1 /*
2 * Copyright (C) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include <gtest/gtest.h>
16 #include <string>
17
18 #include "access_token.h"
19 #include "accesstoken_kit.h"
20 #include "data_share_permission.h"
21 #include "datashare_errno.h"
22 #include "datashare_log.h"
23 #include "errors.h"
24 #include "token_setproc.h"
25 #include "uri.h"
26
27 namespace OHOS {
28 namespace DataShare {
29 using namespace testing::ext;
30 using namespace OHOS::Security::AccessToken;
31 static int USER_100 = 100;
32 static const std::string EMPTY_URI = "";
33 static const std::string PROXY_ERROR_BUNDLE_URI = "datashareproxy://com.acts.datasharetest.error/test";
34 static const std::string URI_DIFF_PROXY_DATA = "datashareproxy://com.acts.datasharetest/test/error";
35 static const std::string PROXY_URI_OK = "datashareproxy://com.acts.datasharetest/test";
36 static const std::string PROXY_URI_HAVA_QUERY = "datashareproxy://com.acts.datasharetest/test?table=user&key=zhangsan";
37 static const std::string DATA_SHARE_ERROR_BUNDLE_URI = "datashare:///error.bundle.name/test";
38 static const std::string DATA_SHARE_URI = "datashareproxy://com.acts.datasharetest/readtest";
39 static const std::string DATA_SHARE_WRITEURI = "datashareproxy://com.acts.datasharetest/permissiontest/permission";
40 static const std::string DATA_SHARE_EXTENSION_URI = "datashare:///com.acts.datasharetest";
41 static const std::string DATA_SHARE_SELF_URI = "datashareproxy://ohos.datashareclienttest.demo";
42
43 class PermissionTest : public testing::Test {
44 public:
45 static void SetUpTestCase(void);
46 static void TearDownTestCase(void);
47 void SetUp();
48 void TearDown();
49 };
50
SetUpTestCase(void)51 void PermissionTest::SetUpTestCase(void)
52 {
53 LOG_INFO("SetUpTestCase invoked");
54 int sleepTime = 3;
55 sleep(sleepTime);
56 HapInfoParams info = {
57 .userID = USER_100,
58 .bundleName = "ohos.datashareclienttest.demo",
59 .instIndex = 0,
60 .isSystemApp = true,
61 .apiVersion = 8,
62 .appIDDesc = "ohos.datashareclienttest.demo"
63 };
64 HapPolicyParams policy = {
65 .apl = APL_SYSTEM_CORE,
66 .domain = "test.domain",
67 .permStateList = {
68 {
69 .permissionName = "ohos.permission.GET_BUNDLE_INFO",
70 .isGeneral = true,
71 .resDeviceID = { "local" },
72 .grantStatus = { PermissionState::PERMISSION_GRANTED },
73 .grantFlags = { 1 }
74 },
75 {
76 .permissionName = "ohos.permission.READ_CONTACTS",
77 .isGeneral = true,
78 .resDeviceID = { "local" },
79 .grantStatus = { PermissionState::PERMISSION_GRANTED },
80 .grantFlags = { 1 }
81 },
82 {
83 .permissionName = "ohos.permission.WRITE_CALL_LOG",
84 .isGeneral = true,
85 .resDeviceID = { "local" },
86 .grantStatus = { PermissionState::PERMISSION_GRANTED },
87 .grantFlags = { 1 }
88 }
89 }
90 };
91 AccessTokenKit::AllocHapToken(info, policy);
92 auto testTokenId = Security::AccessToken::AccessTokenKit::GetHapTokenIDEx(
93 info.userID, info.bundleName, info.instIndex);
94 SetSelfTokenID(testTokenId.tokenIDEx);
95 LOG_INFO("SetUpTestCase end");
96 }
97
TearDownTestCase(void)98 void PermissionTest::TearDownTestCase(void)
99 {
100 auto tokenId = AccessTokenKit::GetHapTokenIDEx(USER_100, "ohos.datashareclienttest.demo", 0);
