1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "update_hap_token_test.h"
17 #include "gtest/gtest.h"
18 #include <thread>
19
20 #include "access_token.h"
21 #include "access_token_error.h"
22 #include "accesstoken_common_log.h"
23 #include "iaccess_token_manager.h"
24 #include "nativetoken_kit.h"
25 #include "parameter.h"
26 #include "parameters.h"
27 #include "permission_grant_info.h"
28 #include "permission_state_change_info_parcel.h"
29 #include "string_ex.h"
30 #include "test_common.h"
31 #include "tokenid_kit.h"
32 #include "token_setproc.h"
33
34 using namespace testing::ext;
35 namespace OHOS {
36 namespace Security {
37 namespace AccessToken {
38 namespace {
39 static const char* ENTERPRISE_NORMAL_CHECK = "accesstoken.enterprise_normal_check";
40 static const std::string TEST_BUNDLE_NAME = "ohos";
41 static const int TEST_USER_ID = 0;
42 static const int THREAD_NUM = 3;
43 static constexpr int32_t CYCLE_TIMES = 100;
44 static const int INVALID_APPIDDESC_LEN = 10244;
45 static const int32_t INDEX_ZERO = 0;
46 static uint64_t g_selfTokenId = 0;
47 static constexpr int32_t API_VERSION_EIGHT = 8;
48 const std::string APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM = "enterprise_mdm";
49 const std::string APP_DISTRIBUTION_TYPE_ENTERPRISE_NORMAL = "enterprise_normal";
50 const std::string APP_DISTRIBUTION_TYPE_NONE = "none";
51 const std::string OVER_SIZE_STR =
52 "AAANSUhEUgAAABUAAAAXCAIAAABrvZPKAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAEXRFWHRTb2Z0d2FyZQBTbmlwYXN0ZV0Xzt0A"
53 "FBSURBVDiN7ZQ/S8NQFMVPxU/QCx06GBzrkqUZ42rBbHWUBDqYxSnUoTxXydCSycVsgltfBiFDR8HNdHGxY4nQQAPvMzwHsWn+KM"
54 "vj3He5vIaUEjV0UAfe85X83KMBT7N75JEXVdSlfEAVfPRyZ5yfIrBoUkVlMU82Hkp8wu9ddt1vFew4sIiIiKwgzcXIvN7GTZOvpZ"
55 "D3I1NZvmdCXz+XOv5wJANKHOVYjRTAghxIyh0FHKb+0QQH5+kXf2zkYGAG0oFr5RfnK8DAGkwY19wliRT2L448vjv0YGQFVa8VKd";
56 static MockNativeToken* g_mock;
57
58 PermissionStateFull g_infoManagerCameraState = {
59 .permissionName = "ohos.permission.CAMERA",
60 .isGeneral = true,
61 .resDeviceID = {"local2"},
62 .grantStatus = {PermissionState::PERMISSION_DENIED},
63 .grantFlags = {0}
64 };
65
66 PermissionStateFull g_infoManagerMicrophoneState = {
67 .permissionName = "ohos.permission.MICROPHONE",
68 .isGeneral = true,
69 .resDeviceID = {"local2"},
70 .grantStatus = {PermissionState::PERMISSION_DENIED},
71 .grantFlags = {0}
72 };
73
74 HapInfoParams g_testHapInfoParams = {
75 .userID = 0,
76 .bundleName = "UpdateHapTokenTest",
77 .instIndex = 0,
78 .appIDDesc = "UpdateHapTokenTest",
79 .apiVersion = TestCommon::DEFAULT_API_VERSION,
80 .isSystemApp = true,
81 .appDistributionType = ""
82 };
83
84 PermissionDef g_permDef = {
85 .permissionName = "ohos.permission.test1",
86 .bundleName = "accesstoken_test",
87 .grantMode = 1,
88 .availableLevel = APL_NORMAL,
89 .label = "label3",
90 .labelId = 1,
91 .description = "open the door",
92 .descriptionId = 1,
93 .availableType = MDM
94 };
95
96 HapPolicyParams g_testPolicyParams = {
97 .apl = APL_SYSTEM_CORE,
98 .domain = "test_domain",
99 .permList = { g_permDef },
100 .permStateList = { g_infoManagerCameraState, g_infoManagerMicrophoneState },
101 .aclRequestedList = {},
102 .preAuthorizationInfo = {}
103 };
104 };
105
SetUpTestCase()106 void UpdateHapTokenTest::SetUpTestCase()
107 {
108 g_selfTokenId = GetSelfTokenID();
109 TestCommon::SetTestEvironment(g_selfTokenId);
110
111 // native process with MANAGER_HAP_ID
112 g_mock = new (std::nothrow) MockNativeToken("foundation");
113 }
114
TearDownTestCase()115 void UpdateHapTokenTest::TearDownTestCase()
116 {
117 AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
118 AccessTokenKit::DeleteToken(tokenID);
119
120 tokenID = AccessTokenKit::GetHapTokenID(
121 g_testHapInfoParams.userID, g_testHapInfoParams.bundleName, g_testHapInfoParams.instIndex);
122 AccessTokenKit::DeleteToken(tokenID);
123
124 if (g_mock != nullptr) {
125 delete g_mock;
126 g_mock = nullptr;
127 }
128 EXPECT_EQ(0, SetSelfTokenID(g_selfTokenId));
129 TestCommon::ResetTestEvironment();
130 }
131
SetUp()132 void UpdateHapTokenTest::SetUp()
133 {
134 LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok.");
135 HapInfoParams info = {
136 .userID = TEST_USER_ID,
137 .bundleName = TEST_BUNDLE_NAME,
138 .instIndex = 0,
139 .appIDDesc = "appIDDesc",
140 .apiVersion = TestCommon::DEFAULT_API_VERSION
141 };
142
143 HapPolicyParams policy = {
144 .apl = APL_NORMAL,
145 .domain = "domain"
146 };
147 policy.permStateList.emplace_back(g_infoManagerCameraState);
148 policy.permStateList.emplace_back(g_infoManagerMicrophoneState);
149
150 AccessTokenIDEx tokenIdEx = {0};
151 EXPECT_EQ(RET_SUCCESS, TestCommon::AllocTestHapToken(info, policy, tokenIdEx));
152 ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx);
153 }
154
TearDown()155 void UpdateHapTokenTest::TearDown()
156 {
157 }
158
159 /**
160 * @tc.name: UpdateHapTokenFuncTest001
161 * @tc.desc: test update appIDDesc
162 * 1.appIDDesc = AccessTokenTestAppID.
163 * 2.appIDDesc = HapTokenTestAppID_1, Update success.
164 * @tc.type: FUNC
165 * @tc.require:
166 */
167 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest001, TestSize.Level0)
168 {
169 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenFuncTest001");
170
171 HapInfoParams infoParams;
172 HapPolicyParams policyParams;
173 TestCommon::GetHapParams(infoParams, policyParams);
174 AccessTokenIDEx fullTokenId;
175 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
176 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
177 ASSERT_NE(INVALID_TOKENID, tokenID);
178 UpdateHapInfoParams updateHapInfoParams = {
179 .appIDDesc = "HapTokenTestAppID_1",
180 .apiVersion = infoParams.apiVersion,
181 .isSystemApp = infoParams.isSystemApp,
182 .appDistributionType = infoParams.appDistributionType
183 };
184
185 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
186
187 HapTokenInfo hapInfo;
188 AccessTokenKit::GetHapTokenInfo(tokenID, hapInfo);
189 EXPECT_EQ(0, hapInfo.userID);
190 EXPECT_EQ("com.ohos.AccessTokenTestBundle", hapInfo.bundleName);
191 EXPECT_EQ(TestCommon::DEFAULT_API_VERSION, hapInfo.apiVersion);
192 EXPECT_EQ(0, hapInfo.instIndex);
193 EXPECT_EQ(tokenID, hapInfo.tokenID);
194 EXPECT_EQ(1, hapInfo.tokenAttr);
195
196 HapTokenInfoExt hapInfoExt;
197 AccessTokenKit::GetHapTokenInfoExtension(tokenID, hapInfoExt);
198 EXPECT_EQ("HapTokenTestAppID_1", hapInfoExt.appID);
199
200 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
201 }
202
203 /**
204 * @tc.name: UpdateHapTokenFuncTest002
205 * @tc.desc: test update apiVersion
206 * 1.apiVersion = DEFAULT_API_VERSION.
207 * 2.apiVersion = API_VERSION_EIGHT, Update success.
208 * @tc.type: FUNC
209 * @tc.require:
210 */
211 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest002, TestSize.Level0)
212 {
213 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenFuncTest002");
214
215 HapInfoParams infoParams;
216 HapPolicyParams policyParams;
217 TestCommon::GetHapParams(infoParams, policyParams);
218 AccessTokenIDEx fullTokenId;
219 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
220 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
221 UpdateHapInfoParams updateHapInfoParams = {
222 .appIDDesc = infoParams.appIDDesc,
223 .apiVersion = API_VERSION_EIGHT,
224 .isSystemApp = infoParams.isSystemApp,
225 .appDistributionType = infoParams.appDistributionType
226 };
227
228 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
229
230 HapTokenInfo hapInfo;
231 AccessTokenKit::GetHapTokenInfo(tokenID, hapInfo);
232 EXPECT_EQ(0, hapInfo.userID);
233 EXPECT_EQ("com.ohos.AccessTokenTestBundle", hapInfo.bundleName);
234 EXPECT_EQ(API_VERSION_EIGHT, hapInfo.apiVersion);
235 EXPECT_EQ(0, hapInfo.instIndex);
236 EXPECT_EQ(tokenID, hapInfo.tokenID);
237 EXPECT_EQ(1, hapInfo.tokenAttr);
238
239 HapTokenInfoExt hapInfoExt;
240 AccessTokenKit::GetHapTokenInfoExtension(tokenID, hapInfoExt);
241 EXPECT_EQ("AccessTokenTestAppID", hapInfoExt.appID);
242
243 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
244 }
245
246 /**
247 * @tc.name: UpdateHapTokenFuncTest003
248 * @tc.desc: test update isSystemApp
249 * 1.isSystemApp = true.
