1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "short_grant_manager_test.h"
17
18 #include "access_token.h"
19 #include "access_token_error.h"
20 #include "accesstoken_info_manager.h"
21
22 #define private public
23 #include "short_grant_manager.h"
24 #undef private
25
26 using namespace testing::ext;
27 using namespace OHOS;
28
29 namespace OHOS {
30 namespace Security {
31 namespace AccessToken {
32 namespace {
33 static std::string SHORT_TEMP_PERMISSION = "ohos.permission.SHORT_TERM_WRITE_IMAGEVIDEO";
34 static PermissionStatus g_permiState = {
35 .permissionName = SHORT_TEMP_PERMISSION,
36 .grantStatus = PermissionState::PERMISSION_DENIED,
37 .grantFlag = 1
38 };
39
40 static HapPolicy g_policyParams = {
41 .apl = APL_NORMAL,
42 .domain = "test.domain",
43 .permStateList = {g_permiState}
44 };
45
46 static HapInfoParams g_infoParms = {
47 .userID = 1,
48 .bundleName = "AccessTokenShortTimePermTest",
49 .instIndex = 0,
50 .appIDDesc = "test.bundle",
51 .isSystemApp = true
52 };
53 }
54
SetUpTestCase()55 void ShortGrantManagerTest::SetUpTestCase()
56 {
57 }
58
TearDownTestCase()59 void ShortGrantManagerTest::TearDownTestCase()
60 {
61 }
62
SetUp()63 void ShortGrantManagerTest::SetUp()
64 {
65 #ifdef EVENTHANDLER_ENABLE
66 ShortGrantManager::GetInstance().InitEventHandler();
67 #endif
68 }
69
TearDown()70 void ShortGrantManagerTest::TearDown()
71 {
72 }
73
74 /**
75 * @tc.name: RefreshPermission001
76 * @tc.desc: 1. The permission is granted when onceTime is not reached;
77 * 2. The permission is revoked after onceTime is reached.
78 * @tc.type: FUNC
79 * @tc.require:Issue Number
80 */
81 HWTEST_F(ShortGrantManagerTest, RefreshPermission001, TestSize.Level0)
82 {
83 AccessTokenIDEx tokenIdEx = {0};
84 std::vector<GenericValues> undefValues;
85 int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoParms, g_policyParams, tokenIdEx,
86 undefValues);
87 ASSERT_EQ(RET_SUCCESS, ret);
88
89 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
90 ASSERT_NE(INVALID_TOKENID, tokenID);
91 uint32_t onceTime = 10;
92
93 ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, onceTime);
94 ASSERT_EQ(RET_SUCCESS, ret);
95
96 ASSERT_EQ(PERMISSION_GRANTED,
97 AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
98
99 sleep(onceTime + 1);
100 EXPECT_EQ(PERMISSION_DENIED,
101 AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
102
103 ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID);
104 ASSERT_EQ(RET_SUCCESS, ret);
105 }
106
107 /**
108 * @tc.name: RefreshPermission002
109 * @tc.desc: 1. set onceTime is equal to maxTime;
110 * 2. set onceTime is over maxTime.
