1 /*
2 * Copyright (c) 2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "accesstoken_db_consistency_test.h"
17 #include "gtest/gtest.h"
18
19 #include "access_token_db.h"
20 #include "access_token_error.h"
21 #include "accesstoken_info_manager.h"
22 #include "atm_tools_param_info_parcel.h"
23 #include "parameters.h"
24 #include "permission_manager.h"
25 #include "permission_map.h"
26 #include "token_field_const.h"
27
28 using namespace testing::ext;
29 using namespace OHOS;
30
31 namespace OHOS {
32 namespace Security {
33 namespace AccessToken {
34 namespace {
35 static constexpr int32_t USER_ID = 100;
36 static constexpr int32_t INST_INDEX = 0;
37 static constexpr int32_t API_VERSION_9 = 9;
38
39 static PermissionStatus g_state1 = { // user grant permission
40 .permissionName = "ohos.permission.WRITE_CALENDAR",
41 .grantStatus = static_cast<int32_t>(PermissionState::PERMISSION_DENIED),
42 .grantFlag = static_cast<uint32_t>(PermissionFlag::PERMISSION_DEFAULT_FLAG)
43 };
44
45 static PermissionStatus g_state2 = { // system core and granted
46 .permissionName = "ohos.permission.POWER_MANAGER",
47 .grantStatus = static_cast<int32_t>(PermissionState::PERMISSION_GRANTED),
48 .grantFlag = static_cast<uint32_t>(PermissionFlag::PERMISSION_SYSTEM_FIXED)
49 };
50
51 static PermissionStatus g_state3 = { // system grant permission
52 .permissionName = "ohos.permission.REFRESH_USER_ACTION",
53 .grantStatus = static_cast<int32_t>(PermissionState::PERMISSION_DENIED),
54 .grantFlag = static_cast<uint32_t>(PermissionFlag::PERMISSION_DEFAULT_FLAG)
55 };
56
57 static PermissionStatus g_state4 = { // system grant permission
58 .permissionName = "ohos.permission.REFRESH_USER_ACTION",
59 .grantStatus = static_cast<int32_t>(PermissionState::PERMISSION_GRANTED),
60 .grantFlag = static_cast<uint32_t>(PermissionFlag::PERMISSION_SYSTEM_FIXED)
61 };
62
63 static PermissionStatus g_state5 = { // system grant permission
64 .permissionName = "ohos.permission.READ_SCREEN_SAVER",
65 .grantStatus = static_cast<int32_t>(PermissionState::PERMISSION_GRANTED),
66 .grantFlag = static_cast<uint32_t>(PermissionFlag::PERMISSION_SYSTEM_FIXED)
67 };
68
69 static PermissionStatus g_state6 = { // system grant permission
70 .permissionName = "ohos.permission.MANAGE_LOCAL_ACCOUNTS",
71 .grantStatus = static_cast<int32_t>(PermissionState::PERMISSION_DENIED),
72 .grantFlag = static_cast<uint32_t>(PermissionFlag::PERMISSION_DEFAULT_FLAG)
73 };
74
75 static HapInfoParams g_info = { // system app
76 .userID = USER_ID,
77 .bundleName = "AccessTokenDbConsistencyTest",
78 .instIndex = INST_INDEX,
79 .dlpType = static_cast<int>(HapDlpType::DLP_COMMON),
80 .apiVersion = API_VERSION_9,
81 .isSystemApp = true,
82 .appIDDesc = "AccessTokenDbConsistencyTestDesc",
83 };
84
85 static HapPolicy g_policy = {
86 .apl = ATokenAplEnum::APL_SYSTEM_CORE,
87 .domain = "test.domain",
88 .permStateList = {g_state1, g_state2, g_state3},
89 };
90 }
91
SetUpTestCase()92 void AccessTokenDbConsistencyTest::SetUpTestCase()
93 {
94 }
95
TearDownTestCase()96 void AccessTokenDbConsistencyTest::TearDownTestCase()
97 {
98 }
99
SetUp()100 void AccessTokenDbConsistencyTest::SetUp()
101 {
102 atManagerService_ = DelayedSingleton<AccessTokenManagerService>::GetInstance();
103 EXPECT_NE(nullptr, atManagerService_);
104 }
105
TearDown()106 void AccessTokenDbConsistencyTest::TearDown()
