1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "grant_permission_for_specified_time_test.h"
17 #include "accesstoken_kit.h"
18 #include "access_token_error.h"
19 #include "accesstoken_common_log.h"
20 #include "nativetoken_kit.h"
21 #include "token_setproc.h"
22 #include "test_common.h"
23
24 namespace OHOS {
25 namespace Security {
26 namespace AccessToken {
27 namespace {
28 static uint64_t g_selfTokenId = 0;
29 static int32_t g_selfUid;
30 static std::string SHORT_TEMP_PERMISSION = "ohos.permission.SHORT_TERM_WRITE_IMAGEVIDEO";
31 static MockHapToken* g_mock = nullptr;
32 static PermissionStateFull g_permiState = {
33 .permissionName = SHORT_TEMP_PERMISSION,
34 .isGeneral = true,
35 .resDeviceID = {"localC"},
36 .grantStatus = {PermissionState::PERMISSION_GRANTED},
37 .grantFlags = {1}
38 };
39
40 static HapPolicyParams g_policyPrams = {
41 .apl = APL_NORMAL,
42 .domain = "test.domain",
43 .permStateList = {g_permiState}
44 };
45
46 static HapInfoParams g_infoParms = {
47 .userID = 1,
48 .bundleName = "GrantPermissionForSpecifiedTimeTest",
49 .instIndex = 0,
50 .appIDDesc = "test.bundle",
51 .isSystemApp = true
52 };
53 }
54
55 using namespace testing::ext;
56
SetUpTestCase()57 void GrantPermissionForSpecifiedTimeTest::SetUpTestCase()
58 {
59 g_selfTokenId = GetSelfTokenID();
60 g_selfUid = getuid();
61
62 TestCommon::SetTestEvironment(g_selfTokenId);
63
64 std::vector<std::string> reqPerm;
65 reqPerm.emplace_back("ohos.permission.GRANT_SHORT_TERM_WRITE_MEDIAVIDEO");
66 g_mock = new (std::nothrow) MockHapToken("GrantPermissionForSpecifiedTimeTest", reqPerm);
67 }
68
TearDownTestCase()69 void GrantPermissionForSpecifiedTimeTest::TearDownTestCase()
70 {
71 if (g_mock != nullptr) {
72 delete g_mock;
73 g_mock = nullptr;
74 }
75 setuid(g_selfUid);
76 EXPECT_EQ(0, SetSelfTokenID(g_selfTokenId));
77 TestCommon::ResetTestEvironment();
78 }
79
SetUp()80 void GrantPermissionForSpecifiedTimeTest::SetUp()
81 {
82 setuid(0);
83 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(
84 g_infoParms.userID, g_infoParms.bundleName, g_infoParms.instIndex);
85 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
86 TestCommon::DeleteTestHapToken(tokenID);
87
88 ASSERT_EQ(RET_SUCCESS, TestCommon::AllocTestHapToken(g_infoParms, g_policyPrams, tokenIdEx));
89 EXPECT_NE(0, tokenIdEx.tokenIdExStruct.tokenID);
90 }
91
TearDown()92 void GrantPermissionForSpecifiedTimeTest::TearDown()
93 {
94 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(
95 g_infoParms.userID, g_infoParms.bundleName, g_infoParms.instIndex);
96 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
97 TestCommon::DeleteTestHapToken(tokenID);
98 }
99
100 /**
101 * @tc.name: GrantPermissionForSpecifiedTimeAbnormalTest001
102 * @tc.desc: GrantPermissionForSpecifiedTime without invalid parameter.
103 * @tc.type: FUNC
104 * @tc.require:Issue Number
105 */
106 HWTEST_F(GrantPermissionForSpecifiedTimeTest, GrantPermissionForSpecifiedTimeAbnormalTest001, TestSize.Level0)
107 {
108 LOGI(ATM_DOMAIN, ATM_TAG, "GrantPermissionForSpecifiedTimeAbnormalTest001");
109 AccessTokenID tokenId = INVALID_TOKENID;
110 uint32_t onceTime = 0;
111
112 /* 0 is invalid token id */
113 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID,
114 AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, "permission", onceTime));
115
116 tokenId = 123;
117 /* 0 is invalid permissionName length */
118 const std::string invalidPerm1 = "";
119 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID,
120 AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, invalidPerm1, onceTime));
121
122 /* 256 is invalid permissionName length */
123 const std::string invalidPerm2 (257, 'x');
124 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID,
125 AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, invalidPerm2, onceTime));
126
127 /* 0 is invalid time */
128 uint32_t invalidOnceTime1 = 0;
129 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID,
130 AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, SHORT_TEMP_PERMISSION, invalidOnceTime1));
131
132 /* 301 is invalid time */
133 uint32_t invalidOnceTime2 = 301;
134 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID,
135 AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, SHORT_TEMP_PERMISSION, invalidOnceTime2));
136 }
137
138 /**
139 * @tc.name: GrantPermissionForSpecifiedTimeAbnormalTest002
140 * @tc.desc: permission is not request.
