1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "get_permission_test.h"
17 #include "gtest/gtest.h"
18 #include <thread>
19
20 #include "access_token.h"
21 #include "access_token_error.h"
22 #include "accesstoken_common_log.h"
23 #include "iaccess_token_manager.h"
24 #include "permission_grant_info.h"
25 #include "permission_state_change_info_parcel.h"
26 #include "string_ex.h"
27 #include "test_common.h"
28 #include "tokenid_kit.h"
29 #include "token_setproc.h"
30
31 using namespace testing::ext;
32 namespace OHOS {
33 namespace Security {
34 namespace AccessToken {
35 namespace {
36 static uint64_t g_selfTokenId = 0;
37 static const std::string TEST_BUNDLE_NAME = "ohos";
38 static const int INVALID_PERMNAME_LEN = 260;
39 static const unsigned int TEST_TOKENID_INVALID = 0;
40 static const int CYCLE_TIMES = 100;
41 static const int TEST_USER_ID = 0;
42 static constexpr int32_t DEFAULT_API_VERSION = 8;
43 static const std::string TEST_PERMISSION = "ohos.permission.ALPHA";
44 HapInfoParams g_infoManagerTestInfoParms = TestCommon::GetInfoManagerTestInfoParms();
45 HapPolicyParams g_infoManagerTestPolicyPrams = TestCommon::GetInfoManagerTestPolicyPrams();
46 HapInfoParams g_infoManager = {
47 .userID = 1,
48 .bundleName = "accesstoken_test",
49 .instIndex = 0,
50 .appIDDesc = "test2",
51 .apiVersion = 8 // 8: api version
52 };
53 }
54
SetUpTestCase()55 void GetPermissionTest::SetUpTestCase()
56 {
57 g_selfTokenId = GetSelfTokenID();
58 TestCommon::SetTestEvironment(g_selfTokenId);
59
60 // clean up test cases
61 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
62 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
63 TestCommon::DeleteTestHapToken(tokenID);
64 }
65
TearDownTestCase()66 void GetPermissionTest::TearDownTestCase()
67 {
68 AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
69 AccessTokenKit::DeleteToken(tokenID);
70
71 EXPECT_EQ(0, SetSelfTokenID(g_selfTokenId));
72 TestCommon::ResetTestEvironment();
73 }
74
SetUp()75 void GetPermissionTest::SetUp()
76 {
77 LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok.");
78
79 HapInfoParams info = {
80 .userID = TEST_USER_ID,
81 .bundleName = TEST_BUNDLE_NAME,
82 .instIndex = 0,
83 .appIDDesc = "appIDDesc",
84 .apiVersion = DEFAULT_API_VERSION
85 };
86
87 HapPolicyParams policy = {
88 .apl = APL_NORMAL,
89 .domain = "domain"
90 };
91 TestCommon::TestPreparePermStateList(policy);
92 AccessTokenIDEx tokenIdEx = {0};
93 ASSERT_EQ(RET_SUCCESS, TestCommon::AllocTestHapToken(info, policy, tokenIdEx));
94 ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIdExStruct.tokenID);
95 }
96
TearDown()97 void GetPermissionTest::TearDown()
98 {
99 AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
100 AccessTokenKit::DeleteToken(tokenID);
101 }
102
103 /**
104 * @tc.name: GetPermissionUsedTypeAbnormalTest001
105 * @tc.desc: call GetPermissionUsedType by shell token(permission denied).
106 * @tc.type: FUNC
107 * @tc.require:
108 */
109 HWTEST_F(GetPermissionTest, GetPermissionUsedTypeAbnormalTest001, TestSize.Level0)
110 {
111 LOGI(ATM_DOMAIN, ATM_TAG, "GetPermissionUsedTypeAbnormalTest001");
112 std::string permisson = "ohos.permission.CAMERA";
113 // caller is not native, IsPrivilegedCalling return false(uid != accesstoken_uid)
114 int32_t selfUid = getuid();
115 setuid(1);
116 EXPECT_EQ(PermUsedTypeEnum::INVALID_USED_TYPE, AccessTokenKit::GetPermissionUsedType(g_selfTokenId, permisson));
117 setuid(selfUid);
118 }
119
120 /**
121 * @tc.name: GetPermissionUsedTypeAbnormalTest002
122 * @tc.desc: Get hap permission visit type return invalid.
