1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "security_component_grant_test.h"
17 #include <thread>
18
19 #include "accesstoken_kit.h"
20 #include "access_token_error.h"
21 #include "permission_grant_info.h"
22 #include "nativetoken_kit.h"
23 #include "test_common.h"
24 #include "token_setproc.h"
25
26 using namespace testing::ext;
27 using namespace OHOS::Security::AccessToken;
28
29 namespace {
30 static const std::string TEST_PERMISSION = "ohos.permission.DISTRIBUTED_DATASYNC";
31 static const std::string TEST_PERMISSION_NOT_REQUESTED = "ohos.permission.GRANT_SENSITIVE_PERMISSIONS";
32 static uint64_t g_selfShellTokenId = 0;
33 static MockHapToken* g_mock = nullptr;
34 PermissionStateFull g_infoManagerTestState1 = {
35 .permissionName = TEST_PERMISSION,
36 .isGeneral = true,
37 .resDeviceID = {"local5"},
38 .grantStatus = {PermissionState::PERMISSION_DENIED},
39 .grantFlags = {0},
40 };
41
42 HapInfoParams g_infoManagerTestInfoParms = {
43 .userID = 1,
44 .bundleName = "security_component_grant_test",
45 .instIndex = 0,
46 .appIDDesc = "test5"
47 };
48
49 HapPolicyParams g_infoManagerTestPolicyPrams = {
50 .apl = APL_NORMAL,
51 .domain = "test.domain5",
52 .permStateList = {g_infoManagerTestState1}
53 };
54 }
55
SetUpTestCase()56 void SecurityComponentGrantTest::SetUpTestCase()
57 {
58 g_selfShellTokenId = GetSelfTokenID();
59 TestCommon::SetTestEvironment(g_selfShellTokenId);
60
61 std::vector<std::string> reqPerm;
62 reqPerm.emplace_back("ohos.permission.MANAGE_HAP_TOKENID");
63 reqPerm.emplace_back("ohos.permission.GET_SENSITIVE_PERMISSIONS");
64 reqPerm.emplace_back("ohos.permission.REVOKE_SENSITIVE_PERMISSIONS");
65 reqPerm.emplace_back("ohos.permission.GRANT_SENSITIVE_PERMISSIONS");
66 g_mock = new (std::nothrow) MockHapToken("SecurityComponentGrantTest", reqPerm, true);
67
68 GTEST_LOG_(INFO) << "SecurityComponentGrantTest, tokenID is " << g_selfShellTokenId;
69 GTEST_LOG_(INFO) << "SecurityComponentGrantTest, sel is " << GetSelfTokenID();
70 // make test case clean
71 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(g_infoManagerTestInfoParms.userID,
72 g_infoManagerTestInfoParms.bundleName, g_infoManagerTestInfoParms.instIndex);
73 TestCommon::DeleteTestHapToken(tokenIdEx.tokenIdExStruct.tokenID);
74 }
75
TearDownTestCase()76 void SecurityComponentGrantTest::TearDownTestCase()
77 {
78 if (g_mock != nullptr) {
79 delete g_mock;
80 g_mock = nullptr;
81 }
82 TestCommon::ResetTestEvironment();
83 SetSelfTokenID(g_selfShellTokenId);
84 }
85
SetUp()86 void SecurityComponentGrantTest::SetUp()
87 {
88 }
89
TearDown()90 void SecurityComponentGrantTest::TearDown()
91 {
92 }
93
AllocTestToken() const94 AccessTokenID SecurityComponentGrantTest::AllocTestToken() const
95 {
96 AccessTokenIDEx tokenIdEx = {0};
97 EXPECT_EQ(RET_SUCCESS,
98 TestCommon::AllocTestHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams, tokenIdEx));
99 return tokenIdEx.tokenIdExStruct.tokenID;
100 }
101
102 /**
103 * @tc.name: SecurityComponentGrantTest001
104 * @tc.desc: test security component grant when user has not operated.