101 AccessTokenKit::DeleteToken(tokenId.tokenIDEx);
102 }
103
SetUp(void)104 void PermissionTest::SetUp(void) {}
TearDown(void)105 void PermissionTest::TearDown(void) {}
106
107 /**
108 * @tc.name: PermissionTest_Uri_Empty_Test_001
109 * @tc.desc: Verify permission check with empty URI returns error
110 * @tc.type: FUNC
111 * @tc.require: None
112 * @tc.precon: None
113 * @tc.step:
114 1. Create empty URI object
115 2. Call VerifyPermission with empty URI and read operation
116 3. Check returned error code
117 * @tc.experct: VerifyPermission returns ERR_INVALID_VALUE
118 */
119 HWTEST_F(PermissionTest, PermissionTest_Uri_Empty_Test_001, TestSize.Level0)
120 {
121 LOG_INFO("PermissionTest_Uri_Scheme_Error_Test_001::Start");
122 auto tokenId = AccessTokenKit::GetHapTokenIDEx(USER_100, "ohos.datashareclienttest.demo", 0);
123 Uri uri(EMPTY_URI);
124 auto ret = DataShare::DataSharePermission::VerifyPermission(tokenId.tokenIDEx, uri, true);
125 EXPECT_EQ(ret, ERR_INVALID_VALUE);
126 LOG_INFO("PermissionTest_Uri_Scheme_Error_Test_001::End");
127 }
128
129 /**
130 * @tc.name: PermissionTest_Bundle_Name_Error_Test_001
131 * @tc.desc: Verify permission check with invalid bundle name in URI returns error
132 * @tc.type: FUNC
133 * @tc.require: None
134 * @tc.precon: None
135 * @tc.step:
136 1. Create URI with invalid bundle name
137 2. Call VerifyPermission with this URI and read operation
138 3. Check returned error code
139 * @tc.experct: VerifyPermission returns E_BUNDLE_NAME_NOT_EXIST
140 */
141 HWTEST_F(PermissionTest, PermissionTest_Bundle_Name_Error_Test_001, TestSize.Level0)
142 {
143 LOG_INFO("PermissionTest_Bundle_Name_Error_Test_001::Start");
144 auto tokenId = AccessTokenKit::GetHapTokenIDEx(USER_100, "ohos.datashareclienttest.demo", 0);
145 Uri uri(PROXY_ERROR_BUNDLE_URI);
146 auto ret = DataShare::DataSharePermission::VerifyPermission(tokenId.tokenIDEx, uri, true);
147 EXPECT_EQ(ret, E_BUNDLE_NAME_NOT_EXIST);
148 LOG_INFO("PermissionTest_Bundle_Name_Error_Test_001::End");
149 }
150
151 /**
152 * @tc.name: PermissionTest_Uri_Diff_ProxyData_Test_001
153 * @tc.desc: Verify permission check with non-existent proxy data URI returns error
154 * @tc.type: FUNC
155 * @tc.require: None
156 * @tc.precon: None
157 * @tc.step:
158 1. Create URI pointing to non-existent proxy data
159 2. Call VerifyPermission with this URI and read operation
160 3. Check returned error code
161 * @tc.experct: VerifyPermission returns E_URI_NOT_EXIST
162 */
163 HWTEST_F(PermissionTest, PermissionTest_Uri_Diff_ProxyData_Test_001, TestSize.Level1)
164 {
165 LOG_INFO("PermissionTest_Uri_Diff_ProxyData_Test_001::Start");
166 auto tokenId = AccessTokenKit::GetHapTokenIDEx(USER_100, "ohos.datashareclienttest.demo", 0);
167 Uri uri(URI_DIFF_PROXY_DATA);
168 auto ret = DataShare::DataSharePermission::VerifyPermission(tokenId.tokenIDEx, uri, true);
169 EXPECT_EQ(ret, E_OK);
170 LOG_INFO("PermissionTest_Uri_Diff_ProxyData_Test_001::End");
171 }
172
173 /**
174 * @tc.name: PermissionTest_ProxyUri_OK_Test_001
175 * @tc.desc: Verify permission check with valid proxy URI for read operation succeeds
176 * @tc.type: FUNC
177 * @tc.require: None
