1 /*
2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "dlp_permission_kit_test.h"
17 #include <chrono>
18 #include <openssl/rand.h>
19 #include <thread>
20 #include <unistd.h>
21 #include <vector>
22 #include "gtest/gtest.h"
23 #include "accesstoken_kit.h"
24 #include "cert_parcel.h"
25 #include "dlp_permission.h"
26 #include "dlp_permission_log.h"
27 #include "dlp_sandbox_callback_info.h"
28 #include "dlp_sandbox_change_callback_customize.h"
29 #define private public
30 #include "dlp_sandbox_change_callback.h"
31 #include "hex_string.h"
32 #include "open_dlp_file_callback.h"
33 #undef private
34 #include "parameters.h"
35 #include "param_wrapper.h"
36 #include "permission_policy.h"
37 #include "securec.h"
38 #include "token_setproc.h"
39 #include "visited_dlp_file_info.h"
40 #include "want.h"
41 #include "bundle_mgr_client.h"
42
43 namespace OHOS {
44 namespace Security {
45 namespace DlpPermission {
46 using namespace testing::ext;
47 using namespace OHOS::Security::AccessToken;
48
49 namespace {
50 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_DLP_PERMISSION, "DlpPermissionKitTest"};
51
52 const uint32_t ACCOUNT_LENGTH = 20;
53 const uint32_t AESKEY_LEN = 32;
54 const uint32_t IV_LEN = 32;
55 const uint32_t USER_NUM = 10;
56 const int AUTH_PERM = 1;
57 const int64_t DELTA_EXPIRY_TIME = 200;
58
59 const uint32_t INVALID_ACCOUNT_LENGTH_UPPER = 2048;
60 const uint32_t INVALID_ACCOUNT_LENGTH_LOWER = 0;
61 const uint32_t INVALID_AESKEY_LEN_UPPER = 256;
62 const uint32_t INVALID_AESKEY_LEN_LOWER = 0;
63 const uint32_t INVALID_IV_LEN_UPPER = 256;
64 const uint32_t INVALID_IV_LEN_LOWER = 0;
65 const uint32_t INVALID_USER_NUM_UPPER = 200;
66 const uint32_t INVALID_AUTH_PERM_UPPER = 5;
67 const uint32_t INVALID_AUTH_PERM_LOWER = 0;
68 const int64_t INVALID_DELTA_EXPIRY_TIME = -100;
69
70 const int32_t DEFAULT_USERID = 100;
71 const int32_t ACTION_SET_EDIT = 0xff;
72 const int32_t ACTION_SET_FC = 0x7ff;
73 static AccessTokenID g_selfTokenId = 0;
74 static AccessTokenID g_dlpManagerTokenId = 0;
75 static int32_t g_selfUid = 0;
76 const std::string DLP_MANAGER_APP = "com.ohos.dlpmanager";
77 const std::string TEST_URI = "datashare:///media/file/8";
78 const std::string TEST_UNEXIST_URI = "datashare:///media/file/1";
79 static const std::string DLP_ENABEL = "const.dlp.dlp_enable";
80 static const std::string TRUE_VALUE = "true";
81 static const uint8_t ARRAY_CHAR_SIZE = 62;
82 static const char CHAR_ARRAY[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
83 static const uint64_t SYSTEM_APP_MASK = 0x100000000;
84 } // namespace
85
GetRandNum()86 static uint8_t GetRandNum()
87 {
88 uint8_t rand;
89 RAND_bytes(reinterpret_cast<unsigned char *>(&rand), sizeof(rand));
90 return rand;
91 }
92
TestRecordProcessInfo()93 static void TestRecordProcessInfo()
94 {
95 g_selfTokenId = GetSelfTokenID();
96 DLP_LOG_INFO(LABEL, "get self tokenId is %{public}d", g_selfTokenId);
97 g_dlpManagerTokenId = AccessTokenKit::GetHapTokenID(DEFAULT_USERID, DLP_MANAGER_APP, 0);
98 DLP_LOG_INFO(LABEL, "get dlp manager tokenId is %{public}d", g_dlpManagerTokenId);
99 g_selfUid = getuid();
100 DLP_LOG_INFO(LABEL, "get self uid is %{public}d", g_selfUid);
101 }
102
TestSetSelfTokenId(FullTokenID tokenId)103 static bool TestSetSelfTokenId(FullTokenID tokenId)
104 {
105 // set tokenId can only be called by native process
106 int32_t uid = getuid();
107 if (setuid(g_selfUid) != 0) {
108 DLP_LOG_ERROR(LABEL, "setuid fail, %s", strerror(errno));
109 return false;
110 }
111
112 tokenId |= SYSTEM_APP_MASK;
113 DLP_LOG_INFO(LABEL, "set self tokenId from %{public}s to %{public}s",
114 std::to_string(GetSelfTokenID()).c_str(), std::to_string(tokenId).c_str());
115 if (SetSelfTokenID(tokenId) != DLP_OK) {
116 DLP_LOG_ERROR(LABEL, "set self tokenId fail");
117 if (setuid(uid) != 0) {
118 DLP_LOG_ERROR(LABEL, "setuid fail, %s", strerror(errno));
119 }
120 return false;
121 }
122
123 if (setuid(uid) != 0) {
124 DLP_LOG_ERROR(LABEL, "setuid fail, %s", strerror(errno));
125 return false;
126 }
127 return true;
128 }
129
TestGetTokenId(int userID,const std::string & bundleName,int instIndex,AccessTokenID & tokenId)130 static bool TestGetTokenId(int userID, const std::string& bundleName, int instIndex, AccessTokenID& tokenId)
131 {
132 AccessTokenID tmpTokenId = GetSelfTokenID();
133 if (!TestSetSelfTokenId(g_selfTokenId)) {
134 return false;
135 }
136 int32_t uid = getuid();
137 setuid(g_selfUid);
138 tokenId = AccessTokenKit::GetHapTokenID(userID, bundleName, instIndex);
139 setuid(uid);
140 DLP_LOG_INFO(LABEL, "get app tokenId is %{public}d", tokenId);
141 if (!TestSetSelfTokenId(tmpTokenId)) {
142 return false;
143 }
144 return true;
145 }
146
TestGetAppUid(const std::string & bundleName,int32_t appIndex,int32_t userId,int32_t & uid)147 static bool TestGetAppUid(const std::string& bundleName, int32_t appIndex, int32_t userId, int32_t& uid)
148 {
149 AccessTokenID tmpTokenId = GetSelfTokenID();
150 if (!TestSetSelfTokenId(g_selfTokenId)) {
151 return false;
152 }
153 OHOS::AppExecFwk::BundleInfo info;
154 OHOS::AppExecFwk::BundleMgrClient bundleMgrClient;
155 if (appIndex > 0) {
156 if (bundleMgrClient.GetSandboxBundleInfo(bundleName, appIndex, userId, info) != DLP_OK) {
157 DLP_LOG_ERROR(LABEL, "get sandbox app info fail");
158 return false;
159 }
160 } else {
161 if (!bundleMgrClient.GetBundleInfo(bundleName, OHOS::AppExecFwk::GET_BUNDLE_DEFAULT, info, userId)) {
162 DLP_LOG_ERROR(LABEL, "get app info fail");
163 return false;
164 }
165 }
166 DLP_LOG_INFO(LABEL, "get app uid: %{public}d", info.uid);
167 if (!TestSetSelfTokenId(tmpTokenId)) {
168 return false;
169 }
170 uid = info.uid;
171 return true;
172 }
173
TestInstallDlpSandbox(const std::string & bundleName,DLPFileAccess dlpFileAccess,int32_t userId,SandboxInfo & sandboxInfo)174 static void TestInstallDlpSandbox(
175 const std::string& bundleName, DLPFileAccess dlpFileAccess, int32_t userId, SandboxInfo& sandboxInfo)
176 {
177 // install sandbox need permission ACCESS_DLP_FILE, dlpmanager has this permission
178 AccessTokenID tokenId = GetSelfTokenID();
179 ASSERT_TRUE(TestSetSelfTokenId(g_dlpManagerTokenId));
180
181 ASSERT_EQ(DLP_OK, DlpPermissionKit::InstallDlpSandbox(bundleName, dlpFileAccess, userId, sandboxInfo, TEST_URI));
182 ASSERT_TRUE(sandboxInfo.appIndex != 0);
183
184 ASSERT_TRUE(TestSetSelfTokenId(tokenId));
185 }
186
TestUninstallDlpSandbox(const std::string & bundleName,int32_t appIndex,int32_t userId)187 static void TestUninstallDlpSandbox(const std::string& bundleName, int32_t appIndex, int32_t userId)
188 {
189 // uninstall sandbox need permission ACCESS_DLP_FILE, dlpmanager has this permission
190 AccessTokenID tokenId = GetSelfTokenID();
191 ASSERT_TRUE(TestSetSelfTokenId(g_dlpManagerTokenId));
192
193 ASSERT_EQ(DLP_OK, DlpPermissionKit::UninstallDlpSandbox(bundleName, appIndex, userId));
194
195 ASSERT_TRUE(TestSetSelfTokenId(tokenId));
196 }
197
TestMockApp(const std::string & bundleName,int32_t appIndex,int32_t userId)198 static void TestMockApp(const std::string& bundleName, int32_t appIndex, int32_t userId)
199 {
200 AccessTokenID tokenId;
201 ASSERT_TRUE(TestGetTokenId(userId, bundleName, appIndex, tokenId));
202 ASSERT_TRUE(TestSetSelfTokenId(tokenId));
203 int32_t uid;
204 ASSERT_TRUE(TestGetAppUid(bundleName, appIndex, userId, uid));
205 ASSERT_EQ(DLP_OK, setuid(uid));
206 }
207
TestRecoverProcessInfo(int32_t uid,AccessTokenID tokenId)208 static void TestRecoverProcessInfo(int32_t uid, AccessTokenID tokenId)
209 {
210 ASSERT_EQ(DLP_OK, setuid((uid)));
211 ASSERT_TRUE(TestSetSelfTokenId((tokenId)));
212 }
213
SetUpTestCase()214 void DlpPermissionKitTest::SetUpTestCase()
215 {
216 // make test case clean
217 DLP_LOG_INFO(LABEL, "SetUpTestCase.");
218 TestRecordProcessInfo();
219 ASSERT_TRUE(TestSetSelfTokenId(g_dlpManagerTokenId));
220 }
221
TearDownTestCase()222 void DlpPermissionKitTest::TearDownTestCase()
223 {
224 DLP_LOG_INFO(LABEL, "TearDownTestCase.");
225 ASSERT_TRUE(TestSetSelfTokenId(g_selfTokenId));
226 }
227
SetUp()228 void DlpPermissionKitTest::SetUp()
229 {
