
154 /**
155 * @tc.name: UpdateHapTokenFuncTest001
156 * @tc.desc: test update appIDDesc
157 * 1.appIDDesc = AccessTokenTestAppID.
158 * 2.appIDDesc = HapTokenTestAppID_1, Update success.
159 * @tc.type: FUNC
160 * @tc.require:
161 */
162 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest001, TestSize.Level1)
163 {
164 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenFuncTest001");
165
166 HapInfoParams infoParams;
167 HapPolicyParams policyParams;
168 TestCommon::GetHapParams(infoParams, policyParams);
169 AccessTokenIDEx fullTokenId;
170 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
171 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
172 ASSERT_NE(INVALID_TOKENID, tokenID);
173 UpdateHapInfoParams updateHapInfoParams = {
174 .appIDDesc = "HapTokenTestAppID_1",
175 .apiVersion = infoParams.apiVersion,
176 .isSystemApp = infoParams.isSystemApp,
177 .appDistributionType = infoParams.appDistributionType
178 };
179
180 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
181
182 HapTokenInfo hapInfo;
183 AccessTokenKit::GetHapTokenInfo(tokenID, hapInfo);
184 EXPECT_EQ(0, hapInfo.userID);
185 EXPECT_EQ("com.ohos.AccessTokenTestBundle", hapInfo.bundleName);
186 EXPECT_EQ(TestCommon::DEFAULT_API_VERSION, hapInfo.apiVersion);
187 EXPECT_EQ(0, hapInfo.instIndex);
188 EXPECT_EQ(tokenID, hapInfo.tokenID);
189 EXPECT_EQ(1, hapInfo.tokenAttr);
190
191 HapTokenInfoExt hapInfoExt;
192 AccessTokenKit::GetHapTokenInfoExtension(tokenID, hapInfoExt);
193 EXPECT_EQ("HapTokenTestAppID_1", hapInfoExt.appID);
194
195 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
196 }
197
198 /**
199 * @tc.name: UpdateHapTokenFuncTest002
200 * @tc.desc: test update apiVersion
201 * 1.apiVersion = DEFAULT_API_VERSION.
202 * 2.apiVersion = API_VERSION_EIGHT, Update success.
203 * @tc.type: FUNC
204 * @tc.require:
205 */
206 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest002, TestSize.Level1)
207 {
208 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenFuncTest002");
209
210 HapInfoParams infoParams;
211 HapPolicyParams policyParams;
212 TestCommon::GetHapParams(infoParams, policyParams);
213 AccessTokenIDEx fullTokenId;
214 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
215 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
216 UpdateHapInfoParams updateHapInfoParams = {
217 .appIDDesc = infoParams.appIDDesc,
218 .apiVersion = API_VERSION_EIGHT,
219 .isSystemApp = infoParams.isSystemApp,
220 .appDistributionType = infoParams.appDistributionType
221 };
222
223 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
224
225 HapTokenInfo hapInfo;
226 AccessTokenKit::GetHapTokenInfo(tokenID, hapInfo);
227 EXPECT_EQ(0, hapInfo.userID);
228 EXPECT_EQ("com.ohos.AccessTokenTestBundle", hapInfo.bundleName);
229 EXPECT_EQ(API_VERSION_EIGHT, hapInfo.apiVersion);
230 EXPECT_EQ(0, hapInfo.instIndex);
231 EXPECT_EQ(tokenID, hapInfo.tokenID);
232 EXPECT_EQ(1, hapInfo.tokenAttr);
233
234 HapTokenInfoExt hapInfoExt;
235 AccessTokenKit::GetHapTokenInfoExtension(tokenID, hapInfoExt);
236 EXPECT_EQ("AccessTokenTestAppID", hapInfoExt.appID);
237
238 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
239 }
240
241 /**
242 * @tc.name: UpdateHapTokenFuncTest003
243 * @tc.desc: test update isSystemApp
244 * 1.isSystemApp = true.
245 * 2.isSystemApp = false, Update success.
246 * 3.isSystemApp = true, Update success.
247 * @tc.type: FUNC
248 * @tc.require:
249 */
250 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest003, TestSize.Level1)
251 {
252 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenFuncTest003");
253
254 HapInfoParams infoParams;
255 HapPolicyParams policyParams;
256 TestCommon::GetHapParams(infoParams, policyParams);
257 AccessTokenIDEx fullTokenId;
258 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
259 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
260 UpdateHapInfoParams updateHapInfoParams = {
261 .appIDDesc = infoParams.appIDDesc,
262 .apiVersion = infoParams.apiVersion,
263 .isSystemApp = false,
264 .appDistributionType = infoParams.appDistributionType
265 };
266
267 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
268
269 HapTokenInfo hapInfo;
270 AccessTokenKit::GetHapTokenInfo(tokenID, hapInfo);
271 EXPECT_EQ(0, hapInfo.userID);
272 EXPECT_EQ("com.ohos.AccessTokenTestBundle", hapInfo.bundleName);
273 EXPECT_EQ(TestCommon::DEFAULT_API_VERSION, hapInfo.apiVersion);
274 EXPECT_EQ(0, hapInfo.instIndex);
275 EXPECT_EQ(tokenID, hapInfo.tokenID);
276 EXPECT_EQ(0, hapInfo.tokenAttr);
277
278 HapTokenInfoExt hapInfoExt;
279 AccessTokenKit::GetHapTokenInfoExtension(tokenID, hapInfoExt);
280 EXPECT_EQ("AccessTokenTestAppID", hapInfoExt.appID);
281
282 updateHapInfoParams.isSystemApp = true;
283 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
284
285 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetHapTokenInfo(tokenID, hapInfo));
286 EXPECT_EQ(1, hapInfo.tokenAttr);
287
288 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
289 }
290
GetPermissions(string permissionName,PermissionStateFull & stateFull,PreAuthorizationInfo & info)291 void GetPermissions(string permissionName, PermissionStateFull& stateFull, PreAuthorizationInfo& info)
292 {
293 stateFull = {
294 .permissionName = permissionName,
295 .isGeneral = true,
296 .resDeviceID = {"local"},
297 .grantStatus = {PERMISSION_DENIED},
298 .grantFlags = {PERMISSION_SYSTEM_FIXED}
299 };
300
301 info = {
302 .permissionName = permissionName,
303 .userCancelable = false
304 };
305 }
306 /**
307 * @tc.name: UpdateHapTokenFuncTest004
308 * @tc.desc: test permission list number is increased from 0 to 2.
309 * 1.permStateList = {}.
310 * 2.permStateList = {permissionStateFull001, permissionStateFull002}, Update success.
311 * @tc.type: FUNC
312 * @tc.require:
313 */
314 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest004, TestSize.Level1)
315 {
316 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenFuncTest004");
317
318 HapInfoParams infoParams;
319 HapPolicyParams policyParams;
320 TestCommon::GetHapParams(infoParams, policyParams);
321 policyParams.apl = APL_SYSTEM_CORE;
322 AccessTokenIDEx fullTokenId;
323 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
324 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
325 EXPECT_EQ(PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.RECEIVE_SMS"));
326 EXPECT_EQ(PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.RECEIVE_MMS"));
327 UpdateHapInfoParams updateHapInfoParams = {
328 .appIDDesc = infoParams.appIDDesc,
329 .apiVersion = infoParams.apiVersion,
330 .isSystemApp = false,
331 .appDistributionType = infoParams.appDistributionType
332 };
333
334 PermissionStateFull permissionStateFull001;
335 PermissionStateFull permissionStateFull002;
336 PreAuthorizationInfo info1;
337 PreAuthorizationInfo info2;
338 GetPermissions("ohos.permission.RECEIVE_SMS", permissionStateFull001, info1);
339 GetPermissions("ohos.permission.RECEIVE_MMS", permissionStateFull002, info2);
340
341 policyParams.permStateList = {permissionStateFull001, permissionStateFull002};
342 policyParams.preAuthorizationInfo = {info1, info2};
343
344 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
345 std::vector<PermissionStateFull> permStatList;
346 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetReqPermissions(tokenID, permStatList, false));
347 ASSERT_EQ(static_cast<uint32_t>(2), permStatList.size());
348 ASSERT_EQ("ohos.permission.RECEIVE_SMS", permStatList[0].permissionName);
349 EXPECT_EQ(permStatList[0].grantStatus[0], PERMISSION_GRANTED);
350 EXPECT_EQ(permStatList[0].grantFlags[0], PERMISSION_SYSTEM_FIXED);
351 ASSERT_EQ("ohos.permission.RECEIVE_MMS", permStatList[1].permissionName);
352 EXPECT_EQ(permStatList[1].grantStatus[0], PERMISSION_GRANTED);
353 EXPECT_EQ(permStatList[1].grantFlags[0], PERMISSION_SYSTEM_FIXED);
354
355 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
356 }
357
358 /**
359 * @tc.name: UpdateHapTokenFuncTest005
360 * @tc.desc: test permission list number is decreased from 2 to 0.