178 * @tc.precon: None
179 * @tc.step:
180 1. Create valid proxy URI
181 2. Call VerifyPermission with this URI and read operation
182 3. Check returned error code
183 * @tc.experct: VerifyPermission returns E_OK
184 */
185 HWTEST_F(PermissionTest, PermissionTest_ProxyUri_OK_Test_001, TestSize.Level1)
186 {
187 LOG_INFO("PermissionTest_ProxyUri_OK_Test_001::Start");
188 auto tokenId = AccessTokenKit::GetHapTokenIDEx(USER_100, "ohos.datashareclienttest.demo", 0);
189 Uri uri(PROXY_URI_OK);
190 auto ret = DataShare::DataSharePermission::VerifyPermission(tokenId.tokenIDEx, uri, true);
191 EXPECT_EQ(ret, E_OK);
192 LOG_INFO("PermissionTest_ProxyUri_OK_Test_001::End");
193 }
194
195 /**
196 * @tc.name: PermissionTest_ProxyUri_OK_Write_Permission_Error_Test_001
197 * @tc.desc: Verify permission check with valid proxy URI for write operation without permission fails
198 * @tc.type: FUNC
199 * @tc.require: None
200 * @tc.precon: None
201 * @tc.step:
202 1. Create valid proxy URI
203 2. Call VerifyPermission with this URI and write operation
204 3. Check returned error code
205 * @tc.experct: VerifyPermission returns ERR_PERMISSION_DENIED
206 */
207 HWTEST_F(PermissionTest, PermissionTest_ProxyUri_OK_Write_Permission_Error_Test_001, TestSize.Level1)
208 {
209 LOG_INFO("PermissionTest_ProxyUri_OK_Write_Permission_Error_Test_001::Start");
210 auto tokenId = AccessTokenKit::GetHapTokenIDEx(USER_100, "ohos.datashareclienttest.demo", 0);
211 Uri uri(PROXY_URI_OK);
212 // isRead is false, verify write permission
213 auto ret = DataShare::DataSharePermission::VerifyPermission(tokenId.tokenIDEx, uri, false);
214 EXPECT_EQ(ret, ERR_PERMISSION_DENIED);
215 LOG_INFO("PermissionTest_ProxyUri_OK_Write_Permission_Error_Test_001::End");
216 }
217
218 /**
219 * @tc.name: PermissionTest_Error_Bundle_Name_Test_001
220 * @tc.desc: Verify permission check with invalid bundle name in datashare URI returns error
221 * @tc.type: FUNC
222 * @tc.require: None
223 * @tc.precon: None
224 * @tc.step:
225 1. Create datashare URI with invalid bundle name
226 2. Call VerifyPermission with this URI and read operation
227 3. Check returned error code
228 * @tc.experct: VerifyPermission returns E_BUNDLE_NAME_NOT_EXIST
229 */
230 HWTEST_F(PermissionTest, PermissionTest_Error_Bundle_Name_Test_001, TestSize.Level0)
231 {
232 LOG_INFO("PermissionTest_Error_Bundle_Name_Test_001::Start");
233 auto tokenId = AccessTokenKit::GetHapTokenIDEx(USER_100, "ohos.datashareclienttest.demo", 0);
234 Uri uri(DATA_SHARE_ERROR_BUNDLE_URI);
235 auto ret = DataShare::DataSharePermission::VerifyPermission(tokenId.tokenIDEx, uri, true);
236 EXPECT_EQ(ret, E_BUNDLE_NAME_NOT_EXIST);
237 LOG_INFO("PermissionTest_Error_Bundle_Name_Test_001::End");
238 }
239
240 /**
241 * @tc.name: PermissionTest_No_Read_Permission_Test_001
242 * @tc.desc: Verify permission check for read operation without required permission fails
243 * @tc.type: FUNC
244 * @tc.require: None
245 * @tc.precon: None
246 * @tc.step:
247 1. Create valid datashare URI requiring specific read permission
248 2. Call VerifyPermission with this URI and read operation
249 3. Check returned error code
250 * @tc.experct: VerifyPermission returns ERR_PERMISSION_DENIED
