1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "dlp_permission_kit_test.h"
17 #include <chrono>
18 #include <thread>
19 #include <unistd.h>
20 #include <vector>
21 #include "gtest/gtest.h"
22 #include "accesstoken_kit.h"
23 #include "dlp_permission.h"
24 #include "dlp_permission_log.h"
25 #include "dlp_sandbox_callback_info.h"
26 #include "dlp_sandbox_change_callback_customize.h"
27 #define private public
28 #include "dlp_sandbox_change_callback.h"
29 #include "hex_string.h"
30 #include "open_dlp_file_callback.h"
31 #undef private
32 #include "permission_policy.h"
33 #include "random.h"
34 #include "securec.h"
35 #include "token_setproc.h"
36 #include "visited_dlp_file_info.h"
37 #include "want.h"
38 #include "bundle_mgr_client.h"
39
40 namespace OHOS {
41 namespace Security {
42 namespace DlpPermission {
43 using namespace testing::ext;
44 using namespace OHOS::Security::AccessToken;
45
46 namespace {
47 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_DLP_PERMISSION, "DlpPermissionKitTest"};
48
49 const uint32_t ACCOUNT_LENGTH = 20;
50 const uint32_t AESKEY_LEN = 32;
51 const uint32_t IV_LEN = 32;
52 const uint32_t USER_NUM = 10;
53 const int AUTH_PERM = 1;
54 const int64_t DELTA_EXPIRY_TIME = 200;
55
56 const uint32_t INVALID_ACCOUNT_LENGTH_UPPER = 2048;
57 const uint32_t INVALID_ACCOUNT_LENGTH_LOWER = 0;
58 const uint32_t INVALID_AESKEY_LEN_UPPER = 256;
59 const uint32_t INVALID_AESKEY_LEN_LOWER = 0;
60 const uint32_t INVALID_IV_LEN_UPPER = 256;
61 const uint32_t INVALID_IV_LEN_LOWER = 0;
62 const uint32_t INVALID_USER_NUM_UPPER = 200;
63 const uint32_t INVALID_AUTH_PERM_UPPER = 5;
64 const uint32_t INVALID_AUTH_PERM_LOWER = 0;
65 const int64_t INVALID_DELTA_EXPIRY_TIME = -100;
66
67 const int32_t DEFAULT_USERID = 100;
68 const int32_t ACTION_SET_EDIT = 0xff;
69 const int32_t ACTION_SET_FC = 0x7ff;
70 static AccessTokenID g_selfTokenId = 0;
71 static AccessTokenID g_dlpManagerTokenId = 0;
72 static int32_t g_selfUid = 0;
73 const std::string DLP_MANAGER_APP = "com.ohos.dlpmanager";
74 const std::string TEST_URI = "datashare:///media/file/8";
75 const std::string TEST_UNEXIST_URI = "datashare:///media/file/1";
76 } // namespace
77
TestRecordProcessInfo()78 static void TestRecordProcessInfo()
79 {
80 g_selfTokenId = GetSelfTokenID();
81 DLP_LOG_INFO(LABEL, "get self tokenId is %{public}d", g_selfTokenId);
82 g_dlpManagerTokenId = AccessTokenKit::GetHapTokenID(DEFAULT_USERID, DLP_MANAGER_APP, 0);
83 DLP_LOG_INFO(LABEL, "get dlp manager tokenId is %{public}d", g_dlpManagerTokenId);
84 g_selfUid = getuid();
85 DLP_LOG_INFO(LABEL, "get self uid is %{public}d", g_selfUid);
86 }
87
TestSetSelfTokenId(AccessTokenID tokenId)88 static bool TestSetSelfTokenId(AccessTokenID tokenId)
89 {
90 // set tokenId can only be called by native process
91 int32_t uid = getuid();
92 if (setuid(g_selfUid) != 0) {
93 DLP_LOG_ERROR(LABEL, "setuid fail, %s", strerror(errno));
94 return false;
95 }
96
97 DLP_LOG_INFO(LABEL, "set self tokenId from %{public}u to %{public}d",
98 static_cast<unsigned int>(GetSelfTokenID()), tokenId);
99 if (SetSelfTokenID(tokenId) != DLP_OK) {
100 DLP_LOG_ERROR(LABEL, "set self tokenId fail");
101 if (setuid(uid) != 0) {
102 DLP_LOG_ERROR(LABEL, "setuid fail, %s", strerror(errno));
103 }
104 return false;
105 }
106
107 if (setuid(uid) != 0) {
108 DLP_LOG_ERROR(LABEL, "setuid fail, %s", strerror(errno));
109 return false;
110 }
111 return true;
112 }
113
