1 /*
2 * Copyright (c) 2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "accesstoken_kit_coverage_test.h"
17 #include <thread>
18
19 #include "access_token.h"
20 #include "access_token_error.h"
21 #include "accesstoken_common_log.h"
22 #include "hap_token_info.h"
23 #include "nativetoken_kit.h"
24 #include "permission_grant_info.h"
25 #include "permission_state_change_info_parcel.h"
26 #include "string_ex.h"
27 #include "test_common.h"
28 #include "tokenid_kit.h"
29 #include "token_setproc.h"
30 #define private public
31 #include "accesstoken_manager_client.h"
32 #undef private
33
34 using namespace testing::ext;
35
36 namespace OHOS {
37 namespace Security {
38 namespace AccessToken {
39 namespace {
40 static constexpr int32_t DEFAULT_API_VERSION = 8;
41 static const std::string TEST_BUNDLE_NAME = "ohos";
42 static const std::string TEST_PERMISSION_NAME_ALPHA = "ohos.permission.ALPHA";
43 static const std::string TEST_PERMISSION_NAME_BETA = "ohos.permission.BETA";
44 static const int TEST_USER_ID = 0;
45 uint64_t g_selfShellTokenId;
46 }
47
SetUpTestCase()48 void AccessTokenCoverageTest::SetUpTestCase()
49 {
50 g_selfShellTokenId = GetSelfTokenID();
51 TestCommon::SetTestEvironment(g_selfShellTokenId);
52 }
53
TearDownTestCase()54 void AccessTokenCoverageTest::TearDownTestCase()
55 {
56 SetSelfTokenID(g_selfShellTokenId);
57 TestCommon::ResetTestEvironment();
58 }
59
SetUp()60 void AccessTokenCoverageTest::SetUp()
61 {
62 g_selfShellTokenId = GetSelfTokenID();
63 LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok.");
64 }
65
TearDown()66 void AccessTokenCoverageTest::TearDown()
67 {
68 EXPECT_EQ(0, SetSelfTokenID(g_selfShellTokenId));
69 }
70
71 class CbCustomizeTest : public PermStateChangeCallbackCustomize {
72 public:
CbCustomizeTest(const PermStateChangeScope & scopeInfo)73 explicit CbCustomizeTest(const PermStateChangeScope &scopeInfo)
74 : PermStateChangeCallbackCustomize(scopeInfo)
75 {
76 }
77
~CbCustomizeTest()78 ~CbCustomizeTest()
79 {}
80
PermStateChangeCallback(PermStateChangeInfo & result)81 virtual void PermStateChangeCallback(PermStateChangeInfo& result)
82 {
83 ready_ = true;
84 int32_t status = (result.permStateChangeType == 1) ? PERMISSION_GRANTED : PERMISSION_DENIED;
85 ASSERT_EQ(status, AccessTokenKit::VerifyAccessToken(result.tokenID, result.permissionName));
86 }
87
88 bool ready_;
89 };
90
91 /**
92 * @tc.name: PermStateChangeCallback001
93 * @tc.desc: PermissionStateChangeCallback::PermStateChangeCallback function test.
