• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "check_permission_map_test.h"
17 #include "gtest/gtest.h"
18 #include <fcntl.h>
19 #include <cstdint>
20 #include <memory>
21 #include <string>
22 #include <sys/stat.h>
23 #include <sys/types.h>
24 #include <cstdio>
25 #include <cstdlib>
26 
27 #include "access_token.h"
28 #include "cJSON.h"
29 
30 #include "permission_def.h"
31 #include "permission_map.h"
32 
33 using namespace testing::ext;
34 typedef cJSON CJson;
35 typedef std::unique_ptr<CJson, std::function<void(CJson *ptr)>> CJsonUnique;
36 namespace OHOS {
37 namespace Security {
38 namespace AccessToken {
39 namespace {
40 static const std::string DEFINE_PERMISSION_FILE = "/system/etc/access_token/permission_definitions.json";
41 static const std::string SYSTEM_GRANT_DEFINE_PERMISSION = "systemGrantPermissions";
42 static const std::string USER_GRANT_DEFINE_PERMISSION = "userGrantPermissions";
43 static const std::string PERMISSION_GRANT_MODE_SYSTEM_GRANT = "system_grant";
44 constexpr int32_t MAX_NATIVE_CONFIG_FILE_SIZE = 5 * 1024 * 1024; // 5M
45 constexpr size_t BUFFER_SIZE = 1024;
46 constexpr uint32_t ACCESS_TOKEN_UID = 3020;
47 }
48 
SetUpTestCase()49 void CheckPermissionMapTest::SetUpTestCase()
50 {
51 }
52 
TearDownTestCase()53 void CheckPermissionMapTest::TearDownTestCase()
54 {
55 }
56 
SetUp()57 void CheckPermissionMapTest::SetUp()
58 {
59 }
60 
TearDown()61 void CheckPermissionMapTest::TearDown()
62 {
63 }
64 
GetPermissionGrantMode(const std::string & mode)65 static int32_t GetPermissionGrantMode(const std::string &mode)
66 {
67     if (mode == PERMISSION_GRANT_MODE_SYSTEM_GRANT) {
68         return AccessToken::GrantMode::SYSTEM_GRANT;
69     }
70     return AccessToken::GrantMode::USER_GRANT;
71 }
72 
ReadCfgFile(const std::string & file,std::string & rawData)73 static bool ReadCfgFile(const std::string& file, std::string& rawData)
74 {
75     int32_t selfUid = getuid();
76     setuid(ACCESS_TOKEN_UID);
77     char filePath[PATH_MAX] = {0};
78     if (realpath(file.c_str(), filePath) == NULL) {
79         setuid(selfUid);
80         return false;
81     }
82     int32_t fd = open(filePath, O_RDONLY);
83     if (fd < 0) {
84         setuid(selfUid);
85         return false;
86     }
87     struct stat statBuffer;
88 
89     if (fstat(fd, &statBuffer) != 0) {
90         close(fd);
91         setuid(selfUid);
92         return false;
93     }
94 
95     if (statBuffer.st_size == 0) {
96         close(fd);
97         setuid(selfUid);
98         return false;
99     }
100     if (statBuffer.st_size > MAX_NATIVE_CONFIG_FILE_SIZE) {
101         close(fd);
102         setuid(selfUid);
103         return false;
104     }
105     rawData.reserve(statBuffer.st_size);
106 
107     char buff[BUFFER_SIZE] = { 0 };
108     ssize_t readLen = 0;
109     while ((readLen = read(fd, buff, BUFFER_SIZE)) > 0) {
110         rawData.append(buff, readLen);
111     }
112     close(fd);
113     setuid(selfUid);
114     return true;
115 }
116 
FreeJson(CJson * jsonObj)117 void FreeJson(CJson* jsonObj)
118 {
119     cJSON_Delete(jsonObj);
120     jsonObj = nullptr;
121 }
122 
CreateJsonFromString(const std::string & jsonStr)123 CJsonUnique CreateJsonFromString(const std::string& jsonStr)
124 {
125     if (jsonStr.empty()) {
126         CJsonUnique aPtr(cJSON_CreateObject(), FreeJson);
127         return aPtr;
128     }
129     CJsonUnique aPtr(cJSON_Parse(jsonStr.c_str()), FreeJson);
130     return aPtr;
131 }
132 
GetArrayFromJson(const CJson * jsonObj,const std::string & key)133 static CJson* GetArrayFromJson(const CJson* jsonObj, const std::string& key)
134 {
135     if (key.empty()) {
136         return nullptr;