TestGetTokenId(int userID,const std::string & bundleName,int instIndex,AccessTokenID & tokenId)114 static bool TestGetTokenId(int userID, const std::string& bundleName, int instIndex, AccessTokenID& tokenId)
115 {
116 AccessTokenID tmpTokenId = GetSelfTokenID();
117 if (!TestSetSelfTokenId(g_selfTokenId)) {
118 return false;
119 }
120 int32_t uid = getuid();
121 setuid(g_selfUid);
122 tokenId = AccessTokenKit::GetHapTokenID(userID, bundleName, instIndex);
123 setuid(uid);
124 DLP_LOG_INFO(LABEL, "get app tokenId is %{public}d", tokenId);
125 if (!TestSetSelfTokenId(tmpTokenId)) {
126 return false;
127 }
128 return true;
129 }
130
TestGetAppUid(const std::string & bundleName,int32_t appIndex,int32_t userId,int32_t & uid)131 static bool TestGetAppUid(const std::string& bundleName, int32_t appIndex, int32_t userId, int32_t& uid)
132 {
133 AccessTokenID tmpTokenId = GetSelfTokenID();
134 if (!TestSetSelfTokenId(g_selfTokenId)) {
135 return false;
136 }
137 OHOS::AppExecFwk::BundleInfo info;
138 OHOS::AppExecFwk::BundleMgrClient bundleMgrClient;
139 if (appIndex > 0) {
140 if (bundleMgrClient.GetSandboxBundleInfo(bundleName, appIndex, userId, info) != DLP_OK) {
141 DLP_LOG_ERROR(LABEL, "get sandbox app info fail");
142 return false;
143 }
144 } else {
145 if (!bundleMgrClient.GetBundleInfo(bundleName, OHOS::AppExecFwk::GET_BUNDLE_DEFAULT, info, userId)) {
146 DLP_LOG_ERROR(LABEL, "get app info fail");
147 return false;
148 }
149 }
150 DLP_LOG_INFO(LABEL, "get app uid: %{public}d", info.uid);
151 if (!TestSetSelfTokenId(tmpTokenId)) {
152 return false;
153 }
154 uid = info.uid;
155 return true;
156 }
157
TestInstallDlpSandbox(const std::string & bundleName,DLPFileAccess dlpFileAccess,int32_t userId,SandboxInfo & sandboxInfo)158 static void TestInstallDlpSandbox(
159 const std::string& bundleName, DLPFileAccess dlpFileAccess, int32_t userId, SandboxInfo& sandboxInfo)
160 {
161 // install sandbox need permission ACCESS_DLP_FILE, dlpmanager has this permission
162 AccessTokenID tokenId = GetSelfTokenID();
163 ASSERT_TRUE(TestSetSelfTokenId(g_dlpManagerTokenId));
164
165 ASSERT_EQ(DLP_OK, DlpPermissionKit::InstallDlpSandbox(bundleName, dlpFileAccess, userId, sandboxInfo, TEST_URI));
166 ASSERT_TRUE(sandboxInfo.appIndex != 0);
167
168 ASSERT_TRUE(TestSetSelfTokenId(tokenId));
169 }
170
TestUninstallDlpSandbox(const std::string & bundleName,int32_t appIndex,int32_t userId)171 static void TestUninstallDlpSandbox(const std::string& bundleName, int32_t appIndex, int32_t userId)
172 {
173 // uninstall sandbox need permission ACCESS_DLP_FILE, dlpmanager has this permission
174 AccessTokenID tokenId = GetSelfTokenID();
175 ASSERT_TRUE(TestSetSelfTokenId(g_dlpManagerTokenId));
176
177 ASSERT_EQ(DLP_OK, DlpPermissionKit::UninstallDlpSandbox(bundleName, appIndex, userId));
178
179 ASSERT_TRUE(TestSetSelfTokenId(tokenId));
180 }
181
TestMockApp(const std::string & bundleName,int32_t appIndex,int32_t userId)182 static void TestMockApp(const std::string& bundleName, int32_t appIndex, int32_t userId)
183 {
184 AccessTokenID tokenId;
185 ASSERT_TRUE(TestGetTokenId(userId, bundleName, appIndex, tokenId));
186 ASSERT_TRUE(TestSetSelfTokenId(tokenId));
187 int32_t uid;
188 ASSERT_TRUE(TestGetAppUid(bundleName, appIndex, userId, uid));
189 ASSERT_EQ(DLP_OK, setuid(uid));
190 }
191
TestRecoverProcessInfo(int32_t uid,AccessTokenID tokenId)192 static void TestRecoverProcessInfo(int32_t uid, AccessTokenID tokenId)
193 {
194 ASSERT_EQ(DLP_OK, setuid((uid)));
195 ASSERT_TRUE(TestSetSelfTokenId((tokenId)));
196 }
197