111 * @tc.type: FUNC
112 * @tc.require:Issue Number
113 */
114 HWTEST_F(ShortGrantManagerTest, RefreshPermission002, TestSize.Level0)
115 {
116 const uint32_t maxTime = 10; // 10s
117 ShortGrantManager::GetInstance().maxTime_ = maxTime;
118 AccessTokenIDEx tokenIdEx = {0};
119 std::vector<GenericValues> undefValues;
120 int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoParms, g_policyParams, tokenIdEx,
121 undefValues);
122 ASSERT_EQ(RET_SUCCESS, ret);
123
124 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
125 ASSERT_NE(INVALID_TOKENID, tokenID);
126
127 // onceTime = maxTime
128 ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, maxTime);
129 ASSERT_EQ(RET_SUCCESS, ret);
130
131 sleep(maxTime - 1);
132 ASSERT_EQ(PERMISSION_GRANTED,
133 AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
134
135 sleep(1 + 1);
136 ASSERT_EQ(PERMISSION_DENIED,
137 AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
138
139 // onceTime = maxTime + 1
140 ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, maxTime + 1);
141 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret);
142
143 sleep(maxTime + 2);
144 ASSERT_EQ(PERMISSION_DENIED,
145 AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
146
147 ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID);
148 ASSERT_EQ(RET_SUCCESS, ret);
149 }
150
151 /**
152 * @tc.name: RefreshPermission003
153 * @tc.desc: 1. remaminTime is less
154 * @tc.type: FUNC
155 * @tc.require:Issue Number
156 */
157 HWTEST_F(ShortGrantManagerTest, RefreshPermission003, TestSize.Level0)
158 {
159 const uint32_t maxTime = 10; // 10s
160 ShortGrantManager::GetInstance().maxTime_ = maxTime;
161 AccessTokenIDEx tokenIdEx = {0};
162 std::vector<GenericValues> undefValues;
163 int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoParms, g_policyParams, tokenIdEx,
164 undefValues);
165 ASSERT_EQ(RET_SUCCESS, ret);
166
167 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
168 ASSERT_NE(INVALID_TOKENID, tokenID);
169
170 // first set 3s
171 uint32_t onceTime = 3;
172 ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, onceTime);
173 ASSERT_EQ(RET_SUCCESS, ret);
174
175 sleep(onceTime - 1);
176 ASSERT_EQ(PERMISSION_GRANTED,
177 AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
178
179 ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, onceTime);
180 ASSERT_EQ(RET_SUCCESS, ret);
181
182 // second set 3s
183 ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, onceTime);
184 ASSERT_EQ(RET_SUCCESS, ret);
185
186 sleep(onceTime - 1);
187 ASSERT_EQ(PERMISSION_GRANTED,
188 AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
189
190 // thirdth set 3s
191 ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, onceTime);
192 ASSERT_EQ(RET_SUCCESS, ret);
193
194 sleep(onceTime - 1);
195 ASSERT_EQ(PERMISSION_GRANTED,
196 AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
197
198 // fourth set 5s
199 ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, onceTime);
200 ASSERT_EQ(RET_SUCCESS, ret);
201
202 sleep(onceTime + 1);
203 ASSERT_EQ(PERMISSION_DENIED,
204 AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
205
206 ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID);
207 ASSERT_EQ(RET_SUCCESS, ret);
208 }
209
210 /**
211 * @tc.name: RefreshPermission004
212 * @tc.desc: 1. The permission is granted when onceTime is not reached;
213 * 2. The permission is revoked after app is stopped.
214 * @tc.type: FUNC
215 * @tc.require:Issue Number
216 */
217 HWTEST_F(ShortGrantManagerTest, RefreshPermission004, TestSize.Level0)
218 {
219 AccessTokenIDEx tokenIdEx = {0};
220 std::vector<GenericValues> undefValues;
221 int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoParms, g_policyParams, tokenIdEx,
222 undefValues);
223 ASSERT_EQ(RET_SUCCESS, ret);
224
225 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
226 ASSERT_NE(INVALID_TOKENID, tokenID);
227 uint32_t onceTime = 10;
228
229 ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, onceTime);
230 ASSERT_EQ(RET_SUCCESS, ret);
231
232 ASSERT_EQ(PERMISSION_GRANTED,
233 AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
234
235 if (appStateObserver_ == nullptr) {
236 appStateObserver_ = sptr<ShortPermAppStateObserver>::MakeSptr();
237 AppStateData appStateData;
238 appStateData.state = static_cast<int32_t>(ApplicationState::APP_STATE_TERMINATED);
239 appStateData.accessTokenId = tokenID;
240 appStateObserver_->OnAppStopped(appStateData);
241
242 EXPECT_EQ(PERMISSION_DENIED,
243 AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
244
245 ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID);
246 ASSERT_EQ(RET_SUCCESS, ret);
247 }
248 }
249 } // namespace AccessToken
250 } // namespace Security
251 } // namespace OHOS
252