123 * @tc.type: FUNC
124 * @tc.require:
125 */
126 HWTEST_F(GetPermissionTest, GetPermissionUsedTypeAbnormalTest002, TestSize.Level0)
127 {
128 LOGI(ATM_DOMAIN, ATM_TAG, "GetPermissionUsedTypeAbnormalTest002");
129
130 std::string accessBluetooth = "ohos.permission.ACCESS_BLUETOOTH";
131 std::vector<std::string> reqPerm;
132 reqPerm.emplace_back(accessBluetooth);
133 MockHapToken mockHap("GetPermissionUsedTypeAbnormalTest002", reqPerm, true);
134 AccessTokenID tokenID = GetSelfTokenID(); // get hap tokenId
135 ASSERT_NE(INVALID_TOKENID, tokenID);
136
137 MockNativeToken mock("accesstoken_service"); // set native for self
138
139 // token is not hap
140 EXPECT_EQ(
141 PermUsedTypeEnum::INVALID_USED_TYPE, AccessTokenKit::GetPermissionUsedType(g_selfTokenId, accessBluetooth));
142
143 // invalid tokenid
144 EXPECT_EQ(PermUsedTypeEnum::INVALID_USED_TYPE, AccessTokenKit::GetPermissionUsedType(0, accessBluetooth));
145
146 // permission is not reuqest
147 EXPECT_EQ(PermUsedTypeEnum::INVALID_USED_TYPE,
148 AccessTokenKit::GetPermissionUsedType(tokenID, "ohos.permission.ACCELEROMETER"));
149
150 // permission is not defined
151 EXPECT_EQ(
152 PermUsedTypeEnum::INVALID_USED_TYPE, AccessTokenKit::GetPermissionUsedType(tokenID, "ohos.permission.test"));
153
154 // permission is request, but not grant
155 EXPECT_EQ(PermUsedTypeEnum::INVALID_USED_TYPE, AccessTokenKit::GetPermissionUsedType(tokenID, accessBluetooth));
156 }
157
158 /**
159 * @tc.name: GetPermissionUsedTypeFuncTest001
160 * @tc.desc: Different grant permission modes get different visit type.
161 * @tc.type: FUNC
162 * @tc.require:
163 */
164 HWTEST_F(GetPermissionTest, GetPermissionUsedTypeFuncTest001, TestSize.Level0)
165 {
166 LOGI(ATM_DOMAIN, ATM_TAG, "GetPermissionUsedTypeFuncTest001");
167
168 std::string accessBluetooth = "ohos.permission.ACCESS_BLUETOOTH";
169 std::string sendMessages = "ohos.permission.SEND_MESSAGES";
170 std::string writeCalendar = "ohos.permission.WRITE_CALENDAR";
171 PermissionStateFull testState1 = {
172 .permissionName = accessBluetooth,
173 .isGeneral = true,
174 .resDeviceID = {"local3"},
175 .grantStatus = {PermissionState::PERMISSION_GRANTED},
176 .grantFlags = {PermissionFlag::PERMISSION_COMPONENT_SET}
177 };
178 PermissionStateFull testState2 = {
179 .permissionName = sendMessages,
180 .isGeneral = true,
181 .resDeviceID = {"local3"},
182 .grantStatus = {PermissionState::PERMISSION_GRANTED},
183 .grantFlags = {1}
184 };
185 PermissionStateFull testState3 = {
186 .permissionName = writeCalendar,
187 .isGeneral = false,
188 .resDeviceID = {"local3"},
189 .grantStatus = {PermissionState::PERMISSION_GRANTED},
190 .grantFlags = {1}
191 };
192 HapPolicyParams testPolicyPrams = {
193 .apl = APL_NORMAL,
194 .domain = "test.domain3",
195 .permStateList = {testState1, testState2, testState3}
196 };
197 AccessTokenIDEx tokenIdEx = TestCommon::AllocAndGrantHapTokenByTest(g_infoManager, testPolicyPrams);
198 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
199 ASSERT_NE(INVALID_TOKENID, tokenID);
200
201 MockNativeToken mock("accesstoken_service"); // set native for self
202 EXPECT_EQ(PermUsedTypeEnum::SEC_COMPONENT_TYPE, AccessTokenKit::GetPermissionUsedType(tokenID, accessBluetooth));
203 EXPECT_EQ(PermUsedTypeEnum::NORMAL_TYPE, AccessTokenKit::GetPermissionUsedType(tokenID, sendMessages));
204
205 ASSERT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenID));
206 }
207
208 /**
209 * @tc.name: GetDefPermissionFuncTest001
210 * @tc.desc: Get permission definition info after AllocHapToken function has been invoked.