SetUpTestCase()198 void DlpPermissionKitTest::SetUpTestCase()
199 {
200 // make test case clean
201 DLP_LOG_INFO(LABEL, "SetUpTestCase.");
202 TestRecordProcessInfo();
203 ASSERT_TRUE(TestSetSelfTokenId(g_dlpManagerTokenId));
204 }
205
TearDownTestCase()206 void DlpPermissionKitTest::TearDownTestCase()
207 {
208 DLP_LOG_INFO(LABEL, "TearDownTestCase.");
209 ASSERT_TRUE(TestSetSelfTokenId(g_selfTokenId));
210 }
211
SetUp()212 void DlpPermissionKitTest::SetUp()
213 {
214 DLP_LOG_INFO(LABEL, "SetUp ok.");
215 }
216
TearDown()217 void DlpPermissionKitTest::TearDown()
218 {
219 DLP_LOG_INFO(LABEL, "TearDown.");
220 }
221
GenerateRandArray(uint32_t len)222 static uint8_t* GenerateRandArray(uint32_t len)
223 {
224 if (len < 1) {
225 DLP_LOG_ERROR(LABEL, "len error");
226 return nullptr;
227 }
228 uint8_t* str = new (std::nothrow) uint8_t[len];
229 if (str == nullptr) {
230 DLP_LOG_ERROR(LABEL, "New memory fail");
231 return nullptr;
232 }
233 for (uint32_t i = 0; i < len; i++) {
234 str[i] = GetRandomUint32() % 255; // uint8_t range 0 ~ 255
235 }
236 return str;
237 }
238
GenerateRandStr(uint32_t len)239 static std::string GenerateRandStr(uint32_t len)
240 {
241 char* str = new (std::nothrow) char[len + 1];
242 if (str == nullptr) {
243 DLP_LOG_ERROR(LABEL, "New memory fail");
244 return "";
245 }
246 for (uint32_t i = 0; i < len; i++) {
247 str[i] = 33 + GetRandomUint32() % (126 - 33); // Visible Character Range 33 - 126
248 }
249 str[len] = '\0';
250 std::string res = str;
251 delete[] str;
252 return res;
253 }
254
255 struct GeneratePolicyParam {
256 uint32_t ownerAccountLen;
257 uint32_t aeskeyLen;
258 uint32_t ivLen;
259 uint32_t userNum;
260 uint32_t authAccountLen;
261 uint32_t authPerm;
262 int64_t deltaTime;
263 };
264
265 using GeneratePolicyParam = struct GeneratePolicyParam;
266
GeneratePolicy(PermissionPolicy & encPolicy,GeneratePolicyParam param)267 static void GeneratePolicy(PermissionPolicy& encPolicy, GeneratePolicyParam param)
268 {
269 uint64_t curTime = static_cast<uint64_t>(
270 std::chrono::duration_cast<std::chrono::seconds>(std::chrono::system_clock::now().time_since_epoch()).count());
271 auto seed = std::time(nullptr);
272 std::srand(seed);
273 encPolicy.ownerAccount_ = GenerateRandStr(param.ownerAccountLen);
274 encPolicy.ownerAccountId_ = encPolicy.ownerAccount_;
275 encPolicy.ownerAccountType_ = DOMAIN_ACCOUNT;
276 uint8_t* key = GenerateRandArray(param.aeskeyLen);
277 encPolicy.SetAeskey(key, param.aeskeyLen);
278 if (key != nullptr) {
279 delete[] key;
280 key = nullptr;
281 }
282 uint8_t* iv = GenerateRandArray(param.ivLen);
283 encPolicy.SetIv(iv, param.ivLen);
284 if (iv != nullptr) {
285 delete[] iv;
286 iv = nullptr;
287 }
288 for (uint32_t user = 0; user < param.userNum; ++user) {
289 AuthUserInfo perminfo = {.authAccount = GenerateRandStr(param.authAccountLen),
290 .authPerm = static_cast<DLPFileAccess>(param.authPerm),
291 .permExpiryTime = curTime + param.deltaTime,
292 .authAccountType = DOMAIN_ACCOUNT};
293 encPolicy.authUsers_.emplace_back(perminfo);
294 }
295 }
296
TestGenerateDlpCertWithInvalidParam(GeneratePolicyParam param)297 static int32_t TestGenerateDlpCertWithInvalidParam(GeneratePolicyParam param)
298 {
299 PermissionPolicy encPolicy;
300 GeneratePolicy(encPolicy, param);
301 std::vector<uint8_t> cert;
302 int32_t res = DlpPermissionKit::GenerateDlpCertificate(encPolicy, cert);
303 return res;
304 }
305
306 /**
307 * @tc.name: SetRetentionState01
308 * @tc.desc: SetRetentionState abnormal input test.