107 {
108 atManagerService_ = nullptr;
109 }
110
CreateHapToken(const HapInfoParcel & infoParCel,const HapPolicyParcel & policyParcel,AccessTokenID & tokenId,std::map<int32_t,int32_t> & tokenIdAplMap,bool hasInit)111 void AccessTokenDbConsistencyTest::CreateHapToken(const HapInfoParcel& infoParCel, const HapPolicyParcel& policyParcel,
112 AccessTokenID& tokenId, std::map<int32_t, int32_t>& tokenIdAplMap, bool hasInit)
113 {
114 if (!hasInit) {
115 atManagerService_->Initialize();
116 }
117
118 uint64_t fullTokenId;
119 HapInfoCheckResultIdl result;
120 int32_t res = atManagerService_->InitHapToken(infoParCel, policyParcel, fullTokenId, result);
121 ASSERT_EQ(RET_SUCCESS, res);
122
123 AccessTokenIDEx tokenIDEx;
124 tokenIDEx.tokenIDEx = fullTokenId;
125 tokenId = tokenIDEx.tokenIdExStruct.tokenID;
126 ASSERT_NE(INVALID_TOKENID, tokenId);
127 tokenIdAplMap[static_cast<int32_t>(tokenId)] = g_policy.apl;
128 }
129
130 /**
131 * @tc.name: CreateHapTokenCompareTest001
132 * @tc.desc: test consistency between cache & DB after add hap
133 * @tc.type: FUNC
134 * @tc.require:
135 */
136 HWTEST_F(AccessTokenDbConsistencyTest, CreateHapTokenCompareTest001, TestSize.Level0)
137 {
138 HapInfoParcel infoParCel;
139 infoParCel.hapInfoParameter = g_info;
140 HapPolicyParcel policyParcel;
141 policyParcel.hapPolicy = g_policy;
142 AccessTokenID tokenId;
143 std::map<int32_t, int32_t> tokenIdAplMap;
144 CreateHapToken(infoParCel, policyParcel, tokenId, tokenIdAplMap);
145
146 // compare after add
147 GenericValues conditionValue;
148 conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenId));
149 std::vector<GenericValues> results;
150 EXPECT_EQ(RET_SUCCESS, AccessTokenDb::GetInstance()->Find(
151 AtmDataType::ACCESSTOKEN_PERMISSION_STATE, conditionValue, results));
152 EXPECT_EQ(policyParcel.hapPolicy.permStateList.size(), results.size()); // size is 3
153 for (auto const &val : results) {
154 std::string perm = val.GetString(TokenFiledConst::FIELD_PERMISSION_NAME);
155 auto it = std::find_if(policyParcel.hapPolicy.permStateList.begin(), policyParcel.hapPolicy.permStateList.end(),
__anona7d8a3a40202(const PermissionStatus &status) 156 [&perm](const PermissionStatus &status) { return status.permissionName == perm; });
157 EXPECT_TRUE(it != policyParcel.hapPolicy.permStateList.end());
158 EXPECT_EQ(atManagerService_->VerifyAccessToken(tokenId, perm), val.GetInt(TokenFiledConst::FIELD_GRANT_STATE));
159 }
160
161 std::vector<GenericValues> results2;
162 EXPECT_EQ(RET_SUCCESS, AccessTokenDb::GetInstance()->Find(
163 AtmDataType::ACCESSTOKEN_HAP_INFO, conditionValue, results2));
164 EXPECT_EQ(1, results2.size());
165
166 EXPECT_EQ(RET_SUCCESS, atManagerService_->DeleteToken(tokenId));
167 }
168
169 /**
170 * @tc.name: UpdateHapTokenCompareTest001
171 * @tc.desc: test consistency between cache & DB after update hap
172 * @tc.type: FUNC
173 * @tc.require:
174 */
175 HWTEST_F(AccessTokenDbConsistencyTest, UpdateHapTokenCompareTest001, TestSize.Level0)
176 {
177 HapInfoParcel infoParCel;
178 infoParCel.hapInfoParameter = g_info;
179 HapPolicyParcel policyParcel;
180 policyParcel.hapPolicy = g_policy;
181 AccessTokenID tokenId;
182 std::map<int32_t, int32_t> tokenIdAplMap;
183 CreateHapToken(infoParCel, policyParcel, tokenId, tokenIdAplMap);
184
185 // update hap
