1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <gtest/gtest.h>
17 #include <memory>
18 #include <string>
19 #include "accesstoken_info_manager.h"
20 #define private public
21 #include "accesstoken_manager_service.h"
22 #undef private
23
24 #define private public
25 #include "json_parse_loader.h"
26 #undef private
27
28 using namespace testing::ext;
29
30 namespace OHOS {
31 namespace Security {
32 namespace AccessToken {
33 class PrivacyParcelTest : public testing::Test {
34 public:
35 static void SetUpTestCase();
36 static void TearDownTestCase();
37
38 void SetUp();
39 void TearDown();
40
41 public:
42 std::shared_ptr<AccessTokenManagerService> atManagerService_;
43 };
44
SetUpTestCase()45 void PrivacyParcelTest::SetUpTestCase()
46 {
47 // delete all test 0x28100000 - 0x28100007
48 for (unsigned int i = 0x28100000; i <= 0x28100007; i++) {
49 AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(i);
50 }
51 }
TearDownTestCase()52 void PrivacyParcelTest::TearDownTestCase() {}
SetUp()53 void PrivacyParcelTest::SetUp()
54 {
55 atManagerService_ = DelayedSingleton<AccessTokenManagerService>::GetInstance();
56 EXPECT_NE(nullptr, atManagerService_);
57 }
TearDown()58 void PrivacyParcelTest::TearDown() {}
59
60 /*
61 * @tc.name: IsDirExsit001
62 * @tc.desc: IsDirExsit input param error
63 * @tc.type: FUNC
64 * @tc.require: issueI6024A
65 */
66 HWTEST_F(JsonParseTest, IsDirExsit001, TestSize.Level1)
67 {
68 ConfigPolicLoader loader;
69 EXPECT_FALSE(loader.IsDirExsit(""));
70 int32_t fd = open(TEST_JSON_PATH.c_str(), O_RDWR | O_CREAT);
71 EXPECT_NE(-1, fd);
72
73 EXPECT_FALSE(loader.IIsDirExsit(TEST_JSON_PATH.c_str()));
74 }
75
76 /**
77 * @tc.name: ParserNativeRawData001
78 * @tc.desc: Verify processing right native token json.
79 * @tc.type: FUNC
80 * @tc.require: Issue Number
81 */
82 HWTEST_F(JsonParseTest, ParserNativeRawData001, TestSize.Level1)
83 {
84 LOGI(ATM_DOMAIN, ATM_TAG, "test ParserNativeRawData001!");
85 std::string testStr = R"([)"\
86 R"({"processName":"process6","APL":3,"version":1,"tokenId":685266937,"tokenAttr":0,)"\
87 R"("dcaps":["AT_CAP","ST_CAP"], "permissions":[], "nativeAcls":[]},)"\
88 R"({"processName":"process5","APL":3,"version":1,"tokenId":678065606,"tokenAttr":0,)"\
89 R"("dcaps":["AT_CAP","ST_CAP"], "permissions":[], "nativeAcls":[]}])";
90
91 ConfigPolicLoader loader;
92 std::vector<NativeTokenInfoBase> tokenInfos;
93 loader.ParserNativeRawData(testStr, tokenInfos);
94 ASSERT_EQ(static_cast<uint32_t>(2), tokenInfos.size());
95
96 ASSERT_EQ("process6", tokenInfos[0].processName);
97 ASSERT_EQ(static_cast<AccessTokenID>(685266937), tokenInfos[0].tokenID);
98
99 ASSERT_EQ("process5", tokenInfos[1].processName);
100 ASSERT_EQ(static_cast<AccessTokenID>(678065606), tokenInfos[1].tokenID);
101 }
102
103 /**
104 * @tc.name: ParserNativeRawData002
105 * @tc.desc: Verify processing wrong native token json.