309 * @tc.type: FUNC
310 * @tc.require:SR000I38N7
311 */
312 HWTEST_F(DlpPermissionKitTest, SetRetentionState01, TestSize.Level1)
313 {
314 int32_t uid = getuid();
315 AccessTokenID selfTokenId = GetSelfTokenID();
316 std::vector<std::string> docUriVec;
317 docUriVec.push_back(TEST_URI);
318 SandboxInfo sandboxInfo;
319
320 ASSERT_TRUE(TestSetSelfTokenId(g_dlpManagerTokenId));
321 ASSERT_EQ(DLP_OK,
322 DlpPermissionKit::InstallDlpSandbox(DLP_MANAGER_APP, FULL_CONTROL, DEFAULT_USERID, sandboxInfo, TEST_URI));
323 ASSERT_TRUE(sandboxInfo.appIndex != 0);
324 AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(100, DLP_MANAGER_APP, sandboxInfo.appIndex);
325 AccessTokenID normalTokenId = AccessTokenKit::GetHapTokenID(100, DLP_MANAGER_APP, 0);
326 std::vector<RetentionSandBoxInfo> retentionSandBoxInfoVec;
327 ASSERT_EQ(DLP_OK, DlpPermissionKit::GetRetentionSandboxList(DLP_MANAGER_APP, retentionSandBoxInfoVec));
328 ASSERT_TRUE(0 == retentionSandBoxInfoVec.size());
329 ASSERT_TRUE(TestSetSelfTokenId(tokenId));
330 retentionSandBoxInfoVec.clear();
331 ASSERT_EQ(DLP_SERVICE_ERROR_API_NOT_FOR_SANDBOX_ERROR,
332 DlpPermissionKit::GetRetentionSandboxList(DLP_MANAGER_APP, retentionSandBoxInfoVec));
333 ASSERT_TRUE(TestSetSelfTokenId(normalTokenId));
334 ASSERT_EQ(DLP_OK, DlpPermissionKit::GetRetentionSandboxList(DLP_MANAGER_APP, retentionSandBoxInfoVec));
335 ASSERT_TRUE(0 == retentionSandBoxInfoVec.size());
336 ASSERT_EQ(DLP_SERVICE_ERROR_API_ONLY_FOR_SANDBOX_ERROR, DlpPermissionKit::SetRetentionState(docUriVec));
337 ASSERT_TRUE(TestSetSelfTokenId(tokenId));
338 ASSERT_EQ(DLP_OK, DlpPermissionKit::SetRetentionState(docUriVec));
339 TestMockApp(DLP_MANAGER_APP, 0, DEFAULT_USERID);
340 ASSERT_TRUE(TestSetSelfTokenId(normalTokenId));
341 retentionSandBoxInfoVec.clear();
342 ASSERT_EQ(DLP_OK, DlpPermissionKit::GetRetentionSandboxList(DLP_MANAGER_APP, retentionSandBoxInfoVec));
343 ASSERT_TRUE(0 != retentionSandBoxInfoVec.size());
344 retentionSandBoxInfoVec.clear();
345 ASSERT_EQ(DLP_OK, DlpPermissionKit::GetRetentionSandboxList(DLP_MANAGER_APP, retentionSandBoxInfoVec));
346 ASSERT_TRUE(0 != retentionSandBoxInfoVec.size());
347 ASSERT_EQ(DLP_OK, DlpPermissionKit::UninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID));
348 TestRecoverProcessInfo(uid, selfTokenId);
349 }
350
351 /**
352 * @tc.name: SetRetentionState02
353 * @tc.desc: SetRetentionState abnormal input test.
354 * @tc.type: FUNC
355 * @tc.require:SR000I38N7
356 */
357 HWTEST_F(DlpPermissionKitTest, SetRetentionState02, TestSize.Level1)
358 {
359 int32_t uid = getuid();
360 AccessTokenID tokenId = GetSelfTokenID();
361 DLP_LOG_INFO(LABEL, "SetRetentionState02 tokenId from %{public}u", static_cast<unsigned int>(GetSelfTokenID()));
362 std::vector<std::string> docUriVec;
363 std::vector<RetentionSandBoxInfo> retentionSandBoxInfoVec;
364 SandboxInfo sandboxInfo;
365 ASSERT_EQ(DLP_OK,
366 DlpPermissionKit::InstallDlpSandbox(DLP_MANAGER_APP, FULL_CONTROL, DEFAULT_USERID, sandboxInfo, TEST_URI));
367 docUriVec.clear();
368 ASSERT_TRUE(TestSetSelfTokenId(tokenId));
369 ASSERT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, DlpPermissionKit::CancelRetentionState(docUriVec));
370 docUriVec.push_back(TEST_UNEXIST_URI);
371 ASSERT_EQ(DLP_OK, DlpPermissionKit::CancelRetentionState(docUriVec));
372 docUriVec.clear();
373 docUriVec.push_back(TEST_URI);
374 ASSERT_EQ(DLP_OK, DlpPermissionKit::CancelRetentionState(docUriVec));
375 retentionSandBoxInfoVec.clear();
376 ASSERT_TRUE(TestSetSelfTokenId(g_dlpManagerTokenId));
377 ASSERT_EQ(DLP_OK, DlpPermissionKit::GetRetentionSandboxList(DLP_MANAGER_APP, retentionSandBoxInfoVec));
378 ASSERT_TRUE(0 == retentionSandBoxInfoVec.size());
379 ASSERT_TRUE(TestSetSelfTokenId(g_dlpManagerTokenId));
380 ASSERT_EQ(DLP_OK, DlpPermissionKit::UninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID));
381 TestRecoverProcessInfo(uid, tokenId);
382 }
383
384 /* *
385 * @tc.name: SetRetentionState03
386 * @tc.desc: SetRetentionState abnormal input test.
