1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "short_grant_manager_test.h"
17
18 #include "access_token.h"
19 #include "access_token_error.h"
20 #include "accesstoken_info_manager.h"
21
22 #define private public
23 #include "short_grant_manager.h"
24 #undef private
25
26 using namespace testing::ext;
27 using namespace OHOS;
28
29 namespace OHOS {
30 namespace Security {
31 namespace AccessToken {
32 namespace {
33 static std::string SHORT_TEMP_PERMISSION = "ohos.permission.SHORT_TERM_WRITE_IMAGEVIDEO";
34 static PermissionStatus g_permiState = {
35 .permissionName = SHORT_TEMP_PERMISSION,
36 .grantStatus = PermissionState::PERMISSION_DENIED,
37 .grantFlag = 1
38 };
39
40 static HapPolicy g_policyParams = {
41 .apl = APL_NORMAL,
42 .domain = "test.domain",
43 .permStateList = {g_permiState}
44 };
45
46 static HapInfoParams g_infoParms = {
47 .userID = 1,
48 .bundleName = "AccessTokenShortTimePermTest",
49 .instIndex = 0,
50 .appIDDesc = "test.bundle",
51 .isSystemApp = true
52 };
53 }
54
SetUpTestCase()55 void ShortGrantManagerTest::SetUpTestCase()
56 {
57 }
58
TearDownTestCase()59 void ShortGrantManagerTest::TearDownTestCase()
60 {
61 }
62
SetUp()63 void ShortGrantManagerTest::SetUp()
64 {
65 #ifdef EVENTHANDLER_ENABLE
66 ShortGrantManager::GetInstance().InitEventHandler();
67 #endif
68 }
69
TearDown()70 void ShortGrantManagerTest::TearDown()
71 {
72 }
73
74 /**
75 * @tc.name: RefreshPermission001
76 * @tc.desc: 1. The permission is granted when onceTime is not reached;
77 * 2. The permission is revoked after onceTime is reached.
78 * @tc.type: FUNC
79 * @tc.require:Issue Number
80 */
81 HWTEST_F(ShortGrantManagerTest, RefreshPermission001, TestSize.Level1)
82 {
83 AccessTokenIDEx tokenIdEx = {0};
84 int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoParms, g_policyParams, tokenIdEx);
85 ASSERT_EQ(RET_SUCCESS, ret);
86
87 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
88 ASSERT_NE(INVALID_TOKENID, tokenID);
89 uint32_t onceTime = 10;
90
91 ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, onceTime);
92 ASSERT_EQ(RET_SUCCESS, ret);
93
94 ASSERT_EQ(PERMISSION_GRANTED,
95 AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
96
97 sleep(onceTime + 1);
98 EXPECT_EQ(PERMISSION_DENIED,
99 AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
100
101 ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID);
102 ASSERT_EQ(RET_SUCCESS, ret);
103 }
104
105 /**
106 * @tc.name: RefreshPermission002
107 * @tc.desc: 1. set onceTime is equal to maxTime;
108 * 2. set onceTime is over maxTime.