230 DLP_LOG_INFO(LABEL, "SetUp ok.");
231 }
232
TearDown()233 void DlpPermissionKitTest::TearDown()
234 {
235 DLP_LOG_INFO(LABEL, "TearDown.");
236 }
237
GenerateRandArray(uint32_t len)238 static uint8_t* GenerateRandArray(uint32_t len)
239 {
240 if (len < 1) {
241 DLP_LOG_ERROR(LABEL, "len error");
242 return nullptr;
243 }
244 uint8_t* str = new (std::nothrow) uint8_t[len];
245 if (str == nullptr) {
246 DLP_LOG_ERROR(LABEL, "New memory fail");
247 return nullptr;
248 }
249 for (uint32_t i = 0; i < len; i++) {
250 str[i] = GetRandNum() % 255; // uint8_t range 0 ~ 255
251 }
252 return str;
253 }
254
GenerateRandStr(uint32_t len,std::string & res)255 static void GenerateRandStr(uint32_t len, std::string& res)
256 {
257 for (uint32_t i = 0; i < len; i++) {
258 uint32_t index = GetRandNum() % ARRAY_CHAR_SIZE;
259 DLP_LOG_INFO(LABEL, "%{public}u", index);
260 res.push_back(CHAR_ARRAY[index]);
261 }
262 DLP_LOG_INFO(LABEL, "%{public}s", res.c_str());
263 }
264
265 struct GeneratePolicyParam {
266 uint32_t ownerAccountLen;
267 uint32_t aeskeyLen;
268 uint32_t ivLen;
269 uint32_t userNum;
270 uint32_t authAccountLen;
271 uint32_t authPerm;
272 int64_t deltaTime;
273 };
274
GeneratePolicy(PermissionPolicy & encPolicy,GeneratePolicyParam param)275 static void GeneratePolicy(PermissionPolicy& encPolicy, GeneratePolicyParam param)
276 {
277 uint64_t curTime = static_cast<uint64_t>(
278 std::chrono::duration_cast<std::chrono::seconds>(std::chrono::system_clock::now().time_since_epoch()).count());
279 GenerateRandStr(param.ownerAccountLen, encPolicy.ownerAccount_);
280 encPolicy.ownerAccountId_ = encPolicy.ownerAccount_;
281 encPolicy.ownerAccountType_ = DOMAIN_ACCOUNT;
282 uint8_t* key = GenerateRandArray(param.aeskeyLen);
283 encPolicy.SetAeskey(key, param.aeskeyLen);
284 if (key != nullptr) {
285 delete[] key;
286 key = nullptr;
287 }
288 uint8_t* iv = GenerateRandArray(param.ivLen);
289 encPolicy.SetIv(iv, param.ivLen);
290 if (iv != nullptr) {
291 delete[] iv;
292 iv = nullptr;
293 }
294 for (uint32_t user = 0; user < param.userNum; ++user) {
295 std::string accountName;
296 GenerateRandStr(param.authAccountLen, accountName);
297 AuthUserInfo perminfo = {.authAccount = accountName,
298 .authPerm = static_cast<DLPFileAccess>(param.authPerm),
299 .permExpiryTime = curTime + param.deltaTime,
300 .authAccountType = DOMAIN_ACCOUNT};
301 encPolicy.authUsers_.emplace_back(perminfo);
302 }
303 }
304
TestGenerateDlpCertWithInvalidParam(GeneratePolicyParam param)305 static int32_t TestGenerateDlpCertWithInvalidParam(GeneratePolicyParam param)
306 {
307 PermissionPolicy encPolicy;
308 GeneratePolicy(encPolicy, param);
309 std::vector<uint8_t> cert;
310 int32_t res = DlpPermissionKit::GenerateDlpCertificate(encPolicy, cert);
311 return res;
312 }
313
IsFeatureProvidedWithDlp()314 static bool IsFeatureProvidedWithDlp()
315 {
316 std::string value = OHOS::system::GetParameter(DLP_ENABEL, "");
317 return (value == TRUE_VALUE);
318 }
319
320 /**
321 * @tc.name: SetRetentionState005
322 * @tc.desc: SetRetentionState abnormal input test.
323 * @tc.type: FUNC
324 * @tc.require:SR000I38N7
325 */
326 HWTEST_F(DlpPermissionKitTest, SetRetentionState005, TestSize.Level1)
327 {
328 std::vector<std::string> uriVec;
329 uriVec.clear();
330 std::vector<RetentionSandBoxInfo> sandBoxInfoVec;
331 sandBoxInfoVec.clear();
332 std::vector<VisitedDLPFileInfo> infoVec;
333 infoVec.clear();
334 DlpPermissionKit::SetRetentionState(uriVec);
335 DlpPermissionKit::GetRetentionSandboxList(DLP_MANAGER_APP, sandBoxInfoVec);
336 DlpPermissionKit::GetDLPFileVisitRecord(infoVec);
337 uriVec.clear();
338 DlpPermissionKit::CancelRetentionState(uriVec);
339
340 SandboxInfo testInfo;
341 Parcel parcel;
342 EXPECT_EQ(true, testInfo.Marshalling(parcel));
343 SandboxInfo *ptrParcel = testInfo.Unmarshalling(parcel);
344 if (ptrParcel != nullptr) {
345 delete ptrParcel;
346 }
347 }
348
349 /**
350 * @tc.name: SetRetentionState01
351 * @tc.desc: SetRetentionState abnormal input test.
352 * @tc.type: FUNC
353 * @tc.require:SR000I38N7
354 */
355 HWTEST_F(DlpPermissionKitTest, SetRetentionState01, TestSize.Level1)
356 {
357 int32_t uid = getuid();
358 AccessTokenID selfTokenId = GetSelfTokenID();
359 std::vector<std::string> docUriVec;
360 docUriVec.push_back(TEST_URI);
361 SandboxInfo sandboxInfo;
362
363 ASSERT_TRUE(TestSetSelfTokenId(g_dlpManagerTokenId));
364 ASSERT_EQ(DLP_OK, DlpPermissionKit::InstallDlpSandbox(DLP_MANAGER_APP,
365 DLPFileAccess::FULL_CONTROL, DEFAULT_USERID, sandboxInfo, TEST_URI));
366 ASSERT_TRUE(sandboxInfo.appIndex != 0);
367 AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(100, DLP_MANAGER_APP, sandboxInfo.appIndex);
368 AccessTokenID normalTokenId = AccessTokenKit::GetHapTokenID(100, DLP_MANAGER_APP, 0);
369 std::vector<RetentionSandBoxInfo> retentionSandBoxInfoVec;
370 ASSERT_EQ(DLP_OK, DlpPermissionKit::GetRetentionSandboxList(DLP_MANAGER_APP, retentionSandBoxInfoVec));
371 ASSERT_TRUE(0 == retentionSandBoxInfoVec.size());
372 ASSERT_TRUE(TestSetSelfTokenId(tokenId));
373 retentionSandBoxInfoVec.clear();
374 ASSERT_EQ(DLP_SERVICE_ERROR_API_NOT_FOR_SANDBOX_ERROR,
375 DlpPermissionKit::GetRetentionSandboxList(DLP_MANAGER_APP, retentionSandBoxInfoVec));
376 ASSERT_TRUE(TestSetSelfTokenId(normalTokenId));
377 ASSERT_EQ(DLP_OK, DlpPermissionKit::GetRetentionSandboxList(DLP_MANAGER_APP, retentionSandBoxInfoVec));
378 ASSERT_TRUE(0 == retentionSandBoxInfoVec.size());
379 ASSERT_EQ(DLP_SERVICE_ERROR_API_ONLY_FOR_SANDBOX_ERROR, DlpPermissionKit::SetRetentionState(docUriVec));
380 ASSERT_TRUE(TestSetSelfTokenId(tokenId));
381 ASSERT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, DlpPermissionKit::SetRetentionState(docUriVec));
382 TestMockApp(DLP_MANAGER_APP, 0, DEFAULT_USERID);
383 ASSERT_TRUE(TestSetSelfTokenId(normalTokenId));
384 retentionSandBoxInfoVec.clear();
385 ASSERT_EQ(DLP_OK, DlpPermissionKit::GetRetentionSandboxList(DLP_MANAGER_APP, retentionSandBoxInfoVec));
386 ASSERT_TRUE(0 == retentionSandBoxInfoVec.size());
387 retentionSandBoxInfoVec.clear();
388 ASSERT_EQ(DLP_OK, DlpPermissionKit::GetRetentionSandboxList(DLP_MANAGER_APP, retentionSandBoxInfoVec));
389 ASSERT_TRUE(0 == retentionSandBoxInfoVec.size());
390 ASSERT_EQ(DLP_OK, DlpPermissionKit::UninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID));
391 TestRecoverProcessInfo(uid, selfTokenId);
392 }
393
394 /**
395 * @tc.name: SetRetentionState02
396 * @tc.desc: SetRetentionState abnormal input test.
397 * @tc.type: FUNC
398 * @tc.require:SR000I38N7
399 */
400 HWTEST_F(DlpPermissionKitTest, SetRetentionState02, TestSize.Level1)
401 {
402 int32_t uid = getuid();
403 AccessTokenID tokenId = GetSelfTokenID();
404 DLP_LOG_INFO(LABEL, "SetRetentionState02 tokenId from %{public}u", static_cast<unsigned int>(GetSelfTokenID()));
405 std::vector<std::string> docUriVec;
406 std::vector<RetentionSandBoxInfo> retentionSandBoxInfoVec;
407 SandboxInfo sandboxInfo;
408 ASSERT_EQ(DLP_OK, DlpPermissionKit::InstallDlpSandbox(DLP_MANAGER_APP,
409 DLPFileAccess::FULL_CONTROL, DEFAULT_USERID, sandboxInfo, TEST_URI));
410 docUriVec.clear();
411 ASSERT_TRUE(TestSetSelfTokenId(tokenId));
412 ASSERT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, DlpPermissionKit::CancelRetentionState(docUriVec));
413 docUriVec.push_back(TEST_UNEXIST_URI);
414 ASSERT_EQ(DLP_OK, DlpPermissionKit::CancelRetentionState(docUriVec));
415 docUriVec.clear();
416 docUriVec.push_back(TEST_URI);
417 ASSERT_EQ(DLP_OK, DlpPermissionKit::CancelRetentionState(docUriVec));
418 retentionSandBoxInfoVec.clear();
419 ASSERT_TRUE(TestSetSelfTokenId(g_dlpManagerTokenId));
420 ASSERT_EQ(DLP_OK, DlpPermissionKit::GetRetentionSandboxList(DLP_MANAGER_APP, retentionSandBoxInfoVec));
421 ASSERT_TRUE(0 == retentionSandBoxInfoVec.size());
422 ASSERT_TRUE(TestSetSelfTokenId(g_dlpManagerTokenId));
423 ASSERT_EQ(DLP_OK, DlpPermissionKit::UninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID));
424 TestRecoverProcessInfo(uid, tokenId);
425 }
426
427 /* *
428 * @tc.name: SetRetentionState03
429 * @tc.desc: SetRetentionState abnormal input test.
