1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "verify_access_token_test.h"
17 #include "gtest/gtest.h"
18 #include <thread>
19
20 #include "access_token.h"
21 #include "access_token_error.h"
22 #include "accesstoken_common_log.h"
23 #include "iaccess_token_manager.h"
24 #include "permission_grant_info.h"
25 #include "permission_state_change_info_parcel.h"
26 #include "string_ex.h"
27 #include "test_common.h"
28 #include "tokenid_kit.h"
29 #include "token_setproc.h"
30
31 using namespace testing::ext;
32 namespace OHOS {
33 namespace Security {
34 namespace AccessToken {
35 namespace {
36 static uint64_t g_selfTokenId = 0;
37 static const std::string TEST_BUNDLE_NAME = "ohos";
38 static const int INVALID_PERMNAME_LEN = 260;
39 static const unsigned int TEST_TOKENID_INVALID = 0;
40 static const int TEST_USER_ID = 0;
41 static constexpr int32_t DEFAULT_API_VERSION = 8;
42 };
43
SetUpTestCase()44 void VerifyAccessTokenTest::SetUpTestCase()
45 {
46 g_selfTokenId = GetSelfTokenID();
47 TestCommon::SetTestEvironment(g_selfTokenId);
48
49 // clean up test cases
50 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
51 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
52 TestCommon::DeleteTestHapToken(tokenID);
53 }
54
TearDownTestCase()55 void VerifyAccessTokenTest::TearDownTestCase()
56 {
57 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
58 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
59 TestCommon::DeleteTestHapToken(tokenID);
60
61 SetSelfTokenID(g_selfTokenId);
62 TestCommon::ResetTestEvironment();
63 }
64
SetUp()65 void VerifyAccessTokenTest::SetUp()
66 {
67 LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok.");
68
69 setuid(0);
70 HapInfoParams info = {
71 .userID = TEST_USER_ID,
72 .bundleName = TEST_BUNDLE_NAME,
73 .instIndex = 0,
74 .appIDDesc = "VerifyAccessTokenTest",
75 .apiVersion = DEFAULT_API_VERSION
76 };
77
78 PermissionStateFull permStatMicro = {
79 .permissionName = "ohos.permission.MICROPHONE",
80 .isGeneral = true,
81 .resDeviceID = {"device3"},
82 .grantStatus = {PermissionState::PERMISSION_DENIED},
83 .grantFlags = {PermissionFlag::PERMISSION_USER_SET}
84 };
85 PermissionStateFull permStatLocation = {
86 .permissionName = "ohos.permission.APPROXIMATELY_LOCATION",
87 .isGeneral = true,
88 .resDeviceID = {"device3"},
89 .grantStatus = {PermissionState::PERMISSION_DENIED},
90 .grantFlags = {PermissionFlag::PERMISSION_USER_FIXED}
91 };
92
93 HapPolicyParams policy = {
94 .apl = APL_NORMAL,
95 .domain = "VerifyAccessTokenTest",
96 .permStateList = { permStatMicro, permStatLocation },
97 };
98
99 AccessTokenIDEx tokenIdEx = {0};
100 ASSERT_EQ(RET_SUCCESS, TestCommon::AllocTestHapToken(info, policy, tokenIdEx));
101 ASSERT_NE(tokenIdEx.tokenIdExStruct.tokenID, INVALID_TOKENID);
102 }
103
TearDown()104 void VerifyAccessTokenTest::TearDown()
105 {
106 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
107 TestCommon::DeleteTestHapToken(tokenIdEx.tokenIdExStruct.tokenID);
108 }
109
110 /**
111 * @tc.name: VerifyAccessTokenFuncTest001
112 * @tc.desc: Verify user granted permission.
