1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "init_hap_token_test.h"
17 #include "gtest/gtest.h"
18 #include <thread>
19
20 #include "access_token.h"
21 #include "access_token_error.h"
22 #include "accesstoken_common_log.h"
23 #include "iaccess_token_manager.h"
24 #include "nativetoken_kit.h"
25 #include "parameter.h"
26 #include "parameters.h"
27 #include "permission_grant_info.h"
28 #include "permission_state_change_info_parcel.h"
29 #include "string_ex.h"
30 #include "test_common.h"
31 #include "tokenid_kit.h"
32 #include "token_setproc.h"
33
34 using namespace testing::ext;
35 namespace OHOS {
36 namespace Security {
37 namespace AccessToken {
38 namespace {
39 static const char* ENTERPRISE_NORMAL_CHECK = "accesstoken.enterprise_normal_check";
40 static constexpr uint32_t NUMBER_ONE = 1;
41 static constexpr uint32_t NUMBER_TWO = 2;
42 static constexpr uint32_t NUMBER_THREE = 3;
43 static uint64_t g_selfTokenId = 0;
44 static constexpr int32_t THIRTY_TIME_CYCLES = 30;
45 static constexpr int32_t MAX_EXTENDED_MAP_SIZE = 512;
46 static constexpr int32_t MAX_VALUE_LENGTH = 1024;
47 const std::string APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM = "enterprise_mdm";
48 const std::string APP_DISTRIBUTION_TYPE_ENTERPRISE_NORMAL = "enterprise_normal";
49 const std::string APP_DISTRIBUTION_TYPE_NONE = "none";
50 const std::string OVER_SIZE_STR =
51 "AAANSUhEUgAAABUAAAAXCAIAAABrvZPKAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAEXRFWHRTb2Z0d2FyZQBTbmlwYXN0ZV0Xzt0A"
52 "FBSURBVDiN7ZQ/S8NQFMVPxU/QCx06GBzrkqUZ42rBbHWUBDqYxSnUoTxXydCSycVsgltfBiFDR8HNdHGxY4nQQAPvMzwHsWn+KM"
53 "vj3He5vIaUEjV0UAfe85X83KMBT7N75JEXVdSlfEAVfPRyZ5yfIrBoUkVlMU82Hkp8wu9ddt1vFew4sIiIiKwgzcXIvN7GTZOvpZ"
54 "D3I1NZvmdCXz+XOv5wJANKHOVYjRTAghxIyh0FHKb+0QQH5+kXf2zkYGAG0oFr5RfnK8DAGkwY19wliRT2L448vjv0YGQFVa8VKd";
55
56 PermissionStateFull g_infoManagerManageHapState = {
57 .permissionName = "ohos.permission.MANAGE_HAP_TOKENID",
58 .isGeneral = true,
59 .resDeviceID = {"test_device"},
60 .grantStatus = {PermissionState::PERMISSION_GRANTED},
61 .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED}
62 };
63
64 PermissionStateFull g_infoManagerCameraState = {
65 .permissionName = "ohos.permission.CAMERA",
66 .isGeneral = true,
67 .resDeviceID = {"local2"},
68 .grantStatus = {PermissionState::PERMISSION_DENIED},
69 .grantFlags = {0}
70 };
71
72 PermissionStateFull g_infoManagerMicrophoneState = {
73 .permissionName = "ohos.permission.MICROPHONE",
74 .isGeneral = true,
75 .resDeviceID = {"local2"},
76 .grantStatus = {PermissionState::PERMISSION_DENIED},
77 .grantFlags = {0}
78 };
79
80 PermissionStateFull g_infoManagerCertState = {
81 .permissionName = "ohos.permission.ACCESS_CERT_MANAGER",
82 .isGeneral = true,
83 .resDeviceID = {"local3"},
84 .grantStatus = {PermissionState::PERMISSION_DENIED},
85 .grantFlags = {0}
86 };
87
88 HapInfoParams g_testHapInfoParams = {
89 .userID = 0,
90 .bundleName = "InitHapTokenTest",
91 .instIndex = 0,
92 .appIDDesc = "InitHapTokenTest",
93 .apiVersion = TestCommon::DEFAULT_API_VERSION,
94 .isSystemApp = false,
95 .appDistributionType = ""
96 };
97
98 HapPolicyParams g_testPolicyParams = {
99 .apl = APL_SYSTEM_CORE,
100 .domain = "test_domain",
101 .permStateList = { g_infoManagerManageHapState },
102 .aclRequestedList = {},
103 .preAuthorizationInfo = {}
104 };
105 static MockNativeToken* g_mock;
106 };
107
SetUpTestCase()108 void InitHapTokenTest::SetUpTestCase()
109 {
110 g_selfTokenId = GetSelfTokenID();
111 TestCommon::SetTestEvironment(g_selfTokenId);
112
113 // native process with MANAGER_HAP_ID
114 g_mock = new (std::nothrow) MockNativeToken("foundation");
115 }
116
TearDownTestCase()117 void InitHapTokenTest::TearDownTestCase()
118 {
119 if (g_mock != nullptr) {
120 delete g_mock;
121 g_mock = nullptr;
122 }
123 EXPECT_EQ(0, SetSelfTokenID(g_selfTokenId));
124 TestCommon::ResetTestEvironment();
125 }
126
SetUp()127 void InitHapTokenTest::SetUp()
128 {
129 LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok.");
130 }
131
TearDown()132 void InitHapTokenTest::TearDown()
133 {
134 }
135
136 /**
137 * @tc.name: InitHapTokenFuncTest001
138 * @tc.desc: Install normal applications(isSystemApp = false).
139 * @tc.type: FUNC
140 * @tc.require:
141 */
142 HWTEST_F(InitHapTokenTest, InitHapTokenFuncTest001, TestSize.Level0)
143 {
144 LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenFuncTest001");
145 MockNativeToken mock("foundation");
146
147 HapInfoParams infoParams;
148 HapPolicyParams policyParams;
149 TestCommon::GetHapParams(infoParams, policyParams);
150 infoParams.isSystemApp = false;
151 AccessTokenIDEx fullTokenId;
152 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
153 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
154 ASSERT_NE(INVALID_TOKENID, tokenID);
155
156 ASSERT_FALSE(AccessTokenKit::IsSystemAppByFullTokenID(fullTokenId.tokenIDEx));
157
158 HapTokenInfo hapInfo;
159 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetHapTokenInfo(tokenID, hapInfo));
160 EXPECT_EQ(infoParams.userID, hapInfo.userID);
161 EXPECT_EQ(infoParams.bundleName, hapInfo.bundleName);
162 EXPECT_EQ(infoParams.apiVersion, hapInfo.apiVersion);
163 EXPECT_EQ(infoParams.instIndex, hapInfo.instIndex);
164 EXPECT_EQ(tokenID, hapInfo.tokenID);
165
166 HapTokenInfoExt hapInfoExt;
167 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetHapTokenInfoExtension(tokenID, hapInfoExt));
168 EXPECT_EQ(infoParams.appIDDesc, hapInfoExt.appID);
169
170 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
171 }
172
173 /**
174 * @tc.name: InitHapTokenFuncTest002
175 * @tc.desc: Install systrem applications(isSystemApp = true).
176 * @tc.type: FUNC
177 * @tc.require:
178 */
179 HWTEST_F(InitHapTokenTest, InitHapTokenFuncTest002, TestSize.Level0)
180 {
181 LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenFuncTest002");
182 MockNativeToken mock("foundation");
183
184 HapInfoParams infoParams;
185 HapPolicyParams policyParams;
186 TestCommon::GetHapParams(infoParams, policyParams);
187 infoParams.isSystemApp = true;
188 AccessTokenIDEx fullTokenId;
189 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
190 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
191 ASSERT_NE(INVALID_TOKENID, tokenID);
192
193 ASSERT_TRUE(AccessTokenKit::IsSystemAppByFullTokenID(fullTokenId.tokenIDEx));
194
195 HapTokenInfo hapInfo;
196 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetHapTokenInfo(tokenID, hapInfo));
197 EXPECT_EQ(infoParams.userID, hapInfo.userID);
198 EXPECT_EQ(infoParams.bundleName, hapInfo.bundleName);
199 EXPECT_EQ(infoParams.apiVersion, hapInfo.apiVersion);
200 EXPECT_EQ(infoParams.instIndex, hapInfo.instIndex);
201 EXPECT_EQ(tokenID, hapInfo.tokenID);
202
203 HapTokenInfoExt hapInfoExt;
204 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetHapTokenInfoExtension(tokenID, hapInfoExt));
205 EXPECT_EQ(infoParams.appIDDesc, hapInfoExt.appID);
206
207 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
208 }
209
210 /**
211 * @tc.name: InitHapTokenFuncTest003
212 * @tc.desc: Test the isGeneral field in the permission authorization list(isGeneral is false or true).
