• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2025 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #include "privacy_test_common.h"
16 #include "gtest/gtest.h"
17 #include <thread>
18 
19 namespace OHOS {
20 namespace Security {
21 namespace AccessToken {
22 namespace {
23 std::mutex g_lockSetToken;
24 uint64_t g_shellTokenId = 0;
25 }
SetTestEvironment(uint64_t shellTokenId)26 void PrivacyTestCommon::SetTestEvironment(uint64_t shellTokenId)
27 {
28     std::lock_guard<std::mutex> lock(g_lockSetToken);
29     g_shellTokenId = shellTokenId;
30 }
31 
ResetTestEvironment()32 void PrivacyTestCommon::ResetTestEvironment()
33 {
34     std::lock_guard<std::mutex> lock(g_lockSetToken);
35     g_shellTokenId = 0;
36 }
37 
GetShellTokenId()38 uint64_t PrivacyTestCommon::GetShellTokenId()
39 {
40     std::lock_guard<std::mutex> lock(g_lockSetToken);
41     return g_shellTokenId;
42 }
43 
AllocTestHapToken(const HapInfoParams & hapInfo,HapPolicyParams & hapPolicy)44 AccessTokenIDEx PrivacyTestCommon::AllocTestHapToken(const HapInfoParams& hapInfo, HapPolicyParams& hapPolicy)
45 {
46     AccessTokenIDEx tokenIdEx = {0};
47     uint64_t selfTokenId = GetSelfTokenID();
48     for (auto& permissionStateFull : hapPolicy.permStateList) {
49         PermissionDef permDefResult;
50         if (AccessTokenKit::GetDefPermission(permissionStateFull.permissionName, permDefResult) != RET_SUCCESS) {
51             continue;
52         }
53         if (permDefResult.availableLevel > hapPolicy.apl) {
54             hapPolicy.aclRequestedList.emplace_back(permissionStateFull.permissionName);
55         }
56     }
57     if (PrivacyTestCommon::GetNativeTokenIdFromProcess("foundation") == selfTokenId) {
58         AccessTokenKit::InitHapToken(hapInfo, hapPolicy, tokenIdEx);
59     } else {
60         // set sh token for self
61         MockNativeToken mock("foundation");
62         AccessTokenKit::InitHapToken(hapInfo, hapPolicy, tokenIdEx);
63 
64         // restore
65         EXPECT_EQ(0, SetSelfTokenID(selfTokenId));
66     }
67     return tokenIdEx;
68 }
69 
DeleteTestHapToken(AccessTokenID tokenID)70 int32_t PrivacyTestCommon::DeleteTestHapToken(AccessTokenID tokenID)
71 {
72     uint64_t selfTokenId = GetSelfTokenID();
73     if (PrivacyTestCommon::GetNativeTokenIdFromProcess("foundation") == selfTokenId) {
74         return AccessTokenKit::DeleteToken(tokenID);
75     }
76 
77     // set sh token for self
78     MockNativeToken mock("foundation");
79 
80     int32_t ret = AccessTokenKit::DeleteToken(tokenID);
81     // restore
82     EXPECT_EQ(0, SetSelfTokenID(selfTokenId));
83     return ret;
84 }
85 
GetNativeTokenIdFromProcess(const std::string & process)86 AccessTokenID PrivacyTestCommon::GetNativeTokenIdFromProcess(const std::string &process)
87 {
88     uint64_t selfTokenId = GetSelfTokenID();
89     EXPECT_EQ(0, SetSelfTokenID(PrivacyTestCommon::GetShellTokenId())); // set shell token
90 
91     std::string dumpInfo;
92     AtmToolsParamInfo info;
93     info.processName = process;
94     AccessTokenKit::DumpTokenInfo(info, dumpInfo);
95     size_t pos = dumpInfo.find("\"tokenID\": ");
96     if (pos == std::string::npos) {
97         return 0;
98     }
99     pos += std::string("\"tokenID\": ").length();
100     std::string numStr;
101     while (pos < dumpInfo.length() && std::isdigit(dumpInfo[pos])) {
102         numStr += dumpInfo[pos];
103         ++pos;
104     }
105     // restore
106     EXPECT_EQ(0, SetSelfTokenID(selfTokenId));