250 * 2.isSystemApp = false, Update success.
251 * 3.isSystemApp = true, Update success.
252 * @tc.type: FUNC
253 * @tc.require:
254 */
255 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest003, TestSize.Level0)
256 {
257 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenFuncTest003");
258
259 HapInfoParams infoParams;
260 HapPolicyParams policyParams;
261 TestCommon::GetHapParams(infoParams, policyParams);
262 AccessTokenIDEx fullTokenId;
263 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
264 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
265 UpdateHapInfoParams updateHapInfoParams = {
266 .appIDDesc = infoParams.appIDDesc,
267 .apiVersion = infoParams.apiVersion,
268 .isSystemApp = false,
269 .appDistributionType = infoParams.appDistributionType
270 };
271
272 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
273
274 HapTokenInfo hapInfo;
275 AccessTokenKit::GetHapTokenInfo(tokenID, hapInfo);
276 EXPECT_EQ(0, hapInfo.userID);
277 EXPECT_EQ("com.ohos.AccessTokenTestBundle", hapInfo.bundleName);
278 EXPECT_EQ(TestCommon::DEFAULT_API_VERSION, hapInfo.apiVersion);
279 EXPECT_EQ(0, hapInfo.instIndex);
280 EXPECT_EQ(tokenID, hapInfo.tokenID);
281 EXPECT_EQ(0, hapInfo.tokenAttr);
282
283 HapTokenInfoExt hapInfoExt;
284 AccessTokenKit::GetHapTokenInfoExtension(tokenID, hapInfoExt);
285 EXPECT_EQ("AccessTokenTestAppID", hapInfoExt.appID);
286
287 updateHapInfoParams.isSystemApp = true;
288 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
289
290 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetHapTokenInfo(tokenID, hapInfo));
291 EXPECT_EQ(1, hapInfo.tokenAttr);
292
293 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
294 }
295
GetPermissions(string permissionName,PermissionStateFull & stateFull,PreAuthorizationInfo & info)296 void GetPermissions(string permissionName, PermissionStateFull& stateFull, PreAuthorizationInfo& info)
297 {
298 stateFull = {
299 .permissionName = permissionName,
300 .isGeneral = true,
301 .resDeviceID = {"local"},
302 .grantStatus = {PERMISSION_DENIED},
303 .grantFlags = {PERMISSION_SYSTEM_FIXED}
304 };
305
306 info = {
307 .permissionName = permissionName,
308 .userCancelable = false
309 };
310 }
311 /**
312 * @tc.name: UpdateHapTokenFuncTest004
313 * @tc.desc: test permission list number is increased from 0 to 2.
314 * 1.permStateList = {}.
315 * 2.permStateList = {permissionStateFull001, permissionStateFull002}, Update success.
316 * @tc.type: FUNC
317 * @tc.require:
318 */
319 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest004, TestSize.Level0)
320 {
321 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenFuncTest004");
322
323 HapInfoParams infoParams;
324 HapPolicyParams policyParams;
325 TestCommon::GetHapParams(infoParams, policyParams);
326 policyParams.apl = APL_SYSTEM_CORE;
327 AccessTokenIDEx fullTokenId;
328 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
329 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
330 EXPECT_EQ(PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.RECEIVE_SMS"));
331 EXPECT_EQ(PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.RECEIVE_MMS"));
332 UpdateHapInfoParams updateHapInfoParams = {
333 .appIDDesc = infoParams.appIDDesc,
334 .apiVersion = infoParams.apiVersion,
335 .isSystemApp = false,
336 .appDistributionType = infoParams.appDistributionType
337 };
338
339 PermissionStateFull permissionStateFull001;
340 PermissionStateFull permissionStateFull002;
341 PreAuthorizationInfo info1;
342 PreAuthorizationInfo info2;
343 GetPermissions("ohos.permission.RECEIVE_SMS", permissionStateFull001, info1);
344 GetPermissions("ohos.permission.RECEIVE_MMS", permissionStateFull002, info2);
345
346 policyParams.permStateList = {permissionStateFull001, permissionStateFull002};
347 policyParams.preAuthorizationInfo = {info1, info2};
348
349 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
350 std::vector<PermissionStateFull> permStatList;
351 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetReqPermissions(tokenID, permStatList, false));
352 EXPECT_EQ(static_cast<uint32_t>(2), permStatList.size());
353 EXPECT_EQ("ohos.permission.RECEIVE_SMS", permStatList[0].permissionName);
354 EXPECT_EQ(permStatList[0].grantStatus[0], PERMISSION_GRANTED);
355 EXPECT_EQ(permStatList[0].grantFlags[0], PERMISSION_SYSTEM_FIXED);
356 EXPECT_EQ("ohos.permission.RECEIVE_MMS", permStatList[1].permissionName);
357 EXPECT_EQ(permStatList[1].grantStatus[0], PERMISSION_GRANTED);
358 EXPECT_EQ(permStatList[1].grantFlags[0], PERMISSION_SYSTEM_FIXED);
359
360 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
361 }
362
363 /**
364 * @tc.name: UpdateHapTokenFuncTest005
365 * @tc.desc: test permission list number is decreased from 2 to 0.
366 * 1.permStateList = {permissionStateFull001, permissionStateFull002}.
367 * 2.permStateList={}, Update success.
368 * @tc.type: FUNC
369 * @tc.require:
370 */
371 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest005, TestSize.Level0)
372 {
373 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenFuncTest005");
374
375 HapInfoParams infoParams;
376 HapPolicyParams policyParams;
377 TestCommon::GetHapParams(infoParams, policyParams);
378 policyParams.apl = APL_SYSTEM_CORE;
379 PermissionStateFull permissionStateFull001 = {
380 .permissionName = "ohos.permission.RUN_DYN_CODE",
381 .isGeneral = true,
382 .resDeviceID = {"local"},
383 .grantStatus = {PERMISSION_DENIED},
384 .grantFlags = {PERMISSION_SYSTEM_FIXED}
385 };
386
387 PermissionStateFull permissionStateFull002 = {
388 .permissionName = "ohos.permission.ACCESS_DDK_USB",
389 .isGeneral = true,
390 .resDeviceID = {"local"},
391 .grantStatus = {PERMISSION_DENIED},
392 .grantFlags = {PERMISSION_SYSTEM_FIXED}
393 };
394 policyParams.permStateList = {permissionStateFull001, permissionStateFull002};
395 AccessTokenIDEx fullTokenId;
396 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
397 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
398
399 EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.RUN_DYN_CODE"));
400 EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_USB"));
401
402 UpdateHapInfoParams updateHapInfoParams = {
403 .appIDDesc = infoParams.appIDDesc,
404 .apiVersion = infoParams.apiVersion,
405 .isSystemApp = false,
406 .appDistributionType = infoParams.appDistributionType
407 };
408 policyParams.permStateList = {};
409
410 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
411
412 EXPECT_EQ(PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.RUN_DYN_CODE"));
413 EXPECT_EQ(PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_USB"));
414
415 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
416 }
417
418 /**
419 * @tc.name: UpdateHapTokenFuncTest006
420 * @tc.desc: test permission list number is changed from permissionStateFull001 to permissionStateFull003.
421 * 1.permStateList = {permissionStateFull001}
422 * 2.permStateList = {permissionStateFull003}, Update success.
423 * @tc.type: FUNC
424 * @tc.require:
425 */
426 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest006, TestSize.Level0)
427 {
428 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenFuncTest006");
429
430 HapInfoParams infoParams;
431 HapPolicyParams policyParams;
432 TestCommon::GetHapParams(infoParams, policyParams);
433 PermissionStateFull permissionStateFull001 = {
434 .permissionName = "ohos.permission.RUN_DYN_CODE",
435 .isGeneral = true,
436 .resDeviceID = {"local"},
437 .grantStatus = {PERMISSION_DENIED},
438 .grantFlags = {PERMISSION_SYSTEM_FIXED}
439 };
440
441 policyParams.permStateList = {permissionStateFull001};
442 AccessTokenIDEx fullTokenId = {0};
443 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
444 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
445 ASSERT_NE(INVALID_TOKENID, tokenID);
446
447 EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.RUN_DYN_CODE"));
448 EXPECT_EQ(PERMISSION_DENIED,
449 AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_EXTENSIONAL_DEVICE_DRIVER"));
450 UpdateHapInfoParams updateHapInfoParams = {
451 .appIDDesc = infoParams.appIDDesc,
452 .apiVersion = infoParams.apiVersion,
453 .isSystemApp = false,
454 .appDistributionType = infoParams.appDistributionType
455 };
456 PermissionStateFull permissionStateFull003 = {
457 .permissionName = "ohos.permission.ACCESS_EXTENSIONAL_DEVICE_DRIVER",
458 .isGeneral = true,
459 .resDeviceID = {"local"},
460 .grantStatus = {PERMISSION_DENIED},
461 .grantFlags = {PERMISSION_SYSTEM_FIXED}
462 };
463
464 policyParams.permStateList = { permissionStateFull003 };
465 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
466
467 EXPECT_EQ(PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.RUN_DYN_CODE"));
468 EXPECT_EQ(PERMISSION_GRANTED,
469 AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_EXTENSIONAL_DEVICE_DRIVER"));
470
471 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
472 }
473
ExistInVector(vector<unsigned int> array,unsigned int value)474 static bool ExistInVector(vector<unsigned int> array, unsigned int value)
475 {
476 vector<unsigned int>::iterator it = find(array.begin(), array.end(), value);
477 if (it != array.end()) {
478 return true;
479 } else {
480 return false;
481 }
482 }
483
484 /**
485 * @tc.name: UpdateHapTokenFuncTest007
486 * @tc.desc: update a batch of tokenId.