251 */
252 HWTEST_F(PermissionTest, PermissionTest_No_Read_Permission_Test_001, TestSize.Level1)
253 {
254 LOG_INFO("PermissionTest_No_Read_Permission_Test_001::Start");
255 auto tokenId = AccessTokenKit::GetHapTokenIDEx(USER_100, "ohos.datashareclienttest.demo", 0);
256 Uri uri(DATA_SHARE_URI);
257 // proxyData requiredReadPermission is ohos.permission.READ_CALL_LOG
258 auto ret = DataShare::DataSharePermission::VerifyPermission(tokenId.tokenIDEx, uri, true);
259 EXPECT_EQ(ret, ERR_PERMISSION_DENIED);
260 LOG_INFO("PermissionTest_No_Read_Permission_Test_001::End");
261 }
262
263 /**
264 * @tc.name: PermissionTest_Have_Write_Permission_Test_001
265 * @tc.desc: Verify permission check for write operation with required permission succeeds
266 * @tc.type: FUNC
267 * @tc.require: None
268 * @tc.precon: None
269 * @tc.step:
270 1. Create valid datashare URI requiring specific write permission
271 2. Call VerifyPermission with this URI and write operation
272 3. Check returned error code
273 * @tc.experct: VerifyPermission returns E_OK
274 */
275 HWTEST_F(PermissionTest, PermissionTest_Have_Write_Permission_Test_001, TestSize.Level1)
276 {
277 LOG_INFO("PermissionTest_HAVA_WRITE_PERMISSION_Test_001::Start");
278 auto tokenId = AccessTokenKit::GetHapTokenIDEx(USER_100, "ohos.datashareclienttest.demo", 0);
279 Uri uri(DATA_SHARE_WRITEURI);
280 // proxyData requiredWritePermission is ohos.permission.WRITE_CALL_LOG
281 auto ret = DataShare::DataSharePermission::VerifyPermission(tokenId.tokenIDEx, uri, false);
282 EXPECT_EQ(ret, E_OK);
283 LOG_INFO("PermissionTest_HAVA_WRITE_PERMISSION_Test_001::End");
284 }
285
286 /**
287 * @tc.name: PermissionTest_Empty_Read_Permission_Test_001
288 * @tc.desc: Verify permission check for read operation with unconfigured read permission fails
289 * @tc.type: FUNC
290 * @tc.require: None
291 * @tc.precon: None
292 * @tc.step:
293 1. Create datashare URI with unconfigured read permission
294 2. Call VerifyPermission with this URI and read operation
295 3. Check returned error code
296 * @tc.experct: VerifyPermission returns ERR_PERMISSION_DENIED
297 */
298 HWTEST_F(PermissionTest, PermissionTest_Empty_Read_Permission_Test_001, TestSize.Level1)
299 {
300 LOG_INFO("PermissionTest_Empty_Read_Permission_Test_001::Start");
301 auto tokenId = AccessTokenKit::GetHapTokenIDEx(USER_100, "ohos.datashareclienttest.demo", 0);
302 Uri uri(DATA_SHARE_WRITEURI);
303 // proxyData not config requiredReadPermission
304 auto ret = DataShare::DataSharePermission::VerifyPermission(tokenId.tokenIDEx, uri, true);
305 EXPECT_EQ(ret, ERR_PERMISSION_DENIED);
306 LOG_INFO("PermissionTest_Empty_Read_Permission_Test_001::End");
307 }
308
309 /**
310 * @tc.name: PermissionTest_Empty_Write_Permission_Test_001
311 * @tc.desc: Verify permission check for write operation with unconfigured write permission fails
312 * @tc.type: FUNC
313 * @tc.require: None
314 * @tc.precon: None
315 * @tc.step:
316 1. Create datashare URI with unconfigured write permission
317 2. Call VerifyPermission with this URI and write operation
318 3. Check returned error code
319 * @tc.expected: VerifyPermission returns ERR_PERMISSION_DENIED