94 * @tc.type: FUNC
95 * @tc.require: issueI61NS6
96 */
97 HWTEST_F(AccessTokenCoverageTest, PermStateChangeCallback001, TestSize.Level4)
98 {
99 PermStateChangeInfo result = {
100 .permStateChangeType = 0,
101 .tokenID = 123,
102 .permissionName = "ohos.permission.CAMERA"
103 };
104
105 std::shared_ptr<CbCustomizeTest> callbackPtr = nullptr;
106 std::shared_ptr<PermissionStateChangeCallback> callback = std::make_shared<PermissionStateChangeCallback>(
107 callbackPtr);
108 ASSERT_NE(callback, nullptr);
109
110 callback->PermStateChangeCallback(result);
111 ASSERT_EQ(callback->customizedCallback_, nullptr);
112 callback->Stop();
113 }
114
115 class TestCallBack : public PermissionStateChangeCallbackStub {
116 public:
117 TestCallBack() = default;
118 virtual ~TestCallBack() = default;
119
PermStateChangeCallback(PermStateChangeInfo & result)120 void PermStateChangeCallback(PermStateChangeInfo& result)
121 {
122 GTEST_LOG_(INFO) << "PermStateChangeCallback, tokenID is " << result.tokenID;
123 }
124 };
125
126 /**
127 * @tc.name: OnRemoteRequest001
128 * @tc.desc: StateChangeCallbackStub::OnRemoteRequest function test
129 * @tc.type: FUNC
130 * @tc.require: issueI61A6M
131 */
132 HWTEST_F(AccessTokenCoverageTest, OnRemoteRequest001, TestSize.Level4)
133 {
134 PermStateChangeInfo info = {
135 .permStateChangeType = 0,
136 .tokenID = 123,
137 .permissionName = "ohos.permission.CAMERA"
138 };
139
140 TestCallBack callback;
141 PermissionStateChangeInfoParcel infoParcel;
142 infoParcel.changeInfo = info;
143
144 OHOS::MessageParcel data;
145 std::string descriptor = "I don't know";
146 data.WriteInterfaceToken(OHOS::Str8ToStr16(descriptor));
147 ASSERT_EQ(true, data.WriteParcelable(&infoParcel));
148
149 OHOS::MessageParcel reply;
150 OHOS::MessageOption option(OHOS::MessageOption::TF_SYNC);
151 ASSERT_NE(0,
152 callback.OnRemoteRequest(static_cast<uint32_t>(AccesstokenStateChangeInterfaceCode::PERMISSION_STATE_CHANGE),
153 data, reply, option)); // descriptor false
154
155 ASSERT_EQ(true, data.WriteInterfaceToken(IPermissionStateCallback::GetDescriptor()));
156 ASSERT_EQ(true, data.WriteParcelable(&infoParcel));
157 uint32_t code = 10;
158 ASSERT_NE(0, callback.OnRemoteRequest(code, data, reply, option)); // descriptor true + msgCode false
159 }
160
161 /**
162 * @tc.name: CreatePermStateChangeCallback001
163 * @tc.desc: AccessTokenManagerClient::CreatePermStateChangeCallback function test
164 * @tc.type: FUNC
165 * @tc.require: issueI61A6M
166 */
167 HWTEST_F(AccessTokenCoverageTest, CreatePermStateChangeCallback001, TestSize.Level4)
168 {
169 std::vector<std::string> reqPerm;
170 reqPerm.emplace_back("ohos.permission.GET_SENSITIVE_PERMISSIONS");
171 MockHapToken mock("CreatePermStateChangeCallback001", reqPerm, true);
172
173 std::vector<std::shared_ptr<CbCustomizeTest>> callbackList;
174
175 uint32_t times = 201;
176 for (uint32_t i = 0; i < times; i++) {
177 PermStateChangeScope scopeInfo;
178 scopeInfo.permList = {};
179 scopeInfo.tokenIDs = {};
180 auto callbackPtr = std::make_shared<CbCustomizeTest>(scopeInfo);