105 * @tc.type: FUNC
106 * @tc.require:Issue Number
107 */
108 HWTEST_F(SecurityComponentGrantTest, SecurityComponentGrantTest001, TestSize.Level1)
109 {
110 AccessTokenID tokenID = AllocTestToken();
111 ASSERT_NE(tokenID, INVALID_TOKENID);
112 int32_t status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
113 ASSERT_EQ(status, PERMISSION_DENIED);
114 int32_t res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
115 ASSERT_EQ(res, RET_SUCCESS);
116 uint32_t flag = 0;
117 res = TestCommon::GetPermissionFlagByTest(tokenID, TEST_PERMISSION, flag);
118 ASSERT_EQ(res, RET_SUCCESS);
119 ASSERT_NE(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
120
121 status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
122 ASSERT_EQ(status, PERMISSION_GRANTED);
123
124 res = TestCommon::RevokePermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
125 ASSERT_EQ(res, RET_SUCCESS);
126 status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
127 ASSERT_EQ(status, PERMISSION_DENIED);
128 res = TestCommon::GetPermissionFlagByTest(tokenID, TEST_PERMISSION, flag);
129 ASSERT_EQ(res, RET_SUCCESS);
130 ASSERT_EQ(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
131 res = TestCommon::DeleteTestHapToken(tokenID);
132 ASSERT_EQ(res, RET_SUCCESS);
133 }
134
135 /**
136 * @tc.name: SecurityComponentGrantTest002
137 * @tc.desc: test security component grant when user has granted.
138 * @tc.type: FUNC
139 * @tc.require:Issue Number
140 */
141 HWTEST_F(SecurityComponentGrantTest, SecurityComponentGrantTest002, TestSize.Level1)
142 {
143 AccessTokenID tokenID = AllocTestToken();
144 ASSERT_NE(tokenID, INVALID_TOKENID);
145
146 // user grant
147 int32_t res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_USER_FIXED);
148 ASSERT_EQ(res, RET_SUCCESS);
149
150 // security component grant
151 res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
152 ASSERT_EQ(res, RET_SUCCESS);
153 int32_t status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
154 ASSERT_EQ(status, PERMISSION_GRANTED);
155 uint32_t flag = 0;
156 res = TestCommon::GetPermissionFlagByTest(tokenID, TEST_PERMISSION, flag);
157 ASSERT_EQ(res, RET_SUCCESS);
158 ASSERT_EQ(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
159
160 // security component revoke
161 res = TestCommon::RevokePermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
162 ASSERT_EQ(res, RET_SUCCESS);
163 status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
164 ASSERT_EQ(status, PERMISSION_GRANTED);
165 res = TestCommon::GetPermissionFlagByTest(tokenID, TEST_PERMISSION, flag);
166 ASSERT_EQ(res, RET_SUCCESS);
167 ASSERT_EQ(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
168 res = TestCommon::DeleteTestHapToken(tokenID);
169 ASSERT_EQ(res, RET_SUCCESS);
170 }
171
172 /**
173 * @tc.name: SecurityComponentGrantTest003
174 * @tc.desc: test security component grant when system has operated.