487 * @tc.type: FUNC
488 * @tc.require: Issue Number
489 */
490 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest007, TestSize.Level0)
491 {
492 int allocFlag = 0;
493 int updateFlag = 0;
494 int deleteFlag = 0;
495 AccessTokenIDEx tokenIdEx = {0};
496 vector<AccessTokenID> obj;
497 bool exist;
498 HapInfoParams testInfo = g_testHapInfoParams;
499 HapPolicyParams testPolicy = g_testPolicyParams;
500
501 for (int i = 0; i < CYCLE_TIMES; i++) {
502 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(testInfo, testPolicy, tokenIdEx));
503 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
504 ASSERT_NE(INVALID_TOKENID, tokenID);
505
506 exist = ExistInVector(obj, tokenID);
507 if (exist) {
508 allocFlag = 1;
509 break;
510 }
511 obj.push_back(tokenID);
512 testInfo.userID++;
513 }
514
515 testInfo.instIndex = 1;
516 testPolicy.apl = APL_SYSTEM_BASIC;
517 UpdateHapInfoParams info;
518 info.appIDDesc = g_testHapInfoParams.appIDDesc;
519 info.apiVersion = TestCommon::DEFAULT_API_VERSION;
520 info.appDistributionType = "enterprise_mdm";
521 info.isSystemApp = false;
522 for (size_t i = 0; i < obj.size(); i++) {
523 AccessTokenIDEx idEx = {
524 .tokenIdExStruct.tokenID = obj[i],
525 .tokenIdExStruct.tokenAttr = 0,
526 };
527 int ret = AccessTokenKit::UpdateHapToken(idEx, info, testPolicy);
528 if (RET_SUCCESS != ret) {
529 updateFlag = 1;
530 break;
531 }
532 }
533 testPolicy.apl = APL_NORMAL;
534
535 for (size_t i = 0; i < obj.size(); i++) {
536 int ret = AccessTokenKit::DeleteToken(obj[i]);
537 if (RET_SUCCESS != ret) {
538 deleteFlag = 1;
539 }
540 }
541 EXPECT_EQ(allocFlag, 0);
542 EXPECT_EQ(updateFlag, 0);
543 EXPECT_EQ(deleteFlag, 0);
544 }
545
546 /**
547 * @tc.name: UpdateHapTokenFuncTest008
548 * @tc.desc: add new permissdef.
549 * @tc.type: FUNC
550 * @tc.require: Issue Number
551 */
552 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest008, TestSize.Level0)
553 {
554 AccessTokenIDEx tokenIdEx = {0};
555 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, tokenIdEx));
556 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
557 ASSERT_NE(INVALID_TOKENID, tokenID);
558
559 PermissionDef permDefResult;
560 /* check permission define before update */
561 int32_t ret = AccessTokenKit::GetDefPermission("ohos.permission.test3", permDefResult);
562 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret);
563
564 std::string backUp = g_testPolicyParams.permList[INDEX_ZERO].permissionName;
565 g_testPolicyParams.permList[INDEX_ZERO].permissionName = "ohos.permission.test3";
566 UpdateHapInfoParams info;
567 info.appIDDesc = g_testHapInfoParams.appIDDesc;
568 info.apiVersion = TestCommon::DEFAULT_API_VERSION;
569 info.isSystemApp = false;
570 info.appDistributionType = "enterprise_mdm";
571 ret = AccessTokenKit::UpdateHapToken(tokenIdEx, info, g_testPolicyParams);
572 ASSERT_EQ(RET_SUCCESS, ret);
573 g_testPolicyParams.permList[INDEX_ZERO].permissionName = backUp;
574
575 GTEST_LOG_(INFO) << "permissionName :" << g_testPolicyParams.permList[INDEX_ZERO].permissionName;
576
577 ret = AccessTokenKit::GetDefPermission("ohos.permission.test3", permDefResult);
578 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret);
579 EXPECT_NE("ohos.permission.test3", permDefResult.permissionName);
580
581 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
582 }
583 /**
584 * @tc.name: UpdateHapTokenFuncTest009
585 * @tc.desc: modify permissdef's grantMode.
586 * @tc.type: FUNC
587 * @tc.require: Issue Number
588 */
589 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest009, TestSize.Level0)
590 {
591 const std::string appIDDesc = g_testHapInfoParams.appIDDesc;
592 int backupMode = g_testPolicyParams.permList[INDEX_ZERO].grantMode;
593 std::string backupLable = g_testPolicyParams.permList[INDEX_ZERO].label;
594
595 AccessTokenIDEx tokenIdEx = {0};
596 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, tokenIdEx));
597 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
598 ASSERT_NE(INVALID_TOKENID, tokenID);
599
600 PermissionDef permDefResult;
601 /* check permission define before update */
602 int32_t ret = AccessTokenKit::GetDefPermission(
603 g_testPolicyParams.permList[INDEX_ZERO].permissionName, permDefResult);
604 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret);
605
606 g_testPolicyParams.permList[INDEX_ZERO].grantMode = 0;
607 g_testPolicyParams.permList[INDEX_ZERO].label = "updated label";
608 UpdateHapInfoParams info;
609 info.appIDDesc = appIDDesc;
610 info.apiVersion = TestCommon::DEFAULT_API_VERSION;
611 info.isSystemApp = false;
612 info.appDistributionType = "enterprise_mdm";
613 ret = AccessTokenKit::UpdateHapToken(tokenIdEx, info, g_testPolicyParams);
614 ASSERT_EQ(RET_SUCCESS, ret);
615
616 /* check permission define after update */
617 ret = AccessTokenKit::GetDefPermission(
618 g_testPolicyParams.permList[INDEX_ZERO].permissionName, permDefResult);
619 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret);
620
621 g_testPolicyParams.permList[INDEX_ZERO].label = backupLable;
622 g_testPolicyParams.permList[INDEX_ZERO].grantMode = backupMode;
623 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
624 }
625
626 /**
627 * @tc.name: UpdateHapTokenFuncTest010
628 * @tc.desc: old permission will not update its grantStatus.
629 * @tc.type: FUNC
630 * @tc.require: Issue Number
631 */
632 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest010, TestSize.Level0)
633 {
634 const std::string appIDDesc = g_testHapInfoParams.appIDDesc;
635 std::string permission = g_infoManagerCameraState.permissionName;
636
637 AccessTokenIDEx tokenIdEx = {0};
638 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, tokenIdEx));
639 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
640 ASSERT_NE(INVALID_TOKENID, tokenID);
641
642 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GrantPermission(tokenID, permission, PERMISSION_USER_FIXED));
643
644 ASSERT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, permission, false));
645
646 HapPolicyParams infoManagerTestPolicyPrams = {
647 .apl = APL_NORMAL,
648 .domain = "test.domain",
649 .permStateList = {g_infoManagerCameraState}
650 };
651 UpdateHapInfoParams info;
652 info.appIDDesc = appIDDesc;
653 info.apiVersion = TestCommon::DEFAULT_API_VERSION;
654 info.isSystemApp = false;
655 info.appDistributionType = "enterprise_mdm";
656 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(tokenIdEx, info, infoManagerTestPolicyPrams));
657
658 ASSERT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, permission, false));
659
660 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
661 }
662
663 /**
664 * @tc.name: UpdateHapTokenFuncTest011
665 * @tc.desc: update api version.
666 * @tc.type: FUNC
667 * @tc.require:Issue Number
668 */
669 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest011, TestSize.Level0)
670 {
671 const std::string appIDDesc = g_testHapInfoParams.appIDDesc;
672 AccessTokenIDEx tokenIdEx = {0};
673 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, tokenIdEx));
674 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
675 ASSERT_NE(INVALID_TOKENID, tokenID);
676
677 UpdateHapInfoParams info;
678 info.appIDDesc = appIDDesc;
679 info.isSystemApp = false;
680 info.appDistributionType = "enterprise_mdm";
681
682 info.apiVersion = TestCommon::DEFAULT_API_VERSION - 1;
683 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(tokenIdEx, info, g_testPolicyParams));
684
685 HapTokenInfo hapTokenInfoRes;
686 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes));
687 ASSERT_EQ(info.apiVersion, hapTokenInfoRes.apiVersion);
688
689 info.apiVersion = TestCommon::DEFAULT_API_VERSION + 1;
690 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(tokenIdEx, info, g_testPolicyParams));
691
692 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes));
693 EXPECT_EQ(info.apiVersion, hapTokenInfoRes.apiVersion);
694
695 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
696 }
697
698 /**
699 * @tc.name: UpdateHapTokenFuncTest012
700 * @tc.desc: AccessTokenKit::UpdateHapToken function test
701 * @tc.type: FUNC
702 * @tc.require: issueI61A6M
703 */
704 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest012, TestSize.Level0)
705 {
706 AccessTokenIDEx tokenID = {0};
707 HapPolicyParams policy;
708 UpdateHapInfoParams info;
709 info.appIDDesc = std::string("updateFailed");
710 info.apiVersion = 0;
711 info.isSystemApp = false;
712 EXPECT_EQ(AccessTokenError::ERR_PARAM_INVALID,
713 AccessTokenKit::UpdateHapToken(tokenID, info, policy));
714 }
715
ThreadTestFunc01(void * args)716 static void *ThreadTestFunc01(void *args)
717 {
718 ATokenTypeEnum type;
719 AccessTokenID tokenID;
720
721 for (int i = 0; i < CYCLE_TIMES; i++) {
722 tokenID = AccessTokenKit::AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
723 type = AccessTokenKit::GetTokenType(tokenID);
724 if (type != TOKEN_HAP) {
725 GTEST_LOG_(INFO) << "ThreadTestFunc01 failed" << tokenID;
726 }
727 }
728 return nullptr;
729 }
730
ThreadTestFunc02(void * args)731 static void *ThreadTestFunc02(void *args)
732 {
733 int ret;
734 AccessTokenID tokenID;
735 HapTokenInfo hapTokenInfoRes;
736
737 for (int i = 0; i < CYCLE_TIMES; i++) {
738 tokenID = AccessTokenKit::AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
739 ret = AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes);
740 if (ret != RET_SUCCESS) {
741 GTEST_LOG_(INFO) << "ThreadTestFunc02 failed" << tokenID;
742 }
743 }
744 return nullptr;
745 }
746
747 /**
748 * @tc.name: AllocHapToken011
749 * @tc.desc: Mulitpulthread test.