430 * @tc.type: FUNC
431 * @tc.require:SR000I38N7
432 */
433 HWTEST_F(DlpPermissionKitTest, SetRetentionState03, TestSize.Level1)
434 {
435 int32_t uid = getuid();
436 SandboxInfo sandboxInfo;
437 AccessTokenID tokenId = GetSelfTokenID();
438 DLP_LOG_INFO(LABEL, "SetRetentionState03 tokenId from %{public}u", static_cast<unsigned int>(GetSelfTokenID()));
439
440 ASSERT_EQ(DLP_OK, DlpPermissionKit::InstallDlpSandbox(DLP_MANAGER_APP,
441 DLPFileAccess::FULL_CONTROL, DEFAULT_USERID, sandboxInfo, TEST_URI));
442 ASSERT_TRUE(sandboxInfo.appIndex != 0);
443 AccessTokenID sandboxTokenId = AccessTokenKit::GetHapTokenID(DEFAULT_USERID, DLP_MANAGER_APP, sandboxInfo.appIndex);
444 DLP_LOG_INFO(LABEL, "SetRetentionState03 sandboxTokenId tokenId from %{public}d ", sandboxTokenId);
445 ASSERT_TRUE(TestSetSelfTokenId(sandboxTokenId));
446 std::vector<std::string> docUriVec;
447 int32_t res = DlpPermissionKit::SetRetentionState(docUriVec);
448 DLP_LOG_INFO(LABEL, "SetRetentionState03 res %{public}d", res);
449 ASSERT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, res);
450 docUriVec.push_back(TEST_URI);
451 res = DlpPermissionKit::SetRetentionState(docUriVec);
452 DLP_LOG_INFO(LABEL, "SetRetentionState03 res %{public}d", res);
453 ASSERT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, res);
454 TestUninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID);
455 TestRecoverProcessInfo(uid, tokenId);
456 }
457
458 /* *
459 * @tc.name: OnGenerateDlpCertificate001
460 * @tc.desc: OnGenerateDlpCertificate abnormal input test.
461 * @tc.type: FUNC
462 * @tc.require:AR000GVIG0
463 */
464 HWTEST_F(DlpPermissionKitTest, OnGenerateDlpCertificate001, TestSize.Level0)
465 {
466 auto generateDlpCertificateCallback = std::make_shared<ClientGenerateDlpCertificateCallback>();
467 std::vector<uint8_t> cert;
468 cert = { 1, 2, 3 };
469 generateDlpCertificateCallback->OnGenerateDlpCertificate(-1, cert);
470 ASSERT_EQ(-1, generateDlpCertificateCallback->result_);
471 ASSERT_TRUE(generateDlpCertificateCallback->isCallBack_);
472 }
473
474 /**
475 * @tc.name: OnParseDlpCertificate001
476 * @tc.desc: OnParseDlpCertificate abnormal input test.
477 * @tc.type: FUNC
478 * @tc.require:AR000GVIG0
479 */
480 HWTEST_F(DlpPermissionKitTest, OnParseDlpCertificate001, TestSize.Level0)
481 {
482 auto parseDlpCertificateCallback = std::make_shared<ClientParseDlpCertificateCallback>();
483 PermissionPolicy policy;
484 parseDlpCertificateCallback->OnParseDlpCertificate(-1, policy, {});
485 ASSERT_EQ(-1, parseDlpCertificateCallback->result_);
486 ASSERT_TRUE(parseDlpCertificateCallback->isCallBack_);
487 }
488
489 /* *
490 * @tc.name: GenerateDlpCertificate001
491 * @tc.desc: GenerateDlpCertificate abnormal input test.
492 * @tc.type: FUNC
493 * @tc.require:AR000GVIG0
494 */
495 HWTEST_F(DlpPermissionKitTest, GenerateDlpCertificate001, TestSize.Level0)
496 {
497 GeneratePolicyParam param = {INVALID_ACCOUNT_LENGTH_UPPER, AESKEY_LEN,
498 IV_LEN, USER_NUM, ACCOUNT_LENGTH, AUTH_PERM, DELTA_EXPIRY_TIME};
499 EXPECT_EQ(
500 DLP_SERVICE_ERROR_VALUE_INVALID, TestGenerateDlpCertWithInvalidParam(param));
501 param.ownerAccountLen = INVALID_ACCOUNT_LENGTH_LOWER;
502 EXPECT_EQ(
503 DLP_SERVICE_ERROR_VALUE_INVALID, TestGenerateDlpCertWithInvalidParam(param));
504 param = {ACCOUNT_LENGTH, INVALID_AESKEY_LEN_UPPER,
505 IV_LEN, USER_NUM, ACCOUNT_LENGTH, AUTH_PERM, DELTA_EXPIRY_TIME};
506 EXPECT_EQ(
507 DLP_SERVICE_ERROR_VALUE_INVALID, TestGenerateDlpCertWithInvalidParam(param));
508 param = {ACCOUNT_LENGTH, INVALID_AESKEY_LEN_LOWER,
509 IV_LEN, USER_NUM, ACCOUNT_LENGTH, AUTH_PERM, DELTA_EXPIRY_TIME};
510 EXPECT_EQ(
511 DLP_SERVICE_ERROR_VALUE_INVALID, TestGenerateDlpCertWithInvalidParam(param));
512 param = {ACCOUNT_LENGTH, AESKEY_LEN, INVALID_IV_LEN_UPPER, USER_NUM, ACCOUNT_LENGTH, AUTH_PERM, DELTA_EXPIRY_TIME};
513 EXPECT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, TestGenerateDlpCertWithInvalidParam(param));
514 param = {ACCOUNT_LENGTH, AESKEY_LEN, INVALID_IV_LEN_LOWER, USER_NUM, ACCOUNT_LENGTH, AUTH_PERM, DELTA_EXPIRY_TIME};
515 EXPECT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, TestGenerateDlpCertWithInvalidParam(param));
516 param = {ACCOUNT_LENGTH, AESKEY_LEN, IV_LEN,
517 INVALID_USER_NUM_UPPER, ACCOUNT_LENGTH, AUTH_PERM, DELTA_EXPIRY_TIME};
518 EXPECT_EQ(
519 DLP_SERVICE_ERROR_VALUE_INVALID, TestGenerateDlpCertWithInvalidParam(param));
520 param = {ACCOUNT_LENGTH, AESKEY_LEN, IV_LEN,
521 USER_NUM, INVALID_ACCOUNT_LENGTH_UPPER, AUTH_PERM, DELTA_EXPIRY_TIME};
522 EXPECT_EQ(
523 DLP_SERVICE_ERROR_VALUE_INVALID, TestGenerateDlpCertWithInvalidParam(param));
524 param = {ACCOUNT_LENGTH, AESKEY_LEN, IV_LEN,
525 USER_NUM, INVALID_ACCOUNT_LENGTH_LOWER, AUTH_PERM, DELTA_EXPIRY_TIME};
526 EXPECT_EQ(
527 DLP_SERVICE_ERROR_VALUE_INVALID, TestGenerateDlpCertWithInvalidParam(param));
528 param = {ACCOUNT_LENGTH, AESKEY_LEN, IV_LEN,
529 USER_NUM, ACCOUNT_LENGTH, INVALID_AUTH_PERM_UPPER, DELTA_EXPIRY_TIME};
530 EXPECT_EQ(
531 DLP_SERVICE_ERROR_VALUE_INVALID, TestGenerateDlpCertWithInvalidParam(param));
532 param = {ACCOUNT_LENGTH, AESKEY_LEN, IV_LEN,
533 USER_NUM, ACCOUNT_LENGTH, INVALID_AUTH_PERM_LOWER, DELTA_EXPIRY_TIME};
534 EXPECT_EQ(
535 DLP_SERVICE_ERROR_VALUE_INVALID, TestGenerateDlpCertWithInvalidParam(param));
536 param = {ACCOUNT_LENGTH, AESKEY_LEN, IV_LEN,
537 USER_NUM, ACCOUNT_LENGTH, AUTH_PERM, INVALID_DELTA_EXPIRY_TIME};
538 EXPECT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, TestGenerateDlpCertWithInvalidParam(param));
539 param = {ACCOUNT_LENGTH, AESKEY_LEN,
540 AESKEY_LEN, USER_NUM, ACCOUNT_LENGTH, AUTH_PERM, DELTA_EXPIRY_TIME};
541 EXPECT_NE(DLP_OK, TestGenerateDlpCertWithInvalidParam(param));
542 }
543
544 /**
545 * @tc.name: ParseDlpCertificate001
546 * @tc.desc: ParseDlpCertificate abnormal input test.
547 * @tc.type: FUNC
548 * @tc.require:AR000GVIG0
549 */
550 HWTEST_F(DlpPermissionKitTest, ParseDlpCertificate001, TestSize.Level0)
551 {
552 sptr<CertParcel> certParcel = new (std::nothrow) CertParcel();
553 PermissionPolicy policy;
554 certParcel->contactAccount = "test";
555 std::string appId = "test_appId_passed";
556 ASSERT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, DlpPermissionKit::ParseDlpCertificate(certParcel, policy, appId, true));
557 certParcel->cert = {1, 2, 3};
558 ASSERT_NE(DLP_OK, DlpPermissionKit::ParseDlpCertificate(certParcel, policy, appId, true));
559 }
560
561 /**
562 * @tc.name: InstallDlpSandbox001
563 * @tc.desc: InstallDlpSandbox test.