213 * @tc.type: FUNC
214 * @tc.require:
215 */
216 HWTEST_F(InitHapTokenTest, InitHapTokenFuncTest003, TestSize.Level0)
217 {
218 LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenFuncTest003");
219 MockNativeToken mock("foundation");
220
221 HapInfoParams infoParams;
222 HapPolicyParams policyParams;
223 TestCommon::GetHapParams(infoParams, policyParams);
224 policyParams.apl = APL_SYSTEM_CORE;
225
226 PermissionStateFull permissionStateFull001 = {
227 .permissionName = "ohos.permission.ACCESS_CERT_MANAGER",
228 .isGeneral = false,
229 .resDeviceID = {"local"},
230 .grantStatus = {PERMISSION_GRANTED},
231 .grantFlags = {PERMISSION_SYSTEM_FIXED}
232 };
233
234 PermissionStateFull permissionStateFull002 = {
235 .permissionName = "ohos.permission.ACCESS_CERT_MANAGER_INTERNAL",
236 .isGeneral = true,
237 .resDeviceID = {"local"},
238 .grantStatus = {PERMISSION_GRANTED},
239 .grantFlags = {PERMISSION_SYSTEM_FIXED}
240 };
241 policyParams.permStateList = {permissionStateFull001, permissionStateFull002};
242 AccessTokenIDEx fullTokenId;
243 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
244 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
245 ASSERT_NE(INVALID_TOKENID, tokenID);
246
247 EXPECT_EQ(PERMISSION_GRANTED,
248 AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_CERT_MANAGER"));
249 EXPECT_EQ(PERMISSION_GRANTED,
250 AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_CERT_MANAGER_INTERNAL"));
251
252 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
253 }
254
255 /**
256 * @tc.name: InitHapTokenFuncTest004
257 * @tc.desc:Init a tokenId successfully, delete it successfully the first time and fail to delete it again.
258 * @tc.type: FUNC
259 * @tc.require: Issue Number
260 */
261 HWTEST_F(InitHapTokenTest, InitHapTokenFuncTest004, TestSize.Level0)
262 {
263 LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenFuncTest004");
264 MockNativeToken mock("foundation");
265
266 AccessTokenIDEx fullTokenId;
267 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullTokenId));
268 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
269 ASSERT_NE(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
270 }
271
272 #ifdef SUPPORT_SANDBOX_APP
273 /**
274 * @tc.name: InitHapTokenFuncTest005
275 * @tc.desc: InitHapToken with dlp type.
276 * @tc.type: FUNC
277 * @tc.require: Issue Number
278 */
279 HWTEST_F(InitHapTokenTest, InitHapTokenFuncTest005, TestSize.Level0)
280 {
281 LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenFuncTest005");
282 MockNativeToken mock("foundation");
283
284 HapInfoParams infoParams;
285 HapPolicyParams policyParams;
286 TestCommon::GetHapParams(infoParams, policyParams);
287 policyParams.apl = APL_SYSTEM_BASIC;
288 policyParams.permStateList = { g_infoManagerCameraState, g_infoManagerMicrophoneState, g_infoManagerCertState };
289
290 AccessTokenIDEx fullTokenId;
291 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
292
293 HapInfoParams infoParams1 = infoParams;
294 infoParams1.dlpType = DLP_FULL_CONTROL;
295 infoParams1.instIndex++;
296 AccessTokenIDEx dlpFullTokenId1;
297 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams1, policyParams, dlpFullTokenId1));
298
299 int32_t res = AccessTokenKit::VerifyAccessToken(
300 dlpFullTokenId1.tokenIdExStruct.tokenID, g_infoManagerCameraState.permissionName);
301 EXPECT_EQ(res, PERMISSION_DENIED);
302
303 (void)AccessTokenKit::GrantPermission(
304 fullTokenId.tokenIdExStruct.tokenID, g_infoManagerCameraState.permissionName, PERMISSION_USER_SET);
305 (void)AccessTokenKit::RevokePermission(
306 fullTokenId.tokenIdExStruct.tokenID, g_infoManagerMicrophoneState.permissionName, PERMISSION_USER_SET);
307
308 infoParams1.instIndex++;
309 AccessTokenIDEx dlpFullTokenId2;
310 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams1, policyParams, dlpFullTokenId2));
311 res = AccessTokenKit::VerifyAccessToken(
312 dlpFullTokenId2.tokenIdExStruct.tokenID, g_infoManagerCameraState.permissionName);
313 EXPECT_EQ(res, PERMISSION_GRANTED);
314 res = AccessTokenKit::VerifyAccessToken(
315 dlpFullTokenId1.tokenIdExStruct.tokenID, g_infoManagerCameraState.permissionName);
316 EXPECT_EQ(res, PERMISSION_GRANTED);
317
318 std::vector<PermissionStateFull> permStatList1;
319 res = AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, permStatList1, false);
320 ASSERT_EQ(RET_SUCCESS, res);
321 std::vector<PermissionStateFull> permStatList2;
322 res = AccessTokenKit::GetReqPermissions(dlpFullTokenId2.tokenIdExStruct.tokenID, permStatList2, false);
323 ASSERT_EQ(permStatList2.size(), permStatList1.size());
324 EXPECT_EQ("ohos.permission.CAMERA", permStatList2[0].permissionName);
325 EXPECT_EQ(permStatList2[0].grantStatus[0], PERMISSION_GRANTED);
326 EXPECT_EQ(permStatList2[0].grantFlags[0], PERMISSION_USER_SET);
327 EXPECT_EQ("ohos.permission.MICROPHONE", permStatList2[1].permissionName);
328 EXPECT_EQ(permStatList2[1].grantStatus[0], PERMISSION_DENIED);
329 EXPECT_EQ(permStatList2[1].grantFlags[0], PERMISSION_USER_SET);
330 ASSERT_EQ(RET_SUCCESS, res);
331
332 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
333 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(dlpFullTokenId1.tokenIdExStruct.tokenID));
334 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(dlpFullTokenId2.tokenIdExStruct.tokenID));
335 }
336 #endif
337
338 /**
339 * @tc.name: InitHapTokenFuncTest006
340 * @tc.desc: Install normal app success with input param result
341 * @tc.type: FUNC
342 * @tc.require:
343 */
344 HWTEST_F(InitHapTokenTest, InitHapTokenFuncTest006, TestSize.Level0)
345 {
346 LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenFuncTest006");
347 MockNativeToken mock("foundation");
348
349 HapInfoParams infoParams;
350 HapPolicyParams policyParams;
351 TestCommon::GetHapParams(infoParams, policyParams);
352 infoParams.isSystemApp = false;
353 AccessTokenIDEx fullTokenId;
354 HapInfoCheckResult result;
355 result.permCheckResult.permissionName = "test"; // invalid Name
356 result.permCheckResult.rule = static_cast<PermissionRulesEnum>(-1); // invalid reasan
357 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId, result));
358 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
359 ASSERT_NE(INVALID_TOKENID, tokenID);
360 ASSERT_EQ(result.permCheckResult.permissionName, "test");
361 ASSERT_EQ(result.permCheckResult.rule, -1);
362
363 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
364 }
365
366 /**
367 * @tc.name: InitHapTokenFuncTest007
368 * @tc.desc: Install normal app ignore acl check.