106 * @tc.type: FUNC
107 * @tc.require: Issue Number
108 */
109 HWTEST_F(JsonParseTest, ParserNativeRawData002, TestSize.Level1)
110 {
111 LOGI(ATM_DOMAIN, ATM_TAG, "test ParserNativeRawData002!");
112 std::string testStr = R"([{"processName":""}])";
113 std::vector<NativeTokenInfoBase> tokenInfos;
114
115 ConfigPolicLoader loader;
116 loader.ParserNativeRawData(testStr, tokenInfos);
117 ASSERT_EQ(static_cast<uint32_t>(0), tokenInfos.size());
118
119 std::string testStr1 = R"([{"processName":"", }])";
120 loader.ParserNativeRawData(testStr1, tokenInfos);
121 ASSERT_EQ(static_cast<uint32_t>(0), tokenInfos.size());
122
123 std::string testStr2 = R"([{"processName":"process6"}, {}])";
124 loader.ParserNativeRawData(testStr2, tokenInfos);
125 ASSERT_EQ(static_cast<uint32_t>(0), tokenInfos.size());
126
127 std::string testStr3 = R"([{"processName":""}, {"":"", ""}])";
128 loader.ParserNativeRawData(testStr3, tokenInfos);
129 ASSERT_EQ(static_cast<uint32_t>(0), tokenInfos.size());
130
131 std::string testStr4 = R"([{"processName":"process6", "tokenId":685266937, "APL":3, "version":new}])";
132 loader.ParserNativeRawData(testStr4, tokenInfos);
133 ASSERT_EQ(static_cast<uint32_t>(0), tokenInfos.size());
134
135 std::string testStr5 = R"([{"processName":"process6", "tokenId":685266937, "APL":7, "version":1}])";
136 loader.ParserNativeRawData(testStr5, tokenInfos);
137 ASSERT_EQ(static_cast<uint32_t>(0), tokenInfos.size());
138
139 std::string testStr6 =
140 R"({"NativeToken":[{"processName":"process6", "tokenId":685266937, "APL":7, "version":1}]})";
141 loader.ParserNativeRawData(testStr6, tokenInfos);
142 ASSERT_EQ(static_cast<uint32_t>(0), tokenInfos.size());
143
144 std::string testStr7 = R"({"NativeToken":[{"processName":"process6", "tokenId":685266937, "APL":7, "version":1}])";
145 loader.ParserNativeRawData(testStr7, tokenInfos);
146 ASSERT_EQ(static_cast<uint32_t>(0), tokenInfos.size());
147
148 std::string testStr8 = R"(["NativeToken":])";
149 loader.ParserNativeRawData(testStr8, tokenInfos);
150 ASSERT_EQ(static_cast<uint32_t>(0), tokenInfos.size());
151
152 std::string testStr9 = R"([)";
153 loader.ParserNativeRawData(testStr9, tokenInfos);
154 ASSERT_EQ(static_cast<uint32_t>(0), tokenInfos.size());
155 }
156
157 /**
158 * @tc.name: ParserNativeRawData003
159 * @tc.desc: Verify from json right case.
160 * @tc.type: FUNC
161 * @tc.require: Issue Number
162 */
163 HWTEST_F(JsonParseTest, ParserNativeRawData003, TestSize.Level1)
164 {
165 LOGI(ATM_DOMAIN, ATM_TAG, "test ParserNativeRawData003!");
166 std::string testStr = R"([)"\
167 R"({"processName":"process6","APL":APL_SYSTEM_CORE,"version":1,"tokenId":685266937,"tokenAttr":0,)"\
168 R"("dcaps":["AT_CAP","ST_CAP"],)"\
169 R"("permissions":["ohos.permission.PLACE_CALL"],)"\
170 R"("nativeAcls":["ohos.permission.PLACE_CALL"]})"\
171 R"(])";
172 ConfigPolicLoader loader;
173 std::vector<NativeTokenInfoBase> tokenInfos;
174 loader.ParserNativeRawData(testStr, tokenInfos);
175 ASSERT_EQ(static_cast<uint32_t>(1), tokenInfos.size());
176 ASSERT_EQ(native.tokenID, 685266937);
177 }
178
179 /**
180 * @tc.name: ParserNativeRawData004
181 * @tc.desc: Verify from json wrong case.
