1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "clear_user_granted__permission_state_test.h"
17 #include "gtest/gtest.h"
18 #include <thread>
19
20 #include "access_token.h"
21 #include "access_token_error.h"
22 #include "accesstoken_common_log.h"
23 #include "iaccess_token_manager.h"
24 #include "test_common.h"
25 #include "permission_grant_info.h"
26 #include "permission_state_change_info_parcel.h"
27 #include "string_ex.h"
28 #include "test_common.h"
29 #include "tokenid_kit.h"
30 #include "token_setproc.h"
31
32 using namespace testing::ext;
33 namespace OHOS {
34 namespace Security {
35 namespace AccessToken {
36 namespace {
37 static uint64_t g_selfTokenId = 0;
38 static const std::string TEST_BUNDLE_NAME = "ohos";
39 static const unsigned int TEST_TOKENID_INVALID = 0;
40 static const int CYCLE_TIMES = 100;
41 static const int TEST_USER_ID = 0;
42 static constexpr int32_t DEFAULT_API_VERSION = 8;
43 HapInfoParams g_infoParms = {
44 .userID = 1,
45 .bundleName = "accesstoken_test",
46 .instIndex = 0,
47 .appIDDesc = "test3",
48 .apiVersion = 8,
49 .appDistributionType = "enterprise_mdm"
50 };
51 static MockHapToken* g_mock = nullptr;
52 };
53
SetUpTestCase()54 void ClearUserGrantedPermissionStateTest::SetUpTestCase()
55 {
56 g_selfTokenId = GetSelfTokenID();
57 TestCommon::SetTestEvironment(g_selfTokenId);
58 std::vector<std::string> reqPerm;
59 reqPerm.emplace_back("ohos.permission.REVOKE_SENSITIVE_PERMISSIONS");
60 g_mock = new (std::nothrow) MockHapToken("ClearUserGrantedPermissionStateTest", reqPerm);
61 }
62
TearDownTestCase()63 void ClearUserGrantedPermissionStateTest::TearDownTestCase()
64 {
65 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
66 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
67 TestCommon::DeleteTestHapToken(tokenID);
68
69 if (g_mock != nullptr) {
70 delete g_mock;
71 g_mock = nullptr;
72 }
73 EXPECT_EQ(0, SetSelfTokenID(g_selfTokenId));
74 TestCommon::ResetTestEvironment();
75 }
76
SetUp()77 void ClearUserGrantedPermissionStateTest::SetUp()
78 {
79 LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok.");
80
81 HapInfoParams info = {
82 .userID = TEST_USER_ID,
83 .bundleName = TEST_BUNDLE_NAME,
84 .instIndex = 0,
85 .appIDDesc = "appIDDesc",
86 .apiVersion = DEFAULT_API_VERSION
87 };
88
89 HapPolicyParams policy = {
90 .apl = APL_NORMAL,
91 .domain = "domain"
92 };
93 TestCommon::TestPreparePermStateList(policy);
94 AccessTokenIDEx tokenIdEx = TestCommon::AllocAndGrantHapTokenByTest(info, policy);
95 EXPECT_NE(INVALID_TOKENID, tokenIdEx.tokenIdExStruct.tokenID);
96 }
97
TearDown()98 void ClearUserGrantedPermissionStateTest::TearDown()
99 {
100 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
101 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
102 TestCommon::DeleteTestHapToken(tokenID);
103 }
104
105 /**
106 * @tc.name: ClearUserGrantedPermissionStateFuncTest001
107 * @tc.desc: Clear user/system granted permission after ClearUserGrantedPermissionState has been invoked.
108 * @tc.type: FUNC
109 * @tc.require: Issue Number
110 */
111 HWTEST_F(ClearUserGrantedPermissionStateTest, ClearUserGrantedPermissionStateFuncTest001, TestSize.Level0)
112 {
113 LOGI(ATM_DOMAIN, ATM_TAG, "ClearUserGrantedPermissionStateFuncTest001");
114
115 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
116 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
117 ASSERT_NE(INVALID_TOKENID, tokenID);
118 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::ClearUserGrantedPermissionState(tokenID));
119
120 ASSERT_EQ(PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE", false));
121
122 ASSERT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.SET_WIFI_INFO", false));
123
124 ASSERT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenID));
125 }
126
127 /**
128 * @tc.name: ClearUserGrantedPermissionStateFuncTest002
129 * @tc.desc: Clear user/system granted permission after ClearUserGrantedPermissionState has been invoked.