369 * @tc.type: FUNC
370 * @tc.require:
371 */
372 HWTEST_F(InitHapTokenTest, InitHapTokenFuncTest007, TestSize.Level0)
373 {
374 LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenFuncTest007");
375 MockNativeToken mock("foundation");
376
377 HapInfoParams infoParams;
378 HapPolicyParams policyParams;
379 TestCommon::GetHapParams(infoParams, policyParams);
380 PermissionStateFull permStatDump = {
381 .permissionName = "ohos.permission.DUMP",
382 .isGeneral = true,
383 .resDeviceID = {"device3"},
384 .grantStatus = {PermissionState::PERMISSION_DENIED},
385 .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED}
386 };
387 policyParams.permStateList.emplace_back(permStatDump);
388
389 // init fail, acl check fail
390 AccessTokenIDEx fullTokenId;
391 ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
392
393 policyParams.checkIgnore = HapPolicyCheckIgnore::ACL_IGNORE_CHECK;
394 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
395 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
396 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
397 }
398
399 /**
400 * @tc.name: InitHapTokenFuncTest008
401 * @tc.desc: Install atomic app success
402 * @tc.type: FUNC
403 * @tc.require:
404 */
405 HWTEST_F(InitHapTokenTest, InitHapTokenFuncTest008, TestSize.Level0)
406 {
407 LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenFuncTest008");
408 MockNativeToken mock("foundation");
409
410 HapInfoParams infoParams;
411 HapPolicyParams policyParams;
412 TestCommon::GetHapParams(infoParams, policyParams);
413 infoParams.isSystemApp = false;
414 infoParams.isAtomicService = true;
415 infoParams.bundleName = "install.atomic.service.test";
416 AccessTokenIDEx fullTokenId;
417 HapInfoCheckResult result;
418 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId, result));
419 ASSERT_TRUE(AccessTokenKit::IsAtomicServiceByFullTokenID(static_cast<uint64_t>(fullTokenId.tokenIDEx)));
420
421 AccessTokenIDEx tokenIDEx = AccessTokenKit::GetHapTokenIDEx(
422 infoParams.userID, infoParams.bundleName, infoParams.instIndex);
423 ASSERT_TRUE(AccessTokenKit::IsAtomicServiceByFullTokenID(static_cast<uint64_t>(tokenIDEx.tokenIDEx)));
424 EXPECT_EQ(tokenIDEx.tokenIDEx, fullTokenId.tokenIDEx);
425
426 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
427 HapTokenInfo hapTokenInfoRes;
428 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes));
429 EXPECT_EQ(NUMBER_TWO, hapTokenInfoRes.tokenAttr);
430
431 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
432 }
433
434 /**
435 * @tc.name: InitHapTokenFuncTest009
436 * @tc.desc: Install the system service app and update it as a atomic service
437 * @tc.type: FUNC
438 * @tc.require:
439 */
440 HWTEST_F(InitHapTokenTest, InitHapTokenFuncTest009, TestSize.Level0)
441 {
442 LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenFuncTest009");
443 MockNativeToken mock("foundation");
444
445 HapInfoParams infoParams;
446 HapPolicyParams policyParams;
447 TestCommon::GetHapParams(infoParams, policyParams);
448 infoParams.isSystemApp = true;
449 infoParams.bundleName = "update.atomic.service.test";
450 AccessTokenIDEx fullTokenId;
451 HapInfoCheckResult result;
452 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId, result));
453 ASSERT_TRUE(AccessTokenKit::IsSystemAppByFullTokenID(static_cast<uint64_t>(fullTokenId.tokenIDEx)));
454 ASSERT_FALSE(AccessTokenKit::IsAtomicServiceByFullTokenID(static_cast<uint64_t>(fullTokenId.tokenIDEx)));
455
456 UpdateHapInfoParams info;
457 info.appIDDesc = infoParams.appIDDesc;
458 info.apiVersion = infoParams.apiVersion;
459 info.isSystemApp = infoParams.isSystemApp;
460 info.appDistributionType = infoParams.appDistributionType;
461 info.isAtomicService = true;
462 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, info, policyParams));
463 ASSERT_TRUE(AccessTokenKit::IsSystemAppByFullTokenID(static_cast<uint64_t>(fullTokenId.tokenIDEx)));
464 ASSERT_TRUE(AccessTokenKit::IsAtomicServiceByFullTokenID(static_cast<uint64_t>(fullTokenId.tokenIDEx)));
465
466 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
467 HapTokenInfo hapTokenInfoRes;
468 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes));
469 EXPECT_EQ(NUMBER_THREE, hapTokenInfoRes.tokenAttr);
470
471 info.isAtomicService = false;
472 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, info, policyParams));
473 ASSERT_TRUE(AccessTokenKit::IsSystemAppByFullTokenID(static_cast<uint64_t>(fullTokenId.tokenIDEx)));
474 ASSERT_FALSE(AccessTokenKit::IsAtomicServiceByFullTokenID(static_cast<uint64_t>(fullTokenId.tokenIDEx)));
475 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes));
476 EXPECT_EQ(NUMBER_ONE, hapTokenInfoRes.tokenAttr);
477
478 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
479 }
480
481 /**
482 * @tc.name: InitHapTokenSpecsTest001
483 * @tc.desc: Test request the high-level permission authorized by acl.
484 * @tc.type: FUNC
485 * @tc.require:
486 */
487 HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest001, TestSize.Level0)
488 {
489 LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenSpecsTest001");
490 MockNativeToken mock("foundation");
491
492 HapInfoParams infoParams;
493 HapPolicyParams policyParams;
494 TestCommon::GetHapParams(infoParams, policyParams);
495 policyParams.apl = APL_NORMAL;
496
497 PermissionStateFull permissionStateFull001 = {
498 .permissionName = "ohos.permission.RUN_DYN_CODE",
499 .isGeneral = true,
500 .resDeviceID = {"local"},
501 .grantStatus = {PERMISSION_DENIED},
502 .grantFlags = {PERMISSION_SYSTEM_FIXED}
503 };
504
505 PermissionStateFull permissionStateFull002 = {
506 .permissionName = "ohos.permission.ACCESS_DDK_USB",
507 .isGeneral = true,
508 .resDeviceID = {"local"},
509 .grantStatus = {PERMISSION_DENIED},
510 .grantFlags = {PERMISSION_SYSTEM_FIXED}
511 };
512
513 policyParams.permStateList = {permissionStateFull001, permissionStateFull002};
514 policyParams.aclRequestedList = {"ohos.permission.ACCESS_DDK_USB"};
515 AccessTokenIDEx fullTokenId;
516 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
517 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
518
519 int32_t ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.RUN_DYN_CODE");
520 EXPECT_EQ(PERMISSION_GRANTED, ret);
521 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_USB");
522 EXPECT_EQ(PERMISSION_GRANTED, ret);
523
524 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
525 }
526
527 /**
528 * @tc.name: InitHapTokenSpecsTest002
529 * @tc.desc: Test apl level does not match application level.
530 * @tc.type: FUNC
531 * @tc.require:
532 */
533 HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest002, TestSize.Level0)
534 {
535 LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenSpecsTest002");
536 MockNativeToken mock("foundation");
537
538 HapInfoParams infoParams;
539 HapPolicyParams policyParams;
540 TestCommon::GetHapParams(infoParams, policyParams);
541 policyParams.apl = APL_NORMAL;
542
543 PermissionStateFull permissionStateFull001 = {
544 .permissionName = "ohos.permission.RUN_DYN_CODE",
545 .isGeneral = true,
546 .resDeviceID = {"local"},
547 .grantStatus = {PERMISSION_DENIED},
548 .grantFlags = {PERMISSION_SYSTEM_FIXED}
549 };
550
551 PermissionStateFull permissionStateFull002 = {
552 .permissionName = "ohos.permission.ACCESS_DDK_USB",
553 .isGeneral = true,
554 .resDeviceID = {"local"},
555 .grantStatus = {PERMISSION_DENIED},
556 .grantFlags = {PERMISSION_SYSTEM_FIXED}
557 };
558
559 policyParams.permStateList = {permissionStateFull001, permissionStateFull002};
560 AccessTokenIDEx fullTokenId;
561 HapInfoCheckResult result;
562 ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId, result));
563 ASSERT_EQ(result.permCheckResult.permissionName, "ohos.permission.ACCESS_DDK_USB");
564 ASSERT_EQ(result.permCheckResult.rule, PERMISSION_ACL_RULE);
565 }
566
567 /**
568 * @tc.name: InitHapTokenSpecsTest003
569 * @tc.desc: Initialize system_grant&&user_grant permission.