113 * @tc.type: FUNC
114 * @tc.require: Issue Number
115 */
116 HWTEST_F(VerifyAccessTokenTest, VerifyAccessTokenFuncTest001, TestSize.Level0)
117 {
118 LOGI(ATM_DOMAIN, ATM_TAG, "VerifyAccessTokenFuncTest001");
119 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
120 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
121 int ret = TestCommon::GrantPermissionByTest(tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED);
122 ASSERT_EQ(RET_SUCCESS, ret);
123
124 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE");
125 ASSERT_EQ(PERMISSION_GRANTED, ret);
126 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE", false);
127 ASSERT_EQ(PERMISSION_GRANTED, ret);
128
129 ret = TestCommon::RevokePermissionByTest(tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED);
130 ASSERT_EQ(RET_SUCCESS, ret);
131
132 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE");
133 ASSERT_EQ(PERMISSION_DENIED, ret);
134 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE", false);
135 ASSERT_EQ(PERMISSION_DENIED, ret);
136 }
137
138 /**
139 * @tc.name: VerifyAccessTokenFuncTest002
140 * @tc.desc: Verify system granted permission.
141 * @tc.type: FUNC
142 * @tc.require: Issue Number
143 */
144 HWTEST_F(VerifyAccessTokenTest, VerifyAccessTokenFuncTest002, TestSize.Level0)
145 {
146 LOGI(ATM_DOMAIN, ATM_TAG, "VerifyAccessTokenFuncTest002");
147 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
148 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
149 int ret =
150 TestCommon::GrantPermissionByTest(tokenID, "ohos.permission.APPROXIMATELY_LOCATION", PERMISSION_USER_FIXED);
151 ASSERT_EQ(RET_SUCCESS, ret);
152
153 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION");
154 ASSERT_EQ(PERMISSION_GRANTED, ret);
155 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION", false);
156 ASSERT_EQ(PERMISSION_GRANTED, ret);
157
158 ret = TestCommon::RevokePermissionByTest(tokenID, "ohos.permission.APPROXIMATELY_LOCATION", PERMISSION_USER_FIXED);
159 ASSERT_EQ(RET_SUCCESS, ret);
160
161 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION");
162 ASSERT_EQ(PERMISSION_DENIED, ret);
163 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION", false);
164 ASSERT_EQ(PERMISSION_DENIED, ret);
165 }
166
167 /**
168 * @tc.name: VerifyAccessTokenAbnormalTest001
169 * @tc.desc: Verify permission that tokenID or permission is invalid.
170 * @tc.type: FUNC
171 * @tc.require: Issue Number
172 */
173 HWTEST_F(VerifyAccessTokenTest, VerifyAccessTokenAbnormalTest001, TestSize.Level0)
174 {
175 LOGI(ATM_DOMAIN, ATM_TAG, "VerifyAccessTokenAbnormalTest001");
176 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
177 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
178 int ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.GAMMA", false);
179 ASSERT_EQ(PERMISSION_DENIED, ret);
180
181 ret = AccessTokenKit::VerifyAccessToken(tokenID, "");
182 ASSERT_EQ(PERMISSION_DENIED, ret);
183 ret = AccessTokenKit::VerifyAccessToken(tokenID, "", false);
184 ASSERT_EQ(PERMISSION_DENIED, ret);
185
186 std::string invalidPerm(INVALID_PERMNAME_LEN, 'a');
187 ret = AccessTokenKit::VerifyAccessToken(tokenID, invalidPerm, false);
188 ASSERT_EQ(PERMISSION_DENIED, ret);
189
190 AccessTokenKit::VerifyAccessToken(TEST_TOKENID_INVALID, "ohos.permission.APPROXIMATELY_LOCATION");
191 ASSERT_EQ(PERMISSION_DENIED, ret);
192 AccessTokenKit::VerifyAccessToken(TEST_TOKENID_INVALID, "ohos.permission.APPROXIMATELY_LOCATION", false);
193 ASSERT_EQ(PERMISSION_DENIED, ret);
194
195 AccessTokenKit::DeleteToken(tokenID);
196
197 AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION");
198 ASSERT_EQ(PERMISSION_DENIED, ret);
199 AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION", false);
200 ASSERT_EQ(PERMISSION_DENIED, ret);
201 }
202
203 /**
204 * @tc.name: VerifyAccessTokenWithListFuncTest001
205 * @tc.desc: Verify permission with list.