320 */
321 HWTEST_F(PermissionTest, PermissionTest_Empty_Write_Permission_Test_001, TestSize.Level1)
322 {
323 LOG_INFO("PermissionTest_Empty_Write_Permission_Test_001::Start");
324 auto tokenId = AccessTokenKit::GetHapTokenIDEx(USER_100, "ohos.datashareclienttest.demo", 0);
325 Uri uri(DATA_SHARE_URI);
326 // proxyData not config requiredWritePermission
327 auto ret = DataShare::DataSharePermission::VerifyPermission(tokenId.tokenIDEx, uri, false);
328 EXPECT_EQ(ret, ERR_PERMISSION_DENIED);
329 LOG_INFO("PermissionTest_Empty_Write_Permission_Test_001::End");
330 }
331
332 /**
333 * @tc.name: PermissionTest_Have_Query_Param_001
334 * @tc.desc: Verify permission check with URI containing query parameters succeeds
335 * @tc.type: FUNC
336 * @tc.require: None
337 * @tc.precon: None
338 * @tc.step:
339 1. Create valid proxy URI with query parameters
340 2. Call VerifyPermission with this URI and read operation
341 3. Check returned error code
342 * @tc.expected: VerifyPermission returns E_OK
343 */
344 HWTEST_F(PermissionTest, PermissionTest_Have_Query_Param_001, TestSize.Level1)
345 {
346 LOG_INFO("PermissionTest_Have_Query_Param_001::Start");
347 auto tokenId = AccessTokenKit::GetHapTokenIDEx(USER_100, "ohos.datashareclienttest.demo", 0);
348 Uri uri(PROXY_URI_HAVA_QUERY);
349 auto ret = DataShare::DataSharePermission::VerifyPermission(tokenId.tokenIDEx, uri, true);
350 EXPECT_EQ(ret, E_OK);
351 LOG_INFO("PermissionTest_Have_Query_Param_001::End");
352 }
353
354 HWTEST_F(PermissionTest, PermissionTest_DataObs_GetUriPermission_Uri_Empty_Test_001, TestSize.Level0)
355 {
356 LOG_INFO("PermissionTest_DataObs_GetUriPermission_Uri_Empty_Test_001::Start");
357 Uri uri(EMPTY_URI);
358 auto [ret, permission] = DataShare::DataSharePermission::GetUriPermission(uri, USER_100, true, false);
359 EXPECT_EQ(ret, E_EMPTY_URI);
360 LOG_INFO("PermissionTest_DataObs_GetUriPermission_Uri_Empty_Test_001::End");
361 }
362
363 HWTEST_F(PermissionTest, PermissionTest_DataObs_GetUriPermission_Uri_Error_Test_001, TestSize.Level0)
364 {
365 LOG_INFO("PermissionTest_DataObs_GetUriPermission_Uri_Error_Test_001::Start");
366 Uri uri(PROXY_ERROR_BUNDLE_URI);
367 auto [ret, permission] = DataShare::DataSharePermission::GetUriPermission(uri, USER_100, true, false);
368 EXPECT_EQ(ret, E_BUNDLE_NAME_NOT_EXIST);
369 LOG_INFO("PermissionTest_DataObs_GetUriPermission_Uri_Error_Test_001::End");
370 }
371
372 HWTEST_F(PermissionTest, PermissionTest_DataObs_GetUriPermission_Uri_OK_Test_001, TestSize.Level1)
373 {
374 LOG_INFO("PermissionTest_DataObs_GetUriPermission_Uri_OK_Test_001::Start");
375 Uri uri(PROXY_URI_OK);
376 auto [ret, permission] = DataShare::DataSharePermission::GetUriPermission(uri, USER_100, true, false);
377 EXPECT_EQ(ret, E_OK);
378 EXPECT_EQ(permission, "ohos.permission.GET_BUNDLE_INFO");
379 LOG_INFO("PermissionTest_DataObs_GetUriPermission_Uri_OK_Test_001::End");
380 }
381
382 HWTEST_F(PermissionTest, PermissionTest_DataObs_GetUriPermission_Uri_OK_Test_002, TestSize.Level1)
383 {
384 LOG_INFO("PermissionTest_DataObs_GetUriPermission_Uri_OK_Test_002::Start");
385 Uri uri(PROXY_URI_OK);
386 auto [ret, permission] = DataShare::DataSharePermission::GetUriPermission(uri, USER_100, false, false);
