1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "share_permission_with_sandbox_test.h"
17 #include <thread>
18
19 #include "accesstoken_kit.h"
20 #include "accesstoken_common_log.h"
21 #include "access_token_error.h"
22 #include "nativetoken_kit.h"
23 #include "test_common.h"
24 #include "token_setproc.h"
25 #include "tokenid_kit.h"
26
27 using namespace testing::ext;
28 using namespace OHOS::Security::AccessToken;
29
30 namespace {
31 static const std::string PERMISSION_ALL = "ohos.permission.APP_TRACKING_CONSENT";
32 static const std::string PERMISSION_FULL_CONTROL = "ohos.permission.PRINT";
33 static const std::string PERMISSION_NONE = "ohos.permission.INTERNET";
34 static const std::string PERMISSION_NOT_DISPLAYED = "ohos.permission.ANSWER_CALL";
35 static const std::string TEST_PERMISSION_GRANT = "ohos.permission.GRANT_SENSITIVE_PERMISSIONS";
36 static const std::string TEST_PERMISSION_REVOKE = "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS";
37 static uint64_t g_selfTokenId = 0;
38
39 HapInfoParams g_infoParmsCommon = {
40 .userID = 1,
41 .bundleName = "PermissionShareTest",
42 .instIndex = 0,
43 .dlpType = DLP_COMMON,
44 .appIDDesc = "PermissionShareTest"
45 };
46
47 HapInfoParams g_infoParmsFullControl = {
48 .userID = 1,
49 .bundleName = "PermissionShareTest",
50 .instIndex = 1,
51 .dlpType = DLP_FULL_CONTROL,
52 .appIDDesc = "PermissionShareTest"
53 };
54
55 HapInfoParams g_infoParmsReadOnly = {
56 .userID = 1,
57 .bundleName = "PermissionShareTest",
58 .instIndex = 2,
59 .dlpType = DLP_READ,
60 .appIDDesc = "PermissionShareTest"
61 };
62
63 PermissionStateFull g_stateFullControl = {
64 .permissionName = "ohos.permission.PRINT",
65 .isGeneral = true,
66 .resDeviceID = {"local"},
67 .grantStatus = {PermissionState::PERMISSION_DENIED},
68 .grantFlags = {0}
69 };
70
71 PermissionStateFull g_stateNone = {
72 .permissionName = "ohos.permission.INTERNET",
73 .isGeneral = true,
74 .resDeviceID = {"local"},
75 .grantStatus = {PermissionState::PERMISSION_DENIED},
76 .grantFlags = {0}
77 };
78
79 PermissionStateFull g_stateAll = {
80 .permissionName = PERMISSION_ALL,
81 .isGeneral = true,
82 .resDeviceID = {"local"},
83 .grantStatus = {PermissionState::PERMISSION_DENIED},
84 .grantFlags = {0}
85 };
86
87 PermissionStateFull g_stateNotDisplayed = {
88 .permissionName = "ohos.permission.ANSWER_CALL",
89 .isGeneral = true,
90 .resDeviceID = {"local"},
91 .grantStatus = {PermissionState::PERMISSION_DENIED},
92 .grantFlags = {0}
93 };
94
95 HapPolicyParams g_policyParams = {
96 .apl = APL_NORMAL,
97 .domain = "test.domain",
98 .permStateList = {g_stateFullControl, g_stateNone, g_stateAll, g_stateNotDisplayed}
99 };
100
101 }
102
SetUpTestCase()103 void SharePermissionTest::SetUpTestCase()
104 {
105 g_selfTokenId = GetSelfTokenID();
106 TestCommon::SetTestEvironment(g_selfTokenId);
107
108 HapInfoParams infoParmsEnvironment = {
109 .userID = 1,
110 .bundleName = "PermissionEnvironment",
111 .instIndex = 0,
112 .dlpType = DLP_COMMON,
113 .appIDDesc = "PermissionEnvironment",
114 .isSystemApp = true
115 };
116 PermissionStateFull stateGrant = {
117 .permissionName = TEST_PERMISSION_GRANT,
118 .isGeneral = true,
119 .resDeviceID = {"local"},
120 .grantStatus = {PermissionState::PERMISSION_GRANTED},
121 .grantFlags = {0}
122 };
123 PermissionStateFull stateRevoke = {
124 .permissionName = TEST_PERMISSION_REVOKE,
125 .isGeneral = true,
126 .resDeviceID = {"local"},
127 .grantStatus = {PermissionState::PERMISSION_GRANTED},
128 .grantFlags = {0}
129 };
130 HapPolicyParams policyParams = {
131 .apl = APL_NORMAL,
132 .domain = "test.domain",
133 .permStateList = {stateGrant, stateRevoke}
134 };
135 AccessTokenIDEx tokenIdEx = {0};
136 EXPECT_EQ(RET_SUCCESS, TestCommon::AllocTestHapToken(infoParmsEnvironment, policyParams, tokenIdEx));
137 EXPECT_NE(0, tokenIdEx.tokenIdExStruct.tokenID);
138 EXPECT_EQ(true, TokenIdKit::IsSystemAppByFullTokenID(tokenIdEx.tokenIDEx));
139 EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx));
140 LOGI(ATM_DOMAIN, ATM_TAG, "SetUpTestCase ok.");
