1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "grant_permission_test.h"
17 #include "gtest/gtest.h"
18 #include <thread>
19
20 #include "access_token.h"
21 #include "access_token_error.h"
22 #include "accesstoken_common_log.h"
23 #include "accesstoken_service_ipc_interface_code.h"
24 #include "permission_grant_info.h"
25 #include "permission_state_change_info_parcel.h"
26 #include "string_ex.h"
27 #include "test_common.h"
28 #include "tokenid_kit.h"
29 #include "token_setproc.h"
30
31 using namespace testing::ext;
32 namespace OHOS {
33 namespace Security {
34 namespace AccessToken {
35 namespace {
36 static uint64_t g_selfTokenId = 0;
37 static const std::string TEST_BUNDLE_NAME = "ohos";
38 static const int INVALID_PERMNAME_LEN = 260;
39 static const unsigned int TEST_TOKENID_INVALID = 0;
40 static const int CYCLE_TIMES = 100;
41 static const int TEST_USER_ID = 0;
42 static constexpr int32_t DEFAULT_API_VERSION = 8;
43 };
44
SetUpTestCase()45 void GrantPermissionTest::SetUpTestCase()
46 {
47 g_selfTokenId = GetSelfTokenID();
48 TestCommon::SetTestEvironment(g_selfTokenId);
49
50 // clean up test cases
51 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
52 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
53 TestCommon::DeleteTestHapToken(tokenID);
54 }
55
TearDownTestCase()56 void GrantPermissionTest::TearDownTestCase()
57 {
58 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
59 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
60 TestCommon::DeleteTestHapToken(tokenID);
61
62 SetSelfTokenID(g_selfTokenId);
63 TestCommon::ResetTestEvironment();
64 }
65
SetUp()66 void GrantPermissionTest::SetUp()
67 {
68 LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok.");
69
70 setuid(0);
71 HapInfoParams info = {
72 .userID = TEST_USER_ID,
73 .bundleName = TEST_BUNDLE_NAME,
74 .instIndex = 0,
75 .appIDDesc = "GrantPermissionTest",
76 .apiVersion = DEFAULT_API_VERSION
77 };
78 PermissionStateFull permStatMicro = {
79 .permissionName = "ohos.permission.MICROPHONE",
80 .isGeneral = true,
81 .resDeviceID = {"device3"},
82 .grantStatus = {PermissionState::PERMISSION_DENIED},
83 .grantFlags = {PermissionFlag::PERMISSION_USER_SET}
84 };
85 PermissionStateFull permStatCam = {
86 .permissionName = "ohos.permission.CAMERA",
87 .isGeneral = true,
88 .resDeviceID = {"device3"},
89 .grantStatus = {PermissionState::PERMISSION_GRANTED},
90 .grantFlags = {PermissionFlag::PERMISSION_USER_FIXED}
91 };
92
93 HapPolicyParams policy = {
94 .apl = APL_NORMAL,
95 .domain = "GrantPermissionTest",
96 .permStateList = { permStatMicro, permStatCam },
97 };
98
99 AccessTokenIDEx tokenIdEx = {0};
100 ASSERT_EQ(RET_SUCCESS, TestCommon::AllocTestHapToken(info, policy, tokenIdEx));
101 AccessTokenID tokenId = tokenIdEx.tokenIdExStruct.tokenID;
102 ASSERT_NE(tokenId, INVALID_TOKENID);
103 }
104
TearDown()105 void GrantPermissionTest::TearDown()
106 {
107 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
108 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
109 TestCommon::DeleteTestHapToken(tokenID);
110 }
111
112 /**
113 * @tc.name: GrantPermissionFuncTest001
114 * @tc.desc: Grant permission that has ohos.permission.GRANT_SENSITIVE_PERMISSIONS
115 * @tc.type: FUNC
116 * @tc.require: Issue Number
117 */
118 HWTEST_F(GrantPermissionTest, GrantPermissionFuncTest001, TestSize.Level0)
119 {
120 LOGI(ATM_DOMAIN, ATM_TAG, "GrantPermissionFuncTest001");
121 std::vector<std::string> reqPerm;
122 reqPerm.emplace_back("ohos.permission.GRANT_SENSITIVE_PERMISSIONS");
123 MockHapToken mock("GrantPermissionFuncTest001", reqPerm);
124
125 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
126 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
127 ASSERT_NE(INVALID_TOKENID, tokenID);
128 int ret = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED);
129 ASSERT_EQ(RET_SUCCESS, ret);
130
131 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE", false);
132 ASSERT_EQ(PERMISSION_GRANTED, ret);
133
134 ret = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.CAMERA", PERMISSION_USER_FIXED);
135 ASSERT_EQ(RET_SUCCESS, ret);
136
137 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.CAMERA", false);
138 ASSERT_EQ(PERMISSION_GRANTED, ret);
139
140 ASSERT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenID));
141 }
142
143 /**
144 * @tc.name: GrantPermissionAbnormalTest001
145 * @tc.desc: Grant permission that tokenID or permission is invalid.