564 * @tc.type: FUNC
565 * @tc.require:AR000GVIG8
566 */
567 HWTEST_F(DlpPermissionKitTest, InstallDlpSandbox001, TestSize.Level1)
568 {
569 SandboxInfo sandboxInfo;
570 ASSERT_EQ(DLP_OK, DlpPermissionKit::InstallDlpSandbox(DLP_MANAGER_APP,
571 DLPFileAccess::READ_ONLY, DEFAULT_USERID, sandboxInfo, TEST_URI));
572 ASSERT_TRUE(sandboxInfo.appIndex != 0);
573 ASSERT_EQ(DLP_OK, DlpPermissionKit::UninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID));
574 }
575
576 /**
577 * @tc.name: InstallDlpSandbox002
578 * @tc.desc: InstallDlpSandbox invalid input.
579 * @tc.type: FUNC
580 * @tc.require:AR000GVIG8
581 */
582 HWTEST_F(DlpPermissionKitTest, InstallDlpSandbox002, TestSize.Level0)
583 {
584 SandboxInfo sandboxInfo;
585 ASSERT_NE(DLP_OK, DlpPermissionKit::InstallDlpSandbox("test.test",
586 DLPFileAccess::READ_ONLY, DEFAULT_USERID, sandboxInfo, TEST_URI));
587 ASSERT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID,
588 DlpPermissionKit::InstallDlpSandbox("", DLPFileAccess::READ_ONLY, DEFAULT_USERID, sandboxInfo, TEST_URI));
589 ASSERT_EQ(
590 DLP_SERVICE_ERROR_VALUE_INVALID, DlpPermissionKit::InstallDlpSandbox(DLP_MANAGER_APP,
591 static_cast<DLPFileAccess>(100), DEFAULT_USERID, sandboxInfo, TEST_URI));
592 }
593
594 /**
595 * @tc.name: UninstallDlpSandbox001
596 * @tc.desc: UninstallDlpSandbox test.
597 * @tc.type: FUNC
598 * @tc.require: SR000GVIGF AR000GVIGG
599 */
600 HWTEST_F(DlpPermissionKitTest, UninstallDlpSandbox001, TestSize.Level1)
601 {
602 SandboxInfo sandboxInfo;
603 ASSERT_EQ(DLP_OK, DlpPermissionKit::InstallDlpSandbox(DLP_MANAGER_APP,
604 DLPFileAccess::READ_ONLY, DEFAULT_USERID, sandboxInfo, TEST_URI));
605 ASSERT_TRUE(sandboxInfo.appIndex != 0);
606 ASSERT_EQ(DLP_OK, DlpPermissionKit::UninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID));
607 }
608
609 /* *
610 * @tc.name: UninstallDlpSandbox002
611 * @tc.desc: UninstallDlpSandbox invalid input.
612 * @tc.type: FUNC
613 * @tc.require: SR000GVIGF AR000GVIGG
614 */
615 HWTEST_F(DlpPermissionKitTest, UninstallDlpSandbox002, TestSize.Level0)
616 {
617 int32_t appIndex = 1;
618 ASSERT_NE(DLP_OK, DlpPermissionKit::UninstallDlpSandbox("test.test", appIndex, DEFAULT_USERID));
619 ASSERT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, DlpPermissionKit::UninstallDlpSandbox("", appIndex, DEFAULT_USERID));
620 }
621
622 /**
623 * @tc.name: GetSandboxExternalAuthorization001
624 * @tc.desc: GetSandboxExternalAuthorization test.
625 * @tc.type: FUNC
626 * @tc.require: SR000GVIR0 AR000GVIR1
627 */
628 HWTEST_F(DlpPermissionKitTest, GetSandboxExternalAuthorization001, TestSize.Level1)
629 {
630 int32_t uid = getuid();
631 AccessTokenID selfTokenId = GetSelfTokenID();
632 // sandboxUid is invalid
633 OHOS::AAFwk::Want want;
634 SandBoxExternalAuthorType authType;
635 ASSERT_NE(DLP_OK, DlpPermissionKit::GetSandboxExternalAuthorization(-1, want, authType));
636
637 // sandboxUid is ok
638 SandboxInfo sandboxInfo;
639 ASSERT_EQ(DLP_OK, DlpPermissionKit::InstallDlpSandbox(DLP_MANAGER_APP,
640 DLPFileAccess::READ_ONLY, DEFAULT_USERID, sandboxInfo, TEST_URI));
641 int sandboxUid;
642 ASSERT_TRUE(TestGetAppUid(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID, sandboxUid));
643 ASSERT_EQ(DLP_SERVICE_ERROR_API_ONLY_FOR_SANDBOX_ERROR,
644 DlpPermissionKit::GetSandboxExternalAuthorization(sandboxUid, want, authType));
645 ASSERT_EQ(DLP_SERVICE_ERROR_API_ONLY_FOR_SANDBOX_ERROR,
646 DlpPermissionKit::GetSandboxExternalAuthorization(sandboxUid, want, authType));
647 TestMockApp(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID);
648 ASSERT_TRUE(authType == SandBoxExternalAuthorType::DENY_START_ABILITY);
649 ASSERT_EQ(DLP_OK, DlpPermissionKit::UninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID));
650
651 // uid is not sandbox
652 ASSERT_EQ(DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL,
653 DlpPermissionKit::GetSandboxExternalAuthorization(1000, want, authType));
654 ASSERT_TRUE(authType == SandBoxExternalAuthorType::DENY_START_ABILITY);
655 TestRecoverProcessInfo(uid, selfTokenId);
656 }
657
658 /**
659 * @tc.name: QueryDlpFileCopyableByTokenId001
660 * @tc.desc: QueryDlpFileCopyableByTokenId with read only sandbox app tokenId.
661 * @tc.type: FUNC
662 * @tc.require: SR000GVIGL AR000GVIGM
663 */
664 HWTEST_F(DlpPermissionKitTest, QueryDlpFileCopyableByTokenId001, TestSize.Level1)
665 {
666 // query dlp file access with read only sandbox app tokenId
667 SandboxInfo sandboxInfo;
668 ASSERT_EQ(DLP_OK, DlpPermissionKit::InstallDlpSandbox(DLP_MANAGER_APP,
669 DLPFileAccess::READ_ONLY, DEFAULT_USERID, sandboxInfo, TEST_URI));
670 ASSERT_TRUE(sandboxInfo.appIndex != 0);
671 AccessTokenID sandboxTokenId;
672 ASSERT_TRUE(TestGetTokenId(DEFAULT_USERID, DLP_MANAGER_APP, sandboxInfo.appIndex, sandboxTokenId));
673 bool copyable = false;
674 ASSERT_EQ(DLP_OK, DlpPermissionKit::QueryDlpFileCopyableByTokenId(copyable, sandboxTokenId));
675 ASSERT_EQ(copyable, false);
676 ASSERT_EQ(DLP_OK, DlpPermissionKit::UninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID));
677 }
678
679 /**
680 * @tc.name: QueryDlpFileCopyableByTokenId002
681 * @tc.desc: QueryDlpFileCopyableByTokenId with full control sandbox app tokenId.
682 * @tc.type: FUNC
683 * @tc.require: SR000GVIGL AR000GVIGM
684 */
685 HWTEST_F(DlpPermissionKitTest, QueryDlpFileCopyableByTokenId002, TestSize.Level1)
686 {
687 // query dlp file access with full control sandbox app tokenId
688 SandboxInfo sandboxInfo;
689 ASSERT_EQ(DLP_OK, DlpPermissionKit::InstallDlpSandbox(DLP_MANAGER_APP,
690 DLPFileAccess::FULL_CONTROL, DEFAULT_USERID, sandboxInfo, TEST_URI));
691 ASSERT_TRUE(sandboxInfo.appIndex != 0);
692 AccessTokenID sandboxTokenId;
693 ASSERT_TRUE(TestGetTokenId(DEFAULT_USERID, DLP_MANAGER_APP, sandboxInfo.appIndex, sandboxTokenId));
694 bool copyable = false;
695 ASSERT_EQ(DLP_OK, DlpPermissionKit::QueryDlpFileCopyableByTokenId(copyable, sandboxTokenId));
696 ASSERT_EQ(copyable, true);
697 ASSERT_EQ(DLP_OK, DlpPermissionKit::UninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID));
698 }
699
700 /**
701 * @tc.name: QueryDlpFileCopyableByTokenId003
702 * @tc.desc: QueryDlpFileCopyableByTokenId with normal app tokenId.
703 * @tc.type: FUNC
704 * @tc.require: SR000GVIGL AR000GVIGM
705 */
706 HWTEST_F(DlpPermissionKitTest, QueryDlpFileCopyableByTokenId003, TestSize.Level1)
707 {
708 // query dlp file access with normal app tokenId
709 bool copyable = false;
710 AccessTokenID normalTokenId;
711 ASSERT_TRUE(TestGetTokenId(DEFAULT_USERID, DLP_MANAGER_APP, 0, normalTokenId));
712 ASSERT_EQ(DLP_OK, DlpPermissionKit::QueryDlpFileCopyableByTokenId(copyable, normalTokenId));
713 ASSERT_EQ(copyable, true);
714 }
715
716 /**
717 * @tc.name: QueryDlpFileCopyableByTokenId004
718 * @tc.desc: QueryDlpFileCopyableByTokenId invalid input.
719 * @tc.type: FUNC
720 * @tc.require: SR000GVIGL AR000GVIGM
721 */
722 HWTEST_F(DlpPermissionKitTest, QueryDlpFileCopyableByTokenId004, TestSize.Level0)
723 {
724 // query dlp file access with invalid tokenId
725 bool copyable = false;
726 ASSERT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, DlpPermissionKit::QueryDlpFileCopyableByTokenId(copyable, 0));
727 ASSERT_EQ(copyable, false);
728 }
729
730 /**
731 * @tc.name: QueryDlpFileAccess001
732 * @tc.desc: QueryDlpFileAccess in normal app.
733 * @tc.type: FUNC
734 * @tc.require: SR000GVIGN AR000GVIGO
735 */
736 HWTEST_F(DlpPermissionKitTest, QueryDlpFileAccess001, TestSize.Level1)
737 {
738 // query dlp file access in normal app
739 int32_t uid = getuid();
740 AccessTokenID tokenId = GetSelfTokenID();
741 TestMockApp(DLP_MANAGER_APP, 0, DEFAULT_USERID);
742
743 DLPPermissionInfo permInfo;
744 ASSERT_EQ(DLP_SERVICE_ERROR_API_ONLY_FOR_SANDBOX_ERROR, DlpPermissionKit::QueryDlpFileAccess(permInfo));
745
746 TestRecoverProcessInfo(uid, tokenId);
747 }
748
749 /**
750 * @tc.name: QueryDlpFileAccess002
751 * @tc.desc: QueryDlpFileAccess in read only sandbox app.