141 }
142
TearDownTestCase()143 void SharePermissionTest::TearDownTestCase()
144 {
145 EXPECT_EQ(0, SetSelfTokenID(g_selfTokenId));
146 TestCommon::ResetTestEvironment();
147
148 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(1, "PermissionEnvironment", 0);
149 AccessTokenID tokenId = tokenIdEx.tokenIdExStruct.tokenID;
150 if (tokenId != INVALID_TOKENID) {
151 EXPECT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenId));
152 }
153 }
154
SetUp()155 void SharePermissionTest::SetUp()
156 {
157 LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok.");
158 }
159
TearDown()160 void SharePermissionTest::TearDown()
161 {
162 }
163
AllocHapTokenId(HapInfoParams info,HapPolicyParams policy)164 static AccessTokenID AllocHapTokenId(HapInfoParams info, HapPolicyParams policy)
165 {
166 MockNativeToken mock("foundation");
167 AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(info, policy);
168 AccessTokenID tokenId = tokenIdEx.tokenIdExStruct.tokenID;
169 EXPECT_NE(0, tokenId);
170 int ret = AccessTokenKit::VerifyAccessToken(tokenId, PERMISSION_FULL_CONTROL, false);
171 EXPECT_EQ(ret, PermissionState::PERMISSION_DENIED);
172 ret = AccessTokenKit::VerifyAccessToken(tokenId, PERMISSION_ALL, false);
173 EXPECT_EQ(ret, PermissionState::PERMISSION_DENIED);
174 ret = AccessTokenKit::VerifyAccessToken(tokenId, PERMISSION_NONE, false);
175 EXPECT_EQ(ret, PermissionState::PERMISSION_DENIED);
176 return tokenId;
177 }
178
179 /**
180 * @tc.name: SharePermissionTest001
181 * @tc.desc: .
182 * @tc.type: FUNC
183 * @tc.require:Issue Number
184 */
185 HWTEST_F(SharePermissionTest, PermissionShareTest001, TestSize.Level0)
186 {
187 int ret;
188 AccessTokenID tokenCommon = AllocHapTokenId(g_infoParmsCommon, g_policyParams);
189 AccessTokenID tokenFullControl = AllocHapTokenId(g_infoParmsFullControl, g_policyParams);
190 AccessTokenID tokenFullRead = AllocHapTokenId(g_infoParmsReadOnly, g_policyParams);
191
192 // grant common app
193 ret = TestCommon::GrantPermissionByTest(tokenCommon, PERMISSION_ALL, PERMISSION_USER_FIXED);
194 EXPECT_EQ(RET_SUCCESS, ret);
195 ret = AccessTokenKit::VerifyAccessToken(tokenCommon, PERMISSION_ALL, false);
196 EXPECT_EQ(ret, PermissionState::PERMISSION_GRANTED);
197 ret = AccessTokenKit::VerifyAccessToken(tokenFullControl, PERMISSION_ALL, false);
198 EXPECT_EQ(ret, PermissionState::PERMISSION_GRANTED);
199 ret = AccessTokenKit::VerifyAccessToken(tokenFullRead, PERMISSION_ALL, false);
200 EXPECT_EQ(ret, PermissionState::PERMISSION_GRANTED);
201
202 // grant common app
203 ret = TestCommon::GrantPermissionByTest(tokenCommon, PERMISSION_FULL_CONTROL, PERMISSION_USER_FIXED);
204 EXPECT_EQ(RET_SUCCESS, ret);
205 ret = AccessTokenKit::VerifyAccessToken(tokenCommon, PERMISSION_FULL_CONTROL, false);
206 EXPECT_EQ(ret, PermissionState::PERMISSION_GRANTED);
207 ret = AccessTokenKit::VerifyAccessToken(tokenFullControl, PERMISSION_FULL_CONTROL, false);
208 EXPECT_EQ(ret, PermissionState::PERMISSION_GRANTED);
209 ret = AccessTokenKit::VerifyAccessToken(tokenFullRead, PERMISSION_FULL_CONTROL, false);
210 EXPECT_EQ(ret, PermissionState::PERMISSION_DENIED);
211
212 // grant common app
213 ret = TestCommon::GrantPermissionByTest(tokenCommon, PERMISSION_NONE, PERMISSION_USER_FIXED);
214 EXPECT_EQ(RET_SUCCESS, ret);
215 ret = AccessTokenKit::VerifyAccessToken(tokenCommon, PERMISSION_NONE, false);
216 EXPECT_EQ(ret, PermissionState::PERMISSION_GRANTED);
217 ret = AccessTokenKit::VerifyAccessToken(tokenFullControl, PERMISSION_NONE, false);
218 EXPECT_EQ(ret, PermissionState::PERMISSION_DENIED);
219 ret = AccessTokenKit::VerifyAccessToken(tokenFullRead, PERMISSION_NONE, false);
220 EXPECT_EQ(ret, PermissionState::PERMISSION_DENIED);
221
222 EXPECT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenCommon));
223 EXPECT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenFullControl));
224 EXPECT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenFullRead));
225 }
226
227 /**
228 * @tc.name: SharePermissionTest002
229 * @tc.desc: .