130 * @tc.type: FUNC
131 * @tc.require: Issue Number
132 */
133 HWTEST_F(ClearUserGrantedPermissionStateTest, ClearUserGrantedPermissionStateFuncTest002, TestSize.Level0)
134 {
135 LOGI(ATM_DOMAIN, ATM_TAG, "ClearUserGrantedPermissionStateFuncTest002");
136 OHOS::Security::AccessToken::PermissionStateFull infoManagerTestState1 = {
137 .permissionName = "ohos.permission.CAMERA",
138 .isGeneral = true,
139 .resDeviceID = {"local"},
140 .grantStatus = {OHOS::Security::AccessToken::PermissionState::PERMISSION_DENIED},
141 .grantFlags = {PERMISSION_PRE_AUTHORIZED_CANCELABLE | PERMISSION_DEFAULT_FLAG}
142 };
143 OHOS::Security::AccessToken::PermissionStateFull infoManagerTestState2 = {
144 .permissionName = "ohos.permission.SEND_MESSAGES",
145 .isGeneral = true,
146 .resDeviceID = {"local"},
147 .grantStatus = {OHOS::Security::AccessToken::PermissionState::PERMISSION_DENIED},
148 .grantFlags = {PERMISSION_PRE_AUTHORIZED_CANCELABLE | PERMISSION_USER_FIXED}
149 };
150 OHOS::Security::AccessToken::PermissionStateFull infoManagerTestState3 = {
151 .permissionName = "ohos.permission.RECEIVE_SMS",
152 .isGeneral = true,
153 .resDeviceID = {"local"},
154 .grantStatus = {OHOS::Security::AccessToken::PermissionState::PERMISSION_GRANTED},
155 .grantFlags = {PERMISSION_USER_FIXED}
156 };
157 OHOS::Security::AccessToken::HapPolicyParams policyPrams = {
158 .apl = OHOS::Security::AccessToken::ATokenAplEnum::APL_NORMAL,
159 .domain = "test.domain",
160 .permStateList = {infoManagerTestState1, infoManagerTestState2, infoManagerTestState3}
161 };
162 AccessTokenIDEx tokenIdEx = TestCommon::AllocAndGrantHapTokenByTest(g_infoParms, policyPrams);
163 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
164 ASSERT_NE(INVALID_TOKENID, tokenID);
165
166 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::ClearUserGrantedPermissionState(tokenID));
167
168 // PERMISSION_SYSTEM_FIXED, not clear permission
169 ASSERT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.CAMERA", false));
170
171 ASSERT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.SEND_MESSAGES", false));
172
173 ASSERT_EQ(PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.RECEIVE_SMS", false));
174
175 ASSERT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenID));
176 }
177
178 /**
179 * @tc.name: ClearUserGrantedPermissionStateAbnormalTest001
180 * @tc.desc: Clear user/system granted permission that tokenID or permission is invalid.
181 * @tc.type: FUNC
182 * @tc.require: Issue Number
183 */
184 HWTEST_F(ClearUserGrantedPermissionStateTest, ClearUserGrantedPermissionStateAbnormalTest001, TestSize.Level0)
185 {
186 LOGI(ATM_DOMAIN, ATM_TAG, "ClearUserGrantedPermissionStateAbnormalTest001");
187
188 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
189 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
190
191 ASSERT_EQ(
192 AccessTokenError::ERR_PARAM_INVALID, AccessTokenKit::ClearUserGrantedPermissionState(TEST_TOKENID_INVALID));
193
194 ASSERT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenID));
195
196 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::ClearUserGrantedPermissionState(tokenID));
197 }
198
199 /**
200 * @tc.name: ClearUserGrantedPermissionStateSpecTets001
201 * @tc.desc: ClearUserGrantedPermissionState is invoked multiple times.
202 * @tc.type: FUNC
203 * @tc.require: Issue Number
204 */
205 HWTEST_F(ClearUserGrantedPermissionStateTest, ClearUserGrantedPermissionStateSpecTets001, TestSize.Level0)
206 {
207 LOGI(ATM_DOMAIN, ATM_TAG, "ClearUserGrantedPermissionStateSpecTets001");
208
209 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
210 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
211 ASSERT_NE(INVALID_TOKENID, tokenID);
212 for (int i = 0; i < CYCLE_TIMES; i++) {
213 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::ClearUserGrantedPermissionState(tokenID));
214 ASSERT_EQ(PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE", false));
215 }
216 ASSERT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenID));
217 }
218 } // namespace AccessToken
219 } // namespace Security
220 } // namespace OHOS