387 * @tc.type: FUNC
388 * @tc.require:SR000I38N7
389 */
390 HWTEST_F(DlpPermissionKitTest, SetRetentionState03, TestSize.Level1)
391 {
392 int32_t uid = getuid();
393 SandboxInfo sandboxInfo;
394 AccessTokenID tokenId = GetSelfTokenID();
395 DLP_LOG_INFO(LABEL, "SetRetentionState03 tokenId from %{public}u", static_cast<unsigned int>(GetSelfTokenID()));
396
397 ASSERT_EQ(DLP_OK,
398 DlpPermissionKit::InstallDlpSandbox(DLP_MANAGER_APP, FULL_CONTROL, DEFAULT_USERID, sandboxInfo, TEST_URI));
399 ASSERT_TRUE(sandboxInfo.appIndex != 0);
400 AccessTokenID sandboxTokenId = AccessTokenKit::GetHapTokenID(DEFAULT_USERID, DLP_MANAGER_APP, sandboxInfo.appIndex);
401 DLP_LOG_INFO(LABEL, "SetRetentionState03 sandboxTokenId tokenId from %{public}d ", sandboxTokenId);
402 ASSERT_TRUE(TestSetSelfTokenId(sandboxTokenId));
403 std::vector<std::string> docUriVec;
404 int32_t res = DlpPermissionKit::SetRetentionState(docUriVec);
405 DLP_LOG_INFO(LABEL, "SetRetentionState03 res %{public}d", res);
406 ASSERT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, res);
407 docUriVec.push_back(TEST_URI);
408 res = DlpPermissionKit::SetRetentionState(docUriVec);
409 DLP_LOG_INFO(LABEL, "SetRetentionState03 res %{public}d", res);
410 ASSERT_EQ(DLP_OK, res);
411 TestUninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID);
412 TestRecoverProcessInfo(uid, tokenId);
413 }
414
415 /* *
416 * @tc.name: OnGenerateDlpCertificate001
417 * @tc.desc: OnGenerateDlpCertificate abnormal input test.
418 * @tc.type: FUNC
419 * @tc.require:AR000GVIG0
420 */
421 HWTEST_F(DlpPermissionKitTest, OnGenerateDlpCertificate001, TestSize.Level1)
422 {
423 auto generateDlpCertificateCallback = std::make_shared<ClientGenerateDlpCertificateCallback>();
424 std::vector<uint8_t> cert;
425 cert = { 1, 2, 3 };
426 generateDlpCertificateCallback->OnGenerateDlpCertificate(-1, cert);
427 ASSERT_EQ(-1, generateDlpCertificateCallback->result_);
428 ASSERT_TRUE(generateDlpCertificateCallback->isCallBack_);
429 }
430
431 /**
432 * @tc.name: OnParseDlpCertificate001
433 * @tc.desc: OnParseDlpCertificate abnormal input test.
434 * @tc.type: FUNC
435 * @tc.require:AR000GVIG0
436 */
437 HWTEST_F(DlpPermissionKitTest, OnParseDlpCertificate001, TestSize.Level1)
438 {
439 auto parseDlpCertificateCallback = std::make_shared<ClientParseDlpCertificateCallback>();
440 PermissionPolicy policy;
441 parseDlpCertificateCallback->OnParseDlpCertificate(-1, policy, {});
442 ASSERT_EQ(-1, parseDlpCertificateCallback->result_);
443 ASSERT_TRUE(parseDlpCertificateCallback->isCallBack_);
444 }
445
446 /* *
447 * @tc.name: GenerateDlpCertificate001
448 * @tc.desc: GenerateDlpCertificate abnormal input test.
449 * @tc.type: FUNC
450 * @tc.require:AR000GVIG0
451 */
452 HWTEST_F(DlpPermissionKitTest, GenerateDlpCertificate001, TestSize.Level1)
453 {
454 GeneratePolicyParam param = {INVALID_ACCOUNT_LENGTH_UPPER, AESKEY_LEN,
455 IV_LEN, USER_NUM, ACCOUNT_LENGTH, AUTH_PERM, DELTA_EXPIRY_TIME};
456 EXPECT_EQ(
457 DLP_SERVICE_ERROR_VALUE_INVALID, TestGenerateDlpCertWithInvalidParam(param));
458 param.ownerAccountLen = INVALID_ACCOUNT_LENGTH_LOWER;
459 EXPECT_EQ(
460 DLP_SERVICE_ERROR_VALUE_INVALID, TestGenerateDlpCertWithInvalidParam(param));
461 param = {ACCOUNT_LENGTH, INVALID_AESKEY_LEN_UPPER,
462 IV_LEN, USER_NUM, ACCOUNT_LENGTH, AUTH_PERM, DELTA_EXPIRY_TIME};
463 EXPECT_EQ(
464 DLP_SERVICE_ERROR_VALUE_INVALID, TestGenerateDlpCertWithInvalidParam(param));
465 param = {ACCOUNT_LENGTH, INVALID_AESKEY_LEN_LOWER,
466 IV_LEN, USER_NUM, ACCOUNT_LENGTH, AUTH_PERM, DELTA_EXPIRY_TIME};
467 EXPECT_EQ(
468 DLP_SERVICE_ERROR_VALUE_INVALID, TestGenerateDlpCertWithInvalidParam(param));
469 param = {ACCOUNT_LENGTH, AESKEY_LEN, INVALID_IV_LEN_UPPER, USER_NUM, ACCOUNT_LENGTH, AUTH_PERM, DELTA_EXPIRY_TIME};