186 uint64_t fullTokenId;
187 AccessTokenIDEx tokenIDEx;
188 tokenIDEx.tokenIdExStruct.tokenID = tokenId;
189 fullTokenId = tokenIDEx.tokenIDEx;
190 policyParcel.hapPolicy.permStateList = {g_state2, g_state4, g_state5, g_state6};
191 UpdateHapInfoParamsIdl infoIdl;
192 infoIdl.appIDDesc = g_info.appIDDesc;
193 infoIdl.apiVersion = g_info.apiVersion;
194 infoIdl.isSystemApp = g_info.isSystemApp;
195 infoIdl.appDistributionType = g_info.appDistributionType;
196 infoIdl.isAtomicService = g_info.isAtomicService;
197 infoIdl.dataRefresh = true;
198 HapInfoCheckResultIdl resultInfoIdl;
199 EXPECT_EQ(RET_SUCCESS, atManagerService_->UpdateHapToken(fullTokenId, infoIdl, policyParcel, resultInfoIdl));
200
201 // compare after update
202 GenericValues conditionValue;
203 conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenId));
204 std::vector<GenericValues> results;
205 EXPECT_EQ(RET_SUCCESS, AccessTokenDb::GetInstance()->Find(
206 AtmDataType::ACCESSTOKEN_PERMISSION_STATE, conditionValue, results));
207 EXPECT_EQ(policyParcel.hapPolicy.permStateList.size(), results.size()); // size is 4
208 for (auto const &val : results) {
209 std::string perm = val.GetString(TokenFiledConst::FIELD_PERMISSION_NAME);
210 auto it = std::find_if(policyParcel.hapPolicy.permStateList.begin(), policyParcel.hapPolicy.permStateList.end(),
__anona7d8a3a40302(const PermissionStatus &status) 211 [&perm](const PermissionStatus &status) { return status.permissionName == perm; });
212 EXPECT_TRUE(it != policyParcel.hapPolicy.permStateList.end());
213 EXPECT_EQ(atManagerService_->VerifyAccessToken(tokenId, perm), val.GetInt(TokenFiledConst::FIELD_GRANT_STATE));
214 }
215
216 std::vector<GenericValues> results2;
217 EXPECT_EQ(RET_SUCCESS, AccessTokenDb::GetInstance()->Find(
218 AtmDataType::ACCESSTOKEN_HAP_INFO, conditionValue, results2));
219 EXPECT_EQ(1, results2.size());
220
221 EXPECT_EQ(RET_SUCCESS, atManagerService_->DeleteToken(tokenId));
222 }
223
224 /**
225 * @tc.name: UpdatePermStatusCompareTest001
226 * @tc.desc: test consistency between cache & DB after grant & revoke
227 * @tc.type: FUNC
228 * @tc.require:
229 */
230 HWTEST_F(AccessTokenDbConsistencyTest, UpdatePermStatusCompareTest001, TestSize.Level0)
231 {
232 HapInfoParcel infoParCel;
233 infoParCel.hapInfoParameter = g_info;
234 HapPolicyParcel policyParcel;
235 policyParcel.hapPolicy = g_policy;
236 AccessTokenID tokenId;
237 std::map<int32_t, int32_t> tokenIdAplMap;
238 CreateHapToken(infoParCel, policyParcel, tokenId, tokenIdAplMap);
239
240 // grant
241 PermissionManager::GetInstance().GrantPermission(
242 tokenId, g_state1.permissionName, PermissionFlag::PERMISSION_USER_FIXED);
243 PermissionManager::GetInstance().GrantPermission(
244 tokenId, g_state3.permissionName, PermissionFlag::PERMISSION_SYSTEM_FIXED);
245
246 // compare after grant
247 GenericValues conditionValue;
248 conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenId));
249 std::vector<GenericValues> results;
250 EXPECT_EQ(RET_SUCCESS, AccessTokenDb::GetInstance()->Find(
251 AtmDataType::ACCESSTOKEN_PERMISSION_STATE, conditionValue, results));
252 EXPECT_EQ(policyParcel.hapPolicy.permStateList.size(), results.size()); // size is 3
253 for (auto const &val : results) {
254 std::string perm = val.GetString(TokenFiledConst::FIELD_PERMISSION_NAME);