570 * @tc.type: FUNC
571 * @tc.require:
572 */
573 HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest003, TestSize.Level0)
574 {
575 LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenSpecsTest003");
576 MockNativeToken mock("foundation");
577
578 HapInfoParams infoParams;
579 HapPolicyParams policyParams;
580 TestCommon::GetHapParams(infoParams, policyParams);
581 policyParams.apl = APL_SYSTEM_CORE;
582
583 PermissionStateFull permissionStateFull001 = {
584 .permissionName = "ohos.permission.READ_HEALTH_MOTION",
585 .isGeneral = true,
586 .resDeviceID = {"local"},
587 .grantStatus = {PERMISSION_DENIED},
588 .grantFlags = {PERMISSION_SYSTEM_FIXED}
589 };
590
591 PermissionStateFull permissionStateFull002 = {
592 .permissionName = "ohos.permission.READ_WRITE_DESKTOP_DIRECTORY",
593 .isGeneral = true,
594 .resDeviceID = {"local"},
595 .grantStatus = {PERMISSION_DENIED},
596 .grantFlags = {PERMISSION_SYSTEM_FIXED}
597 };
598
599 policyParams.permStateList = {permissionStateFull001, permissionStateFull002};
600
601 AccessTokenIDEx fullTokenId;
602 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
603 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
604
605 int32_t ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.READ_HEALTH_MOTION");
606 EXPECT_EQ(PERMISSION_GRANTED, ret);
607 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.READ_WRITE_DESKTOP_DIRECTORY");
608 EXPECT_EQ(PERMISSION_DENIED, ret);
609
610 uint32_t flag;
611 ret = AccessTokenKit::GetPermissionFlag(tokenID, "ohos.permission.READ_HEALTH_MOTION", flag);
612 EXPECT_EQ(RET_SUCCESS, ret);
613 EXPECT_EQ(PERMISSION_SYSTEM_FIXED, flag);
614 ret = AccessTokenKit::GetPermissionFlag(tokenID, "ohos.permission.READ_WRITE_DESKTOP_DIRECTORY", flag);
615 EXPECT_EQ(RET_SUCCESS, ret);
616 EXPECT_EQ(PERMISSION_DEFAULT_FLAG, flag);
617
618 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
619 }
620
621 /**
622 * @tc.name: InitHapTokenSpecsTest004
623 * @tc.desc: Initialize cancelable/un-cancelable permission.
624 * @tc.type: FUNC
625 * @tc.require:
626 */
627 HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest004, TestSize.Level0)
628 {
629 LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenSpecsTest004");
630 MockNativeToken mock("foundation");
631
632 HapInfoParams infoParams;
633 HapPolicyParams policyParams;
634 TestCommon::GetHapParams(infoParams, policyParams);
635 policyParams.apl = APL_SYSTEM_CORE;
636
637 PermissionStateFull permissionStateFull001 = {
638 .permissionName = "ohos.permission.ACCESS_NEARLINK",
639 .isGeneral = true,
640 .resDeviceID = {"local"},
641 .grantStatus = {PERMISSION_DENIED},
642 .grantFlags = {PERMISSION_SYSTEM_FIXED}
643 };
644
645 PermissionStateFull permissionStateFull002 = {
646 .permissionName = "ohos.permission.READ_WRITE_DESKTOP_DIRECTORY",
647 .isGeneral = true,
648 .resDeviceID = {"local"},
649 .grantStatus = {PERMISSION_DENIED},
650 .grantFlags = {PERMISSION_SYSTEM_FIXED}
651 };
652
653 policyParams.permStateList = {permissionStateFull001, permissionStateFull002};
654 PreAuthorizationInfo preAuthorizationInfo001 = {
655 .permissionName = "ohos.permission.ACCESS_NEARLINK",
656 .userCancelable = true
657 };
658 PreAuthorizationInfo preAuthorizationInfo002 = {
659 .permissionName = "ohos.permission.READ_WRITE_DESKTOP_DIRECTORY",
660 .userCancelable = false
661 };
662 policyParams.preAuthorizationInfo = {preAuthorizationInfo001, preAuthorizationInfo002};
663 AccessTokenIDEx fullTokenId;
664 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
665 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
666
667 int32_t ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_NEARLINK");
668 EXPECT_EQ(PERMISSION_GRANTED, ret);
669 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.READ_WRITE_DESKTOP_DIRECTORY");
670 EXPECT_EQ(PERMISSION_GRANTED, ret);
671
672 std::vector<PermissionStateFull> permStatList;
673 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetReqPermissions(tokenID, permStatList, false));
674 ASSERT_EQ(static_cast<uint32_t>(2), permStatList.size());
675 ASSERT_EQ("ohos.permission.ACCESS_NEARLINK", permStatList[0].permissionName);
676 EXPECT_EQ(permStatList[0].grantStatus[0], PERMISSION_GRANTED);
677 EXPECT_EQ(permStatList[0].grantFlags[0], PERMISSION_PRE_AUTHORIZED_CANCELABLE);
678 ASSERT_EQ("ohos.permission.READ_WRITE_DESKTOP_DIRECTORY", permStatList[1].permissionName);
679 EXPECT_EQ(permStatList[1].grantStatus[0], PERMISSION_GRANTED);
680 EXPECT_EQ(permStatList[1].grantFlags[0], PERMISSION_SYSTEM_FIXED);
681
682 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
683 }
684
685 /**
686 * @tc.name: InitHapTokenSpecsTest005
687 * @tc.desc: User grant permission not pre-authorized, grant state is PERMISSION_DENIED
688 * @tc.type: FUNC
689 * @tc.require: Issue Number
690 */
691 HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest005, TestSize.Level0)
692 {
693 LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenSpecsTest005");
694 MockNativeToken mock("foundation");
695
696 HapInfoParams infoParams;
697 HapPolicyParams policyParams;
698 TestCommon::GetHapParams(infoParams, policyParams);
699 policyParams.apl = APL_NORMAL;
700 policyParams.permStateList = { g_infoManagerMicrophoneState };
701 AccessTokenIDEx fullTokenId;
702 int32_t res = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
703 EXPECT_EQ(RET_SUCCESS, res);
704 int32_t ret = AccessTokenKit::VerifyAccessToken(
705 fullTokenId.tokenIdExStruct.tokenID, "ohos.permission.MICROPHONE");
706 EXPECT_EQ(ret, PERMISSION_DENIED);
707 uint32_t flag;
708 AccessTokenKit::GetPermissionFlag(
709 fullTokenId.tokenIdExStruct.tokenID, "ohos.permission.MICROPHONE", flag);
710 EXPECT_EQ(flag, PERMISSION_DEFAULT_FLAG);
711 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
712 }
713
714 /**
715 * @tc.name: InitHapTokenSpecsTest006
716 * @tc.desc: Initialize MDM permission for a MDM hap.
717 * @tc.type: FUNC
718 * @tc.require:
719 */
720 HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest006, TestSize.Level0)
721 {
722 LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenSpecsTest006");
723 MockNativeToken mock("foundation");
724
725 HapInfoParams infoParams;
726 HapPolicyParams policyParams;
727 TestCommon::GetHapParams(infoParams, policyParams);
728 policyParams.apl = APL_SYSTEM_CORE;
729 infoParams.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM;
730 PermissionStateFull permissionStateFull001 = {
731 .permissionName = "ohos.permission.ENTERPRISE_MANAGE_SETTINGS",
732 .isGeneral = true,
733 .resDeviceID = {"local"},
734 .grantStatus = {PERMISSION_DENIED},
735 .grantFlags = {PERMISSION_SYSTEM_FIXED}
736 };
737 policyParams.permStateList = {permissionStateFull001};
738 AccessTokenIDEx fullTokenId;
739 int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
740 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
741 ASSERT_EQ(RET_SUCCESS, ret);
742
743 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ENTERPRISE_MANAGE_SETTINGS");
744 EXPECT_EQ(PERMISSION_GRANTED, ret);
745
746 uint32_t flag;
747 ret = AccessTokenKit::GetPermissionFlag(tokenID, "ohos.permission.ENTERPRISE_MANAGE_SETTINGS", flag);
748 EXPECT_EQ(RET_SUCCESS, ret);
749 EXPECT_EQ(PERMISSION_SYSTEM_FIXED, flag);
750
751 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
752 }
753
754 /**
755 * @tc.name: InitHapTokenSpecsTest007
756 * @tc.desc: Initialize MDM permission for a Non-MDM hap.
