1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "security_guard_data_collect_sa_test.h"
17
18 #include <thread>
19 #include <vector>
20 #include <fcntl.h>
21 #include <sys/stat.h>
22 #include <sys/types.h>
23 #include <unistd.h>
24 #include <fstream>
25 #include "directory_ex.h"
26 #include "file_ex.h"
27 #include "gmock/gmock.h"
28 #include "system_ability_definition.h"
29 #include "security_guard_define.h"
30 #include "security_guard_log.h"
31 #include "security_guard_utils.h"
32 #include "security_config_update_info.h"
33 #include "security_event_info.h"
34 #include "config_define.h"
35 #define private public
36 #define protected public
37 #include "accesstoken_kit.h"
38 #include "acquire_data_subscribe_manager.h"
39 #include "collector_manager.h"
40 #include "config_data_manager.h"
41 #include "data_collect_manager.h"
42 #include "data_format.h"
43 #include "database_manager.h"
44 #include "data_collect_manager_service.h"
45 #include "security_event_query_callback_proxy.h"
46 #include "security_event_ruler.h"
47 #include "security_collector_subscribe_info.h"
48 #undef private
49 #undef protected
50
51 using namespace testing;
52 using namespace testing::ext;
53 using namespace OHOS::Security::SecurityGuard;
54 using namespace OHOS::Security::SecurityGuardTest;
55 namespace OHOS {
56 std::shared_ptr<Security::SecurityGuard::MockDataFormatInterface> DataFormat::instance_ = nullptr;
57 std::shared_ptr<AccountSA::MockOsAccountManagerInterface> AccountSA::OsAccountManager::instance_ = nullptr;
58 std::shared_ptr<Security::AccessToken::MockAccessTokenKitInterface>
59 Security::AccessToken::AccessTokenKit::instance_ = nullptr;
60 std::shared_ptr<Security::AccessToken::MockTokenIdKitInterface>
61 Security::AccessToken::TokenIdKit::instance_ = nullptr;
62 std::mutex Security::SecurityGuard::DataFormat::mutex_ {};
63 std::mutex Security::AccessToken::AccessTokenKit::mutex_ {};
64 std::mutex Security::AccessToken::TokenIdKit::mutex_ {};
65 }
66
67 namespace OHOS::Security::SecurityGuardTest {
68 const std::string &SECURITY_GUARD_EVENT_CFG_FILE = SECURITY_GUARD_EVENT_CFG_SOURCE;
69
SetUpTestCase()70 void SecurityGuardDataCollectSaTest::SetUpTestCase()
71 {
72 }
73
TearDownTestCase()74 void SecurityGuardDataCollectSaTest::TearDownTestCase()
75 {
76 DataFormat::DelInterface();
77 AccessToken::AccessTokenKit::DelInterface();
78 AccessToken::TokenIdKit::DelInterface();
79 }
80
SetUp()81 void SecurityGuardDataCollectSaTest::SetUp()
82 {
83 }
84
TearDown()85 void SecurityGuardDataCollectSaTest::TearDown()
86 {
87 }
88
89 HWTEST_F(SecurityGuardDataCollectSaTest, TestDumpWithInvalidFd, TestSize.Level0)
90 {
91 int fd = -1;
92 std::vector<std::u16string> args;
93 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
94
95 EXPECT_EQ(service.Dump(fd, args), BAD_PARAM);
96 }
97
98 HWTEST_F(SecurityGuardDataCollectSaTest, TestDumpWithInvalidArgs, TestSize.Level0)
99 {
100 int fd = 1;
101 std::vector<std::u16string> args;
102 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
103 EXPECT_EQ(service.Dump(fd, args), ERR_OK);
104 }
105
106 HWTEST_F(SecurityGuardDataCollectSaTest, TestDumpWithHelpCommand, TestSize.Level0)
107 {
108 int fd = 1;
109 std::vector<std::u16string> args = { u"-h" };
110 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
111 EXPECT_EQ(service.Dump(fd, args), ERR_OK);
112 }
113
114 HWTEST_F(SecurityGuardDataCollectSaTest, TestDumpWithOtherCommand, TestSize.Level0)
115 {
116 int fd = 1;
117 std::vector<std::u16string> args = { u"-s" };
118 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
119 EXPECT_EQ(service.Dump(fd, args), ERR_OK);
120 }
121
122 HWTEST_F(SecurityGuardDataCollectSaTest, TestDumpWithInvalidEventId01, TestSize.Level0)
123 {
124 int fd = 1;
125 std::vector<std::u16string> args = { u"-i", u"invalid" };
126 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
127 EXPECT_EQ(service.Dump(fd, args), BAD_PARAM);
128 }
129
130 HWTEST_F(SecurityGuardDataCollectSaTest, TestDumpWithInvalidEventId02, TestSize.Level0)
131 {
132 int fd = 1;
133 std::vector<std::u16string> args = { u"-i" };
134 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
135 EXPECT_EQ(service.Dump(fd, args), BAD_PARAM);
136 }
137
138 HWTEST_F(SecurityGuardDataCollectSaTest, TestDumpWithValidEventId, TestSize.Level0)
139 {
140 int fd = 1;
141 std::vector<std::u16string> args = { u"-i", u"12345" };
142 EXPECT_CALL(DatabaseManager::GetInstance(), QueryRecentEventByEventId(_, _))
143 .WillOnce(Return(SUCCESS));
144 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
145 EXPECT_EQ(service.Dump(fd, args), ERR_OK);
146 }
147
148 HWTEST_F(SecurityGuardDataCollectSaTest, DumpEventInfo_Success, TestSize.Level0) {
149 SecEvent secEvent;
150 secEvent.eventId = 1;
151 secEvent.date = "2022-01-01";
152 secEvent.version = "1.0";
153
154 EXPECT_CALL(DatabaseManager::GetInstance(), QueryRecentEventByEventId(1, _))
155 .WillOnce(Return(SUCCESS));
156 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
157 service.DumpEventInfo(1, 1);
158 }
159
160 HWTEST_F(SecurityGuardDataCollectSaTest, DumpEventInfo_QueryError, TestSize.Level0) {
161 EXPECT_CALL(DatabaseManager::GetInstance(), QueryRecentEventByEventId(1, _))
162 .WillOnce(Return(FAILED));
163 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
164 service.DumpEventInfo(1, 1);
165 }
166
167 HWTEST_F(SecurityGuardDataCollectSaTest, GetSecEventsFromConditions_NoTimeCondition, TestSize.Level0) {
168 RequestCondition condition{};
169 EXPECT_CALL(DatabaseManager::GetInstance(), QueryEventByEventId(_, _, _))
170 .WillRepeatedly([] (std::string table, std::vector<int64_t> &eventIds,
__anonf000b82f0102(std::string table, std::vector<int64_t> &eventIds, std::vector<SecEvent> &events) 171 std::vector<SecEvent> &events) {
172 SecEvent event {};
173 event.eventId = 1;
174 events.emplace_back(event);
175 return SUCCESS;
176 });
177 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
178 std::vector<SecEvent> events = service.GetSecEventsFromConditions(condition);
179 EXPECT_EQ(events[0].eventId, 1);
180 }
181
182 HWTEST_F(SecurityGuardDataCollectSaTest, GetSecEventsFromConditions_WithTimeCondition, TestSize.Level0) {
183 RequestCondition condition;
184 condition.riskEvent = {};
185 condition.auditEvent = {};
186 condition.beginTime = "2022-01-01";
187 condition.endTime = "2022-01-31";
188
189 EXPECT_CALL(DatabaseManager::GetInstance(), QueryEventByEventIdAndDate(_, _, _, _, _))
190 .WillRepeatedly([] (std::string table, std::vector<int64_t> &eventIds, std::vector<SecEvent> &events,
__anonf000b82f0202(std::string table, std::vector<int64_t> &eventIds, std::vector<SecEvent> &events, std::string beginTime, std::string endTime) 191 std::string beginTime, std::string endTime) {
192 SecEvent event {};
193 event.eventId = 1;
194 events.emplace_back(event);
195 return SUCCESS;
196 });
197 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
198 std::vector<SecEvent> events = service.GetSecEventsFromConditions(condition);
199 EXPECT_EQ(events[0].eventId, 1);
200 }
201
202 HWTEST_F(SecurityGuardDataCollectSaTest, QueryEventByRuler_GetEventConfigError001, TestSize.Level0)
203 {
204 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
205 EXPECT_TRUE(obj != nullptr);
206 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventConfig).WillOnce(Return(false));
207 sptr<SecurityEventQueryCallbackProxy> mockProxy = new (std::nothrow) SecurityEventQueryCallbackProxy(obj);
208 SecurityCollector::SecurityEventRuler ruler;
209 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
210 EXPECT_FALSE(service.QueryEventByRuler(mockProxy, ruler));
211 }
212
213 HWTEST_F(SecurityGuardDataCollectSaTest, QueryEventByRuler_GetEventConfigError002, TestSize.Level0)
214 {
215 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
216 EXPECT_TRUE(obj != nullptr);
217 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventConfig).WillOnce(Return(false));
218 sptr<SecurityEventQueryCallbackProxy> mockProxy = new (std::nothrow) SecurityEventQueryCallbackProxy(obj);
219 SecurityCollector::SecurityEventRuler ruler;
220 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
221 EXPECT_CALL(*obj, SendRequest).Times(1);
222 mockProxy->OnError("123");
223 EXPECT_FALSE(service.QueryEventByRuler(mockProxy, ruler));
224 }
225
226 HWTEST_F(SecurityGuardDataCollectSaTest, QueryEventByRuler_QueryInDatabase, TestSize.Level0)
227 {
228 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
229 EXPECT_TRUE(obj != nullptr);
230
__anonf000b82f0302(int64_t eventId, EventCfg &config) 231 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventConfig).WillOnce([] (int64_t eventId, EventCfg &config) {
232 config.eventType = 0;
233 return true;
234 });
235 SecEvent event;
236 event.eventId = 1;
237 event.version = 1;
238 event.content = "content";
239 std::vector<SecEvent> events{event};
240 EXPECT_CALL(DatabaseManager::GetInstance(), QueryEventByEventId(_, _)).WillRepeatedly(Return(true));
241 sptr<SecurityEventQueryCallbackProxy> mockProxy = new (std::nothrow) SecurityEventQueryCallbackProxy(obj);
242 SecurityCollector::SecurityEventRuler ruler;
243 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
