1 /*
2 * Copyright (c) 2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "accesstoken_manager_service_test.h"
17 #include "gtest/gtest.h"
18 #include <gtest/hwext/gtest-multithread.h>
19
20 #include "access_token_db_operator.h"
21 #include "access_token_db.h"
22 #include "access_token_error.h"
23 #include "atm_tools_param_info_parcel.h"
24 #include "parameters.h"
25 #include "permission_map.h"
26 #include "token_field_const.h"
27 const char* DEVELOPER_MODE_STATE = "const.security.developermode.state";
28
29
30 using namespace testing::ext;
31 using namespace testing::mt;
32 using namespace OHOS;
33
34 namespace OHOS {
35 namespace Security {
36 namespace AccessToken {
37 namespace {
38 static constexpr int32_t USER_ID = 100;
39 static constexpr int32_t INST_INDEX = 0;
40 static constexpr int32_t API_VERSION_9 = 9;
41 static constexpr int32_t RANDOM_TOKENID = 123;
42 static constexpr int32_t MULTIPLE_COUNT = 10;
43
44 static PermissionStatus g_state1 = { // kernel permission
45 .permissionName = "ohos.permission.KERNEL_ATM_SELF_USE",
46 .grantStatus = static_cast<int32_t>(PermissionState::PERMISSION_GRANTED),
47 .grantFlag = static_cast<uint32_t>(PermissionFlag::PERMISSION_SYSTEM_FIXED)
48 };
49
50 static PermissionStatus g_state2 = { // invalid permission
51 .permissionName = "ohos.permission.INVALIDA",
52 .grantStatus = PermissionState::PERMISSION_DENIED,
53 .grantFlag = PermissionFlag::PERMISSION_DEFAULT_FLAG
54 };
55
56 static PermissionStatus g_state3 = { // invalid permission
57 .permissionName = "ohos.permission.INVALIDB",
58 .grantStatus = PermissionState::PERMISSION_DENIED,
59 .grantFlag = PermissionFlag::PERMISSION_DEFAULT_FLAG
60 };
61
62 static PermissionStatus g_state4 = { // user grant permission
63 .permissionName = "ohos.permission.READ_MEDIA",
64 .grantStatus = static_cast<int32_t>(PermissionState::PERMISSION_GRANTED),
65 .grantFlag = static_cast<uint32_t>(PermissionFlag::PERMISSION_USER_FIXED)
66 };
67
68 static PermissionStatus g_state5 = { // system grant permission
69 .permissionName = "ohos.permission.REFRESH_USER_ACTION",
70 .grantStatus = static_cast<int32_t>(PermissionState::PERMISSION_DENIED),
71 .grantFlag = static_cast<uint32_t>(PermissionFlag::PERMISSION_DEFAULT_FLAG)
72 };
73
74 static PermissionStatus g_state6 = { // system core
75 .permissionName = "ohos.permission.POWER_MANAGER",
76 .grantStatus = static_cast<int32_t>(PermissionState::PERMISSION_DENIED),
77 .grantFlag = static_cast<uint32_t>(PermissionFlag::PERMISSION_DEFAULT_FLAG)
78 };
79
80 static HapInfoParams g_info = {
81 .userID = USER_ID,
82 .bundleName = "accesstoken_manager_service_test",
83 .instIndex = INST_INDEX,
84 .dlpType = static_cast<int>(HapDlpType::DLP_COMMON),
85 .apiVersion = API_VERSION_9,
86 .isSystemApp = false,
87 .appIDDesc = "accesstoken_manager_service_test",
88 };
89
90 static HapPolicy g_policy = {
91 .apl = ATokenAplEnum::APL_SYSTEM_BASIC,
92 .domain = "test.domain",
93 .permStateList = {g_state1, g_state2},
94 .aclRequestedList = { "ohos.permission.INVALIDA" }, // kernel permission with value no need acl
95 .aclExtendedMap = { std::make_pair("ohos.permission.KERNEL_ATM_SELF_USE", "test") },
96 };
97 }
98
SetUpTestCase()99 void AccessTokenManagerServiceTest::SetUpTestCase()
100 {
101 }
102
TearDownTestCase()103 void AccessTokenManagerServiceTest::TearDownTestCase()
104 {
105 }
106
SetUp()107 void AccessTokenManagerServiceTest::SetUp()
108 {
109 atManagerService_ = DelayedSingleton<AccessTokenManagerService>::GetInstance();
110 EXPECT_NE(nullptr, atManagerService_);
111 }
112
TearDown()113 void AccessTokenManagerServiceTest::TearDown()
114 {
115 atManagerService_ = nullptr;
116 }
117
118 /**
119 * @tc.name: DumpTokenInfoFuncTest001
120 * @tc.desc: test DumpTokenInfo with DEVELOPER_MODE_STATE
121 * @tc.type: FUNC
122 * @tc.require:
123 */
124 HWTEST_F(AccessTokenManagerServiceTest, DumpTokenInfoFuncTest001, TestSize.Level1)
125 {
126 std::string dumpInfo;
127 AtmToolsParamInfoParcel infoParcel;
128 infoParcel.info.processName = "hdcd";
129
130 bool state = system::GetBoolParameter(DEVELOPER_MODE_STATE, false);
131
132 system::SetBoolParameter(DEVELOPER_MODE_STATE, false);
133 bool ret = system::GetBoolParameter(DEVELOPER_MODE_STATE, false);
134 EXPECT_FALSE(ret);
135
136 std::shared_ptr<AccessTokenManagerService> atManagerService_ =
137 DelayedSingleton<AccessTokenManagerService>::GetInstance();
138 atManagerService_->DumpTokenInfo(infoParcel, dumpInfo);
139 EXPECT_EQ("Developer mode not support.", dumpInfo);
140
141 system::SetBoolParameter(DEVELOPER_MODE_STATE, true);
142 ret = system::GetBoolParameter(DEVELOPER_MODE_STATE, false);
143 EXPECT_TRUE(ret);
144 atManagerService_->DumpTokenInfo(infoParcel, dumpInfo);
145 EXPECT_NE("", dumpInfo);
146
147 system::SetBoolParameter(DEVELOPER_MODE_STATE, state);
148 }
149
CreateHapToken(const HapInfoParcel & infoParCel,const HapPolicyParcel & policyParcel,AccessTokenID & tokenId,std::map<int32_t,TokenIdInfo> & tokenIdAplMap,bool hasInit)150 void AccessTokenManagerServiceTest::CreateHapToken(const HapInfoParcel& infoParCel, const HapPolicyParcel& policyParcel,
151 AccessTokenID& tokenId, std::map<int32_t, TokenIdInfo>& tokenIdAplMap, bool hasInit)
152 {
153 if (!hasInit) {
154 atManagerService_->Initialize();
155 }
156
157 uint64_t fullTokenId;
158 HapInfoCheckResultIdl result;