361 * 1.permStateList = {permissionStateFull001, permissionStateFull002}.
362 * 2.permStateList={}, Update success.
363 * @tc.type: FUNC
364 * @tc.require:
365 */
366 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest005, TestSize.Level1)
367 {
368 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenFuncTest005");
369
370 HapInfoParams infoParams;
371 HapPolicyParams policyParams;
372 TestCommon::GetHapParams(infoParams, policyParams);
373 policyParams.apl = APL_SYSTEM_CORE;
374 PermissionStateFull permissionStateFull001 = {
375 .permissionName = "ohos.permission.RUN_DYN_CODE",
376 .isGeneral = true,
377 .resDeviceID = {"local"},
378 .grantStatus = {PERMISSION_DENIED},
379 .grantFlags = {PERMISSION_SYSTEM_FIXED}
380 };
381
382 PermissionStateFull permissionStateFull002 = {
383 .permissionName = "ohos.permission.ACCESS_DDK_USB",
384 .isGeneral = true,
385 .resDeviceID = {"local"},
386 .grantStatus = {PERMISSION_DENIED},
387 .grantFlags = {PERMISSION_SYSTEM_FIXED}
388 };
389 policyParams.permStateList = {permissionStateFull001, permissionStateFull002};
390 AccessTokenIDEx fullTokenId;
391 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
392 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
393
394 EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.RUN_DYN_CODE"));
395 EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_USB"));
396
397 UpdateHapInfoParams updateHapInfoParams = {
398 .appIDDesc = infoParams.appIDDesc,
399 .apiVersion = infoParams.apiVersion,
400 .isSystemApp = false,
401 .appDistributionType = infoParams.appDistributionType
402 };
403 policyParams.permStateList = {};
404
405 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
406
407 EXPECT_EQ(PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.RUN_DYN_CODE"));
408 EXPECT_EQ(PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_USB"));
409
410 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
411 }
412
413 /**
414 * @tc.name: UpdateHapTokenFuncTest006
415 * @tc.desc: test permission list number is changed from permissionStateFull001 to permissionStateFull003.
416 * 1.permStateList = {permissionStateFull001}
417 * 2.permStateList = {permissionStateFull003}, Update success.
418 * @tc.type: FUNC
419 * @tc.require:
420 */
421 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest006, TestSize.Level1)
422 {
423 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenFuncTest006");
424
425 HapInfoParams infoParams;
426 HapPolicyParams policyParams;
427 TestCommon::GetHapParams(infoParams, policyParams);
428 PermissionStateFull permissionStateFull001 = {
429 .permissionName = "ohos.permission.RUN_DYN_CODE",
430 .isGeneral = true,
431 .resDeviceID = {"local"},
432 .grantStatus = {PERMISSION_DENIED},
433 .grantFlags = {PERMISSION_SYSTEM_FIXED}
434 };
435
436 policyParams.permStateList = {permissionStateFull001};
437 AccessTokenIDEx fullTokenId = {0};
438 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
439 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
440 ASSERT_NE(INVALID_TOKENID, tokenID);
441
442 EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.RUN_DYN_CODE"));
443 EXPECT_EQ(PERMISSION_DENIED,
444 AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_EXTENSIONAL_DEVICE_DRIVER"));
445 UpdateHapInfoParams updateHapInfoParams = {
446 .appIDDesc = infoParams.appIDDesc,
447 .apiVersion = infoParams.apiVersion,
448 .isSystemApp = false,
449 .appDistributionType = infoParams.appDistributionType
450 };
451 PermissionStateFull permissionStateFull003 = {
452 .permissionName = "ohos.permission.ACCESS_EXTENSIONAL_DEVICE_DRIVER",
453 .isGeneral = true,
454 .resDeviceID = {"local"},
455 .grantStatus = {PERMISSION_DENIED},
456 .grantFlags = {PERMISSION_SYSTEM_FIXED}
457 };
458
459 policyParams.permStateList = { permissionStateFull003 };
460 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
461
462 EXPECT_EQ(PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.RUN_DYN_CODE"));
463 EXPECT_EQ(PERMISSION_GRANTED,
464 AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_EXTENSIONAL_DEVICE_DRIVER"));
465
466 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
467 }
468
ExistInVector(vector<unsigned int> array,unsigned int value)469 static bool ExistInVector(vector<unsigned int> array, unsigned int value)
470 {
471 vector<unsigned int>::iterator it = find(array.begin(), array.end(), value);
472 if (it != array.end()) {
473 return true;
474 } else {
475 return false;
476 }
477 }
478
479 /**
480 * @tc.name: UpdateHapTokenFuncTest007
481 * @tc.desc: update a batch of tokenId.
482 * @tc.type: FUNC
483 * @tc.require: Issue Number
484 */
485 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest007, TestSize.Level1)
486 {
487 int allocFlag = 0;
488 int updateFlag = 0;
489 int deleteFlag = 0;
490 AccessTokenIDEx tokenIdEx = {0};
491 vector<AccessTokenID> obj;
492 bool exist;
493 HapInfoParams testInfo = g_testHapInfoParams;
494 HapPolicyParams testPolicy = g_testPolicyParams;
495
496 for (int i = 0; i < CYCLE_TIMES; i++) {
497 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(testInfo, testPolicy, tokenIdEx));
498 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
499 ASSERT_NE(INVALID_TOKENID, tokenID);
500
501 exist = ExistInVector(obj, tokenID);
502 if (exist) {
503 allocFlag = 1;
504 break;
505 }
506 obj.push_back(tokenID);
507 testInfo.userID++;
508 }
509
510 testInfo.instIndex = 1;
511 testPolicy.apl = APL_SYSTEM_BASIC;
512 UpdateHapInfoParams info;
513 info.appIDDesc = g_testHapInfoParams.appIDDesc;
514 info.apiVersion = TestCommon::DEFAULT_API_VERSION;
515 info.appDistributionType = "enterprise_mdm";
516 info.isSystemApp = false;
517 for (size_t i = 0; i < obj.size(); i++) {
518 AccessTokenIDEx idEx = {
519 .tokenIdExStruct.tokenID = obj[i],
520 .tokenIdExStruct.tokenAttr = 0,
521 };
522 int ret = AccessTokenKit::UpdateHapToken(idEx, info, testPolicy);
523 if (RET_SUCCESS != ret) {
524 updateFlag = 1;
525 break;
526 }
527 }
528 testPolicy.apl = APL_NORMAL;
529
530 for (size_t i = 0; i < obj.size(); i++) {
531 int ret = AccessTokenKit::DeleteToken(obj[i]);
532 if (RET_SUCCESS != ret) {
533 deleteFlag = 1;
534 }
535 }
536 ASSERT_EQ(allocFlag, 0);
537 ASSERT_EQ(updateFlag, 0);
538 ASSERT_EQ(deleteFlag, 0);
539 }
540
541 /**
542 * @tc.name: UpdateHapTokenFuncTest008
543 * @tc.desc: add new permissdef.