244 EXPECT_TRUE(service.QueryEventByRuler(mockProxy, ruler));
245 }
246
247 HWTEST_F(SecurityGuardDataCollectSaTest, QueryEventByRuler_QueryInCollector, TestSize.Level0)
248 {
__anonf000b82f0402(int64_t eventId, EventCfg &config) 249 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventConfig).WillOnce([] (int64_t eventId, EventCfg &config) {
250 config.eventType = 1;
251 return true;
252 });
253 SecurityCollector::SecurityEvent event;
254 event.eventId_ = 1;
255 event.version_ = 1;
256 event.content_ = "content";
257 std::vector<SecurityCollector::SecurityEvent> events{event};
258 EXPECT_CALL(SecurityCollector::CollectorManager::GetInstance(), QuerySecurityEvent(_, _)).WillOnce(Return(SUCCESS));
259 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
260 EXPECT_TRUE(obj != nullptr);
261 sptr<SecurityEventQueryCallbackProxy> mockProxy = new (std::nothrow) SecurityEventQueryCallbackProxy(obj);
262 SecurityCollector::SecurityEventRuler ruler;
263 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
264 EXPECT_TRUE(service.QueryEventByRuler(mockProxy, ruler));
265 }
266
267 HWTEST_F(SecurityGuardDataCollectSaTest, QueryEventByRuler_NotSupportType, TestSize.Level0)
268 {
269 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventConfig).WillRepeatedly([] (
__anonf000b82f0502( int64_t eventId, EventCfg &config) 270 int64_t eventId, EventCfg &config) {
271 config.eventType = 2;
272 return true;
273 });
274 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
275 EXPECT_TRUE(obj != nullptr);
276 sptr<SecurityEventQueryCallbackProxy> mockProxy = new (std::nothrow) SecurityEventQueryCallbackProxy(obj);
277 SecurityCollector::SecurityEventRuler ruler;
278
279 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
280 EXPECT_TRUE(service.QueryEventByRuler(mockProxy, ruler));
281 }
282
283 HWTEST_F(SecurityGuardDataCollectSaTest, QueryEventByRuler_BeginTimeEmpty, TestSize.Level0)
284 {
285 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventConfig).WillRepeatedly([] (
__anonf000b82f0602( int64_t eventId, EventCfg &config) 286 int64_t eventId, EventCfg &config) {
287 config.eventType = 2;
288 return true;
289 });
290 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
291 EXPECT_TRUE(obj != nullptr);
292 sptr<SecurityEventQueryCallbackProxy> mockProxy = new (std::nothrow) SecurityEventQueryCallbackProxy(obj);
293 SecurityCollector::SecurityEventRuler ruler(2, "", "11", "tt");
294 EXPECT_CALL(*obj, SendRequest).Times(1);
295
296 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
297 EXPECT_TRUE(service.QueryEventByRuler(mockProxy, ruler));
298 }
299
300 HWTEST_F(SecurityGuardDataCollectSaTest, TestPushDataCollectTask_NullProxy, TestSize.Level0)
301 {
302 std::shared_ptr<std::promise<int32_t>> promise = std::make_shared<std::promise<int32_t>>();
303 EXPECT_TRUE(promise != nullptr);
304 sptr<MockRemoteObject> mockObj = nullptr;
305 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
306 service.PushDataCollectTask(mockObj, "conditions", "devId", promise);
307 EXPECT_EQ(0, promise->get_future().get());
308 }
309
310 HWTEST_F(SecurityGuardDataCollectSaTest, TestPushDataCollectTask_EmptyConditions, TestSize.Level0)
311 {
312 std::shared_ptr<std::promise<int32_t>> promise = std::make_shared<std::promise<int32_t>>();
313 EXPECT_TRUE(promise != nullptr);
314 sptr<MockRemoteObject> mockObj(new (std::nothrow) MockRemoteObject());
315 EXPECT_TRUE(mockObj != nullptr);
316 EXPECT_CALL(*(DataFormat::GetInterface()), ParseConditions).WillOnce([]
__anonf000b82f0702(std::string conditions, RequestCondition &reqCondition) 317 (std::string conditions, RequestCondition &reqCondition) {
318 reqCondition = {};
319 });
320 EXPECT_CALL(*mockObj, SendRequest).Times(1);
321 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
322 ON_CALL(*mockObj, SendRequest)
__anonf000b82f0802(uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option) 323 .WillByDefault([&service](uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option) {
324 service.OnRemoteRequest(code, data, reply, option);
325 return SUCCESS;
326 });
327 service.PushDataCollectTask(mockObj, "", "devId", promise);
328 EXPECT_EQ(0, promise->get_future().get());
329 }
330
331 HWTEST_F(SecurityGuardDataCollectSaTest, TestPushDataCollectTask_ValidConditions01, TestSize.Level0)
332 {
333 std::shared_ptr<std::promise<int32_t>> promise = std::make_shared<std::promise<int32_t>>();
334 EXPECT_TRUE(promise != nullptr);
335 EXPECT_CALL(*(DataFormat::GetInterface()), ParseConditions).WillOnce([]
__anonf000b82f0902(std::string conditions, RequestCondition &reqCondition) 336 (std::string conditions, RequestCondition &reqCondition) {
337 reqCondition.auditEvent = {1};
338 });
339 EXPECT_CALL(DatabaseManager::GetInstance(), QueryEventByEventId(_, _, _))
340 .WillRepeatedly([] (std::string table, std::vector<int64_t> &eventIds,
__anonf000b82f0a02(std::string table, std::vector<int64_t> &eventIds, std::vector<SecEvent> &events) 341 std::vector<SecEvent> &events) {
342 SecEvent event {};
343 event.eventId = 1;
344 events.emplace_back(event);
345 return SUCCESS;
346 });
347 sptr<MockRemoteObject> mockObj(new (std::nothrow) MockRemoteObject());
348 EXPECT_CALL(*mockObj, SendRequest).Times(1);
349 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
350 service.PushDataCollectTask(mockObj, "conditions", "devId", promise);
351 EXPECT_EQ(1, promise->get_future().get());
352 }
353
354 HWTEST_F(SecurityGuardDataCollectSaTest, TestPushDataCollectTask_ValidConditions02, TestSize.Level0)
355 {
356 std::shared_ptr<std::promise<int32_t>> promise = std::make_shared<std::promise<int32_t>>();
357 EXPECT_TRUE(promise != nullptr);
358 sptr<MockRemoteObject> mockObj(new (std::nothrow) MockRemoteObject());
359 EXPECT_TRUE(mockObj != nullptr);
360 EXPECT_CALL(*(DataFormat::GetInterface()), ParseConditions).WillOnce([]
__anonf000b82f0b02(std::string conditions, RequestCondition &reqCondition) 361 (std::string conditions, RequestCondition &reqCondition) {
362 reqCondition.auditEvent = {1};
363 });
364 EXPECT_CALL(DatabaseManager::GetInstance(), QueryEventByEventId(_, _, _))
365 .WillRepeatedly([] (std::string table, std::vector<int64_t> &eventIds,
__anonf000b82f0c02(std::string table, std::vector<int64_t> &eventIds, std::vector<SecEvent> &events) 366 std::vector<SecEvent> &events) {
367 SecEvent event {};
368 event.eventId = 1;
369 return SUCCESS;
370 });
371 EXPECT_CALL(*mockObj, SendRequest).Times(1);
372 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
373 service.PushDataCollectTask(mockObj, "conditions", "devId", promise);
374 EXPECT_EQ(0, promise->get_future().get());
375 }
376
377 HWTEST_F(SecurityGuardDataCollectSaTest, RequestDataSubmit_NoPermission, TestSize.Level0)
378 {
379 int64_t eventId = 1;
380 std::string version = "1.0";
381 std::string time = "2022-01-01";
382 std::string content = "content";
383
384 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken).WillRepeatedly(
385 Return(AccessToken::PermissionState::PERMISSION_DENIED));
386 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
387 service.OnAddSystemAbility(RISK_ANALYSIS_MANAGER_SA_ID, "deviceId");
388 int32_t result = service.RequestDataSubmit(eventId, version, time, content);
389 EXPECT_EQ(result, NO_PERMISSION);
390 }
391
392 HWTEST_F(SecurityGuardDataCollectSaTest, RequestDataSubmitAsync_NoPermission, TestSize.Level0)
393 {
394 int64_t eventId = 1;
395 std::string version = "1.0";
396 std::string time = "2022-01-01";
397 std::string content = "content";
398
399 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken).WillRepeatedly(
400 Return(AccessToken::PermissionState::PERMISSION_DENIED));
401 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
402 service.OnAddSystemAbility(RISK_ANALYSIS_MANAGER_SA_ID, "deviceId");
403 int32_t result = service.RequestDataSubmitAsync(eventId, version, time, content);
404 EXPECT_EQ(result, NO_PERMISSION);
405 }
406
407 HWTEST_F(SecurityGuardDataCollectSaTest, RequestDataSubmit_BadParam, TestSize.Level0)
408 {
409 int64_t eventId = 1;
410 std::string version = "1.0";
411 std::string time = "2022-01-01";
412 std::string content = "content";
413
414 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken).WillOnce(
415 Return(AccessToken::PermissionState::PERMISSION_GRANTED));
416 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), GetTokenType)
417 .WillOnce(Return(AccessToken::TypeATokenTypeEnum::TOKEN_HAP));
418 EXPECT_CALL(*(AccessToken::TokenIdKit::GetInterface()), IsSystemAppByFullTokenID)
419 .WillOnce(Return(true));
420 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
421 int32_t result = service.RequestDataSubmit(eventId, version, time, content);
422 EXPECT_EQ(result, SUCCESS);
423 }
424
425 HWTEST_F(SecurityGuardDataCollectSaTest, RequestDataSubmit_Success01, TestSize.Level0)
426 {
427 int64_t eventId = 1;
428 std::string version = "1.0";
429 std::string time = "2022-01-01";
430 std::string content = "content";
431
432 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
433 .WillOnce(Return(AccessToken::PermissionState::PERMISSION_GRANTED));
434 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), GetTokenType)