750 * @tc.type: FUNC
751 * @tc.require: Issue Number
752 */
753 HWTEST_F(UpdateHapTokenTest, Mulitpulthread001, TestSize.Level0)
754 {
755 AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
756 ASSERT_NE(INVALID_TOKENID, tokenID);
757 pthread_t tid[2];
758 (void)pthread_create(&tid[0], nullptr, &ThreadTestFunc01, nullptr);
759 (void)pthread_create(&tid[1], nullptr, &ThreadTestFunc01, nullptr);
760 (void)pthread_join(tid[0], nullptr);
761 (void)pthread_join(tid[1], nullptr);
762
763 (void)pthread_create(&tid[0], nullptr, &ThreadTestFunc02, nullptr);
764 (void)pthread_create(&tid[1], nullptr, &ThreadTestFunc02, nullptr);
765 (void)pthread_join(tid[0], nullptr);
766 (void)pthread_join(tid[1], nullptr);
767 }
768
ConcurrencyTask(unsigned int tokenID)769 void ConcurrencyTask(unsigned int tokenID)
770 {
771 uint32_t flag;
772 for (int i = 0; i < CYCLE_TIMES; i++) {
773 AccessTokenKit::GrantPermission(tokenID, g_infoManagerMicrophoneState.permissionName, PERMISSION_USER_FIXED);
774 AccessTokenKit::GetPermissionFlag(tokenID, g_infoManagerMicrophoneState.permissionName, flag);
775 AccessTokenKit::VerifyAccessToken(tokenID, g_infoManagerMicrophoneState.permissionName, false);
776
777 AccessTokenKit::RevokePermission(tokenID, g_infoManagerMicrophoneState.permissionName, PERMISSION_USER_SET);
778 AccessTokenKit::GetPermissionFlag(tokenID, g_infoManagerMicrophoneState.permissionName, flag);
779 AccessTokenKit::VerifyAccessToken(tokenID, g_infoManagerMicrophoneState.permissionName, false);
780 }
781 }
782
783 /**
784 * @tc.name: ConcurrencyTest001
785 * @tc.desc: Concurrency testing
786 * @tc.type: FUNC
787 * @tc.require: Issue Number
788 */
789 HWTEST_F(UpdateHapTokenTest, ConcurrencyTest001, TestSize.Level0)
790 {
791 AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
792 ASSERT_NE(INVALID_TOKENID, tokenID);
793 std::vector<std::thread> threadVec;
794 for (int i = 0; i < THREAD_NUM; i++) {
795 threadVec.emplace_back(std::thread(ConcurrencyTask, tokenID));
796 }
797 for (auto it = threadVec.begin(); it != threadVec.end(); it++) {
798 it->join();
799 }
800 }
801
802 /**
803 * @tc.name: UpdateHapTokenSpecsTest001
804 * @tc.desc: test aclRequestedList does not exist before update and add one after update.
805 * 1.aclRequestedList = {}.
806 * 2.aclRequestedList = {"ohos.permission.ACCESS_DDK_USB"}, Update success.
807 * @tc.type: FUNC
808 * @tc.require:
809 */
810 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest001, TestSize.Level0)
811 {
812 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest001");
813
814 HapInfoParams infoParams;
815 HapPolicyParams policyParams;
816 TestCommon::GetHapParams(infoParams, policyParams);
817 policyParams.apl = APL_NORMAL;
818 PermissionStateFull permissionStateFull001 = {
819 .permissionName = "ohos.permission.RUN_DYN_CODE",
820 .isGeneral = true,
821 .resDeviceID = {"local"},
822 .grantStatus = {PERMISSION_DENIED},
823 .grantFlags = {PERMISSION_SYSTEM_FIXED}
824 };
825
826 PermissionStateFull permissionStateFull002 = {
827 .permissionName = "ohos.permission.ACCESS_DDK_USB",
828 .isGeneral = true,
829 .resDeviceID = {"local"},
830 .grantStatus = {PERMISSION_DENIED},
831 .grantFlags = {PERMISSION_SYSTEM_FIXED}
832 };
833 policyParams.permStateList = {permissionStateFull001};
834 AccessTokenIDEx fullTokenId;
835 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
836 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
837
838 EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.RUN_DYN_CODE"));
839
840 UpdateHapInfoParams updateHapInfoParams = {
841 .appIDDesc = infoParams.appIDDesc,
842 .apiVersion = infoParams.apiVersion,
843 .isSystemApp = false,
844 .appDistributionType = infoParams.appDistributionType
845 };
846 policyParams.permStateList = {permissionStateFull001, permissionStateFull002};
847 policyParams.aclRequestedList = {"ohos.permission.ACCESS_DDK_USB"};
848 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
849 tokenID = fullTokenId.tokenIdExStruct.tokenID;
850
851 EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.RUN_DYN_CODE"));
852 EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_USB"));
853
854 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
855 }
856
857 /**
858 * @tc.name: UpdateHapTokenSpecsTest002
859 * @tc.desc: test aclRequestedList exist before update and remove after update.
860 * 1.aclRequestedList = {"ohos.permission.ACCESS_DDK_USB"}
861 * 2.aclRequestedList = {}, Update failed.
862 * @tc.type: FUNC
863 * @tc.require:
864 */
865 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest002, TestSize.Level0)
866 {
867 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest002");
868
869 HapInfoParams infoParams;
870 HapPolicyParams policyParams;
871 TestCommon::GetHapParams(infoParams, policyParams);
872 policyParams.apl = APL_NORMAL;
873 PermissionStateFull permissionStateFull001 = {
874 .permissionName = "ohos.permission.RUN_DYN_CODE",
875 .isGeneral = true,
876 .resDeviceID = {"local"},
877 .grantStatus = {PERMISSION_DENIED},
878 .grantFlags = {PERMISSION_SYSTEM_FIXED}
879 };
880
881 PermissionStateFull permissionStateFull002 = {
882 .permissionName = "ohos.permission.ACCESS_DDK_USB",
883 .isGeneral = true,
884 .resDeviceID = {"local"},
885 .grantStatus = {PERMISSION_DENIED},
886 .grantFlags = {PERMISSION_SYSTEM_FIXED}
887 };
888
889 policyParams.permStateList = {permissionStateFull001, permissionStateFull002};
890 policyParams.aclRequestedList = {"ohos.permission.ACCESS_DDK_USB"};
891 AccessTokenIDEx fullTokenId;
892 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
893 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
894 EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.RUN_DYN_CODE"));
895 EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_USB"));
896
897 UpdateHapInfoParams updateHapInfoParams = {
898 .appIDDesc = infoParams.appIDDesc,
899 .apiVersion = infoParams.apiVersion,
900 .isSystemApp = false,
901 .appDistributionType = infoParams.appDistributionType
902 };
903 policyParams.aclRequestedList = {};
904 ASSERT_EQ(
905 ERR_PERM_REQUEST_CFG_FAILED, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
906 tokenID = fullTokenId.tokenIdExStruct.tokenID;
907
908 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
909 }
910
911 /**
912 * @tc.name: UpdateHapTokenSpecsTest003
913 * @tc.desc: test permission not available after apl update from APL_SYSTEM_CORE to APL_NORMAL.
914 * 1.apl = APL_SYSTEM_CORE.
915 * 2.apl = APL_NORMAL, Update failed.
916 * @tc.type: FUNC
917 * @tc.require:
918 */
919 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest003, TestSize.Level0)
920 {
921 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest003");
922
923 HapInfoParams infoParams;
924 HapPolicyParams policyParams;
925 TestCommon::GetHapParams(infoParams, policyParams);
926 policyParams.apl = APL_SYSTEM_CORE;
927 PermissionStateFull permissionStateFull001 = {
928 .permissionName = "ohos.permission.RUN_DYN_CODE",
929 .isGeneral = true,
930 .resDeviceID = {"local"},
931 .grantStatus = {PERMISSION_DENIED},
932 .grantFlags = {PERMISSION_SYSTEM_FIXED}
933 };
934
935 PermissionStateFull permissionStateFull002 = {
936 .permissionName = "ohos.permission.ACCESS_DDK_USB",
937 .isGeneral = true,
938 .resDeviceID = {"local"},
939 .grantStatus = {PERMISSION_DENIED},
940 .grantFlags = {PERMISSION_SYSTEM_FIXED}
941 };
942
943 policyParams.permStateList = {permissionStateFull001, permissionStateFull002};
944 AccessTokenIDEx fullTokenId;
945 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
946 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
947 EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.RUN_DYN_CODE"));
948 EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_USB"));
949
950 UpdateHapInfoParams updateHapInfoParams = {
951 .appIDDesc = infoParams.appIDDesc,
952 .apiVersion = infoParams.apiVersion,
953 .isSystemApp = false,
954 .appDistributionType = infoParams.appDistributionType
955 };
956 policyParams.apl = APL_NORMAL;
957 ASSERT_EQ(
958 ERR_PERM_REQUEST_CFG_FAILED, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
959 tokenID = fullTokenId.tokenIdExStruct.tokenID;
960
961 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
962 }
963
964 /**
965 * @tc.name: UpdateHapTokenSpecsTest004
966 * @tc.desc: Update to a MDM app, system permission is unavailable.