107 
108     std::istringstream iss(numStr);
109     AccessTokenID tokenID;
110     iss >> tokenID;
111     return tokenID;
112 }
113 
114 // need call by native process
GetHapTokenIdFromBundle(int32_t userID,const std::string & bundleName,int32_t instIndex)115 AccessTokenIDEx PrivacyTestCommon::GetHapTokenIdFromBundle(
116     int32_t userID, const std::string& bundleName, int32_t instIndex)
117 {
118     uint64_t selfTokenId = GetSelfTokenID();
119     ATokenTypeEnum type = AccessTokenKit::GetTokenTypeFlag(static_cast<AccessTokenID>(selfTokenId));
120     if (type != TOKEN_NATIVE) {
121         AccessTokenID tokenId1 = GetNativeTokenIdFromProcess("privacy_service");
122         EXPECT_EQ(0, SetSelfTokenID(tokenId1));
123     }
124     AccessTokenIDEx tokenIdEx = AccessTokenKit::GetHapTokenIDEx(userID, bundleName, instIndex);
125 
126     EXPECT_EQ(0, SetSelfTokenID(selfTokenId));
127     return tokenIdEx;
128 }
129 
MockNativeToken(const std::string & process)130 MockNativeToken::MockNativeToken(const std::string& process)
131 {
132     selfToken_ = GetSelfTokenID();
133     uint32_t tokenId = PrivacyTestCommon::GetNativeTokenIdFromProcess(process);
134     SetSelfTokenID(tokenId);
135 }
136 
~MockNativeToken()137 MockNativeToken::~MockNativeToken()
138 {
139     SetSelfTokenID(selfToken_);
140 }
141 
MockHapToken(const std::string & bundle,const std::vector<std::string> & reqPerm,bool isSystemApp)142 MockHapToken::MockHapToken(
143     const std::string& bundle, const std::vector<std::string>& reqPerm, bool isSystemApp)
144 {
145     selfToken_ = GetSelfTokenID();
146     HapInfoParams infoParams = {
147         .userID = 0,
148         .bundleName = bundle,
149         .instIndex = 0,
150         .appIDDesc = "AccessTokenTestAppID",
151         .apiVersion = PrivacyTestCommon::DEFAULT_API_VERSION,
152         .isSystemApp = isSystemApp,
153         .appDistributionType = "",
154     };
155 
156     HapPolicyParams policyParams = {
157         .apl = APL_NORMAL,
158         .domain = "accesstoken_test_domain",
159     };
160     for (size_t i = 0; i < reqPerm.size(); ++i) {
161         PermissionDef permDefResult;
162         if (AccessTokenKit::GetDefPermission(reqPerm[i], permDefResult) != RET_SUCCESS) {
163             continue;
164         }
165         PermissionStateFull permState = {
166             .permissionName = reqPerm[i],
167             .isGeneral = true,
168             .resDeviceID = {"local3"},
169             .grantStatus = {PermissionState::PERMISSION_DENIED},
170             .grantFlags = {PermissionFlag::PERMISSION_DEFAULT_FLAG}
171         };
172         policyParams.permStateList.emplace_back(permState);
173         if (permDefResult.availableLevel > policyParams.apl) {
174             policyParams.aclRequestedList.emplace_back(reqPerm[i]);
175         }
176     }
177 
178     AccessTokenIDEx tokenIdEx = PrivacyTestCommon::AllocTestHapToken(infoParams, policyParams);
179     mockToken_= tokenIdEx.tokenIdExStruct.tokenID;
180     EXPECT_NE(mockToken_, INVALID_TOKENID);
181     EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx));
182 }
183 
~MockHapToken()184 MockHapToken::~MockHapToken()
185 {
186     if (mockToken_ != INVALID_TOKENID) {
187         EXPECT_EQ(0, PrivacyTestCommon::DeleteTestHapToken(mockToken_));
188     }
189     EXPECT_EQ(0, SetSelfTokenID(selfToken_));
190 }
191 }  // namespace SecurityComponent
192 }  // namespace Security
193 }  // namespace OHOS