435 .WillOnce(Return(AccessToken::TypeATokenTypeEnum::TOKEN_HAP));
436 EXPECT_CALL(*(AccessToken::TokenIdKit::GetInterface()), IsSystemAppByFullTokenID)
437 .WillOnce(Return(true));
438 EXPECT_CALL(DatabaseManager::GetInstance(), InsertEvent).WillRepeatedly(Return(FAILED));
439 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
440 int32_t result = service.RequestDataSubmit(eventId, version, time, content);
441 EXPECT_EQ(result, SUCCESS);
442 }
443
444 HWTEST_F(SecurityGuardDataCollectSaTest, RequestDataSubmit_Success02, TestSize.Level0)
445 {
446 int64_t eventId = 1;
447 std::string version = "1.0";
448 std::string time = "2022-01-01";
449 std::string content = "content";
450
451 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
452 .WillOnce(Return(AccessToken::PermissionState::PERMISSION_GRANTED));
453 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), GetTokenType)
454 .WillOnce(Return(AccessToken::TypeATokenTypeEnum::TOKEN_HAP));
455 EXPECT_CALL(*(AccessToken::TokenIdKit::GetInterface()), IsSystemAppByFullTokenID)
456 .WillOnce(Return(true));
457 EXPECT_CALL(*(DataFormat::GetInterface()), CheckRiskContent).WillOnce(Return(true));
458 EXPECT_CALL(DatabaseManager::GetInstance(), InsertEvent).WillRepeatedly(Return(SUCCESS));
459 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
460 int32_t result = service.RequestDataSubmit(eventId, version, time, content);
461 EXPECT_EQ(result, SUCCESS);
462 }
463
464 HWTEST_F(SecurityGuardDataCollectSaTest, RequestRiskData01, TestSize.Level0)
465 {
466 std::string devId = "devId";
467 std::string eventList = "eventList";
468 sptr<IRemoteObject> obj = nullptr;
469
470 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
471 .WillOnce(Return(AccessToken::PermissionState::PERMISSION_DENIED));
472 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
473 int32_t result = service.RequestRiskData(devId, eventList, obj);
474 EXPECT_EQ(result, NO_PERMISSION);
475 }
476
477 HWTEST_F(SecurityGuardDataCollectSaTest, RequestRiskData02, TestSize.Level0)
478 {
479 std::string devId = "devId";
480 std::string eventList = "eventList";
481 sptr<IRemoteObject> obj = nullptr;
482
483 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
484 .WillOnce(Return(AccessToken::PermissionState::PERMISSION_GRANTED));
485 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), GetTokenType)
486 .WillOnce(Return(AccessToken::TypeATokenTypeEnum::TOKEN_HAP));
487 EXPECT_CALL(*(AccessToken::TokenIdKit::GetInterface()), IsSystemAppByFullTokenID)
488 .WillOnce(Return(true));
489 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
490 int32_t result = service.RequestRiskData(devId, eventList, obj);
491 service.OnRemoveSystemAbility(0, "dd");
492 EXPECT_EQ(result, SUCCESS);
493 }
494
495 HWTEST_F(SecurityGuardDataCollectSaTest, RequestRiskData03, TestSize.Level0)
496 {
497 std::string devId = "devId";
498 std::string eventList = "eventList";
499 sptr<IRemoteObject> obj = nullptr;
500
501 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
502 .WillOnce(Return(AccessToken::PermissionState::PERMISSION_GRANTED));
503 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), GetTokenType)
504 .WillOnce(Return(AccessToken::TypeATokenTypeEnum::TOKEN_HAP));
505 EXPECT_CALL(*(AccessToken::TokenIdKit::GetInterface()), IsSystemAppByFullTokenID)
506 .WillOnce(Return(false));
507 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
508 int32_t result = service.RequestRiskData(devId, eventList, obj);
509 EXPECT_EQ(result, NO_SYSTEMCALL);
510 }
511
512 HWTEST_F(SecurityGuardDataCollectSaTest, Subscribe01, TestSize.Level0)
513 {
514 SecurityCollector::SecurityCollectorSubscribeInfo subscribeInfo{};
515 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
516
517 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
518 .WillRepeatedly(Return(AccessToken::PermissionState::PERMISSION_DENIED));
519 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
520 int32_t result = service.Subscribe(subscribeInfo, obj, "111");
521 EXPECT_EQ(result, NO_PERMISSION);
522 }
523
524 HWTEST_F(SecurityGuardDataCollectSaTest, Unsubscribe01, TestSize.Level0)
525 {
526 SecurityCollector::SecurityCollectorSubscribeInfo subscribeInfo{};
527 sptr<MockRemoteObject> mockObj(new (std::nothrow) MockRemoteObject());
528
529 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
530 .WillRepeatedly(Return(AccessToken::PermissionState::PERMISSION_DENIED));
531 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
532 int32_t result = service.Unsubscribe(subscribeInfo, mockObj, "111");
533 EXPECT_EQ(result, NO_PERMISSION);
534 }
535
536 HWTEST_F(SecurityGuardDataCollectSaTest, Subscribe02, TestSize.Level0)
537 {
538 SecurityCollector::SecurityCollectorSubscribeInfo subscribeInfo{};
539 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
540
541 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
542 .WillOnce(Return(AccessToken::PermissionState::PERMISSION_GRANTED));
543 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), GetTokenType)
544 .WillOnce(Return(AccessToken::TypeATokenTypeEnum::TOKEN_HAP));
545 EXPECT_CALL(*(AccessToken::TokenIdKit::GetInterface()), IsSystemAppByFullTokenID)
546 .WillOnce(Return(false));
547 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
548 int32_t result = service.Subscribe(subscribeInfo, obj, "111");
549 EXPECT_EQ(result, NO_SYSTEMCALL);
550 }
551
552 HWTEST_F(SecurityGuardDataCollectSaTest, Unsubscribe02, TestSize.Level0)
553 {
554 SecurityCollector::SecurityCollectorSubscribeInfo subscribeInfo{};
555 sptr<MockRemoteObject> mockObj(new (std::nothrow) MockRemoteObject());
556
557 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
558 .WillOnce(Return(AccessToken::PermissionState::PERMISSION_GRANTED));
559 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), GetTokenType)
560 .WillOnce(Return(AccessToken::TypeATokenTypeEnum::TOKEN_HAP));
561 EXPECT_CALL(*(AccessToken::TokenIdKit::GetInterface()), IsSystemAppByFullTokenID)
562 .WillOnce(Return(false));
563 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
564 int32_t result = service.Unsubscribe(subscribeInfo, mockObj, "111");
565 EXPECT_EQ(result, NO_SYSTEMCALL);
566 }
567
568 HWTEST_F(SecurityGuardDataCollectSaTest, InsertSubscribeRecord_Success, TestSize.Level0)
569 {
570 SecurityCollector::SecurityCollectorSubscribeInfo subscribeInfo{};
571 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
572 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventConfig).WillRepeatedly(Return(true));
573 int32_t result = AcquireDataSubscribeManager::GetInstance().InsertSubscribeRecord(subscribeInfo, obj, "111");
574 EXPECT_EQ(result, SUCCESS);
575 result = AcquireDataSubscribeManager::GetInstance().RemoveSubscribeRecord(subscribeInfo.GetEvent().eventId, obj,
576 "111");
577 EXPECT_EQ(result, SUCCESS);
578 }
579
580 HWTEST_F(SecurityGuardDataCollectSaTest, Publish_WithSubscribers, TestSize.Level0)
581 {
582 SecurityCollector::Event event {
583 .eventId = 1,
584 .version = "version",
585 .content = "content"
586 };
587 EXPECT_TRUE(AcquireDataSubscribeManager::GetInstance().PublishEventToSub(event));
588 }
589
590 HWTEST_F(SecurityGuardDataCollectSaTest, Publish_NullProxy, TestSize.Level0)
591 {
592 SecurityCollector::Event event2 {
593 .eventId = 2,
594 .version = "version",
595 .content = "content",
596 .extra = ""
597 };
598 SecurityCollector::SecurityCollectorSubscribeInfo subscribeInfo(event2);
599 sptr<MockRemoteObject> obj = nullptr;
600 EXPECT_CALL(DatabaseManager::GetInstance(), SubscribeDb).WillRepeatedly(Return(SUCCESS));
601 EXPECT_CALL(DatabaseManager::GetInstance(), UnSubscribeDb).WillRepeatedly(Return(SUCCESS));
602 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventConfig).WillRepeatedly(
__anonf000b82f0d02(int64_t eventId, EventCfg &config) 603 [] (int64_t eventId, EventCfg &config) {
604 config.dbTable = "risk_event";
605 config.eventType = 0;
606 config.prog = "security_guard";
607 config.eventId = eventId;
608 config.isBatchUpload = 0;
609 return true;
610 });
611 int32_t result = AcquireDataSubscribeManager::GetInstance().InsertSubscribeRecord(subscribeInfo, obj, "111");
612 EXPECT_EQ(result, SUCCESS);
613 EXPECT_TRUE(AcquireDataSubscribeManager::GetInstance().PublishEventToSub(event2));
614 EXPECT_TRUE(AcquireDataSubscribeManager::GetInstance().PublishEventToSub(event2));
615 result = AcquireDataSubscribeManager::GetInstance().RemoveSubscribeRecord(subscribeInfo.GetEvent().eventId, obj,
616 "111");
617 EXPECT_EQ(result, SUCCESS);
618 }
619
620 HWTEST_F(SecurityGuardDataCollectSaTest, Publish_NotNullProxy, TestSize.Level0)
621 {
622 SecurityCollector::Event event2 {
623 .eventId = SecurityCollector::FILE_EVENTID,
624 .version = "version",
625 .content = "content",
626 .extra = ""
627 };
628 SecurityCollector::SecurityCollectorSubscribeInfo subscribeInfo(event2);
629 sptr<MockRemoteObject> mockObject(new (std::nothrow) MockRemoteObject());
630 EXPECT_CALL(DatabaseManager::GetInstance(), SubscribeDb).WillRepeatedly(Return(SUCCESS));
631 EXPECT_CALL(DatabaseManager::GetInstance(), UnSubscribeDb).WillRepeatedly(Return(SUCCESS));
632 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