175 * @tc.type: FUNC
176 * @tc.require:Issue Number
177 */
178 HWTEST_F(SecurityComponentGrantTest, SecurityComponentGrantTest003, TestSize.Level1)
179 {
180 AccessTokenID tokenID = AllocTestToken();
181 ASSERT_NE(tokenID, INVALID_TOKENID);
182
183 // system grant
184 int32_t res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_GRANTED_BY_POLICY);
185 ASSERT_EQ(res, RET_SUCCESS);
186
187 // security component grant
188 res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
189 ASSERT_EQ(res, RET_SUCCESS);
190 int32_t status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
191 ASSERT_EQ(status, PERMISSION_GRANTED);
192 uint32_t flag = 0;
193 TestCommon::GetPermissionFlagByTest(tokenID, TEST_PERMISSION, flag);
194 ASSERT_EQ(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
195
196 // security component revoke
197 res = TestCommon::RevokePermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
198 ASSERT_EQ(res, RET_SUCCESS);
199 status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
200 ASSERT_EQ(status, PERMISSION_GRANTED);
201 res = TestCommon::GetPermissionFlagByTest(tokenID, TEST_PERMISSION, flag);
202 ASSERT_EQ(res, RET_SUCCESS);
203 ASSERT_EQ(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
204
205 res = TestCommon::DeleteTestHapToken(tokenID);
206 ASSERT_EQ(res, RET_SUCCESS);
207 }
208
209 /**
210 * @tc.name: SecurityComponentGrantTest004
211 * @tc.desc: test security component grant when user has revoked.
212 * @tc.type: FUNC
213 * @tc.require:Issue Number
214 */
215 HWTEST_F(SecurityComponentGrantTest, SecurityComponentGrantTest004, TestSize.Level1)
216 {
217 AccessTokenID tokenID = AllocTestToken();
218 ASSERT_NE(tokenID, INVALID_TOKENID);
219
220 // user revoke
221 int32_t res = TestCommon::RevokePermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_USER_FIXED);
222 ASSERT_EQ(res, RET_SUCCESS);
223 // security component grant
224 res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
225 ASSERT_NE(res, RET_SUCCESS);
226 int32_t status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
227 ASSERT_EQ(status, PERMISSION_DENIED);
228
229 uint32_t flag = 0;
230 res = TestCommon::GetPermissionFlagByTest(tokenID, TEST_PERMISSION, flag);
231 ASSERT_EQ(res, RET_SUCCESS);
232 ASSERT_EQ(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
233
234 // security component revoke
235 res = TestCommon::RevokePermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
236 ASSERT_EQ(res, RET_SUCCESS);
237 status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
238 ASSERT_EQ(status, PERMISSION_DENIED);
239 TestCommon::GetPermissionFlagByTest(tokenID, TEST_PERMISSION, flag);
240 ASSERT_EQ(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
241
242 res = TestCommon::DeleteTestHapToken(tokenID);
243 ASSERT_EQ(res, RET_SUCCESS);
244 }
245
246 /**
247 * @tc.name: SecurityComponentGrantTest005
248 * @tc.desc: test user has grant after security component grant.
249 * @tc.type: FUNC
250 * @tc.require:Issue Number
251 */
252 HWTEST_F(SecurityComponentGrantTest, SecurityComponentGrantTest005, TestSize.Level1)
253 {
254 AccessTokenID tokenID = AllocTestToken();
255 ASSERT_NE(tokenID, INVALID_TOKENID);
256
257 // security component grant
258 int32_t res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
259 ASSERT_EQ(res, RET_SUCCESS);
260 int32_t status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
261 ASSERT_EQ(status, PERMISSION_GRANTED);
262
263 // user grant
264 uint32_t flag = 0;
265 res = TestCommon::GetPermissionFlagByTest(tokenID, TEST_PERMISSION, flag);
266 ASSERT_EQ(res, RET_SUCCESS);
267 ASSERT_NE(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
268 res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_USER_FIXED);
269 ASSERT_EQ(res, RET_SUCCESS);
270 TestCommon::GetPermissionFlagByTest(tokenID, TEST_PERMISSION, flag);
271 ASSERT_EQ(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
272
273 // security component revoke
274 res = TestCommon::RevokePermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
275 ASSERT_EQ(res, RET_SUCCESS);
276 status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
277 ASSERT_EQ(status, PERMISSION_GRANTED);
278
279 res = TestCommon::DeleteTestHapToken(tokenID);
280 ASSERT_EQ(res, RET_SUCCESS);
281 }
282
283 /**
284 * @tc.name: SecurityComponentGrantTest006
285 * @tc.desc: test user has revoked after security component grant.