211 * @tc.type: FUNC
212 * @tc.require: Issue Number
213 */
214 HWTEST_F(GetPermissionTest, GetDefPermissionFuncTest001, TestSize.Level0)
215 {
216 LOGI(ATM_DOMAIN, ATM_TAG, "GetDefPermissionFuncTest001");
217
218 PermissionDef permDef;
219 // permission name is empty
220 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, AccessTokenKit::GetDefPermission("", permDef));
221
222 // permission name oversize
223 std::string invalidPerm(INVALID_PERMNAME_LEN, 'a');
224 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, AccessTokenKit::GetDefPermission(invalidPerm, permDef));
225
226 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, AccessTokenKit::GetDefPermission(
227 "ohos.permission.ALPHA", permDef));
228 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, AccessTokenKit::GetDefPermission(
229 "ohos.permission.BETA", permDef));
230 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, AccessTokenKit::GetDefPermission(
231 "ohos.permission.GAMMA", permDef));
232
233 // get user grant permission define
234 ASSERT_EQ(0, AccessTokenKit::GetDefPermission("ohos.permission.CAMERA", permDef));
235 ASSERT_EQ("ohos.permission.CAMERA", permDef.permissionName);
236
237 // get system grant permission define
238 ASSERT_EQ(0, AccessTokenKit::GetDefPermission("ohos.permission.PERMISSION_USED_STATS", permDef));
239 ASSERT_EQ("ohos.permission.PERMISSION_USED_STATS", permDef.permissionName);
240 }
241
242 /**
243 * @tc.name: GetReqPermissionsFuncTest001
244 * @tc.desc: Get user granted permission state info.
245 * @tc.type: FUNC
246 * @tc.require: Issue Number
247 */
248 HWTEST_F(GetPermissionTest, GetReqPermissionsFuncTest001, TestSize.Level0)
249 {
250 LOGI(ATM_DOMAIN, ATM_TAG, "GetReqPermissionsFuncTest001");
251 std::vector<std::string> reqPerm;
252 reqPerm.emplace_back("ohos.permission.GET_SENSITIVE_PERMISSIONS");
253 MockHapToken mockHap("GetReqPermissionsFuncTest001", reqPerm, true);
254
255 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
256 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
257 ASSERT_NE(INVALID_TOKENID, tokenID);
258 std::vector<PermissionStateFull> permStatList;
259 int res = AccessTokenKit::GetReqPermissions(tokenID, permStatList, false);
260 ASSERT_EQ(RET_SUCCESS, res);
261 ASSERT_EQ(static_cast<uint32_t>(1), permStatList.size());
262 ASSERT_EQ("ohos.permission.MICROPHONE", permStatList[0].permissionName);
263
264 res = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE", false);
265 ASSERT_EQ(res, permStatList[0].grantStatus[0]);
266 }
267
268 /**
269 * @tc.name: GetReqPermissionsFuncTest002
270 * @tc.desc: Get system granted permission state info.