544 * @tc.type: FUNC
545 * @tc.require: Issue Number
546 */
547 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest008, TestSize.Level1)
548 {
549 AccessTokenIDEx tokenIdEx = {0};
550 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, tokenIdEx));
551 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
552 ASSERT_NE(INVALID_TOKENID, tokenID);
553
554 PermissionDef permDefResult;
555 /* check permission define before update */
556 int32_t ret = AccessTokenKit::GetDefPermission("ohos.permission.test3", permDefResult);
557 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret);
558
559 std::string backUp = g_testPolicyParams.permList[INDEX_ZERO].permissionName;
560 g_testPolicyParams.permList[INDEX_ZERO].permissionName = "ohos.permission.test3";
561 UpdateHapInfoParams info;
562 info.appIDDesc = g_testHapInfoParams.appIDDesc;
563 info.apiVersion = TestCommon::DEFAULT_API_VERSION;
564 info.isSystemApp = false;
565 info.appDistributionType = "enterprise_mdm";
566 ret = AccessTokenKit::UpdateHapToken(tokenIdEx, info, g_testPolicyParams);
567 ASSERT_EQ(RET_SUCCESS, ret);
568 g_testPolicyParams.permList[INDEX_ZERO].permissionName = backUp;
569
570 GTEST_LOG_(INFO) << "permissionName :" << g_testPolicyParams.permList[INDEX_ZERO].permissionName;
571
572 ret = AccessTokenKit::GetDefPermission("ohos.permission.test3", permDefResult);
573 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret);
574 ASSERT_NE("ohos.permission.test3", permDefResult.permissionName);
575
576 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
577 }
578 /**
579 * @tc.name: UpdateHapTokenFuncTest009
580 * @tc.desc: modify permissdef's grantMode.
581 * @tc.type: FUNC
582 * @tc.require: Issue Number
583 */
584 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest009, TestSize.Level1)
585 {
586 const std::string appIDDesc = g_testHapInfoParams.appIDDesc;
587 int backupMode = g_testPolicyParams.permList[INDEX_ZERO].grantMode;
588 std::string backupLable = g_testPolicyParams.permList[INDEX_ZERO].label;
589
590 AccessTokenIDEx tokenIdEx = {0};
591 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, tokenIdEx));
592 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
593 ASSERT_NE(INVALID_TOKENID, tokenID);
594
595 PermissionDef permDefResult;
596 /* check permission define before update */
597 int32_t ret = AccessTokenKit::GetDefPermission(
598 g_testPolicyParams.permList[INDEX_ZERO].permissionName, permDefResult);
599 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret);
600
601 g_testPolicyParams.permList[INDEX_ZERO].grantMode = 0;
602 g_testPolicyParams.permList[INDEX_ZERO].label = "updated label";
603 UpdateHapInfoParams info;
604 info.appIDDesc = appIDDesc;
605 info.apiVersion = TestCommon::DEFAULT_API_VERSION;
606 info.isSystemApp = false;
607 info.appDistributionType = "enterprise_mdm";
608 ret = AccessTokenKit::UpdateHapToken(tokenIdEx, info, g_testPolicyParams);
609 ASSERT_EQ(RET_SUCCESS, ret);
610
611 /* check permission define after update */
612 ret = AccessTokenKit::GetDefPermission(
613 g_testPolicyParams.permList[INDEX_ZERO].permissionName, permDefResult);
614 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret);
615
616 g_testPolicyParams.permList[INDEX_ZERO].label = backupLable;
617 g_testPolicyParams.permList[INDEX_ZERO].grantMode = backupMode;
618 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
619 }
620
621 /**
622 * @tc.name: UpdateHapTokenFuncTest010
623 * @tc.desc: old permission will not update its grantStatus.
624 * @tc.type: FUNC
625 * @tc.require: Issue Number
626 */
627 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest010, TestSize.Level1)
628 {
629 const std::string appIDDesc = g_testHapInfoParams.appIDDesc;
630 std::string permission = g_infoManagerCameraState.permissionName;
631
632 AccessTokenIDEx tokenIdEx = {0};
633 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, tokenIdEx));
634 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
635 ASSERT_NE(INVALID_TOKENID, tokenID);
636
637 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GrantPermission(tokenID, permission, PERMISSION_USER_FIXED));
638
639 ASSERT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, permission, false));
640
641 HapPolicyParams infoManagerTestPolicyPrams = {
642 .apl = APL_NORMAL,
643 .domain = "test.domain",
644 .permStateList = {g_infoManagerCameraState}
645 };
646 UpdateHapInfoParams info;
647 info.appIDDesc = appIDDesc;
648 info.apiVersion = TestCommon::DEFAULT_API_VERSION;
649 info.isSystemApp = false;
650 info.appDistributionType = "enterprise_mdm";
651 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(tokenIdEx, info, infoManagerTestPolicyPrams));
652
653 ASSERT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, permission, false));
654
655 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
656 }
657
658 /**
659 * @tc.name: UpdateHapTokenFuncTest011
660 * @tc.desc: update api version.
661 * @tc.type: FUNC
662 * @tc.require:Issue Number
663 */
664 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest011, TestSize.Level1)
665 {
666 const std::string appIDDesc = g_testHapInfoParams.appIDDesc;
667 AccessTokenIDEx tokenIdEx = {0};
668 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, tokenIdEx));
669 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
670 ASSERT_NE(INVALID_TOKENID, tokenID);
671
672 UpdateHapInfoParams info;
673 info.appIDDesc = appIDDesc;
674 info.isSystemApp = false;
675 info.appDistributionType = "enterprise_mdm";
676
677 info.apiVersion = TestCommon::DEFAULT_API_VERSION - 1;
678 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(tokenIdEx, info, g_testPolicyParams));
679
680 HapTokenInfo hapTokenInfoRes;
681 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes));
682 ASSERT_EQ(info.apiVersion, hapTokenInfoRes.apiVersion);
683
684 info.apiVersion = TestCommon::DEFAULT_API_VERSION + 1;
685 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(tokenIdEx, info, g_testPolicyParams));
686
687 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes));
688 ASSERT_EQ(info.apiVersion, hapTokenInfoRes.apiVersion);
689
690 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
691 }
692
693 /**
694 * @tc.name: UpdateHapTokenFuncTest012
695 * @tc.desc: AccessTokenKit::UpdateHapToken function test
696 * @tc.type: FUNC
697 * @tc.require: issueI61A6M
698 */
699 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest012, TestSize.Level1)
700 {
701 AccessTokenIDEx tokenID = {0};
702 HapPolicyParams policy;
703 UpdateHapInfoParams info;
704 info.appIDDesc = std::string("updateFailed");
705 info.apiVersion = 0;
706 info.isSystemApp = false;
707 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID,
708 AccessTokenKit::UpdateHapToken(tokenID, info, policy));
709 }
710
ThreadTestFunc01(void * args)711 static void *ThreadTestFunc01(void *args)
712 {
713 ATokenTypeEnum type;
714 AccessTokenID tokenID;
715
716 for (int i = 0; i < CYCLE_TIMES; i++) {
717 tokenID = AccessTokenKit::AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
718 type = AccessTokenKit::GetTokenType(tokenID);
719 if (type != TOKEN_HAP) {
720 GTEST_LOG_(INFO) << "ThreadTestFunc01 failed" << tokenID;
721 }
722 }
723 return nullptr;
724 }
725
ThreadTestFunc02(void * args)726 static void *ThreadTestFunc02(void *args)
727 {
728 int ret;
729 AccessTokenID tokenID;
730 HapTokenInfo hapTokenInfoRes;
731
732 for (int i = 0; i < CYCLE_TIMES; i++) {
733 tokenID = AccessTokenKit::AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
734 ret = AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes);
735 if (ret != RET_SUCCESS) {
736 GTEST_LOG_(INFO) << "ThreadTestFunc02 failed" << tokenID;
737 }
738 }
739 return nullptr;
740 }
741
742 /**
743 * @tc.name: AllocHapToken011
744 * @tc.desc: Mulitpulthread test.