159 int32_t res = atManagerService_->InitHapToken(infoParCel, policyParcel, fullTokenId, result);
160 ASSERT_EQ(RET_SUCCESS, res);
161
162 AccessTokenIDEx tokenIDEx;
163 tokenIDEx.tokenIDEx = fullTokenId;
164 tokenId = tokenIDEx.tokenIdExStruct.tokenID;
165 ASSERT_NE(INVALID_TOKENID, tokenId);
166 tokenIdAplMap[static_cast<int32_t>(tokenId)].apl = g_policy.apl;
167 }
168
169 /**
170 * @tc.name: SystemConfigTest001
171 * @tc.desc: test permission define version from db same with permission define version from rodata
172 * @tc.type: FUNC
173 * @tc.require:
174 */
175 HWTEST_F(AccessTokenManagerServiceTest, SystemConfigTest001, TestSize.Level0)
176 {
177 GenericValues conditionValue;
178 conditionValue.Put(TokenFiledConst::FIELD_NAME, PERM_DEF_VERSION);
179 std::vector<GenericValues> results;
180 ASSERT_EQ(0, AccessTokenDb::GetInstance()->Find(AtmDataType::ACCESSTOKEN_SYSTEM_CONFIG, conditionValue, results));
181 ASSERT_EQ(false, results.empty());
182
183 std::string dbPermDefVersion = results[0].GetString(TokenFiledConst::FIELD_VALUE);
184 const char* curPermDefVersion = GetPermDefVersion();
185 ASSERT_EQ(true, dbPermDefVersion == curPermDefVersion);
186 }
187
188 /**
189 * @tc.name: InitHapTokenTest001
190 * @tc.desc: test insert or remove data to undefine table when install or uninstall hap
191 * @tc.type: FUNC
192 * @tc.require:
193 */
194 HWTEST_F(AccessTokenManagerServiceTest, InitHapTokenTest001, TestSize.Level0)
195 {
196 HapInfoParcel infoParCel;
197 infoParCel.hapInfoParameter = g_info;
198 HapPolicyParcel policyParcel;
199 policyParcel.hapPolicy = g_policy; // KERNEL_ATM_SELF_USE(hasValue is true) + INVALIDA
200 AccessTokenID tokenId;
201 std::map<int32_t, TokenIdInfo> tokenIdAplMap;
202 CreateHapToken(infoParCel, policyParcel, tokenId, tokenIdAplMap);
203
204 // query undefine table
205 GenericValues conditionValue;
206 conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenId));
207 std::vector<GenericValues> results;
208 ASSERT_EQ(0, AccessTokenDb::GetInstance()->Find(
209 AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO, conditionValue, results));
210 ASSERT_EQ(1, results.size());
211 ASSERT_EQ(static_cast<int32_t>(tokenId), results[0].GetInt(TokenFiledConst::FIELD_TOKEN_ID));
212 ASSERT_EQ(g_state2.permissionName, results[0].GetString(TokenFiledConst::FIELD_PERMISSION_NAME));
213 ASSERT_EQ(1, results[0].GetInt(TokenFiledConst::FIELD_ACL));
214 ASSERT_EQ(g_policy.aclExtendedMap[g_state2.permissionName], results[0].GetString(TokenFiledConst::FIELD_VALUE));
215
216 ASSERT_EQ(0, atManagerService_->DeleteToken(tokenId)); // delete token
217
218 // after delete token, data remove from undefine table
219 std::vector<GenericValues> results1;
220 ASSERT_EQ(0, AccessTokenDb::GetInstance()->Find(
221 AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO, conditionValue, results1));
222 ASSERT_EQ(0, results1.size());
223 }
224
225 /**
226 * @tc.name: InitHapTokenTest002
227 * @tc.desc: test dlp app has same undefined info with the master app
228 * @tc.type: FUNC
229 * @tc.require:
230 */
231 HWTEST_F(AccessTokenManagerServiceTest, InitHapTokenTest002, TestSize.Level0)
232 {
233 HapInfoParcel infoParCel;
234 infoParCel.hapInfoParameter = g_info;
235 HapPolicyParcel policyParcel;
236 policyParcel.hapPolicy = g_policy; // KERNEL_ATM_SELF_USE + INVALIDA
237 AccessTokenID tokenId;
238 std::map<int32_t, TokenIdInfo> tokenIdAplMap;
239 CreateHapToken(infoParCel, policyParcel, tokenId, tokenIdAplMap); // create master app
240
241 HapInfoParcel infoParCel2;
242 infoParCel2.hapInfoParameter = g_info;
243 infoParCel2.hapInfoParameter.instIndex = INST_INDEX + 1;
244 infoParCel2.hapInfoParameter.dlpType = static_cast<int>(HapDlpType::DLP_FULL_CONTROL);
245 HapPolicyParcel policyParcel2;
246 policyParcel2.hapPolicy = g_policy; // KERNEL_ATM_SELF_USE + INVALIDB, INVALIDB diff from INVALIDA in master app
247 policyParcel2.hapPolicy.permStateList = {g_state1, g_state3};
248 AccessTokenID tokenId2;
249 CreateHapToken(infoParCel2, policyParcel2, tokenId2, tokenIdAplMap, true); // create dlp app
250
251 // query undefine table for dlp app
252 GenericValues conditionValue;
253 conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenId2));
254 std::vector<GenericValues> results;
255 ASSERT_EQ(0, AccessTokenDb::GetInstance()->Find(
256 AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO, conditionValue, results));
257 ASSERT_EQ(1, results.size());
258 ASSERT_EQ(static_cast<int32_t>(tokenId2), results[0].GetInt(TokenFiledConst::FIELD_TOKEN_ID));
259 // dlp app has the same undefine data with mater app, INVALIDB change to INVALIDA
260 ASSERT_EQ(g_state2.permissionName, results[0].GetString(TokenFiledConst::FIELD_PERMISSION_NAME));
261
262 ASSERT_EQ(0, atManagerService_->DeleteToken(tokenId));
263 ASSERT_EQ(0, atManagerService_->DeleteToken(tokenId2));
264 }
265
266 /**
267 * @tc.name: UpdateHapTokenTest001
268 * @tc.desc: test update undefine permission change
269 * @tc.type: FUNC
270 * @tc.require:
271 */
272 HWTEST_F(AccessTokenManagerServiceTest, UpdateHapTokenTest001, TestSize.Level0)
273 {
274 HapInfoParcel infoParCel;
275 infoParCel.hapInfoParameter = g_info;
276 HapPolicyParcel policyParcel;
277 policyParcel.hapPolicy = g_policy; // KERNEL_ATM_SELF_USE + INVALIDA
278 AccessTokenID tokenId;
279 std::map<int32_t, TokenIdInfo> tokenIdAplMap;
