1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "grant_permission_for_specified_time_test.h"
17 #include "accesstoken_kit.h"
18 #include "access_token_error.h"
19 #include "accesstoken_common_log.h"
20 #include "nativetoken_kit.h"
21 #include "token_setproc.h"
22 #include "test_common.h"
23
24 namespace OHOS {
25 namespace Security {
26 namespace AccessToken {
27 namespace {
28 static uint64_t g_selfTokenId = 0;
29 static int32_t g_selfUid;
30 static std::string SHORT_TEMP_PERMISSION = "ohos.permission.SHORT_TERM_WRITE_IMAGEVIDEO";
31 static MockHapToken* g_mock = nullptr;
32 static PermissionStateFull g_permiState = {
33 .permissionName = SHORT_TEMP_PERMISSION,
34 .isGeneral = true,
35 .resDeviceID = {"localC"},
36 .grantStatus = {PermissionState::PERMISSION_GRANTED},
37 .grantFlags = {1}
38 };
39
40 static HapPolicyParams g_policyPrams = {
41 .apl = APL_NORMAL,
42 .domain = "test.domain",
43 .permStateList = {g_permiState}
44 };
45
46 static HapInfoParams g_infoParms = {
47 .userID = 1,
48 .bundleName = "GrantPermissionForSpecifiedTimeTest",
49 .instIndex = 0,
50 .appIDDesc = "test.bundle",
51 .isSystemApp = true
52 };
53 }
54
55 using namespace testing::ext;
56
SetUpTestCase()57 void GrantPermissionForSpecifiedTimeTest::SetUpTestCase()
58 {
59 g_selfTokenId = GetSelfTokenID();
60 g_selfUid = getuid();
61
62 TestCommon::SetTestEvironment(g_selfTokenId);
63
64 std::vector<std::string> reqPerm;
65 reqPerm.emplace_back("ohos.permission.GRANT_SHORT_TERM_WRITE_MEDIAVIDEO");
66 g_mock = new (std::nothrow) MockHapToken("GrantPermissionForSpecifiedTimeTest", reqPerm);
67 }
68
TearDownTestCase()69 void GrantPermissionForSpecifiedTimeTest::TearDownTestCase()
70 {
71 if (g_mock != nullptr) {
72 delete g_mock;
73 g_mock = nullptr;
74 }
75 setuid(g_selfUid);
76 EXPECT_EQ(0, SetSelfTokenID(g_selfTokenId));
77 TestCommon::ResetTestEvironment();
78 }
79
SetUp()80 void GrantPermissionForSpecifiedTimeTest::SetUp()
81 {
82 setuid(0);
83 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(
84 g_infoParms.userID, g_infoParms.bundleName, g_infoParms.instIndex);
85 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
86 TestCommon::DeleteTestHapToken(tokenID);
87
88 ASSERT_EQ(RET_SUCCESS, TestCommon::AllocTestHapToken(g_infoParms, g_policyPrams, tokenIdEx));
89 EXPECT_NE(0, tokenIdEx.tokenIdExStruct.tokenID);
90 }
91
TearDown()92 void GrantPermissionForSpecifiedTimeTest::TearDown()
93 {
94 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(
95 g_infoParms.userID, g_infoParms.bundleName, g_infoParms.instIndex);
96 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
97 TestCommon::DeleteTestHapToken(tokenID);
98 }
99
100 /**
101 * @tc.name: GrantPermissionForSpecifiedTimeAbnormalTest001
102 * @tc.desc: GrantPermissionForSpecifiedTime without invalid parameter.
103 * @tc.type: FUNC
104 * @tc.require:Issue Number
105 */
106 HWTEST_F(GrantPermissionForSpecifiedTimeTest, GrantPermissionForSpecifiedTimeAbnormalTest001, TestSize.Level1)
107 {
108 LOGI(ATM_DOMAIN, ATM_TAG, "GrantPermissionForSpecifiedTimeAbnormalTest001");
109 AccessTokenID tokenId = INVALID_TOKENID;
110 uint32_t onceTime = 0;
111
112 /* 0 is invalid token id */
113 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID,
114 AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, "permission", onceTime));
115
116 tokenId = 123;
117 /* 0 is invalid permissionName length */
118 const std::string invalidPerm1 = "";
119 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID,
120 AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, invalidPerm1, onceTime));
121
122 /* 256 is invalid permissionName length */
123 const std::string invalidPerm2 (257, 'x');
124 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID,
125 AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, invalidPerm2, onceTime));
126
127 /* 0 is invalid time */
128 uint32_t invalidOnceTime1 = 0;
129 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID,
130 AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, SHORT_TEMP_PERMISSION, invalidOnceTime1));
131
132 /* 301 is invalid time */
133 uint32_t invalidOnceTime2 = 301;
134 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID,
135 AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, SHORT_TEMP_PERMISSION, invalidOnceTime2));
136 }
137
138 /**
139 * @tc.name: GrantPermissionForSpecifiedTimeAbnormalTest002
140 * @tc.desc: permission is not request.