387 EXPECT_EQ(ret, E_OK);
388 EXPECT_EQ(permission, "ohos.permission.WRITE_CONTACTS");
389 LOG_INFO("PermissionTest_DataObs_GetUriPermission_Uri_OK_Test_002::End");
390 }
391
392 HWTEST_F(PermissionTest, PermissionTest_DataObs_GetUriPermission_Uri_OK_Test_003, TestSize.Level1)
393 {
394 LOG_INFO("PermissionTest_DataObs_GetUriPermission_Uri_OK_Test_003::Start");
395 Uri uri(DATA_SHARE_EXTENSION_URI);
396 auto [ret, permission] = DataShare::DataSharePermission::GetUriPermission(uri, USER_100, true, true);
397 EXPECT_EQ(ret, E_OK);
398 EXPECT_EQ(permission, "");
399 LOG_INFO("PermissionTest_DataObs_GetUriPermission_Uri_OK_Test_003::End");
400 }
401
402 HWTEST_F(PermissionTest, PermissionTest_DataObs_GetUriPermission_Uri_OK_Test_004, TestSize.Level1)
403 {
404 LOG_INFO("PermissionTest_DataObs_GetUriPermission_Uri_OK_Test_004::Start");
405 Uri uri(DATA_SHARE_EXTENSION_URI);
406 auto [ret, permission] = DataShare::DataSharePermission::GetUriPermission(uri, USER_100, false, true);
407 EXPECT_EQ(ret, E_OK);
408 EXPECT_EQ(permission, "");
409 LOG_INFO("PermissionTest_DataObs_GetUriPermission_Uri_OK_Test_004::End");
410 }
411
412 HWTEST_F(PermissionTest, PermissionTest_DataObs_VerifyPermission_Test_001, TestSize.Level1)
413 {
414 LOG_INFO("PermissionTest_DataObs_VerifyPermission_Test_001::Start");
415 auto tokenId = AccessTokenKit::GetHapTokenIDEx(USER_100, "ohos.datashareclienttest.demo", 0);
416 Uri uri(PROXY_URI_OK);
417 std::string permission = "ohos.permission.GET_BUNDLE_INFO";
418 auto ret = DataShare::DataSharePermission::VerifyPermission(uri, tokenId.tokenIDEx, permission, true);
419 EXPECT_EQ(ret, true);
420 LOG_INFO("PermissionTest_DataObs_VerifyPermission_Test_001::End");
421 }
422
423 HWTEST_F(PermissionTest, PermissionTest_DataObs_VerifyPermission_Test_002, TestSize.Level1)
424 {
425 LOG_INFO("PermissionTest_DataObs_VerifyPermission_Test_002::Start");
426 auto tokenId = AccessTokenKit::GetHapTokenIDEx(USER_100, "ohos.datashareclienttest.demo", 0);
427 Uri uri(PROXY_URI_OK);
428 std::string permission = "ohos.permission.WIFI";
429 auto ret = DataShare::DataSharePermission::VerifyPermission(uri, tokenId.tokenIDEx, permission, true);
430 EXPECT_EQ(ret, false);
431 LOG_INFO("PermissionTest_DataObs_VerifyPermission_Test_002::End");
432 }
433
434 HWTEST_F(PermissionTest, PermissionTest_DataObs_VerifyPermission_Test_003, TestSize.Level1)
435 {
436 LOG_INFO("PermissionTest_DataObs_VerifyPermission_Test_003::Start");
437 auto tokenId = AccessTokenKit::GetHapTokenIDEx(USER_100, "ohos.datashareclienttest.demo", 0);
438 Uri uri(DATA_SHARE_SELF_URI);
439 std::string permission = "";
440 auto ret = DataShare::DataSharePermission::VerifyPermission(uri, tokenId.tokenIDEx, permission, false);
441 EXPECT_EQ(ret, true);
442 LOG_INFO("PermissionTest_DataObs_VerifyPermission_Test_003::End");
443 }
444
445 HWTEST_F(PermissionTest, PermissionTest_DataObs_VerifyPermission_Test_004, TestSize.Level1)
446 {
447 LOG_INFO("PermissionTest_DataObs_VerifyPermission_Test_004::Start");
448 auto tokenId = AccessTokenKit::GetHapTokenIDEx(USER_100, "ohos.datashareclienttest.demo", 0);
449 Uri uri(DATA_SHARE_SELF_URI);