470 EXPECT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, TestGenerateDlpCertWithInvalidParam(param));
471 param = {ACCOUNT_LENGTH, AESKEY_LEN, INVALID_IV_LEN_LOWER, USER_NUM, ACCOUNT_LENGTH, AUTH_PERM, DELTA_EXPIRY_TIME};
472 EXPECT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, TestGenerateDlpCertWithInvalidParam(param));
473 param = {ACCOUNT_LENGTH, AESKEY_LEN, IV_LEN,
474 INVALID_USER_NUM_UPPER, ACCOUNT_LENGTH, AUTH_PERM, DELTA_EXPIRY_TIME};
475 EXPECT_EQ(
476 DLP_SERVICE_ERROR_VALUE_INVALID, TestGenerateDlpCertWithInvalidParam(param));
477 param = {ACCOUNT_LENGTH, AESKEY_LEN, IV_LEN,
478 USER_NUM, INVALID_ACCOUNT_LENGTH_UPPER, AUTH_PERM, DELTA_EXPIRY_TIME};
479 EXPECT_EQ(
480 DLP_SERVICE_ERROR_VALUE_INVALID, TestGenerateDlpCertWithInvalidParam(param));
481 param = {ACCOUNT_LENGTH, AESKEY_LEN, IV_LEN,
482 USER_NUM, INVALID_ACCOUNT_LENGTH_LOWER, AUTH_PERM, DELTA_EXPIRY_TIME};
483 EXPECT_EQ(
484 DLP_SERVICE_ERROR_VALUE_INVALID, TestGenerateDlpCertWithInvalidParam(param));
485 param = {ACCOUNT_LENGTH, AESKEY_LEN, IV_LEN,
486 USER_NUM, ACCOUNT_LENGTH, INVALID_AUTH_PERM_UPPER, DELTA_EXPIRY_TIME};
487 EXPECT_EQ(
488 DLP_SERVICE_ERROR_VALUE_INVALID, TestGenerateDlpCertWithInvalidParam(param));
489 param = {ACCOUNT_LENGTH, AESKEY_LEN, IV_LEN,
490 USER_NUM, ACCOUNT_LENGTH, INVALID_AUTH_PERM_LOWER, DELTA_EXPIRY_TIME};
491 EXPECT_EQ(
492 DLP_SERVICE_ERROR_VALUE_INVALID, TestGenerateDlpCertWithInvalidParam(param));
493 param = {ACCOUNT_LENGTH, AESKEY_LEN, IV_LEN,
494 USER_NUM, ACCOUNT_LENGTH, AUTH_PERM, INVALID_DELTA_EXPIRY_TIME};
495 EXPECT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, TestGenerateDlpCertWithInvalidParam(param));
496 param = {ACCOUNT_LENGTH, AESKEY_LEN,
497 AESKEY_LEN, USER_NUM, ACCOUNT_LENGTH, AUTH_PERM, DELTA_EXPIRY_TIME};
498 EXPECT_NE(DLP_OK, TestGenerateDlpCertWithInvalidParam(param));
499 }
500
501 /**
502 * @tc.name: ParseDlpCertificate001
503 * @tc.desc: ParseDlpCertificate abnormal input test.
504 * @tc.type: FUNC
505 * @tc.require:AR000GVIG0
506 */
507 HWTEST_F(DlpPermissionKitTest, ParseDlpCertificate001, TestSize.Level1)
508 {
509 std::vector<uint8_t> cert;
510 std::vector<uint8_t> offlineCert;
511 PermissionPolicy policy;
512 uint32_t flag = 0;
513
514 ASSERT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, DlpPermissionKit::ParseDlpCertificate(cert, offlineCert, flag, policy));
515 cert = {1, 2, 3};
516 ASSERT_NE(DLP_OK, DlpPermissionKit::ParseDlpCertificate(cert, offlineCert, flag, policy));
517 }
518
519 /**
520 * @tc.name: InstallDlpSandbox001
521 * @tc.desc: InstallDlpSandbox test.
522 * @tc.type: FUNC
523 * @tc.require:AR000GVIG8
524 */
525 HWTEST_F(DlpPermissionKitTest, InstallDlpSandbox001, TestSize.Level1)
526 {
527 SandboxInfo sandboxInfo;
528 ASSERT_EQ(DLP_OK,
529 DlpPermissionKit::InstallDlpSandbox(DLP_MANAGER_APP, READ_ONLY, DEFAULT_USERID, sandboxInfo, TEST_URI));
530 ASSERT_TRUE(sandboxInfo.appIndex != 0);
531 ASSERT_EQ(DLP_OK, DlpPermissionKit::UninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID));
532 }
533
534 /**
535 * @tc.name: InstallDlpSandbox002
536 * @tc.desc: InstallDlpSandbox invalid input.
537 * @tc.type: FUNC
538 * @tc.require:AR000GVIG8
539 */
540 HWTEST_F(DlpPermissionKitTest, InstallDlpSandbox002, TestSize.Level1)
541 {
542 SandboxInfo sandboxInfo;
543 ASSERT_NE(
544 DLP_OK, DlpPermissionKit::InstallDlpSandbox("test.test", READ_ONLY, DEFAULT_USERID, sandboxInfo, TEST_URI));
545 ASSERT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID,
546 DlpPermissionKit::InstallDlpSandbox("", READ_ONLY, DEFAULT_USERID, sandboxInfo, TEST_URI));
547 ASSERT_EQ(
548 DLP_SERVICE_ERROR_VALUE_INVALID, DlpPermissionKit::InstallDlpSandbox(DLP_MANAGER_APP,
549 static_cast<DLPFileAccess>(100), DEFAULT_USERID, sandboxInfo, TEST_URI));
550 }
551
552 /**
553 * @tc.name: UninstallDlpSandbox001
554 * @tc.desc: UninstallDlpSandbox test.