633 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventConfig).WillRepeatedly(
__anonf000b82f0e02(int64_t eventId, EventCfg &config) 634 [] (int64_t eventId, EventCfg &config) {
635 config.dbTable = "risk_event";
636 config.eventType = 0;
637 config.prog = "security_guard";
638 config.eventId = eventId;
639 config.isBatchUpload = 0;
640 return true;
641 });
642 int32_t result = AcquireDataSubscribeManager::GetInstance().InsertSubscribeRecord(subscribeInfo, mockObject,
643 "111");
644 EXPECT_EQ(result, SUCCESS);
645 EXPECT_TRUE(AcquireDataSubscribeManager::GetInstance().PublishEventToSub(event2));
646 result = AcquireDataSubscribeManager::GetInstance().RemoveSubscribeRecord(subscribeInfo.GetEvent().eventId,
647 mockObject, "111");
648 EXPECT_EQ(result, SUCCESS);
649 }
650
651 HWTEST_F(SecurityGuardDataCollectSaTest, Publish_DifferentEventId01, TestSize.Level0)
652 {
653 SecurityCollector::Event event2 {
654 .eventId = 1,
655 .version = "version",
656 .content = "content",
657 .extra = ""
658 };
659 SecurityCollector::SecurityCollectorSubscribeInfo subscribeInfo(event2);
660 sptr<MockRemoteObject> mockObj(new (std::nothrow) MockRemoteObject());
661 EXPECT_CALL(DatabaseManager::GetInstance(), SubscribeDb).WillRepeatedly(Return(SUCCESS));
662 EXPECT_CALL(DatabaseManager::GetInstance(), UnSubscribeDb).WillRepeatedly(Return(SUCCESS));
663 EXPECT_CALL(ConfigDataManager::GetInstance(), GetIsBatchUpload).WillRepeatedly(Return(false));
664 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
665 int32_t result = AcquireDataSubscribeManager::GetInstance().InsertSubscribeRecord(subscribeInfo, mockObj, "111");
666 EXPECT_EQ(result, SUCCESS);
667 EXPECT_TRUE(AcquireDataSubscribeManager::GetInstance().PublishEventToSub(event2));
668 result = AcquireDataSubscribeManager::GetInstance().RemoveSubscribeRecord(subscribeInfo.GetEvent().eventId,
669 mockObj, "111");
670 EXPECT_EQ(result, SUCCESS);
671 }
672
673 HWTEST_F(SecurityGuardDataCollectSaTest, Publish_DifferentEventId02, TestSize.Level0)
674 {
675 SecurityCollector::Event event2 {
676 .eventId = SecurityCollector::PROCESS_EVENTID,
677 .version = "version",
678 .content = "content",
679 .extra = ""
680 };
681 SecurityCollector::SecurityCollectorSubscribeInfo subscribeInfo(event2);
682 sptr<MockRemoteObject> object(new (std::nothrow) MockRemoteObject());
683 EXPECT_CALL(DatabaseManager::GetInstance(), SubscribeDb).WillRepeatedly(Return(SUCCESS));
684 EXPECT_CALL(DatabaseManager::GetInstance(), UnSubscribeDb).WillRepeatedly(Return(SUCCESS));
685 EXPECT_CALL(ConfigDataManager::GetInstance(), GetIsBatchUpload).WillRepeatedly(Return(false));
686 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
687 int32_t result = AcquireDataSubscribeManager::GetInstance().InsertSubscribeRecord(subscribeInfo, object, "111");
688 EXPECT_EQ(result, SUCCESS);
689 EXPECT_TRUE(AcquireDataSubscribeManager::GetInstance().PublishEventToSub(event2));
690 result = AcquireDataSubscribeManager::GetInstance().RemoveSubscribeRecord(subscribeInfo.GetEvent().eventId, object,
691 "111");
692 EXPECT_EQ(result, SUCCESS);
693 }
694
695 HWTEST_F(SecurityGuardDataCollectSaTest, Publish_DifferentEventId03, TestSize.Level0)
696 {
697 SecurityCollector::Event event2 {
698 .eventId = SecurityCollector::NETWORK_EVENTID,
699 .version = "version",
700 .content = "content",
701 .extra = ""
702 };
703 SecurityCollector::SecurityCollectorSubscribeInfo subscribeInfo(event2);
704 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
705 EXPECT_CALL(DatabaseManager::GetInstance(), SubscribeDb).WillRepeatedly(Return(SUCCESS));
706 EXPECT_CALL(DatabaseManager::GetInstance(), UnSubscribeDb).WillRepeatedly(Return(SUCCESS));
707 EXPECT_CALL(ConfigDataManager::GetInstance(), GetIsBatchUpload).WillRepeatedly(Return(false));
708 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
709 int32_t result = AcquireDataSubscribeManager::GetInstance().InsertSubscribeRecord(subscribeInfo, obj, "111");
710 EXPECT_EQ(result, SUCCESS);
711 EXPECT_TRUE(AcquireDataSubscribeManager::GetInstance().PublishEventToSub(event2));
712 result = AcquireDataSubscribeManager::GetInstance().RemoveSubscribeRecord(subscribeInfo.GetEvent().eventId, obj,
713 "111");
714 EXPECT_EQ(result, SUCCESS);
715 }
716
717 HWTEST_F(SecurityGuardDataCollectSaTest, AcquireDataSubscrSubscribeSc01, TestSize.Level0)
718 {
719 AcquireDataSubscribeManager adsm {};
720 SecurityCollector::Event event {
721 .eventId = 111
722 };
723 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
724 adsm.scSubscribeMap_.insert({111,
725 std::make_shared<AcquireDataSubscribeManager::SecurityCollectorSubscriber>(event)});
726 int result = adsm.SubscribeSc(111);
727 EXPECT_EQ(result, SUCCESS);
728 }
729
730 HWTEST_F(SecurityGuardDataCollectSaTest, AcquireDataSubscrSubscribeSc02, TestSize.Level0)
731 {
732 AcquireDataSubscribeManager adsm {};
733 SecurityCollector::Event event {
734 .eventId = 111
735 };
736 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventConfig).WillRepeatedly(
__anonf000b82f0f02(int64_t eventId, EventCfg &config) 737 [] (int64_t eventId, EventCfg &config) {
738 config.dbTable = "risk_event";
739 config.eventType = 3;
740 config.prog = "security_guard";
741 return true;
742 });
743 EXPECT_CALL(SecurityCollector::DataCollection::GetInstance(), SubscribeCollectors).WillOnce(
744 Return(false));
745 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
746 int result = adsm.SubscribeSc(111);
747 EXPECT_EQ(result, FAILED);
748 result = adsm.UnSubscribeSc(111);
749 EXPECT_EQ(result, FAILED);
750 }
751
752 HWTEST_F(SecurityGuardDataCollectSaTest, AcquireDataSubscrSubscribeSc03, TestSize.Level0)
753 {
754 AcquireDataSubscribeManager adsm {};
755 SecurityCollector::Event event {
756 .eventId = 111
757 };
758 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventConfig).WillRepeatedly(
__anonf000b82f1002(int64_t eventId, EventCfg &config) 759 [] (int64_t eventId, EventCfg &config) {
760 config.dbTable = "risk_event";
761 config.eventType = 3;
762 config.prog = "";
763 return true;
764 });
765 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
766 EXPECT_CALL(SecurityCollector::CollectorManager::GetInstance(), Subscribe(_)).WillOnce(Return(FAILED));
767 int result = adsm.SubscribeSc(111);
768 EXPECT_EQ(result, FAILED);
769 result = adsm.UnSubscribeSc(111);
770 EXPECT_EQ(result, FAILED);
771 }
772
773 HWTEST_F(SecurityGuardDataCollectSaTest, AcquireDataSubscrSubscribeSc04, TestSize.Level0)
774 {
775 AcquireDataSubscribeManager adsm {};
776 SecurityCollector::Event event {
777 .eventId = 111
778 };
779 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventConfig).WillRepeatedly(
__anonf000b82f1102(int64_t eventId, EventCfg &config) 780 [] (int64_t eventId, EventCfg &config) {
781 config.dbTable = "risk_event";
782 config.eventType = 3;
783 config.prog = "";
784 return true;
785 });
786 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
787 EXPECT_CALL(SecurityCollector::CollectorManager::GetInstance(), Subscribe(_)).WillOnce(Return(SUCCESS));
788 int result = adsm.SubscribeSc(111);
789 EXPECT_EQ(result, SUCCESS);
790 EXPECT_CALL(SecurityCollector::CollectorManager::GetInstance(), Unsubscribe(_)).WillOnce(
791 Return(SUCCESS)).WillOnce(Return(FAILED));
792 result = adsm.UnSubscribeSc(111);
793 EXPECT_EQ(result, SUCCESS);
794 AcquireDataSubscribeManager::GetInstance().RemoveSubscribeRecordOnRemoteDied(obj);
795 auto subscriber = std::make_shared<AcquireDataSubscribeManager::SecurityCollectorSubscriber>(event);
796 adsm.scSubscribeMap_.emplace(event.eventId, subscriber);
797 result = adsm.UnSubscribeSc(111);
798 EXPECT_EQ(result, FAILED);
799 }
800
801 HWTEST_F(SecurityGuardDataCollectSaTest, AcquireDataSubscrSubscribeSc05, TestSize.Level0)
802 {
803 AcquireDataSubscribeManager adsm {};
804 SecurityCollector::Event event {
805 .eventId = 111
806 };
807 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventConfig).WillRepeatedly(
__anonf000b82f1202(int64_t eventId, EventCfg &config) 808 [] (int64_t eventId, EventCfg &config) {
809 return false;
810 });
811 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
812 int result = adsm.SubscribeSc(111);
813 EXPECT_EQ(result, BAD_PARAM);
814 }
815
816 HWTEST_F(SecurityGuardDataCollectSaTest, AcquireDataSubscrSubscribeSc06, TestSize.Level0)
817 {
818 AcquireDataSubscribeManager adsm {};
819 SecurityCollector::Event event {
820 .eventId = 111
821 };
822 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventConfig).WillRepeatedly(
__anonf000b82f1302(int64_t eventId, EventCfg &config) 823 [] (int64_t eventId, EventCfg &config) {
824 config.dbTable = "risk_event";
825 config.eventType = 3;
826 config.prog = "security_guard";
827 return true;
828 });
829 EXPECT_CALL(SecurityCollector::DataCollection::GetInstance(), SubscribeCollectors).WillOnce(
830 Return(false));
831 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
832 int result = adsm.SubscribeSc(111);
833 EXPECT_EQ(result, FAILED);
834
835 EXPECT_CALL(SecurityCollector::DataCollection::GetInstance(), UnsubscribeCollectors).WillOnce(
836 Return(false));
837 auto collectorListenner = std::make_shared<AcquireDataSubscribeManager::CollectorListener>();