181 callbackList.emplace_back(callbackPtr);
182 int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr);
183
184 if (i == 200) {
185 EXPECT_EQ(AccessTokenError::ERR_CALLBACKS_EXCEED_LIMITATION, res);
186 break;
187 }
188 }
189
190 for (uint32_t i = 0; i < 200; i++) {
191 ASSERT_EQ(0, AccessTokenKit::UnRegisterPermStateChangeCallback(callbackList[i]));
192 }
193
194 std::shared_ptr<PermStateChangeCallbackCustomize> customizedCb = nullptr;
195 AccessTokenKit::RegisterPermStateChangeCallback(customizedCb); // customizedCb is null
196 }
197
198 /**
199 * @tc.name: InitProxy001
200 * @tc.desc: AccessTokenManagerClient::InitProxy function test
201 * @tc.type: FUNC
202 * @tc.require: issueI61A6M
203 */
204 HWTEST_F(AccessTokenCoverageTest, InitProxy001, TestSize.Level4)
205 {
206 ASSERT_NE(nullptr, AccessTokenManagerClient::GetInstance().proxy_);
207 OHOS::sptr<IAccessTokenManager> proxy = AccessTokenManagerClient::GetInstance().proxy_; // backup
208 AccessTokenManagerClient::GetInstance().proxy_ = nullptr;
209 ASSERT_EQ(nullptr, AccessTokenManagerClient::GetInstance().proxy_);
210 AccessTokenManagerClient::GetInstance().InitProxy(); // proxy_ is null
211 AccessTokenManagerClient::GetInstance().proxy_ = proxy; // recovery
212 }
213
214 /**
215 * @tc.name: AllocHapToken001
216 * @tc.desc: AccessTokenKit::AllocHapToken function test
217 * @tc.type: FUNC
218 * @tc.require: issueI61A6M
219 */
220 HWTEST_F(AccessTokenCoverageTest, AllocHapToken001, TestSize.Level4)
221 {
222 HapInfoParams info;
223 HapPolicyParams policy;
224 info.userID = -1;
225 AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(info, policy);
226 ASSERT_EQ(INVALID_TOKENID, tokenIdEx.tokenIdExStruct.tokenID);
227 }
228
229 /**
230 * @tc.name: VerifyAccessToken005
231 * @tc.desc: AccessTokenKit::VerifyAccessToken function test
232 * @tc.type: FUNC
233 * @tc.require: issueI61A6M
234 */
235 HWTEST_F(AccessTokenCoverageTest, VerifyAccessToken005, TestSize.Level4)
236 {
237 HapInfoParams info = {
238 .userID = TEST_USER_ID,
239 .bundleName = "accesstoken_test3",
240 .instIndex = 0,
241 .appIDDesc = "test3",
242 .apiVersion = DEFAULT_API_VERSION
243 };
244 PermissionStateFull permState = {
245 .permissionName = "ohos.permission.GET_BUNDLE_INFO",
246 .isGeneral = true,
247 .resDeviceID = {"local3"},
248 .grantStatus = {PermissionState::PERMISSION_GRANTED},
249 .grantFlags = {1}
250 };
251
252 HapPolicyParams policy = {
253 .apl = APL_NORMAL,
254 .domain = "test.domain3",
255 .permStateList = {permState}
256 };
257
258 AccessTokenIDEx tokenIdEx = {0};
259 ASSERT_EQ(RET_SUCCESS, TestCommon::AllocTestHapToken(info, policy, tokenIdEx));
260 AccessTokenID callerTokenID = tokenIdEx.tokenIdExStruct.tokenID;
261 ASSERT_NE(INVALID_TOKENID, callerTokenID);
262 AccessTokenID firstTokenID;
263
264 // ret = PERMISSION_GRANTED + firstTokenID = 0
265 std::string permissionName = "ohos.permission.GET_BUNDLE_INFO";
266 firstTokenID = 0;
267 EXPECT_EQ(PermissionState::PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(
268 callerTokenID, firstTokenID, permissionName, false));
269
270 firstTokenID = 1;
