1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "security_component_grant_test.h"
17 #include <thread>
18
19 #include "accesstoken_callbacks.h"
20 #include "accesstoken_kit.h"
21 #include "access_token_error.h"
22 #include "permission_grant_info.h"
23 #include "nativetoken_kit.h"
24 #include "test_common.h"
25 #include "token_setproc.h"
26
27 using namespace testing::ext;
28 using namespace OHOS::Security::AccessToken;
29
30 namespace {
31 static const std::string TEST_PERMISSION = "ohos.permission.DISTRIBUTED_DATASYNC";
32 static const std::string TEST_PERMISSION_NOT_REQUESTED = "ohos.permission.GRANT_SENSITIVE_PERMISSIONS";
33 static uint64_t g_selfShellTokenId = 0;
34 static MockHapToken* g_mock = nullptr;
35 PermissionStateFull g_infoManagerTestState1 = {
36 .permissionName = TEST_PERMISSION,
37 .isGeneral = true,
38 .resDeviceID = {"local5"},
39 .grantStatus = {PermissionState::PERMISSION_DENIED},
40 .grantFlags = {0},
41 };
42
43 HapInfoParams g_infoManagerTestInfoParms = {
44 .userID = 1,
45 .bundleName = "security_component_grant_test",
46 .instIndex = 0,
47 .appIDDesc = "test5"
48 };
49
50 HapPolicyParams g_infoManagerTestPolicyPrams = {
51 .apl = APL_NORMAL,
52 .domain = "test.domain5",
53 .permStateList = {g_infoManagerTestState1}
54 };
55 }
56
SetUpTestCase()57 void SecurityComponentGrantTest::SetUpTestCase()
58 {
59 g_selfShellTokenId = GetSelfTokenID();
60 TestCommon::SetTestEvironment(g_selfShellTokenId);
61
62 std::vector<std::string> reqPerm;
63 reqPerm.emplace_back("ohos.permission.MANAGE_HAP_TOKENID");
64 reqPerm.emplace_back("ohos.permission.GET_SENSITIVE_PERMISSIONS");
65 reqPerm.emplace_back("ohos.permission.REVOKE_SENSITIVE_PERMISSIONS");
66 reqPerm.emplace_back("ohos.permission.GRANT_SENSITIVE_PERMISSIONS");
67 g_mock = new (std::nothrow) MockHapToken("SecurityComponentGrantTest", reqPerm, true);
68
69 GTEST_LOG_(INFO) << "SecurityComponentGrantTest, tokenID is " << g_selfShellTokenId;
70 GTEST_LOG_(INFO) << "SecurityComponentGrantTest, sel is " << GetSelfTokenID();
71 // make test case clean
72 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(g_infoManagerTestInfoParms.userID,
73 g_infoManagerTestInfoParms.bundleName, g_infoManagerTestInfoParms.instIndex);
74 TestCommon::DeleteTestHapToken(tokenIdEx.tokenIdExStruct.tokenID);
75 }
76
TearDownTestCase()77 void SecurityComponentGrantTest::TearDownTestCase()
78 {
79 if (g_mock != nullptr) {
80 delete g_mock;
81 g_mock = nullptr;
82 }
83 TestCommon::ResetTestEvironment();
84 SetSelfTokenID(g_selfShellTokenId);
85 }
86
SetUp()87 void SecurityComponentGrantTest::SetUp()
88 {
89 }
90
TearDown()91 void SecurityComponentGrantTest::TearDown()
92 {
93 }
94
AllocTestToken() const95 AccessTokenID SecurityComponentGrantTest::AllocTestToken() const
96 {
97 AccessTokenIDEx tokenIdEx = {0};
98 EXPECT_EQ(RET_SUCCESS,
99 TestCommon::AllocTestHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams, tokenIdEx));
100 return tokenIdEx.tokenIdExStruct.tokenID;
101 }
102
103 /**
104 * @tc.name: SecurityComponentGrantTest001
105 * @tc.desc: test security component grant when user has not operated.