141 * @tc.type: FUNC
142 * @tc.require:Issue Number
143 */
144 HWTEST_F(GrantPermissionForSpecifiedTimeTest, GrantPermissionForSpecifiedTimeAbnormalTest002, TestSize.Level1)
145 {
146 LOGI(ATM_DOMAIN, ATM_TAG, "GrantPermissionForSpecifiedTimeAbnormalTest002");
147 HapPolicyParams policyPrams = g_policyPrams;
148 HapInfoParams infoParms = g_infoParms;
149 policyPrams.permStateList.clear();
150
151 AccessTokenIDEx tokenIdEx = {0};
152 ASSERT_EQ(RET_SUCCESS, TestCommon::AllocTestHapToken(infoParms, policyPrams, tokenIdEx));
153 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
154 ASSERT_NE(INVALID_TOKENID, tokenID);
155 uint32_t onceTime = 10; // 10: 10s
156
157 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID,
158 AccessTokenKit::GrantPermissionForSpecifiedTime(tokenID, SHORT_TEMP_PERMISSION, onceTime));
159 }
160
161 /**
162 * @tc.name: GrantPermissionForSpecifiedTimeAbnormalTest003
163 * @tc.desc: test unsupport permission.
164 * @tc.type: FUNC
165 * @tc.require:Issue Number
166 */
167 HWTEST_F(GrantPermissionForSpecifiedTimeTest, GrantPermissionForSpecifiedTimeAbnormalTest003, TestSize.Level1)
168 {
169 LOGI(ATM_DOMAIN, ATM_TAG, "GrantPermissionForSpecifiedTimeAbnormalTest003");
170 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(
171 g_infoParms.userID, g_infoParms.bundleName, g_infoParms.instIndex);
172 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
173 ASSERT_NE(INVALID_TOKENID, tokenID);
174 uint32_t onceTime = 10; // 10: 10s
175 std::string permission = "ohos.permission.CAMERA";
176
177 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID,
178 AccessTokenKit::GrantPermissionForSpecifiedTime(tokenID, permission, onceTime));
179 }
180
181 /**
182 * @tc.name: GrantPermissionForSpecifiedTimeAbnormalTest004
183 * @tc.desc: GrantPermissionForSpecifiedTime with no permission
184 * @tc.type: FUNC
185 * @tc.require:
186 */
187 HWTEST_F(GrantPermissionForSpecifiedTimeTest, GrantPermissionForSpecifiedTimeAbnormalTest004, TestSize.Level1)
188 {
189 LOGI(ATM_DOMAIN, ATM_TAG, "GrantPermissionForSpecifiedTimeAbnormalTest004");
190 uint64_t selfTokenId = GetSelfTokenID();
191 SetSelfTokenID(g_selfTokenId);
192 setuid(1234);
193 AccessTokenID tokenId = 123;
194 std::string permission = "permission";
195 uint32_t onceTime = 1;
196 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED,
197 AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, permission, onceTime));
198 setuid(g_selfUid);
199 SetSelfTokenID(selfTokenId);
200 }
201
202 /**
203 * @tc.name: GrantPermissionForSpecifiedTimeSpecsTest001
204 * @tc.desc: 1. The permission is granted when onceTime is not reached;
205 * 2. The permission is revoked after onceTime is reached.
206 * @tc.type: FUNC
207 * @tc.require:Issue Number
208 */
209 HWTEST_F(GrantPermissionForSpecifiedTimeTest, GrantPermissionForSpecifiedTimeSpecsTest001, TestSize.Level1)
210 {
211 LOGI(ATM_DOMAIN, ATM_TAG, "GrantPermissionForSpecifiedTimeSpecsTest001");
212 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(
213 g_infoParms.userID, g_infoParms.bundleName, g_infoParms.instIndex);
214 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
215 ASSERT_NE(INVALID_TOKENID, tokenID);
216 uint32_t onceTime = 2;
217
218 ASSERT_EQ(RET_SUCCESS,
219 AccessTokenKit::GrantPermissionForSpecifiedTime(tokenID, SHORT_TEMP_PERMISSION, onceTime));
220
221 ASSERT_EQ(PermissionState::PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
222
223 sleep(onceTime + 1);
224
225 ASSERT_EQ(PermissionState::PERMISSION_DENIED,
226 AccessTokenKit::VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION, true));
227 }
228
229 /**
230 * @tc.name: GrantPermissionForSpecifiedTimeSpecsTest002
231 * @tc.desc: 1. The permission is granted when onceTime is not reached;
232 * 2. onceTime is update when GrantPermissionForSpecifiedTime is called twice.
233 * @tc.type: FUNC
234 * @tc.require:Issue Number
235 */
236 HWTEST_F(GrantPermissionForSpecifiedTimeTest, GrantPermissionForSpecifiedTimeSpecsTest002, TestSize.Level1)
237 {
238 LOGI(ATM_DOMAIN, ATM_TAG, "GrantPermissionForSpecifiedTimeSpecsTest002");
239 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(
240 g_infoParms.userID, g_infoParms.bundleName, g_infoParms.instIndex);
241 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
242 ASSERT_NE(INVALID_TOKENID, tokenID);
243 uint32_t onceTime = 3;
244
245 ASSERT_EQ(RET_SUCCESS,
246 AccessTokenKit::GrantPermissionForSpecifiedTime(tokenID, SHORT_TEMP_PERMISSION, onceTime));
247 sleep(onceTime - 1);
248 ASSERT_EQ(PermissionState::PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
249
250 // update onceTime
251 onceTime = 5;
252 ASSERT_EQ(RET_SUCCESS,
253 AccessTokenKit::GrantPermissionForSpecifiedTime(tokenID, SHORT_TEMP_PERMISSION, onceTime));
254
255 // first onceTime is reached, permission is not revoked
256 sleep(1);
257 ASSERT_EQ(PermissionState::PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
258
259 // second onceTime is reached, permission is revoked
260 sleep(onceTime);
261 ASSERT_EQ(PermissionState::PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
262 }
263 } // namespace AccessToken
264 } // namespace Security
265 } // namespace OHOS