555 * @tc.type: FUNC
556 * @tc.require: SR000GVIGF AR000GVIGG
557 */
558 HWTEST_F(DlpPermissionKitTest, UninstallDlpSandbox001, TestSize.Level1)
559 {
560 SandboxInfo sandboxInfo;
561 ASSERT_EQ(DLP_OK,
562 DlpPermissionKit::InstallDlpSandbox(DLP_MANAGER_APP, READ_ONLY, DEFAULT_USERID, sandboxInfo, TEST_URI));
563 ASSERT_TRUE(sandboxInfo.appIndex != 0);
564 ASSERT_EQ(DLP_OK, DlpPermissionKit::UninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID));
565 }
566
567 /* *
568 * @tc.name: UninstallDlpSandbox002
569 * @tc.desc: UninstallDlpSandbox invalid input.
570 * @tc.type: FUNC
571 * @tc.require: SR000GVIGF AR000GVIGG
572 */
573 HWTEST_F(DlpPermissionKitTest, UninstallDlpSandbox002, TestSize.Level1)
574 {
575 int32_t appIndex = 1;
576 ASSERT_NE(DLP_OK, DlpPermissionKit::UninstallDlpSandbox("test.test", appIndex, DEFAULT_USERID));
577 ASSERT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, DlpPermissionKit::UninstallDlpSandbox("", appIndex, DEFAULT_USERID));
578 }
579
580 /**
581 * @tc.name: GetSandboxExternalAuthorization001
582 * @tc.desc: GetSandboxExternalAuthorization test.
583 * @tc.type: FUNC
584 * @tc.require: SR000GVIR0 AR000GVIR1
585 */
586 HWTEST_F(DlpPermissionKitTest, GetSandboxExternalAuthorization001, TestSize.Level1)
587 {
588 // sandboxUid is invalid
589 OHOS::AAFwk::Want want;
590 SandBoxExternalAuthorType authType;
591 ASSERT_NE(DLP_OK, DlpPermissionKit::GetSandboxExternalAuthorization(-1, want, authType));
592
593 // sandboxUid is ok
594 SandboxInfo sandboxInfo;
595 ASSERT_EQ(DLP_OK,
596 DlpPermissionKit::InstallDlpSandbox(DLP_MANAGER_APP, READ_ONLY, DEFAULT_USERID, sandboxInfo, TEST_URI));
597 int sandboxUid;
598 ASSERT_TRUE(TestGetAppUid(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID, sandboxUid));
599 ASSERT_EQ(DLP_OK, DlpPermissionKit::GetSandboxExternalAuthorization(sandboxUid, want, authType));
600 ASSERT_TRUE(authType == DENY_START_ABILITY);
601 ASSERT_EQ(DLP_OK, DlpPermissionKit::UninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID));
602
603 // uid is not sandbox
604 ASSERT_EQ(DLP_OK, DlpPermissionKit::GetSandboxExternalAuthorization(1000, want, authType));
605 ASSERT_TRUE(authType == ALLOW_START_ABILITY);
606 }
607
608 /**
609 * @tc.name: QueryDlpFileCopyableByTokenId001
610 * @tc.desc: QueryDlpFileCopyableByTokenId with read only sandbox app tokenId.
611 * @tc.type: FUNC
612 * @tc.require: SR000GVIGL AR000GVIGM
613 */
614 HWTEST_F(DlpPermissionKitTest, QueryDlpFileCopyableByTokenId001, TestSize.Level1)
615 {
616 // query dlp file access with read only sandbox app tokenId
617 SandboxInfo sandboxInfo;
618 ASSERT_EQ(DLP_OK,
619 DlpPermissionKit::InstallDlpSandbox(DLP_MANAGER_APP, READ_ONLY, DEFAULT_USERID, sandboxInfo, TEST_URI));
620 ASSERT_TRUE(sandboxInfo.appIndex != 0);
621 AccessTokenID sandboxTokenId;
622 ASSERT_TRUE(TestGetTokenId(DEFAULT_USERID, DLP_MANAGER_APP, sandboxInfo.appIndex, sandboxTokenId));
623 bool copyable = false;
624 ASSERT_EQ(DLP_OK, DlpPermissionKit::QueryDlpFileCopyableByTokenId(copyable, sandboxTokenId));
625 ASSERT_EQ(copyable, false);
626 ASSERT_EQ(DLP_OK, DlpPermissionKit::UninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID));
627 }
628
629 /**
630 * @tc.name: QueryDlpFileCopyableByTokenId002
631 * @tc.desc: QueryDlpFileCopyableByTokenId with full control sandbox app tokenId.