271 * @tc.type: FUNC
272 * @tc.require: Issue Number
273 */
274 HWTEST_F(GetPermissionTest, GetReqPermissionsFuncTest002, TestSize.Level0)
275 {
276 LOGI(ATM_DOMAIN, ATM_TAG, "GetReqPermissionsFuncTest002");
277 std::vector<std::string> reqPerm;
278 reqPerm.emplace_back("ohos.permission.GET_SENSITIVE_PERMISSIONS");
279 MockHapToken mockHap("GetReqPermissionsFuncTest002", reqPerm, true);
280
281 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
282 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
283 ASSERT_NE(INVALID_TOKENID, tokenID);
284 std::vector<PermissionStateFull> permStatList;
285 int ret = AccessTokenKit::GetReqPermissions(tokenID, permStatList, true);
286 ASSERT_EQ(RET_SUCCESS, ret);
287 ASSERT_EQ(static_cast<uint32_t>(1), permStatList.size());
288 ASSERT_EQ("ohos.permission.SET_WIFI_INFO", permStatList[0].permissionName);
289
290 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.SET_WIFI_INFO", false);
291 ASSERT_EQ(ret, permStatList[0].grantStatus[0]);
292 }
293
294 /**
295 * @tc.name: GetReqPermissionsFuncTest003
296 * @tc.desc: Get user granted permission state info after clear request permission list.
297 * @tc.type: FUNC
298 * @tc.require: Issue Number
299 */
300 HWTEST_F(GetPermissionTest, GetReqPermissionsFuncTest003, TestSize.Level0)
301 {
302 LOGI(ATM_DOMAIN, ATM_TAG, "GetReqPermissionsFuncTest003");
303 std::vector<std::string> reqPerm;
304 reqPerm.emplace_back("ohos.permission.GET_SENSITIVE_PERMISSIONS");
305 MockHapToken mockHap("GetReqPermissionsFuncTest003", reqPerm, true);
306
307 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
308 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
309 ASSERT_NE(INVALID_TOKENID, tokenID);
310
311 std::vector<PermissionStateFull> permStatList;
312 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetReqPermissions(tokenID, permStatList, false));
313 ASSERT_NE(static_cast<uint32_t>(0), permStatList.size());
314
315 HapPolicyParams policy = {
316 .apl = APL_NORMAL,
317 .domain = "domain"
318 };
319 policy.permStateList.clear();
320 UpdateHapInfoParams info;
321 info.appIDDesc = g_infoManager.appIDDesc;
322 info.apiVersion = DEFAULT_API_VERSION;
323 info.isSystemApp = false;
324 {
325 MockNativeToken mock1("foundation");
326 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(tokenIdEx, info, policy));
327 }
328
329 std::vector<PermissionStateFull> permStatUserList;
330 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetReqPermissions(tokenID, permStatUserList, false));
331 ASSERT_EQ(static_cast<uint32_t>(0), permStatUserList.size());
332
333 std::vector<PermissionStateFull> permStatSystemList;
334 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetReqPermissions(tokenID, permStatSystemList, true));
335 ASSERT_EQ(static_cast<uint32_t>(0), permStatSystemList.size());
336 }
337
338 /**
339 * @tc.name: GetReqPermissionsFuncTest004
340 * @tc.desc: GetReqPermissions call failure.