280 CreateHapToken(infoParCel, policyParcel, tokenId, tokenIdAplMap);
281
282 // query undefine table
283 GenericValues conditionValue;
284 conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenId));
285 std::vector<GenericValues> results;
286 ASSERT_EQ(0, AccessTokenDb::GetInstance()->Find(
287 AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO, conditionValue, results));
288 ASSERT_EQ(1, results.size());
289 ASSERT_EQ(g_state2.permissionName, results[0].GetString(TokenFiledConst::FIELD_PERMISSION_NAME)); // INVALIDA
290
291 // update hap
292 uint64_t fullTokenId;
293 AccessTokenIDEx tokenIDEx;
294 tokenIDEx.tokenIdExStruct.tokenID = tokenId;
295 fullTokenId = tokenIDEx.tokenIDEx;
296 policyParcel.hapPolicy.permStateList = {g_state1, g_state3}; // KERNEL_ATM_SELF_USE + INVALIDB
297 UpdateHapInfoParamsIdl infoIdl;
298 infoIdl.appIDDesc = g_info.appIDDesc;
299 infoIdl.apiVersion = g_info.apiVersion;
300 infoIdl.isSystemApp = g_info.isSystemApp;
301 infoIdl.appDistributionType = g_info.appDistributionType;
302 infoIdl.isAtomicService = g_info.isAtomicService;
303 HapInfoCheckResultIdl resultInfoIdl;
304 ASSERT_EQ(0, atManagerService_->UpdateHapToken(fullTokenId, infoIdl, policyParcel, resultInfoIdl));
305
306 std::vector<GenericValues> results2;
307 ASSERT_EQ(0, AccessTokenDb::GetInstance()->Find(
308 AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO, conditionValue, results2));
309 ASSERT_EQ(1, results2.size());
310 ASSERT_EQ(static_cast<int32_t>(tokenId), results2[0].GetInt(TokenFiledConst::FIELD_TOKEN_ID));
311 // undefine permission change from INVALIDA to INVALIDB
312 ASSERT_EQ(g_state3.permissionName, results2[0].GetString(TokenFiledConst::FIELD_PERMISSION_NAME));
313
314 ASSERT_EQ(0, atManagerService_->DeleteToken(tokenId));
315 }
316
317 /**
318 * @tc.name: UpdateHapTokenTest002
319 * @tc.desc: test ota update acl check fail return false
320 * @tc.type: FUNC
321 * @tc.require:
322 */
323 HWTEST_F(AccessTokenManagerServiceTest, UpdateHapTokenTest002, TestSize.Level0)
324 {
325 HapInfoParcel infoParCel;
326 infoParCel.hapInfoParameter = g_info;
327 HapPolicyParcel policyParcel;
328 policyParcel.hapPolicy = g_policy; // KERNEL_ATM_SELF_USE + INVALIDA
329 AccessTokenID tokenId;
330 std::map<int32_t, TokenIdInfo> tokenIdAplMap;
331 CreateHapToken(infoParCel, policyParcel, tokenId, tokenIdAplMap);
332
333 // update hap
334 uint64_t fullTokenId;
335 AccessTokenIDEx tokenIDEx;
336 tokenIDEx.tokenIdExStruct.tokenID = tokenId;
337 fullTokenId = tokenIDEx.tokenIDEx;
338 policyParcel.hapPolicy.aclExtendedMap = {};
339 UpdateHapInfoParamsIdl infoIdl;
340 infoIdl.appIDDesc = g_info.appIDDesc;
341 infoIdl.apiVersion = g_info.apiVersion;
342 infoIdl.isSystemApp = g_info.isSystemApp;
343 infoIdl.appDistributionType = g_info.appDistributionType;
344 infoIdl.isAtomicService = g_info.isAtomicService;
345 infoIdl.dataRefresh = false;
346 HapInfoCheckResultIdl resultInfoIdl;
347 ASSERT_EQ(0, atManagerService_->UpdateHapToken(fullTokenId, infoIdl, policyParcel, resultInfoIdl));
348 ASSERT_EQ(PermissionRulesEnumIdl::PERMISSION_ACL_RULE, resultInfoIdl.rule);
349
350 ASSERT_EQ(0, atManagerService_->DeleteToken(tokenId));
351 }
352
353 /**
354 * @tc.name: UpdateHapTokenTest003
355 * @tc.desc: test ota update acl check fail return success and permission store in undefine table
356 * @tc.type: FUNC
357 * @tc.require:
358 */
359 HWTEST_F(AccessTokenManagerServiceTest, UpdateHapTokenTest003, TestSize.Level0)
360 {
361 HapInfoParcel infoParCel;
362 infoParCel.hapInfoParameter = g_info;
363 HapPolicyParcel policyParcel;
364 policyParcel.hapPolicy = g_policy; // KERNEL_ATM_SELF_USE + INVALIDA
365 AccessTokenID tokenId;
366 std::map<int32_t, TokenIdInfo> tokenIdAplMap;
367 CreateHapToken(infoParCel, policyParcel, tokenId, tokenIdAplMap);
368
369 // query undefine table
370 GenericValues conditionValue;
371 conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenId));
372 std::vector<GenericValues> results;
373 ASSERT_EQ(0, AccessTokenDb::GetInstance()->Find(
374 AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO, conditionValue, results));
375 ASSERT_EQ(1, results.size());
376 ASSERT_EQ(g_state2.permissionName, results[0].GetString(TokenFiledConst::FIELD_PERMISSION_NAME)); // INVALIDA
377
378 // update hap
379 uint64_t fullTokenId;
380 AccessTokenIDEx tokenIDEx;
381 tokenIDEx.tokenIdExStruct.tokenID = tokenId;
382 fullTokenId = tokenIDEx.tokenIDEx;
383 policyParcel.hapPolicy.permStateList = {g_state1}; // KERNEL_ATM_SELF_USE support value without value need acl
384 policyParcel.hapPolicy.aclExtendedMap = {}; // without value
385 UpdateHapInfoParamsIdl infoIdl;
386 infoIdl.appIDDesc = g_info.appIDDesc;
387 infoIdl.apiVersion = g_info.apiVersion;
388 infoIdl.isSystemApp = g_info.isSystemApp;
389 infoIdl.appDistributionType = g_info.appDistributionType;
390 infoIdl.isAtomicService = g_info.isAtomicService;
391 infoIdl.dataRefresh = true;
392 HapInfoCheckResultIdl resultInfoIdl;
393 ASSERT_EQ(0, atManagerService_->UpdateHapToken(fullTokenId, infoIdl, policyParcel, resultInfoIdl));
394
395 std::vector<GenericValues> results2;
396 ASSERT_EQ(0, AccessTokenDb::GetInstance()->Find(
397 AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO, conditionValue, results2));
398 ASSERT_EQ(1, results2.size());
399 ASSERT_EQ(static_cast<int32_t>(tokenId), results2[0].GetInt(TokenFiledConst::FIELD_TOKEN_ID));