271 // ret = PERMISSION_GRANTED + firstTokenID != 0
272 EXPECT_EQ(PermissionState::PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(
273 callerTokenID, firstTokenID, permissionName, false));
274 ASSERT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(callerTokenID));
275
276 callerTokenID = 0;
277 // ret = PERMISSION_DENIED
278 EXPECT_EQ(PermissionState::PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(
279 callerTokenID, firstTokenID, permissionName, false));
280 }
281
282 /**
283 * @tc.name: GetRenderTokenIDTest001
284 * @tc.desc: TokenIdKit::GetRenderTokenID function test
285 * @tc.type: FUNC
286 * @tc.require: issueI7MOA1
287 */
288 HWTEST_F(AccessTokenCoverageTest, GetRenderTokenIDTest001, TestSize.Level4)
289 {
290 uint64_t validTokenID = GetSelfTokenID();
291 uint64_t retTokenId = validTokenID;
292
293 retTokenId = TokenIdKit::GetRenderTokenID(validTokenID);
294 ASSERT_NE(retTokenId, validTokenID);
295 ASSERT_NE(retTokenId, INVALID_TOKENID);
296 }
297
298 /**
299 * @tc.name: GetRenderTokenIDTest002
300 * @tc.desc: TokenIdKit::GetRenderTokenID function test
301 * @tc.type: FUNC
302 * @tc.require: issueI7MOA1
303 */
304 HWTEST_F(AccessTokenCoverageTest, GetRenderTokenIDTest002, TestSize.Level4)
305 {
306 uint64_t invalidTokenID = 0;
307 uint64_t retTokenId = 1; /* 1, for testing purposes */
308
309 retTokenId = TokenIdKit::GetRenderTokenID(invalidTokenID);
310 ASSERT_EQ(invalidTokenID, retTokenId);
311 }
312
313 /**
314 * @tc.name: GetRenderTokenIDTest003
315 * @tc.desc: AccessTokenKit::GetRenderTokenID function test
316 * @tc.type: FUNC
317 * @tc.require:
318 */
319 HWTEST_F(AccessTokenCoverageTest, GetRenderTokenIDTest003, TestSize.Level4)
320 {
321 uint64_t invalidTokenID = 0;
322 uint64_t retTokenId = 1; /* 1, for testing purposes */
323
324 retTokenId = AccessTokenKit::GetRenderTokenID(invalidTokenID);
325 ASSERT_EQ(invalidTokenID, retTokenId);
326 }
327
328 #ifdef TOKEN_SYNC_ENABLE
329 namespace {
330 class TokenSyncCallbackStubTest : public TokenSyncCallbackStub {
331 public:
332 TokenSyncCallbackStubTest() = default;
333 virtual ~TokenSyncCallbackStubTest() = default;
334
GetRemoteHapTokenInfo(const std::string & deviceID,AccessTokenID tokenID)335 int32_t GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID) override
336 {
337 return 0;
338 };
DeleteRemoteHapTokenInfo(AccessTokenID tokenID)339 int32_t DeleteRemoteHapTokenInfo(AccessTokenID tokenID) override
340 {
341 return 0;
342 };
343
UpdateRemoteHapTokenInfo(const HapTokenInfoForSync & tokenInfo)344 int32_t UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& tokenInfo) override
345 {
346 return 0;
347 };
348 };
349
350 static const int32_t FAKE_SYNC_RET = 0xabcdef;
351 class TokenSyncCallbackImpl : public TokenSyncKitInterface {
352 public:
~TokenSyncCallbackImpl()353 ~TokenSyncCallbackImpl()
354 {}
355
GetRemoteHapTokenInfo(const std::string & deviceID,AccessTokenID tokenID) const356 int32_t GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID) const override
357 {
358 LOGI(ATM_DOMAIN, ATM_TAG, "GetRemoteHapTokenInfo called.");
359 return FAKE_SYNC_RET;