450 std::string permission = "";
451 auto ret = DataShare::DataSharePermission::VerifyPermission(uri, tokenId.tokenIDEx, permission, true);
452 EXPECT_EQ(ret, true);
453 LOG_INFO("PermissionTest_DataObs_VerifyPermission_Test_004::End");
454 }
455
456 HWTEST_F(PermissionTest, PermissionTest_DataObs_VerifyPermission_Test_005, TestSize.Level1)
457 {
458 LOG_INFO("PermissionTest_DataObs_VerifyPermission_Test_005::Start");
459 auto tokenId = AccessTokenKit::GetHapTokenIDEx(USER_100, "ohos.datashareclienttest.demo", 0);
460 Uri uri(DATA_SHARE_SELF_URI);
461 std::string permission = "";
462 auto ret = DataShare::DataSharePermission::VerifyPermission(uri, tokenId.tokenIDEx, permission, false);
463 EXPECT_EQ(ret, true);
464 LOG_INFO("PermissionTest_DataObs_VerifyPermission_Test_005::End");
465 }
466
467 HWTEST_F(PermissionTest, PermissionTest_DataObs_VerifyPermission_Test_006, TestSize.Level1)
468 {
469 LOG_INFO("PermissionTest_DataObs_VerifyPermission_Test_006::Start");
470 auto tokenId = AccessTokenKit::GetHapTokenIDEx(USER_100, "ohos.datashareclienttest.demo", 0);
471 Uri uri(PROXY_URI_OK);
472 std::string permission = "";
473 auto ret = DataShare::DataSharePermission::VerifyPermission(uri, tokenId.tokenIDEx, permission, false);
474 EXPECT_EQ(ret, false);
475 LOG_INFO("PermissionTest_DataObs_VerifyPermission_Test_006::End");
476 }
477
478 HWTEST_F(PermissionTest, PermissionTest_IsExtensionValid_001, TestSize.Level1)
479 {
480 LOG_INFO("PermissionTest_IsExtensionValid_001::Start");
481 auto tokenId = AccessTokenKit::GetHapTokenIDEx(USER_100, "com.acts.datasharetest", 0);
482 auto ret = DataShare::DataSharePermission::IsExtensionValid(tokenId.tokenIDEx, tokenId.tokenIDEx, USER_100);
483 EXPECT_EQ(ret, E_OK);
484 LOG_INFO("PermissionTest_IsExtensionValid_001::End");
485 }
486
487 HWTEST_F(PermissionTest, PermissionTest_IsExtensionValid_002, TestSize.Level1)
488 {
489 LOG_INFO("PermissionTest_IsExtensionValid_002::Start");
490 auto tokenId = AccessTokenKit::GetHapTokenIDEx(USER_100, "com.acts.ohos.data.datasharetest", 0);
491 auto ret = DataShare::DataSharePermission::IsExtensionValid(tokenId.tokenIDEx, tokenId.tokenIDEx, USER_100);
492 EXPECT_EQ(ret, E_NOT_DATASHARE_EXTENSION);
493 LOG_INFO("PermissionTest_IsExtensionValid_002::End");
494 }
495
496 /**
497 * @tc.name: PermissionTest_Have_Write_Test_001
498 * @tc.desc: Verify permission check for write operation with correct permission succeeds
499 * @tc.type: FUNC
500 * @tc.require: None
501 * @tc.precon: None
502 * @tc.step:
503 1. Create new HAP info with write permission configuration
504 2. Allocate access token with required write permission
505 3. Set the new token as current process token
506 4. Call VerifyPermission with valid URI and write operation
507 5. Check returned error code
508 6. Clean up the created token
509 * @tc.expected: VerifyPermission returns E_OK
510 */
511 HWTEST_F(PermissionTest, PermissionTest_Have_Write_Test_001, TestSize.Level1)
512 {
513 LOG_INFO("PermissionTest_Have_Write_Test_001::Start");
514 HapInfoParams info = {
515 .userID = USER_100,
516 .bundleName = "ohos.permission.write.demo",
517 .instIndex = 0,
518 .isSystemApp = true,
519 .apiVersion = 8,