182 * @tc.type: FUNC
183 * @tc.require: Issue Number
184 */
185 HWTEST_F(JsonParseTest, ParserNativeRawData004, TestSize.Level1)
186 {
187 LOGI(ATM_DOMAIN, ATM_TAG, "test ParserNativeRawData004!");
188 // version wrong
189 std::string testStr = R"([)"\
190 R"({"processName":"process6","APL":APL_SYSTEM_CORE,"version":2,"tokenId":685266937,"tokenAttr":0,)"\
191 R"("dcaps":["AT_CAP","ST_CAP"]})"\
192 R"(])";
193 ConfigPolicLoader loader;
194 std::vector<NativeTokenInfoBase> tokenInfos;
195 loader.ParserNativeRawData(testStr, tokenInfos);
196 ASSERT_EQ(static_cast<uint32_t>(0), tokenInfos.size());
197
198 // APL wrong
199 testStr = R"([)"\
200 R"({"processName":"process6","APL":-1,"version":1,"tokenId":685266937,"tokenAttr":0,)"\
201 R"("dcaps":["AT_CAP","ST_CAP"]})"\
202 R"(])";
203 loader.ParserNativeRawData(testStr, tokenInfos);
204 ASSERT_EQ(static_cast<uint32_t>(0), tokenInfos.size());
205
206 // tokenId wrong
207 testStr = R"([)"\
208 R"({"processName":"process6","APL":APL_SYSTEM_BASIC,"version":1,"tokenId":0,"tokenAttr":0,)"\
209 R"("dcaps":["AT_CAP","ST_CAP"]})"\
210 R"(])";
211 loader.ParserNativeRawData(testStr, tokenInfos);
212 ASSERT_EQ(static_cast<uint32_t>(0), tokenInfos.size());
213
214 // process name empty
215 testStr = R"([)"\
216 R"({"processName":"","APL":APL_SYSTEM_BASIC,"version":1,"tokenId":685266937,"tokenAttr":0,)"\
217 R"("dcaps":["AT_CAP","ST_CAP"]})"\
218 R"(])";
219 loader.ParserNativeRawData(testStr, tokenInfos);
220 ASSERT_EQ(static_cast<uint32_t>(0), tokenInfos.size());
221
222 // process name too long
223 std::string name(512, 'c');
224 testStr = R"([)"\
225 R"({"processName":name,"APL":APL_SYSTEM_BASIC,"version":1,"tokenId":685266937,"tokenAttr":0,)"\
226 R"("dcaps":["AT_CAP","ST_CAP"]})"\
227 R"(])";
228 loader.ParserNativeRawData(testStr, tokenInfos);
229 ASSERT_EQ(static_cast<uint32_t>(0), tokenInfos.size());
230
231 // lose process name
232 testStr = R"([)"\
233 R"({"APL":APL_SYSTEM_BASIC,"version":1,"tokenId":685266937,"tokenAttr":0,)"\
234 R"("dcaps":["AT_CAP","ST_CAP"]})"\
235 R"(])";
236 loader.ParserNativeRawData(testStr, tokenInfos);
237 ASSERT_EQ(static_cast<uint32_t>(0), tokenInfos.size());
238 }
239
240 /**
241 * @tc.name: init001
242 * @tc.desc: test get native cfg
243 * @tc.type: FUNC
244 * @tc.require: Issue Number
245 */
246 HWTEST_F(JsonParseTest, init001, TestSize.Level1)
247 {
248 LOGI(ATM_DOMAIN, ATM_TAG, "test init001!");
249
250 const char *dcaps[1];
251 dcaps[0] = "AT_CAP_01";
252 int dcapNum = 1;
253 const char *perms[2];
254 perms[0] = "ohos.permission.test1";
255 perms[1] = "ohos.permission.test2";
256 NativeTokenInfoParams infoInstance = {
257 .dcapsNum = dcapNum,
258 .permsNum = 2,
259 .aclsNum = 0,
260 .dcaps = dcaps,
261 .perms = perms,
262 .acls = nullptr,
263 .processName = "native_token_test7",
264 .aplStr = "system_core",
265 };
266 uint64_t tokenId = ::GetAccessTokenId(&infoInstance);
267 ASSERT_NE(tokenId, INVALID_TOKENID);
268
269 atManagerService_->ReloadNativeTokenInfo();
270
271 NativeTokenInfoBase findInfo;
272 int ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(tokenId, findInfo);
273 ASSERT_EQ(ret, RET_SUCCESS);