286 * @tc.type: FUNC
287 * @tc.require:Issue Number
288 */
289 HWTEST_F(SecurityComponentGrantTest, SecurityComponentGrantTest006, TestSize.Level1)
290 {
291 AccessTokenID tokenID = AllocTestToken();
292 ASSERT_NE(tokenID, INVALID_TOKENID);
293
294 // security component grant
295 int32_t res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
296 ASSERT_EQ(res, RET_SUCCESS);
297 int32_t status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
298 ASSERT_EQ(status, PERMISSION_GRANTED);
299
300 uint32_t flag = 0;
301 res = TestCommon::GetPermissionFlagByTest(tokenID, TEST_PERMISSION, flag);
302 ASSERT_EQ(res, RET_SUCCESS);
303 ASSERT_NE(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
304
305 // user revoke
306 res = TestCommon::RevokePermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_USER_FIXED);
307 ASSERT_EQ(res, RET_SUCCESS);
308 status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
309 ASSERT_EQ(status, PERMISSION_DENIED);
310 TestCommon::GetPermissionFlagByTest(tokenID, TEST_PERMISSION, flag);
311 ASSERT_EQ(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
312
313 // security component revoke
314 res = TestCommon::RevokePermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
315 ASSERT_EQ(res, RET_SUCCESS);
316 status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
317 ASSERT_EQ(status, PERMISSION_DENIED);
318
319 res = TestCommon::DeleteTestHapToken(tokenID);
320 ASSERT_EQ(res, RET_SUCCESS);
321 }
322
323 /**
324 * @tc.name: SecurityComponentGrantTest007
325 * @tc.desc: test permission pop-up after security component grant.
326 * @tc.type: FUNC
327 * @tc.require:Issue Number
328 */
329 HWTEST_F(SecurityComponentGrantTest, SecurityComponentGrantTest007, TestSize.Level1)
330 {
331 uint64_t selfToken = GetSelfTokenID();
332 MockNativeToken mock("foundation");
333 AccessTokenID tokenID = AllocTestToken();
334 ASSERT_NE(tokenID, INVALID_TOKENID);
335 AccessTokenID nativeTokenID = GetSelfTokenID();
336 // security component grant
337 int32_t res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
338 ASSERT_EQ(res, RET_SUCCESS);
339 int32_t status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
340 ASSERT_EQ(status, PERMISSION_GRANTED);
341
342 PermissionOper result;
343 PermissionListState perm1 = {
344 .permissionName = TEST_PERMISSION,
345 .state = SETTING_OPER,
346 };
347 std::vector<PermissionListState> permList;
348 permList.emplace_back(perm1);
349 // check to pop up
350 EXPECT_EQ(0, SetSelfTokenID(tokenID));
351 PermissionGrantInfo info;
352 result = AccessTokenKit::GetSelfPermissionsState(permList, info);
353 ASSERT_EQ(result, DYNAMIC_OPER);
354
355 // check not to pop up
356 EXPECT_EQ(0, SetSelfTokenID(nativeTokenID));
357 TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_USER_FIXED);
358
359 EXPECT_EQ(0, SetSelfTokenID(tokenID));
360 result = AccessTokenKit::GetSelfPermissionsState(permList, info);
361 ASSERT_EQ(result, PASS_OPER);
362
363 // security component revoke
364 EXPECT_EQ(0, SetSelfTokenID(nativeTokenID));
365 TestCommon::RevokePermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
366
367 res = TestCommon::DeleteTestHapToken(tokenID);
368 ASSERT_EQ(res, RET_SUCCESS);
369
370 EXPECT_EQ(0, SetSelfTokenID(nativeTokenID));
371 EXPECT_EQ(0, SetSelfTokenID(selfToken));
372 }
373
374 /**
375 * @tc.name: SecurityComponentGrantTest008
376 * @tc.desc: test permission pop-up after security component grant.