967 * 1.appDistributionType = ""
968 * 2.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM, Update success
969 * @tc.type: FUNC
970 * @tc.require:
971 */
972 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest004, TestSize.Level0)
973 {
974 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest004");
975
976 HapInfoParams infoParams;
977 HapPolicyParams policyParams;
978 TestCommon::GetHapParams(infoParams, policyParams);
979 policyParams.apl = APL_SYSTEM_CORE;
980 PermissionStateFull permissionStateFull001 = {
981 .permissionName = "ohos.permission.MANAGE_FINGERPRINT_AUTH",
982 .isGeneral = true,
983 .resDeviceID = {"local"},
984 .grantStatus = {PERMISSION_DENIED},
985 .grantFlags = {PERMISSION_SYSTEM_FIXED}
986 };
987 policyParams.permStateList = {permissionStateFull001};
988 AccessTokenIDEx fullTokenId;
989 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
990 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
991 EXPECT_EQ(
992 PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MANAGE_FINGERPRINT_AUTH"));
993
994 UpdateHapInfoParams updateHapInfoParams = {
995 .appIDDesc = infoParams.appIDDesc,
996 .apiVersion = infoParams.apiVersion,
997 .isSystemApp = false,
998 .appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM
999 };
1000
1001 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
1002 tokenID = fullTokenId.tokenIdExStruct.tokenID;
1003 // MDM Control not apply, verify result is PERMISSION_GRANTED
1004 EXPECT_EQ(
1005 PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MANAGE_FINGERPRINT_AUTH"));
1006
1007 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
1008 }
1009
1010 /**
1011 * @tc.name: UpdateHapTokenSpecsTest005
1012 * @tc.desc: Update to a non-MDM app, MDM permission is unavailable.
1013 * 1.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM, permission is GRANTED.
1014 * 2.appDistributionType ="", Update failed.
1015 * @tc.type: FUNC
1016 * @tc.require:
1017 */
1018 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest005, TestSize.Level0)
1019 {
1020 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest005");
1021
1022 HapInfoParams infoParams;
1023 HapPolicyParams policyParams;
1024 TestCommon::GetHapParams(infoParams, policyParams);
1025 policyParams.apl = APL_SYSTEM_CORE;
1026 infoParams.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM;
1027 PermissionStateFull permissionStateFull001 = {
1028 .permissionName = "ohos.permission.ENTERPRISE_MANAGE_SETTINGS",
1029 .isGeneral = true,
1030 .resDeviceID = {"local"},
1031 .grantStatus = {PERMISSION_DENIED},
1032 .grantFlags = {PERMISSION_SYSTEM_FIXED}
1033 };
1034 PermissionStateFull permissionStateFull002 = {
1035 .permissionName = "ohos.permission.MANAGE_FINGERPRINT_AUTH",
1036 .isGeneral = true,
1037 .resDeviceID = {"local"},
1038 .grantStatus = {PERMISSION_DENIED},
1039 .grantFlags = {PERMISSION_SYSTEM_FIXED}
1040 };
1041 policyParams.permStateList = {permissionStateFull001, permissionStateFull002};
1042 AccessTokenIDEx fullTokenId;
1043 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
1044 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
1045 // MDM Control not apply, verify result is PERMISSION_GRANTED
1046 EXPECT_EQ(
1047 PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ENTERPRISE_MANAGE_SETTINGS"));
1048 EXPECT_EQ(
1049 PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MANAGE_FINGERPRINT_AUTH"));
1050
1051 UpdateHapInfoParams updateHapInfoParams = {
1052 .appIDDesc = infoParams.appIDDesc,
1053 .apiVersion = infoParams.apiVersion,
1054 .isSystemApp = false,
1055 .appDistributionType = ""
1056 };
1057 ASSERT_EQ(
1058 ERR_PERM_REQUEST_CFG_FAILED, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
1059
1060 HapInfoCheckResult result;
1061 ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED,
1062 AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams, result));
1063 EXPECT_EQ(result.permCheckResult.permissionName, "ohos.permission.ENTERPRISE_MANAGE_SETTINGS");
1064 EXPECT_EQ(result.permCheckResult.rule, PERMISSION_EDM_RULE);
1065 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
1066 }
1067
1068 /**
1069 * @tc.name: UpdateHapTokenSpecsTest006
1070 * @tc.desc: App user_grant permission has not been operated, update with pre-authorization.
1071 * 1.preAuthorizationInfo = {info1}, pre-authorization update success
1072 * 2.GetReqPermissions success. permission is GRANTED.
1073 * @tc.type: FUNC
1074 * @tc.require: Issue Number
1075 */
1076 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest006, TestSize.Level0)
1077 {
1078 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest006");
1079
1080 HapPolicyParams testPolicyParams1 = {
1081 .apl = APL_NORMAL,
1082 .domain = "test.domain2",
1083 .permStateList = {g_infoManagerCameraState}
1084 };
1085 AccessTokenIDEx fullTokenId;
1086 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParams1, fullTokenId));
1087
1088 UpdateHapInfoParams info;
1089 info.appIDDesc = "TEST";
1090 info.apiVersion = TestCommon::DEFAULT_API_VERSION;
1091 info.isSystemApp = true;
1092 PreAuthorizationInfo info1 = {
1093 .permissionName = "ohos.permission.CAMERA",
1094 .userCancelable = false
1095 };
1096 HapPolicyParams testPolicyParams2 = {
1097 .apl = APL_NORMAL,
1098 .domain = "test.domain2",
1099 .permStateList = {g_infoManagerCameraState},
1100 .preAuthorizationInfo = {info1}
1101 };
1102 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, info, testPolicyParams2));
1103 std::vector<PermissionStateFull> state;
1104 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, state, false));
1105 EXPECT_EQ(static_cast<uint32_t>(1), state.size());
1106 EXPECT_EQ("ohos.permission.CAMERA", state[0].permissionName);
1107 EXPECT_EQ(state[0].grantStatus[0], PERMISSION_GRANTED);
1108 EXPECT_EQ(state[0].grantFlags[0], PERMISSION_SYSTEM_FIXED);
1109
1110 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
1111 }
1112
1113 /**
1114 * @tc.name: UpdateHapTokenSpecsTest007
1115 * @tc.desc: App user_grant permission has been granted or revoked by user, update with pre-authorization
1116 * 1.user_grant permission1 has been granted.
1117 * 2.user_grant permission2 has been revoked.
1118 * 3.preAuthorizationInfo = {info1, info2}, update pre-authorization success.
1119 * 4.GetReqPermissions success. permission1 is GRANTED, permission2 is DENIED.
1120 * @tc.type: FUNC
1121 * @tc.require: Issue Number
1122 */
1123 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest007, TestSize.Level0)
1124 {
1125 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest007");
1126
1127 HapPolicyParams testPolicyParams1 = {
1128 .apl = APL_NORMAL,
1129 .domain = "test.domain2",
1130 .permStateList = {g_infoManagerCameraState, g_infoManagerMicrophoneState}
1131 };
1132 AccessTokenIDEx fullTokenId;
1133 int32_t ret = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParams1, fullTokenId);
1134 EXPECT_EQ(RET_SUCCESS, ret);
1135
1136 ret = AccessTokenKit::GrantPermission(
1137 fullTokenId.tokenIdExStruct.tokenID, "ohos.permission.CAMERA", PERMISSION_USER_FIXED);
1138 EXPECT_EQ(RET_SUCCESS, ret);
1139 ret = AccessTokenKit::RevokePermission(
1140 fullTokenId.tokenIdExStruct.tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED);
1141 EXPECT_EQ(RET_SUCCESS, ret);
1142
1143 UpdateHapInfoParams info;
1144 info.appIDDesc = "TEST";
1145 info.apiVersion = TestCommon::DEFAULT_API_VERSION;
1146 info.isSystemApp = true;
1147 PreAuthorizationInfo info1 = {
1148 .permissionName = "ohos.permission.CAMERA",
1149 .userCancelable = false
1150 };
1151 PreAuthorizationInfo info2 = {
1152 .permissionName = "ohos.permission.MICROPHONE",
1153 .userCancelable = false
1154 };
1155 HapPolicyParams testPolicyParams2 = {
1156 .apl = APL_NORMAL,
1157 .domain = "test.domain2",
1158 .permStateList = {g_infoManagerCameraState, g_infoManagerMicrophoneState},
1159 .preAuthorizationInfo = {info1, info2}
1160 };
1161 ret = AccessTokenKit::UpdateHapToken(fullTokenId, info, testPolicyParams2);
1162 ASSERT_EQ(RET_SUCCESS, ret);
1163 std::vector<PermissionStateFull> state;
1164 AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, state, false);
1165 EXPECT_EQ(static_cast<uint32_t>(2), state.size());
1166 EXPECT_EQ("ohos.permission.CAMERA", state[0].permissionName);
1167 EXPECT_EQ(state[0].grantStatus[0], PERMISSION_GRANTED);
1168 EXPECT_EQ(state[0].grantFlags[0], PERMISSION_USER_FIXED);
1169 EXPECT_EQ("ohos.permission.MICROPHONE", state[1].permissionName);
1170 EXPECT_EQ(state[1].grantStatus[0], PERMISSION_DENIED);
1171 EXPECT_EQ(state[1].grantFlags[0], PERMISSION_USER_FIXED);
1172
1173 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
1174 }
1175
1176 /**
1177 * @tc.name: UpdateHapTokenSpecsTest008
1178 * @tc.desc: App user_grant permission has been pre-authorized with userUnCancelable flag,
1179 * update with userCancelable pre-authorization.
1180 * 1.userCancelable = false.
1181 * 2.userCancelable = true, update pre-authorization success, GetReqPermissions success.