274 ASSERT_EQ(findInfo.processName, infoInstance.processName);
275
276 ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(tokenId);
277 ASSERT_EQ(ret, RET_SUCCESS);
278 }
279
280 #ifdef SUPPORT_SANDBOX_APP
PrepareJsonData1()281 static void PrepareJsonData1()
282 {
283 std::string testStr = R"({"dlpPermissions":[)"\
284 R"({"name":"ohos.permission.CAPTURE_SCREEN","dlpGrantRange":"none"},)"\
285 R"({"name":"ohos.permission.CHANGE_ABILITY_ENABLED_STATE","dlpGrantRange":"all"},)"\
286 R"({"name":"ohos.permission.CLEAN_APPLICATION_DATA","dlpGrantRange":"full_control"}]})";
287
288 ConfigPolicLoader loader;
289 std::vector<PermissionDlpMode> dlpPerms;
290 loader.ParserDlpPermsRawData(testStr, permDefList);
291 for (auto iter = dlpPerms.begin(); iter != dlpPerms.end(); iter++) {
292 GTEST_LOG_(INFO) << "iter:" << iter->permissionName.c_str();
293 }
294 DlpPermissionSetManager::GetInstance().ProcessDlpPermInfos(dlpPerms);
295 }
296
297 /**
298 * @tc.name: DlpPermissionConfig001
299 * @tc.desc: test DLP_COMMON app with system_grant permissions.
300 * @tc.type: FUNC
301 * @tc.require: SR000GVIGR
302 */
303 HWTEST_F(PermissionManagerTest, DlpPermissionConfig001, TestSize.Level1)
304 {
305 PrepareJsonData1();
306
307 g_infoManagerTestStateA.permissionName = "ohos.permission.CAPTURE_SCREEN";
308 g_infoManagerTestStateB.permissionName = "ohos.permission.CHANGE_ABILITY_ENABLED_STATE";
309 g_infoManagerTestStateC.permissionName = "ohos.permission.CLEAN_APPLICATION_DATA";
310 g_infoManagerTestStateD.permissionName = "ohos.permission.COMMONEVENT_STICKY";
311
312 static HapPolicy infoManagerTestPolicyPrams = {
313 .apl = APL_NORMAL,
314 .domain = "test.domain1",
315 .permList = {},
316 .permStateList = {g_infoManagerTestStateA, g_infoManagerTestStateB,
317 g_infoManagerTestStateC, g_infoManagerTestStateD}
318 };
319 static HapInfoParams infoManagerTestInfoParms = {
320 .userID = 1,
321 .bundleName = "DlpPermissionConfig001",
322 .instIndex = 0,
323 .dlpType = DLP_COMMON,
324 .appIDDesc = "DlpPermissionConfig001"
325 };
326 AccessTokenIDEx tokenIdEx = {0};
327 int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms,
328 infoManagerTestPolicyPrams, tokenIdEx);
329 ASSERT_EQ(RET_SUCCESS, ret);
330 GTEST_LOG_(INFO) << "add a hap token";
331
332 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
333 ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(
334 tokenID, "ohos.permission.COMMONEVENT_STICKY");
335 ASSERT_EQ(PERMISSION_GRANTED, ret);
336 ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(
337 tokenID, "ohos.permission.CAPTURE_SCREEN");
338 ASSERT_EQ(PERMISSION_GRANTED, ret);
339 ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(
340 tokenID, "ohos.permission.CHANGE_ABILITY_ENABLED_STATE");
341 ASSERT_EQ(PERMISSION_GRANTED, ret);
342 ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(
343 tokenID, "ohos.permission.CLEAN_APPLICATION_DATA");
344 ASSERT_EQ(PERMISSION_GRANTED, ret);
345
346 ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID);
347 ASSERT_EQ(RET_SUCCESS, ret);
348 GTEST_LOG_(INFO) << "remove the token info";
349 }
350
351 /**
352 * @tc.name: DlpPermissionConfig002
353 * @tc.desc: test DLP_READ app with system_grant permissions.