757 * @tc.type: FUNC
758 * @tc.require:
759 */
760 HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest007, TestSize.Level0)
761 {
762 LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenSpecsTest007");
763 MockNativeToken mock("foundation");
764
765 HapInfoParams infoParams;
766 HapPolicyParams policyParams;
767 TestCommon::GetHapParams(infoParams, policyParams);
768
769 PermissionStateFull permissionStateFull001 = {
770 .permissionName = "ohos.permission.ENTERPRISE_MANAGE_SETTINGS",
771 .isGeneral = true,
772 .resDeviceID = {"local"},
773 .grantStatus = {PERMISSION_DENIED},
774 .grantFlags = {PERMISSION_SYSTEM_FIXED}
775 };
776 policyParams.permStateList = {permissionStateFull001};
777 policyParams.aclRequestedList = { "ohos.permission.ENTERPRISE_MANAGE_SETTINGS" };
778 AccessTokenIDEx fullTokenId;
779 int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
780 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
781 ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, ret);
782
783 HapInfoCheckResult result;
784 ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId, result);
785 ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, ret);
786 ASSERT_EQ(result.permCheckResult.permissionName, "ohos.permission.ENTERPRISE_MANAGE_SETTINGS");
787 ASSERT_EQ(result.permCheckResult.rule, PERMISSION_EDM_RULE);
788
789 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ENTERPRISE_MANAGE_SETTINGS");
790 EXPECT_EQ(PERMISSION_DENIED, ret);
791 }
792
793 /**
794 * @tc.name: InitHapTokenSpecsTest008
795 * @tc.desc: Initialize MDM permission for a debug hap.
796 * @tc.type: FUNC
797 * @tc.require:
798 */
799 HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest008, TestSize.Level0)
800 {
801 LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenSpecsTest008");
802 MockNativeToken mock("foundation");
803
804 HapInfoParams infoParams;
805 HapPolicyParams policyParams;
806 TestCommon::GetHapParams(infoParams, policyParams);
807 policyParams.apl = APL_SYSTEM_CORE;
808 infoParams.appDistributionType = APP_DISTRIBUTION_TYPE_NONE;
809 PermissionStateFull permissionStateFull001 = {
810 .permissionName = "ohos.permission.ENTERPRISE_MANAGE_SETTINGS",
811 .isGeneral = true,
812 .resDeviceID = {"local"},
813 .grantStatus = {PERMISSION_DENIED},
814 .grantFlags = {PERMISSION_SYSTEM_FIXED}
815 };
816 policyParams.permStateList = {permissionStateFull001};
817 AccessTokenIDEx fullTokenId;
818 int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
819 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
820 ASSERT_EQ(RET_SUCCESS, ret);
821
822 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ENTERPRISE_MANAGE_SETTINGS");
823 EXPECT_EQ(PERMISSION_GRANTED, ret);
824
825 uint32_t flag;
826 ret = AccessTokenKit::GetPermissionFlag(tokenID, "ohos.permission.ENTERPRISE_MANAGE_SETTINGS", flag);
827 EXPECT_EQ(RET_SUCCESS, ret);
828 EXPECT_EQ(PERMISSION_SYSTEM_FIXED, flag);
829
830 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
831 }
832
833 /**
834 * @tc.name: InitHapTokenSpecsTest009
835 * @tc.desc: InitHapToken isRestore with real token
836 * @tc.type: FUNC
837 * @tc.require:
838 */
839 HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest009, TestSize.Level0)
840 {
841 MockNativeToken mock("foundation");
842 HapInfoParams infoParams;
843 HapPolicyParams policyParams;
844 TestCommon::GetHapParams(infoParams, policyParams);
845 policyParams.apl = APL_SYSTEM_CORE;
846
847 PermissionStateFull permissionStateFull001 = {
848 .permissionName = "ohos.permission.ACCESS_CERT_MANAGER",
849 .isGeneral = false,
850 .resDeviceID = {"local"},
851 .grantStatus = {PERMISSION_GRANTED},
852 .grantFlags = {PERMISSION_SYSTEM_FIXED}
853 };
854
855 policyParams.permStateList = {permissionStateFull001, g_infoManagerCameraState};
856 AccessTokenIDEx fullTokenId;
857 int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
858 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
859 ASSERT_EQ(RET_SUCCESS, ret);
860
861 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_CERT_MANAGER");
862 EXPECT_EQ(PERMISSION_GRANTED, ret);
863
864 (void)AccessTokenKit::GrantPermission(tokenID, "ohos.permission.CAMERA", PERMISSION_USER_SET);
865 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.CAMERA");
866 EXPECT_EQ(ret, PERMISSION_GRANTED);
867
868 ret = AccessTokenKit::DeleteToken(tokenID);
869 EXPECT_EQ(RET_SUCCESS, ret);
870
871 infoParams.isRestore = true;
872 infoParams.tokenID = tokenID;
873 ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
874 EXPECT_EQ(RET_SUCCESS, ret);
875
876 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_CERT_MANAGER");
877 EXPECT_EQ(PERMISSION_GRANTED, ret);
878
879 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.CAMERA");
880 EXPECT_EQ(ret, PERMISSION_DENIED);
881
882 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
883 }
884
885 /**
886 * @tc.name: InitHapTokenSpecsTest010
887 * @tc.desc: aclExtendedMap size test
888 * @tc.type: FUNC
889 * @tc.require:
890 */
891 HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest010, TestSize.Level0)
892 {
893 HapInfoParams infoParams;
894 HapPolicyParams policyParams;
895 TestCommon::GetHapParams(infoParams, policyParams);
896 policyParams.apl = APL_SYSTEM_CORE;
897
898 AccessTokenIDEx fullTokenId;
899 int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
900 ASSERT_EQ(RET_SUCCESS, ret);
901
902 for (size_t i = 0; i < MAX_EXTENDED_MAP_SIZE - 1; i++) {
903 policyParams.aclExtendedMap[std::to_string(i)] = std::to_string(i);
904 }
905 ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
906 ASSERT_EQ(RET_SUCCESS, ret);
907
908 policyParams.aclExtendedMap[std::to_string(MAX_EXTENDED_MAP_SIZE - 1)] =
909 std::to_string(MAX_EXTENDED_MAP_SIZE - 1);
910 ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
911 ASSERT_EQ(RET_SUCCESS, ret);
912
913 policyParams.aclExtendedMap[std::to_string(MAX_EXTENDED_MAP_SIZE)] =
914 std::to_string(MAX_EXTENDED_MAP_SIZE);
915 ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
916 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret);
917 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
918 ret = AccessTokenKit::DeleteToken(tokenID);
919 EXPECT_EQ(RET_SUCCESS, ret);
920 }
921
922 /**
923 * @tc.name: InitHapTokenSpecsTest011
924 * @tc.desc: aclExtendedMap content size test
925 * @tc.type: FUNC
926 * @tc.require:
927 */
928 HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest011, TestSize.Level0)
929 {
930 HapInfoParams infoParams;
931 HapPolicyParams policyParams;
932 TestCommon::GetHapParams(infoParams, policyParams);
933 policyParams.apl = APL_SYSTEM_CORE;
934
935 AccessTokenIDEx fullTokenId;
936 policyParams.aclExtendedMap["ohos.permission.ACCESS_CERT_MANAGER"] = "";
937 int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
938 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret);
939
940 std::string testValue(MAX_VALUE_LENGTH - 1, '1');
941 policyParams.aclExtendedMap["ohos.permission.ACCESS_CERT_MANAGER"] = testValue;
942 ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
943 ASSERT_EQ(RET_SUCCESS, ret);
944
945 testValue.push_back('1');
946 policyParams.aclExtendedMap["ohos.permission.ACCESS_CERT_MANAGER"] = testValue;
947 ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
948 ASSERT_EQ(RET_SUCCESS, ret);
949 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
950
951 testValue.push_back('1');
952 policyParams.aclExtendedMap["ohos.permission.ACCESS_CERT_MANAGER"] = testValue;
953 ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