745 * @tc.type: FUNC
746 * @tc.require: Issue Number
747 */
748 HWTEST_F(UpdateHapTokenTest, Mulitpulthread001, TestSize.Level1)
749 {
750 AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
751 ASSERT_NE(INVALID_TOKENID, tokenID);
752 pthread_t tid[2];
753 (void)pthread_create(&tid[0], nullptr, &ThreadTestFunc01, nullptr);
754 (void)pthread_create(&tid[1], nullptr, &ThreadTestFunc01, nullptr);
755 (void)pthread_join(tid[0], nullptr);
756 (void)pthread_join(tid[1], nullptr);
757
758 (void)pthread_create(&tid[0], nullptr, &ThreadTestFunc02, nullptr);
759 (void)pthread_create(&tid[1], nullptr, &ThreadTestFunc02, nullptr);
760 (void)pthread_join(tid[0], nullptr);
761 (void)pthread_join(tid[1], nullptr);
762 }
763
ConcurrencyTask(unsigned int tokenID)764 void ConcurrencyTask(unsigned int tokenID)
765 {
766 uint32_t flag;
767 for (int i = 0; i < CYCLE_TIMES; i++) {
768 AccessTokenKit::GrantPermission(tokenID, g_infoManagerMicrophoneState.permissionName, PERMISSION_USER_FIXED);
769 AccessTokenKit::GetPermissionFlag(tokenID, g_infoManagerMicrophoneState.permissionName, flag);
770 AccessTokenKit::VerifyAccessToken(tokenID, g_infoManagerMicrophoneState.permissionName, false);
771
772 AccessTokenKit::RevokePermission(tokenID, g_infoManagerMicrophoneState.permissionName, PERMISSION_USER_SET);
773 AccessTokenKit::GetPermissionFlag(tokenID, g_infoManagerMicrophoneState.permissionName, flag);
774 AccessTokenKit::VerifyAccessToken(tokenID, g_infoManagerMicrophoneState.permissionName, false);
775 }
776 }
777
778 /**
779 * @tc.name: ConcurrencyTest001
780 * @tc.desc: Concurrency testing
781 * @tc.type: FUNC
782 * @tc.require: Issue Number
783 */
784 HWTEST_F(UpdateHapTokenTest, ConcurrencyTest001, TestSize.Level1)
785 {
786 AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
787 ASSERT_NE(INVALID_TOKENID, tokenID);
788 std::vector<std::thread> threadVec;
789 for (int i = 0; i < THREAD_NUM; i++) {
790 threadVec.emplace_back(std::thread(ConcurrencyTask, tokenID));
791 }
792 for (auto it = threadVec.begin(); it != threadVec.end(); it++) {
793 it->join();
794 }
795 }
796
797 /**
798 * @tc.name: UpdateHapTokenSpecsTest001
799 * @tc.desc: test aclRequestedList does not exist before update and add one after update.
800 * 1.aclRequestedList = {}.
801 * 2.aclRequestedList = {"ohos.permission.ACCESS_DDK_USB"}, Update success.
802 * @tc.type: FUNC
803 * @tc.require:
804 */
805 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest001, TestSize.Level1)
806 {
807 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest001");
808
809 HapInfoParams infoParams;
810 HapPolicyParams policyParams;
811 TestCommon::GetHapParams(infoParams, policyParams);
812 policyParams.apl = APL_NORMAL;
813 PermissionStateFull permissionStateFull001 = {
814 .permissionName = "ohos.permission.RUN_DYN_CODE",
815 .isGeneral = true,
816 .resDeviceID = {"local"},
817 .grantStatus = {PERMISSION_DENIED},
818 .grantFlags = {PERMISSION_SYSTEM_FIXED}
819 };
820
821 PermissionStateFull permissionStateFull002 = {
822 .permissionName = "ohos.permission.ACCESS_DDK_USB",
823 .isGeneral = true,
824 .resDeviceID = {"local"},
825 .grantStatus = {PERMISSION_DENIED},
826 .grantFlags = {PERMISSION_SYSTEM_FIXED}
827 };
828 policyParams.permStateList = {permissionStateFull001};
829 AccessTokenIDEx fullTokenId;
830 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
831 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
832
833 EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.RUN_DYN_CODE"));
834
835 UpdateHapInfoParams updateHapInfoParams = {
836 .appIDDesc = infoParams.appIDDesc,
837 .apiVersion = infoParams.apiVersion,
838 .isSystemApp = false,
839 .appDistributionType = infoParams.appDistributionType
840 };
841 policyParams.permStateList = {permissionStateFull001, permissionStateFull002};
842 policyParams.aclRequestedList = {"ohos.permission.ACCESS_DDK_USB"};
843 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
844 tokenID = fullTokenId.tokenIdExStruct.tokenID;
845
846 EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.RUN_DYN_CODE"));
847 EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_USB"));
848
849 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
850 }
851
852 /**
853 * @tc.name: UpdateHapTokenSpecsTest002
854 * @tc.desc: test aclRequestedList exist before update and remove after update.
855 * 1.aclRequestedList = {"ohos.permission.ACCESS_DDK_USB"}
856 * 2.aclRequestedList = {}, Update failed.
857 * @tc.type: FUNC
858 * @tc.require:
859 */
860 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest002, TestSize.Level1)
861 {
862 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest002");
863
864 HapInfoParams infoParams;
865 HapPolicyParams policyParams;
866 TestCommon::GetHapParams(infoParams, policyParams);
867 policyParams.apl = APL_NORMAL;
868 PermissionStateFull permissionStateFull001 = {
869 .permissionName = "ohos.permission.RUN_DYN_CODE",
870 .isGeneral = true,
871 .resDeviceID = {"local"},
872 .grantStatus = {PERMISSION_DENIED},
873 .grantFlags = {PERMISSION_SYSTEM_FIXED}
874 };
875
876 PermissionStateFull permissionStateFull002 = {
877 .permissionName = "ohos.permission.ACCESS_DDK_USB",
878 .isGeneral = true,
879 .resDeviceID = {"local"},
880 .grantStatus = {PERMISSION_DENIED},
881 .grantFlags = {PERMISSION_SYSTEM_FIXED}
882 };
883
884 policyParams.permStateList = {permissionStateFull001, permissionStateFull002};
885 policyParams.aclRequestedList = {"ohos.permission.ACCESS_DDK_USB"};
886 AccessTokenIDEx fullTokenId;
887 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
888 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
889 EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.RUN_DYN_CODE"));
890 EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_USB"));
891
892 UpdateHapInfoParams updateHapInfoParams = {
893 .appIDDesc = infoParams.appIDDesc,
894 .apiVersion = infoParams.apiVersion,
895 .isSystemApp = false,
896 .appDistributionType = infoParams.appDistributionType
897 };
898 policyParams.aclRequestedList = {};
899 ASSERT_EQ(
900 ERR_PERM_REQUEST_CFG_FAILED, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
901 tokenID = fullTokenId.tokenIdExStruct.tokenID;
902
903 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
904 }
905
906 /**
907 * @tc.name: UpdateHapTokenSpecsTest003
908 * @tc.desc: test permission not available after apl update from APL_SYSTEM_CORE to APL_NORMAL.
909 * 1.apl = APL_SYSTEM_CORE.
910 * 2.apl = APL_NORMAL, Update failed.
911 * @tc.type: FUNC
912 * @tc.require:
913 */
914 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest003, TestSize.Level1)
915 {
916 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest003");
917
918 HapInfoParams infoParams;
919 HapPolicyParams policyParams;
920 TestCommon::GetHapParams(infoParams, policyParams);
921 policyParams.apl = APL_SYSTEM_CORE;
922 PermissionStateFull permissionStateFull001 = {
923 .permissionName = "ohos.permission.RUN_DYN_CODE",
924 .isGeneral = true,
925 .resDeviceID = {"local"},
926 .grantStatus = {PERMISSION_DENIED},
927 .grantFlags = {PERMISSION_SYSTEM_FIXED}
928 };
929
930 PermissionStateFull permissionStateFull002 = {
931 .permissionName = "ohos.permission.ACCESS_DDK_USB",
932 .isGeneral = true,
933 .resDeviceID = {"local"},
934 .grantStatus = {PERMISSION_DENIED},
935 .grantFlags = {PERMISSION_SYSTEM_FIXED}
936 };
937
938 policyParams.permStateList = {permissionStateFull001, permissionStateFull002};
939 AccessTokenIDEx fullTokenId;
940 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
941 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
942 EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.RUN_DYN_CODE"));
943 EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_USB"));
944
945 UpdateHapInfoParams updateHapInfoParams = {
946 .appIDDesc = infoParams.appIDDesc,
947 .apiVersion = infoParams.apiVersion,
948 .isSystemApp = false,
949 .appDistributionType = infoParams.appDistributionType
950 };
951 policyParams.apl = APL_NORMAL;
952 ASSERT_EQ(
953 ERR_PERM_REQUEST_CFG_FAILED, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
954 tokenID = fullTokenId.tokenIdExStruct.tokenID;
955
956 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
957 }
958
959 /**
960 * @tc.name: UpdateHapTokenSpecsTest004
961 * @tc.desc: Update to a MDM app, system permission is unavailable.