230 * @tc.type: FUNC
231 * @tc.require:Issue Number
232 */
233 HWTEST_F(SharePermissionTest, PermissionShareTest002, TestSize.Level0)
234 {
235 int ret;
236 AccessTokenID tokenCommon = AllocHapTokenId(g_infoParmsCommon, g_policyParams);
237 AccessTokenID tokenFullControl = AllocHapTokenId(g_infoParmsFullControl, g_policyParams);
238 AccessTokenID tokenFullRead = AllocHapTokenId(g_infoParmsReadOnly, g_policyParams);
239
240 // grant common app
241 ret = TestCommon::GrantPermissionByTest(tokenFullControl, PERMISSION_ALL, PERMISSION_USER_FIXED);
242 EXPECT_EQ(RET_SUCCESS, ret);
243 ret = AccessTokenKit::VerifyAccessToken(tokenCommon, PERMISSION_ALL, false);
244 EXPECT_EQ(ret, PermissionState::PERMISSION_GRANTED);
245 ret = AccessTokenKit::VerifyAccessToken(tokenFullControl, PERMISSION_ALL, false);
246 EXPECT_EQ(ret, PermissionState::PERMISSION_GRANTED);
247 ret = AccessTokenKit::VerifyAccessToken(tokenFullRead, PERMISSION_ALL, false);
248 EXPECT_EQ(ret, PermissionState::PERMISSION_GRANTED);
249
250 // grant common app
251 ret = TestCommon::GrantPermissionByTest(tokenFullControl, PERMISSION_FULL_CONTROL, PERMISSION_USER_FIXED);
252 EXPECT_EQ(RET_SUCCESS, ret);
253 ret = AccessTokenKit::VerifyAccessToken(tokenCommon, PERMISSION_FULL_CONTROL, false);
254 EXPECT_EQ(ret, PermissionState::PERMISSION_GRANTED);
255 ret = AccessTokenKit::VerifyAccessToken(tokenFullControl, PERMISSION_FULL_CONTROL, false);
256 EXPECT_EQ(ret, PermissionState::PERMISSION_GRANTED);
257 ret = AccessTokenKit::VerifyAccessToken(tokenFullRead, PERMISSION_FULL_CONTROL, false);
258 EXPECT_EQ(ret, PermissionState::PERMISSION_DENIED);
259
260 // grant common app
261 ret = TestCommon::GrantPermissionByTest(tokenFullControl, PERMISSION_NONE, PERMISSION_USER_FIXED);
262 EXPECT_NE(RET_SUCCESS, ret);
263 ret = AccessTokenKit::VerifyAccessToken(tokenCommon, PERMISSION_NONE, false);
264 EXPECT_EQ(ret, PermissionState::PERMISSION_DENIED);
265 ret = AccessTokenKit::VerifyAccessToken(tokenFullControl, PERMISSION_NONE, false);
266 EXPECT_EQ(ret, PermissionState::PERMISSION_DENIED);
267 ret = AccessTokenKit::VerifyAccessToken(tokenFullRead, PERMISSION_NONE, false);
268 EXPECT_EQ(ret, PermissionState::PERMISSION_DENIED);
269
270 EXPECT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenCommon));
271 EXPECT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenFullControl));
272 EXPECT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenFullRead));
273 }
274
275 /**
276 * @tc.name: PermissionShareClearUserGrantTest001
277 * @tc.desc: .