137     }
138 
139     CJson* objValue = cJSON_GetObjectItemCaseSensitive(jsonObj, key.c_str());
140     if (objValue != nullptr && cJSON_IsArray(objValue)) {
141         return objValue;
142     }
143     return nullptr;
144 }
145 
GetStringFromJson(const CJson * jsonObj,const std::string & key,std::string & out)146 bool GetStringFromJson(const CJson *jsonObj, const std::string& key, std::string& out)
147 {
148     if (jsonObj == nullptr || key.empty()) {
149         return false;
150     }
151 
152     cJSON *jsonObjTmp = cJSON_GetObjectItemCaseSensitive(jsonObj, key.c_str());
153     if (jsonObjTmp != nullptr && cJSON_IsString(jsonObjTmp)) {
154         out = cJSON_GetStringValue(jsonObjTmp);
155         return true;
156     }
157     return false;
158 }
159 
GetPermissionDefList(const CJsonUnique & json,const std::string & permsRawData,const std::string & type,std::vector<PermissionDef> & permDefList)160 static bool GetPermissionDefList(const CJsonUnique &json, const std::string& permsRawData,
161     const std::string& type, std::vector<PermissionDef>& permDefList)
162 {
163     cJSON *permDefObj = GetArrayFromJson(json.get(), type);
164     if (permDefObj == nullptr) {
165         return false;
166     }
167     CJson *j = nullptr;
168     cJSON_ArrayForEach(j, permDefObj) {
169         PermissionDef result;
170         GetStringFromJson(j, "name", result.permissionName);
171         std::string grantModeStr = "";
172         GetStringFromJson(j, "grantMode", grantModeStr);
173         result.grantMode = GetPermissionGrantMode(grantModeStr);
174         permDefList.emplace_back(result);
175     }
176     return true;
177 }
178 
ParserPermsRawData(const std::string & permsRawData,std::vector<PermissionDef> & permDefList)179 static bool ParserPermsRawData(const std::string& permsRawData,
180     std::vector<PermissionDef>& permDefList)
181 {
182     CJsonUnique jsonRes = CreateJsonFromString(permsRawData);
183     if (jsonRes == nullptr) {
184         return false;
185     }
186 
187     bool ret = GetPermissionDefList(jsonRes, permsRawData, SYSTEM_GRANT_DEFINE_PERMISSION, permDefList);
188     if (!ret) {
189         return false;
190     }
191 
192     return GetPermissionDefList(jsonRes, permsRawData, USER_GRANT_DEFINE_PERMISSION, permDefList);
193 }
194 
195 /**
196  * @tc.name: CheckPermissionMapFuncTest001
197  * @tc.desc: Check if permissions in permission_definitions.json are consistent with g_permMap in permission_map.cpp
198  * @tc.type: FUNC
199  * @tc.require:
200  */
201 HWTEST_F(CheckPermissionMapTest, CheckPermissionMapFuncTest001, TestSize.Level1)
202 {
203     std::string permsRawData;
204     EXPECT_TRUE(ReadCfgFile(DEFINE_PERMISSION_FILE, permsRawData));
205 
206     std::vector<PermissionDef> permDefList;
207     EXPECT_TRUE(ParserPermsRawData(permsRawData, permDefList));
208 
209     uint32_t opCode;
210     for (const auto& perm : permDefList) {
211         // Check if permissions exist
212         bool isExsit = TransferPermissionToOpcode(perm.permissionName, opCode);
213         if (!isExsit) {
214             GTEST_LOG_(INFO) << "permission name is " << perm.permissionName;
215         }
216         EXPECT_TRUE(isExsit);
217         // Check true-user_grant/false-system_grant
218         if (perm.grantMode == AccessToken::GrantMode::USER_GRANT) {
219             EXPECT_TRUE(IsUserGrantPermission(perm.permissionName));
220         } else if (perm.grantMode == AccessToken::GrantMode::SYSTEM_GRANT) {
221             EXPECT_FALSE(IsUserGrantPermission(perm.permissionName));
222         }
223     }
224 }
225 } // namespace AccessToken
226 } // namespace Security
227 } // namespace OHOS