206 * @tc.type: FUNC
207 * @tc.require: Issue Number
208 */
209 HWTEST_F(VerifyAccessTokenTest, VerifyAccessTokenWithListFuncTest001, TestSize.Level0)
210 {
211 LOGI(ATM_DOMAIN, ATM_TAG, "VerifyAccessTokenWithListFuncTest001");
212 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
213 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
214 int ret = TestCommon::GrantPermissionByTest(tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED);
215 ASSERT_EQ(RET_SUCCESS, ret);
216 ret = TestCommon::GrantPermissionByTest(tokenID, "ohos.permission.APPROXIMATELY_LOCATION", PERMISSION_USER_FIXED);
217 ASSERT_EQ(RET_SUCCESS, ret);
218
219 std::vector<std::string> permissionList;
220 permissionList.emplace_back("ohos.permission.MICROPHONE");
221 permissionList.emplace_back("ohos.permission.APPROXIMATELY_LOCATION");
222
223 std::vector<int32_t> permStateList;
224 ret = AccessTokenKit::VerifyAccessToken(tokenID, permissionList, permStateList);
225 for (int i = 0; i < permissionList.size(); i++) {
226 ASSERT_EQ(PERMISSION_GRANTED, permStateList[i]);
227 }
228
229 permStateList.clear();
230 ret = AccessTokenKit::VerifyAccessToken(tokenID, permissionList, permStateList, true);
231 for (int i = 0; i < permissionList.size(); i++) {
232 ASSERT_EQ(PERMISSION_GRANTED, permStateList[i]);
233 }
234
235 ret = TestCommon::RevokePermissionByTest(tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED);
236 ASSERT_EQ(RET_SUCCESS, ret);
237 ret = TestCommon::RevokePermissionByTest(tokenID, "ohos.permission.APPROXIMATELY_LOCATION", PERMISSION_USER_FIXED);
238 ASSERT_EQ(RET_SUCCESS, ret);
239
240 permStateList.clear();
241 ret = AccessTokenKit::VerifyAccessToken(tokenID, permissionList, permStateList);
242 for (int i = 0; i < permissionList.size(); i++) {
243 ASSERT_EQ(PERMISSION_DENIED, permStateList[i]);
244 }
245
246 permStateList.clear();
247 ret = AccessTokenKit::VerifyAccessToken(tokenID, permissionList, permStateList, true);
248 for (int i = 0; i < permissionList.size(); i++) {
249 ASSERT_EQ(PERMISSION_DENIED, permStateList[i]);
250 }
251 }
252
253 /**
254 * @tc.name: VerifyAccessTokenWithListAbnormalTest001
255 * @tc.desc: Verify permission that tokenID or permission is invalid.