278 * @tc.type: FUNC
279 * @tc.require:Issue Number
280 */
281 HWTEST_F(SharePermissionTest, PermissionShareClearUserGrantTest001, TestSize.Level0)
282 {
283 int ret;
284 AccessTokenID tokenCommon = AllocHapTokenId(g_infoParmsCommon, g_policyParams);
285 AccessTokenID tokenFullControl = AllocHapTokenId(g_infoParmsFullControl, g_policyParams);
286 AccessTokenID tokenFullRead = AllocHapTokenId(g_infoParmsReadOnly, g_policyParams);
287
288 // grant pre-authorization
289 ret = TestCommon::GrantPermissionByTest(tokenFullControl, PERMISSION_ALL, PERMISSION_PRE_AUTHORIZED_CANCELABLE);
290 EXPECT_EQ(RET_SUCCESS, ret);
291 uint32_t flag;
292 EXPECT_EQ(RET_SUCCESS, TestCommon::GetPermissionFlagByTest(tokenCommon, PERMISSION_ALL, flag));
293 EXPECT_EQ(flag, PERMISSION_DEFAULT_FLAG);
294 EXPECT_EQ(RET_SUCCESS, TestCommon::GetPermissionFlagByTest(tokenFullControl, PERMISSION_ALL, flag));
295 EXPECT_EQ(flag, PERMISSION_DEFAULT_FLAG);
296 EXPECT_EQ(RET_SUCCESS, TestCommon::GetPermissionFlagByTest(tokenFullRead, PERMISSION_ALL, flag));
297 EXPECT_EQ(flag, PERMISSION_DEFAULT_FLAG);
298
299 ret = AccessTokenKit::RevokePermission(tokenFullControl, PERMISSION_ALL, PERMISSION_USER_FIXED);
300 EXPECT_EQ(RET_SUCCESS, ret);
301
302 ret = AccessTokenKit::ClearUserGrantedPermissionState(tokenFullRead);
303 EXPECT_EQ(RET_SUCCESS, ret);
304 ret = AccessTokenKit::VerifyAccessToken(tokenCommon, PERMISSION_ALL, false);
305 EXPECT_EQ(ret, PermissionState::PERMISSION_GRANTED);
306 ret = AccessTokenKit::VerifyAccessToken(tokenFullControl, PERMISSION_ALL, false);
307 EXPECT_EQ(ret, PermissionState::PERMISSION_GRANTED);
308 ret = AccessTokenKit::VerifyAccessToken(tokenFullRead, PERMISSION_ALL, false);
309 EXPECT_EQ(ret, PermissionState::PERMISSION_GRANTED);
310
311 EXPECT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenCommon));
312 EXPECT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenFullControl));
313 EXPECT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenFullRead));
314 }
315
316 /**
317 * @tc.name: PermissionShareClearUserGrantTest002
318 * @tc.desc: .
319 * @tc.type: FUNC
320 * @tc.require:Issue Number
321 */
322 HWTEST_F(SharePermissionTest, PermissionShareClearUserGrantTest002, TestSize.Level0)
323 {
324 int ret;
325 AccessTokenID tokenCommon = AllocHapTokenId(g_infoParmsCommon, g_policyParams);
326 AccessTokenID tokenFullControl = AllocHapTokenId(g_infoParmsFullControl, g_policyParams);
327 AccessTokenID tokenFullRead = AllocHapTokenId(g_infoParmsReadOnly, g_policyParams);
328
329 // grant pre-authorization
330 ret = TestCommon::GrantPermissionByTest(tokenFullControl, PERMISSION_FULL_CONTROL, PERMISSION_USER_FIXED);
331 EXPECT_EQ(RET_SUCCESS, ret);
332 uint32_t flag;
333 EXPECT_EQ(RET_SUCCESS, TestCommon::GetPermissionFlagByTest(tokenCommon, PERMISSION_FULL_CONTROL, flag));
334 EXPECT_EQ(flag, PERMISSION_USER_FIXED);
335 EXPECT_EQ(RET_SUCCESS, TestCommon::GetPermissionFlagByTest(tokenFullControl, PERMISSION_FULL_CONTROL, flag));
336 EXPECT_EQ(flag, PERMISSION_USER_FIXED);
337 EXPECT_EQ(RET_SUCCESS, TestCommon::GetPermissionFlagByTest(tokenFullRead, PERMISSION_FULL_CONTROL, flag));
338 EXPECT_EQ(flag, PERMISSION_DEFAULT_FLAG);
339
340 ret = AccessTokenKit::RevokePermission(tokenFullControl, PERMISSION_FULL_CONTROL, PERMISSION_USER_FIXED);
341 EXPECT_EQ(RET_SUCCESS, ret);