146 * @tc.type: FUNC
147 * @tc.require: Issue Number
148 */
149 HWTEST_F(GrantPermissionTest, GrantPermissionAbnormalTest001, TestSize.Level0)
150 {
151 LOGI(ATM_DOMAIN, ATM_TAG, "GrantPermissionAbnormalTest001");
152 std::vector<std::string> reqPerm;
153 reqPerm.emplace_back("ohos.permission.GRANT_SENSITIVE_PERMISSIONS");
154 MockHapToken mock("GrantPermissionAbnormalTest001", reqPerm);
155
156 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
157 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
158 ASSERT_NE(INVALID_TOKENID, tokenID);
159
160 int ret = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.GAMMA", PERMISSION_USER_FIXED);
161 ASSERT_EQ(ERR_PERMISSION_NOT_EXIST, ret);
162
163 ret = AccessTokenKit::GrantPermission(tokenID, "", PERMISSION_USER_FIXED);
164 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret);
165
166 std::string invalidPerm(INVALID_PERMNAME_LEN, 'a');
167 ret = AccessTokenKit::GrantPermission(tokenID, invalidPerm, PERMISSION_USER_FIXED);
168 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret);
169
170 ret = AccessTokenKit::GrantPermission(TEST_TOKENID_INVALID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED);
171 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret);
172
173 ASSERT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenID));
174
175 ret = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.BETA", PERMISSION_USER_FIXED);
176 ASSERT_EQ(ERR_PERMISSION_NOT_EXIST, ret);
177 }
178
179 /**
180 * @tc.name: GrantPermissionAbnormalTest002
181 * @tc.desc: GrantPermission function abnormal branch
182 * @tc.type: FUNC
183 * @tc.require:Issue I5RJBB
184 */
185 HWTEST_F(GrantPermissionTest, GrantPermissionAbnormalTest002, TestSize.Level0)
186 {
187 LOGI(ATM_DOMAIN, ATM_TAG, "GrantPermissionAbnormalTest002");
188 std::vector<std::string> reqPerm;
189 reqPerm.emplace_back("ohos.permission.GRANT_SENSITIVE_PERMISSIONS");
190 MockHapToken mock("GrantPermissionAbnormalTest002", reqPerm);
191
192 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
193 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
194 ASSERT_NE(INVALID_TOKENID, tokenID);
195
196 int32_t invalidFlag = -1;
197 int32_t ret = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.MICROPHONE", invalidFlag);
198 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret);
199 ASSERT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenID));
200 }
201
202 /**
203 * @tc.name: GrantPermissionSpecsTest001
204 * @tc.desc: GrantPermission is invoked multiple times.