752 * @tc.type: FUNC
753 * @tc.require: SR000GVIGN AR000GVIGO
754 */
755 HWTEST_F(DlpPermissionKitTest, QueryDlpFileAccess002, TestSize.Level1)
756 {
757 // query dlp file access in read only sandbox app
758 SandboxInfo sandboxInfo;
759 TestInstallDlpSandbox(DLP_MANAGER_APP, DLPFileAccess::READ_ONLY, DEFAULT_USERID, sandboxInfo);
760
761 int32_t uid = getuid();
762 AccessTokenID tokenId = GetSelfTokenID();
763 TestMockApp(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID);
764
765 DLPPermissionInfo permInfo;
766 ASSERT_EQ(DLP_OK, DlpPermissionKit::QueryDlpFileAccess(permInfo));
767 ASSERT_EQ(permInfo.dlpFileAccess, DLPFileAccess::READ_ONLY);
768 ASSERT_EQ(permInfo.flags, ACTION_VIEW);
769
770 TestUninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID);
771 TestRecoverProcessInfo(uid, tokenId);
772 }
773
774 /**
775 * @tc.name: QueryDlpFileAccess003
776 * @tc.desc: QueryDlpFileAccess in content edit sandbox app.
777 * @tc.type: FUNC
778 * @tc.require: SR000GVIGN AR000GVIGO
779 */
780 HWTEST_F(DlpPermissionKitTest, QueryDlpFileAccess003, TestSize.Level1)
781 {
782 // query dlp file access in content edit sandbox app
783 SandboxInfo sandboxInfo;
784 TestInstallDlpSandbox(DLP_MANAGER_APP, DLPFileAccess::CONTENT_EDIT, DEFAULT_USERID, sandboxInfo);
785
786 int32_t uid = getuid();
787 AccessTokenID tokenId = GetSelfTokenID();
788 TestMockApp(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID);
789
790 DLPPermissionInfo permInfo;
791 ASSERT_EQ(DLP_OK, DlpPermissionKit::QueryDlpFileAccess(permInfo));
792 ASSERT_EQ(permInfo.dlpFileAccess, DLPFileAccess::CONTENT_EDIT);
793 ASSERT_EQ(permInfo.flags, ACTION_SET_EDIT);
794
795 TestUninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID);
796 TestRecoverProcessInfo(uid, tokenId);
797 }
798
799 /**
800 * @tc.name: QueryDlpFileAccess004
801 * @tc.desc: QueryDlpFileAccess in full control sandbox app.
802 * @tc.type: FUNC
803 * @tc.require: SR000GVIGN AR000GVIGO
804 */
805 HWTEST_F(DlpPermissionKitTest, QueryDlpFileAccess004, TestSize.Level1)
806 {
807 // query dlp file access in full control sandbox app
808 SandboxInfo sandboxInfo;
809 TestInstallDlpSandbox(DLP_MANAGER_APP, DLPFileAccess::FULL_CONTROL, DEFAULT_USERID, sandboxInfo);
810
811 int32_t uid = getuid();
812 AccessTokenID tokenId = GetSelfTokenID();
813 TestMockApp(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID);
814
815 DLPPermissionInfo permInfo;
816 ASSERT_EQ(DLP_OK, DlpPermissionKit::QueryDlpFileAccess(permInfo));
817 ASSERT_EQ(permInfo.dlpFileAccess, DLPFileAccess::FULL_CONTROL);
818 ASSERT_EQ(permInfo.flags, ACTION_SET_FC);
819
820 TestUninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID);
821 TestRecoverProcessInfo(uid, tokenId);
822 }
823
824 /**
825 * @tc.name: IsInDlpSandbox001
826 * @tc.desc: IsInDlpSandbox in normal app.
827 * @tc.type: FUNC
828 * @tc.require: SR000GVIGN AR000GVIGO
829 */
830 HWTEST_F(DlpPermissionKitTest, IsInDlpSandbox001, TestSize.Level1)
831 {
832 // query whether in sandbox in normal app
833 bool inSandbox = false;
834
835 int32_t uid = getuid();
836 AccessTokenID tokenId = GetSelfTokenID();
837 TestMockApp(DLP_MANAGER_APP, 0, DEFAULT_USERID);
838
839 ASSERT_EQ(DLP_OK, DlpPermissionKit::IsInDlpSandbox(inSandbox));
840
841 TestRecoverProcessInfo(uid, tokenId);
842 }
843
844 /**
845 * @tc.name: IsInDlpSandbox002
846 * @tc.desc: IsInDlpSandbox in read only sandbox app.
847 * @tc.type: FUNC
848 * @tc.require: SR000GVIGN AR000GVIGO
849 */
850 HWTEST_F(DlpPermissionKitTest, IsInDlpSandbox002, TestSize.Level1)
851 {
852 // query whether in sandbox in read only sandbox app
853 SandboxInfo sandboxInfo;
854 TestInstallDlpSandbox(DLP_MANAGER_APP, DLPFileAccess::READ_ONLY, DEFAULT_USERID, sandboxInfo);
855
856 int32_t uid = getuid();
857 AccessTokenID tokenId = GetSelfTokenID();
858 TestMockApp(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID);
859
860 bool inSandbox = false;
861 ASSERT_EQ(DLP_OK, DlpPermissionKit::IsInDlpSandbox(inSandbox));
862 ASSERT_EQ(inSandbox, true);
863 TestUninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID);
864 TestRecoverProcessInfo(uid, tokenId);
865 }
866
867 /**
868 * @tc.name: IsInDlpSandbox003
869 * @tc.desc: IsInDlpSandbox in full control sandbox app.
870 * @tc.type: FUNC
871 * @tc.require: SR000GVIGN AR000GVIGO
872 */
873 HWTEST_F(DlpPermissionKitTest, IsInDlpSandbox003, TestSize.Level1)
874 {
875 // query whether in sandbox in full control sandbox app
876 SandboxInfo sandboxInfo;
877 TestInstallDlpSandbox(DLP_MANAGER_APP, DLPFileAccess::FULL_CONTROL, DEFAULT_USERID, sandboxInfo);
878
879 int32_t uid = getuid();
880 AccessTokenID tokenId = GetSelfTokenID();
881 TestMockApp(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID);
882
883 bool inSandbox = false;
884 ASSERT_EQ(DLP_OK, DlpPermissionKit::IsInDlpSandbox(inSandbox));
885 ASSERT_EQ(inSandbox, true);
886
887 TestUninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID);
888 TestRecoverProcessInfo(uid, tokenId);
889 }
890
891 /**
892 * @tc.name: GetDlpSupportFileType001
893 * @tc.desc: GetDlpSupportFileType in normal app.
894 * @tc.type: FUNC
895 * @tc.require: SR000GVIGN AR000GVIGO
896 */
897 HWTEST_F(DlpPermissionKitTest, GetDlpSupportFileType001, TestSize.Level0)
898 {
899 DLP_LOG_INFO(LABEL, "enter GetDlpSupportFileType001");
900 // query support dlp file types in normal app
901 std::vector<std::string> supportFileType;
902 int32_t uid = getuid();
903 AccessTokenID tokenId = GetSelfTokenID();
904 TestMockApp(DLP_MANAGER_APP, 0, DEFAULT_USERID);
905
906 ASSERT_EQ(DLP_OK, DlpPermissionKit::GetDlpSupportFileType(supportFileType));
907 ASSERT_EQ(supportFileType.empty(), false);
908
909 TestRecoverProcessInfo(uid, tokenId);
910 }
911
912 /**
913 * @tc.name: GetDlpSupportFileType002
914 * @tc.desc: GetDlpSupportFileType in read only sandbox app.
915 * @tc.type: FUNC
916 * @tc.require: SR000GVIGN AR000GVIGO
917 */
918 HWTEST_F(DlpPermissionKitTest, GetDlpSupportFileType002, TestSize.Level1)
919 {
920 // query support dlp file types in read only sandbox app
921 SandboxInfo sandboxInfo;
922 TestInstallDlpSandbox(DLP_MANAGER_APP, DLPFileAccess::READ_ONLY, DEFAULT_USERID, sandboxInfo);
923
924 int32_t uid = getuid();
925 AccessTokenID tokenId = GetSelfTokenID();
926 TestMockApp(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID);
927 std::vector<std::string> supportFileType;
928 ASSERT_EQ(DLP_OK, DlpPermissionKit::GetDlpSupportFileType(supportFileType));
929 ASSERT_EQ(supportFileType.empty(), false);
930
931 TestUninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID);
932 TestRecoverProcessInfo(uid, tokenId);
933 }
934
935 /**
936 * @tc.name: GetDlpSupportFileType003
937 * @tc.desc: GetDlpSupportFileType in context edit sandbox app.
938 * @tc.type: FUNC
939 * @tc.require:
940 */
941 HWTEST_F(DlpPermissionKitTest, GetDlpSupportFileType003, TestSize.Level1)
942 {
943 // query support dlp file types in context edit sandbox app
944 SandboxInfo sandboxInfo;
945 TestInstallDlpSandbox(DLP_MANAGER_APP, DLPFileAccess::CONTENT_EDIT, DEFAULT_USERID, sandboxInfo);
946
947 int32_t uid = getuid();
948 AccessTokenID tokenId = GetSelfTokenID();
949 TestMockApp(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID);
950 std::vector<std::string> supportFileType;
951 ASSERT_EQ(DLP_OK, DlpPermissionKit::GetDlpSupportFileType(supportFileType));
952 ASSERT_EQ(supportFileType.empty(), false);
953
954 TestUninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID);
955 TestRecoverProcessInfo(uid, tokenId);
956 }
957
958 /**
959 * @tc.name: GetDlpSupportFileType004
960 * @tc.desc: GetDlpSupportFileType in full control sandbox app.