377 * @tc.type: FUNC
378 * @tc.require:Issue Number
379 */
380 HWTEST_F(SecurityComponentGrantTest, SecurityComponentGrantTest008, TestSize.Level1)
381 {
382 AccessTokenID tokenID = AllocTestToken();
383 ASSERT_NE(tokenID, INVALID_TOKENID);
384
385 // security component grant
386 int32_t res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
387 ASSERT_EQ(res, RET_SUCCESS);
388 int32_t status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
389 ASSERT_EQ(status, PERMISSION_GRANTED);
390
391 // security component grant repeat
392 res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
393 ASSERT_EQ(res, RET_SUCCESS);
394
395 // security component revoke
396 res = TestCommon::RevokePermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
397 ASSERT_EQ(res, RET_SUCCESS);
398
399 // security component revoke repeat
400 res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
401 ASSERT_EQ(res, RET_SUCCESS);
402
403 res = TestCommon::DeleteTestHapToken(tokenID);
404 ASSERT_EQ(res, RET_SUCCESS);
405 }
406
407 class CbCustomizeTest : public PermStateChangeCallbackCustomize {
408 public:
CbCustomizeTest(const PermStateChangeScope & scopeInfo)409 explicit CbCustomizeTest(const PermStateChangeScope &scopeInfo)
410 : PermStateChangeCallbackCustomize(scopeInfo)
411 {
412 }
413
~CbCustomizeTest()414 ~CbCustomizeTest()
415 {}
416
PermStateChangeCallback(PermStateChangeInfo & result)417 virtual void PermStateChangeCallback(PermStateChangeInfo& result)
418 {
419 ready2_ = true;
420 }
421
422 bool ready2_ = false;
423 };
424
425 /**
426 * @tc.name: SecurityComponentGrantTest009
427 * @tc.desc: test permission pop-up after security component grant.
428 * @tc.type: FUNC
429 * @tc.require:Issue Number
430 */
431 HWTEST_F(SecurityComponentGrantTest, SecurityComponentGrantTest009, TestSize.Level1)
432 {
433 PermStateChangeScope scopeInfo9;
434 scopeInfo9.permList = {TEST_PERMISSION};
435 scopeInfo9.tokenIDs = {};
436 auto callbackPtr = std::make_shared<CbCustomizeTest>(scopeInfo9);
437 callbackPtr->ready2_ = false;
438
439 int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr);
440 ASSERT_EQ(RET_SUCCESS, res);
441
442 AccessTokenID tokenID = AllocTestToken();
443 ASSERT_NE(tokenID, INVALID_TOKENID);
444
445 // security component grant
446 res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
447 ASSERT_EQ(res, RET_SUCCESS);
448 usleep(500000); // 500000us = 0.5s
449 ASSERT_EQ(callbackPtr->ready2_, true);
450 callbackPtr->ready2_ = false;
451
452 // user grant
453 res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_USER_FIXED);
454 ASSERT_EQ(res, RET_SUCCESS);
455 usleep(500000); // 500000us = 0.5s
456 ASSERT_EQ(callbackPtr->ready2_, false);
457
458 // security component revoke
459 res = TestCommon::RevokePermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_USER_FIXED);
460 ASSERT_EQ(res, RET_SUCCESS);
461 usleep(500000); // 500000us = 0.5s
462 ASSERT_EQ(callbackPtr->ready2_, true);
463 callbackPtr->ready2_ = false;
464
465 // security component revoke repeat
466 res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
467 ASSERT_NE(res, RET_SUCCESS);
468 usleep(500000); // 500000us = 0.5s
469 ASSERT_EQ(callbackPtr->ready2_, false);
470
471 res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr);
472 ASSERT_EQ(RET_SUCCESS, res);
473
474 res = TestCommon::DeleteTestHapToken(tokenID);
475 ASSERT_EQ(res, RET_SUCCESS);
476 }
477
478 /**
479 * @tc.name: SecurityComponentGrantTest010
480 * @tc.desc: test permission pop-up after security component grant.
