1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "revoke_permission_test.h"
17 #include "gtest/gtest.h"
18 #include <thread>
19
20 #include "access_token.h"
21 #include "access_token_error.h"
22 #include "accesstoken_common_log.h"
23 #include "accesstoken_service_ipc_interface_code.h"
24 #include "permission_grant_info.h"
25 #include "permission_state_change_info_parcel.h"
26 #include "string_ex.h"
27 #include "test_common.h"
28 #include "tokenid_kit.h"
29 #include "token_setproc.h"
30
31 using namespace testing::ext;
32 namespace OHOS {
33 namespace Security {
34 namespace AccessToken {
35 namespace {
36 static uint64_t g_selfTokenId = 0;
37 static const std::string TEST_BUNDLE_NAME = "ohos";
38 static const int INVALID_PERMNAME_LEN = 260;
39 static const unsigned int TEST_TOKENID_INVALID = 0;
40 static const int CYCLE_TIMES = 100;
41 static const int TEST_USER_ID = 0;
42 static constexpr int32_t DEFAULT_API_VERSION = 8;
43 };
44
SetUpTestCase()45 void RevokePermissionTest::SetUpTestCase()
46 {
47 g_selfTokenId = GetSelfTokenID();
48 TestCommon::SetTestEvironment(g_selfTokenId);
49
50 // clean up test cases
51 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
52 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
53 TestCommon::DeleteTestHapToken(tokenID);
54 }
55
TearDownTestCase()56 void RevokePermissionTest::TearDownTestCase()
57 {
58 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
59 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
60 TestCommon::DeleteTestHapToken(tokenID);
61
62 SetSelfTokenID(g_selfTokenId);
63 TestCommon::ResetTestEvironment();
64 }
65
SetUp()66 void RevokePermissionTest::SetUp()
67 {
68 LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok.");
69
70 setuid(0);
71 HapInfoParams info = {
72 .userID = TEST_USER_ID,
73 .bundleName = TEST_BUNDLE_NAME,
74 .instIndex = 0,
75 .appIDDesc = "RevokePermissionTest",
76 .apiVersion = DEFAULT_API_VERSION
77 };
78
79 PermissionStateFull permStatMicro = {
80 .permissionName = "ohos.permission.MICROPHONE",
81 .isGeneral = true,
82 .resDeviceID = {"device3"},
83 .grantStatus = {PermissionState::PERMISSION_DENIED},
84 .grantFlags = {PermissionFlag::PERMISSION_USER_SET}
85 };
86 PermissionStateFull permStatCamera = {
87 .permissionName = "ohos.permission.CAMERA",
88 .isGeneral = true,
89 .resDeviceID = {"device3"},
90 .grantStatus = {PermissionState::PERMISSION_GRANTED},
91 .grantFlags = {PermissionFlag::PERMISSION_USER_FIXED}
92 };
93
94 HapPolicyParams policy = {
95 .apl = APL_NORMAL,
96 .domain = "RevokePermissionTest",
97 .permStateList = { permStatMicro, permStatCamera },
98 };
99
100 AccessTokenIDEx tokenIdEx = {0};
101 ASSERT_EQ(RET_SUCCESS, TestCommon::AllocTestHapToken(info, policy, tokenIdEx));
102 AccessTokenID tokenId = tokenIdEx.tokenIdExStruct.tokenID;
103 ASSERT_NE(tokenId, INVALID_TOKENID);
104 }
105
TearDown()106 void RevokePermissionTest::TearDown()
107 {
108 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
109 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
110 TestCommon::DeleteTestHapToken(tokenID);
111 }
112
113 /**
114 * @tc.name: RevokePermissionFuncTest001
115 * @tc.desc: Revoke permission that has ohos.permission.REVOKE_SENSITIVE_PERMISSIONS
116 * @tc.type: FUNC
117 * @tc.require: Issue Number
118 */
119 HWTEST_F(RevokePermissionTest, RevokePermissionFuncTest001, TestSize.Level0)
120 {
121 LOGI(ATM_DOMAIN, ATM_TAG, "RevokePermissionFuncTest001");
122 std::vector<std::string> reqPerm;
123 reqPerm.emplace_back("ohos.permission.REVOKE_SENSITIVE_PERMISSIONS");
124 MockHapToken mock("RevokePermissionFuncTest001", reqPerm);
125
126 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
127 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
128 ASSERT_NE(INVALID_TOKENID, tokenID);
129 int ret = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED);
130 ASSERT_EQ(RET_SUCCESS, ret);
131
132 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE", false);
133 ASSERT_EQ(PERMISSION_DENIED, ret);
134
135 ret = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.CAMERA", PERMISSION_USER_FIXED);
136 ASSERT_EQ(RET_SUCCESS, ret);
137
138 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE", false);
139 ASSERT_EQ(PERMISSION_DENIED, ret);
140
141 ASSERT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenID));
142 }
143
144 /**
145 * @tc.name: RevokePermissionAbnormalTest001
146 * @tc.desc: Revoke permission that tokenID is invalid.