341 * @tc.type: FUNC
342 * @tc.require: Issue Number
343 */
344 HWTEST_F(GetPermissionTest, GetReqPermissionsFuncTest004, TestSize.Level0)
345 {
346 int32_t selfUid = getuid();
347 std::vector<PermissionStateFull> permStatList;
348 {
349 // mock native token with no permission
350 MockNativeToken mock("accesstoken_service");
351 setuid(1);
352 ASSERT_EQ(ERR_PERMISSION_DENIED, AccessTokenKit::GetReqPermissions(GetSelfTokenID(), permStatList, false));
353 }
354
355 setuid(selfUid);
356 {
357 // mock hap token whit non system app
358 std::vector<std::string> reqPerm;
359 reqPerm.emplace_back("ohos.permission.GET_SENSITIVE_PERMISSIONS");
360 MockHapToken mock("GetReqPermissionsFuncTest004", reqPerm, false);
361 ASSERT_EQ(ERR_NOT_SYSTEM_APP, AccessTokenKit::GetReqPermissions(GetSelfTokenID(), permStatList, false));
362 }
363 }
364
365 /**
366 * @tc.name: GetReqPermissionsAbnormalTest001
367 * @tc.desc: Get permission state info list that tokenID is invalid.
368 * @tc.type: FUNC
369 * @tc.require: Issue Number
370 */
371 HWTEST_F(GetPermissionTest, GetReqPermissionsAbnormalTest001, TestSize.Level0)
372 {
373 LOGI(ATM_DOMAIN, ATM_TAG, "GetReqPermissionsAbnormalTest001");
374 std::vector<std::string> reqPerm;
375 reqPerm.emplace_back("ohos.permission.GET_SENSITIVE_PERMISSIONS");
376 MockHapToken mockHap("GetReqPermissionsAbnormalTest001", reqPerm, true);
377
378 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
379 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
380 ASSERT_NE(INVALID_TOKENID, tokenID);
381
382 std::vector<PermissionStateFull> permStatList;
383 int ret = AccessTokenKit::GetReqPermissions(TEST_TOKENID_INVALID, permStatList, false);
384 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret);
385
386 TestCommon::DeleteTestHapToken(tokenID);
387
388 ret = AccessTokenKit::GetReqPermissions(tokenID, permStatList, false);
389 ASSERT_EQ(ERR_TOKENID_NOT_EXIST, ret);
390 ASSERT_EQ(static_cast<uint32_t>(0), permStatList.size());
391 }
392
393 /**
394 * @tc.name: GetReqPermissionsSpecTest001
395 * @tc.desc: GetReqPermissions is invoked multiple times.
396 * @tc.type: FUNC
397 * @tc.require: Issue Number
398 */
399 HWTEST_F(GetPermissionTest, GetReqPermissionsSpecTest001, TestSize.Level0)
400 {
401 LOGI(ATM_DOMAIN, ATM_TAG, "GetReqPermissionsSpecTest001");
402 std::vector<std::string> reqPerm;
403 reqPerm.emplace_back("ohos.permission.GET_SENSITIVE_PERMISSIONS");
404 MockHapToken mockHap("GetReqPermissionsSpecTest001", reqPerm, true);
405
406 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
407 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
408 ASSERT_NE(INVALID_TOKENID, tokenID);
409 for (int i = 0; i < CYCLE_TIMES; i++) {
410 std::vector<PermissionStateFull> permStatList;
411 int32_t ret = AccessTokenKit::GetReqPermissions(tokenID, permStatList, false);
412 ASSERT_EQ(RET_SUCCESS, ret);
413 ASSERT_EQ(static_cast<uint32_t>(1), permStatList.size());
414 ASSERT_EQ("ohos.permission.MICROPHONE", permStatList[0].permissionName);
415 }
416 }
417
418 /**
419 * @tc.name: GetPermissionManagerInfoFuncTest001
420 * @tc.desc:
421 * @tc.type: FUNC
422 * @tc.require:
423 */
424 HWTEST_F(GetPermissionTest, GetPermissionManagerInfoFuncTest001, TestSize.Level0)
425 {
426 LOGI(ATM_DOMAIN, ATM_TAG, "GetPermissionManagerInfoFuncTest001");
427
428 PermissionGrantInfo info;
429 AccessTokenKit::GetPermissionManagerInfo(info);
430 ASSERT_EQ(false, info.grantBundleName.empty());
431 }
432
433 /**
434 * @tc.name: GetTokenIDByUserID001
435 * @tc.desc: Get token id by user id.