838 adsm.eventToListenner_.emplace(event.eventId, collectorListenner);
839 result = adsm.UnSubscribeSc(111);
840 EXPECT_EQ(result, FAILED);
841 }
842
843 HWTEST_F(SecurityGuardDataCollectSaTest, AcquireDataSubscrUnsubscribeSc01, TestSize.Level0)
844 {
845 AcquireDataSubscribeManager adsm {};
846 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventConfig).WillRepeatedly(
__anonf000b82f1402(int64_t eventId, EventCfg &config) 847 [] (int64_t eventId, EventCfg &config) {
848 config.dbTable = "risk_event";
849 config.eventType = 3;
850 config.prog = "";
851 return false;
852 });
853 int result = adsm.UnSubscribeSc(111);
854 EXPECT_EQ(result, BAD_PARAM);
855 }
856
857 HWTEST_F(SecurityGuardDataCollectSaTest, QuerySecurityEvent, TestSize.Level0)
858 {
859 SecurityCollector::SecurityEventRuler rule(11111);
860 std::vector<SecurityCollector::SecurityEventRuler> rules {};
861 rules.emplace_back(rule);
862 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
863
864 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
865 .WillRepeatedly(Return(AccessToken::PermissionState::PERMISSION_DENIED));
866 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
867 int32_t result = service.QuerySecurityEvent(rules, obj, "");
868 EXPECT_EQ(result, NO_PERMISSION);
869 }
870
871 HWTEST_F(SecurityGuardDataCollectSaTest, QuerySecurityEvent01, TestSize.Level0)
872 {
873 SecurityCollector::SecurityEventRuler rule(11111);
874 std::vector<SecurityCollector::SecurityEventRuler> rules {};
875 rules.emplace_back(rule);
876 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
877 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventGroupConfig).WillRepeatedly(Return(false));
878 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
879 .WillOnce(Return(AccessToken::PermissionState::PERMISSION_GRANTED));
880 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), GetTokenType)
881 .WillOnce(Return(AccessToken::TypeATokenTypeEnum::TOKEN_HAP));
882 EXPECT_CALL(*(AccessToken::TokenIdKit::GetInterface()), IsSystemAppByFullTokenID)
883 .WillOnce(Return(true));
884 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
885 int32_t result = service.QuerySecurityEvent(rules, obj, "");
886 EXPECT_EQ(result, SUCCESS);
887 }
888
889 HWTEST_F(SecurityGuardDataCollectSaTest, QuerySecurityEvent02, TestSize.Level0)
890 {
891 SecurityCollector::SecurityEventRuler rule(11111);
892 std::vector<SecurityCollector::SecurityEventRuler> rules {};
893 rules.emplace_back(rule);
894 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
895 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
896 .WillOnce(Return(AccessToken::PermissionState::PERMISSION_GRANTED));
897 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), GetTokenType)
898 .WillOnce(Return(AccessToken::TypeATokenTypeEnum::TOKEN_HAP));
899 EXPECT_CALL(*(AccessToken::TokenIdKit::GetInterface()), IsSystemAppByFullTokenID)
900 .WillOnce(Return(false));
901 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
902 int32_t result = service.QuerySecurityEvent(rules, obj, "");
903 EXPECT_EQ(result, NO_SYSTEMCALL);
904 }
905
906 HWTEST_F(SecurityGuardDataCollectSaTest, QuerySecurityEvent03, TestSize.Level0)
907 {
908 SecurityCollector::SecurityEventRuler rule(11111);
909 std::vector<SecurityCollector::SecurityEventRuler> rules {};
910 rules.emplace_back(rule);
911 sptr<MockRemoteObject> obj = nullptr;
912
913 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
914 .WillOnce(Return(AccessToken::PermissionState::PERMISSION_GRANTED));
915 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), GetTokenType)
916 .WillOnce(Return(AccessToken::TypeATokenTypeEnum::TOKEN_HAP));
917 EXPECT_CALL(*(AccessToken::TokenIdKit::GetInterface()), IsSystemAppByFullTokenID)
918 .WillOnce(Return(true));
919 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
920 int32_t result = service.QuerySecurityEvent(rules, obj, "");
921 EXPECT_EQ(result, NULL_OBJECT);
922 }
923
924 HWTEST_F(SecurityGuardDataCollectSaTest, QuerySecurityEvent04, TestSize.Level0)
925 {
926 SecurityCollector::SecurityEventRuler rule(11111);
927 std::vector<SecurityCollector::SecurityEventRuler> rules {};
928 rules.emplace_back(rule);
929 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
930 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventGroupConfig).WillRepeatedly(Return(true));
931 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
932 .WillOnce(Return(AccessToken::PermissionState::PERMISSION_GRANTED));
933 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), GetTokenType)
934 .WillOnce(Return(AccessToken::TypeATokenTypeEnum::TOKEN_HAP));
935 EXPECT_CALL(*(AccessToken::TokenIdKit::GetInterface()), IsSystemAppByFullTokenID)
936 .WillOnce(Return(true));
937 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
938 int32_t result = service.QuerySecurityEvent(rules, obj, "");
939 EXPECT_EQ(result, SUCCESS);
940 }
941
942 HWTEST_F(SecurityGuardDataCollectSaTest, QuerySecurityEvent05, TestSize.Level0)
943 {
944 SecurityCollector::SecurityEventRuler rule(11111);
945 std::vector<SecurityCollector::SecurityEventRuler> rules {};
946 rules.emplace_back(rule);
947 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
948 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventGroupConfig).WillRepeatedly(Return(false));
949 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
950 int32_t result = service.QuerySecurityEvent(rules, obj, "securityGroup");
951 EXPECT_EQ(result, BAD_PARAM);
952 }
953
954 HWTEST_F(SecurityGuardDataCollectSaTest, QuerySecurityEvent07, TestSize.Level0)
955 {
956 SecurityCollector::SecurityEventRuler rule(11111);
957 std::vector<SecurityCollector::SecurityEventRuler> rules {};
958 rules.emplace_back(rule);
959 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
960 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventGroupConfig).WillRepeatedly(
__anonf000b82f1502(const std::string &groupName, EventGroupCfg &config) 961 [] (const std::string &groupName, EventGroupCfg &config) {
962 config.eventList.insert(11111);
963 config.permissionList.insert("testPermission");
964 return true;
965 });
966 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
967 .WillOnce(Return(AccessToken::PermissionState::PERMISSION_GRANTED)).WillOnce(
968 Return(AccessToken::PermissionState::PERMISSION_DENIED)).WillOnce(
969 Return(AccessToken::PermissionState::PERMISSION_GRANTED));
970 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), GetTokenType)
971 .WillRepeatedly(Return(AccessToken::TypeATokenTypeEnum::TOKEN_HAP));
972 EXPECT_CALL(*(AccessToken::TokenIdKit::GetInterface()), IsSystemAppByFullTokenID)
973 .WillOnce(Return(true)).WillOnce(Return(false));
974 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
975 int32_t result = service.QuerySecurityEvent(rules, obj, "securityGroup");
976 EXPECT_EQ(result, SUCCESS);
977 result = service.QuerySecurityEvent(rules, obj, "securityGroup");
978 EXPECT_EQ(result, NO_PERMISSION);
979 result = service.QuerySecurityEvent(rules, obj, "securityGroup");
980 EXPECT_EQ(result, NO_SYSTEMCALL);
981 }
982
983 HWTEST_F(SecurityGuardDataCollectSaTest, CollectorStart01, TestSize.Level0)
984 {
985 SecurityCollector::SecurityCollectorSubscribeInfo subscribeInfo{};
986 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
987
988 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
989 .WillRepeatedly(Return(AccessToken::PermissionState::PERMISSION_DENIED));
990 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
991 int32_t result = service.CollectorStart(subscribeInfo, obj);
992 EXPECT_EQ(result, NO_PERMISSION);
993 }
994
995 HWTEST_F(SecurityGuardDataCollectSaTest, CollectorStart02, TestSize.Level0)
996 {
997 SecurityCollector::SecurityCollectorSubscribeInfo subscribeInfo{};
998 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
999
1000 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
1001 .WillOnce(Return(AccessToken::PermissionState::PERMISSION_GRANTED));
1002 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), GetTokenType)
1003 .WillOnce(Return(AccessToken::TypeATokenTypeEnum::TOKEN_HAP));
1004 EXPECT_CALL(*(AccessToken::TokenIdKit::GetInterface()), IsSystemAppByFullTokenID)
1005 .WillOnce(Return(false));
1006 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
1007 int32_t result = service.CollectorStart(subscribeInfo, obj);
1008 EXPECT_EQ(result, NO_SYSTEMCALL);
1009 }
1010
1011 HWTEST_F(SecurityGuardDataCollectSaTest, CollectorStart03, TestSize.Level0)
1012 {
1013 SecurityCollector::SecurityCollectorSubscribeInfo subscribeInfo{};
1014 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
1015
1016 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
1017 .WillOnce(Return(AccessToken::PermissionState::PERMISSION_GRANTED));
1018 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), GetTokenType)
1019 .WillOnce(Return(AccessToken::TypeATokenTypeEnum::TOKEN_HAP));
1020 EXPECT_CALL(*(AccessToken::TokenIdKit::GetInterface()), IsSystemAppByFullTokenID)
1021 .WillOnce(Return(true));
1022 EXPECT_CALL(SecurityCollector::CollectorManager::GetInstance(), CollectorStart(_)).WillOnce(Return(FAILED));