109 * @tc.type: FUNC
110 * @tc.require:Issue Number
111 */
112 HWTEST_F(ShortGrantManagerTest, RefreshPermission002, TestSize.Level1)
113 {
114 const uint32_t maxTime = 10; // 10s
115 ShortGrantManager::GetInstance().maxTime_ = maxTime;
116 AccessTokenIDEx tokenIdEx = {0};
117 int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoParms, g_policyParams, tokenIdEx);
118 ASSERT_EQ(RET_SUCCESS, ret);
119
120 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
121 ASSERT_NE(INVALID_TOKENID, tokenID);
122
123 // onceTime = maxTime
124 ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, maxTime);
125 ASSERT_EQ(RET_SUCCESS, ret);
126
127 sleep(maxTime - 1);
128 ASSERT_EQ(PERMISSION_GRANTED,
129 AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
130
131 sleep(1 + 1);
132 ASSERT_EQ(PERMISSION_DENIED,
133 AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
134
135 // onceTime = maxTime + 1
136 ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, maxTime + 1);
137 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret);
138
139 sleep(maxTime + 2);
140 ASSERT_EQ(PERMISSION_DENIED,
141 AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
142
143 ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID);
144 ASSERT_EQ(RET_SUCCESS, ret);
145 }
146
147 /**
148 * @tc.name: RefreshPermission003
149 * @tc.desc: 1. remaminTime is less
150 * @tc.type: FUNC
151 * @tc.require:Issue Number
152 */
153 HWTEST_F(ShortGrantManagerTest, RefreshPermission003, TestSize.Level1)
154 {
155 const uint32_t maxTime = 10; // 10s
156 ShortGrantManager::GetInstance().maxTime_ = maxTime;
157 AccessTokenIDEx tokenIdEx = {0};
158 int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoParms, g_policyParams, tokenIdEx);
159 ASSERT_EQ(RET_SUCCESS, ret);
160
161 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
162 ASSERT_NE(INVALID_TOKENID, tokenID);
163
164 // first set 3s
165 uint32_t onceTime = 3;
166 ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, onceTime);
167 ASSERT_EQ(RET_SUCCESS, ret);
168
169 sleep(onceTime - 1);
170 ASSERT_EQ(PERMISSION_GRANTED,
171 AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
172
173 ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, onceTime);
174 ASSERT_EQ(RET_SUCCESS, ret);
175
176 // second set 3s
177 ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, onceTime);
178 ASSERT_EQ(RET_SUCCESS, ret);
179
180 sleep(onceTime - 1);
181 ASSERT_EQ(PERMISSION_GRANTED,
182 AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
183
184 // thirdth set 3s
185 ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, onceTime);
186 ASSERT_EQ(RET_SUCCESS, ret);
187
188 sleep(onceTime - 1);
189 ASSERT_EQ(PERMISSION_GRANTED,
190 AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
191
192 // fourth set 5s
193 ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, onceTime);
194 ASSERT_EQ(RET_SUCCESS, ret);
195
196 sleep(onceTime + 1);
197 ASSERT_EQ(PERMISSION_DENIED,
198 AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
199
200 ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID);
201 ASSERT_EQ(RET_SUCCESS, ret);
202 }
203
204 /**
205 * @tc.name: RefreshPermission004
206 * @tc.desc: 1. The permission is granted when onceTime is not reached;
207 * 2. The permission is revoked after app is stopped.
208 * @tc.type: FUNC
209 * @tc.require:Issue Number
210 */
211 HWTEST_F(ShortGrantManagerTest, RefreshPermission004, TestSize.Level1)
212 {
213 AccessTokenIDEx tokenIdEx = {0};
214 int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoParms, g_policyParams, tokenIdEx);
215 ASSERT_EQ(RET_SUCCESS, ret);
216
217 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
218 ASSERT_NE(INVALID_TOKENID, tokenID);
219 uint32_t onceTime = 10;
220
221 ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, onceTime);
222 ASSERT_EQ(RET_SUCCESS, ret);
223
224 ASSERT_EQ(PERMISSION_GRANTED,
225 AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
226
227 if (appStateObserver_ != nullptr) {
228 return;
229 }
230 appStateObserver_ = sptr<ShortPermAppStateObserver>::MakeSptr();
231 AppStateData appStateData;
232 appStateData.state = static_cast<int32_t>(ApplicationState::APP_STATE_TERMINATED);
233 appStateData.accessTokenId = tokenID;
234 appStateObserver_->OnAppStopped(appStateData);
235
236 EXPECT_EQ(PERMISSION_DENIED,
237 AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
238
239 ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID);
240 ASSERT_EQ(RET_SUCCESS, ret);
241 }
242 } // namespace AccessToken
243 } // namespace Security
244 } // namespace OHOS
245