481 * @tc.type: FUNC
482 * @tc.require:Issue Number
483 */
484 HWTEST_F(SecurityComponentGrantTest, SecurityComponentGrantTest010, TestSize.Level1)
485 {
486 PermStateChangeScope scopeInfo10;
487 scopeInfo10.permList = {TEST_PERMISSION};
488 scopeInfo10.tokenIDs = {};
489 auto callbackPtr = std::make_shared<CbCustomizeTest>(scopeInfo10);
490 callbackPtr->ready2_ = false;
491
492 int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr);
493 ASSERT_EQ(RET_SUCCESS, res);
494
495 AccessTokenID tokenID = AllocTestToken();
496 ASSERT_NE(tokenID, INVALID_TOKENID);
497
498 // security component grant
499 res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
500 ASSERT_EQ(res, RET_SUCCESS);
501 usleep(500000); // 500000us = 0.5s
502 ASSERT_EQ(callbackPtr->ready2_, true);
503 callbackPtr->ready2_ = false;
504
505 // user revoke
506 res = TestCommon::RevokePermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_USER_FIXED);
507 ASSERT_EQ(res, RET_SUCCESS);
508 usleep(500000); // 500000us = 0.5s
509 ASSERT_EQ(callbackPtr->ready2_, true);
510 callbackPtr->ready2_ = false;
511
512 // security component revoke
513 res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
514 ASSERT_NE(res, RET_SUCCESS);
515 usleep(500000); // 500000us = 0.5s
516 ASSERT_EQ(callbackPtr->ready2_, false);
517
518 res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr);
519 ASSERT_EQ(RET_SUCCESS, res);
520
521 res = TestCommon::DeleteTestHapToken(tokenID);
522 ASSERT_EQ(res, RET_SUCCESS);
523 }
524
525 /**
526 * @tc.name: SecurityComponentGrantTest011
527 * @tc.desc: test permission pop-up after security component grant.
528 * @tc.type: FUNC
529 * @tc.require:Issue Number
530 */
531 HWTEST_F(SecurityComponentGrantTest, SecurityComponentGrantTest011, TestSize.Level1)
532 {
533 PermStateChangeScope scopeInfo;
534 scopeInfo.permList = {TEST_PERMISSION_NOT_REQUESTED};
535 scopeInfo.tokenIDs = {};
536 auto callbackPtr = std::make_shared<CbCustomizeTest>(scopeInfo);
537 callbackPtr->ready2_ = false;
538
539 int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr);
540 ASSERT_EQ(RET_SUCCESS, res);
541
542 AccessTokenID tokenID = AllocTestToken();
543 ASSERT_NE(tokenID, INVALID_TOKENID);
544
545 // security component grant a not requested permission
546 res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION_NOT_REQUESTED, PERMISSION_COMPONENT_SET);
547 ASSERT_EQ(res, RET_SUCCESS);
548 usleep(500000); // 500000us = 0.5s
549 ASSERT_EQ(callbackPtr->ready2_, true);
550 callbackPtr->ready2_ = false;
551
552 int32_t status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NOT_REQUESTED, false);
553 ASSERT_EQ(status, PERMISSION_GRANTED);
554
555 // security component revoke
556 res = TestCommon::RevokePermissionByTest(tokenID, TEST_PERMISSION_NOT_REQUESTED, PERMISSION_COMPONENT_SET);
557 ASSERT_EQ(res, RET_SUCCESS);
558 usleep(500000); // 500000us = 0.5s
559 ASSERT_EQ(callbackPtr->ready2_, true);
560
561 status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NOT_REQUESTED, false);
562 ASSERT_EQ(status, PERMISSION_DENIED);
563
564 res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr);
565 ASSERT_EQ(RET_SUCCESS, res);
566
567 res = TestCommon::DeleteTestHapToken(tokenID);
568 ASSERT_EQ(res, RET_SUCCESS);
569 }
570