106 * @tc.type: FUNC
107 * @tc.require:Issue Number
108 */
109 HWTEST_F(SecurityComponentGrantTest, SecurityComponentGrantTest001, TestSize.Level0)
110 {
111 AccessTokenID tokenID = AllocTestToken();
112 ASSERT_NE(tokenID, INVALID_TOKENID);
113 int32_t status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
114 ASSERT_EQ(status, PERMISSION_DENIED);
115 int32_t res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
116 ASSERT_EQ(res, RET_SUCCESS);
117 uint32_t flag = 0;
118 res = TestCommon::GetPermissionFlagByTest(tokenID, TEST_PERMISSION, flag);
119 ASSERT_EQ(res, RET_SUCCESS);
120 ASSERT_NE(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
121
122 status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
123 ASSERT_EQ(status, PERMISSION_GRANTED);
124
125 res = TestCommon::RevokePermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
126 ASSERT_EQ(res, RET_SUCCESS);
127 status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
128 ASSERT_EQ(status, PERMISSION_DENIED);
129 res = TestCommon::GetPermissionFlagByTest(tokenID, TEST_PERMISSION, flag);
130 ASSERT_EQ(res, RET_SUCCESS);
131 ASSERT_EQ(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
132 res = TestCommon::DeleteTestHapToken(tokenID);
133 ASSERT_EQ(res, RET_SUCCESS);
134 }
135
136 /**
137 * @tc.name: SecurityComponentGrantTest002
138 * @tc.desc: test security component grant when user has granted.
139 * @tc.type: FUNC
140 * @tc.require:Issue Number
141 */
142 HWTEST_F(SecurityComponentGrantTest, SecurityComponentGrantTest002, TestSize.Level0)
143 {
144 AccessTokenID tokenID = AllocTestToken();
145 ASSERT_NE(tokenID, INVALID_TOKENID);
146
147 // user grant
148 int32_t res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_USER_FIXED);
149 ASSERT_EQ(res, RET_SUCCESS);
150
151 // security component grant
152 res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
153 ASSERT_EQ(res, RET_SUCCESS);
154 int32_t status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
155 ASSERT_EQ(status, PERMISSION_GRANTED);
156 uint32_t flag = 0;
157 res = TestCommon::GetPermissionFlagByTest(tokenID, TEST_PERMISSION, flag);
158 ASSERT_EQ(res, RET_SUCCESS);
159 ASSERT_EQ(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
160
161 // security component revoke
162 res = TestCommon::RevokePermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
163 ASSERT_EQ(res, RET_SUCCESS);
164 status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
165 ASSERT_EQ(status, PERMISSION_GRANTED);
166 res = TestCommon::GetPermissionFlagByTest(tokenID, TEST_PERMISSION, flag);
167 ASSERT_EQ(res, RET_SUCCESS);
168 ASSERT_EQ(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
169 res = TestCommon::DeleteTestHapToken(tokenID);
170 ASSERT_EQ(res, RET_SUCCESS);
171 }
172
173 /**
174 * @tc.name: SecurityComponentGrantTest003
175 * @tc.desc: test security component grant when system has operated.
176 * @tc.type: FUNC
177 * @tc.require:Issue Number
178 */
179 HWTEST_F(SecurityComponentGrantTest, SecurityComponentGrantTest003, TestSize.Level0)
180 {
181 AccessTokenID tokenID = AllocTestToken();
182 ASSERT_NE(tokenID, INVALID_TOKENID);
183
184 // system grant
185 int32_t res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_PRE_AUTHORIZED_CANCELABLE);
186 ASSERT_EQ(res, RET_SUCCESS);
187
188 // security component grant
189 res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
190 ASSERT_EQ(res, RET_SUCCESS);
191 int32_t status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
192 ASSERT_EQ(status, PERMISSION_GRANTED);
193 uint32_t flag = 0;
194 TestCommon::GetPermissionFlagByTest(tokenID, TEST_PERMISSION, flag);
195 ASSERT_EQ(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
196
197 // security component revoke
198 res = TestCommon::RevokePermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
199 ASSERT_EQ(res, RET_SUCCESS);
200 status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
201 ASSERT_EQ(status, PERMISSION_GRANTED);
202 res = TestCommon::GetPermissionFlagByTest(tokenID, TEST_PERMISSION, flag);
203 ASSERT_EQ(res, RET_SUCCESS);
204 ASSERT_EQ(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
205
206 res = TestCommon::DeleteTestHapToken(tokenID);
207 ASSERT_EQ(res, RET_SUCCESS);
208 }
209
210 /**
211 * @tc.name: SecurityComponentGrantTest004
212 * @tc.desc: test security component grant when user has revoked.