400 // undefine permission change from INVALIDA to INVALIDB
401 ASSERT_EQ(g_state1.permissionName, results2[0].GetString(TokenFiledConst::FIELD_PERMISSION_NAME));
402
403 ASSERT_EQ(0, atManagerService_->DeleteToken(tokenId));
404 }
405
BackupAndDelOriData(std::vector<GenericValues> & oriData)406 void BackupAndDelOriData(std::vector<GenericValues>& oriData)
407 {
408 GenericValues conditionValue;
409 // store origin data for backup
410 ASSERT_EQ(RET_SUCCESS, AccessTokenDb::GetInstance()->Find(AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO,
411 conditionValue, oriData));
412
413 DelInfo delInfo;
414 delInfo.delType = AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO;
415
416 std::vector<DelInfo> delInfoVec;
417 delInfoVec.emplace_back(delInfo);
418 std::vector<AddInfo> addInfoVec;
419 // delete origin data from db
420 ASSERT_EQ(RET_SUCCESS, AccessTokenDb::GetInstance()->DeleteAndInsertValues(delInfoVec, addInfoVec));
421 }
422
DelTestDataAndRestoreOri(AccessTokenID tokenId,const std::vector<GenericValues> & oriData)423 void AccessTokenManagerServiceTest::DelTestDataAndRestoreOri(AccessTokenID tokenId,
424 const std::vector<GenericValues>& oriData)
425 {
426 EXPECT_EQ(0, atManagerService_->DeleteToken(tokenId));
427
428 DelInfo delInfo;
429 delInfo.delType = AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO;
430
431 AddInfo addInfo;
432 addInfo.addType = AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO;
433 addInfo.addValues = oriData;
434
435 std::vector<DelInfo> delInfoVec;
436 delInfoVec.emplace_back(delInfo);
437 std::vector<AddInfo> addInfoVec;
438 addInfoVec.emplace_back(addInfo);
439 // delete test data and restore origin data from backup
440 ASSERT_EQ(RET_SUCCESS, AccessTokenDb::GetInstance()->DeleteAndInsertValues(delInfoVec, addInfoVec));
441 }
442
443 /**
444 * @tc.name: OTATest001
445 * @tc.desc: test after ota invalid tokenId remain
446 * @tc.type: FUNC
447 * @tc.require:
448 */
449 HWTEST_F(AccessTokenManagerServiceTest, OTATest001, TestSize.Level0)
450 {
451 AtmDataType type = AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO;
452 std::vector<GenericValues> oriData;
453 BackupAndDelOriData(oriData);
454
455 HapInfoParcel infoParCel;
456 infoParCel.hapInfoParameter = g_info;
457 HapPolicyParcel policyParcel;
458 policyParcel.hapPolicy = g_policy;
459 policyParcel.hapPolicy.permStateList = {g_state4};
460 policyParcel.hapPolicy.aclExtendedMap = {};
461 AccessTokenID tokenId;
462 std::map<int32_t, TokenIdInfo> tokenIdAplMap;
463 CreateHapToken(infoParCel, policyParcel, tokenId, tokenIdAplMap);
464
465 GenericValues value; // system grant
466 value.Put(TokenFiledConst::FIELD_TOKEN_ID, RANDOM_TOKENID);
467 value.Put(TokenFiledConst::FIELD_PERMISSION_NAME, g_state2.permissionName); // INVALIDA
468 value.Put(TokenFiledConst::FIELD_ACL, 0);
469 AddInfo addInfo;
470 addInfo.addType = type;
471 addInfo.addValues.emplace_back(value);
472
473 std::vector<DelInfo> delInfoVec;
474 std::vector<AddInfo> addInfoVec;
475 addInfoVec.emplace_back(addInfo);
476 EXPECT_EQ(0, AccessTokenDb::GetInstance()->DeleteAndInsertValues(delInfoVec, addInfoVec)); // add test data
477
478 std::vector<DelInfo> delInfoVec2;
479 std::vector<AddInfo> addInfoVec2;
480 atManagerService_->HandleHapUndefinedInfo(tokenIdAplMap, delInfoVec2, addInfoVec2);
481 EXPECT_EQ(0, AccessTokenDb::GetInstance()->DeleteAndInsertValues(delInfoVec2, addInfoVec2));
482
483 GenericValues conditionValue;
484 conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, RANDOM_TOKENID);
485 std::vector<GenericValues> results;
486 EXPECT_EQ(0, AccessTokenDb::GetInstance()->Find(type, conditionValue, results));
487 EXPECT_EQ(false, results.empty()); // undefine table is not empty
488
489 DelTestDataAndRestoreOri(tokenId, oriData);
490 }
491
492 /**
493 * @tc.name: OTATest002
494 * @tc.desc: test after ota invalid permission remain
495 * @tc.type: FUNC
496 * @tc.require:
497 */
498 HWTEST_F(AccessTokenManagerServiceTest, OTATest002, TestSize.Level0)
499 {
500 AtmDataType type = AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO;
501 std::vector<GenericValues> oriData;
502 BackupAndDelOriData(oriData);
503
504 HapInfoParcel infoParCel;
505 infoParCel.hapInfoParameter = g_info;
506 HapPolicyParcel policyParcel;
507 policyParcel.hapPolicy = g_policy;
508 policyParcel.hapPolicy.permStateList = {g_state4};
509 policyParcel.hapPolicy.aclExtendedMap = {};
510 AccessTokenID tokenId;
511 std::map<int32_t, TokenIdInfo> tokenIdAplMap;
512 CreateHapToken(infoParCel, policyParcel, tokenId, tokenIdAplMap);
513
514 GenericValues value; // system grant
515 value.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenId));
516 value.Put(TokenFiledConst::FIELD_PERMISSION_NAME, g_state2.permissionName); // INVALIDA
517 value.Put(TokenFiledConst::FIELD_ACL, 0);
518 AddInfo addInfo;
519 addInfo.addType = type;
520 addInfo.addValues.emplace_back(value);
521
522 std::vector<DelInfo> delInfoVec;
523 std::vector<AddInfo> addInfoVec;
524 addInfoVec.emplace_back(addInfo);
525 EXPECT_EQ(0, AccessTokenDb::GetInstance()->DeleteAndInsertValues(delInfoVec, addInfoVec)); // add test data
526
527 std::vector<DelInfo> delInfoVec2;
528 std::vector<AddInfo> addInfoVec2;
529 atManagerService_->HandleHapUndefinedInfo(tokenIdAplMap, delInfoVec2, addInfoVec2);