205 * @tc.type: FUNC
206 * @tc.require: Issue Number
207 */
208 HWTEST_F(GrantPermissionTest, GrantPermissionSpecsTest001, TestSize.Level0)
209 {
210 LOGI(ATM_DOMAIN, ATM_TAG, "GrantPermissionSpecsTest001");
211 std::vector<std::string> reqPerm;
212 reqPerm.emplace_back("ohos.permission.GRANT_SENSITIVE_PERMISSIONS");
213 MockHapToken mock("GrantPermissionSpecsTest001", reqPerm);
214
215 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
216 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
217 ASSERT_NE(INVALID_TOKENID, tokenID);
218 uint32_t flag;
219 for (int i = 0; i < CYCLE_TIMES; i++) {
220 int32_t ret = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED);
221 ASSERT_EQ(RET_SUCCESS, ret);
222
223 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE", false);
224 ASSERT_EQ(PERMISSION_GRANTED, ret);
225
226 ret = AccessTokenKit::GetPermissionFlag(tokenID, "ohos.permission.MICROPHONE", flag);
227 ASSERT_EQ(PERMISSION_USER_FIXED, flag);
228 ASSERT_EQ(RET_SUCCESS, ret);
229 }
230 ASSERT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenID));
231 }
232
233 /**
234 * @tc.name: GrantPermissionSpecsTest002
235 * @tc.desc: GrantPermission caller is normal app.
236 * @tc.type: FUNC
237 * @tc.require: issueI66BH3
238 */
239 HWTEST_F(GrantPermissionTest, GrantPermissionSpecsTest002, TestSize.Level0)
240 {
241 LOGI(ATM_DOMAIN, ATM_TAG, "GrantPermissionSpecsTest002");
242 std::vector<std::string> reqPerm;
243 reqPerm.emplace_back("ohos.permission.GRANT_SENSITIVE_PERMISSIONS");
244 MockHapToken mock("GrantPermissionSpecsTest002", reqPerm, false);
245
246 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
247 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
248 ASSERT_NE(INVALID_TOKENID, tokenID);
249 int ret = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED);
250 ASSERT_EQ(ERR_NOT_SYSTEM_APP, ret);
251
252 ASSERT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenID));
253 }
254
255 /**
256 * @tc.name: GrantPermissionSpecsTest003
257 * @tc.desc: GrantPermission caller is system app.
258 * @tc.type: FUNC
259 * @tc.require: issueI66BH3
260 */
261 HWTEST_F(GrantPermissionTest, GrantPermissionSpecsTest003, TestSize.Level0)
262 {
263 LOGI(ATM_DOMAIN, ATM_TAG, "GrantPermissionSpecsTest003");
264 std::vector<std::string> reqPerm;
265 reqPerm.emplace_back("ohos.permission.GRANT_SENSITIVE_PERMISSIONS");
266 MockHapToken mock("GrantPermissionSpecsTest003", reqPerm, true);
267
268 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
269 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
270 int ret = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED);
271 ASSERT_EQ(RET_SUCCESS, ret);
272
273 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE", false);
274 ASSERT_EQ(PERMISSION_GRANTED, ret);
275
276 ASSERT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenID));
277 }
278
279 /**
280 * @tc.name: GrantPermissionSpecsTest004
281 * @tc.desc: success to revoke permission when granting permission twice by secure component.
282 * @tc.type: FUNC
283 * @tc.require: issueI66BH3
284 */
285 HWTEST_F(GrantPermissionTest, GrantPermissionSpecsTest004, TestSize.Level0)
286 {
287 std::vector<std::string> reqPerm;
288 reqPerm.emplace_back("ohos.permission.GRANT_SENSITIVE_PERMISSIONS");
289 reqPerm.emplace_back("ohos.permission.REVOKE_SENSITIVE_PERMISSIONS");
290 MockHapToken mock("GrantPermissionSpecsTest004", reqPerm, true);
291
292 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
293 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
294 int ret = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.SECURE_PASTE", PERMISSION_COMPONENT_SET);
295 ASSERT_EQ(RET_SUCCESS, ret);
296 ret = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.SECURE_PASTE", PERMISSION_COMPONENT_SET);
297 ASSERT_EQ(RET_SUCCESS, ret);
298
299 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.SECURE_PASTE", false);
300 ASSERT_EQ(PERMISSION_GRANTED, ret);
301
302 ret = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.SECURE_PASTE", PERMISSION_COMPONENT_SET);
303 ASSERT_EQ(RET_SUCCESS, ret);
304
305 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.SECURE_PASTE", false);
306 ASSERT_EQ(PERMISSION_DENIED, ret);
307
308 ASSERT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenID));
309 }
310 } // namespace AccessToken
311 } // namespace Security
312 } // namespace OHOS
313