961 * @tc.type: FUNC
962 * @tc.require: SR000GVIGN AR000GVIGO
963 */
964 HWTEST_F(DlpPermissionKitTest, GetDlpSupportFileType004, TestSize.Level1)
965 {
966 DLP_LOG_INFO(LABEL, "enter GetDlpSupportFileType004");
967 // query support dlp file types in full control sandbox app
968 SandboxInfo sandboxInfo;
969 TestInstallDlpSandbox(DLP_MANAGER_APP, DLPFileAccess::FULL_CONTROL, DEFAULT_USERID, sandboxInfo);
970
971 int32_t uid = getuid();
972 AccessTokenID tokenId = GetSelfTokenID();
973 TestMockApp(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID);
974
975 std::vector<std::string> supportFileType;
976 ASSERT_EQ(DLP_OK, DlpPermissionKit::GetDlpSupportFileType(supportFileType));
977 ASSERT_EQ(supportFileType.empty(), false);
978
979 TestUninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID);
980 TestRecoverProcessInfo(uid, tokenId);
981 }
982
983 /**
984 * @tc.name: GetDlpGatheringPolicy001
985 * @tc.desc: GetDlpGatheringPolicy test
986 * @tc.type: FUNC
987 * @tc.require:
988 */
989 HWTEST_F(DlpPermissionKitTest, GetDlpGatheringPolicy001, TestSize.Level1)
990 {
991 // query gathering policy on this device
992 bool isGathering = false;
993
994 ASSERT_EQ(DLP_OK, DlpPermissionKit::GetDlpGatheringPolicy(isGathering));
995 }
996
997 /**
998 * @tc.name: ClearUnreservedSandbox001
999 * @tc.desc: ClearUnreservedSandbox.
1000 * @tc.type: FUNC
1001 * @tc.require: SR000I38N7
1002 */
1003 HWTEST_F(DlpPermissionKitTest, ClearUnreservedSandbox001, TestSize.Level0)
1004 {
1005 ASSERT_EQ(DLP_SERVICE_ERROR_PERMISSION_DENY, DlpPermissionKit::ClearUnreservedSandbox());
1006 }
1007
1008 class CbCustomizeTest : public DlpSandboxChangeCallbackCustomize {
1009 public:
CbCustomizeTest()1010 explicit CbCustomizeTest() {}
~CbCustomizeTest()1011 ~CbCustomizeTest() {}
1012
DlpSandboxChangeCallback(DlpSandboxCallbackInfo & result)1013 virtual void DlpSandboxChangeCallback(DlpSandboxCallbackInfo& result) {}
1014 };
1015
1016 class TestOpenDlpFileCallbackCustomize : public OpenDlpFileCallbackCustomize {
1017 public:
TestOpenDlpFileCallbackCustomize()1018 explicit TestOpenDlpFileCallbackCustomize() {}
~TestOpenDlpFileCallbackCustomize()1019 ~TestOpenDlpFileCallbackCustomize() {}
1020
OnOpenDlpFile(OpenDlpFileCallbackInfo & result)1021 void OnOpenDlpFile(OpenDlpFileCallbackInfo &result)
1022 {
1023 called = true;
1024 }
1025 bool called = false;
1026 };
1027
1028 /**
1029 * @tc.name: RegisterDlpSandboxChangeCallback001
1030 * @tc.desc: RegisterDlpSandboxChangeCallback.
1031 * @tc.type: FUNC
1032 * @tc.require: DTS2023040302317
1033 */
1034 HWTEST_F(DlpPermissionKitTest, RegisterDlpSandboxChangeCallback001, TestSize.Level1)
1035 {
1036 const std::shared_ptr<DlpSandboxChangeCallbackCustomize> callbackPtr = std::make_shared<CbCustomizeTest>();
1037 int32_t res = DlpPermissionKit::RegisterDlpSandboxChangeCallback(callbackPtr);
1038 ASSERT_EQ(DLP_OK, res);
1039 res = DlpPermissionKit::RegisterDlpSandboxChangeCallback(callbackPtr);
1040 ASSERT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, res);
1041 bool result;
1042 SandboxInfo sandboxInfo;
1043 ASSERT_EQ(DLP_OK, DlpPermissionKit::InstallDlpSandbox(DLP_MANAGER_APP,
1044 DLPFileAccess::FULL_CONTROL, DEFAULT_USERID, sandboxInfo, TEST_URI));
1045 ASSERT_EQ(DLP_OK, DlpPermissionKit::UninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID));
1046 res = DlpPermissionKit::UnregisterDlpSandboxChangeCallback(result);
1047 ASSERT_EQ(DLP_OK, res);
1048 }
1049
1050 /**
1051 * @tc.name: RegisterDlpSandboxChangeCallback002
1052 * @tc.desc: RegisterDlpSandboxChangeCallback.
1053 * @tc.type: FUNC
1054 * @tc.require: DTS2023040302317
1055 */
1056 HWTEST_F(DlpPermissionKitTest, RegisterDlpSandboxChangeCallback002, TestSize.Level1)
1057 {
1058 int32_t res = DlpPermissionKit::RegisterDlpSandboxChangeCallback(nullptr);
1059 ASSERT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, res);
1060 bool result;
1061 res = DlpPermissionKit::UnregisterDlpSandboxChangeCallback(result);
1062 ASSERT_EQ(DLP_CALLBACK_PARAM_INVALID, res);
1063 }
1064
1065 /**
1066 * @tc.name: RegisterDlpSandboxChangeCallback003
1067 * @tc.desc: RegisterDlpSandboxChangeCallback.
1068 * @tc.type: FUNC
1069 * @tc.require: DTS2023040302317
1070 */
1071 HWTEST_F(DlpPermissionKitTest, RegisterDlpSandboxChangeCallback003, TestSize.Level1)
1072 {
1073 bool result;
1074 int32_t res = DlpPermissionKit::UnregisterDlpSandboxChangeCallback(result);
1075 ASSERT_EQ(DLP_CALLBACK_PARAM_INVALID, res);
1076 }
1077
1078 /**
1079 * @tc.name: DlpSandboxChangeCallback001
1080 * @tc.desc: DlpSandboxChangeCallback function test.
1081 * @tc.type: FUNC
1082 * @tc.require: DTS2023040302317
1083 */
1084 HWTEST_F(DlpPermissionKitTest, DlpSandboxChangeCallback001, TestSize.Level0)
1085 {
1086 std::shared_ptr<CbCustomizeTest> callbackPtr = nullptr;
1087 std::shared_ptr<DlpSandboxChangeCallback> callback = std::make_shared<DlpSandboxChangeCallback>(
1088 callbackPtr);
1089 ASSERT_NE(callback, nullptr);
1090 DlpSandboxCallbackInfo result;
1091 callback->DlpSandboxStateChangeCallback(result);
1092 ASSERT_EQ(callback->customizedCallback_, nullptr);
1093 }
1094
1095 /**
1096 * @tc.name: DlpSandboxChangeCallback002
1097 * @tc.desc: DlpSandboxChangeCallback function test.
1098 * @tc.type: FUNC
1099 * @tc.require: DTS2023040302317
1100 */
1101 HWTEST_F(DlpPermissionKitTest, DlpSandboxChangeCallback002, TestSize.Level0)
1102 {
1103 std::shared_ptr<CbCustomizeTest> callbackPtr = std::make_shared<CbCustomizeTest>();
1104 std::shared_ptr<DlpSandboxChangeCallback> callback = std::make_shared<DlpSandboxChangeCallback>(callbackPtr);
1105 ASSERT_NE(callback, nullptr);
1106 DlpSandboxCallbackInfo result;
1107 callback->DlpSandboxStateChangeCallback(result);
1108 ASSERT_NE(callback->customizedCallback_, nullptr);
1109 callback->Stop();
1110 }
1111
1112 /**
1113 * @tc.name: RegisterOpenDlpFileCallback001
1114 * @tc.desc: RegisterOpenDlpFileCallback.
1115 * @tc.type: FUNC
1116 * @tc.require:
1117 */
1118 HWTEST_F(DlpPermissionKitTest, RegisterOpenDlpFileCallback001, TestSize.Level1)
1119 {
1120 int32_t uid = getuid();
1121 AccessTokenID tokenId = GetSelfTokenID();
1122 TestMockApp(DLP_MANAGER_APP, 0, DEFAULT_USERID);
1123
1124 const std::shared_ptr<TestOpenDlpFileCallbackCustomize> callbackPtr =
1125 std::make_shared<TestOpenDlpFileCallbackCustomize>();
1126 ASSERT_NE(callbackPtr, nullptr);
1127 EXPECT_EQ(DLP_OK, DlpPermissionKit::RegisterOpenDlpFileCallback(callbackPtr));
1128 SandboxInfo sandboxInfo;
1129 EXPECT_EQ(DLP_OK, DlpPermissionKit::InstallDlpSandbox(DLP_MANAGER_APP,
1130 DLPFileAccess::FULL_CONTROL, DEFAULT_USERID, sandboxInfo, TEST_URI));
1131 usleep(50000); // sleep 50ms
1132 EXPECT_EQ(true, callbackPtr->called);
1133 EXPECT_EQ(DLP_OK, DlpPermissionKit::UninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID));
1134 EXPECT_EQ(DLP_OK, DlpPermissionKit::UnRegisterOpenDlpFileCallback(callbackPtr));
1135
1136 TestRecoverProcessInfo(uid, tokenId);
1137 }
1138
1139 /**
1140 * @tc.name: RegisterOpenDlpFileCallback002
1141 * @tc.desc: RegisterOpenDlpFileCallback.
1142 * @tc.type: FUNC
1143 * @tc.require:
1144 */
1145 HWTEST_F(DlpPermissionKitTest, RegisterOpenDlpFileCallback002, TestSize.Level0)
1146 {
1147 EXPECT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, DlpPermissionKit::RegisterOpenDlpFileCallback(nullptr));
1148 EXPECT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, DlpPermissionKit::UnRegisterOpenDlpFileCallback(nullptr));
1149 }
1150
1151 /**
1152 * @tc.name: RegisterOpenDlpFileCallback003
1153 * @tc.desc: RegisterOpenDlpFileCallback.
1154 * @tc.type: FUNC
1155 * @tc.require:
1156 */
1157 HWTEST_F(DlpPermissionKitTest, RegisterOpenDlpFileCallback003, TestSize.Level0)
1158 {
1159 int32_t uid = getuid();
1160 AccessTokenID tokenId = GetSelfTokenID();
1161 TestMockApp(DLP_MANAGER_APP, 0, DEFAULT_USERID);
1162
1163 const std::shared_ptr<TestOpenDlpFileCallbackCustomize> callbackPtr =
1164 std::make_shared<TestOpenDlpFileCallbackCustomize>();
1165 ASSERT_NE(callbackPtr, nullptr);
1166 EXPECT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, DlpPermissionKit::UnRegisterOpenDlpFileCallback(callbackPtr));
1167
1168 TestRecoverProcessInfo(uid, tokenId);
1169 }
1170
1171 /**
1172 * @tc.name: RegisterOpenDlpFileCallback004
1173 * @tc.desc: RegisterOpenDlpFileCallback.