256 * @tc.type: FUNC
257 * @tc.require: Issue Number
258 */
259 HWTEST_F(VerifyAccessTokenTest, VerifyAccessTokenWithListAbnormalTest001, TestSize.Level0)
260 {
261 LOGI(ATM_DOMAIN, ATM_TAG, "VerifyAccessTokenWithListAbnormalTest001");
262 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
263 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
264
265 std::vector<std::string> permissionList;
266 permissionList.emplace_back("ohos.permission.GAMMA");
267 std::vector<int32_t> permStateList;
268 int ret = AccessTokenKit::VerifyAccessToken(tokenID, permissionList, permStateList, false);
269 ASSERT_EQ(RET_SUCCESS, ret);
270 ASSERT_EQ(PERMISSION_DENIED, permStateList[0]);
271
272 permissionList.clear();
273 permissionList.emplace_back("");
274 permStateList.clear();
275 ret = AccessTokenKit::VerifyAccessToken(tokenID, permissionList, permStateList);
276 ASSERT_EQ(RET_SUCCESS, ret);
277 ASSERT_EQ(PERMISSION_DENIED, permStateList[0]);
278
279 std::string invalidPerm(INVALID_PERMNAME_LEN, 'a');
280 permissionList.clear();
281 permissionList.emplace_back(invalidPerm);
282 permStateList.clear();
283 ret = AccessTokenKit::VerifyAccessToken(tokenID, permissionList, permStateList);
284 ASSERT_EQ(RET_SUCCESS, ret);
285 ASSERT_EQ(PERMISSION_DENIED, permStateList[0]);
286
287 permissionList.clear();
288 permissionList.emplace_back("ohos.permission.MICROPHONE");
289 permissionList.emplace_back("ohos.permission.APPROXIMATELY_LOCATION");
290 permissionList.emplace_back(invalidPerm);
291 permStateList.clear();
292 ret = AccessTokenKit::VerifyAccessToken(TEST_TOKENID_INVALID, permissionList, permStateList);
293 ASSERT_EQ(RET_SUCCESS, ret);
294 ASSERT_EQ(PERMISSION_DENIED, permStateList[0]);
295 ASSERT_EQ(PERMISSION_DENIED, permStateList[1]);
296 ASSERT_EQ(PERMISSION_DENIED, permStateList[2]);
297 }
298
299 /**
300 * @tc.name: VerifyAccessTokenWithRender001
301 * @tc.desc: Verify permission that tokenID is render.
302 * @tc.type: FUNC
303 * @tc.require: Issue Number
304 */
305 HWTEST_F(VerifyAccessTokenTest, VerifyAccessTokenWithRender001, TestSize.Level0)
306 {
307 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
308 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
309
310 int ret = TestCommon::GrantPermissionByTest(tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED);
311 ASSERT_EQ(RET_SUCCESS, ret);
312 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE", true);
313 EXPECT_EQ(PERMISSION_GRANTED, ret);
314 // get render token
315 uint64_t renderToken = AccessTokenKit::GetRenderTokenID(tokenID);
316 ASSERT_NE(renderToken, INVALID_TOKENID);
317 ASSERT_NE(renderToken, tokenID);
318 AccessTokenID renderTokenID = static_cast<uint32_t>(renderToken);
319 // render return DENIED
320 ret = AccessTokenKit::VerifyAccessToken(renderTokenID, "ohos.permission.MICROPHONE", true);
321 EXPECT_EQ(ret, PERMISSION_DENIED);
322 ret = AccessTokenKit::VerifyAccessToken(renderTokenID, "ohos.permission.MICROPHONE");
323 EXPECT_EQ(ret, PERMISSION_DENIED);
324
325 std::vector<std::string> permissionList;
326 permissionList.emplace_back("ohos.permission.MICROPHONE");
327 permissionList.emplace_back("ohos.permission.APPROXIMATELY_LOCATION");
328
329 std::vector<int32_t> permStateList;
330 ret = AccessTokenKit::VerifyAccessToken(renderTokenID, permissionList, permStateList, true);
331 EXPECT_EQ(RET_SUCCESS, ret);
332 ASSERT_EQ(permissionList.size(), permStateList.size());
333 EXPECT_EQ(PERMISSION_DENIED, permStateList[0]);
334 EXPECT_EQ(PERMISSION_DENIED, permStateList[1]);
335
336 ret = TestCommon::RevokePermissionByTest(tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED);
337 ASSERT_EQ(RET_SUCCESS, ret);
338 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE", true);
339 ASSERT_EQ(PERMISSION_DENIED, ret);
340 }
341 } // namespace AccessToken
342 } // namespace Security
343 } // namespace OHOS