147 * @tc.type: FUNC
148 * @tc.require: Issue Number
149 */
150 HWTEST_F(RevokePermissionTest, RevokePermissionAbnormalTest001, TestSize.Level0)
151 {
152 LOGI(ATM_DOMAIN, ATM_TAG, "RevokePermissionAbnormalTest001");
153 std::vector<std::string> reqPerm;
154 reqPerm.emplace_back("ohos.permission.REVOKE_SENSITIVE_PERMISSIONS");
155 MockHapToken mock("RevokePermissionAbnormalTest001", reqPerm);
156
157 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
158 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
159 ASSERT_NE(INVALID_TOKENID, tokenID);
160
161 int ret = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.GAMMA", PERMISSION_USER_FIXED);
162 ASSERT_EQ(ERR_PERMISSION_NOT_EXIST, ret);
163
164 ASSERT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenID));
165 }
166
167 /**
168 * @tc.name: RevokePermissionAbnormalTest002
169 * @tc.desc: Revoke permission that permission is invalid.
170 * @tc.type: FUNC
171 * @tc.require: Issue Number
172 */
173 HWTEST_F(RevokePermissionTest, RevokePermissionAbnormalTest002, TestSize.Level0)
174 {
175 LOGI(ATM_DOMAIN, ATM_TAG, "RevokePermissionAbnormalTest002");
176 std::vector<std::string> reqPerm;
177 reqPerm.emplace_back("ohos.permission.REVOKE_SENSITIVE_PERMISSIONS");
178 MockHapToken mock("RevokePermissionAbnormalTest002", reqPerm);
179
180 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
181 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
182 ASSERT_NE(INVALID_TOKENID, tokenID);
183
184 int ret = AccessTokenKit::RevokePermission(tokenID, "", PERMISSION_USER_FIXED);
185 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret);
186
187 std::string invalidPerm(INVALID_PERMNAME_LEN, 'a');
188 ret = AccessTokenKit::RevokePermission(tokenID, invalidPerm, PERMISSION_USER_FIXED);
189 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret);
190
191 ret = AccessTokenKit::RevokePermission(TEST_TOKENID_INVALID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED);
192 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret);
193
194 ASSERT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenID));
195
196 ret = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.BETA", PERMISSION_USER_FIXED);
197 ASSERT_EQ(ERR_PERMISSION_NOT_EXIST, ret);
198 }
199
200 /**
201 * @tc.name: RevokePermissionAbnormalTest003
202 * @tc.desc: Revoke permission that flag is invalid.
203 * @tc.type: FUNC
204 * @tc.require:Issue I5RJBB
205 */
206 HWTEST_F(RevokePermissionTest, RevokePermissionAbnormalTest003, TestSize.Level0)
207 {
208 LOGI(ATM_DOMAIN, ATM_TAG, "RevokePermissionAbnormalTest003");
209 std::vector<std::string> reqPerm;
210 reqPerm.emplace_back("ohos.permission.REVOKE_SENSITIVE_PERMISSIONS");
211 MockHapToken mock("RevokePermissionAbnormalTest003", reqPerm);
212
213 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
214 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
215 ASSERT_NE(INVALID_TOKENID, tokenID);
216
217 int invalidFlag = -1;
218 int32_t ret = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.MICROPHONE", invalidFlag);
219 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret);
220
221 ASSERT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenID));
222 }
223
224 /**
225 * @tc.name: RevokePermissionSpecsTest001
226 * @tc.desc: RevokePermission is invoked multiple times.