530 EXPECT_EQ(0, AccessTokenDb::GetInstance()->DeleteAndInsertValues(delInfoVec2, addInfoVec2));
531
532 GenericValues conditionValue;
533 conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenId));
534 std::vector<GenericValues> results;
535 EXPECT_EQ(0, AccessTokenDb::GetInstance()->Find(type, conditionValue, results));
536 EXPECT_EQ(false, results.empty()); // undefine table is not empty
537
538 std::vector<GenericValues> results2;
539 EXPECT_EQ(0, AccessTokenDb::GetInstance()->Find(
540 AtmDataType::ACCESSTOKEN_PERMISSION_STATE, conditionValue, results2));
541 for (const auto& value : results2) {
542 EXPECT_NE(value.GetString(TokenFiledConst::FIELD_PERMISSION_NAME), g_state2.permissionName);
543 }
544
545 std::vector<GenericValues> results3;
546 ASSERT_EQ(0, AccessTokenDb::GetInstance()->Find(
547 AtmDataType::ACCESSTOKEN_PERMISSION_EXTEND_VALUE, conditionValue, results3));
548 EXPECT_EQ(true, results3.empty()); // extend table is empty
549
550 DelTestDataAndRestoreOri(tokenId, oriData);
551 }
552
SetValues003(AccessTokenID tokenId,std::vector<GenericValues> & values)553 void SetValues003(AccessTokenID tokenId, std::vector<GenericValues>& values)
554 {
555 GenericValues value1; // user grant
556 value1.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenId));
557 value1.Put(TokenFiledConst::FIELD_PERMISSION_NAME, g_state4.permissionName);
558 value1.Put(TokenFiledConst::FIELD_ACL, 0);
559 GenericValues value2; // system grant
560 value2.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenId));
561 value2.Put(TokenFiledConst::FIELD_PERMISSION_NAME, g_state5.permissionName);
562 value2.Put(TokenFiledConst::FIELD_ACL, 0);
563 values.emplace_back(value1);
564 values.emplace_back(value2);
565 }
566
567 /**
568 * @tc.name: OTATest003
569 * @tc.desc: test after ota valid user grant and system grant permissions move from undefine to permission state
570 * @tc.type: FUNC
571 * @tc.require:
572 */
573 HWTEST_F(AccessTokenManagerServiceTest, OTATest003, TestSize.Level0)
574 {
575 AtmDataType type = AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO;
576 std::vector<GenericValues> oriData;
577 BackupAndDelOriData(oriData);
578
579 HapInfoParcel infoParCel;
580 infoParCel.hapInfoParameter = g_info;
581 HapPolicyParcel policyParcel;
582 policyParcel.hapPolicy = g_policy;
583 policyParcel.hapPolicy.permStateList = {g_state1}; // KERNEL_ATM_SELF_USE
584 AccessTokenID tokenId;
585 std::map<int32_t, TokenIdInfo> tokenIdAplMap;
586 CreateHapToken(infoParCel, policyParcel, tokenId, tokenIdAplMap);
587
588 std::vector<GenericValues> values;
589 SetValues003(tokenId, values);
590 AddInfo addInfo;
591 addInfo.addType = type;
592 addInfo.addValues = values;
593
594 std::vector<DelInfo> delInfoVec;
595 std::vector<AddInfo> addInfoVec;
596 addInfoVec.emplace_back(addInfo);
597 EXPECT_EQ(0, AccessTokenDb::GetInstance()->DeleteAndInsertValues(delInfoVec, addInfoVec)); // add test data
598
599 std::vector<DelInfo> delInfoVec2;
600 std::vector<AddInfo> addInfoVec2;
601 atManagerService_->HandleHapUndefinedInfo(tokenIdAplMap, delInfoVec2, addInfoVec2);
602 EXPECT_EQ(0, AccessTokenDb::GetInstance()->DeleteAndInsertValues(delInfoVec2, addInfoVec2));
603
604 GenericValues conditionValue;
605 conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenId));
606 std::vector<GenericValues> results;
607 EXPECT_EQ(0, AccessTokenDb::GetInstance()->Find(type, conditionValue, results));
608 EXPECT_EQ(true, results.empty()); // undefine table is empty
609
610 EXPECT_EQ(0, AccessTokenDb::GetInstance()->Find(AtmDataType::ACCESSTOKEN_PERMISSION_STATE, conditionValue,
611 results));
612
613 for (const auto& value : results) {
614 int32_t state = value.GetInt(TokenFiledConst::FIELD_GRANT_STATE);
615 int32_t flag = value.GetInt(TokenFiledConst::FIELD_GRANT_FLAG);
616 if (value.GetString(TokenFiledConst::FIELD_PERMISSION_NAME) == g_state4.permissionName) { // user grant
617 EXPECT_EQ(state, static_cast<int32_t>(PermissionState::PERMISSION_DENIED)); // state: 0 -> -1
618 EXPECT_EQ(flag, static_cast<int32_t>(PermissionFlag::PERMISSION_DEFAULT_FLAG)); // flag: 4 -> 0
619 } else if (value.GetString(TokenFiledConst::FIELD_PERMISSION_NAME) == g_state5.permissionName) { // system grant
620 EXPECT_EQ(state, static_cast<int32_t>(PermissionState::PERMISSION_GRANTED)); // state: -1 -> 0
621 EXPECT_EQ(flag, static_cast<int32_t>(PermissionFlag::PERMISSION_SYSTEM_FIXED)); // flag: 0 -> 4
622 }
623 }
624
625 DelTestDataAndRestoreOri(tokenId, oriData);
626 }
627
628 /**
629 * @tc.name: OTATest004
630 * @tc.desc: test after ota valid system core permission without acl remain in undefine table
631 * @tc.type: FUNC
632 * @tc.require:
633 */
634 HWTEST_F(AccessTokenManagerServiceTest, OTATest004, TestSize.Level0)
635 {
636 AtmDataType type = AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO;
637 std::vector<GenericValues> oriData;
638 BackupAndDelOriData(oriData);
639
640 HapInfoParcel infoParCel;
641 infoParCel.hapInfoParameter = g_info;
642 HapPolicyParcel policyParcel;
643 policyParcel.hapPolicy = g_policy;
644 policyParcel.hapPolicy.permStateList = {g_state1}; // KERNEL_ATM_SELF_USE
645 AccessTokenID tokenId;
646 std::map<int32_t, TokenIdInfo> tokenIdAplMap;
647 CreateHapToken(infoParCel, policyParcel, tokenId, tokenIdAplMap);
648
649 GenericValues value; // system grant
