1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "permission_policy_test.h"
16
17 #include <string>
18 #include "dlp_permission.h"
19 #include "dlp_permission_log.h"
20
21 namespace OHOS {
22 namespace Security {
23 namespace DlpPermission {
24 using namespace testing::ext;
25 using namespace OHOS;
26 using namespace OHOS::Security::DlpPermission;
27 using namespace std::chrono;
28
29 namespace {
30 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {
31 LOG_CORE, SECURITY_DOMAIN_DLP_PERMISSION, "PermissionPolicyTest"};
32 const uint32_t MAX_ACCOUNT_SIZE = 1024;
33 const uint32_t MAX_ACCOUNT_NUM = 100;
34 const uint32_t AES_KEY_LEN = 16;
35 const uint32_t IV_LEN = 16;
36 const uint64_t EXPIRY_TEN_MINUTE = 60 * 10;
37
GetCurrentTimeSec(void)38 uint64_t GetCurrentTimeSec(void)
39 {
40 return static_cast<uint64_t>(duration_cast<seconds>(system_clock::now().time_since_epoch()).count());
41 }
42
NewUserSample(AuthUserInfo & user)43 void NewUserSample(AuthUserInfo& user)
44 {
45 user.authAccount = "allowAccountA";
46 user.authPerm = DLPFileAccess::FULL_CONTROL;
47 user.permExpiryTime = GetCurrentTimeSec() + EXPIRY_TEN_MINUTE;
48 user.authAccountType = CLOUD_ACCOUNT;
49 }
50
InitNormalPolicy(std::shared_ptr<PermissionPolicy> & policy)51 void InitNormalPolicy(std::shared_ptr<PermissionPolicy>& policy)
52 {
53 policy->ownerAccount_ = "testAccount";
54 policy->ownerAccountId_ = "testAccountId";
55 policy->ownerAccountType_ = CLOUD_ACCOUNT;
56 policy->aeskey_ = new (std::nothrow) uint8_t[16];
57 policy->aeskeyLen_ = AES_KEY_LEN;
58 policy->iv_ = new (std::nothrow) uint8_t[16];
59 policy->ivLen_ = IV_LEN;
60
61 AuthUserInfo user;
62 NewUserSample(user);
63 policy->authUsers_.emplace_back(user);
64 }
65 }
66
SetUpTestCase()67 void PermissionPolicyTest::SetUpTestCase() {}
68
TearDownTestCase()69 void PermissionPolicyTest::TearDownTestCase() {}
70
SetUp()71 void PermissionPolicyTest::SetUp() {}
72
TearDown()73 void PermissionPolicyTest::TearDown() {}
74
75 /**
76 * @tc.name: PermissionPolicy001
77 * @tc.desc: PermissionPolicy construct test
78 * @tc.type: FUNC
79 * @tc.require:
80 */
81 HWTEST_F(PermissionPolicyTest, PermissionPolicyConstruct001, TestSize.Level1)
82 {
83 DLP_LOG_INFO(LABEL, "PermissionPolicyConstruct001");
84 std::shared_ptr<PermissionPolicy> policy = std::make_shared<PermissionPolicy>();
85 ASSERT_NE(policy, nullptr);
86 policy = nullptr;
87 }
88
89 /**
90 ,* @tc.name: IsValid001
91 * @tc.desc: IsValid normal test
92 * @tc.type: FUNC
93 * @tc.require:
94 */
95 HWTEST_F(PermissionPolicyTest, IsValid001, TestSize.Level1)
96 {
97 DLP_LOG_INFO(LABEL, "IsValid001");
98
99 std::shared_ptr<PermissionPolicy> policy = std::make_shared<PermissionPolicy>();
100 ASSERT_NE(policy, nullptr);
101
102 InitNormalPolicy(policy);
103
104 ASSERT_TRUE(policy->IsValid());
105 delete[] policy->iv_;
106 policy->iv_ = nullptr;