354 * @tc.type: FUNC
355 * @tc.require: SR000GVIGR
356 */
357 HWTEST_F(PermissionManagerTest, DlpPermissionConfig002, TestSize.Level1)
358 {
359 PrepareJsonData1();
360
361 g_infoManagerTestStateA.permissionName = "ohos.permission.CAPTURE_SCREEN";
362 g_infoManagerTestStateB.permissionName = "ohos.permission.CHANGE_ABILITY_ENABLED_STATE";
363 g_infoManagerTestStateC.permissionName = "ohos.permission.CLEAN_APPLICATION_DATA";
364 g_infoManagerTestStateD.permissionName = "ohos.permission.COMMONEVENT_STICKY";
365
366 static HapPolicy infoManagerTestPolicyPrams = {
367 .apl = APL_NORMAL,
368 .domain = "test.domain2",
369 .permList = {},
370 .permStateList = {g_infoManagerTestStateA, g_infoManagerTestStateB,
371 g_infoManagerTestStateC, g_infoManagerTestStateD}
372 };
373 static HapInfoParams infoManagerTestInfoParms = {
374 .userID = 1,
375 .bundleName = "DlpPermissionConfig002",
376 .instIndex = 0,
377 .dlpType = DLP_READ,
378 .appIDDesc = "DlpPermissionConfig002"
379 };
380 AccessTokenIDEx tokenIdEx = {0};
381 int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms,
382 infoManagerTestPolicyPrams, tokenIdEx);
383 ASSERT_EQ(RET_SUCCESS, ret);
384 GTEST_LOG_(INFO) << "add a hap token";
385
386 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
387 ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(
388 tokenID, "ohos.permission.CAPTURE_SCREEN");
389 ASSERT_EQ(PERMISSION_DENIED, ret);
390 ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(
391 tokenID, "ohos.permission.COMMONEVENT_STICKY");
392 ASSERT_EQ(PERMISSION_GRANTED, ret);
393 ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(
394 tokenID, "ohos.permission.CHANGE_ABILITY_ENABLED_STATE");
395 ASSERT_EQ(PERMISSION_GRANTED, ret);
396 ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(
397 tokenID, "ohos.permission.CLEAN_APPLICATION_DATA");
398 ASSERT_EQ(PERMISSION_DENIED, ret);
399
400 ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID);
401 ASSERT_EQ(RET_SUCCESS, ret);
402 GTEST_LOG_(INFO) << "remove the token info";
403 }
404
405 /**
406 * @tc.name: DlpPermissionConfig003
407 * @tc.desc: test DLP_FULL_CONTROL app with system_grant permissions.