342 EXPECT_EQ(RET_SUCCESS, TestCommon::GetPermissionFlagByTest(tokenCommon, PERMISSION_FULL_CONTROL, flag));
343 EXPECT_EQ(flag, PERMISSION_USER_FIXED);
344 EXPECT_EQ(RET_SUCCESS, TestCommon::GetPermissionFlagByTest(tokenFullControl, PERMISSION_FULL_CONTROL, flag));
345 EXPECT_EQ(flag, PERMISSION_USER_FIXED);
346 EXPECT_EQ(RET_SUCCESS, TestCommon::GetPermissionFlagByTest(tokenFullRead, PERMISSION_FULL_CONTROL, flag));
347 EXPECT_EQ(flag, PERMISSION_DEFAULT_FLAG);
348
349 ret = AccessTokenKit::ClearUserGrantedPermissionState(tokenCommon);
350 EXPECT_EQ(RET_SUCCESS, ret);
351 EXPECT_EQ(RET_SUCCESS, TestCommon::GetPermissionFlagByTest(tokenCommon, PERMISSION_FULL_CONTROL, flag));
352 EXPECT_EQ(flag, PERMISSION_DEFAULT_FLAG);
353 EXPECT_EQ(RET_SUCCESS, TestCommon::GetPermissionFlagByTest(tokenFullControl, PERMISSION_FULL_CONTROL, flag));
354 EXPECT_EQ(flag, PERMISSION_DEFAULT_FLAG);
355 EXPECT_EQ(RET_SUCCESS, TestCommon::GetPermissionFlagByTest(tokenFullRead, PERMISSION_FULL_CONTROL, flag));
356 EXPECT_EQ(flag, PERMISSION_DEFAULT_FLAG);
357 ret = AccessTokenKit::VerifyAccessToken(tokenCommon, PERMISSION_FULL_CONTROL, false);
358 EXPECT_EQ(ret, PermissionState::PERMISSION_DENIED);
359 ret = AccessTokenKit::VerifyAccessToken(tokenFullControl, PERMISSION_FULL_CONTROL, false);
360 EXPECT_EQ(ret, PermissionState::PERMISSION_DENIED);
361 ret = AccessTokenKit::VerifyAccessToken(tokenFullRead, PERMISSION_FULL_CONTROL, false);
362 EXPECT_EQ(ret, PermissionState::PERMISSION_DENIED);
363
364 EXPECT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenCommon));
365 EXPECT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenFullControl));
366 EXPECT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenFullRead));
367 }
368
369 /**
370 * @tc.name: SharePermissionTest003
371 * @tc.desc: .
372 * @tc.type: FUNC
373 * @tc.require:Issue Number
374 */
375 HWTEST_F(SharePermissionTest, PermissionShareTest03, TestSize.Level0)
376 {
377 uint64_t tokenId = GetSelfTokenID();
378 AccessTokenID tokenCommon = AllocHapTokenId(g_infoParmsCommon, g_policyParams);
379 ASSERT_EQ(0, SetSelfTokenID(tokenCommon));
380
381 int32_t ret = AccessTokenKit::VerifyAccessToken(tokenId, PERMISSION_NOT_DISPLAYED, false);
382 EXPECT_EQ(ret, PermissionState::PERMISSION_DENIED);
383
384 std::vector<PermissionListState> permsList;
385 PermissionListState perm = {
386 .permissionName = PERMISSION_NOT_DISPLAYED,
387 .state = SETTING_OPER,
388 };
389 permsList.emplace_back(perm);
390 PermissionGrantInfo info;
391 AccessTokenKit::GetSelfPermissionsState(permsList, info);
392 EXPECT_EQ(permsList[0].state, INVALID_OPER);
393
394 EXPECT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenCommon));
395 ASSERT_EQ(0, SetSelfTokenID(tokenId));
396 }
397
SetPermList(std::vector<PermissionListState> & permsList)398 static void SetPermList(std::vector<PermissionListState> &permsList)
399 {
400 PermissionListState permAll = {
401 .permissionName = PERMISSION_ALL,
402 .state = SETTING_OPER,
403 };
404 PermissionListState permFullControl = {
405 .permissionName = PERMISSION_FULL_CONTROL,
406 .state = SETTING_OPER,
407 };
408 PermissionListState permNone = {
409 .permissionName = PERMISSION_NONE,
410 .state = SETTING_OPER,
411 };
412 permsList.emplace_back(permAll);
413 permsList.emplace_back(permFullControl);
414 permsList.emplace_back(permNone);
415 }
416
417 /**
418 * @tc.name: SharePermissionTest004
419 * @tc.desc: .