107 policy->ivLen_ = 0;
108 delete[] policy->aeskey_;
109 policy->aeskey_ = nullptr;
110 policy->aeskeyLen_ = 0;
111 }
112
113 /**
114 * @tc.name: IsValid002
115 * @tc.desc: IsValid owner abnormal test
116 * @tc.type: FUNC
117 * @tc.require:
118 */
119 HWTEST_F(PermissionPolicyTest, IsValid002, TestSize.Level1)
120 {
121 DLP_LOG_INFO(LABEL, "IsValid002");
122 std::shared_ptr<PermissionPolicy> policy = std::make_shared<PermissionPolicy>();
123 ASSERT_NE(policy, nullptr);
124
125 InitNormalPolicy(policy);
126
127 // empty ownerAccount
128 policy->ownerAccount_ = "";
129 ASSERT_FALSE(policy->IsValid());
130
131 // ownerAccount name len > MAX_ACCOUNT_SIZE
132 std::string invalidPerm(MAX_ACCOUNT_SIZE + 1, 'a');
133 policy->ownerAccount_ = invalidPerm;
134 ASSERT_FALSE(policy->IsValid());
135 delete[] policy->iv_;
136 policy->iv_ = nullptr;
137 policy->ivLen_ = 0;
138 delete[] policy->aeskey_;
139 policy->aeskey_ = nullptr;
140 policy->aeskeyLen_ = 0;
141 }
142
143 /**
144 * @tc.name: IsValid003
145 * @tc.desc: IsValid account type abnormal test
146 * @tc.type: FUNC
147 * @tc.require:
148 */
149 HWTEST_F(PermissionPolicyTest, IsValid003, TestSize.Level1)
150 {
151 DLP_LOG_INFO(LABEL, "IsValid003");
152 std::shared_ptr<PermissionPolicy> policy = std::make_shared<PermissionPolicy>();
153 ASSERT_NE(policy, nullptr);
154
155 InitNormalPolicy(policy);
156
157 // account INVALID_ACCOUNT
158 policy->ownerAccountType_ = INVALID_ACCOUNT;
159 ASSERT_FALSE(policy->IsValid());
160
161 // account APPLICATION_ACCOUNT + 1
162 policy->ownerAccountType_ = static_cast<DlpAccountType>(APPLICATION_ACCOUNT + 1);
163 ASSERT_FALSE(policy->IsValid());
164 delete[] policy->iv_;
165 policy->iv_ = nullptr;
166 policy->ivLen_ = 0;
167 delete[] policy->aeskey_;
168 policy->aeskey_ = nullptr;
169 policy->aeskeyLen_ = 0;
170 }
171
172 /**
173 * @tc.name: IsValid004
174 * @tc.desc: IsValid aes key abnormal test
175 * @tc.type: FUNC
176 * @tc.require:
177 */
178 HWTEST_F(PermissionPolicyTest, IsValid004, TestSize.Level1)
179 {
180 DLP_LOG_INFO(LABEL, "IsValid004");
181 std::shared_ptr<PermissionPolicy> policy = std::make_shared<PermissionPolicy>();
182 ASSERT_NE(policy, nullptr);
183
184 InitNormalPolicy(policy);
185
186 // aeskey len is 0
187 policy->aeskeyLen_ = 0;
188 ASSERT_FALSE(policy->IsValid());
189
190 // aeskey is null
191 delete[] policy->aeskey_;
192 policy->aeskey_ = nullptr;
193 policy->aeskeyLen_ = AES_KEY_LEN;
194 ASSERT_FALSE(policy->IsValid());
195 delete[] policy->iv_;
196 policy->iv_ = nullptr;
197 policy->ivLen_ = 0;
198 }
199
200 /**
201 * @tc.name: IsValid005
202 * @tc.desc: IsValid iv key abnormal test
203 * @tc.type: FUNC
204 * @tc.require:
205 */
206 HWTEST_F(PermissionPolicyTest, IsValid005, TestSize.Level1)
207 {
208 DLP_LOG_INFO(LABEL, "IsValid005");
209 std::shared_ptr<PermissionPolicy> policy = std::make_shared<PermissionPolicy>();