360 };
361
DeleteRemoteHapTokenInfo(AccessTokenID tokenID) const362 int32_t DeleteRemoteHapTokenInfo(AccessTokenID tokenID) const override
363 {
364 LOGI(ATM_DOMAIN, ATM_TAG, "DeleteRemoteHapTokenInfo called.");
365 return FAKE_SYNC_RET;
366 };
367
UpdateRemoteHapTokenInfo(const HapTokenInfoForSync & tokenInfo) const368 int32_t UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& tokenInfo) const override
369 {
370 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateRemoteHapTokenInfo called.");
371 return FAKE_SYNC_RET;
372 };
373 };
374 };
375
376 /**
377 * @tc.name: TokenSyncCallbackStubTest001
378 * @tc.desc: TokenSyncCallbackStub OnRemoteRequest deny test
379 * @tc.type: FUNC
380 * @tc.require:
381 */
382 HWTEST_F(AccessTokenCoverageTest, TokenSyncCallbackStubTest001, TestSize.Level4)
383 {
384 TokenSyncCallbackStubTest callback;
385
386 OHOS::MessageParcel data;
387 std::string descriptor = "I don't know";
388 data.WriteInterfaceToken(OHOS::Str8ToStr16(descriptor));
389
390 OHOS::MessageParcel reply;
391 OHOS::MessageOption option(OHOS::MessageOption::TF_SYNC);
392 EXPECT_EQ(ERROR_IPC_REQUEST_FAIL,
393 callback.OnRemoteRequest(static_cast<uint32_t>(TokenSyncCallbackInterfaceCode::GET_REMOTE_HAP_TOKEN_INFO),
394 data, reply, option)); // descriptor false
395 }
396
397 /**
398 * @tc.name: TokenSyncCallbackStubTest002
399 * @tc.desc: TokenSyncCallbackStub OnRemoteRequest err code
400 * @tc.type: FUNC
401 * @tc.require:
402 */
403 HWTEST_F(AccessTokenCoverageTest, TokenSyncCallbackStubTest002, TestSize.Level4)
404 {
405 TokenSyncCallbackStubTest callback;
406 OHOS::MessageParcel data;
407 data.WriteInterfaceToken(ITokenSyncCallback::GetDescriptor());
408
409 OHOS::MessageParcel reply;
410 OHOS::MessageOption option(OHOS::MessageOption::TF_SYNC);
411 EXPECT_NE(0, callback.OnRemoteRequest(static_cast<uint32_t>(0xff), // code false
412 data, reply, option));
413 }
414
415 /**
416 * @tc.name: TokenSyncCallbackStubTest003
417 * @tc.desc: TokenSyncCallbackStub OnRemoteRequest deny call
418 * @tc.type: FUNC
419 * @tc.require:
420 */
421 HWTEST_F(AccessTokenCoverageTest, TokenSyncCallbackStubTest003, TestSize.Level4)
422 {
423 TokenSyncCallbackStubTest callback;
424 OHOS::MessageParcel data;
425 data.WriteInterfaceToken(ITokenSyncCallback::GetDescriptor());
426
427 OHOS::MessageParcel reply;
428 OHOS::MessageOption option(OHOS::MessageOption::TF_SYNC);
429 EXPECT_EQ(0, callback.OnRemoteRequest(
430 static_cast<uint32_t>(TokenSyncCallbackInterfaceCode::GET_REMOTE_HAP_TOKEN_INFO),
431 data, reply, option));
432 EXPECT_EQ(ERR_IDENTITY_CHECK_FAILED, reply.ReadInt32());
433
434 data.WriteInterfaceToken(ITokenSyncCallback::GetDescriptor());
435 EXPECT_EQ(0, callback.OnRemoteRequest(
436 static_cast<uint32_t>(TokenSyncCallbackInterfaceCode::DELETE_REMOTE_HAP_TOKEN_INFO),
437 data, reply, option));
438 EXPECT_EQ(ERR_IDENTITY_CHECK_FAILED, reply.ReadInt32());
439
440 data.WriteInterfaceToken(ITokenSyncCallback::GetDescriptor());
441 EXPECT_EQ(0, callback.OnRemoteRequest(
442 static_cast<uint32_t>(TokenSyncCallbackInterfaceCode::UPDATE_REMOTE_HAP_TOKEN_INFO),