420 * @tc.type: FUNC
421 * @tc.require:Issue Number
422 */
423 HWTEST_F(SharePermissionTest, PermissionShareTest004, TestSize.Level0)
424 {
425 AccessTokenID tokenCommon = AllocHapTokenId(g_infoParmsCommon, g_policyParams);
426 AccessTokenID tokenFullControl = AllocHapTokenId(g_infoParmsFullControl, g_policyParams);
427 AccessTokenID tokenFullRead = AllocHapTokenId(g_infoParmsReadOnly, g_policyParams);
428
429 std::vector<PermissionListState> permsList;
430 SetPermList(permsList);
431
432 uint64_t tokenId = GetSelfTokenID();
433 PermissionGrantInfo info;
434
435 ASSERT_EQ(0, SetSelfTokenID(tokenFullControl));
436 AccessTokenKit::GetSelfPermissionsState(permsList, info);
437 EXPECT_EQ(permsList[0].state, DYNAMIC_OPER);
438 ASSERT_EQ(0, SetSelfTokenID(tokenFullRead));
439 AccessTokenKit::GetSelfPermissionsState(permsList, info);
440 EXPECT_EQ(permsList[0].state, DYNAMIC_OPER);
441
442 ASSERT_EQ(0, SetSelfTokenID(tokenId));
443 (void)AccessTokenKit::RevokePermission(tokenCommon, PERMISSION_ALL, PERMISSION_USER_FIXED);
444
445 ASSERT_EQ(0, SetSelfTokenID(tokenFullControl));
446 AccessTokenKit::GetSelfPermissionsState(permsList, info);
447 EXPECT_EQ(permsList[0].state, SETTING_OPER);
448 ASSERT_EQ(0, SetSelfTokenID(tokenFullRead));
449 AccessTokenKit::GetSelfPermissionsState(permsList, info);
450 EXPECT_EQ(permsList[0].state, SETTING_OPER);
451
452 ASSERT_EQ(0, SetSelfTokenID(tokenId));
453 (void)AccessTokenKit::RevokePermission(tokenCommon, PERMISSION_FULL_CONTROL, PERMISSION_USER_FIXED);
454
455 ASSERT_EQ(0, SetSelfTokenID(tokenFullControl));
456 AccessTokenKit::GetSelfPermissionsState(permsList, info);
457 EXPECT_EQ(permsList[1].state, SETTING_OPER);
458 ASSERT_EQ(0, SetSelfTokenID(tokenFullRead));
459 AccessTokenKit::GetSelfPermissionsState(permsList, info);
460 EXPECT_EQ(permsList[1].state, INVALID_OPER);
461
462 ASSERT_EQ(0, SetSelfTokenID(tokenId));
463 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::RevokePermission(tokenCommon, PERMISSION_NONE, PERMISSION_USER_FIXED));
464
465 ASSERT_EQ(0, SetSelfTokenID(tokenCommon));
466 AccessTokenKit::GetSelfPermissionsState(permsList, info);
467 EXPECT_EQ(permsList[2].state, SETTING_OPER);
468 ASSERT_EQ(0, SetSelfTokenID(tokenFullControl));
469 AccessTokenKit::GetSelfPermissionsState(permsList, info);
470 EXPECT_EQ(permsList[2].state, INVALID_OPER);
471 ASSERT_EQ(0, SetSelfTokenID(tokenFullRead));
472 AccessTokenKit::GetSelfPermissionsState(permsList, info);
473 EXPECT_EQ(permsList[2].state, INVALID_OPER);
474
475 EXPECT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenCommon));
476 EXPECT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenFullControl));
477 EXPECT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenFullRead));
478 ASSERT_EQ(0, SetSelfTokenID(tokenId));
479 }
480
481 /**
482 * @tc.name: SharePermissionTest005
483 * @tc.desc: .