213 * @tc.type: FUNC
214 * @tc.require:Issue Number
215 */
216 HWTEST_F(SecurityComponentGrantTest, SecurityComponentGrantTest004, TestSize.Level0)
217 {
218 AccessTokenID tokenID = AllocTestToken();
219 ASSERT_NE(tokenID, INVALID_TOKENID);
220
221 // user revoke
222 int32_t res = TestCommon::RevokePermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_USER_FIXED);
223 ASSERT_EQ(res, RET_SUCCESS);
224 // security component grant
225 res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
226 ASSERT_NE(res, RET_SUCCESS);
227 int32_t status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
228 ASSERT_EQ(status, PERMISSION_DENIED);
229
230 uint32_t flag = 0;
231 res = TestCommon::GetPermissionFlagByTest(tokenID, TEST_PERMISSION, flag);
232 ASSERT_EQ(res, RET_SUCCESS);
233 ASSERT_EQ(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
234
235 // security component revoke
236 res = TestCommon::RevokePermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
237 ASSERT_EQ(res, RET_SUCCESS);
238 status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
239 ASSERT_EQ(status, PERMISSION_DENIED);
240 TestCommon::GetPermissionFlagByTest(tokenID, TEST_PERMISSION, flag);
241 ASSERT_EQ(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
242
243 res = TestCommon::DeleteTestHapToken(tokenID);
244 ASSERT_EQ(res, RET_SUCCESS);
245 }
246
247 /**
248 * @tc.name: SecurityComponentGrantTest005
249 * @tc.desc: test user has grant after security component grant.
250 * @tc.type: FUNC
251 * @tc.require:Issue Number
252 */
253 HWTEST_F(SecurityComponentGrantTest, SecurityComponentGrantTest005, TestSize.Level0)
254 {
255 AccessTokenID tokenID = AllocTestToken();
256 ASSERT_NE(tokenID, INVALID_TOKENID);
257
258 // security component grant
259 int32_t res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
260 ASSERT_EQ(res, RET_SUCCESS);
261 int32_t status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
262 ASSERT_EQ(status, PERMISSION_GRANTED);
263
264 // user grant
265 uint32_t flag = 0;
266 res = TestCommon::GetPermissionFlagByTest(tokenID, TEST_PERMISSION, flag);
267 ASSERT_EQ(res, RET_SUCCESS);
268 ASSERT_NE(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
269 res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_USER_FIXED);
270 ASSERT_EQ(res, RET_SUCCESS);
271 TestCommon::GetPermissionFlagByTest(tokenID, TEST_PERMISSION, flag);
272 ASSERT_EQ(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
273
274 // security component revoke
275 res = TestCommon::RevokePermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
276 ASSERT_EQ(res, RET_SUCCESS);
277 status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
278 ASSERT_EQ(status, PERMISSION_GRANTED);
279
280 res = TestCommon::DeleteTestHapToken(tokenID);
281 ASSERT_EQ(res, RET_SUCCESS);
282 }
283
284 /**
285 * @tc.name: SecurityComponentGrantTest006
286 * @tc.desc: test user has revoked after security component grant.
287 * @tc.type: FUNC
288 * @tc.require:Issue Number
289 */
290 HWTEST_F(SecurityComponentGrantTest, SecurityComponentGrantTest006, TestSize.Level0)
291 {
292 AccessTokenID tokenID = AllocTestToken();
293 ASSERT_NE(tokenID, INVALID_TOKENID);
294
295 // security component grant
296 int32_t res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
297 ASSERT_EQ(res, RET_SUCCESS);
298 int32_t status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
299 ASSERT_EQ(status, PERMISSION_GRANTED);
300
301 uint32_t flag = 0;
302 res = TestCommon::GetPermissionFlagByTest(tokenID, TEST_PERMISSION, flag);
303 ASSERT_EQ(res, RET_SUCCESS);
304 ASSERT_NE(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
305
306 // user revoke
307 res = TestCommon::RevokePermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_USER_FIXED);
308 ASSERT_EQ(res, RET_SUCCESS);
309 status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
310 ASSERT_EQ(status, PERMISSION_DENIED);
311 TestCommon::GetPermissionFlagByTest(tokenID, TEST_PERMISSION, flag);
312 ASSERT_EQ(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
313
314 // security component revoke
315 res = TestCommon::RevokePermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
316 ASSERT_EQ(res, RET_SUCCESS);
317 status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
318 ASSERT_EQ(status, PERMISSION_DENIED);
319
320 res = TestCommon::DeleteTestHapToken(tokenID);
321 ASSERT_EQ(res, RET_SUCCESS);
322 }
323
324 /**
325 * @tc.name: SecurityComponentGrantTest007
326 * @tc.desc: test permission pop-up after security component grant.