962 * 1.appDistributionType = ""
963 * 2.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM, Update success
964 * @tc.type: FUNC
965 * @tc.require:
966 */
967 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest004, TestSize.Level1)
968 {
969 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest004");
970
971 HapInfoParams infoParams;
972 HapPolicyParams policyParams;
973 TestCommon::GetHapParams(infoParams, policyParams);
974 policyParams.apl = APL_SYSTEM_CORE;
975 PermissionStateFull permissionStateFull001 = {
976 .permissionName = "ohos.permission.MANAGE_FINGERPRINT_AUTH",
977 .isGeneral = true,
978 .resDeviceID = {"local"},
979 .grantStatus = {PERMISSION_DENIED},
980 .grantFlags = {PERMISSION_SYSTEM_FIXED}
981 };
982 policyParams.permStateList = {permissionStateFull001};
983 AccessTokenIDEx fullTokenId;
984 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
985 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
986 EXPECT_EQ(
987 PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MANAGE_FINGERPRINT_AUTH"));
988
989 UpdateHapInfoParams updateHapInfoParams = {
990 .appIDDesc = infoParams.appIDDesc,
991 .apiVersion = infoParams.apiVersion,
992 .isSystemApp = false,
993 .appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM
994 };
995
996 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
997 tokenID = fullTokenId.tokenIdExStruct.tokenID;
998 // MDM Control not apply, verify result is PERMISSION_GRANTED
999 EXPECT_EQ(
1000 PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MANAGE_FINGERPRINT_AUTH"));
1001
1002 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
1003 }
1004
1005 /**
1006 * @tc.name: UpdateHapTokenSpecsTest005
1007 * @tc.desc: Update to a non-MDM app, MDM permission is unavailable.
1008 * 1.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM, permission is GRANTED.
1009 * 2.appDistributionType ="", Update failed.
1010 * @tc.type: FUNC
1011 * @tc.require:
1012 */
1013 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest005, TestSize.Level1)
1014 {
1015 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest005");
1016
1017 HapInfoParams infoParams;
1018 HapPolicyParams policyParams;
1019 TestCommon::GetHapParams(infoParams, policyParams);
1020 policyParams.apl = APL_SYSTEM_CORE;
1021 infoParams.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM;
1022 PermissionStateFull permissionStateFull001 = {
1023 .permissionName = "ohos.permission.ENTERPRISE_MANAGE_SETTINGS",
1024 .isGeneral = true,
1025 .resDeviceID = {"local"},
1026 .grantStatus = {PERMISSION_DENIED},
1027 .grantFlags = {PERMISSION_SYSTEM_FIXED}
1028 };
1029 PermissionStateFull permissionStateFull002 = {
1030 .permissionName = "ohos.permission.MANAGE_FINGERPRINT_AUTH",
1031 .isGeneral = true,
1032 .resDeviceID = {"local"},
1033 .grantStatus = {PERMISSION_DENIED},
1034 .grantFlags = {PERMISSION_SYSTEM_FIXED}
1035 };
1036 policyParams.permStateList = {permissionStateFull001, permissionStateFull002};
1037 AccessTokenIDEx fullTokenId;
1038 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
1039 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
1040 // MDM Control not apply, verify result is PERMISSION_GRANTED
1041 EXPECT_EQ(
1042 PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ENTERPRISE_MANAGE_SETTINGS"));
1043 EXPECT_EQ(
1044 PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MANAGE_FINGERPRINT_AUTH"));
1045
1046 UpdateHapInfoParams updateHapInfoParams = {
1047 .appIDDesc = infoParams.appIDDesc,
1048 .apiVersion = infoParams.apiVersion,
1049 .isSystemApp = false,
1050 .appDistributionType = ""
1051 };
1052 ASSERT_EQ(
1053 ERR_PERM_REQUEST_CFG_FAILED, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
1054
1055 HapInfoCheckResult result;
1056 ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED,
1057 AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams, result));
1058 ASSERT_EQ(result.permCheckResult.permissionName, "ohos.permission.ENTERPRISE_MANAGE_SETTINGS");
1059 ASSERT_EQ(result.permCheckResult.rule, PERMISSION_EDM_RULE);
1060 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
1061 }
1062
1063 /**
1064 * @tc.name: UpdateHapTokenSpecsTest006
1065 * @tc.desc: App user_grant permission has not been operated, update with pre-authorization.
1066 * 1.preAuthorizationInfo = {info1}, pre-authorization update success
1067 * 2.GetReqPermissions success. permission is GRANTED.
1068 * @tc.type: FUNC
1069 * @tc.require: Issue Number
1070 */
1071 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest006, TestSize.Level1)
1072 {
1073 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest006");
1074
1075 HapPolicyParams testPolicyParams1 = {
1076 .apl = APL_NORMAL,
1077 .domain = "test.domain2",
1078 .permStateList = {g_infoManagerCameraState}
1079 };
1080 AccessTokenIDEx fullTokenId;
1081 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParams1, fullTokenId));
1082
1083 UpdateHapInfoParams info;
1084 info.appIDDesc = "TEST";
1085 info.apiVersion = TestCommon::DEFAULT_API_VERSION;
1086 info.isSystemApp = true;
1087 PreAuthorizationInfo info1 = {
1088 .permissionName = "ohos.permission.CAMERA",
1089 .userCancelable = false
1090 };
1091 HapPolicyParams testPolicyParams2 = {
1092 .apl = APL_NORMAL,
1093 .domain = "test.domain2",
1094 .permStateList = {g_infoManagerCameraState},
1095 .preAuthorizationInfo = {info1}
1096 };
1097 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, info, testPolicyParams2));
1098 std::vector<PermissionStateFull> state;
1099 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, state, false));
1100 ASSERT_EQ(static_cast<uint32_t>(1), state.size());
1101 ASSERT_EQ("ohos.permission.CAMERA", state[0].permissionName);
1102 EXPECT_EQ(state[0].grantStatus[0], PERMISSION_GRANTED);
1103 EXPECT_EQ(state[0].grantFlags[0], PERMISSION_SYSTEM_FIXED);
1104
1105 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
1106 }
1107
1108 /**
1109 * @tc.name: UpdateHapTokenSpecsTest007
1110 * @tc.desc: App user_grant permission has been granted or revoked by user, update with pre-authorization
1111 * 1.user_grant permission1 has been granted.
1112 * 2.user_grant permission2 has been revoked.
1113 * 3.preAuthorizationInfo = {info1, info2}, update pre-authorization success.
1114 * 4.GetReqPermissions success. permission1 is GRANTED, permission2 is DENIED.