484 * @tc.type: FUNC
485 * @tc.require:Issue Number
486 */
487 HWTEST_F(SharePermissionTest, PermissionShareTest005, TestSize.Level0)
488 {
489 AccessTokenID tokenCommon = AllocHapTokenId(g_infoParmsCommon, g_policyParams);
490 AccessTokenID tokenFullControl = AllocHapTokenId(g_infoParmsFullControl, g_policyParams);
491 AccessTokenID tokenFullRead = AllocHapTokenId(g_infoParmsReadOnly, g_policyParams);
492
493 std::vector<PermissionListState> permsList;
494 PermissionListState permAll = {
495 .permissionName = PERMISSION_ALL,
496 .state = SETTING_OPER,
497 };
498 PermissionListState permFullControl = {
499 .permissionName = PERMISSION_FULL_CONTROL,
500 .state = SETTING_OPER,
501 };
502 permsList.emplace_back(permAll);
503 permsList.emplace_back(permFullControl);
504
505 uint64_t tokenId = GetSelfTokenID();
506
507 ASSERT_EQ(0, SetSelfTokenID(tokenCommon));
508 PermissionGrantInfo info;
509 AccessTokenKit::GetSelfPermissionsState(permsList, info);
510 EXPECT_EQ(permsList[1].state, DYNAMIC_OPER);
511 ASSERT_EQ(0, SetSelfTokenID(tokenFullControl));
512 AccessTokenKit::GetSelfPermissionsState(permsList, info);
513 EXPECT_EQ(permsList[1].state, DYNAMIC_OPER);
514 ASSERT_EQ(0, SetSelfTokenID(tokenFullRead));
515 AccessTokenKit::GetSelfPermissionsState(permsList, info);
516 EXPECT_EQ(permsList[1].state, INVALID_OPER);
517
518 ASSERT_EQ(0, SetSelfTokenID(tokenId));
519 AccessTokenKit::RevokePermission(tokenFullControl, PERMISSION_ALL, PERMISSION_USER_FIXED);
520
521 ASSERT_EQ(0, SetSelfTokenID(tokenCommon));
522 AccessTokenKit::GetSelfPermissionsState(permsList, info);
523 EXPECT_EQ(permsList[0].state, SETTING_OPER);
524 ASSERT_EQ(0, SetSelfTokenID(tokenFullControl));
525 AccessTokenKit::GetSelfPermissionsState(permsList, info);
526 EXPECT_EQ(permsList[0].state, SETTING_OPER);
527
528 ASSERT_EQ(0, SetSelfTokenID(tokenId));
529 AccessTokenKit::RevokePermission(tokenFullControl, PERMISSION_FULL_CONTROL, PERMISSION_USER_FIXED);
530
531 ASSERT_EQ(0, SetSelfTokenID(tokenCommon));
532 AccessTokenKit::GetSelfPermissionsState(permsList, info);
533 EXPECT_EQ(permsList[1].state, SETTING_OPER);
534 ASSERT_EQ(0, SetSelfTokenID(tokenFullControl));
535 AccessTokenKit::GetSelfPermissionsState(permsList, info);
536 EXPECT_EQ(permsList[1].state, SETTING_OPER);
537
538 EXPECT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenCommon));
539 EXPECT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenFullControl));
540 EXPECT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenFullRead));
541 ASSERT_EQ(0, SetSelfTokenID(tokenId));
542 }
543
544 /**
545 * @tc.name: SharePermissionTest006
546 * @tc.desc: .
547 * @tc.type: FUNC
548 * @tc.require:Issue Number
549 */
550 HWTEST_F(SharePermissionTest, PermissionShareTest006, TestSize.Level0)
551 {
552 int ret;
553 AccessTokenID tokenCommon = AllocHapTokenId(g_infoParmsCommon, g_policyParams);
554 AccessTokenID tokenFullControl = AllocHapTokenId(g_infoParmsFullControl, g_policyParams);
555 AccessTokenID tokenFullRead = AllocHapTokenId(g_infoParmsReadOnly, g_policyParams);
556
557 // revoke common app
558 ret = AccessTokenKit::RevokePermission(tokenCommon, PERMISSION_ALL, PERMISSION_USER_FIXED);
559 EXPECT_EQ(RET_SUCCESS, ret);
560 ret = AccessTokenKit::VerifyAccessToken(tokenCommon, PERMISSION_ALL, false);
561 EXPECT_EQ(ret, PermissionState::PERMISSION_DENIED);
562 ret = AccessTokenKit::VerifyAccessToken(tokenFullControl, PERMISSION_ALL, false);
563 EXPECT_EQ(ret, PermissionState::PERMISSION_DENIED);
564 ret = AccessTokenKit::VerifyAccessToken(tokenFullRead, PERMISSION_ALL, false);