1182 * @tc.type: FUNC
1183 * @tc.require: Issue Number
1184 */
1185 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest008, TestSize.Level0)
1186 {
1187 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest008");
1188
1189 PreAuthorizationInfo info1 = {
1190 .permissionName = "ohos.permission.CAMERA",
1191 .userCancelable = false
1192 };
1193 PreAuthorizationInfo info2 = {
1194 .permissionName = "ohos.permission.MICROPHONE",
1195 .userCancelable = false
1196 };
1197 HapPolicyParams testPolicyParams1 = {
1198 .apl = APL_NORMAL,
1199 .domain = "test.domain2",
1200 .permStateList = {g_infoManagerCameraState, g_infoManagerMicrophoneState},
1201 .preAuthorizationInfo = {info1, info2}
1202 };
1203 AccessTokenIDEx fullTokenId;
1204 int32_t ret = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParams1, fullTokenId);
1205 EXPECT_EQ(RET_SUCCESS, ret);
1206
1207 ret = AccessTokenKit::GrantPermission(
1208 fullTokenId.tokenIdExStruct.tokenID, "ohos.permission.CAMERA", PERMISSION_USER_FIXED);
1209 EXPECT_NE(RET_SUCCESS, ret);
1210 ret = AccessTokenKit::RevokePermission(
1211 fullTokenId.tokenIdExStruct.tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED);
1212 EXPECT_NE(RET_SUCCESS, ret);
1213
1214 UpdateHapInfoParams info;
1215 info.appIDDesc = "TEST";
1216 info.apiVersion = TestCommon::DEFAULT_API_VERSION;
1217 info.isSystemApp = true;
1218 info1.userCancelable = true;
1219 testPolicyParams1.preAuthorizationInfo = {info1};
1220
1221 ret = AccessTokenKit::UpdateHapToken(fullTokenId, info, testPolicyParams1);
1222 ASSERT_EQ(RET_SUCCESS, ret);
1223 std::vector<PermissionStateFull> state;
1224 AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, state, false);
1225 EXPECT_EQ(static_cast<uint32_t>(2), state.size());
1226 EXPECT_EQ(state[0].grantStatus[0], PERMISSION_GRANTED);
1227 EXPECT_EQ(state[0].grantFlags[0], PERMISSION_PRE_AUTHORIZED_CANCELABLE);
1228 EXPECT_EQ(state[1].grantStatus[0], PERMISSION_DENIED);
1229 EXPECT_EQ(state[1].grantFlags[0], PERMISSION_DEFAULT_FLAG);
1230
1231 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
1232 }
1233
1234 /**
1235 * @tc.name: UpdateHapTokenSpecsTest009
1236 * @tc.desc: App user_grant permission has been pre-authorized with userCancelable flag,
1237 * update with userCancelable pre-authorization.
1238 * 1.userCancelable = true.
1239 * 2.userCancelable = false, update success, GetReqPermissions success.
1240 * @tc.type: FUNC
1241 * @tc.require: Issue Number
1242 */
1243 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest009, TestSize.Level0)
1244 {
1245 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest009");
1246
1247 PreAuthorizationInfo info1 = {
1248 .permissionName = "ohos.permission.CAMERA",
1249 .userCancelable = true
1250 };
1251 PreAuthorizationInfo info2 = {
1252 .permissionName = "ohos.permission.MICROPHONE",
1253 .userCancelable = true
1254 };
1255 HapPolicyParams testPolicyParams1 = {
1256 .apl = APL_NORMAL,
1257 .domain = "test.domain2",
1258 .permStateList = {g_infoManagerCameraState, g_infoManagerMicrophoneState},
1259 .preAuthorizationInfo = {info1, info2}
1260 };
1261 AccessTokenIDEx fullTokenId;
1262 int32_t ret = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParams1, fullTokenId);
1263 EXPECT_EQ(RET_SUCCESS, ret);
1264
1265 ret = AccessTokenKit::RevokePermission(
1266 fullTokenId.tokenIdExStruct.tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED);
1267 EXPECT_EQ(RET_SUCCESS, ret);
1268
1269 UpdateHapInfoParams info;
1270 info.appIDDesc = "TEST";
1271 info.apiVersion = TestCommon::DEFAULT_API_VERSION;
1272 info.isSystemApp = true;
1273 info1.userCancelable = false;
1274 testPolicyParams1.preAuthorizationInfo = {info1};
1275
1276 ret = AccessTokenKit::UpdateHapToken(fullTokenId, info, testPolicyParams1);
1277 ASSERT_EQ(RET_SUCCESS, ret);
1278 std::vector<PermissionStateFull> state;
1279 AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, state, false);
1280 EXPECT_EQ(static_cast<uint32_t>(2), state.size());
1281 EXPECT_EQ(state[0].grantStatus[0], PERMISSION_GRANTED);
1282 EXPECT_EQ(state[0].grantFlags[0], PERMISSION_SYSTEM_FIXED);
1283 EXPECT_EQ(state[1].grantStatus[0], PERMISSION_DENIED);
1284 EXPECT_EQ(state[1].grantFlags[0], PERMISSION_USER_FIXED | PERMISSION_PRE_AUTHORIZED_CANCELABLE);
1285
1286 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
1287 }
1288
1289 /**
1290 * @tc.name: UpdateHapTokenSpecsTest010
1291 * @tc.desc: test aclRequestedList exist before update and remove after update.
1292 * 1.aclRequestedList = {"ohos.permission.ACCESS_DDK_USB"}
1293 * 2.aclRequestedList = {}, Update failed.
1294 * @tc.type: FUNC
1295 * @tc.require:
1296 */
1297 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest010, TestSize.Level0)
1298 {
1299 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest010");
1300
1301 HapInfoParams infoParams;
1302 HapPolicyParams policyParams;
1303 TestCommon::GetHapParams(infoParams, policyParams);
1304 policyParams.apl = APL_NORMAL;
1305
1306 PermissionStateFull permissionStateFull001 = {
1307 .permissionName = "ohos.permission.ACCESS_DDK_USB",
1308 .isGeneral = true,
1309 .resDeviceID = {"local"},
1310 .grantStatus = {PERMISSION_DENIED},
1311 .grantFlags = {PERMISSION_SYSTEM_FIXED}
1312 };
1313
1314 policyParams.permStateList = {permissionStateFull001};
1315 policyParams.aclRequestedList = {"ohos.permission.ACCESS_DDK_USB"};
1316 AccessTokenIDEx fullTokenId;
1317 int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
1318 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
1319 ASSERT_EQ(RET_SUCCESS, ret);
1320
1321 UpdateHapInfoParams updateHapInfoParams = {
1322 .appIDDesc = infoParams.appIDDesc,
1323 .apiVersion = infoParams.apiVersion,
1324 .isSystemApp = false,
1325 .appDistributionType = infoParams.appDistributionType
1326 };
1327 policyParams.aclRequestedList = {};
1328 HapInfoCheckResult result;
1329 ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams, result);
1330 ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, ret);
1331 EXPECT_EQ(result.permCheckResult.permissionName, "ohos.permission.ACCESS_DDK_USB");
1332 EXPECT_EQ(result.permCheckResult.rule, PERMISSION_ACL_RULE);
1333
1334 result.permCheckResult.permissionName = "test"; // invalid Name
1335 result.permCheckResult.rule = static_cast<PermissionRulesEnum>(-1); // invalid reasan
1336 policyParams.aclRequestedList = { "ohos.permission.ACCESS_DDK_USB" };
1337 ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams, result);
1338 ASSERT_EQ(RET_SUCCESS, ret);
1339 EXPECT_EQ(result.permCheckResult.permissionName, "test");
1340 EXPECT_EQ(result.permCheckResult.rule, -1);
1341 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
1342 }
1343
1344 /**
1345 * @tc.name: UpdateHapTokenSpecsTest011
1346 * @tc.desc: UpdateHapToken permission with value
1347 * @tc.type: FUNC
1348 * @tc.require:
1349 */
1350 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest011, TestSize.Level0)
1351 {
1352 HapInfoParams infoParams;
1353 HapPolicyParams policyParams;
1354 TestCommon::GetHapParams(infoParams, policyParams);
1355 policyParams.apl = APL_SYSTEM_CORE;
1356 TestCommon::TestPrepareKernelPermissionStatus(policyParams);
1357 AccessTokenIDEx fullTokenId;
1358 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
1359 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
1360
1361 policyParams.aclExtendedMap["ohos.permission.KERNEL_ATM_SELF_USE"] = "1"; // modified value
1362
1363 UpdateHapInfoParams updateInfoParams = {
1364 .appIDDesc = "AccessTokenTestAppID",
1365 .apiVersion = TestCommon::DEFAULT_API_VERSION,
1366 .isSystemApp = true,
1367 .appDistributionType = "",
1368 };
1369 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateInfoParams, policyParams));
1370
1371 std::vector<PermissionWithValue> kernelPermList;
1372 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::GetKernelPermissions(tokenID, kernelPermList));
1373 EXPECT_EQ(1, kernelPermList.size());
1374
1375 std::string value;
1376 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::GetReqPermissionByName(
1377 tokenID, "ohos.permission.KERNEL_ATM_SELF_USE", value));
1378 EXPECT_EQ("1", value);
1379
1380 EXPECT_EQ(AccessTokenError::ERR_PERMISSION_WITHOUT_VALUE, AccessTokenKit::GetReqPermissionByName(
1381 tokenID, "ohos.permission.MICROPHONE", value));
1382 EXPECT_EQ(AccessTokenError::ERR_PERMISSION_WITHOUT_VALUE, AccessTokenKit::GetReqPermissionByName(
1383 tokenID, "ohos.permission.CAMERA", value));
1384
1385 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
1386 }
1387
1388 /**
1389 * @tc.name: UpdateHapTokenSpecsTest012
1390 * @tc.desc: Update to a enterprise_normal app, system ENTERPRISE_NORMAL permission is available.
1391 * 1.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM
1392 * 2.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_NORMAL, Update success
1393 * @tc.type: FUNC
1394 * @tc.require:
1395 */
1396 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest012, TestSize.Level0)
1397 {
1398 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest012");
1399
1400 HapInfoParams infoParams;
1401 HapPolicyParams policyParams;
1402 TestCommon::GetHapParams(infoParams, policyParams);
1403 policyParams.apl = APL_SYSTEM_CORE;
1404 infoParams.isSystemApp = false;
1405 infoParams.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM;
1406 PermissionStateFull permissionStateFull001 = {
1407 .permissionName = "ohos.permission.FILE_GUARD_MANAGER",
1408 .isGeneral = true,
1409 .resDeviceID = {"local"},
1410 .grantStatus = {PERMISSION_DENIED},
1411 .grantFlags = {PERMISSION_SYSTEM_FIXED}
1412 };
1413 policyParams.permStateList = {permissionStateFull001};
1414 AccessTokenIDEx fullTokenId;
1415 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
1416 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
1417 EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.FILE_GUARD_MANAGER"));
1418
1419 UpdateHapInfoParams updateHapInfoParams = {
1420 .appIDDesc = infoParams.appIDDesc,
1421 .apiVersion = infoParams.apiVersion,
1422 .isSystemApp = false,
1423 .appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_NORMAL
1424 };
1425 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
1426 tokenID = fullTokenId.tokenIdExStruct.tokenID;
1427 EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.FILE_GUARD_MANAGER"));
1428 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
1429 }
1430
1431 /**
1432 * @tc.name: UpdateHapTokenSpecsTest013
1433 * @tc.desc: Update to a system app, system ENTERPRISE_NORMAL permission is available.