954 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret);
955
956 ret = AccessTokenKit::DeleteToken(tokenID);
957 EXPECT_EQ(RET_SUCCESS, ret);
958 }
959
960 /**
961 * @tc.name: InitHapTokenSpecsTest012
962 * @tc.desc: InitHapToken permission with value
963 * @tc.type: FUNC
964 * @tc.require:
965 */
966 HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest012, TestSize.Level0)
967 {
968 HapInfoParams infoParams;
969 HapPolicyParams policyParams;
970 TestCommon::GetHapParams(infoParams, policyParams);
971 policyParams.apl = APL_SYSTEM_CORE;
972 TestCommon::TestPrepareKernelPermissionStatus(policyParams);
973 AccessTokenIDEx fullTokenId;
974 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
975 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
976
977 std::vector<PermissionWithValue> kernelPermList;
978 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::GetKernelPermissions(tokenID, kernelPermList));
979 EXPECT_EQ(1, kernelPermList.size());
980
981 std::string value;
982 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::GetReqPermissionByName(
983 tokenID, "ohos.permission.KERNEL_ATM_SELF_USE", value));
984 EXPECT_EQ("123", value);
985
986 EXPECT_EQ(AccessTokenError::ERR_PERMISSION_WITHOUT_VALUE, AccessTokenKit::GetReqPermissionByName(
987 tokenID, "ohos.permission.MICROPHONE", value));
988 EXPECT_EQ(AccessTokenError::ERR_PERMISSION_WITHOUT_VALUE, AccessTokenKit::GetReqPermissionByName(
989 tokenID, "ohos.permission.CAMERA", value));
990
991 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
992 }
993
994 /**
995 * @tc.name: InitHapTokenSpecsTest013
996 * @tc.desc: InitHapToken is called repeatly, tokenId will change
997 * 1. first tokenId is delete; 2. second token is valid
998 * @tc.type: FUNC
999 * @tc.require:
1000 */
1001 HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest013, TestSize.Level0)
1002 {
1003 MockNativeToken mock("foundation");
1004 HapInfoParams infoParams;
1005 HapPolicyParams policyParams;
1006 TestCommon::GetHapParams(infoParams, policyParams);
1007 AccessTokenIDEx tokenIdEx1;
1008 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, tokenIdEx1));
1009
1010 AccessTokenIDEx tokenIdEx2;
1011 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, tokenIdEx2));
1012
1013 ASSERT_NE(tokenIdEx1.tokenIdExStruct.tokenID, tokenIdEx2.tokenIdExStruct.tokenID);
1014
1015 HapTokenInfo hapInfo;
1016 ASSERT_EQ(ERR_TOKENID_NOT_EXIST, AccessTokenKit::GetHapTokenInfo(tokenIdEx1.tokenIdExStruct.tokenID, hapInfo));
1017 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetHapTokenInfo(tokenIdEx2.tokenIdExStruct.tokenID, hapInfo));
1018
1019 EXPECT_EQ(ERR_PARAM_INVALID, AccessTokenKit::DeleteToken(tokenIdEx1.tokenIdExStruct.tokenID));
1020 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenIdEx2.tokenIdExStruct.tokenID));
1021 }
1022
1023 /**
1024 * @tc.name: InitHapTokenSpecsTest014
1025 * @tc.desc: app.apl > policy.apl, extended permission not in aclExtendedMap
1026 * @tc.type: FUNC
1027 * @tc.require:
1028 */
1029 HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest014, TestSize.Level0)
1030 {
1031 HapInfoParams infoParams;
1032 HapPolicyParams policyParams;
1033 TestCommon::GetHapParams(infoParams, policyParams);
1034 policyParams.apl = APL_SYSTEM_CORE;
1035 TestCommon::TestPrepareKernelPermissionStatus(policyParams);
1036 policyParams.aclExtendedMap.erase("ohos.permission.KERNEL_ATM_SELF_USE");
1037 AccessTokenIDEx fullTokenId;
1038 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
1039 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
1040
1041 std::vector<PermissionWithValue> kernelPermList;
1042 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::GetKernelPermissions(tokenID, kernelPermList));
1043 EXPECT_EQ(1, kernelPermList.size());
1044
1045 std::string value;
1046 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::GetReqPermissionByName(
1047 tokenID, "ohos.permission.KERNEL_ATM_SELF_USE", value));
1048 EXPECT_EQ("", value);
1049
1050 EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(
1051 tokenID, "ohos.permission.KERNEL_ATM_SELF_USE"));
1052
1053 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
1054 }
1055
1056 /**
1057 * @tc.name: InitHapTokenSpecsTest015
1058 * @tc.desc: Initialize ENTERPRISE_NORMAL permission for a enterprise_mdm hap.
1059 * @tc.type: FUNC
1060 * @tc.require:
1061 */
1062 HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest015, TestSize.Level0)
1063 {
1064 LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenSpecsTest015");
1065 MockNativeToken mock("foundation");
1066
1067 HapInfoParams infoParams;
1068 HapPolicyParams policyParams;
1069 TestCommon::GetHapParams(infoParams, policyParams);
1070 policyParams.apl = APL_SYSTEM_CORE;
1071 infoParams.isSystemApp = false;
1072 infoParams.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM;
1073 PermissionStateFull permissionStateFull001 = {
1074 .permissionName = "ohos.permission.FILE_GUARD_MANAGER",
1075 .isGeneral = true,
1076 .resDeviceID = {"local"},
1077 .grantStatus = {PERMISSION_DENIED},
1078 .grantFlags = {PERMISSION_SYSTEM_FIXED}
1079 };
1080 policyParams.permStateList = {permissionStateFull001};
1081 AccessTokenIDEx fullTokenId;
1082 int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
1083 ASSERT_EQ(RET_SUCCESS, ret);
1084
1085 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
1086 ASSERT_NE(INVALID_TOKENID, tokenID);
1087 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.FILE_GUARD_MANAGER");
1088 EXPECT_EQ(PERMISSION_GRANTED, ret);
1089
1090 uint32_t flag;
1091 ret = AccessTokenKit::GetPermissionFlag(tokenID, "ohos.permission.FILE_GUARD_MANAGER", flag);
1092 EXPECT_EQ(RET_SUCCESS, ret);
1093 EXPECT_EQ(PERMISSION_SYSTEM_FIXED, flag);
1094
1095 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
1096 }
1097
1098 /**
1099 * @tc.name: InitHapTokenSpecsTest016
1100 * @tc.desc: Initialize ENTERPRISE_NORMAL permission for a enterprise_normal hap.
1101 * @tc.type: FUNC
1102 * @tc.require:
1103 */
1104 HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest016, TestSize.Level0)
1105 {
1106 LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenSpecsTest016");
1107 MockNativeToken mock("foundation");
1108
1109 HapInfoParams infoParams;
1110 HapPolicyParams policyParams;
1111 TestCommon::GetHapParams(infoParams, policyParams);
1112 policyParams.apl = APL_SYSTEM_CORE;
1113 infoParams.isSystemApp = false;
1114 infoParams.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_NORMAL;
1115 PermissionStateFull permissionStateFull001 = {
1116 .permissionName = "ohos.permission.FILE_GUARD_MANAGER",
1117 .isGeneral = true,
1118 .resDeviceID = {"local"},
1119 .grantStatus = {PERMISSION_DENIED},
1120 .grantFlags = {PERMISSION_SYSTEM_FIXED}
1121 };
1122 policyParams.permStateList = {permissionStateFull001};
1123 AccessTokenIDEx fullTokenId;
1124 int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
1125 ASSERT_EQ(RET_SUCCESS, ret);
1126
1127 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
1128 ASSERT_NE(INVALID_TOKENID, tokenID);
1129 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.FILE_GUARD_MANAGER");
1130 EXPECT_EQ(PERMISSION_GRANTED, ret);
1131
1132 uint32_t flag;
1133 ret = AccessTokenKit::GetPermissionFlag(tokenID, "ohos.permission.FILE_GUARD_MANAGER", flag);
1134 EXPECT_EQ(RET_SUCCESS, ret);
1135 EXPECT_EQ(PERMISSION_SYSTEM_FIXED, flag);
1136
1137 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
1138 }
1139
1140 /**
1141 * @tc.name: InitHapTokenSpecsTest017
1142 * @tc.desc: Initialize ENTERPRISE_NORMAL permission for a system hap.