408 * @tc.type: FUNC
409 * @tc.require: SR000GVIGR
410 */
411 HWTEST_F(PermissionManagerTest, DlpPermissionConfig003, TestSize.Level1)
412 {
413 PrepareJsonData1();
414
415 g_infoManagerTestStateA.permissionName = "ohos.permission.CAPTURE_SCREEN";
416 g_infoManagerTestStateB.permissionName = "ohos.permission.CHANGE_ABILITY_ENABLED_STATE";
417 g_infoManagerTestStateC.permissionName = "ohos.permission.CLEAN_APPLICATION_DATA";
418 g_infoManagerTestStateD.permissionName = "ohos.permission.COMMONEVENT_STICKY";
419
420 static HapPolicy infoManagerTestPolicyPrams = {
421 .apl = APL_NORMAL,
422 .domain = "test.domain3",
423 .permList = {},
424 .permStateList = {g_infoManagerTestStateA, g_infoManagerTestStateB,
425 g_infoManagerTestStateC, g_infoManagerTestStateD}
426 };
427 static HapInfoParams infoManagerTestInfoParms = {
428 .userID = 1,
429 .bundleName = "DlpPermissionConfig003",
430 .instIndex = 0,
431 .dlpType = DLP_FULL_CONTROL,
432 .appIDDesc = "DlpPermissionConfig003"
433 };
434 AccessTokenIDEx tokenIdEx = {0};
435 int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms,
436 infoManagerTestPolicyPrams, tokenIdEx);
437 ASSERT_EQ(RET_SUCCESS, ret);
438 GTEST_LOG_(INFO) << "add a hap token";
439
440 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
441 ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(
442 tokenID, "ohos.permission.CLEAN_APPLICATION_DATA");
443 ASSERT_EQ(PERMISSION_GRANTED, ret);
444 ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(
445 tokenID, "ohos.permission.COMMONEVENT_STICKY");
446 ASSERT_EQ(PERMISSION_GRANTED, ret);
447 ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(
448 tokenID, "ohos.permission.CAPTURE_SCREEN");
449 ASSERT_EQ(PERMISSION_DENIED, ret);
450 ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(
451 tokenID, "ohos.permission.CHANGE_ABILITY_ENABLED_STATE");
452 ASSERT_EQ(PERMISSION_GRANTED, ret);
453 ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID);
454 ASSERT_EQ(RET_SUCCESS, ret);
455 GTEST_LOG_(INFO) << "remove the token info";
456 }
457
PrepareUserPermState()458 static void PrepareUserPermState()
459 {
460 g_infoManagerTestStateA.permissionName = "ohos.permission.MEDIA_LOCATION";
461 g_infoManagerTestStateA.grantStatus = PERMISSION_DENIED;
462 g_infoManagerTestStateB.permissionName = "ohos.permission.MICROPHONE";
463 g_infoManagerTestStateB.grantStatus = PERMISSION_DENIED;
464 g_infoManagerTestStateC.permissionName = "ohos.permission.READ_CALENDAR";
465 g_infoManagerTestStateC.grantStatus = PERMISSION_DENIED;
466 g_infoManagerTestStateD.permissionName = "ohos.permission.READ_CALL_LOG";
467 g_infoManagerTestStateD.grantStatus = PERMISSION_DENIED;
468 }
469
PrepareJsonData2()470 static void PrepareJsonData2()
471 {
472 std::string testStr = R"({"dlpPermissions":[)"\
473 R"({"name":"ohos.permission.MEDIA_LOCATION","dlpGrantRange":"none"},)"\
474 R"({"name":"ohos.permission.MICROPHONE","dlpGrantRange":"all"},)"\
475 R"({"name":"ohos.permission.READ_CALENDAR","dlpGrantRange":"full_control"}]})";
476
477 ConfigPolicLoader loader;
478 std::vector<PermissionDlpMode> dlpPerms;
479 if (!loader.ParserDlpPermsRawData(testStr, permDefList)) {
480 GTEST_LOG_(INFO) << "ParserDlpPermsRawData failed.";
481 }
482 DlpPermissionSetManager::GetInstance().ProcessDlpPermInfos(dlpPermissions);
483 }
484
485 /**
486 * @tc.name: DlpPermissionConfig004
487 * @tc.desc: test DLP_COMMON app with user_grant permissions.