650 value.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenId));
651 value.Put(TokenFiledConst::FIELD_PERMISSION_NAME, g_state6.permissionName);
652 value.Put(TokenFiledConst::FIELD_ACL, 0); // system core permission without acl
653 AddInfo addInfo;
654 addInfo.addType = type;
655 addInfo.addValues.emplace_back(value);
656
657 std::vector<DelInfo> delInfoVec;
658 std::vector<AddInfo> addInfoVec;
659 addInfoVec.emplace_back(addInfo);
660 EXPECT_EQ(0, AccessTokenDb::GetInstance()->DeleteAndInsertValues(delInfoVec, addInfoVec)); // add test data
661
662 std::vector<DelInfo> delInfoVec2;
663 std::vector<AddInfo> addInfoVec2;
664 atManagerService_->HandleHapUndefinedInfo(tokenIdAplMap, delInfoVec2, addInfoVec2);
665 EXPECT_EQ(0, AccessTokenDb::GetInstance()->DeleteAndInsertValues(delInfoVec2, addInfoVec2));
666
667 GenericValues conditionValue;
668 conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenId));
669 std::vector<GenericValues> results;
670 EXPECT_EQ(0, AccessTokenDb::GetInstance()->Find(type, conditionValue, results));
671 EXPECT_EQ(false, results.empty()); // undefine table not empty
672
673 std::vector<GenericValues> results2;
674 EXPECT_EQ(0, AccessTokenDb::GetInstance()->Find(
675 AtmDataType::ACCESSTOKEN_PERMISSION_STATE, conditionValue, results2));
676 for (const auto& value : results2) {
677 EXPECT_NE(value.GetString(TokenFiledConst::FIELD_PERMISSION_NAME), g_state6.permissionName);
678 }
679
680 DelTestDataAndRestoreOri(tokenId, oriData);
681 }
682
683 /**
684 * @tc.name: OTATest005
685 * @tc.desc: test after ota valid system core permission with acl move from undefine to permission state
686 * @tc.type: FUNC
687 * @tc.require:
688 */
689 HWTEST_F(AccessTokenManagerServiceTest, OTATest005, TestSize.Level0)
690 {
691 AtmDataType type = AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO;
692 std::vector<GenericValues> oriData;
693 BackupAndDelOriData(oriData);
694
695 HapInfoParcel infoParCel;
696 infoParCel.hapInfoParameter = g_info;
697 HapPolicyParcel policyParcel;
698 policyParcel.hapPolicy = g_policy;
699 policyParcel.hapPolicy.permStateList = {g_state1}; // KERNEL_ATM_SELF_USE
700 policyParcel.hapPolicy.aclRequestedList = { g_state6.permissionName };
701 AccessTokenID tokenId;
702 std::map<int32_t, TokenIdInfo> tokenIdAplMap;
703 CreateHapToken(infoParCel, policyParcel, tokenId, tokenIdAplMap);
704
705 GenericValues value; // system grant
706 value.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenId));
707 value.Put(TokenFiledConst::FIELD_PERMISSION_NAME, g_state6.permissionName);
708 value.Put(TokenFiledConst::FIELD_ACL, 1); // system core permission with acl
709 AddInfo addInfo;
710 addInfo.addType = type;
711 addInfo.addValues.emplace_back(value);
712
713 std::vector<DelInfo> delInfoVec;
714 std::vector<AddInfo> addInfoVec;
715 addInfoVec.emplace_back(addInfo);
716 EXPECT_EQ(0, AccessTokenDb::GetInstance()->DeleteAndInsertValues(delInfoVec, addInfoVec)); // add test data
717
718 std::vector<DelInfo> delInfoVec2;
719 std::vector<AddInfo> addInfoVec2;
720 atManagerService_->HandleHapUndefinedInfo(tokenIdAplMap, delInfoVec2, addInfoVec2);
721 EXPECT_EQ(0, AccessTokenDb::GetInstance()->DeleteAndInsertValues(delInfoVec2, addInfoVec2));
722
723 GenericValues conditionValue;
724 conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenId));
725 std::vector<GenericValues> results;
726 EXPECT_EQ(0, AccessTokenDb::GetInstance()->Find(type, conditionValue, results));
727 EXPECT_EQ(true, results.empty()); // undefine table is empty
728
729 EXPECT_EQ(0, AccessTokenDb::GetInstance()->Find(AtmDataType::ACCESSTOKEN_PERMISSION_STATE, conditionValue,
730 results));
731 for (const auto& value : results) {
732 std::string permissionName = value.GetString(TokenFiledConst::FIELD_PERMISSION_NAME);
733 int32_t state = value.GetInt(TokenFiledConst::FIELD_GRANT_STATE);
734 int32_t flag = value.GetInt(TokenFiledConst::FIELD_GRANT_FLAG);
735 if (permissionName == g_state6.permissionName) {
736 EXPECT_EQ(state, static_cast<int32_t>(PermissionState::PERMISSION_GRANTED)); // state: -1 -> 0
737 EXPECT_EQ(flag, static_cast<int32_t>(PermissionFlag::PERMISSION_SYSTEM_FIXED)); // flag: 0 -> 4
738 }
739 }
740
741 DelTestDataAndRestoreOri(tokenId, oriData);
742 }
743
SetValues006(AccessTokenID tokenId,std::vector<GenericValues> & values)744 void SetValues006(AccessTokenID tokenId, std::vector<GenericValues>& values)
745 {
746 GenericValues value; // system grant
747 value.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenId));
748 value.Put(TokenFiledConst::FIELD_PERMISSION_NAME, g_state6.permissionName);
749 value.Put(TokenFiledConst::FIELD_ACL, 1); // system core permission with acl
750 value.Put(TokenFiledConst::FIELD_VALUE, "test"); // system core permission with acl
751 values.emplace_back(value);
752 }
753
754 /**
755 * @tc.name: OTATest006
756 * @tc.desc: test after ota valid permission which hasValue is false
757 * @tc.type: FUNC
758 * @tc.require:
759 */
760 HWTEST_F(AccessTokenManagerServiceTest, OTATest006, TestSize.Level0)
761 {
762 AtmDataType type = AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO;
763 std::vector<GenericValues> oriData;
764 BackupAndDelOriData(oriData);
765
766 HapInfoParcel infoParCel;
767 infoParCel.hapInfoParameter = g_info;
768 HapPolicyParcel policyParcel;
769 policyParcel.hapPolicy = g_policy;