1143 * @tc.type: FUNC
1144 * @tc.require:
1145 */
1146 HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest017, TestSize.Level0)
1147 {
1148 LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenSpecsTest017");
1149 MockNativeToken mock("foundation");
1150
1151 HapInfoParams infoParams;
1152 HapPolicyParams policyParams;
1153 TestCommon::GetHapParams(infoParams, policyParams);
1154 policyParams.apl = APL_SYSTEM_CORE;
1155 infoParams.isSystemApp = true;
1156 PermissionStateFull permissionStateFull001 = {
1157 .permissionName = "ohos.permission.FILE_GUARD_MANAGER",
1158 .isGeneral = true,
1159 .resDeviceID = {"local"},
1160 .grantStatus = {PERMISSION_DENIED},
1161 .grantFlags = {PERMISSION_SYSTEM_FIXED}
1162 };
1163 policyParams.permStateList = {permissionStateFull001};
1164 AccessTokenIDEx fullTokenId;
1165 int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
1166 ASSERT_EQ(RET_SUCCESS, ret);
1167
1168 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
1169 ASSERT_NE(INVALID_TOKENID, tokenID);
1170 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.FILE_GUARD_MANAGER");
1171 EXPECT_EQ(PERMISSION_GRANTED, ret);
1172
1173 uint32_t flag;
1174 ret = AccessTokenKit::GetPermissionFlag(tokenID, "ohos.permission.FILE_GUARD_MANAGER", flag);
1175 EXPECT_EQ(RET_SUCCESS, ret);
1176 EXPECT_EQ(PERMISSION_SYSTEM_FIXED, flag);
1177
1178 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
1179 }
1180
1181 /**
1182 * @tc.name: InitHapTokenSpecsTest018
1183 * @tc.desc: Initialize ENTERPRISE_NORMAL permission for a debug hap.
1184 * @tc.type: FUNC
1185 * @tc.require:
1186 */
1187 HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest018, TestSize.Level0)
1188 {
1189 LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenSpecsTest018");
1190 MockNativeToken mock("foundation");
1191
1192 HapInfoParams infoParams;
1193 HapPolicyParams policyParams;
1194 TestCommon::GetHapParams(infoParams, policyParams);
1195 policyParams.apl = APL_SYSTEM_CORE;
1196 infoParams.isSystemApp = false;
1197 infoParams.appDistributionType = APP_DISTRIBUTION_TYPE_NONE;
1198 PermissionStateFull permissionStateFull001 = {
1199 .permissionName = "ohos.permission.FILE_GUARD_MANAGER",
1200 .isGeneral = true,
1201 .resDeviceID = {"local"},
1202 .grantStatus = {PERMISSION_DENIED},
1203 .grantFlags = {PERMISSION_SYSTEM_FIXED}
1204 };
1205 policyParams.permStateList = {permissionStateFull001};
1206 AccessTokenIDEx fullTokenId;
1207 int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
1208 ASSERT_EQ(RET_SUCCESS, ret);
1209
1210 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
1211 ASSERT_NE(INVALID_TOKENID, tokenID);
1212 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.FILE_GUARD_MANAGER");
1213 EXPECT_EQ(PERMISSION_GRANTED, ret);
1214
1215 uint32_t flag;
1216 ret = AccessTokenKit::GetPermissionFlag(tokenID, "ohos.permission.FILE_GUARD_MANAGER", flag);
1217 EXPECT_EQ(RET_SUCCESS, ret);
1218 EXPECT_EQ(PERMISSION_SYSTEM_FIXED, flag);
1219
1220 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
1221 }
1222
1223 /**
1224 * @tc.name: InitHapTokenSpecsTest019
1225 * @tc.desc: Initialize ENTERPRISE_NORMAL permission for a Non enterprise/system/debug hap.
1226 * @tc.type: FUNC
1227 * @tc.require:
1228 */
1229 HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest019, TestSize.Level0)
1230 {
1231 LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenSpecsTest019");
1232 MockNativeToken mock("foundation");
1233
1234 HapInfoParams infoParams;
1235 HapPolicyParams policyParams;
1236 TestCommon::GetHapParams(infoParams, policyParams);
1237 infoParams.isSystemApp = false;
1238
1239 PermissionStateFull permissionStateFull001 = {
1240 .permissionName = "ohos.permission.FILE_GUARD_MANAGER",
1241 .isGeneral = true,
1242 .resDeviceID = {"local"},
1243 .grantStatus = {PERMISSION_DENIED},
1244 .grantFlags = {PERMISSION_SYSTEM_FIXED}
1245 };
1246 policyParams.permStateList = {permissionStateFull001};
1247 policyParams.aclRequestedList = { "ohos.permission.FILE_GUARD_MANAGER" };
1248 AccessTokenIDEx fullTokenId;
1249 int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
1250 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
1251 bool isEnterpriseNormal = OHOS::system::GetBoolParameter(ENTERPRISE_NORMAL_CHECK, false);
1252 if (isEnterpriseNormal) {
1253 ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, ret);
1254 } else {
1255 ASSERT_EQ(RET_SUCCESS, ret);
1256 }
1257
1258 HapInfoCheckResult result;
1259 ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId, result);
1260 if (isEnterpriseNormal) {
1261 ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, ret);
1262 ASSERT_EQ(result.permCheckResult.permissionName, "ohos.permission.FILE_GUARD_MANAGER");
1263 ASSERT_EQ(result.permCheckResult.rule, PERMISSION_ENTERPRISE_NORMAL_RULE);
1264 } else {
1265 ASSERT_EQ(RET_SUCCESS, ret);
1266 }
1267
1268 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.FILE_GUARD_MANAGER");
1269 EXPECT_EQ(PERMISSION_DENIED, ret);
1270 }
1271
1272 /**
1273 * @tc.name: InitHapTokenAbnormalTest001
1274 * @tc.desc: Invaild HapInfoParams.
1275 * @tc.type: FUNC
1276 * @tc.require:
1277 */
1278 HWTEST_F(InitHapTokenTest, InitHapTokenAbnormalTest001, TestSize.Level0)
1279 {
1280 LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenAbnormalTest001");
1281
1282 HapInfoParams infoParams;
1283 HapPolicyParams policyParams;
1284 TestCommon::GetHapParams(infoParams, policyParams);
1285 infoParams.userID = -1;
1286 AccessTokenIDEx fullTokenId;
1287 int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
1288 EXPECT_EQ(ERR_PARAM_INVALID, ret);
1289
1290 TestCommon::GetHapParams(infoParams, policyParams);
1291 infoParams.bundleName = "";
1292 ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
1293 EXPECT_EQ(ERR_PARAM_INVALID, ret);
1294
1295 TestCommon::GetHapParams(infoParams, policyParams);
1296 infoParams.bundleName = OVER_SIZE_STR;
1297 ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
1298 EXPECT_EQ(ERR_PARAM_INVALID, ret);
1299
1300 TestCommon::GetHapParams(infoParams, policyParams);
1301 for (int i = 0; i < THIRTY_TIME_CYCLES; i++) {
1302 infoParams.appIDDesc += OVER_SIZE_STR;
1303 }
1304 ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
1305 EXPECT_EQ(ERR_PARAM_INVALID, ret);
1306 }
1307
1308 /**
1309 * @tc.name: InitHapTokenAbnormalTest002
1310 * @tc.desc: Invaild HapPolicyParams.
1311 * @tc.type: FUNC
1312 * @tc.require:
1313 */
1314 HWTEST_F(InitHapTokenTest, InitHapTokenAbnormalTest002, TestSize.Level0)
1315 {
1316 LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenAbnormalTest002");
1317
1318 HapInfoParams infoParams;
1319 HapPolicyParams policyParams;
1320 TestCommon::GetHapParams(infoParams, policyParams);
1321 policyParams.apl = static_cast<AccessToken::TypeATokenAplEnum>(-1);
1322 AccessTokenIDEx fullTokenId;
1323 int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
1324 EXPECT_EQ(ERR_PARAM_INVALID, ret);
1325
1326 TestCommon::GetHapParams(infoParams, policyParams);
1327 policyParams.apl = APL_ENUM_BUTT;
1328 ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
1329 EXPECT_EQ(ERR_PARAM_INVALID, ret);
1330
1331 TestCommon::GetHapParams(infoParams, policyParams);
1332 policyParams.domain = "";
1333 ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
1334 EXPECT_EQ(ERR_PARAM_INVALID, ret);
1335
1336 TestCommon::GetHapParams(infoParams, policyParams);
1337 policyParams.domain = OVER_SIZE_STR;
1338 ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
1339 EXPECT_EQ(ERR_PARAM_INVALID, ret);
1340 }
1341
1342 /**
1343 * @tc.name: InitHapTokenAbnormalTest003
1344 * @tc.desc: Invaild permStateList.