1174 * @tc.type: FUNC
1175 * @tc.require:
1176 */
1177 HWTEST_F(DlpPermissionKitTest, RegisterOpenDlpFileCallback004, TestSize.Level1)
1178 {
1179 int32_t uid = getuid();
1180 AccessTokenID tokenId = GetSelfTokenID();
1181 TestMockApp(DLP_MANAGER_APP, 0, DEFAULT_USERID);
1182
1183 std::vector<std::shared_ptr<TestOpenDlpFileCallbackCustomize>> ptrList;
1184 const std::shared_ptr<TestOpenDlpFileCallbackCustomize> callbackPtr =
1185 std::make_shared<TestOpenDlpFileCallbackCustomize>();
1186 ASSERT_NE(callbackPtr, nullptr);
1187 EXPECT_EQ(DLP_OK, DlpPermissionKit::RegisterOpenDlpFileCallback(callbackPtr));
1188 ptrList.emplace_back(callbackPtr);
1189 EXPECT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, DlpPermissionKit::RegisterOpenDlpFileCallback(callbackPtr));
1190 for (int32_t i = 0; i < 99; i++) {
1191 const std::shared_ptr<TestOpenDlpFileCallbackCustomize> callback =
1192 std::make_shared<TestOpenDlpFileCallbackCustomize>();
1193 ASSERT_NE(callback, nullptr);
1194 EXPECT_EQ(DLP_OK, DlpPermissionKit::RegisterOpenDlpFileCallback(callback));
1195 ptrList.emplace_back(callback);
1196 }
1197 const std::shared_ptr<TestOpenDlpFileCallbackCustomize> callback =
1198 std::make_shared<TestOpenDlpFileCallbackCustomize>();
1199 ASSERT_NE(callback, nullptr);
1200 EXPECT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, DlpPermissionKit::RegisterOpenDlpFileCallback(callback));
1201 ptrList.emplace_back(callback);
1202 for (auto& iter : ptrList) {
1203 DlpPermissionKit::UnRegisterOpenDlpFileCallback(iter);
1204 }
1205
1206 TestRecoverProcessInfo(uid, tokenId);
1207 }
1208
1209 /**
1210 * @tc.name: OpenDlpFileCallback001
1211 * @tc.desc: OpenDlpFileCallback function test.
1212 * @tc.type: FUNC
1213 * @tc.require:
1214 */
1215 HWTEST_F(DlpPermissionKitTest, OpenDlpFileCallback001, TestSize.Level0)
1216 {
1217 std::shared_ptr<TestOpenDlpFileCallbackCustomize> callbackPtr = nullptr;
1218 std::shared_ptr<OpenDlpFileCallback> callback = std::make_shared<OpenDlpFileCallback>(callbackPtr);
1219 ASSERT_NE(callback, nullptr);
1220 OpenDlpFileCallbackInfo result;
1221 callback->OnOpenDlpFile(result);
1222 ASSERT_EQ(callback->customizedCallback_, nullptr);
1223 }
1224
1225 /**
1226 * @tc.name: OpenDlpFileCallback002
1227 * @tc.desc: OpenDlpFileCallback function test.
1228 * @tc.type: FUNC
1229 * @tc.require:
1230 */
1231 HWTEST_F(DlpPermissionKitTest, OpenDlpFileCallback002, TestSize.Level0)
1232 {
1233 std::shared_ptr<TestOpenDlpFileCallbackCustomize> callbackPtr =
1234 std::make_shared<TestOpenDlpFileCallbackCustomize>();
1235 std::shared_ptr<OpenDlpFileCallback> callback = std::make_shared<OpenDlpFileCallback>(callbackPtr);
1236 ASSERT_NE(callback, nullptr);
1237 OpenDlpFileCallbackInfo result;
1238 callback->OnOpenDlpFile(result);
1239 EXPECT_EQ(true, callbackPtr->called);
1240 ASSERT_NE(callback->customizedCallback_, nullptr);
1241 }
1242
1243 /**
1244 * @tc.name: OnGenerateDlpCertificate002
1245 * @tc.desc: OnGenerateDlpCertificate function test.
1246 * @tc.type: FUNC
1247 * @tc.require: DTS2023040302317
1248 */
1249 HWTEST_F(DlpPermissionKitTest, OnGenerateDlpCertificate002, TestSize.Level0)
1250 {
1251 std::vector<uint8_t> cert;
1252 auto generateDlpCertificateCallback = std::make_shared<ClientGenerateDlpCertificateCallback>();
1253 generateDlpCertificateCallback->OnGenerateDlpCertificate(0, cert);
1254 ASSERT_EQ(0, generateDlpCertificateCallback->result_);
1255 PermissionPolicy policy;
1256 auto parseDlpCertificateCallback = std::make_shared<ClientParseDlpCertificateCallback>();
1257 parseDlpCertificateCallback->OnParseDlpCertificate(0, policy, {});
1258 ASSERT_EQ(0, generateDlpCertificateCallback->result_);
1259 }
1260
1261 /**
1262 * @tc.name: ParseDlpCertificate002
1263 * @tc.desc: ParseDlpCertificate abnormal input test.
1264 * @tc.type: FUNC
1265 * @tc.require:AR000GVIG0
1266 */
1267 HWTEST_F(DlpPermissionKitTest, ParseDlpCertificate002, TestSize.Level0)
1268 {
1269 sptr<CertParcel> certParcel = new (std::nothrow) CertParcel();
1270 certParcel->offlineCert.push_back(1);
1271 PermissionPolicy policy;
1272 ASSERT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID,
1273 DlpPermissionKit::ParseDlpCertificate(certParcel, policy, "", true));
1274
1275 policy.ownerAccount_ = "test";
1276 policy.ownerAccountId_ = "test";
1277 policy.ownerAccountType_ = CLOUD_ACCOUNT;
1278 std::vector<AuthUserInfo> authUsers_;
1279 AuthUserInfo info;
1280 info.authAccount = "test";
1281 info.authPerm = DLPFileAccess::FULL_CONTROL;
1282 info.permExpiryTime = 1784986283;
1283 info.authAccountType = CLOUD_ACCOUNT;
1284 authUsers_.push_back(info);
1285 uint8_t* iv = new (std::nothrow) uint8_t[16];
1286 uint8_t* aseKey = new (std::nothrow) uint8_t[16];
1287 policy.SetIv(iv, 16);
1288 policy.SetAeskey(aseKey, 16);
1289 ASSERT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID,
1290 DlpPermissionKit::ParseDlpCertificate(certParcel, policy, "", true));
1291 delete[] iv;
1292 delete[] aseKey;
1293 }
1294
1295 /**
1296 * @tc.name: GetDLPFileVisitRecord001
1297 * @tc.desc: GetDLPFileVisitRecord.
1298 * @tc.type: FUNC
1299 * @tc.require: AR000I38MV
1300 */
1301 HWTEST_F(DlpPermissionKitTest, GetDLPFileVisitRecord001, TestSize.Level1)
1302 {
1303 int32_t uid = getuid();
1304 AccessTokenID selfTokenId = GetSelfTokenID();
1305 std::vector<VisitedDLPFileInfo> infoVec;
1306 SandboxInfo sandboxInfo;
1307 ASSERT_EQ(DLP_OK, DlpPermissionKit::InstallDlpSandbox(DLP_MANAGER_APP,
1308 DLPFileAccess::FULL_CONTROL, DEFAULT_USERID, sandboxInfo, TEST_URI));
1309 ASSERT_TRUE(sandboxInfo.appIndex != 0);
1310 TestMockApp(DLP_MANAGER_APP, 0, DEFAULT_USERID);
1311 ASSERT_TRUE(TestSetSelfTokenId(g_dlpManagerTokenId));
1312 ASSERT_EQ(DLP_OK, DlpPermissionKit::GetDLPFileVisitRecord(infoVec));
1313 DLP_LOG_INFO(LABEL, "GetDLPFileVisitRecord size:%{public}zu", infoVec.size());
1314 ASSERT_TRUE(1 == infoVec.size());
1315 setuid(g_selfUid);
1316 infoVec.clear();
1317 ASSERT_EQ(DLP_OK, DlpPermissionKit::GetDLPFileVisitRecord(infoVec));
1318 ASSERT_TRUE(0 == infoVec.size());
1319 AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(100, DLP_MANAGER_APP, sandboxInfo.appIndex);
1320 ASSERT_TRUE(TestSetSelfTokenId(tokenId));
1321 ASSERT_EQ(DLP_SERVICE_ERROR_API_NOT_FOR_SANDBOX_ERROR, DlpPermissionKit::GetDLPFileVisitRecord(infoVec));
1322 ASSERT_TRUE(TestSetSelfTokenId(g_dlpManagerTokenId));
1323 ASSERT_EQ(DLP_OK, DlpPermissionKit::UninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID));
1324
1325 TestRecoverProcessInfo(uid, selfTokenId);
1326 }
1327
1328 /* *
1329 * @tc.name: SetSandboxAppConfig001
1330 * @tc.desc: SetSandboxAppConfig001 test.
1331 * @tc.type: FUNC
1332 * @tc.require: SR000IEUH3
1333 */
1334 HWTEST_F(DlpPermissionKitTest, SetSandboxAppConfig001, TestSize.Level1)
1335 {
1336 int32_t uid = getuid();
1337 AccessTokenID tokenId = GetSelfTokenID();
1338 TestMockApp(DLP_MANAGER_APP, 0, DEFAULT_USERID);
1339 std::string config = "test";
1340 ASSERT_EQ(DLP_OK, DlpPermissionKit::SetSandboxAppConfig(config));
1341 std::string configGet;
1342 ASSERT_EQ(DLP_OK, DlpPermissionKit::GetSandboxAppConfig(configGet));
1343 ASSERT_EQ(DLP_OK, DlpPermissionKit::CleanSandboxAppConfig());
1344 TestRecoverProcessInfo(uid, tokenId);
1345 }
1346
1347 /* *
1348 * @tc.name: SetMDMPolicy001
1349 * @tc.desc: SetMDMPolicy001 abnormal input test.