1115 * @tc.type: FUNC
1116 * @tc.require: Issue Number
1117 */
1118 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest007, TestSize.Level1)
1119 {
1120 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest007");
1121
1122 HapPolicyParams testPolicyParams1 = {
1123 .apl = APL_NORMAL,
1124 .domain = "test.domain2",
1125 .permStateList = {g_infoManagerCameraState, g_infoManagerMicrophoneState}
1126 };
1127 AccessTokenIDEx fullTokenId;
1128 int32_t ret = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParams1, fullTokenId);
1129 EXPECT_EQ(RET_SUCCESS, ret);
1130
1131 ret = AccessTokenKit::GrantPermission(
1132 fullTokenId.tokenIdExStruct.tokenID, "ohos.permission.CAMERA", PERMISSION_USER_FIXED);
1133 EXPECT_EQ(RET_SUCCESS, ret);
1134 ret = AccessTokenKit::RevokePermission(
1135 fullTokenId.tokenIdExStruct.tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED);
1136 EXPECT_EQ(RET_SUCCESS, ret);
1137
1138 UpdateHapInfoParams info;
1139 info.appIDDesc = "TEST";
1140 info.apiVersion = TestCommon::DEFAULT_API_VERSION;
1141 info.isSystemApp = true;
1142 PreAuthorizationInfo info1 = {
1143 .permissionName = "ohos.permission.CAMERA",
1144 .userCancelable = false
1145 };
1146 PreAuthorizationInfo info2 = {
1147 .permissionName = "ohos.permission.MICROPHONE",
1148 .userCancelable = false
1149 };
1150 HapPolicyParams testPolicyParams2 = {
1151 .apl = APL_NORMAL,
1152 .domain = "test.domain2",
1153 .permStateList = {g_infoManagerCameraState, g_infoManagerMicrophoneState},
1154 .preAuthorizationInfo = {info1, info2}
1155 };
1156 ret = AccessTokenKit::UpdateHapToken(fullTokenId, info, testPolicyParams2);
1157 ASSERT_EQ(RET_SUCCESS, ret);
1158 std::vector<PermissionStateFull> state;
1159 AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, state, false);
1160 ASSERT_EQ(static_cast<uint32_t>(2), state.size());
1161 ASSERT_EQ("ohos.permission.CAMERA", state[0].permissionName);
1162 EXPECT_EQ(state[0].grantStatus[0], PERMISSION_GRANTED);
1163 EXPECT_EQ(state[0].grantFlags[0], PERMISSION_USER_FIXED);
1164 ASSERT_EQ("ohos.permission.MICROPHONE", state[1].permissionName);
1165 EXPECT_EQ(state[1].grantStatus[0], PERMISSION_DENIED);
1166 EXPECT_EQ(state[1].grantFlags[0], PERMISSION_USER_FIXED);
1167
1168 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
1169 }
1170
1171 /**
1172 * @tc.name: UpdateHapTokenSpecsTest008
1173 * @tc.desc: App user_grant permission has been pre-authorized with userUnCancelable flag,
1174 * update with userCancelable pre-authorization.
1175 * 1.userCancelable = false.
1176 * 2.userCancelable = true, update pre-authorization success, GetReqPermissions success.
1177 * @tc.type: FUNC
1178 * @tc.require: Issue Number
1179 */
1180 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest008, TestSize.Level1)
1181 {
1182 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest008");
1183
1184 PreAuthorizationInfo info1 = {
1185 .permissionName = "ohos.permission.CAMERA",
1186 .userCancelable = false
1187 };
1188 PreAuthorizationInfo info2 = {
1189 .permissionName = "ohos.permission.MICROPHONE",
1190 .userCancelable = false
1191 };
1192 HapPolicyParams testPolicyParams1 = {
1193 .apl = APL_NORMAL,
1194 .domain = "test.domain2",
1195 .permStateList = {g_infoManagerCameraState, g_infoManagerMicrophoneState},
1196 .preAuthorizationInfo = {info1, info2}
1197 };
1198 AccessTokenIDEx fullTokenId;
1199 int32_t ret = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParams1, fullTokenId);
1200 EXPECT_EQ(RET_SUCCESS, ret);
1201
1202 ret = AccessTokenKit::GrantPermission(
1203 fullTokenId.tokenIdExStruct.tokenID, "ohos.permission.CAMERA", PERMISSION_USER_FIXED);
1204 EXPECT_NE(RET_SUCCESS, ret);
1205 ret = AccessTokenKit::RevokePermission(
1206 fullTokenId.tokenIdExStruct.tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED);
1207 EXPECT_NE(RET_SUCCESS, ret);
1208
1209 UpdateHapInfoParams info;
1210 info.appIDDesc = "TEST";
1211 info.apiVersion = TestCommon::DEFAULT_API_VERSION;
1212 info.isSystemApp = true;
1213 info1.userCancelable = true;
1214 testPolicyParams1.preAuthorizationInfo = {info1};
1215
1216 ret = AccessTokenKit::UpdateHapToken(fullTokenId, info, testPolicyParams1);
1217 ASSERT_EQ(RET_SUCCESS, ret);
1218 std::vector<PermissionStateFull> state;
1219 AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, state, false);
1220 ASSERT_EQ(static_cast<uint32_t>(2), state.size());
1221 EXPECT_EQ(state[0].grantStatus[0], PERMISSION_GRANTED);
1222 EXPECT_EQ(state[0].grantFlags[0], PERMISSION_GRANTED_BY_POLICY);
1223 EXPECT_EQ(state[1].grantStatus[0], PERMISSION_DENIED);
1224 EXPECT_EQ(state[1].grantFlags[0], PERMISSION_DEFAULT_FLAG);
1225
1226 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
1227 }
1228
1229 /**
1230 * @tc.name: UpdateHapTokenSpecsTest009
1231 * @tc.desc: App user_grant permission has been pre-authorized with userCancelable flag,
1232 * update with userCancelable pre-authorization.
1233 * 1.userCancelable = true.
1234 * 2.userCancelable = false, update success, GetReqPermissions success.
1235 * @tc.type: FUNC
1236 * @tc.require: Issue Number
1237 */
1238 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest009, TestSize.Level1)
1239 {
1240 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest009");
1241
1242 PreAuthorizationInfo info1 = {
1243 .permissionName = "ohos.permission.CAMERA",
1244 .userCancelable = true
1245 };
1246 PreAuthorizationInfo info2 = {
1247 .permissionName = "ohos.permission.MICROPHONE",
1248 .userCancelable = true
1249 };
1250 HapPolicyParams testPolicyParams1 = {
1251 .apl = APL_NORMAL,
1252 .domain = "test.domain2",
1253 .permStateList = {g_infoManagerCameraState, g_infoManagerMicrophoneState},
1254 .preAuthorizationInfo = {info1, info2}
1255 };
1256 AccessTokenIDEx fullTokenId;
1257 int32_t ret = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParams1, fullTokenId);
1258 EXPECT_EQ(RET_SUCCESS, ret);
1259
1260 ret = AccessTokenKit::RevokePermission(
1261 fullTokenId.tokenIdExStruct.tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED);
1262 EXPECT_EQ(RET_SUCCESS, ret);
1263
1264 UpdateHapInfoParams info;
1265 info.appIDDesc = "TEST";
1266 info.apiVersion = TestCommon::DEFAULT_API_VERSION;
1267 info.isSystemApp = true;
1268 info1.userCancelable = false;
1269 testPolicyParams1.preAuthorizationInfo = {info1};
1270
1271 ret = AccessTokenKit::UpdateHapToken(fullTokenId, info, testPolicyParams1);
1272 ASSERT_EQ(RET_SUCCESS, ret);
1273 std::vector<PermissionStateFull> state;
1274 AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, state, false);
1275 ASSERT_EQ(static_cast<uint32_t>(2), state.size());
1276 EXPECT_EQ(state[0].grantStatus[0], PERMISSION_GRANTED);
1277 EXPECT_EQ(state[0].grantFlags[0], PERMISSION_SYSTEM_FIXED);
1278 EXPECT_EQ(state[1].grantStatus[0], PERMISSION_DENIED);
1279 EXPECT_EQ(state[1].grantFlags[0], PERMISSION_USER_FIXED | PERMISSION_GRANTED_BY_POLICY);
1280
1281 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
1282 }
1283
1284 /**
1285 * @tc.name: UpdateHapTokenSpecsTest010
1286 * @tc.desc: test aclRequestedList exist before update and remove after update.
1287 * 1.aclRequestedList = {"ohos.permission.ACCESS_DDK_USB"}
1288 * 2.aclRequestedList = {}, Update failed.