443 data, reply, option));
444 EXPECT_EQ(ERR_IDENTITY_CHECK_FAILED, reply.ReadInt32());
445 }
446
447 /**
448 * @tc.name: TokenSyncCallbackStubTest004
449 * @tc.desc: TokenSyncCallbackStub OnRemoteRequest normal call
450 * @tc.type: FUNC
451 * @tc.require:
452 */
453 HWTEST_F(AccessTokenCoverageTest, TokenSyncCallbackStubTest004, TestSize.Level4)
454 {
455 setuid(3020); // ACCESSTOKEN_UID
456
457 TokenSyncCallbackStubTest callback;
458 OHOS::MessageParcel data;
459 OHOS::MessageParcel reply;
460 OHOS::MessageOption option(OHOS::MessageOption::TF_SYNC);
461
462 data.WriteInterfaceToken(ITokenSyncCallback::GetDescriptor());
463 data.WriteString("test deviceID"); // test deviceID
464 data.WriteUint32(0); // test tokenid
465 EXPECT_EQ(0, callback.OnRemoteRequest(
466 static_cast<uint32_t>(TokenSyncCallbackInterfaceCode::GET_REMOTE_HAP_TOKEN_INFO),
467 data, reply, option));
468 EXPECT_EQ(0, reply.ReadInt32());
469
470 data.WriteInterfaceToken(ITokenSyncCallback::GetDescriptor());
471 data.WriteUint32(0); // test tokenid
472 EXPECT_EQ(0, callback.OnRemoteRequest(
473 static_cast<uint32_t>(TokenSyncCallbackInterfaceCode::DELETE_REMOTE_HAP_TOKEN_INFO),
474 data, reply, option));
475 EXPECT_EQ(0, reply.ReadInt32());
476
477 data.WriteInterfaceToken(ITokenSyncCallback::GetDescriptor());
478 HapTokenInfoForSync info;
479 HapTokenInfoForSyncParcel tokenInfoParcel;
480 tokenInfoParcel.hapTokenInfoForSyncParams = info;
481 data.WriteParcelable(&tokenInfoParcel);
482 EXPECT_EQ(0, callback.OnRemoteRequest(
483 static_cast<uint32_t>(TokenSyncCallbackInterfaceCode::UPDATE_REMOTE_HAP_TOKEN_INFO),
484 data, reply, option));
485 EXPECT_EQ(0, reply.ReadInt32());
486 setuid(0); // root uid
487 }
488
489 /**
490 * @tc.name: TokenSyncCallbackTest001
491 * @tc.desc: TokenSyncCallback inner call
492 * @tc.type: FUNC
493 * @tc.require:
494 */
495 HWTEST_F(AccessTokenCoverageTest, TokenSyncCallbackTest001, TestSize.Level4)
496 {
497 TokenSyncCallback callback(nullptr);
498 EXPECT_EQ(nullptr, callback.tokenSyncCallback_); // test input
499
500 std::shared_ptr<TokenSyncKitInterface> ptr = std::make_shared<TokenSyncCallbackImpl>();
501 std::shared_ptr<TokenSyncCallback> callbackImpl = std::make_shared<TokenSyncCallback>(ptr);
502 EXPECT_NE(nullptr, callbackImpl->tokenSyncCallback_);
503 EXPECT_EQ(FAKE_SYNC_RET, callbackImpl->GetRemoteHapTokenInfo("test", 0)); // test input
504 EXPECT_EQ(FAKE_SYNC_RET, callbackImpl->DeleteRemoteHapTokenInfo(0)); // test input
505 HapTokenInfoForSync info;
506 EXPECT_EQ(FAKE_SYNC_RET, callbackImpl->UpdateRemoteHapTokenInfo(info)); // test input
507 }
508 #endif // TOKEN_SYNC_ENABLE
509
510 /**
511 * @tc.name: GetPermissionManagerInfo001
512 * @tc.desc:
513 * @tc.type: FUNC
514 * @tc.require:
515 */
516 HWTEST_F(AccessTokenCoverageTest, GetPermissionManagerInfo001, TestSize.Level4)
517 {
518 PermissionGrantInfo info;
519 AccessTokenKit::GetPermissionManagerInfo(info);
520 ASSERT_EQ(false, info.grantBundleName.empty());
521 }
522
523 } // namespace AccessToken
524 } // namespace Security
525 } // namespace OHOS
526