488 * @tc.type: FUNC
489 * @tc.require: SR000GVIGR
490 */
491 HWTEST_F(PermissionManagerTest, DlpPermissionConfig004, TestSize.Level1)
492 {
493 PrepareJsonData2();
494 PrepareUserPermState();
495
496 static HapPolicy infoManagerTestPolicyPrams = {
497 .apl = APL_NORMAL,
498 .domain = "test.domain4",
499 .permList = {g_infoManagerPermDef1, g_infoManagerPermDef2,
500 g_infoManagerPermDef3, g_infoManagerPermDef4},
501 .permStateList = {g_infoManagerTestStateA, g_infoManagerTestStateB,
502 g_infoManagerTestStateC, g_infoManagerTestStateD}
503 };
504 static HapInfoParams infoManagerTestInfoParms = {
505 .userID = 1,
506 .bundleName = "DlpPermissionConfig004",
507 .instIndex = 0,
508 .dlpType = DLP_COMMON,
509 .appIDDesc = "DlpPermissionConfig004"
510 };
511 AccessTokenIDEx tokenIdEx = {0};
512 int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms,
513 infoManagerTestPolicyPrams, tokenIdEx);
514 ASSERT_EQ(RET_SUCCESS, ret);
515 GTEST_LOG_(INFO) << "add a hap token";
516
517 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
518
519 PermissionManager::GetInstance().GrantPermission(tokenID,
520 "ohos.permission.MEDIA_LOCATION", PERMISSION_USER_FIXED);
521 PermissionManager::GetInstance().GrantPermission(tokenID,
522 "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED);
523 PermissionManager::GetInstance().GrantPermission(tokenID,
524 "ohos.permission.READ_CALENDAR", PERMISSION_USER_FIXED);
525 ASSERT_EQ(RET_SUCCESS, ret);
526 PermissionManager::GetInstance().GrantPermission(tokenID,
527 "ohos.permission.READ_CALL_LOG", PERMISSION_USER_FIXED);
528
529 ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.MEDIA_LOCATION");
530 ASSERT_EQ(PERMISSION_GRANTED, ret);
531 ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE");
532 ASSERT_EQ(PERMISSION_GRANTED, ret);
533 ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.READ_CALENDAR");
534 ASSERT_EQ(PERMISSION_GRANTED, ret);
535 ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.READ_CALL_LOG");
536 ASSERT_EQ(PERMISSION_GRANTED, ret);
537
538 ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID);
539 ASSERT_EQ(RET_SUCCESS, ret);
540 GTEST_LOG_(INFO) << "remove the token info";
541 }
542
543 /**
544 * @tc.name: DlpPermissionConfig005
545 * @tc.desc: test DLP_READ app with user_grant permissions.
546 * @tc.type: FUNC
547 * @tc.require: SR000GVIGR
548 */
549 HWTEST_F(PermissionManagerTest, DlpPermissionConfig005, TestSize.Level1)
550 {
551 PrepareJsonData2();
552 PrepareUserPermState();
553
554 static HapPolicy infoManagerTestPolicyPrams = {
555 .apl = APL_NORMAL,
556 .domain = "test.domain5",
557 .permList = {g_infoManagerPermDef1, g_infoManagerPermDef2,
558 g_infoManagerPermDef3, g_infoManagerPermDef4},
559 .permStateList = {g_infoManagerTestStateA, g_infoManagerTestStateB,
560 g_infoManagerTestStateC, g_infoManagerTestStateD}
561 };
562 static HapInfoParams infoManagerTestInfoParms = {
563 .userID = 1,
564 .bundleName = "DlpPermissionConfig005",
565 .instIndex = 0,
566 .dlpType = DLP_READ,
567 .appIDDesc = "DlpPermissionConfig005"
568 };
569 AccessTokenIDEx tokenIdEx = {0};
570 int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms,
571 infoManagerTestPolicyPrams, tokenIdEx);
572 ASSERT_EQ(RET_SUCCESS, ret);
573 GTEST_LOG_(INFO) << "add a hap token";
574
575 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
576
577 PermissionManager::GetInstance().GrantPermission(tokenID,