770 policyParcel.hapPolicy.permStateList = {g_state4};
771 policyParcel.hapPolicy.aclRequestedList = { g_state6.permissionName }; // POWER_MANAGER, hasValue is false
772 policyParcel.hapPolicy.aclExtendedMap = { std::make_pair(g_state6.permissionName, "test") };
773 AccessTokenID tokenId;
774 std::map<int32_t, TokenIdInfo> tokenIdAplMap;
775 CreateHapToken(infoParCel, policyParcel, tokenId, tokenIdAplMap);
776
777 std::vector<GenericValues> values;
778 SetValues006(tokenId, values);
779 AddInfo addInfo;
780 addInfo.addType = type;
781 addInfo.addValues = values;
782
783 std::vector<DelInfo> delInfoVec;
784 std::vector<AddInfo> addInfoVec;
785 addInfoVec.emplace_back(addInfo);
786 EXPECT_EQ(0, AccessTokenDb::GetInstance()->DeleteAndInsertValues(delInfoVec, addInfoVec)); // add test data
787
788 std::vector<DelInfo> delInfoVec2;
789 std::vector<AddInfo> addInfoVec2;
790 atManagerService_->HandleHapUndefinedInfo(tokenIdAplMap, delInfoVec2, addInfoVec2);
791 EXPECT_EQ(0, AccessTokenDb::GetInstance()->DeleteAndInsertValues(delInfoVec2, addInfoVec2));
792
793 GenericValues conditionValue;
794 conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenId));
795 std::vector<GenericValues> results;
796 EXPECT_EQ(0, AccessTokenDb::GetInstance()->Find(type, conditionValue, results));
797 EXPECT_EQ(true, results.empty()); // undefine table is empty
798
799 EXPECT_EQ(0, AccessTokenDb::GetInstance()->Find(AtmDataType::ACCESSTOKEN_PERMISSION_STATE, conditionValue,
800 results));
801 for (const auto& value : results) {
802 std::string permissionName = value.GetString(TokenFiledConst::FIELD_PERMISSION_NAME);
803 int32_t state = value.GetInt(TokenFiledConst::FIELD_GRANT_STATE);
804 int32_t flag = value.GetInt(TokenFiledConst::FIELD_GRANT_FLAG);
805 if (permissionName == g_state6.permissionName) {
806 EXPECT_EQ(state, static_cast<int32_t>(PermissionState::PERMISSION_GRANTED)); // state: -1 -> 0
807 EXPECT_EQ(flag, static_cast<int32_t>(PermissionFlag::PERMISSION_SYSTEM_FIXED)); // flag: 0 -> 4
808 }
809 }
810
811 std::vector<GenericValues> results2;
812 ASSERT_EQ(0, AccessTokenDb::GetInstance()->Find(
813 AtmDataType::ACCESSTOKEN_PERMISSION_EXTEND_VALUE, conditionValue, results2));
814 EXPECT_EQ(true, results2.empty()); // undefine table is empty
815
816 DelTestDataAndRestoreOri(tokenId, oriData);
817 }
818
SetValues007(AccessTokenID tokenId,std::vector<GenericValues> & values)819 void SetValues007(AccessTokenID tokenId, std::vector<GenericValues>& values)
820 {
821 GenericValues value; // system grant
822 value.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenId));
823 value.Put(TokenFiledConst::FIELD_PERMISSION_NAME, g_state1.permissionName);
824 value.Put(TokenFiledConst::FIELD_ACL, 0); // system core permission without acl
825 value.Put(TokenFiledConst::FIELD_VALUE, "test"); // permission has value
826 values.emplace_back(value);
827 }
828
829 /**
830 * @tc.name: OTATest007
831 * @tc.desc: test after ota valid permission which hasValue is true with value
832 * @tc.type: FUNC
833 * @tc.require:
834 */
835 HWTEST_F(AccessTokenManagerServiceTest, OTATest007, TestSize.Level0)
836 {
837 AtmDataType type = AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO;
838 std::vector<GenericValues> oriData;
839 BackupAndDelOriData(oriData);
840
841 HapInfoParcel infoParCel;
842 infoParCel.hapInfoParameter = g_info;
843 HapPolicyParcel policyParcel;
844 policyParcel.hapPolicy = g_policy;
845 policyParcel.hapPolicy.permStateList = {g_state4};
846 policyParcel.hapPolicy.aclExtendedMap = {};
847 AccessTokenID tokenId;
848 std::map<int32_t, TokenIdInfo> tokenIdAplMap;
849 CreateHapToken(infoParCel, policyParcel, tokenId, tokenIdAplMap); // KERNEL_ATM_SELF_USE, hasValue is true
850
851 std::vector<GenericValues> values;
852 SetValues007(tokenId, values);
853 AddInfo addInfo;
854 addInfo.addType = type;
855 addInfo.addValues = values;
856
857 std::vector<DelInfo> delInfoVec;
858 std::vector<AddInfo> addInfoVec;
859 addInfoVec.emplace_back(addInfo);
860 EXPECT_EQ(0, AccessTokenDb::GetInstance()->DeleteAndInsertValues(delInfoVec, addInfoVec)); // add test data
861
862 std::vector<DelInfo> delInfoVec2;
863 std::vector<AddInfo> addInfoVec2;
864 atManagerService_->HandleHapUndefinedInfo(tokenIdAplMap, delInfoVec2, addInfoVec2);
865 EXPECT_EQ(0, AccessTokenDb::GetInstance()->DeleteAndInsertValues(delInfoVec2, addInfoVec2));
866
867 GenericValues conditionValue;
868 conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenId));
869 std::vector<GenericValues> results;
870 EXPECT_EQ(0, AccessTokenDb::GetInstance()->Find(type, conditionValue, results));
871 EXPECT_EQ(true, results.empty()); // undefine table is empty
872
873 EXPECT_EQ(0, AccessTokenDb::GetInstance()->Find(AtmDataType::ACCESSTOKEN_PERMISSION_STATE, conditionValue,
874 results));
875 for (const auto& value : results) {
876 std::string permissionName = value.GetString(TokenFiledConst::FIELD_PERMISSION_NAME);
877 int32_t state = value.GetInt(TokenFiledConst::FIELD_GRANT_STATE);
878 int32_t flag = value.GetInt(TokenFiledConst::FIELD_GRANT_FLAG);
879 if (permissionName == g_state1.permissionName) {
880 EXPECT_EQ(state, static_cast<int32_t>(PermissionState::PERMISSION_GRANTED)); // state: -1 -> 0
881 EXPECT_EQ(flag, static_cast<int32_t>(PermissionFlag::PERMISSION_SYSTEM_FIXED)); // flag: 0 -> 4
882 }
883 }
884