1434 * 1.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM
1435 * 2.appDistributionType = "", isSystemApp = true, Update success
1436 * @tc.type: FUNC
1437 * @tc.require:
1438 */
1439 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest013, TestSize.Level0)
1440 {
1441 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest013");
1442
1443 HapInfoParams infoParams;
1444 HapPolicyParams policyParams;
1445 TestCommon::GetHapParams(infoParams, policyParams);
1446 policyParams.apl = APL_SYSTEM_CORE;
1447 infoParams.isSystemApp = false;
1448 infoParams.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM;
1449 PermissionStateFull permissionStateFull001 = {
1450 .permissionName = "ohos.permission.FILE_GUARD_MANAGER",
1451 .isGeneral = true,
1452 .resDeviceID = {"local"},
1453 .grantStatus = {PERMISSION_DENIED},
1454 .grantFlags = {PERMISSION_SYSTEM_FIXED}
1455 };
1456 policyParams.permStateList = {permissionStateFull001};
1457 AccessTokenIDEx fullTokenId;
1458 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
1459 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
1460 EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.FILE_GUARD_MANAGER"));
1461
1462 UpdateHapInfoParams updateHapInfoParams = {
1463 .appIDDesc = infoParams.appIDDesc,
1464 .apiVersion = infoParams.apiVersion,
1465 .isSystemApp = true,
1466 .appDistributionType = ""
1467 };
1468 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
1469 tokenID = fullTokenId.tokenIdExStruct.tokenID;
1470 EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.FILE_GUARD_MANAGER"));
1471 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
1472 }
1473
1474 /**
1475 * @tc.name: UpdateHapTokenSpecsTest014
1476 * @tc.desc: Update to a debug app, system ENTERPRISE_NORMAL permission is available.
1477 * 1.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM
1478 * 2.appDistributionType = APP_DISTRIBUTION_TYPE_NONE, Update success
1479 * @tc.type: FUNC
1480 * @tc.require:
1481 */
1482 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest014, TestSize.Level0)
1483 {
1484 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest014");
1485
1486 HapInfoParams infoParams;
1487 HapPolicyParams policyParams;
1488 TestCommon::GetHapParams(infoParams, policyParams);
1489 policyParams.apl = APL_SYSTEM_CORE;
1490 infoParams.isSystemApp = false;
1491 infoParams.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM;
1492 PermissionStateFull permissionStateFull001 = {
1493 .permissionName = "ohos.permission.FILE_GUARD_MANAGER",
1494 .isGeneral = true,
1495 .resDeviceID = {"local"},
1496 .grantStatus = {PERMISSION_DENIED},
1497 .grantFlags = {PERMISSION_SYSTEM_FIXED}
1498 };
1499 policyParams.permStateList = {permissionStateFull001};
1500 AccessTokenIDEx fullTokenId;
1501 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
1502 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
1503 EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.FILE_GUARD_MANAGER"));
1504
1505 UpdateHapInfoParams updateHapInfoParams = {
1506 .appIDDesc = infoParams.appIDDesc,
1507 .apiVersion = infoParams.apiVersion,
1508 .isSystemApp = false,
1509 .appDistributionType = APP_DISTRIBUTION_TYPE_NONE
1510 };
1511 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
1512 tokenID = fullTokenId.tokenIdExStruct.tokenID;
1513 EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.FILE_GUARD_MANAGER"));
1514 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
1515 }
1516
1517 /**
1518 * @tc.name: UpdateHapTokenSpecsTest015
1519 * @tc.desc: Update to a non enterprise/system/debug app, ENTERPRISE_NORMAL permission is unavailable.
1520 * 1.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM, permission is GRANTED.
1521 * 2.appDistributionType ="", Update failed.
1522 * @tc.type: FUNC
1523 * @tc.require:
1524 */
1525 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest015, TestSize.Level0)
1526 {
1527 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest015");
1528
1529 HapInfoParams infoParams;
1530 HapPolicyParams policyParams;
1531 TestCommon::GetHapParams(infoParams, policyParams);
1532 policyParams.apl = APL_SYSTEM_CORE;
1533 infoParams.isSystemApp = false;
1534 infoParams.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM;
1535 PermissionStateFull permissionStateFull001 = {
1536 .permissionName = "ohos.permission.FILE_GUARD_MANAGER",
1537 .isGeneral = true,
1538 .resDeviceID = {"local"},
1539 .grantStatus = {PERMISSION_DENIED},
1540 .grantFlags = {PERMISSION_SYSTEM_FIXED}
1541 };
1542 policyParams.permStateList = {permissionStateFull001};
1543 AccessTokenIDEx fullTokenId;
1544 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
1545 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
1546 EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.FILE_GUARD_MANAGER"));
1547
1548 UpdateHapInfoParams updateHapInfoParams = {
1549 .appIDDesc = infoParams.appIDDesc,
1550 .apiVersion = infoParams.apiVersion,
1551 .isSystemApp = false,
1552 .appDistributionType = ""
1553 };
1554 bool isEnterpriseNormal = OHOS::system::GetBoolParameter(ENTERPRISE_NORMAL_CHECK, false);
1555 if (isEnterpriseNormal) {
1556 ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED,
1557 AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
1558 HapInfoCheckResult result;
1559 ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED,
1560 AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams, result));
1561 EXPECT_EQ(result.permCheckResult.permissionName, "ohos.permission.FILE_GUARD_MANAGER");
1562 EXPECT_EQ(result.permCheckResult.rule, PERMISSION_ENTERPRISE_NORMAL_RULE);
1563 } else {
1564 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
1565 HapInfoCheckResult result;
1566 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams, result));
1567 }
1568 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
1569 }
1570
1571 /**
1572 * @tc.name: UpdateHapTokenSpecsTest016
1573 * @tc.desc: Update to a non enterprise/system/debug app, ENTERPRISE_NORMAL permission is unavailable.
1574 * 1.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM, permission is GRANTED.
1575 * 2.appDistributionType ="", dataRefresh = true, Update success.
1576 * @tc.type: FUNC
1577 * @tc.require:
1578 */
1579 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest016, TestSize.Level0)
1580 {
1581 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest016");
1582
1583 HapInfoParams infoParams;
1584 HapPolicyParams policyParams;
1585 TestCommon::GetHapParams(infoParams, policyParams);
1586 policyParams.apl = APL_SYSTEM_CORE;
1587 infoParams.isSystemApp = false;
1588 infoParams.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM;
1589 PermissionStateFull permissionStateFull001 = {
1590 .permissionName = "ohos.permission.FILE_GUARD_MANAGER",
1591 .isGeneral = true,
1592 .resDeviceID = {"local"},
1593 .grantStatus = {PERMISSION_DENIED},
1594 .grantFlags = {PERMISSION_SYSTEM_FIXED}
1595 };
1596 policyParams.permStateList = {permissionStateFull001};
1597 AccessTokenIDEx fullTokenId;
1598 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
1599 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
1600 EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.FILE_GUARD_MANAGER"));
1601
1602 UpdateHapInfoParams updateHapInfoParams = {
1603 .appIDDesc = infoParams.appIDDesc,
1604 .apiVersion = infoParams.apiVersion,
1605 .isSystemApp = false,
1606 .appDistributionType = "",
1607 .dataRefresh = true
1608 };
1609 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
1610 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
1611 }
1612
1613 /**
1614 * @tc.name: UpdateHapTokenAbnormalTest001
1615 * @tc.desc: cannot update hap token info with invalid appIDDesc.
1616 * @tc.type: FUNC
1617 * @tc.require:
1618 */
1619 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenAbnormalTest001, TestSize.Level0)
1620 {
1621 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenAbnormalTest001");
1622
1623 HapInfoParams infoParams;
1624 HapPolicyParams policyParams;
1625 TestCommon::GetHapParams(infoParams, policyParams);
1626 AccessTokenIDEx fullTokenId;
1627 int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
1628 ASSERT_EQ(RET_SUCCESS, ret);
1629
1630 const std::string appIDDesc (INVALID_APPIDDESC_LEN, 'x');
1631 UpdateHapInfoParams updateHapInfoParams = {
1632 .appIDDesc = appIDDesc,
1633 .apiVersion = infoParams.apiVersion,
1634 .isSystemApp = infoParams.isSystemApp,
1635 .appDistributionType = infoParams.appDistributionType
1636 };
1637
1638 ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams);
1639 EXPECT_EQ(ERR_PARAM_INVALID, ret);
1640
1641 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
1642 }
1643
1644 /**
1645 * @tc.name: UpdateHapTokenAbnormalTest002
1646 * @tc.desc: cannot update a tokenId with invalid apl.
1647 * @tc.type: FUNC
1648 * @tc.require:
1649 */
1650 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenAbnormalTest002, TestSize.Level0)
1651 {
1652 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenAbnormalTest002");
1653
1654 HapInfoParams infoParams;
1655 HapPolicyParams policyParams;
1656 TestCommon::GetHapParams(infoParams, policyParams);
1657 AccessTokenIDEx fullTokenId;
1658 int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
1659 ASSERT_EQ(RET_SUCCESS, ret);
1660
1661 UpdateHapInfoParams updateHapInfoParams = {
1662 .appIDDesc = infoParams.appIDDesc,
1663 .apiVersion = infoParams.apiVersion,
1664 .isSystemApp = false,
1665 .appDistributionType = infoParams.appDistributionType
1666 };
1667 policyParams.apl = static_cast<AccessToken::TypeATokenAplEnum>(-1);
1668 ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams);
1669 EXPECT_EQ(ERR_PARAM_INVALID, ret);
1670
1671 TestCommon::GetHapParams(infoParams, policyParams);
1672 policyParams.apl = APL_ENUM_BUTT;
1673 ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams);
1674 EXPECT_EQ(ERR_PARAM_INVALID, ret);
1675
1676 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
1677 }
1678
1679 /**
1680 * @tc.name: UpdateHapTokenAbnormalTest003
1681 * @tc.desc: cannot update a tokenId with invalid string value.