327 * @tc.type: FUNC
328 * @tc.require:Issue Number
329 */
330 HWTEST_F(SecurityComponentGrantTest, SecurityComponentGrantTest007, TestSize.Level0)
331 {
332 uint64_t selfToken = GetSelfTokenID();
333 MockNativeToken mock("foundation");
334 AccessTokenID tokenID = AllocTestToken();
335 ASSERT_NE(tokenID, INVALID_TOKENID);
336 AccessTokenID nativeTokenID = GetSelfTokenID();
337 // security component grant
338 int32_t res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
339 ASSERT_EQ(res, RET_SUCCESS);
340 int32_t status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
341 ASSERT_EQ(status, PERMISSION_GRANTED);
342
343 PermissionOper result;
344 PermissionListState perm1 = {
345 .permissionName = TEST_PERMISSION,
346 .state = SETTING_OPER,
347 };
348 std::vector<PermissionListState> permList;
349 permList.emplace_back(perm1);
350 // check to pop up
351 EXPECT_EQ(0, SetSelfTokenID(tokenID));
352 PermissionGrantInfo info;
353 result = AccessTokenKit::GetSelfPermissionsState(permList, info);
354 ASSERT_EQ(result, DYNAMIC_OPER);
355
356 // check not to pop up
357 EXPECT_EQ(0, SetSelfTokenID(nativeTokenID));
358 TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_USER_FIXED);
359
360 EXPECT_EQ(0, SetSelfTokenID(tokenID));
361 result = AccessTokenKit::GetSelfPermissionsState(permList, info);
362 ASSERT_EQ(result, PASS_OPER);
363
364 // security component revoke
365 EXPECT_EQ(0, SetSelfTokenID(nativeTokenID));
366 TestCommon::RevokePermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
367
368 res = TestCommon::DeleteTestHapToken(tokenID);
369 ASSERT_EQ(res, RET_SUCCESS);
370
371 EXPECT_EQ(0, SetSelfTokenID(nativeTokenID));
372 EXPECT_EQ(0, SetSelfTokenID(selfToken));
373 }
374
375 /**
376 * @tc.name: SecurityComponentGrantTest008
377 * @tc.desc: test permission pop-up after security component grant.
378 * @tc.type: FUNC
379 * @tc.require:Issue Number
380 */
381 HWTEST_F(SecurityComponentGrantTest, SecurityComponentGrantTest008, TestSize.Level0)
382 {
383 AccessTokenID tokenID = AllocTestToken();
384 ASSERT_NE(tokenID, INVALID_TOKENID);
385
386 // security component grant
387 int32_t res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
388 ASSERT_EQ(res, RET_SUCCESS);
389 int32_t status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
390 ASSERT_EQ(status, PERMISSION_GRANTED);
391
392 // security component grant repeat
393 res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
394 ASSERT_EQ(res, RET_SUCCESS);
395
396 // security component revoke
397 res = TestCommon::RevokePermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
398 ASSERT_EQ(res, RET_SUCCESS);
399
400 // security component revoke repeat
401 res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
402 ASSERT_EQ(res, RET_SUCCESS);
403
404 res = TestCommon::DeleteTestHapToken(tokenID);
405 ASSERT_EQ(res, RET_SUCCESS);
406 }
407
408 class CbCustomizeTest : public PermStateChangeCallbackCustomize {
409 public:
CbCustomizeTest(const PermStateChangeScope & scopeInfo)410 explicit CbCustomizeTest(const PermStateChangeScope &scopeInfo)
411 : PermStateChangeCallbackCustomize(scopeInfo)
412 {
413 }
414
~CbCustomizeTest()415 ~CbCustomizeTest()
416 {}
417
PermStateChangeCallback(PermStateChangeInfo & result)418 virtual void PermStateChangeCallback(PermStateChangeInfo& result)
419 {
420 ready2_ = true;
421 }
422
423 bool ready2_ = false;
424 };
425
426 /**
427 * @tc.name: SecurityComponentGrantTest009
428 * @tc.desc: test permission pop-up after security component grant.