1023 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
1024 int32_t result = service.CollectorStart(subscribeInfo, obj);
1025 EXPECT_EQ(result, FAILED);
1026 }
1027
1028 HWTEST_F(SecurityGuardDataCollectSaTest, CollectorStart04, TestSize.Level0)
1029 {
1030 SecurityCollector::SecurityCollectorSubscribeInfo subscribeInfo{};
1031 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
1032
1033 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
1034 .WillOnce(Return(AccessToken::PermissionState::PERMISSION_GRANTED));
1035 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), GetTokenType)
1036 .WillOnce(Return(AccessToken::TypeATokenTypeEnum::TOKEN_HAP));
1037 EXPECT_CALL(*(AccessToken::TokenIdKit::GetInterface()), IsSystemAppByFullTokenID)
1038 .WillOnce(Return(true));
1039 EXPECT_CALL(SecurityCollector::CollectorManager::GetInstance(), CollectorStart(_)).WillOnce(Return(SUCCESS));
1040 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
1041 int32_t result = service.CollectorStart(subscribeInfo, obj);
1042 EXPECT_EQ(result, SUCCESS);
1043 }
1044
1045 HWTEST_F(SecurityGuardDataCollectSaTest, CollectorStop01, TestSize.Level0)
1046 {
1047 SecurityCollector::SecurityCollectorSubscribeInfo subscribeInfo{};
1048 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
1049
1050 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
1051 .WillRepeatedly(Return(AccessToken::PermissionState::PERMISSION_DENIED));
1052 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
1053 int32_t result = service.CollectorStop(subscribeInfo, obj);
1054 EXPECT_EQ(result, NO_PERMISSION);
1055 }
1056
1057 HWTEST_F(SecurityGuardDataCollectSaTest, CollectorStop02, TestSize.Level0)
1058 {
1059 SecurityCollector::SecurityCollectorSubscribeInfo subscribeInfo{};
1060 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
1061
1062 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
1063 .WillOnce(Return(AccessToken::PermissionState::PERMISSION_GRANTED));
1064 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), GetTokenType)
1065 .WillOnce(Return(AccessToken::TypeATokenTypeEnum::TOKEN_HAP));
1066 EXPECT_CALL(*(AccessToken::TokenIdKit::GetInterface()), IsSystemAppByFullTokenID)
1067 .WillOnce(Return(false));
1068 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
1069 int32_t result = service.CollectorStop(subscribeInfo, obj);
1070 EXPECT_EQ(result, NO_SYSTEMCALL);
1071 }
1072
1073 HWTEST_F(SecurityGuardDataCollectSaTest, CollectorStop03, TestSize.Level0)
1074 {
1075 SecurityCollector::SecurityCollectorSubscribeInfo subscribeInfo{};
1076 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
1077
1078 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
1079 .WillOnce(Return(AccessToken::PermissionState::PERMISSION_GRANTED));
1080 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), GetTokenType)
1081 .WillOnce(Return(AccessToken::TypeATokenTypeEnum::TOKEN_HAP));
1082 EXPECT_CALL(*(AccessToken::TokenIdKit::GetInterface()), IsSystemAppByFullTokenID)
1083 .WillOnce(Return(true));
1084 EXPECT_CALL(SecurityCollector::CollectorManager::GetInstance(), CollectorStop(_)).WillOnce(Return(FAILED));
1085 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
1086 int32_t result = service.CollectorStop(subscribeInfo, obj);
1087 EXPECT_EQ(result, FAILED);
1088 }
1089
1090 HWTEST_F(SecurityGuardDataCollectSaTest, CollectorStop04, TestSize.Level0)
1091 {
1092 SecurityCollector::SecurityCollectorSubscribeInfo subscribeInfo{};
1093 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
1094
1095 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
1096 .WillOnce(Return(AccessToken::PermissionState::PERMISSION_GRANTED));
1097 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), GetTokenType)
1098 .WillOnce(Return(AccessToken::TypeATokenTypeEnum::TOKEN_HAP));
1099 EXPECT_CALL(*(AccessToken::TokenIdKit::GetInterface()), IsSystemAppByFullTokenID)
1100 .WillOnce(Return(true));
1101 EXPECT_CALL(SecurityCollector::CollectorManager::GetInstance(), CollectorStop(_)).WillOnce(Return(SUCCESS));
1102 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
1103 int32_t result = service.CollectorStop(subscribeInfo, obj);
1104 EXPECT_EQ(result, SUCCESS);
1105 }
1106
1107 HWTEST_F(SecurityGuardDataCollectSaTest, IsApiHasPermission01, TestSize.Level0)
1108 {
1109 const std::string api = "testString";
1110 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
1111 int32_t result = service.IsApiHasPermission(api);
1112 EXPECT_EQ(result, FAILED);
1113 }
1114
1115 HWTEST_F(SecurityGuardDataCollectSaTest, ConfigUpdate01, TestSize.Level0)
1116 {
1117 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
1118 .WillOnce(Return(AccessToken::PermissionState::PERMISSION_DENIED));
1119 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
1120 int32_t result = service.ConfigUpdate(-1, "");
1121 EXPECT_EQ(result, NO_PERMISSION);
1122 }
1123
1124 HWTEST_F(SecurityGuardDataCollectSaTest, ConfigUpdate02, TestSize.Level0)
1125 {
1126 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
1127 .WillOnce(Return(AccessToken::PermissionState::PERMISSION_GRANTED));
1128 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), GetTokenType)
1129 .WillOnce(Return(AccessToken::TypeATokenTypeEnum::TOKEN_HAP));
1130 EXPECT_CALL(*(AccessToken::TokenIdKit::GetInterface()), IsSystemAppByFullTokenID)
1131 .WillOnce(Return(false));
1132 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
1133 int32_t result = service.ConfigUpdate(-1, "");
1134 EXPECT_EQ(result, NO_SYSTEMCALL);
1135 }
1136
1137 HWTEST_F(SecurityGuardDataCollectSaTest, ConfigUpdate03, TestSize.Level0)
1138 {
1139 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
1140 .WillOnce(Return(AccessToken::PermissionState::PERMISSION_GRANTED));
1141 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), GetTokenType)
1142 .WillOnce(Return(AccessToken::TypeATokenTypeEnum::TOKEN_HAP));
1143 EXPECT_CALL(*(AccessToken::TokenIdKit::GetInterface()), IsSystemAppByFullTokenID)
1144 .WillOnce(Return(true));
1145 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
1146 int32_t result = service.ConfigUpdate(-1, "");
1147 EXPECT_EQ(result, BAD_PARAM);
1148 }
1149
1150 HWTEST_F(SecurityGuardDataCollectSaTest, ConfigUpdate04, TestSize.Level0)
1151 {
1152 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
1153
1154 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
1155 .WillOnce(Return(AccessToken::PermissionState::PERMISSION_GRANTED));
1156 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), GetTokenType)
1157 .WillOnce(Return(AccessToken::TypeATokenTypeEnum::TOKEN_HAP));
1158 EXPECT_CALL(*(AccessToken::TokenIdKit::GetInterface()), IsSystemAppByFullTokenID)
1159 .WillOnce(Return(true));
1160 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
1161 int32_t result = service.ConfigUpdate(-1, SECURITY_GUARD_EVENT_CFG_FILE);
1162 EXPECT_EQ(result, FAILED);
1163 }
1164
1165 HWTEST_F(SecurityGuardDataCollectSaTest, WriteRemoteFileToLocal01, TestSize.Level0)
1166 {
1167 std::ofstream out("/data/test/unittest/resource/test.json");
1168 std::string errtmp = R"({
1169 "version":"001",
1170 "apps":""
1171 })";
1172 out << errtmp << std::endl;
1173 int32_t fd = open("/data/test/unittest/resource/test.json", O_RDONLY);
1174
1175 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
1176 std::string toPath = "/data/test/unittest/resource/";
1177 int32_t result = service.WriteRemoteFileToLocal(fd, toPath + "testFile.json");
1178 close(fd);
1179 EXPECT_EQ(result, FAILED);
1180 }
1181
1182 HWTEST_F(SecurityGuardDataCollectSaTest, WriteRemoteFileToLocal02, TestSize.Level0)
1183 {
1184 std::ofstream out("/data/test/unittest/resource/test.json");
1185 std::string errtmp = R"({
1186 "version":"001",
1187 "apps":""
1188 })";
1189 out << errtmp << std::endl;
1190 int32_t fd = 0;
1191
1192 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
1193 std::string toPath = "/data/test/unittest/resource/";
1194 int32_t result = service.WriteRemoteFileToLocal(fd, toPath + "testFile.json");
1195 EXPECT_EQ(result, FAILED);
1196 }
1197
1198 HWTEST_F(SecurityGuardDataCollectSaTest, QueryEventConfig001, TestSize.Level0)
1199 {
1200 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
1201 std::string queryInfo;
1202 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
1203 .WillOnce(Return(AccessToken::PermissionState::PERMISSION_DENIED));
1204 int32_t ret = service.QuerySecurityEventConfig(queryInfo);
1205 EXPECT_EQ(ret, NO_PERMISSION);
1206 }
1207
1208 HWTEST_F(SecurityGuardDataCollectSaTest, QueryEventConfig002, TestSize.Level0)
1209 {
1210 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
1211 std::string queryInfo;
1212 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
1213 .WillOnce(Return(AccessToken::PermissionState::PERMISSION_GRANTED));
1214 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), GetTokenType)
1215 .WillOnce(Return(AccessToken::TypeATokenTypeEnum::TOKEN_HAP));
1216 EXPECT_CALL(*(AccessToken::TokenIdKit::GetInterface()), IsSystemAppByFullTokenID)
1217 .WillOnce(Return(true));
1218 std::vector<EventCfg> emptyVector{};
1219 EXPECT_CALL(ConfigDataManager::GetInstance(), GetAllEventConfigs).WillOnce(Return(emptyVector));