210 ASSERT_NE(policy, nullptr);
211
212 InitNormalPolicy(policy);
213
214 // iv len is 0
215 policy->ivLen_ = 0;
216 ASSERT_FALSE(policy->IsValid());
217
218 // iv is null
219 delete[] policy->iv_;
220 policy->iv_ = nullptr;
221 policy->ivLen_ = AES_KEY_LEN;
222 ASSERT_FALSE(policy->IsValid());
223 delete[] policy->aeskey_;
224 policy->aeskey_ = nullptr;
225 policy->aeskeyLen_ = 0;
226 }
227
228 /**
229 * @tc.name: IsValid006
230 * @tc.desc: IsValid auth info key abnormal test
231 * @tc.type: FUNC
232 * @tc.require:
233 */
234 HWTEST_F(PermissionPolicyTest, IsValid006, TestSize.Level1)
235 {
236 DLP_LOG_INFO(LABEL, "IsValid006");
237 std::shared_ptr<PermissionPolicy> policy = std::make_shared<PermissionPolicy>();
238 ASSERT_NE(policy, nullptr);
239
240 InitNormalPolicy(policy);
241
242 // 1. test user account
243 // auth user account empty
244 policy->authUsers_[0].authAccount = "";
245 EXPECT_FALSE(policy->IsValid());
246
247 // restore
248 policy->authUsers_[0].authAccount = "test";
249
250 // 2. test auth perm
251 // auth perm DEFAULT
252 policy->authUsers_[0].authPerm = DLPFileAccess::NO_PERMISSION;
253 EXPECT_FALSE(policy->IsValid());
254
255 // restore
256 policy->authUsers_[0].authPerm = DLPFileAccess::FULL_CONTROL;
257
258 // 3. test expiryTime
259 // expiryTime 0
260 policy->authUsers_[0].permExpiryTime = 0;
261 EXPECT_FALSE(policy->IsValid());
262
263 // restore
264 policy->authUsers_[0].permExpiryTime = GetCurrentTimeSec() + 1000;
265
266 // 4. test auth account type
267 policy->authUsers_[0].authAccountType = INVALID_ACCOUNT;
268 EXPECT_FALSE(policy->IsValid());
269
270 // restore
271 policy->authUsers_[0].authAccountType = APPLICATION_ACCOUNT;
272
273 // 5. max + 1 user size
274 for (unsigned int i = 0; i < MAX_ACCOUNT_NUM; i++) {
275 AuthUserInfo user;
276 NewUserSample(user);
277 policy->authUsers_.emplace_back(user);
278 }
279 EXPECT_FALSE(policy->IsValid());
280 delete[] policy->iv_;
281 policy->iv_ = nullptr;
282 policy->ivLen_ = 0;
283 delete[] policy->aeskey_;
284 policy->aeskey_ = nullptr;
285 policy->aeskeyLen_ = 0;
286 }
287
288 /**
289 * @tc.name: IsValid007
290 * @tc.desc: IsValid owner abnormal test
291 * @tc.type: FUNC
292 * @tc.require:
293 */
294 HWTEST_F(PermissionPolicyTest, IsValid007, TestSize.Level1)
295 {
296 DLP_LOG_INFO(LABEL, "IsValid002");
297 std::shared_ptr<PermissionPolicy> policy = std::make_shared<PermissionPolicy>();
298 ASSERT_NE(policy, nullptr);
299
300 InitNormalPolicy(policy);
301
302 // empty ownerAccount
303 policy->ownerAccountId_ = "";
304 ASSERT_FALSE(policy->IsValid());
305
306 // ownerAccount name len > MAX_ACCOUNT_SIZE
307 std::string invalidPerm(MAX_ACCOUNT_SIZE + 1, 'a');
308 policy->ownerAccountId_ = invalidPerm;
309 ASSERT_FALSE(policy->IsValid());
310 delete[] policy->iv_;
311 policy->iv_ = nullptr;
312 policy->ivLen_ = 0;
313 delete[] policy->aeskey_;
314 policy->aeskey_ = nullptr;