227 * @tc.type: FUNC
228 * @tc.require: Issue Number
229 */
230 HWTEST_F(RevokePermissionTest, RevokePermissionSpecsTest001, TestSize.Level0)
231 {
232 LOGI(ATM_DOMAIN, ATM_TAG, "RevokePermissionSpecsTest001");
233 std::vector<std::string> reqPerm;
234 reqPerm.emplace_back("ohos.permission.REVOKE_SENSITIVE_PERMISSIONS");
235 MockHapToken mock("RevokePermissionSpecsTest001", reqPerm);
236
237 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
238 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
239 ASSERT_NE(INVALID_TOKENID, tokenID);
240 uint32_t flag;
241 for (int i = 0; i < CYCLE_TIMES; i++) {
242 int32_t ret = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED);
243 ASSERT_EQ(RET_SUCCESS, ret);
244
245 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE", false);
246 ASSERT_EQ(PERMISSION_DENIED, ret);
247
248 ret = AccessTokenKit::GetPermissionFlag(tokenID, "ohos.permission.MICROPHONE", flag);
249 ASSERT_EQ(PERMISSION_USER_FIXED, flag);
250 ASSERT_EQ(RET_SUCCESS, ret);
251 }
252 ASSERT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenID));
253 }
254
255 /**
256 * @tc.name: RevokePermissionSpecsTest002
257 * @tc.desc: Revoke permission caller is normal app.
258 * @tc.type: FUNC
259 * @tc.require: issueI66BH3
260 */
261 HWTEST_F(RevokePermissionTest, RevokePermissionSpecsTest002, TestSize.Level0)
262 {
263 LOGI(ATM_DOMAIN, ATM_TAG, "RevokePermissionSpecsTest002");
264 std::vector<std::string> reqPerm;
265 reqPerm.emplace_back("ohos.permission.REVOKE_SENSITIVE_PERMISSIONS");
266 MockHapToken mock("RevokePermissionSpecsTest002", reqPerm, false);
267
268 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
269 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
270 ASSERT_NE(INVALID_TOKENID, tokenID);
271
272 int ret = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED);
273 ASSERT_EQ(ERR_NOT_SYSTEM_APP, ret);
274
275 ASSERT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenID));
276 }
277
278 /**
279 * @tc.name: RevokePermissionSpecsTest003
280 * @tc.desc: Revoke permission caller is system app.
281 * @tc.type: FUNC
282 * @tc.require: issueI66BH3
283 */
284 HWTEST_F(RevokePermissionTest, RevokePermissionSpecsTest003, TestSize.Level0)
285 {
286 LOGI(ATM_DOMAIN, ATM_TAG, "RevokePermissionSpecsTest003");
287 std::vector<std::string> reqPerm;
288 reqPerm.emplace_back("ohos.permission.REVOKE_SENSITIVE_PERMISSIONS");
289 MockHapToken mock("RevokePermissionSpecsTest003", reqPerm, true);
290
291 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
292 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
293 ASSERT_NE(INVALID_TOKENID, tokenID);
294
295 int ret = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED);
296 ASSERT_EQ(RET_SUCCESS, ret);
297
298 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE", false);
299 ASSERT_EQ(PERMISSION_DENIED, ret);
300
301 ret = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.CAMERA", PERMISSION_USER_FIXED);
302 ASSERT_EQ(RET_SUCCESS, ret);
303
304 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE", false);
305 ASSERT_EQ(PERMISSION_DENIED, ret);
306
307 ASSERT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenID));
308 }
309 } // namespace AccessToken
310 } // namespace Security
311 } // namespace OHOS