1350 * @tc.type: FUNC
1351 * @tc.require: SR000IEUHS
1352 */
1353 HWTEST_F(DlpPermissionKitTest, SetMDMPolicy001, TestSize.Level0)
1354 {
1355 seteuid(1000);
1356 std::vector<std::string> appIdList;
1357 if (IsFeatureProvidedWithDlp()) {
1358 ASSERT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, DlpPermissionKit::SetMDMPolicy(appIdList));
1359 } else {
1360 ASSERT_EQ(DLP_OK, DlpPermissionKit::SetMDMPolicy(appIdList));
1361 }
1362 appIdList.push_back("@ohos.test.bundleName1_QG9ob3MudGVzdC5idW5kbGVOYW1lMQ==");
1363 if (IsFeatureProvidedWithDlp()) {
1364 ASSERT_EQ(DLP_SERVICE_ERROR_PERMISSION_DENY, DlpPermissionKit::SetMDMPolicy(appIdList));
1365 } else {
1366 ASSERT_EQ(DLP_OK, DlpPermissionKit::SetMDMPolicy(appIdList));
1367 }
1368 seteuid(3057);
1369 ASSERT_EQ(DLP_OK, DlpPermissionKit::SetMDMPolicy(appIdList));
1370 appIdList.push_back("");
1371 if (IsFeatureProvidedWithDlp()) {
1372 ASSERT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, DlpPermissionKit::SetMDMPolicy(appIdList));
1373 } else {
1374 ASSERT_EQ(DLP_OK, DlpPermissionKit::SetMDMPolicy(appIdList));
1375 }
1376 appIdList.pop_back();
1377 appIdList.push_back("@ohos.test.bundleName2_QG9ob3MudGVzdC5idW5kbGVOYW1lMg==");
1378 appIdList.push_back("@ohos.test.bundleName3_QG9ob3MudGVzdC5idW5kbGVOYW1lMw==");
1379 appIdList.push_back(
1380 "@ohos.test.bundleNameWhichIsLongerThanThe200digitsLengthLimit\
1381 123456789123456789123456789_QG9ob3MudGVzdC5idW5kbGVOYW1lV2hpY2hJc0xvbmdlclRoYW5UaGUyMDBkaWdpdHNMZW5nd\
1382 GhMaW1pdDEyMzQ1Njc4OTEyMzQ1Njc4OTEyMzQ1Njc4OQ==");
1383 if (IsFeatureProvidedWithDlp()) {
1384 ASSERT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, DlpPermissionKit::SetMDMPolicy(appIdList));
1385 } else {
1386 ASSERT_EQ(DLP_OK, DlpPermissionKit::SetMDMPolicy(appIdList));
1387 }
1388 appIdList.pop_back();
1389 for (int i = 0; i < 250; i++) {
1390 appIdList.push_back("@ohos.test.bundleName1_QG9ob3MudGVzdC5idW5kbGVOYW1lMQ==");
1391 }
1392 if (IsFeatureProvidedWithDlp()) {
1393 ASSERT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, DlpPermissionKit::SetMDMPolicy(appIdList));
1394 } else {
1395 ASSERT_EQ(DLP_OK, DlpPermissionKit::SetMDMPolicy(appIdList));
1396 }
1397 appIdList.clear();
1398 }
1399
1400 /* *
1401 * @tc.name: GetMDMPolicy001
1402 * @tc.desc: GetMDMPolicy001S abnormal input test.
1403 * @tc.type: FUNC
1404 * @tc.require: SR000IEUHS
1405 */
1406 HWTEST_F(DlpPermissionKitTest, GetMDMPolicy001, TestSize.Level0)
1407 {
1408 seteuid(1000);
1409 std::vector<std::string> appIdList;
1410 if (IsFeatureProvidedWithDlp()) {
1411 ASSERT_EQ(DLP_SERVICE_ERROR_PERMISSION_DENY, DlpPermissionKit::GetMDMPolicy(appIdList));
1412 } else {
1413 ASSERT_EQ(DLP_OK, DlpPermissionKit::GetMDMPolicy(appIdList));
1414 }
1415 seteuid(3057);
1416 ASSERT_EQ(DLP_OK, DlpPermissionKit::GetMDMPolicy(appIdList));
1417 appIdList.clear();
1418 }
1419
1420 /* *
1421 * @tc.name: RemoveMDMPolicy001
1422 * @tc.desc: RemoveMDMPolicy001 abnormal input test.
1423 * @tc.type: FUNC
1424 * @tc.require: SR000IEUHS
1425 */
1426 HWTEST_F(DlpPermissionKitTest, RemoveMDMPolicy001, TestSize.Level0)
1427 {
1428 seteuid(1000);
1429 if (IsFeatureProvidedWithDlp()) {
1430 ASSERT_EQ(DLP_SERVICE_ERROR_PERMISSION_DENY, DlpPermissionKit::RemoveMDMPolicy());
1431 } else {
1432 ASSERT_EQ(DLP_OK, DlpPermissionKit::RemoveMDMPolicy());
1433 }
1434 seteuid(3057);
1435 ASSERT_EQ(DLP_OK, DlpPermissionKit::RemoveMDMPolicy());
1436 }
1437
1438 /* *
1439 * @tc.name: IsDLPFeatureProvided001
1440 * @tc.desc: IsDLPFeatureProvided.
1441 * @tc.type: FUNC
1442 * @tc.require:
1443 */
1444 HWTEST_F(DlpPermissionKitTest, IsDLPFeatureProvided001, TestSize.Level0)
1445 {
1446 DLP_LOG_DEBUG(LABEL, "Start IsDLPFeatureProvided001.");
1447 bool isProvided;
1448 ASSERT_EQ(DLP_OK, DlpPermissionKit::IsDLPFeatureProvided(isProvided));
1449 }
1450
1451 /* *
1452 * @tc.name: SandboxInfo004
1453 * @tc.desc: SandboxInfo.
1454 * @tc.type: FUNC
1455 * @tc.require:
1456 */
1457 HWTEST_F(DlpPermissionKitTest, SandboxInfo004, TestSize.Level0)
1458 {
1459 DLP_LOG_DEBUG(LABEL, "Start SandboxInfo004.");
1460 Parcel parcel;
1461 SandboxInfo info;
1462 bool ret = info.Marshalling(parcel);
1463 ASSERT_EQ(true, ret);
1464 auto out = info.Unmarshalling(parcel);
1465 ASSERT_NE(nullptr, out);
1466 }
1467
1468 /* *
1469 * @tc.name: SetRetentionState004
1470 * @tc.desc: SetRetentionState.
1471 * @tc.type: FUNC
1472 * @tc.require:
1473 */
1474 HWTEST_F(DlpPermissionKitTest, SetRetentionState004, TestSize.Level0)
1475 {
1476 DLP_LOG_DEBUG(LABEL, "Start SetRetentionState004.");
1477 std::vector<std::string> vec;
1478 (void)DlpPermissionKit::SetRetentionState(vec);
1479 ASSERT_TRUE(TestSetSelfTokenId(g_dlpManagerTokenId));
1480 }
1481
1482 /* *
1483 * @tc.name: CancelRetentionState004
1484 * @tc.desc: CancelRetentionState.
1485 * @tc.type: FUNC
1486 * @tc.require:
1487 */
1488 HWTEST_F(DlpPermissionKitTest, CancelRetentionState004, TestSize.Level0)
1489 {
1490 DLP_LOG_DEBUG(LABEL, "Start CancelRetentionState004.");
1491 std::vector<std::string> vec;
1492 (void)DlpPermissionKit::CancelRetentionState(vec);
1493 ASSERT_TRUE(TestSetSelfTokenId(g_dlpManagerTokenId));
1494 }
1495
1496 /* *
1497 * @tc.name: GetRetentionSandboxList004
1498 * @tc.desc: GetRetentionSandboxList.
1499 * @tc.type: FUNC
1500 * @tc.require:
1501 */
1502 HWTEST_F(DlpPermissionKitTest, GetRetentionSandboxList004, TestSize.Level0)
1503 {
1504 DLP_LOG_DEBUG(LABEL, "Start GetRetentionSandboxList004.");
1505 std::vector<RetentionSandBoxInfo> vec;
1506 (void)DlpPermissionKit::GetRetentionSandboxList(DLP_MANAGER_APP, vec);
1507 ASSERT_TRUE(TestSetSelfTokenId(g_dlpManagerTokenId));
1508 }
1509
1510 /* *
1511 * @tc.name: GetDLPFileVisitRecord004
1512 * @tc.desc: GetDLPFileVisitRecord.
1513 * @tc.type: FUNC
1514 * @tc.require:
1515 */
1516 HWTEST_F(DlpPermissionKitTest, GetDLPFileVisitRecord004, TestSize.Level0)
1517 {
1518 DLP_LOG_DEBUG(LABEL, "Start GetDLPFileVisitRecord004.");
1519 std::vector<VisitedDLPFileInfo> vec;
1520 (void)DlpPermissionKit::GetDLPFileVisitRecord(vec);
1521 ASSERT_TRUE(TestSetSelfTokenId(g_dlpManagerTokenId));
1522 }
1523
1524 /* *
1525 * @tc.name: SetDlpFeature001
1526 * @tc.desc: SetDlpFeature test dlpFeatureInfo 0
1527 * @tc.type: FUNC
1528 * @tc.require:
1529 */
1530 HWTEST_F(DlpPermissionKitTest, SetDlpFeature001, TestSize.Level0)
1531 {
1532 DLP_LOG_DEBUG(LABEL, "SetDlpFeature001");
1533 uint32_t dlpFeatureInfo = 0;
1534 bool statusSetInfo;
1535 int32_t ret = DlpPermissionKit::SetDlpFeature(dlpFeatureInfo, statusSetInfo);
1536 ASSERT_TRUE(ret != DLP_CALLBACK_SA_WORK_ABNORMAL);
1537 }
1538
1539 /* *
1540 * @tc.name: SetDlpFeature002
1541 * @tc.desc: SetDlpFeature test dlpFeatureInfo 1
1542 * @tc.type: FUNC
1543 * @tc.require:
1544 */
1545 HWTEST_F(DlpPermissionKitTest, SetDlpFeature002, TestSize.Level0)
1546 {
1547 DLP_LOG_DEBUG(LABEL, "SetDlpFeature002");
1548 uint32_t dlpFeatureInfo = 1;
1549 bool statusSetInfo;
1550 int32_t ret = DlpPermissionKit::SetDlpFeature(dlpFeatureInfo, statusSetInfo);
1551 ASSERT_TRUE(ret != DLP_CALLBACK_SA_WORK_ABNORMAL);
1552 }
1553 } // namespace DlpPermission
1554 } // namespace Security
1555 } // namespace OHOS
1556