578 "ohos.permission.READ_CALENDAR", PERMISSION_USER_FIXED);
579 PermissionManager::GetInstance().GrantPermission(tokenID,
580 "ohos.permission.READ_CALL_LOG", PERMISSION_USER_FIXED);
581 PermissionManager::GetInstance().GrantPermission(tokenID,
582 "ohos.permission.MEDIA_LOCATION", PERMISSION_USER_FIXED);
583 PermissionManager::GetInstance().GrantPermission(tokenID,
584 "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED);
585
586 ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.READ_CALENDAR");
587 ASSERT_EQ(PERMISSION_DENIED, ret);
588 ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.READ_CALL_LOG");
589 ASSERT_EQ(PERMISSION_GRANTED, ret);
590 ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.MEDIA_LOCATION");
591 ASSERT_EQ(PERMISSION_DENIED, ret);
592 ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE");
593 ASSERT_EQ(PERMISSION_GRANTED, ret);
594
595 ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID);
596 ASSERT_EQ(RET_SUCCESS, ret);
597 GTEST_LOG_(INFO) << "remove the token info";
598 }
599
600 /**
601 * @tc.name: DlpPermissionConfig006
602 * @tc.desc: test DLP_FULL_CONTROL app with user_grant permissions.
603 * @tc.type: FUNC
604 * @tc.require:
605 */
606 HWTEST_F(PermissionManagerTest, DlpPermissionConfig006, TestSize.Level1)
607 {
608 PrepareJsonData2();
609 PrepareUserPermState();
610
611 static HapPolicy infoManagerTestPolicyPrams = {
612 .apl = APL_NORMAL,
613 .domain = "test.domain6",
614 .permList = {g_infoManagerPermDef1, g_infoManagerPermDef2,
615 g_infoManagerPermDef3, g_infoManagerPermDef4},
616 .permStateList = {g_infoManagerTestStateA, g_infoManagerTestStateB,
617 g_infoManagerTestStateC, g_infoManagerTestStateD}
618 };
619 static HapInfoParams infoManagerTestInfoParms = {
620 .userID = 1,
621 .bundleName = "DlpPermissionConfig006",
622 .instIndex = 0,
623 .dlpType = DLP_FULL_CONTROL,
624 .appIDDesc = "DlpPermissionConfig006"
625 };
626 AccessTokenIDEx tokenIdEx = {0};
627 int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms,
628 infoManagerTestPolicyPrams, tokenIdEx);
629 ASSERT_EQ(RET_SUCCESS, ret);
630 GTEST_LOG_(INFO) << "add a hap token";
631
632 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
633
634 PermissionManager::GetInstance().GrantPermission(tokenID,
635 "ohos.permission.READ_CALENDAR", PERMISSION_USER_FIXED);
636 PermissionManager::GetInstance().GrantPermission(tokenID,
637 "ohos.permission.MEDIA_LOCATION", PERMISSION_USER_FIXED);
638 PermissionManager::GetInstance().GrantPermission(tokenID,
639 "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED);
640 PermissionManager::GetInstance().GrantPermission(tokenID,
641 "ohos.permission.READ_CALL_LOG", PERMISSION_USER_FIXED);
642
643 ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.READ_CALENDAR");
644 ASSERT_EQ(PERMISSION_GRANTED, ret);
645 ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.MEDIA_LOCATION");
646 ASSERT_EQ(PERMISSION_DENIED, ret);
647 ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE");
648 ASSERT_EQ(PERMISSION_GRANTED, ret);
649 ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.READ_CALL_LOG");
650 ASSERT_EQ(PERMISSION_GRANTED, ret);
651
652 ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID);
653 ASSERT_EQ(RET_SUCCESS, ret);
654 GTEST_LOG_(INFO) << "remove the token info";
655 }
656 #endif
657 } // namespace AccessToken
658 } // namespace Security
659 } // namespace OHOS
660