315 policy->aeskeyLen_ = 0;
316 }
317
318 /**
319 * @tc.name: SetAesKey001
320 * @tc.desc: SetAesKey test
321 * @tc.type: FUNC
322 * @tc.require:
323 */
324
325 HWTEST_F(PermissionPolicyTest, SetAesKey001, TestSize.Level1)
326 {
327 DLP_LOG_INFO(LABEL, "SetAesKey001");
328 std::shared_ptr<PermissionPolicy> policy = std::make_shared<PermissionPolicy>();
329 ASSERT_NE(policy, nullptr);
330
331 InitNormalPolicy(policy);
332
333 // set aes key len invalid
334 uint8_t tmpAeskey[AES_KEY_LEN] = {0};
335 policy->SetAeskey(tmpAeskey, AES_KEY_LEN + 1);
336 ASSERT_NE(policy->aeskeyLen_, AES_KEY_LEN + 1);
337
338 // set aes key null
339 policy->SetAeskey(nullptr, AES_KEY_LEN);
340 ASSERT_EQ(policy->aeskey_, nullptr);
341 delete[] policy->iv_;
342 policy->iv_ = nullptr;
343 policy->ivLen_ = 0;
344 }
345
346 /**
347 * @tc.name: SetIv001
348 * @tc.desc: SetIv test
349 * @tc.type: FUNC
350 * @tc.require:
351 */
352 HWTEST_F(PermissionPolicyTest, SetIv001, TestSize.Level1)
353 {
354 DLP_LOG_INFO(LABEL, "SetIv001");
355 std::shared_ptr<PermissionPolicy> policy = std::make_shared<PermissionPolicy>();
356 ASSERT_NE(policy, nullptr);
357
358 InitNormalPolicy(policy);
359
360 // set iv len invalid
361 uint8_t tmpIvkey[IV_LEN] = {0};
362 policy->SetIv(tmpIvkey, IV_LEN + 1);
363 ASSERT_NE(policy->ivLen_, AES_KEY_LEN + 1);
364
365 // set iv null
366 policy->SetIv(nullptr, IV_LEN);
367 ASSERT_EQ(policy->iv_, nullptr);
368 delete[] policy->aeskey_;
369 policy->aeskey_ = nullptr;
370 policy->aeskeyLen_ = 0;
371 }
372
373 /**
374 * @tc.name: CopyPermissionPolicy001
375 * @tc.desc: SetIv test
376 * @tc.type: FUNC
377 * @tc.require:
378 */
379 HWTEST_F(PermissionPolicyTest, CopyPermissionPolicy001, TestSize.Level1)
380 {
381 DLP_LOG_INFO(LABEL, "CopyPermissionPolicy001");
382 std::shared_ptr<PermissionPolicy> policySrc = std::make_shared<PermissionPolicy>();
383 ASSERT_NE(policySrc, nullptr);
384 InitNormalPolicy(policySrc);
385
386 std::shared_ptr<PermissionPolicy> policyDest = std::make_shared<PermissionPolicy>();
387 ASSERT_NE(policyDest, nullptr);
388
389 // 1. make policySrc invalid
390 policySrc->ownerAccount_ = "";
391 policyDest->CopyPermissionPolicy(*policySrc);
392 ASSERT_EQ(policyDest->aeskey_, nullptr);
393
394 // 2. make policySrc valid
395 policySrc->ownerAccount_ = "testAccount";
396 policyDest->CopyPermissionPolicy(*policySrc);
397 ASSERT_NE(policyDest->aeskey_, nullptr);
398 delete[] policySrc->iv_;
399 policySrc->iv_ = nullptr;
400 policySrc->ivLen_ = 0;
401 delete[] policySrc->aeskey_;
402 policySrc->aeskey_ = nullptr;
403 policySrc->aeskeyLen_ = 0;
404 delete[] policyDest->iv_;
405 policyDest->iv_ = nullptr;
406 policyDest->ivLen_ = 0;
407 delete[] policyDest->aeskey_;
408 policyDest->aeskey_ = nullptr;
409 policyDest->aeskeyLen_ = 0;
410 }
411 } // namespace DlpPermission
412 } // namespace Security
413 } // namespace OHOS