141 * @tc.type: FUNC
142 * @tc.require:Issue Number
143 */
144 HWTEST_F(GrantPermissionForSpecifiedTimeTest, GrantPermissionForSpecifiedTimeAbnormalTest002, TestSize.Level0)
145 {
146 LOGI(ATM_DOMAIN, ATM_TAG, "GrantPermissionForSpecifiedTimeAbnormalTest002");
147 HapPolicyParams policyPrams = g_policyPrams;
148 HapInfoParams infoParms = g_infoParms;
149 policyPrams.permStateList.clear();
150
151 AccessTokenIDEx tokenIdEx = {0};
152 ASSERT_EQ(RET_SUCCESS, TestCommon::AllocTestHapToken(infoParms, policyPrams, tokenIdEx));
153 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
154 ASSERT_NE(INVALID_TOKENID, tokenID);
155 uint32_t onceTime = 10; // 10: 10s
156
157 EXPECT_EQ(AccessTokenError::ERR_PARAM_INVALID,
158 AccessTokenKit::GrantPermissionForSpecifiedTime(tokenID, SHORT_TEMP_PERMISSION, onceTime));
159
160 EXPECT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenID));
161 }
162
163 /**
164 * @tc.name: GrantPermissionForSpecifiedTimeAbnormalTest003
165 * @tc.desc: test unsupport permission.
166 * @tc.type: FUNC
167 * @tc.require:Issue Number
168 */
169 HWTEST_F(GrantPermissionForSpecifiedTimeTest, GrantPermissionForSpecifiedTimeAbnormalTest003, TestSize.Level0)
170 {
171 LOGI(ATM_DOMAIN, ATM_TAG, "GrantPermissionForSpecifiedTimeAbnormalTest003");
172 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(
173 g_infoParms.userID, g_infoParms.bundleName, g_infoParms.instIndex);
174 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
175 ASSERT_NE(INVALID_TOKENID, tokenID);
176 uint32_t onceTime = 10; // 10: 10s
177 std::string permission = "ohos.permission.CAMERA";
178
179 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID,
180 AccessTokenKit::GrantPermissionForSpecifiedTime(tokenID, permission, onceTime));
181 }
182
183 /**
184 * @tc.name: GrantPermissionForSpecifiedTimeAbnormalTest004
185 * @tc.desc: GrantPermissionForSpecifiedTime with no permission
186 * @tc.type: FUNC
187 * @tc.require:
188 */
189 HWTEST_F(GrantPermissionForSpecifiedTimeTest, GrantPermissionForSpecifiedTimeAbnormalTest004, TestSize.Level0)
190 {
191 LOGI(ATM_DOMAIN, ATM_TAG, "GrantPermissionForSpecifiedTimeAbnormalTest004");
192 uint64_t selfTokenId = GetSelfTokenID();
193 SetSelfTokenID(g_selfTokenId);
194 setuid(1234);
195 AccessTokenID tokenId = 123;
196 std::string permission = "permission";
197 uint32_t onceTime = 1;
198 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED,
199 AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, permission, onceTime));
200 setuid(g_selfUid);
201 SetSelfTokenID(selfTokenId);
202 }
203
204 /**
205 * @tc.name: GrantPermissionForSpecifiedTimeSpecsTest001
206 * @tc.desc: 1. The permission is granted when onceTime is not reached;
207 * 2. The permission is revoked after onceTime is reached.
208 * @tc.type: FUNC
209 * @tc.require:Issue Number
210 */
211 HWTEST_F(GrantPermissionForSpecifiedTimeTest, GrantPermissionForSpecifiedTimeSpecsTest001, TestSize.Level0)
212 {
213 LOGI(ATM_DOMAIN, ATM_TAG, "GrantPermissionForSpecifiedTimeSpecsTest001");
214 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(
215 g_infoParms.userID, g_infoParms.bundleName, g_infoParms.instIndex);
216 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
217 ASSERT_NE(INVALID_TOKENID, tokenID);
218 uint32_t onceTime = 2;
219
220 ASSERT_EQ(RET_SUCCESS,
221 AccessTokenKit::GrantPermissionForSpecifiedTime(tokenID, SHORT_TEMP_PERMISSION, onceTime));
222
223 ASSERT_EQ(PermissionState::PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
224
225 sleep(onceTime + 1);
226
227 ASSERT_EQ(PermissionState::PERMISSION_DENIED,
228 AccessTokenKit::VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION, true));
229 }
230
231 /**
232 * @tc.name: GrantPermissionForSpecifiedTimeSpecsTest002
233 * @tc.desc: 1. The permission is granted when onceTime is not reached;
234 * 2. onceTime is update when GrantPermissionForSpecifiedTime is called twice.
235 * @tc.type: FUNC
236 * @tc.require:Issue Number
237 */
238 HWTEST_F(GrantPermissionForSpecifiedTimeTest, GrantPermissionForSpecifiedTimeSpecsTest002, TestSize.Level0)
239 {
240 LOGI(ATM_DOMAIN, ATM_TAG, "GrantPermissionForSpecifiedTimeSpecsTest002");
241 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(
242 g_infoParms.userID, g_infoParms.bundleName, g_infoParms.instIndex);
243 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
244 ASSERT_NE(INVALID_TOKENID, tokenID);
245 uint32_t onceTime = 3;
246
247 ASSERT_EQ(RET_SUCCESS,
248 AccessTokenKit::GrantPermissionForSpecifiedTime(tokenID, SHORT_TEMP_PERMISSION, onceTime));
249 sleep(onceTime - 1);
250 ASSERT_EQ(PermissionState::PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
251
252 // update onceTime
253 onceTime = 5;
254 ASSERT_EQ(RET_SUCCESS,
255 AccessTokenKit::GrantPermissionForSpecifiedTime(tokenID, SHORT_TEMP_PERMISSION, onceTime));
256
257 // first onceTime is reached, permission is not revoked
258 sleep(1);
259 ASSERT_EQ(PermissionState::PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
260
261 // second onceTime is reached, permission is revoked
262 sleep(onceTime);
263 ASSERT_EQ(PermissionState::PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
264 }
265 } // namespace AccessToken
266 } // namespace Security
267 } // namespace OHOS