1345 * @tc.type: FUNC
1346 * @tc.require:
1347 */
1348 HWTEST_F(InitHapTokenTest, InitHapTokenAbnormalTest003, TestSize.Level0)
1349 {
1350 LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenAbnormalTest003");
1351
1352 HapInfoParams infoParams;
1353 HapPolicyParams policyParams;
1354 TestCommon::GetHapParams(infoParams, policyParams);
1355
1356 PermissionStateFull permissionStateFull001 = {
1357 .permissionName = "",
1358 .isGeneral = true,
1359 .resDeviceID = {"local"},
1360 .grantStatus = {PERMISSION_DENIED},
1361 .grantFlags = {PERMISSION_SYSTEM_FIXED}
1362 };
1363 PermissionStateFull permissionStateFull002 = {
1364 .permissionName = "ohos.permission.test",
1365 .isGeneral = true,
1366 .resDeviceID = {"local"},
1367 .grantStatus = {PERMISSION_DENIED},
1368 .grantFlags = {PERMISSION_SYSTEM_FIXED}
1369 };
1370 policyParams.permStateList.emplace_back(permissionStateFull001);
1371 policyParams.permStateList.emplace_back(permissionStateFull002);
1372 AccessTokenIDEx fullTokenId;
1373 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
1374 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
1375 ASSERT_NE(INVALID_TOKENID, tokenID);
1376
1377 std::vector<PermissionStateFull> reqPermList;
1378 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetReqPermissions(tokenID, reqPermList, false));
1379 EXPECT_TRUE(reqPermList.empty());
1380
1381 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
1382 }
1383
1384 /**
1385 * @tc.name: InitHapTokenAbnormalTest004
1386 * @tc.desc: Invaild aclRequestedList.
1387 * @tc.type: FUNC
1388 * @tc.require:
1389 */
1390 HWTEST_F(InitHapTokenTest, InitHapTokenAbnormalTest004, TestSize.Level0)
1391 {
1392 LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenAbnormalTest004");
1393
1394 HapInfoParams infoParams;
1395 HapPolicyParams policyParams;
1396 TestCommon::GetHapParams(infoParams, policyParams);
1397
1398 PermissionStateFull permissionStateFull001 = {
1399 .permissionName = "ohos.permission.AGENT_REQUIRE_FORM",
1400 .isGeneral = true,
1401 .resDeviceID = {"local"},
1402 .grantStatus = {PERMISSION_DENIED},
1403 .grantFlags = {PERMISSION_SYSTEM_FIXED}
1404 };
1405 PermissionStateFull permissionStateFull002 = {
1406 .permissionName = "ohos.permission.ACCESS_EXTENSIONAL_DEVICE_DRIVER",
1407 .isGeneral = true,
1408 .resDeviceID = {"local"},
1409 .grantStatus = {PERMISSION_DENIED},
1410 .grantFlags = {PERMISSION_SYSTEM_FIXED}
1411 };
1412 policyParams.aclRequestedList = {""};
1413 AccessTokenIDEx fullTokenId;
1414 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
1415 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
1416 EXPECT_NE(INVALID_TOKENID, tokenID);
1417 int32_t ret = AccessTokenKit::VerifyAccessToken(tokenID, "");
1418 EXPECT_EQ(PERMISSION_DENIED, ret);
1419
1420 policyParams.aclRequestedList = {"ohos.permission.test"};
1421 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
1422 EXPECT_NE(INVALID_TOKENID, fullTokenId.tokenIdExStruct.tokenID);
1423 EXPECT_NE(tokenID, fullTokenId.tokenIdExStruct.tokenID);
1424 tokenID = fullTokenId.tokenIdExStruct.tokenID;
1425 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.test");
1426 EXPECT_EQ(PERMISSION_DENIED, ret);
1427
1428 policyParams.aclRequestedList = {"ohos.permission.AGENT_REQUIRE_FORM"};
1429 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
1430 EXPECT_NE(INVALID_TOKENID, fullTokenId.tokenIdExStruct.tokenID);
1431 EXPECT_NE(tokenID, fullTokenId.tokenIdExStruct.tokenID);
1432 tokenID = fullTokenId.tokenIdExStruct.tokenID;
1433 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.AGENT_REQUIRE_FORM");
1434 EXPECT_EQ(PERMISSION_DENIED, ret);
1435
1436 policyParams.permStateList.emplace_back(permissionStateFull002);
1437 policyParams.aclRequestedList.emplace_back("ohos.permission.ACCESS_EXTENSIONAL_DEVICE_DRIVER");
1438
1439 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
1440 EXPECT_NE(INVALID_TOKENID, fullTokenId.tokenIdExStruct.tokenID);
1441 EXPECT_NE(tokenID, fullTokenId.tokenIdExStruct.tokenID);
1442 tokenID = fullTokenId.tokenIdExStruct.tokenID;
1443 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_EXTENSIONAL_DEVICE_DRIVER");
1444 EXPECT_EQ(PERMISSION_GRANTED, ret);
1445
1446 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
1447 }
1448
1449 /**
1450 * @tc.name: InitHapTokenAbnormalTest005
1451 * @tc.desc: Invaild preAuthorizationInfo.
1452 * @tc.type: FUNC
1453 * @tc.require:
1454 */
1455 HWTEST_F(InitHapTokenTest, InitHapTokenAbnormalTest005, TestSize.Level0)
1456 {
1457 LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenAbnormalTest005");
1458
1459 HapInfoParams infoParams;
1460 HapPolicyParams policyParams;
1461 TestCommon::GetHapParams(infoParams, policyParams);
1462
1463 PreAuthorizationInfo preAuthorizationInfo;
1464 preAuthorizationInfo.permissionName = "";
1465 policyParams.preAuthorizationInfo = {preAuthorizationInfo};
1466 AccessTokenIDEx fullTokenId;
1467 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
1468 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
1469 EXPECT_NE(INVALID_TOKENID, tokenID);
1470 EXPECT_EQ(PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenID, ""));
1471
1472 preAuthorizationInfo.permissionName = "ohos.permission.test";
1473 policyParams.preAuthorizationInfo = {preAuthorizationInfo};
1474 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
1475 EXPECT_NE(INVALID_TOKENID, fullTokenId.tokenIdExStruct.tokenID);
1476 EXPECT_NE(tokenID, fullTokenId.tokenIdExStruct.tokenID);
1477 tokenID = fullTokenId.tokenIdExStruct.tokenID;
1478 int32_t ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.test");
1479 EXPECT_EQ(PERMISSION_DENIED, ret);
1480
1481 preAuthorizationInfo.permissionName = "ohos.permission.AGENT_REQUIRE_FORM";
1482 policyParams.preAuthorizationInfo = {preAuthorizationInfo};
1483 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
1484 EXPECT_NE(INVALID_TOKENID, fullTokenId.tokenIdExStruct.tokenID);
1485 EXPECT_NE(tokenID, fullTokenId.tokenIdExStruct.tokenID);
1486 tokenID = fullTokenId.tokenIdExStruct.tokenID;
1487 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.AGENT_REQUIRE_FORM");
1488 EXPECT_EQ(PERMISSION_DENIED, ret);
1489
1490 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
1491 }
1492
1493 /**
1494 * @tc.name: InitHapTokenAbnormalTest006
1495 * @tc.desc: InitHapToken isRestore with INVALID_TOKENID
1496 * @tc.type: FUNC
1497 * @tc.require:
1498 */
1499 HWTEST_F(InitHapTokenTest, InitHapTokenAbnormalTest006, TestSize.Level0)
1500 {
1501 HapInfoParams infoParams;
1502 HapPolicyParams policyParams;
1503 TestCommon::GetHapParams(infoParams, policyParams);
1504
1505 infoParams.isRestore = true;
1506 infoParams.tokenID = INVALID_TOKENID;
1507
1508 PreAuthorizationInfo preAuthorizationInfo;
1509 preAuthorizationInfo.permissionName = "";
1510 policyParams.preAuthorizationInfo = {preAuthorizationInfo};
1511 AccessTokenIDEx fullTokenId;
1512 int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
1513 EXPECT_EQ(ERR_PARAM_INVALID, ret);
1514 }
1515 } // namespace AccessToken
1516 } // namespace Security
1517 } // namespace OHOS