1289 * @tc.type: FUNC
1290 * @tc.require:
1291 */
1292 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest010, TestSize.Level1)
1293 {
1294 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest010");
1295
1296 HapInfoParams infoParams;
1297 HapPolicyParams policyParams;
1298 TestCommon::GetHapParams(infoParams, policyParams);
1299 policyParams.apl = APL_NORMAL;
1300
1301 PermissionStateFull permissionStateFull001 = {
1302 .permissionName = "ohos.permission.ACCESS_DDK_USB",
1303 .isGeneral = true,
1304 .resDeviceID = {"local"},
1305 .grantStatus = {PERMISSION_DENIED},
1306 .grantFlags = {PERMISSION_SYSTEM_FIXED}
1307 };
1308
1309 policyParams.permStateList = {permissionStateFull001};
1310 policyParams.aclRequestedList = {"ohos.permission.ACCESS_DDK_USB"};
1311 AccessTokenIDEx fullTokenId;
1312 int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
1313 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
1314 ASSERT_EQ(RET_SUCCESS, ret);
1315
1316 UpdateHapInfoParams updateHapInfoParams = {
1317 .appIDDesc = infoParams.appIDDesc,
1318 .apiVersion = infoParams.apiVersion,
1319 .isSystemApp = false,
1320 .appDistributionType = infoParams.appDistributionType
1321 };
1322 policyParams.aclRequestedList = {};
1323 HapInfoCheckResult result;
1324 ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams, result);
1325 ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, ret);
1326 ASSERT_EQ(result.permCheckResult.permissionName, "ohos.permission.ACCESS_DDK_USB");
1327 ASSERT_EQ(result.permCheckResult.rule, PERMISSION_ACL_RULE);
1328
1329 result.permCheckResult.permissionName = "test"; // invalid Name
1330 result.permCheckResult.rule = static_cast<PermissionRulesEnum>(-1); // invalid reasan
1331 policyParams.aclRequestedList = { "ohos.permission.ACCESS_DDK_USB" };
1332 ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams, result);
1333 ASSERT_EQ(RET_SUCCESS, ret);
1334 ASSERT_EQ(result.permCheckResult.permissionName, "test");
1335 ASSERT_EQ(result.permCheckResult.rule, -1);
1336 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
1337 }
1338
1339 /**
1340 * @tc.name: UpdateHapTokenSpecsTest011
1341 * @tc.desc: UpdateHapToken permission with value
1342 * @tc.type: FUNC
1343 * @tc.require:
1344 */
1345 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest011, TestSize.Level1)
1346 {
1347 HapInfoParams infoParams;
1348 HapPolicyParams policyParams;
1349 TestCommon::GetHapParams(infoParams, policyParams);
1350 policyParams.apl = APL_SYSTEM_CORE;
1351 TestCommon::TestPrepareKernelPermissionStatus(policyParams);
1352 AccessTokenIDEx fullTokenId;
1353 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
1354 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
1355
1356 policyParams.aclExtendedMap["ohos.permission.KERNEL_ATM_SELF_USE"] = "1"; // modified value
1357
1358 UpdateHapInfoParams updateInfoParams = {
1359 .appIDDesc = "AccessTokenTestAppID",
1360 .apiVersion = TestCommon::DEFAULT_API_VERSION,
1361 .isSystemApp = true,
1362 .appDistributionType = "",
1363 };
1364 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateInfoParams, policyParams));
1365
1366 std::vector<PermissionWithValue> kernelPermList;
1367 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::GetKernelPermissions(tokenID, kernelPermList));
1368 EXPECT_EQ(1, kernelPermList.size());
1369
1370 std::string value;
1371 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::GetReqPermissionByName(
1372 tokenID, "ohos.permission.KERNEL_ATM_SELF_USE", value));
1373 EXPECT_EQ("1", value);
1374
1375 EXPECT_EQ(AccessTokenError::ERR_PERMISSION_WITHOUT_VALUE, AccessTokenKit::GetReqPermissionByName(
1376 tokenID, "ohos.permission.MICROPHONE", value));
1377 EXPECT_EQ(AccessTokenError::ERR_PERMISSION_WITHOUT_VALUE, AccessTokenKit::GetReqPermissionByName(
1378 tokenID, "ohos.permission.CAMERA", value));
1379
1380 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
1381 }
1382
1383 /**
1384 * @tc.name: UpdateHapTokenAbnormalTest001
1385 * @tc.desc: cannot update hap token info with invalid appIDDesc.
1386 * @tc.type: FUNC
1387 * @tc.require:
1388 */
1389 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenAbnormalTest001, TestSize.Level1)
1390 {
1391 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenAbnormalTest001");
1392
1393 HapInfoParams infoParams;
1394 HapPolicyParams policyParams;
1395 TestCommon::GetHapParams(infoParams, policyParams);
1396 AccessTokenIDEx fullTokenId;
1397 int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
1398 ASSERT_EQ(RET_SUCCESS, ret);
1399
1400 const std::string appIDDesc (INVALID_APPIDDESC_LEN, 'x');
1401 UpdateHapInfoParams updateHapInfoParams = {
1402 .appIDDesc = appIDDesc,
1403 .apiVersion = infoParams.apiVersion,
1404 .isSystemApp = infoParams.isSystemApp,
1405 .appDistributionType = infoParams.appDistributionType
1406 };
1407
1408 ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams);
1409 EXPECT_EQ(ERR_PARAM_INVALID, ret);
1410
1411 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
1412 }
1413
1414 /**
1415 * @tc.name: UpdateHapTokenAbnormalTest002
1416 * @tc.desc: cannot update a tokenId with invalid apl.
1417 * @tc.type: FUNC
1418 * @tc.require:
1419 */
1420 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenAbnormalTest002, TestSize.Level1)
1421 {
1422 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenAbnormalTest002");
1423
1424 HapInfoParams infoParams;
1425 HapPolicyParams policyParams;
1426 TestCommon::GetHapParams(infoParams, policyParams);
1427 AccessTokenIDEx fullTokenId;
1428 int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
1429 ASSERT_EQ(RET_SUCCESS, ret);
1430
1431 UpdateHapInfoParams updateHapInfoParams = {
1432 .appIDDesc = infoParams.appIDDesc,
1433 .apiVersion = infoParams.apiVersion,
1434 .isSystemApp = false,
1435 .appDistributionType = infoParams.appDistributionType
1436 };
1437 policyParams.apl = static_cast<AccessToken::TypeATokenAplEnum>(-1);
1438 ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams);
1439 EXPECT_EQ(ERR_PARAM_INVALID, ret);
1440
1441 TestCommon::GetHapParams(infoParams, policyParams);
1442 policyParams.apl = APL_ENUM_BUTT;
1443 ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams);
1444 EXPECT_EQ(ERR_PARAM_INVALID, ret);
1445
1446 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
1447 }
1448
1449 /**
1450 * @tc.name: UpdateHapTokenAbnormalTest003
1451 * @tc.desc: cannot update a tokenId with invalid string value.