1220 int32_t ret = service.QuerySecurityEventConfig(queryInfo);
1221 EXPECT_EQ(ret, SUCCESS);
1222 }
1223
1224 HWTEST_F(SecurityGuardDataCollectSaTest, QueryEventConfig003, TestSize.Level0)
1225 {
1226 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
1227 EventCfg cfg {};
1228 std::string queryInfo;
1229 std::vector<EventCfg> vector{};
1230 vector.emplace_back(cfg);
1231 EXPECT_CALL(ConfigDataManager::GetInstance(), GetAllEventConfigs).WillOnce(Return(vector));
1232 int32_t ret = service.QueryEventConfig(queryInfo);
1233 EXPECT_EQ(ret, SUCCESS);
1234 }
1235
1236 HWTEST_F(SecurityGuardDataCollectSaTest, ParseTrustListFile001, TestSize.Level0)
1237 {
1238 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
1239 EXPECT_FALSE(service.ParseTrustListFile(""));
1240 }
1241
1242 HWTEST_F(SecurityGuardDataCollectSaTest, SubscribeScInSg, TestSize.Level0)
1243 {
1244 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
1245 SecurityCollector::Event event {};
1246 event.eventId = 0;
1247 auto collectorListenner = std::make_shared<AcquireDataSubscribeManager::CollectorListener>();
1248 AcquireDataSubscribeManager::GetInstance().eventToListenner_.emplace(event.eventId, collectorListenner);
1249 int ret = AcquireDataSubscribeManager::GetInstance().SubscribeScInSg(0);
1250 EXPECT_CALL(*(DataFormat::GetInterface()), CheckRiskContent).WillOnce(Return(false)).WillOnce(Return(true));
1251 AcquireDataSubscribeManager::GetInstance().UploadEvent(event);
1252 AcquireDataSubscribeManager::GetInstance().UploadEvent(event);
1253 EXPECT_EQ(ret, SUCCESS);
1254 AcquireDataSubscribeManager::GetInstance().eventToListenner_.clear();
1255 }
1256
1257 HWTEST_F(SecurityGuardDataCollectSaTest, SubscribeScInSg01, TestSize.Level0)
1258 {
1259 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
1260 EXPECT_CALL(SecurityCollector::DataCollection::GetInstance(), SubscribeCollectors).WillOnce(
1261 Return(true));
1262 int ret = AcquireDataSubscribeManager::GetInstance().SubscribeScInSg(1);
1263 EXPECT_EQ(ret, SUCCESS);
1264 AcquireDataSubscribeManager::GetInstance().eventToListenner_.clear();
1265 }
1266
1267 HWTEST_F(SecurityGuardDataCollectSaTest, SubscribeScInSc, TestSize.Level0)
1268 {
1269 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
1270 SecurityCollector::Event event {};
1271 event.eventId = 0;
1272 auto subscriber = std::make_shared<AcquireDataSubscribeManager::SecurityCollectorSubscriber>(event);
1273 AcquireDataSubscribeManager::GetInstance().scSubscribeMap_.emplace(event.eventId, subscriber);
1274 int ret = AcquireDataSubscribeManager::GetInstance().SubscribeScInSc(0);
1275 EXPECT_EQ(ret, SUCCESS);
1276 AcquireDataSubscribeManager::GetInstance().scSubscribeMap_.clear();
1277 }
1278
1279 HWTEST_F(SecurityGuardDataCollectSaTest, SubscribeScInSc01, TestSize.Level0)
1280 {
1281 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
1282 EXPECT_CALL(SecurityCollector::CollectorManager::GetInstance(), Subscribe).WillOnce(
1283 Return(SecurityCollector::SUCCESS));
1284 int ret = AcquireDataSubscribeManager::GetInstance().SubscribeScInSc(1);
1285 EXPECT_EQ(ret, SUCCESS);
1286 AcquireDataSubscribeManager::GetInstance().scSubscribeMap_.clear();
1287 }
1288
1289 HWTEST_F(SecurityGuardDataCollectSaTest, IsEventGroupHasPermission, TestSize.Level0)
1290 {
1291 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventGroupConfig).WillOnce(
__anonf000b82f1602(const std::string &groupName, EventGroupCfg &config) 1292 [] (const std::string &groupName, EventGroupCfg &config) {
1293 config.permissionList.insert("testPermission");
1294 return true;
1295 });
1296
1297 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
1298 int32_t result = service.IsEventGroupHasPermission("securityGroup", {11111});
1299 EXPECT_EQ(result, BAD_PARAM);
1300 }
1301
1302 HWTEST_F(SecurityGuardDataCollectSaTest, InsertSubscribeMute, TestSize.Level0)
1303 {
1304 EventMuteFilter subscribeMute {};
1305 subscribeMute.eventId = 111;
1306 EventMuteFilter subscribeMute1 {};
1307 subscribeMute1.eventId = 222;
1308 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventConfig).WillRepeatedly(
__anonf000b82f1702(int64_t eventId, EventCfg &config) 1309 [] (int64_t eventId, EventCfg &config) {
1310 config.dbTable = "risk_event";
1311 config.eventType = 3;
1312 config.prog = "security_guard";
1313 return true;
1314 });
1315 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
1316 int32_t result = AcquireDataSubscribeManager::GetInstance().InsertSubscribeMute(subscribeMute, "222");
1317 EXPECT_EQ(result, BAD_PARAM);
1318 result = AcquireDataSubscribeManager::GetInstance().CreatClient("securityGroup", "222", obj);
1319 EXPECT_EQ(result, SUCCESS);
1320 result = AcquireDataSubscribeManager::GetInstance().InsertSubscribeMute(subscribeMute, "222");
1321 EXPECT_EQ(result, SUCCESS);
1322 result = AcquireDataSubscribeManager::GetInstance().RemoveSubscribeMute(subscribeMute, "222");
1323 EXPECT_EQ(result, SUCCESS);
1324 result = AcquireDataSubscribeManager::GetInstance().RemoveSubscribeMute(subscribeMute1, "222");
1325 EXPECT_EQ(result, BAD_PARAM);
1326 result = AcquireDataSubscribeManager::GetInstance().DestoryClient("securityGroup", "222");
1327 EXPECT_EQ(result, SUCCESS);
1328 }
1329
1330 HWTEST_F(SecurityGuardDataCollectSaTest, RemoveSubscribeMute001, TestSize.Level0)
1331 {
1332 EventMuteFilter subscribeMute {};
1333 EventMuteFilter subscribeMute1 {};
1334 subscribeMute.eventId = 111;
1335 int32_t result = AcquireDataSubscribeManager::GetInstance().RemoveSubscribeMute(subscribeMute, "222");
1336 EXPECT_EQ(result, BAD_PARAM);
1337 }
1338
1339 HWTEST_F(SecurityGuardDataCollectSaTest, CreatClient001, TestSize.Level0)
1340 {
1341 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
1342 sptr<IPCObjectProxy::DeathRecipient> rec = nullptr;
1343 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
1344 int32_t result = service.CreatClient("", "111", obj);
1345 EXPECT_EQ(result, BAD_PARAM);
1346 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventGroupConfig).WillRepeatedly(
__anonf000b82f1802(const std::string &groupName, SecurityGuard::EventGroupCfg &config) 1347 [] (const std::string &groupName, SecurityGuard::EventGroupCfg &config) {
1348 config.permissionList.insert("ohos.permission.QUERY_AUDIT_EVENT");
1349 config.eventList.insert(111);
1350 return true;
1351 });
1352 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
1353 .WillOnce(Return(AccessToken::PermissionState::PERMISSION_DENIED)).WillOnce(Return(
1354 AccessToken::PermissionState::PERMISSION_DENIED)).WillOnce(Return(
1355 AccessToken::PermissionState::PERMISSION_GRANTED)).WillOnce(Return(
1356 AccessToken::PermissionState::PERMISSION_GRANTED)).WillOnce(Return(
1357 AccessToken::PermissionState::PERMISSION_GRANTED)).WillOnce(Return(
1358 AccessToken::PermissionState::PERMISSION_GRANTED)).WillOnce(Return(
1359 AccessToken::PermissionState::PERMISSION_GRANTED));
1360 result = service.CreatClient("securityGroup", "111", obj);
1361 EXPECT_EQ(result, NO_PERMISSION);
1362 result = service.CreatClient("auditGroup", "111", obj);
1363 EXPECT_EQ(result, NO_PERMISSION);
1364 EXPECT_CALL(*obj, AddDeathRecipient(_))
__anonf000b82f1902(const sptr<IPCObjectProxy::DeathRecipient> &recipient) 1365 .WillRepeatedly([&rec] (const sptr<IPCObjectProxy::DeathRecipient> &recipient) {
1366 rec = recipient;
1367 return true;
1368 });
1369 result = service.CreatClient("auditGroup", "111", nullptr);
1370 EXPECT_EQ(result, NULL_OBJECT);
1371 result = service.CreatClient("auditGroup", "111", obj);
1372 EXPECT_EQ(result, SUCCESS);
1373 result = service.CreatClient("auditGroup", "111", obj);
1374 EXPECT_EQ(result, BAD_PARAM);
1375 EXPECT_CALL(*obj, RemoveDeathRecipient).Times(1);
1376 result = service.DestoryClient("auditGroup", "111");
1377 EXPECT_EQ(result, SUCCESS);
1378 result = service.DestoryClient("auditGroup", "111");
1379 EXPECT_EQ(result, BAD_PARAM);
1380 }
1381
1382 HWTEST_F(SecurityGuardDataCollectSaTest, CreatClient002, TestSize.Level0)
1383 {
1384 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
1385 int32_t result = AcquireDataSubscribeManager::GetInstance().CreatClient("auditGroup", "111", obj);
1386 EXPECT_EQ(result, SUCCESS);
1387 result = AcquireDataSubscribeManager::GetInstance().CreatClient("auditGroup", "111", obj);
1388 EXPECT_EQ(result, BAD_PARAM);
1389 result = AcquireDataSubscribeManager::GetInstance().CreatClient("auditGroup", "222", obj);
1390 EXPECT_EQ(result, SUCCESS);
1391 result = AcquireDataSubscribeManager::GetInstance().CreatClient("auditGroup", "333", obj);
1392 EXPECT_EQ(result, CLIENT_EXCEED_PROCESS_LIMIT);
1393 }
1394
1395 HWTEST_F(SecurityGuardDataCollectSaTest, DestoryClient001, TestSize.Level0)
1396 {
1397 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
1398 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
1399 int32_t result = service.DestoryClient("", "111");
1400 EXPECT_EQ(result, BAD_PARAM);
1401 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventGroupConfig).WillRepeatedly(
__anonf000b82f1a02(const std::string &groupName, SecurityGuard::EventGroupCfg &config) 1402 [] (const std::string &groupName, SecurityGuard::EventGroupCfg &config) {
1403 config.permissionList.insert("ohos.permission.QUERY_AUDIT_EVENT");