429 * @tc.type: FUNC
430 * @tc.require:Issue Number
431 */
432 HWTEST_F(SecurityComponentGrantTest, SecurityComponentGrantTest009, TestSize.Level0)
433 {
434 PermStateChangeScope scopeInfo9;
435 scopeInfo9.permList = {TEST_PERMISSION};
436 scopeInfo9.tokenIDs = {};
437 auto callbackPtr = std::make_shared<CbCustomizeTest>(scopeInfo9);
438 callbackPtr->ready2_ = false;
439
440 int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr);
441 ASSERT_EQ(RET_SUCCESS, res);
442
443 AccessTokenID tokenID = AllocTestToken();
444 ASSERT_NE(tokenID, INVALID_TOKENID);
445
446 // security component grant
447 res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
448 ASSERT_EQ(res, RET_SUCCESS);
449 usleep(500000); // 500000us = 0.5s
450 ASSERT_EQ(callbackPtr->ready2_, true);
451 callbackPtr->ready2_ = false;
452
453 // user grant
454 res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_USER_FIXED);
455 ASSERT_EQ(res, RET_SUCCESS);
456 usleep(500000); // 500000us = 0.5s
457 ASSERT_EQ(callbackPtr->ready2_, false);
458
459 // security component revoke
460 res = TestCommon::RevokePermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_USER_FIXED);
461 ASSERT_EQ(res, RET_SUCCESS);
462 usleep(500000); // 500000us = 0.5s
463 ASSERT_EQ(callbackPtr->ready2_, true);
464 callbackPtr->ready2_ = false;
465
466 // security component revoke repeat
467 res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
468 ASSERT_NE(res, RET_SUCCESS);
469 usleep(500000); // 500000us = 0.5s
470 ASSERT_EQ(callbackPtr->ready2_, false);
471
472 res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr);
473 ASSERT_EQ(RET_SUCCESS, res);
474
475 res = TestCommon::DeleteTestHapToken(tokenID);
476 ASSERT_EQ(res, RET_SUCCESS);
477 }
478
479 /**
480 * @tc.name: SecurityComponentGrantTest010
481 * @tc.desc: test permission pop-up after security component grant.
482 * @tc.type: FUNC
483 * @tc.require:Issue Number
484 */
485 HWTEST_F(SecurityComponentGrantTest, SecurityComponentGrantTest010, TestSize.Level0)
486 {
487 PermStateChangeScope scopeInfo10;
488 scopeInfo10.permList = {TEST_PERMISSION};
489 scopeInfo10.tokenIDs = {};
490 auto callbackPtr = std::make_shared<CbCustomizeTest>(scopeInfo10);
491 callbackPtr->ready2_ = false;
492
493 int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr);
494 ASSERT_EQ(RET_SUCCESS, res);
495
496 AccessTokenID tokenID = AllocTestToken();
497 ASSERT_NE(tokenID, INVALID_TOKENID);
498
499 // security component grant
500 res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
501 ASSERT_EQ(res, RET_SUCCESS);
502 usleep(500000); // 500000us = 0.5s
503 ASSERT_EQ(callbackPtr->ready2_, true);
504 callbackPtr->ready2_ = false;
505
506 // user revoke
507 res = TestCommon::RevokePermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_USER_FIXED);
508 ASSERT_EQ(res, RET_SUCCESS);
509 usleep(500000); // 500000us = 0.5s
510 ASSERT_EQ(callbackPtr->ready2_, true);
511 callbackPtr->ready2_ = false;
512
513 // security component revoke
514 res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
515 ASSERT_NE(res, RET_SUCCESS);
516 usleep(500000); // 500000us = 0.5s
517 ASSERT_EQ(callbackPtr->ready2_, false);
518
519 res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr);
520 ASSERT_EQ(RET_SUCCESS, res);
521
522 res = TestCommon::DeleteTestHapToken(tokenID);
523 ASSERT_EQ(res, RET_SUCCESS);
524 }
525
526 /**
527 * @tc.name: SecurityComponentGrantTest011
528 * @tc.desc: test permission pop-up after security component grant.
