1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "get_permissions_status_test.h"
17 #include "gtest/gtest.h"
18 #include <thread>
19 #include <unistd.h>
20
21 #include "access_token.h"
22 #include "access_token_error.h"
23 #include "accesstoken_common_log.h"
24 #include "iaccess_token_manager.h"
25 #include "permission_grant_info.h"
26 #include "permission_state_change_info_parcel.h"
27 #include "string_ex.h"
28 #include "test_common.h"
29 #include "tokenid_kit.h"
30 #include "token_setproc.h"
31
32 using namespace testing::ext;
33 namespace OHOS {
34 namespace Security {
35 namespace AccessToken {
36 namespace {
37 static uint64_t g_selfTokenId = 0;
38 static const std::string TEST_BUNDLE_NAME = "ohos";
39 static const int TEST_USER_ID = 0;
40 static constexpr int32_t DEFAULT_API_VERSION = 8;
41 static constexpr int32_t TOKENID_NOT_EXIST = 123;
42 static MockHapToken* g_mock = nullptr;
43 };
44
SetUpTestCase()45 void GetPermissionsStatusTest::SetUpTestCase()
46 {
47 g_selfTokenId = GetSelfTokenID();
48 TestCommon::SetTestEvironment(g_selfTokenId);
49 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
50 AccessTokenID tokenId = tokenIdEx.tokenIdExStruct.tokenID;
51 if (tokenId != INVALID_TOKENID) {
52 EXPECT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenId));
53 }
54 std::vector<std::string> reqPerm;
55 reqPerm.emplace_back("ohos.permission.GET_SENSITIVE_PERMISSIONS");
56 reqPerm.emplace_back("ohos.permission.DISABLE_PERMISSION_DIALOG");
57 g_mock = new (std::nothrow) MockHapToken("GetPermissionsStatusTest", reqPerm, true);
58 }
59
TearDownTestCase()60 void GetPermissionsStatusTest::TearDownTestCase()
61 {
62 // clean up test cases
63 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
64 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
65 if (tokenID != INVALID_TOKENID) {
66 EXPECT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenID));
67 }
68 if (g_mock != nullptr) {
69 delete g_mock;
70 g_mock = nullptr;
71 }
72 SetSelfTokenID(g_selfTokenId);
73 TestCommon::ResetTestEvironment();
74 }
75
PreparePermStateList1(HapPolicyParams & policy)76 void PreparePermStateList1(HapPolicyParams &policy)
77 {
78 PermissionStateFull permTestState1 = {
79 .permissionName = "ohos.permission.LOCATION",
80 .isGeneral = true,
81 .resDeviceID = {"local"},
82 .grantStatus = {PermissionState::PERMISSION_DENIED},
83 .grantFlags = {PermissionFlag::PERMISSION_DEFAULT_FLAG},
84 };
85 PermissionStateFull permTestState2 = {
86 .permissionName = "ohos.permission.WRITE_CALENDAR",
87 .isGeneral = true,
88 .resDeviceID = {"local"},
89 .grantStatus = {PermissionState::PERMISSION_DENIED},
90 .grantFlags = {PermissionFlag::PERMISSION_USER_FIXED}
91 };
92 PermissionStateFull permTestState3 = {
93 .permissionName = "ohos.permission.GET_SENSITIVE_PERMISSIONS",
94 .isGeneral = true,
95 .resDeviceID = {"local"},
96 .grantStatus = {PermissionState::PERMISSION_GRANTED},
97 .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED}
98 };
99 PermissionStateFull permTestState4 = {
100 .permissionName = "ohos.permission.DISABLE_PERMISSION_DIALOG",
101 .isGeneral = true,
102 .resDeviceID = {"local"},
103 .grantStatus = {PermissionState::PERMISSION_GRANTED},
104 .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED}
105 };
106 policy.permStateList.emplace_back(permTestState1);
107 policy.permStateList.emplace_back(permTestState2);
108 policy.permStateList.emplace_back(permTestState3);
109 policy.permStateList.emplace_back(permTestState4);
110
111 policy.aclRequestedList.emplace_back(permTestState3.permissionName);
112 policy.aclRequestedList.emplace_back(permTestState4.permissionName);
113 }
114
SetUp()115 void GetPermissionsStatusTest::SetUp()
116 {
117 HapInfoParams info = {
118 .userID = TEST_USER_ID,
119 .bundleName = TEST_BUNDLE_NAME,
120 .instIndex = 0,
121 .appIDDesc = "appIDDesc",
122 .apiVersion = DEFAULT_API_VERSION,
123 .isSystemApp = true
124 };
125
126 HapPolicyParams policy = {
127 .apl = APL_NORMAL,
128 .domain = "domain"
129 };
130 PreparePermStateList1(policy);
131 AccessTokenIDEx tokenIdEx = {0};