255 auto it = std::find_if(policyParcel.hapPolicy.permStateList.begin(), policyParcel.hapPolicy.permStateList.end(),
__anona7d8a3a40402(const PermissionStatus &status) 256 [&perm](const PermissionStatus &status) { return status.permissionName == perm; });
257 EXPECT_TRUE(it != policyParcel.hapPolicy.permStateList.end());
258 EXPECT_EQ(atManagerService_->VerifyAccessToken(tokenId, perm), val.GetInt(TokenFiledConst::FIELD_GRANT_STATE));
259 }
260
261 // revoke
262 PermissionManager::GetInstance().RevokePermission(
263 tokenId, g_state1.permissionName, PermissionFlag::PERMISSION_USER_FIXED);
264 PermissionManager::GetInstance().RevokePermission(
265 tokenId, g_state2.permissionName, PermissionFlag::PERMISSION_SYSTEM_FIXED);
266
267 // compare after revoke
268 std::vector<GenericValues> results2;
269 EXPECT_EQ(RET_SUCCESS, AccessTokenDb::GetInstance()->Find(
270 AtmDataType::ACCESSTOKEN_PERMISSION_STATE, conditionValue, results2));
271 EXPECT_EQ(policyParcel.hapPolicy.permStateList.size(), results2.size()); // size is 3
272 for (auto const &val : results2) {
273 std::string perm = val.GetString(TokenFiledConst::FIELD_PERMISSION_NAME);
274 auto it = std::find_if(policyParcel.hapPolicy.permStateList.begin(), policyParcel.hapPolicy.permStateList.end(),
__anona7d8a3a40502(const PermissionStatus &status) 275 [&perm](const PermissionStatus &status) { return status.permissionName == perm; });
276 EXPECT_TRUE(it != policyParcel.hapPolicy.permStateList.end());
277 EXPECT_EQ(atManagerService_->VerifyAccessToken(tokenId, perm), val.GetInt(TokenFiledConst::FIELD_GRANT_STATE));
278 }
279
280 std::vector<GenericValues> results3;
281 EXPECT_EQ(RET_SUCCESS, AccessTokenDb::GetInstance()->Find(
282 AtmDataType::ACCESSTOKEN_HAP_INFO, conditionValue, results3));
283 EXPECT_EQ(1, results3.size());
284
285 EXPECT_EQ(RET_SUCCESS, atManagerService_->DeleteToken(tokenId));
286 }
287
288 /**
289 * @tc.name: DeleteHapTokenCompareTest001
290 * @tc.desc: test consistency between cache & DB after delete hap
291 * @tc.type: FUNC
292 * @tc.require:
293 */
294 HWTEST_F(AccessTokenDbConsistencyTest, DeleteHapTokenCompareTest001, TestSize.Level0)
295 {
296 HapInfoParcel infoParCel;
297 infoParCel.hapInfoParameter = g_info;
298 HapPolicyParcel policyParcel;
299 policyParcel.hapPolicy = g_policy;
300 AccessTokenID tokenId;
301 std::map<int32_t, int32_t> tokenIdAplMap;
302 CreateHapToken(infoParCel, policyParcel, tokenId, tokenIdAplMap);
303
304 // delete
305 EXPECT_EQ(RET_SUCCESS, atManagerService_->DeleteToken(tokenId));
306
307 // get hap token info empty
308 HapTokenInfo hapInfo;
309 int32_t ret = AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenId, hapInfo);
310 EXPECT_EQ(ret, ERR_TOKENID_NOT_EXIST);
311
312 GenericValues conditionValue;
313 conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenId));
314 std::vector<GenericValues> results;
315 EXPECT_EQ(RET_SUCCESS, AccessTokenDb::GetInstance()->Find(
316 AtmDataType::ACCESSTOKEN_PERMISSION_STATE, conditionValue, results));
317 EXPECT_EQ(0, results.size()); // size is 0
318
319 std::vector<GenericValues> results2;
320 EXPECT_EQ(RET_SUCCESS, AccessTokenDb::GetInstance()->Find(
321 AtmDataType::ACCESSTOKEN_HAP_INFO, conditionValue, results2));
322 EXPECT_EQ(0, results2.size()); // size is 0
323 }
324 } // namespace AccessToken
325 } // namespace Security
326 } // namespace OHOS
327