1682 * @tc.type: FUNC
1683 * @tc.require:
1684 */
1685 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenAbnormalTest003, TestSize.Level0)
1686 {
1687 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenAbnormalTest003");
1688 std::string backUpPermission = g_testPolicyParams.permList[INDEX_ZERO].permissionName;
1689 PermissionDef permDefResult;
1690
1691 AccessTokenIDEx tokenIdEx = {0};
1692 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, tokenIdEx));
1693 ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIdExStruct.tokenID);
1694
1695 UpdateHapInfoParams info;
1696 info.appIDDesc = g_testHapInfoParams.appIDDesc;
1697 info.apiVersion = TestCommon::DEFAULT_API_VERSION;
1698 info.appDistributionType = "enterprise_mdm";
1699 info.isSystemApp = false;
1700
1701 std::string backup = g_testPolicyParams.permList[INDEX_ZERO].permissionName;
1702 g_testPolicyParams.permList[INDEX_ZERO].permissionName = "";
1703 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(tokenIdEx, info, g_testPolicyParams));
1704 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID,
1705 AccessTokenKit::GetDefPermission(g_testPolicyParams.permList[INDEX_ZERO].permissionName, permDefResult));
1706 g_testPolicyParams.permList[INDEX_ZERO].permissionName = backup;
1707
1708 g_testPolicyParams.permList[INDEX_ZERO].permissionName = "ohos.permission.testtmp11";
1709 backup = g_testPolicyParams.permList[INDEX_ZERO].bundleName;
1710 g_testPolicyParams.permList[INDEX_ZERO].bundleName = "";
1711 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(tokenIdEx, info, g_testPolicyParams));
1712 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST,
1713 AccessTokenKit::GetDefPermission(g_testPolicyParams.permList[INDEX_ZERO].permissionName, permDefResult));
1714 g_testPolicyParams.permList[INDEX_ZERO].bundleName = backup;
1715 g_testPolicyParams.permList[INDEX_ZERO].permissionName = backUpPermission;
1716
1717 g_testPolicyParams.permList[INDEX_ZERO].permissionName = "ohos.permission.testtmp12";
1718 backup = g_testPolicyParams.permList[INDEX_ZERO].label;
1719 g_testPolicyParams.permList[INDEX_ZERO].label = "";
1720 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(tokenIdEx, info, g_testPolicyParams));
1721 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST,
1722 AccessTokenKit::GetDefPermission(g_testPolicyParams.permList[INDEX_ZERO].permissionName, permDefResult));
1723 g_testPolicyParams.permList[INDEX_ZERO].label = backup;
1724 g_testPolicyParams.permList[INDEX_ZERO].permissionName = backUpPermission;
1725
1726 g_testPolicyParams.permList[INDEX_ZERO].permissionName = "ohos.permission.testtmp13";
1727 backup = g_testPolicyParams.permList[INDEX_ZERO].description;
1728 g_testPolicyParams.permList[INDEX_ZERO].description = "";
1729 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(tokenIdEx, info, g_testPolicyParams));
1730 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST,
1731 AccessTokenKit::GetDefPermission(g_testPolicyParams.permList[INDEX_ZERO].permissionName, permDefResult));
1732 g_testPolicyParams.permList[INDEX_ZERO].description = backup;
1733 g_testPolicyParams.permList[INDEX_ZERO].permissionName = backUpPermission;
1734
1735 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenIdEx.tokenIdExStruct.tokenID));
1736 }
1737
1738 /**
1739 * @tc.name: UpdateHapTokenAbnormalTest004
1740 * @tc.desc: test invaild aclRequestedList.
1741 * 1.aclRequestedList is empty, update success, virify is DENIED.
1742 * 2.aclRequestedList is invaild, update success, virify is DENIED.
1743 * 3.aclRequestedList is not in permStateList, update success, virify is DENIED.
1744 * 4.aclRequestedList does not support acl, update failed.
1745 * @tc.type: FUNC
1746 * @tc.require:
1747 */
1748 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenAbnormalTest004, TestSize.Level0)
1749 {
1750 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenAbnormalTest004");
1751
1752 HapInfoParams infoParams;
1753 HapPolicyParams policyParams;
1754 TestCommon::GetHapParams(infoParams, policyParams);
1755 policyParams.apl = APL_NORMAL;
1756 AccessTokenIDEx fullTokenId;
1757 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId));
1758 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
1759
1760 UpdateHapInfoParams updateHapInfoParams = {
1761 .appIDDesc = infoParams.appIDDesc,
1762 .apiVersion = infoParams.apiVersion,
1763 .isSystemApp = infoParams.isSystemApp,
1764 .appDistributionType = infoParams.appDistributionType
1765 };
1766
1767 PermissionStateFull permissionStateFull001 = {
1768 .permissionName = "ohos.permission.AGENT_REQUIRE_FORM",
1769 .isGeneral = true,
1770 .resDeviceID = {"local"},
1771 .grantStatus = {PERMISSION_DENIED},
1772 .grantFlags = {PERMISSION_SYSTEM_FIXED}
1773 };
1774 PermissionStateFull permissionStateFull002 = {
1775 .permissionName = "ohos.permission.MANAGE_DEVICE_AUTH_CRED",
1776 .isGeneral = true,
1777 .resDeviceID = {"local"},
1778 .grantStatus = {PERMISSION_DENIED},
1779 .grantFlags = {PERMISSION_SYSTEM_FIXED}
1780 };
1781 policyParams.aclRequestedList = {""};
1782 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
1783 tokenID = fullTokenId.tokenIdExStruct.tokenID;
1784 EXPECT_EQ(PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenID, ""));
1785
1786 policyParams.aclRequestedList = {"ohos.permission.test"};
1787 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
1788 EXPECT_EQ(PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.test"));
1789
1790 policyParams.aclRequestedList = {"ohos.permission.AGENT_REQUIRE_FORM"};
1791 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
1792 EXPECT_EQ(PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.AGENT_REQUIRE_FORM"));
1793
1794 policyParams.permStateList.emplace_back(permissionStateFull002);
1795 policyParams.aclRequestedList.emplace_back("ohos.permission.MANAGE_DEVICE_AUTH_CRED");
1796
1797 ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED,
1798 AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams));
1799
1800 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
1801 }
1802
1803 /**
1804 * @tc.name: UpdateHapTokenAbnormalTest005
1805 * @tc.desc: test invaild preAuthorizationInfo.permissionName
1806 * 1.preAuthorizationInfo.permissionName is empty, update success, virify is DENIED.
1807 * 2.preAuthorizationInfo.permissionName is invaild, update success, virify is DENIED.
1808 * 3.preAuthorizationInfo.permissionName is not in permStateList, update success, virify is DENIED.
1809 * @tc.type: FUNC
1810 * @tc.require:
1811 */
1812 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenAbnormalTest005, TestSize.Level0)
1813 {
1814 LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenAbnormalTest005");
1815
1816 HapInfoParams infoParams;
1817 HapPolicyParams policyParams;
1818 TestCommon::GetHapParams(infoParams, policyParams);
1819 AccessTokenIDEx fullTokenId;
1820 int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId);
1821 AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID;
1822 ASSERT_EQ(RET_SUCCESS, ret);
1823
1824 UpdateHapInfoParams updateHapInfoParams = {
1825 .appIDDesc = infoParams.appIDDesc,
1826 .apiVersion = infoParams.apiVersion,
1827 .isSystemApp = infoParams.isSystemApp,
1828 .appDistributionType = infoParams.appDistributionType
1829 };
1830 PreAuthorizationInfo preAuthorizationInfo;
1831 preAuthorizationInfo.permissionName = "";
1832 policyParams.preAuthorizationInfo = {preAuthorizationInfo};
1833 ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams);
1834 EXPECT_EQ(RET_SUCCESS, ret);
1835 tokenID = fullTokenId.tokenIdExStruct.tokenID;
1836 ret = AccessTokenKit::VerifyAccessToken(tokenID, "");
1837 EXPECT_EQ(PERMISSION_DENIED, ret);
1838
1839 preAuthorizationInfo.permissionName = "ohos.permission.test";
1840 policyParams.preAuthorizationInfo = {preAuthorizationInfo};
1841 ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams);
1842 EXPECT_EQ(RET_SUCCESS, ret);
1843 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.test");
1844 EXPECT_EQ(PERMISSION_DENIED, ret);
1845
1846 preAuthorizationInfo.permissionName = "ohos.permission.AGENT_REQUIRE_FORM";
1847 policyParams.preAuthorizationInfo = {preAuthorizationInfo};
1848 ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams);
1849 ASSERT_EQ(RET_SUCCESS, ret);
1850 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.AGENT_REQUIRE_FORM");
1851 EXPECT_EQ(PERMISSION_DENIED, ret);
1852
1853 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID));
1854 }
1855
1856 /**
1857 * @tc.name: UpdateHapTokenAbnormalTest005
1858 * @tc.desc: cannot update hap token info with invalid userId.
1859 * @tc.type: FUNC
1860 * @tc.require:
1861 */
1862 HWTEST_F(UpdateHapTokenTest, UpdateHapTokenAbnormalTest006, TestSize.Level0)
1863 {
1864 AccessTokenIDEx tokenIdEx = {
1865 .tokenIdExStruct.tokenID = INVALID_TOKENID,
1866 .tokenIdExStruct.tokenAttr = 0,
1867 };
1868 UpdateHapInfoParams info;
1869 info.appIDDesc = "appIDDesc";
1870 info.apiVersion = TestCommon::DEFAULT_API_VERSION;
1871 info.isSystemApp = false;
1872 int ret = AccessTokenKit::UpdateHapToken(
1873 tokenIdEx, info, g_testPolicyParams);
1874 EXPECT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret);
1875 }
1876 } // namespace AccessToken
1877 } // namespace Security
1878 } // namespace OHOS