132 EXPECT_EQ(RET_SUCCESS, TestCommon::AllocTestHapToken(info, policy, tokenIdEx));
133 EXPECT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx);
134 }
135
TearDown()136 void GetPermissionsStatusTest::TearDown()
137 {
138 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
139 AccessTokenID tokenId = tokenIdEx.tokenIdExStruct.tokenID;
140 if (tokenId != INVALID_TOKENID) {
141 EXPECT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenId));
142 }
143 }
144
145 /**
146 * @tc.name: GetPermissionsStatusFuncTest001
147 * @tc.desc: get different permissions status
148 * @tc.type: FUNC
149 * @tc.require:
150 */
151 HWTEST_F(GetPermissionsStatusTest, GetPermissionsStatusFuncTest001, TestSize.Level0)
152 {
153 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
154 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
155 ASSERT_NE(INVALID_TOKENID, tokenID);
156
157 std::vector<PermissionListState> permsList;
158 PermissionListState tmpA = {
159 .permissionName = "ohos.permission.LOCATION",
160 .state = SETTING_OPER
161 };
162 PermissionListState tmpB = {
163 .permissionName = "ohos.permission.WRITE_CALENDAR",
164 .state = SETTING_OPER
165 };
166 PermissionListState tmpC = {
167 .permissionName = "ohos.permission.BETA",
168 .state = SETTING_OPER
169 };
170 PermissionListState tmpD = {
171 .permissionName = "ohos.permission.xxx",
172 .state = SETTING_OPER
173 };
174 PermissionListState tmpE = {
175 .permissionName = "ohos.permission.CAMERA",
176 .state = SETTING_OPER
177 };
178
179 permsList.emplace_back(tmpA);
180 permsList.emplace_back(tmpB);
181 permsList.emplace_back(tmpC);
182 permsList.emplace_back(tmpD);
183 permsList.emplace_back(tmpE);
184 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetPermissionsStatus(tokenID, permsList));
185 EXPECT_EQ(DYNAMIC_OPER, permsList[0].state);
186 EXPECT_EQ(DYNAMIC_OPER, permsList[1].state);
187 EXPECT_EQ(INVALID_OPER, permsList[2].state);
188 EXPECT_EQ(INVALID_OPER, permsList[3].state);
189 EXPECT_EQ(INVALID_OPER, permsList[4].state);
190 }
191
192 /**
193 * @tc.name: GetPermissionsStatusFuncTest002
194 * @tc.desc: get different permissions status after set perm dialog cap
195 * @tc.type: FUNC
196 * @tc.require:
197 */
198 HWTEST_F(GetPermissionsStatusTest, GetPermissionsStatusFuncTest002, TestSize.Level0)
199 {
200 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
201 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
202 ASSERT_NE(INVALID_TOKENID, tokenID);
203
204 std::vector<PermissionListState> permsList;
205 PermissionListState tmpA = {
206 .permissionName = "ohos.permission.LOCATION",
207 .state = SETTING_OPER
208 };
209 PermissionListState tmpB = {
210 .permissionName = "ohos.permission.WRITE_CALENDAR",
211 .state = SETTING_OPER
212 };
213 PermissionListState tmpC = {
214 .permissionName = "ohos.permission.BETA",
215 .state = SETTING_OPER
216 };
217 PermissionListState tmpD = {
218 .permissionName = "ohos.permission.xxx",
219 .state = SETTING_OPER
220 };
221 PermissionListState tmpE = {
222 .permissionName = "ohos.permission.CAMERA",
223 .state = SETTING_OPER
224 };
225
226 permsList.emplace_back(tmpA);
227 permsList.emplace_back(tmpB);
228 permsList.emplace_back(tmpC);
229 permsList.emplace_back(tmpD);
230 permsList.emplace_back(tmpE);
231
232 HapBaseInfo hapBaseInfo = {
233 .userID = TEST_USER_ID,
234 .bundleName = TEST_BUNDLE_NAME,
235 .instIndex = 0
236 };
237 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::SetPermDialogCap(hapBaseInfo, true));
238 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetPermissionsStatus(tokenID, permsList));
239 EXPECT_EQ(FORBIDDEN_OPER, permsList[0].state);
240 EXPECT_EQ(FORBIDDEN_OPER, permsList[1].state);
241 EXPECT_EQ(INVALID_OPER, permsList[2].state);
242 EXPECT_EQ(INVALID_OPER, permsList[3].state);
243 EXPECT_EQ(INVALID_OPER, permsList[4].state);
244 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::SetPermDialogCap(hapBaseInfo, false));
245 }
246
247 /**
248 * @tc.name: GetPermissionsStatusAbnormalTest001
249 * @tc.desc: invalid input param: tokenID is 0 or permissionList is empty
250 * @tc.type: FUNC
251 * @tc.require:
252 */
253 HWTEST_F(GetPermissionsStatusTest, GetPermissionsStatusAbnormalTest001, TestSize.Level0)
254 {
255 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
256 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
257 ASSERT_NE(INVALID_TOKENID, tokenID);
258
259 std::vector<PermissionListState> permsList;
260 EXPECT_EQ(ERR_PARAM_INVALID, AccessTokenKit::GetPermissionsStatus(tokenID, permsList));
261 PermissionListState tmpA = {
262 .permissionName = "ohos.permission.testPermDef1",
263 .state = SETTING_OPER
264 };
265 permsList.emplace_back(tmpA);
266
267 EXPECT_EQ(ERR_PARAM_INVALID, AccessTokenKit::GetPermissionsStatus(0, permsList));
268 EXPECT_EQ(SETTING_OPER, permsList[0].state);
269 }
270
271 /**
272 * @tc.name: GetPermissionsStatusAbnormalTest002
273 * @tc.desc: tokenID not exit
274 * @tc.type: FUNC
275 * @tc.require:
276 */
277 HWTEST_F(GetPermissionsStatusTest, GetPermissionsStatusAbnormalTest002, TestSize.Level0)
278 {
279 std::vector<PermissionListState> permsList;
280 PermissionListState tmpA = {
281 .permissionName = "ohos.permission.testPermDef1",
282 .state = SETTING_OPER
283 };
284 permsList.emplace_back(tmpA);
285
286 EXPECT_EQ(ERR_TOKENID_NOT_EXIST, AccessTokenKit::GetPermissionsStatus(TOKENID_NOT_EXIST, permsList));
287 EXPECT_EQ(SETTING_OPER, permsList[0].state);
288 }
289
290 /**
291 * @tc.name: GetPermissionsStatusAbnormalTest003
292 * @tc.desc: callling without permission
293 * @tc.type: FUNC
294 * @tc.require:
295 */
296 HWTEST_F(GetPermissionsStatusTest, GetPermissionsStatusAbnormalTest003, TestSize.Level0)
297 {
298 std::vector<std::string> reqPerm;
299 MockHapToken mock("GetPermissionsStatusAbnormalTest003", reqPerm, true);
300
301 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
302 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
303 ASSERT_NE(INVALID_TOKENID, tokenID);
304
305 std::vector<PermissionListState> permsList;
306 PermissionListState tmpA = {
307 .permissionName = "ohos.permission.testPermDef1",
308 .state = SETTING_OPER
309 };
310
311 permsList.emplace_back(tmpA);
312 int32_t selfUid = getuid();
313 setuid(10001); // 10001: UID
314
315 EXPECT_EQ(ERR_PERMISSION_DENIED, AccessTokenKit::GetPermissionsStatus(tokenID, permsList));
316 EXPECT_EQ(SETTING_OPER, permsList[0].state);
317 setuid(selfUid);
318 }
319
320 /**
321 * @tc.name: GetPermissionsStatusSpecTest001
322 * @tc.desc: callling is normal hap
323 * @tc.type: FUNC
324 * @tc.require:
325 */
326 HWTEST_F(GetPermissionsStatusTest, GetPermissionsStatusSpecTest001, TestSize.Level0)
327 {
328 std::vector<std::string> reqPerm;
329 reqPerm.emplace_back("ohos.permission.GET_SENSITIVE_PERMISSIONS");
330 MockHapToken mock("GetPermissionsStatusSpecTest001", reqPerm, false);
331
332 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
333 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
334 ASSERT_NE(INVALID_TOKENID, tokenID);
335
336 std::vector<PermissionListState> permsList;
337 PermissionListState tmpA = {
338 .permissionName = "ohos.permission.testPermDef1",
339 .state = SETTING_OPER
340 };
341
342 permsList.emplace_back(tmpA);
343
344 EXPECT_EQ(ERR_NOT_SYSTEM_APP, AccessTokenKit::GetPermissionsStatus(tokenID, permsList));
345 EXPECT_EQ(SETTING_OPER, permsList[0].state);
346 }
347
348 /**
349 * @tc.name: GetPermissionsStatusSpecTest002
350 * @tc.desc: callling is native SA
351 * @tc.type: FUNC
352 * @tc.require:
353 */
354 HWTEST_F(GetPermissionsStatusTest, GetPermissionsStatusSpecTest002, TestSize.Level0)
355 {
356 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
357 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
358 ASSERT_NE(INVALID_TOKENID, tokenID);
359
360 std::vector<PermissionListState> permsList;
361 PermissionListState tmpA = {
362 .permissionName = "ohos.permission.LOCATION",
363 .state = SETTING_OPER
364 };
365
366 permsList.emplace_back(tmpA);
367
368 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::GetPermissionsStatus(tokenID, permsList));
369 EXPECT_EQ(DYNAMIC_OPER, permsList[0].state);
370 }
371 } // namespace AccessToken
372 } // namespace Security
373 } // namespace OHOS