520 .appIDDesc = "ohos.permission.write.demo"
521 };
522 HapPolicyParams policy = {
523 .apl = APL_SYSTEM_CORE,
524 .domain = "test.domain",
525 .permStateList = {
526 {
527 .permissionName = "ohos.permission.GET_BUNDLE_INFO",
528 .isGeneral = true,
529 .resDeviceID = { "local" },
530 .grantStatus = { PermissionState::PERMISSION_GRANTED },
531 .grantFlags = { 1 }
532 },
533 {
534 .permissionName = "ohos.permission.WRITE_CONTACTS",
535 .isGeneral = true,
536 .resDeviceID = { "local" },
537 .grantStatus = { PermissionState::PERMISSION_GRANTED },
538 .grantFlags = { 1 }
539 }
540 }
541 };
542 AccessTokenKit::AllocHapToken(info, policy);
543 auto testTokenId = Security::AccessToken::AccessTokenKit::GetHapTokenIDEx(
544 info.userID, info.bundleName, info.instIndex);
545 SetSelfTokenID(testTokenId.tokenIDEx);
546
547 Uri uri(PROXY_URI_OK);
548 auto ret = DataShare::DataSharePermission::VerifyPermission(testTokenId.tokenIDEx, uri, false);
549 EXPECT_EQ(ret, E_OK);
550 AccessTokenKit::DeleteToken(testTokenId.tokenIDEx);
551 LOG_INFO("PermissionTest_Have_Write_Test_001::End");
552 }
553
554 /**
555 * @tc.name: PermissionTest_Hava_Read_Permission_Test_001
556 * @tc.desc: Verify permission check for read operation with correct permission succeeds
557 * @tc.type: FUNC
558 * @tc.require: None
559 * @tc.precon: None
560 * @tc.step:
561 1. Create new HAP info with read permission configuration
562 2. Allocate access token with required read permission
563 3. Set the new token as current process token
564 4. Call VerifyPermission with valid URI and read operation
565 5. Check returned error code
566 6. Clean up the created token
567 * @tc.expected: VerifyPermission returns E_OK
568 */
569 HWTEST_F(PermissionTest, PermissionTest_Hava_Read_Permission_Test_001, TestSize.Level1)
570 {
571 LOG_INFO("PermissionTest_Hava_Read_Permission_Test_001::Start");
572 HapInfoParams info = {
573 .userID = USER_100,
574 .bundleName = "ohos.permission.demo",
575 .instIndex = 0,
576 .isSystemApp = true,
577 .apiVersion = 8,
578 .appIDDesc = "ohos.permission.demo"
579 };
580 HapPolicyParams policy = {
581 .apl = APL_SYSTEM_CORE,
582 .domain = "test.domain",
583 .permStateList = {
584 {
585 .permissionName = "ohos.permission.GET_BUNDLE_INFO",
586 .isGeneral = true,
587 .resDeviceID = { "local" },
588 .grantStatus = { PermissionState::PERMISSION_GRANTED },
589 .grantFlags = { 1 }
590 },
591 {
592 .permissionName = "ohos.permission.READ_CALL_LOG",
593 .isGeneral = true,
594 .resDeviceID = { "local" },
595 .grantStatus = { PermissionState::PERMISSION_GRANTED },
596 .grantFlags = { 1 }
597 }
598 }
599 };
600 AccessTokenKit::AllocHapToken(info, policy);
601 auto testTokenId = Security::AccessToken::AccessTokenKit::GetHapTokenIDEx(
602 info.userID, info.bundleName, info.instIndex);
603 SetSelfTokenID(testTokenId.tokenIDEx);
604 Uri uri(DATA_SHARE_URI);
605 auto ret = DataShare::DataSharePermission::VerifyPermission(testTokenId.tokenIDEx, uri, true);
606 EXPECT_EQ(ret, E_OK);
607
608 AccessTokenKit::DeleteToken(testTokenId.tokenIDEx);
609 LOG_INFO("PermissionTest_Hava_Read_Permission_Test_001::End");
610 }
611
612 } // namespace DataShare
613 } // namespace OHOS