565 EXPECT_EQ(ret, PermissionState::PERMISSION_DENIED);
566
567 uint32_t flag;
568 // revoke common app
569 ret = AccessTokenKit::RevokePermission(tokenCommon, PERMISSION_FULL_CONTROL, PERMISSION_USER_FIXED);
570 EXPECT_EQ(RET_SUCCESS, ret);
571 EXPECT_EQ(RET_SUCCESS, TestCommon::GetPermissionFlagByTest(tokenCommon, PERMISSION_FULL_CONTROL, flag));
572 EXPECT_EQ(flag, PERMISSION_USER_FIXED);
573 EXPECT_EQ(RET_SUCCESS, TestCommon::GetPermissionFlagByTest(tokenFullControl, PERMISSION_FULL_CONTROL, flag));
574 EXPECT_EQ(flag, PERMISSION_USER_FIXED);
575 EXPECT_EQ(RET_SUCCESS, TestCommon::GetPermissionFlagByTest(tokenFullRead, PERMISSION_FULL_CONTROL, flag));
576 EXPECT_EQ(flag, PERMISSION_DEFAULT_FLAG);
577
578 // revoke common app
579 ret = TestCommon::GrantPermissionByTest(tokenCommon, PERMISSION_NONE, PERMISSION_USER_FIXED);
580 EXPECT_EQ(RET_SUCCESS, ret);
581 EXPECT_EQ(RET_SUCCESS, TestCommon::GetPermissionFlagByTest(tokenCommon, PERMISSION_NONE, flag));
582 EXPECT_EQ(flag, PERMISSION_USER_FIXED);
583 EXPECT_EQ(RET_SUCCESS, TestCommon::GetPermissionFlagByTest(tokenFullControl, PERMISSION_NONE, flag));
584 EXPECT_EQ(flag, PERMISSION_DEFAULT_FLAG);
585 EXPECT_EQ(RET_SUCCESS, TestCommon::GetPermissionFlagByTest(tokenFullRead, PERMISSION_NONE, flag));
586 EXPECT_EQ(flag, PERMISSION_DEFAULT_FLAG);
587
588 EXPECT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenCommon));
589 EXPECT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenFullControl));
590 EXPECT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenFullRead));
591 }
592
593 /**
594 * @tc.name: SharePermissionTest007
595 * @tc.desc: .
596 * @tc.type: FUNC
597 * @tc.require:Issue Number
598 */
599 HWTEST_F(SharePermissionTest, PermissionShareTest007, TestSize.Level0)
600 {
601 int ret;
602 uint32_t flag;
603 AccessTokenID tokenCommon = AllocHapTokenId(g_infoParmsCommon, g_policyParams);
604 AccessTokenID tokenFullControl = AllocHapTokenId(g_infoParmsFullControl, g_policyParams);
605 AccessTokenID tokenFullRead = AllocHapTokenId(g_infoParmsReadOnly, g_policyParams);
606
607 // revoke full control app
608 ret = AccessTokenKit::RevokePermission(tokenFullControl, PERMISSION_ALL, PERMISSION_USER_SET);
609 EXPECT_EQ(RET_SUCCESS, ret);
610 EXPECT_EQ(RET_SUCCESS, TestCommon::GetPermissionFlagByTest(tokenCommon, PERMISSION_ALL, flag));
611 EXPECT_EQ(flag, PERMISSION_USER_SET);
612 EXPECT_EQ(RET_SUCCESS, TestCommon::GetPermissionFlagByTest(tokenFullControl, PERMISSION_ALL, flag));
613 EXPECT_EQ(flag, PERMISSION_USER_SET);
614 EXPECT_EQ(RET_SUCCESS, TestCommon::GetPermissionFlagByTest(tokenFullRead, PERMISSION_ALL, flag));
615 EXPECT_EQ(flag, PERMISSION_USER_SET);
616
617 // revoke full control app
618 ret = TestCommon::RevokePermissionByTest(tokenFullControl, PERMISSION_FULL_CONTROL, PERMISSION_USER_FIXED);
619 EXPECT_EQ(RET_SUCCESS, ret);
620 EXPECT_EQ(RET_SUCCESS, TestCommon::GetPermissionFlagByTest(tokenCommon, PERMISSION_FULL_CONTROL, flag));
621 EXPECT_EQ(flag, PERMISSION_USER_FIXED);
622 EXPECT_EQ(RET_SUCCESS, TestCommon::GetPermissionFlagByTest(tokenFullControl, PERMISSION_FULL_CONTROL, flag));
623 EXPECT_EQ(flag, PERMISSION_USER_FIXED);
624 EXPECT_EQ(RET_SUCCESS, TestCommon::GetPermissionFlagByTest(tokenFullRead, PERMISSION_FULL_CONTROL, flag));
625 EXPECT_EQ(flag, PERMISSION_DEFAULT_FLAG);
626
627 EXPECT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenCommon));
628 EXPECT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenFullControl));
629 EXPECT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenFullRead));
630 }