436 * @tc.type: FUNC
437 * @tc.require: Issue Number
438 */
439 HWTEST_F(GetPermissionTest, GetTokenIDByUserID001, TestSize.Level0)
440 {
441 MockNativeToken mock("accesstoken_service");
442 int32_t userID = -1;
443 std::unordered_set<AccessTokenID> tokenIdList;
444 int32_t ret = AccessTokenKit::GetTokenIDByUserID(userID, tokenIdList);
445 EXPECT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret);
446
447 userID = 100;
448 ret = AccessTokenKit::GetTokenIDByUserID(userID, tokenIdList);
449 EXPECT_EQ(RET_SUCCESS, ret);
450 EXPECT_NE(static_cast<uint32_t>(0), tokenIdList.size());
451 }
452
453 /**
454 * @tc.name: ReloadNativeTokenInfo001
455 * @tc.desc: test ReloadNativeTokenInfo.
456 * @tc.type: FUNC
457 * @tc.require: Issue Number
458 */
459 HWTEST_F(GetPermissionTest, ReloadNativeTokenInfo001, TestSize.Level0)
460 {
461 int32_t ret = AccessTokenKit::ReloadNativeTokenInfo();
462 ASSERT_EQ(RET_SUCCESS, ret);
463 }
464
465 /**
466 * @tc.name: GetKernelPermissionTest001
467 * @tc.desc:
468 * @tc.type: FUNC
469 * @tc.require:
470 */
471 HWTEST_F(GetPermissionTest, GetKernelPermissionTest001, TestSize.Level0)
472 {
473 std::vector<PermissionWithValue> kernelPermList;
474 {
475 // shell process, uid != 0
476 MockNativeToken mock("hdcd"); // set shell for self
477 setuid(1);
478 EXPECT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::GetKernelPermissions(123, kernelPermList));
479 setuid(0);
480 }
481
482 // native process
483 MockNativeToken mock("accesstoken_service");
484 EXPECT_EQ(AccessTokenError::ERR_TOKEN_INVALID, AccessTokenKit::GetKernelPermissions(123, kernelPermList));
485
486 AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
487 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::GetKernelPermissions(tokenID, kernelPermList));
488 EXPECT_EQ(0, kernelPermList.size());
489 }
490
491 /**
492 * @tc.name: GetReqPermissionByNameTest001
493 * @tc.desc: test Ge
494 * @tc.type: FUNC
495 * @tc.require:
496 */
497 HWTEST_F(GetPermissionTest, GetReqPermissionByNameTest001, TestSize.Level0)
498 {
499 std::string value;
500 std::vector<PermissionWithValue> kernelPermList;
501 {
502 // shell process, uid != 0
503 MockNativeToken mock("hdcd"); // set shell for self
504 setuid(1);
505 EXPECT_EQ(AccessTokenError::ERR_PERMISSION_DENIED,
506 AccessTokenKit::GetReqPermissionByName(123, "ohos.permission.test1", value));
507 setuid(0);
508 }
509
510 // native process, uid != 0
511 MockNativeToken mock("accesstoken_service");
512 EXPECT_EQ(AccessTokenError::ERR_TOKEN_INVALID,
513 AccessTokenKit::GetReqPermissionByName(123, "ohos.permission.test1", value));
514
515 AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
516 EXPECT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST,
517 AccessTokenKit::GetReqPermissionByName(tokenID, "ohos.permission.test1", value));
518
519 EXPECT_EQ(AccessTokenError::ERR_PERMISSION_WITHOUT_VALUE,
520 AccessTokenKit::GetReqPermissionByName(tokenID, "ohos.permission.MANAGE_HAP_TOKENID", value));
521 }
522 } // namespace AccessToken
523 } // namespace Security
524 } // namespace OHOS