885 std::vector<GenericValues> results2;
886 ASSERT_EQ(0, AccessTokenDb::GetInstance()->Find(
887 AtmDataType::ACCESSTOKEN_PERMISSION_EXTEND_VALUE, conditionValue, results2));
888 EXPECT_EQ(false, results2.empty()); // extend table is not empty
889 EXPECT_EQ(g_state1.permissionName, results2[0].GetString(TokenFiledConst::FIELD_PERMISSION_NAME));
890
891 DelTestDataAndRestoreOri(tokenId, oriData);
892 }
893
894 /**
895 * @tc.name: OTATest008
896 * @tc.desc: test after ota valid permission which hasValue is true without value
897 * @tc.type: FUNC
898 * @tc.require:
899 */
900 HWTEST_F(AccessTokenManagerServiceTest, OTATest008, TestSize.Level0)
901 {
902 AtmDataType type = AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO;
903 std::vector<GenericValues> oriData;
904 BackupAndDelOriData(oriData);
905
906 HapInfoParcel infoParCel;
907 infoParCel.hapInfoParameter = g_info;
908 HapPolicyParcel policyParcel;
909 policyParcel.hapPolicy = g_policy;
910 policyParcel.hapPolicy.permStateList = {g_state4};
911 policyParcel.hapPolicy.aclExtendedMap = {};
912 AccessTokenID tokenId;
913 std::map<int32_t, TokenIdInfo> tokenIdAplMap;
914 CreateHapToken(infoParCel, policyParcel, tokenId, tokenIdAplMap);
915
916 GenericValues value; // system grant
917 value.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenId));
918 value.Put(TokenFiledConst::FIELD_PERMISSION_NAME, g_state1.permissionName);
919 value.Put(TokenFiledConst::FIELD_ACL, 0); // system core permission without acl and without value
920 AddInfo addInfo;
921 addInfo.addType = type;
922 addInfo.addValues.emplace_back(value);
923
924 std::vector<DelInfo> delInfoVec;
925 std::vector<AddInfo> addInfoVec;
926 addInfoVec.emplace_back(addInfo);
927 EXPECT_EQ(0, AccessTokenDb::GetInstance()->DeleteAndInsertValues(delInfoVec, addInfoVec)); // add test data
928
929 std::vector<DelInfo> delInfoVec2;
930 std::vector<AddInfo> addInfoVec2;
931 atManagerService_->HandleHapUndefinedInfo(tokenIdAplMap, delInfoVec2, addInfoVec2);
932 EXPECT_EQ(0, AccessTokenDb::GetInstance()->DeleteAndInsertValues(delInfoVec2, addInfoVec2));
933
934 GenericValues conditionValue;
935 conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenId));
936 std::vector<GenericValues> results;
937 ASSERT_EQ(0, AccessTokenDb::GetInstance()->Find(
938 AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO, conditionValue, results));
939 EXPECT_EQ(false, results.empty()); // undefine table is not empty
940
941 std::vector<GenericValues> results2;
942 ASSERT_EQ(0, AccessTokenDb::GetInstance()->Find(
943 AtmDataType::ACCESSTOKEN_PERMISSION_STATE, conditionValue, results2));
944 for (const auto& value : results2) {
945 EXPECT_NE(value.GetString(TokenFiledConst::FIELD_PERMISSION_NAME), g_state1.permissionName);
946 }
947
948 std::vector<GenericValues> results3;
949 ASSERT_EQ(0, AccessTokenDb::GetInstance()->Find(
950 AtmDataType::ACCESSTOKEN_PERMISSION_EXTEND_VALUE, conditionValue, results3));
951 EXPECT_EQ(true, results3.empty()); // extend table is empty
952
953 DelTestDataAndRestoreOri(tokenId, oriData);
954 }
955
956 /**
957 * @tc.name: SetPermissionStatusWithPolicy001
958 * @tc.desc: AccessTokenManagerService SetPermissionStatusWithPolicy test.
959 * @tc.type: FUNC
960 * @tc.require:
961 */
962 HWTEST_F(AccessTokenManagerServiceTest, SetPermissionStatusWithPolicy001, TestSize.Level0)
963 {
964 std::vector<std::string> permList;
965 uint32_t ret = atManagerService_->SetPermissionStatusWithPolicy(
966 0, permList, 0, PERMISSION_FIXED_BY_ADMIN_POLICY);
967 ASSERT_EQ(ERR_PARAM_INVALID, ret);
968
969 permList.resize(1024 + 1);
970 ret = atManagerService_->SetPermissionStatusWithPolicy(
971 0, permList, 0, PERMISSION_FIXED_BY_ADMIN_POLICY);
972 ASSERT_EQ(ERR_PARAM_INVALID, ret);
973 }
974
975 /**
976 * @tc.name: OnRemoteRequestTest001
977 * @tc.desc: OnRemoteRequest test.
978 * @tc.type: FUNC
979 * @tc.require:
980 */
981 HWMTEST_F(AccessTokenManagerServiceTest, OnRemoteRequestTest001, TestSize.Level1, MULTIPLE_COUNT)
982 {
983 uint32_t code = 0;
984 MessageParcel data;
985 MessageParcel reply;
986 MessageOption option;
987 std::shared_ptr<AccessTokenManagerService> atService = DelayedSingleton<AccessTokenManagerService>::GetInstance();
988 ASSERT_NE(nullptr, atService);
989 int32_t ret = atService->OnRemoteRequest(code, data, reply, option);
990 EXPECT_NE(ERR_OK, ret);
991 atService = nullptr;
992 }
993
994 /**
995 * @tc.name: CallbackEnterAndExitTest001
996 * @tc.desc: CallbackEnter & CallbackExit test.
997 * @tc.type: FUNC
998 * @tc.require:
999 */
1000 HWTEST_F(AccessTokenManagerServiceTest, CallbackEnterAndExitTest001, TestSize.Level0)
1001 {
1002 // stack empty
1003 int32_t ret = atManagerService_->CallbackExit(0, 0);
1004 EXPECT_EQ(ERR_OK, ret);
1005 // normal
1006 ret = atManagerService_->CallbackEnter(0);
1007 EXPECT_EQ(ERR_OK, ret);
1008 ret = atManagerService_->CallbackExit(0, 0);
1009 EXPECT_EQ(ERR_OK, ret);
1010 // ipc twice
1011 ret = atManagerService_->CallbackEnter(0);
1012 EXPECT_EQ(ERR_OK, ret);
1013 ret = atManagerService_->CallbackEnter(0);
1014 EXPECT_EQ(ERR_OK, ret);
1015 ret = atManagerService_->CallbackExit(0, 0);
1016 EXPECT_EQ(ERR_OK, ret);
1017 ret = atManagerService_->CallbackExit(0, 0);
1018 EXPECT_EQ(ERR_OK, ret);
1019 }
1020 } // namespace AccessToken
1021 } // namespace Security
1022 } // namespace OHOS
1023