1452 * @tc.type: FUNC
1453 * @tc.require:
1454 */
1455 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenAbnormalTest003, TestSize.Level1)
1456 {
1457 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenAbnormalTest003");
1458 std::string backUpPermission = g_testPolicyParams.permList[INDEX_ZERO].permissionName;
1459 PermissionDef permDefResult;
1460
1461 AccessTokenIDEx tokenIdEx = {0};
1462 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, tokenIdEx));
1463 ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIdExStruct.tokenID);
1464
1465 UpdateHapInfoParams info;
1466 info.appIDDesc = g_testHapInfoParams.appIDDesc;
1467 info.apiVersion = TestCommon::DEFAULT_API_VERSION;
1468 info.appDistributionType = "enterprise_mdm";
1469 info.isSystemApp = false;
1470
1471 std::string backup = g_testPolicyParams.permList[INDEX_ZERO].permissionName;
1472 g_testPolicyParams.permList[INDEX_ZERO].permissionName = "";
1473 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(tokenIdEx, info, g_testPolicyParams));
1474 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID,
1475 AccessTokenKit::GetDefPermission(g_testPolicyParams.permList[INDEX_ZERO].permissionName, permDefResult));
1476 g_testPolicyParams.permList[INDEX_ZERO].permissionName = backup;
1477
1478 g_testPolicyParams.permList[INDEX_ZERO].permissionName = "ohos.permission.testtmp11";
1479 backup = g_testPolicyParams.permList[INDEX_ZERO].bundleName;
1480 g_testPolicyParams.permList[INDEX_ZERO].bundleName = "";
1481 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(tokenIdEx, info, g_testPolicyParams));
1482 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST,
1483 AccessTokenKit::GetDefPermission(g_testPolicyParams.permList[INDEX_ZERO].permissionName, permDefResult));
1484 g_testPolicyParams.permList[INDEX_ZERO].bundleName = backup;
1485 g_testPolicyParams.permList[INDEX_ZERO].permissionName = backUpPermission;
1486
1487 g_testPolicyParams.permList[INDEX_ZERO].permissionName = "ohos.permission.testtmp12";
1488 backup = g_testPolicyParams.permList[INDEX_ZERO].label;
1489 g_testPolicyParams.permList[INDEX_ZERO].label = "";
1490 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(tokenIdEx, info, g_testPolicyParams));
1491 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST,
1492 AccessTokenKit::GetDefPermission(g_testPolicyParams.permList[INDEX_ZERO].permissionName, permDefResult));
1493 g_testPolicyParams.permList[INDEX_ZERO].label = backup;
1494 g_testPolicyParams.permList[INDEX_ZERO].permissionName = backUpPermission;
1495
1496 g_testPolicyParams.permList[INDEX_ZERO].permissionName = "ohos.permission.testtmp13";
1497 backup = g_testPolicyParams.permList[INDEX_ZERO].description;
1498 g_testPolicyParams.permList[INDEX_ZERO].description = "";
1499 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(tokenIdEx, info, g_testPolicyParams));
1500 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST,
1501 AccessTokenKit::GetDefPermission(g_testPolicyParams.permList[INDEX_ZERO].permissionName, permDefResult));
1502 g_testPolicyParams.permList[INDEX_ZERO].description = backup;
1503 g_testPolicyParams.permList[INDEX_ZERO].permissionName = backUpPermission;
1504
1505 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenIdEx.tokenIdExStruct.tokenID));
1506 }
1507
1508 /**
1509 * @tc.name: UpdateHapTokenAbnormalTest004
1510 * @tc.desc: test invaild aclRequestedList.
1511 * 1.aclRequestedList is empty, update success, virify is DENIED.
1512 * 2.aclRequestedList is invaild, update success, virify is DENIED.
1513 * 3.aclRequestedList is not in permStateList, update success, virify is DENIED.
1514 * 4.aclRequestedList does not support acl, update failed.
1515 * @tc.type: FUNC
1516 * @tc.require:
1517 */
1518 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenAbnormalTest004, TestSize.Level1)
1519 {
1520 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenAbnormalTest004");
1521
1522 HapInfoParams infoParams;
1523 HapPolicyParams policyParams;
1524 TestCommon::GetHapParams(infoParams, policyParams);
1525 policyParams.apl = APL_NORMAL;
1526 AccessTokenIDEx fullTokenId;
1527 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
1528 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
1529
1530 UpdateHapInfoParams updateHapInfoParams = {
1531 .appIDDesc = infoParams.appIDDesc,
1532 .apiVersion = infoParams.apiVersion,
1533 .isSystemApp = infoParams.isSystemApp,
1534 .appDistributionType = infoParams.appDistributionType
1535 };
1536
1537 PermissionStateFull permissionStateFull001 = {
1538 .permissionName = "ohos.permission.AGENT_REQUIRE_FORM",
1539 .isGeneral = true,
1540 .resDeviceID = {"local"},
1541 .grantStatus = {PERMISSION_DENIED},
1542 .grantFlags = {PERMISSION_SYSTEM_FIXED}
1543 };
1544 PermissionStateFull permissionStateFull002 = {
1545 .permissionName = "ohos.permission.MANAGE_DEVICE_AUTH_CRED",
1546 .isGeneral = true,
1547 .resDeviceID = {"local"},
1548 .grantStatus = {PERMISSION_DENIED},
1549 .grantFlags = {PERMISSION_SYSTEM_FIXED}
1550 };
1551 policyParams.aclRequestedList = {""};
1552 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
1553 tokenID = fullTokenId.tokenIdExStruct.tokenID;
1554 EXPECT_EQ(PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenID, ""));
1555
1556 policyParams.aclRequestedList = {"ohos.permission.test"};
1557 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
1558 EXPECT_EQ(PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.test"));
1559
1560 policyParams.aclRequestedList = {"ohos.permission.AGENT_REQUIRE_FORM"};
1561 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
1562 EXPECT_EQ(PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.AGENT_REQUIRE_FORM"));
1563
1564 policyParams.permStateList.emplace_back(permissionStateFull002);
1565 policyParams.aclRequestedList.emplace_back("ohos.permission.MANAGE_DEVICE_AUTH_CRED");
1566
1567 ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED,
1568 AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
1569
1570 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
1571 }
1572
1573 /**
1574 * @tc.name: UpdateHapTokenAbnormalTest005
1575 * @tc.desc: test invaild preAuthorizationInfo.permissionName
1576 * 1.preAuthorizationInfo.permissionName is empty, update success, virify is DENIED.
1577 * 2.preAuthorizationInfo.permissionName is invaild, update success, virify is DENIED.
1578 * 3.preAuthorizationInfo.permissionName is not in permStateList, update success, virify is DENIED.
1579 * @tc.type: FUNC
1580 * @tc.require:
1581 */
1582 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenAbnormalTest005, TestSize.Level1)
1583 {
1584 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenAbnormalTest005");
1585
1586 HapInfoParams infoParams;
1587 HapPolicyParams policyParams;
1588 TestCommon::GetHapParams(infoParams, policyParams);
1589 AccessTokenIDEx fullTokenId;
1590 int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
1591 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
1592 ASSERT_EQ(RET_SUCCESS, ret);
1593
1594 UpdateHapInfoParams updateHapInfoParams = {
1595 .appIDDesc = infoParams.appIDDesc,
1596 .apiVersion = infoParams.apiVersion,
1597 .isSystemApp = infoParams.isSystemApp,
1598 .appDistributionType = infoParams.appDistributionType
1599 };
1600 PreAuthorizationInfo preAuthorizationInfo;
1601 preAuthorizationInfo.permissionName = "";
1602 policyParams.preAuthorizationInfo = {preAuthorizationInfo};
1603 ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams);
1604 EXPECT_EQ(RET_SUCCESS, ret);
1605 tokenID = fullTokenId.tokenIdExStruct.tokenID;
1606 ret = AccessTokenKit::VerifyAccessToken(tokenID, "");
1607 EXPECT_EQ(PERMISSION_DENIED, ret);
1608
1609 preAuthorizationInfo.permissionName = "ohos.permission.test";
1610 policyParams.preAuthorizationInfo = {preAuthorizationInfo};
1611 ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams);
1612 EXPECT_EQ(RET_SUCCESS, ret);
1613 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.test");
1614 EXPECT_EQ(PERMISSION_DENIED, ret);
1615
1616 preAuthorizationInfo.permissionName = "ohos.permission.AGENT_REQUIRE_FORM";
1617 policyParams.preAuthorizationInfo = {preAuthorizationInfo};
1618 ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams);
1619 ASSERT_EQ(RET_SUCCESS, ret);
1620 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.AGENT_REQUIRE_FORM");
1621 EXPECT_EQ(PERMISSION_DENIED, ret);
1622
1623 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
1624 }
1625
1626 /**
1627 * @tc.name: UpdateHapTokenAbnormalTest005
1628 * @tc.desc: cannot update hap token info with invalid userId.
1629 * @tc.type: FUNC
1630 * @tc.require:
1631 */
1632 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenAbnormalTest006, TestSize.Level1)
1633 {
1634 AccessTokenIDEx tokenIdEx = {
1635 .tokenIdExStruct.tokenID = INVALID_TOKENID,
1636 .tokenIdExStruct.tokenAttr = 0,
1637 };
1638 UpdateHapInfoParams info;
1639 info.appIDDesc = "appIDDesc";
1640 info.apiVersion = TestCommon::DEFAULT_API_VERSION;
1641 info.isSystemApp = false;
1642 int ret = AccessTokenKit::UpdateHapToken(
1643 tokenIdEx, info, g_testPolicyParams);
1644 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret);
1645 }
1646 } // namespace AccessToken
1647 } // namespace Security
1648 } // namespace OHOS