529 * @tc.type: FUNC
530 * @tc.require:Issue Number
531 */
532 HWTEST_F(SecurityComponentGrantTest, SecurityComponentGrantTest011, TestSize.Level0)
533 {
534 PermStateChangeScope scopeInfo;
535 scopeInfo.permList = {TEST_PERMISSION_NOT_REQUESTED};
536 scopeInfo.tokenIDs = {};
537 auto callbackPtr = std::make_shared<CbCustomizeTest>(scopeInfo);
538 callbackPtr->ready2_ = false;
539
540 int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr);
541 ASSERT_EQ(RET_SUCCESS, res);
542
543 AccessTokenID tokenID = AllocTestToken();
544 ASSERT_NE(tokenID, INVALID_TOKENID);
545
546 // security component grant a not requested permission
547 res = TestCommon::GrantPermissionByTest(tokenID, TEST_PERMISSION_NOT_REQUESTED, PERMISSION_COMPONENT_SET);
548 ASSERT_EQ(res, RET_SUCCESS);
549 usleep(500000); // 500000us = 0.5s
550 ASSERT_EQ(callbackPtr->ready2_, true);
551 callbackPtr->ready2_ = false;
552
553 int32_t status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NOT_REQUESTED, false);
554 ASSERT_EQ(status, PERMISSION_GRANTED);
555
556 // security component revoke
557 res = TestCommon::RevokePermissionByTest(tokenID, TEST_PERMISSION_NOT_REQUESTED, PERMISSION_COMPONENT_SET);
558 ASSERT_EQ(res, RET_SUCCESS);
559 usleep(500000); // 500000us = 0.5s
560 ASSERT_EQ(callbackPtr->ready2_, true);
561
562 status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NOT_REQUESTED, false);
563 ASSERT_EQ(status, PERMISSION_DENIED);
564
565 res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr);
566 ASSERT_EQ(RET_SUCCESS, res);
567
568 res = TestCommon::DeleteTestHapToken(tokenID);
569 ASSERT_EQ(res, RET_SUCCESS);
570 }
571
572 /**
573 * @tc.name: IsToastShownNeededTest001
574 * @tc.desc: test whether the security component need to show the toast.
575 * @tc.type: FUNC
576 * @tc.require:Issue Number
577 */
578 HWTEST_F(SecurityComponentGrantTest, IsToastShownNeededTest001, TestSize.Level0)
579 {
580 int32_t pid = 10;
581 MockNativeToken mock("security_component_service");
582 EXPECT_EQ(true, AccessTokenKit::IsToastShownNeeded(pid));
583 EXPECT_EQ(false, AccessTokenKit::IsToastShownNeeded(pid));
584 }
585
586 #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE
587 /**
588 * @tc.name: RegisterSecCompEnhance001
589 * @tc.desc: AccessTokenKit:: function test register enhance data
590 * @tc.type: FUNC
591 * @tc.require: Issue Number
592 */
593 HWTEST_F(SecurityComponentGrantTest, RegisterSecCompEnhance001, TestSize.Level0)
594 {
595 SecCompEnhanceData data;
596 data.callback = nullptr;
597 data.challenge = 0;
598 data.seqNum = 0;
599 EXPECT_EQ(ERR_WRITE_PARCEL_FAILED, AccessTokenKit::RegisterSecCompEnhance(data));
600
601 // PermissionStateChangeCallback is not the real callback of SecCompEnhance,
602 // but it does not effect the final result.
603 PermStateChangeScope scopeInfo9;
604 scopeInfo9.permList = {TEST_PERMISSION};
605 scopeInfo9.tokenIDs = {};
606 auto callbackPtr = std::make_shared<CbCustomizeTest>(scopeInfo9);
607 data.callback = new (std::nothrow) PermissionStateChangeCallback(callbackPtr);
608 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::RegisterSecCompEnhance(data));
609
610 MockNativeToken mock("security_component_service");
611 SecCompEnhanceData data1;
612 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::GetSecCompEnhance(getpid(), data1));
613 EXPECT_NE(RET_SUCCESS, AccessTokenKit::GetSecCompEnhance(0, data1));
614 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::UpdateSecCompEnhance(getpid(), 1));
615 EXPECT_NE(RET_SUCCESS, AccessTokenKit::UpdateSecCompEnhance(0, 1));
616 }
617 #endif
618