1404 config.eventList.insert(111);
1405 return true;
1406 });
1407 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
1408 .WillOnce(Return(AccessToken::PermissionState::PERMISSION_DENIED)).WillOnce(Return(
1409 AccessToken::PermissionState::PERMISSION_DENIED)).WillOnce(Return(
1410 AccessToken::PermissionState::PERMISSION_GRANTED)).WillOnce(Return(
1411 AccessToken::PermissionState::PERMISSION_GRANTED)).WillOnce(Return(
1412 AccessToken::PermissionState::PERMISSION_GRANTED));
1413 result = service.DestoryClient("securityGroup", "111");
1414 EXPECT_EQ(result, NO_PERMISSION);
1415 result = service.DestoryClient("auditGroup", "111");
1416 EXPECT_EQ(result, NO_PERMISSION);
1417 result = service.DestoryClient("auditGroup", "111");
1418 EXPECT_EQ(result, BAD_PARAM);
1419 service.clientCallBacks_["111"] = obj;
1420 result = service.DestoryClient("auditGroup", "111");
1421 EXPECT_EQ(result, SUCCESS);
1422 service.clientCallBacks_["444"] = obj;
1423 result = service.DestoryClient("auditGroup", "444");
1424 EXPECT_EQ(result, BAD_PARAM);
1425 }
1426
1427 HWTEST_F(SecurityGuardDataCollectSaTest, InsertMute001, TestSize.Level0)
1428 {
__anonf000b82f1b02(int64_t eventId, EventCfg &config) 1429 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventConfig).WillOnce([] (int64_t eventId, EventCfg &config) {
1430 config.prog = "security_guard";
1431 return true;
1432 });
1433 AcquireDataSubscribeManager::GetInstance().eventFilter_ = nullptr;
1434 EventMuteFilter filter {};
1435 int32_t result = AcquireDataSubscribeManager::GetInstance().InsertMute(filter, "111");
1436 EXPECT_EQ(result, NULL_OBJECT);
1437 }
1438
1439 HWTEST_F(SecurityGuardDataCollectSaTest, RemoveMute001, TestSize.Level0)
1440 {
__anonf000b82f1c02(int64_t eventId, EventCfg &config) 1441 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventConfig).WillOnce([] (int64_t eventId, EventCfg &config) {
1442 config.prog = "security_guard";
1443 return true;
1444 });
1445 AcquireDataSubscribeManager::GetInstance().eventFilter_ = nullptr;
1446 EventMuteFilter filter {};
1447 int32_t result = AcquireDataSubscribeManager::GetInstance().RemoveMute(filter, "111");
1448 EXPECT_EQ(result, NULL_OBJECT);
1449 }
1450
1451 HWTEST_F(SecurityGuardDataCollectSaTest, IsEventGroupHasPublicPermission001, TestSize.Level0)
1452 {
1453 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
1454 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventGroupConfig).WillOnce(
__anonf000b82f1d02(const std::string &groupName, EventGroupCfg &config) 1455 [] (const std::string &groupName, EventGroupCfg &config) {
1456 config.eventList.insert(11111);
1457 config.permissionList.insert("testPermission");
1458 return true;
1459 });
1460 int32_t result = service.IsEventGroupHasPermission("111", {222});
1461 EXPECT_EQ(result, BAD_PARAM);
1462 }
1463
1464 HWTEST_F(SecurityGuardDataCollectSaTest, TestQueryProcInfo, TestSize.Level0)
1465 {
1466 SecurityCollector::SecurityEventRuler rule(11111);
1467 std::vector<SecurityCollector::SecurityEventRuler> rules{};
1468 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
1469 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventGroupConfig).WillOnce(Return(true));
1470 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
1471 .WillRepeatedly(Return(AccessToken::PermissionState::PERMISSION_DENIED));
1472
1473 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
1474 EXPECT_EQ(service.QuerySecurityEventById({rule}, obj, "auditGroup"), NO_PERMISSION);
1475 }
1476
1477 HWTEST_F(SecurityGuardDataCollectSaTest, TestQueryProcInfo002, TestSize.Level0)
1478 {
1479 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
1480 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
1481
1482 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
1483 .WillOnce(Return(AccessToken::PermissionState::PERMISSION_GRANTED));
1484 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventGroupConfig).WillRepeatedly(
__anonf000b82f1e02(const std::string &groupName, SecurityGuard::EventGroupCfg &config) 1485 [] (const std::string &groupName, SecurityGuard::EventGroupCfg &config) {
1486 config.permissionList.insert("ohos.permission.QUERY_AUDIT_EVENT");
1487 config.eventList.insert(111);
1488 return true;
1489 });
1490 EXPECT_CALL(*obj, SendRequest).Times(1);
1491
__anonf000b82f1f02(int64_t eventId, EventCfg &config) 1492 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventConfig).WillRepeatedly([](int64_t eventId, EventCfg &config) {
1493 config.dbTable = "risk_event";
1494 config.eventType = 0;
1495 config.prog = "security_guard";
1496 return true;
1497 });
1498
1499 SecurityCollector::SecurityEventRuler rule(11111);
1500 EXPECT_EQ(service.QuerySecurityEventById({rule}, obj, "auditGroup"), SUCCESS);
1501 }
1502
1503 HWTEST_F(SecurityGuardDataCollectSaTest, TestQueryProcInfo003, TestSize.Level0)
1504 {
1505 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
1506 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
1507
1508 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
1509 .WillOnce(Return(AccessToken::PermissionState::PERMISSION_GRANTED));
1510 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventGroupConfig).WillRepeatedly(
__anonf000b82f2002(const std::string &groupName, SecurityGuard::EventGroupCfg &config) 1511 [] (const std::string &groupName, SecurityGuard::EventGroupCfg &config) {
1512 config.permissionList.insert("ohos.permission.QUERY_AUDIT_EVENT");
1513 config.eventList.insert(1011015023);
1514 return true;
1515 });
1516 EXPECT_CALL(*obj, SendRequest).Times(1);
__anonf000b82f2102(int64_t eventId, EventCfg &config) 1517 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventConfig).WillRepeatedly([](int64_t eventId, EventCfg &config) {
1518 config.dbTable = "risk_event";
1519 config.eventType = 1;
1520 config.prog = "security_guard";
1521 return true;
1522 });
1523
1524 SecurityCollector::SecurityEventRuler rule(1011015023);
1525 EXPECT_EQ(service.QuerySecurityEventById({rule}, obj, "auditGroup"), SUCCESS);
1526 }
1527
1528 HWTEST_F(SecurityGuardDataCollectSaTest, TestQueryProcInfo004, TestSize.Level0)
1529 {
1530 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
1531 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
1532
1533 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
1534 .WillOnce(Return(AccessToken::PermissionState::PERMISSION_GRANTED));
1535 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventGroupConfig).WillRepeatedly(
__anonf000b82f2202(const std::string &groupName, SecurityGuard::EventGroupCfg &config) 1536 [] (const std::string &groupName, SecurityGuard::EventGroupCfg &config) {
1537 config.permissionList.insert("ohos.permission.QUERY_AUDIT_EVENT");
1538 config.eventList.insert(1011015023);
1539 return true;
1540 });
1541 EXPECT_CALL(*obj, SendRequest).Times(1);
__anonf000b82f2302(int64_t eventId, EventCfg &config) 1542 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventConfig).WillRepeatedly([](int64_t eventId, EventCfg &config) {
1543 config.dbTable = "risk_event";
1544 config.eventType = 0;
1545 config.prog = "security_audit";
1546 return false;
1547 });
1548
1549 SecurityCollector::SecurityEventRuler rule(1011015023);
1550 EXPECT_EQ(service.QuerySecurityEventById({rule}, obj, "auditGroup"), SUCCESS);
1551 }
1552
1553
1554 HWTEST_F(SecurityGuardDataCollectSaTest, TestQueryProcInfo005, TestSize.Level0)
1555 {
1556 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
1557 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
1558
1559 EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)
1560 .WillOnce(Return(AccessToken::PermissionState::PERMISSION_GRANTED));
1561 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventGroupConfig).WillRepeatedly(
__anonf000b82f2402(const std::string &groupName, SecurityGuard::EventGroupCfg &config) 1562 [] (const std::string &groupName, SecurityGuard::EventGroupCfg &config) {
1563 config.permissionList.insert("ohos.permission.QUERY_AUDIT_EVENT");
1564 config.eventList.insert(1011015023);
1565 return true;
1566 });
1567 EXPECT_CALL(*obj, SendRequest).Times(1);
1568
__anonf000b82f2502(int64_t eventId, EventCfg &config) 1569 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventConfig).WillRepeatedly([](int64_t eventId, EventCfg &config) {
1570 config.dbTable = "risk_event";
1571 config.eventType = 0;
1572 config.prog = "security_audit";
1573 return true;
1574 });
1575 SecurityCollector::SecurityEventRuler rule(1011015023);
1576 EXPECT_EQ(service.QuerySecurityEventById({rule}, obj, "auditGroup"), SUCCESS);
1577 }
1578
1579 HWTEST_F(SecurityGuardDataCollectSaTest, TestQueryProcInfo06, TestSize.Level0)
1580 {
1581 SecurityCollector::SecurityEventRuler rule(11111);
1582 std::vector<SecurityCollector::SecurityEventRuler> rules{};
1583 sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
1584 EXPECT_CALL(ConfigDataManager::GetInstance(), GetEventGroupConfig).WillOnce(Return(false));
1585
1586 DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
1587 EXPECT_EQ(service.QuerySecurityEventById({rule}, obj, "auditGroup"), BAD_PARAM);
1588 }
1589
1590 }
1591