632 * @tc.type: FUNC
633 * @tc.require: SR000GVIGL AR000GVIGM
634 */
635 HWTEST_F(DlpPermissionKitTest, QueryDlpFileCopyableByTokenId002, TestSize.Level1)
636 {
637 // query dlp file access with full control sandbox app tokenId
638 SandboxInfo sandboxInfo;
639 ASSERT_EQ(DLP_OK,
640 DlpPermissionKit::InstallDlpSandbox(DLP_MANAGER_APP, FULL_CONTROL, DEFAULT_USERID, sandboxInfo, TEST_URI));
641 ASSERT_TRUE(sandboxInfo.appIndex != 0);
642 AccessTokenID sandboxTokenId;
643 ASSERT_TRUE(TestGetTokenId(DEFAULT_USERID, DLP_MANAGER_APP, sandboxInfo.appIndex, sandboxTokenId));
644 bool copyable = false;
645 ASSERT_EQ(DLP_OK, DlpPermissionKit::QueryDlpFileCopyableByTokenId(copyable, sandboxTokenId));
646 ASSERT_EQ(copyable, true);
647 ASSERT_EQ(DLP_OK, DlpPermissionKit::UninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID));
648 }
649
650 /**
651 * @tc.name: QueryDlpFileCopyableByTokenId003
652 * @tc.desc: QueryDlpFileCopyableByTokenId with normal app tokenId.
653 * @tc.type: FUNC
654 * @tc.require: SR000GVIGL AR000GVIGM
655 */
656 HWTEST_F(DlpPermissionKitTest, QueryDlpFileCopyableByTokenId003, TestSize.Level1)
657 {
658 // query dlp file access with normal app tokenId
659 bool copyable = false;
660 AccessTokenID normalTokenId;
661 ASSERT_TRUE(TestGetTokenId(DEFAULT_USERID, DLP_MANAGER_APP, 0, normalTokenId));
662 ASSERT_EQ(DLP_OK, DlpPermissionKit::QueryDlpFileCopyableByTokenId(copyable, normalTokenId));
663 ASSERT_EQ(copyable, true);
664 }
665
666 /**
667 * @tc.name: QueryDlpFileCopyableByTokenId004
668 * @tc.desc: QueryDlpFileCopyableByTokenId invalid input.
669 * @tc.type: FUNC
670 * @tc.require: SR000GVIGL AR000GVIGM
671 */
672 HWTEST_F(DlpPermissionKitTest, QueryDlpFileCopyableByTokenId004, TestSize.Level1)
673 {
674 // query dlp file access with invalid tokenId
675 bool copyable = false;
676 ASSERT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, DlpPermissionKit::QueryDlpFileCopyableByTokenId(copyable, 0));
677 ASSERT_EQ(copyable, false);
678 }
679
680 /**
681 * @tc.name: QueryDlpFileAccess001
682 * @tc.desc: QueryDlpFileAccess in normal app.
683 * @tc.type: FUNC
684 * @tc.require: SR000GVIGN AR000GVIGO
685 */
686 HWTEST_F(DlpPermissionKitTest, QueryDlpFileAccess001, TestSize.Level1)
687 {
688 // query dlp file access in normal app
689 int32_t uid = getuid();
690 AccessTokenID tokenId = GetSelfTokenID();
691 TestMockApp(DLP_MANAGER_APP, 0, DEFAULT_USERID);
692
693 DLPPermissionInfo permInfo;
694 ASSERT_EQ(DLP_SERVICE_ERROR_API_ONLY_FOR_SANDBOX_ERROR, DlpPermissionKit::QueryDlpFileAccess(permInfo));
695
696 TestRecoverProcessInfo(uid, tokenId);
697 }
698
699 /**
700 * @tc.name: QueryDlpFileAccess002
701 * @tc.desc: QueryDlpFileAccess in read only sandbox app.
702 * @tc.type: FUNC
703 * @tc.require: SR000GVIGN AR000GVIGO
704 */
705 HWTEST_F(DlpPermissionKitTest, QueryDlpFileAccess002, TestSize.Level1)
706 {
707 // query dlp file access in read only sandbox app
708 SandboxInfo sandboxInfo;
709 TestInstallDlpSandbox(DLP_MANAGER_APP, READ_ONLY, DEFAULT_USERID, sandboxInfo);
710
711 int32_t uid = getuid();
712 AccessTokenID tokenId = GetSelfTokenID();
713 TestMockApp(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID);
714
715 DLPPermissionInfo permInfo;
716 ASSERT_EQ(DLP_OK, DlpPermissionKit::QueryDlpFileAccess(permInfo));
717 ASSERT_EQ(permInfo.dlpFileAccess, READ_ONLY);
718 ASSERT_EQ(permInfo.flags, ACTION_VIEW);
719
720 TestUninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID);
721 TestRecoverProcessInfo(uid, tokenId);
722 }
723
724 /**
725 * @tc.name: QueryDlpFileAccess003
726 * @tc.desc: QueryDlpFileAccess in content edit sandbox app.
727 * @tc.type: FUNC
728 * @tc.require: SR000GVIGN AR000GVIGO
729 */
730 HWTEST_F(DlpPermissionKitTest, QueryDlpFileAccess003, TestSize.Level1)
731 {
732 // query dlp file access in content edit sandbox app
733 SandboxInfo sandboxInfo;
734 TestInstallDlpSandbox(DLP_MANAGER_APP, CONTENT_EDIT, DEFAULT_USERID, sandboxInfo);
735
736 int32_t uid = getuid();
737 AccessTokenID tokenId = GetSelfTokenID();
738 TestMockApp(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID);
739
740 DLPPermissionInfo permInfo;
741 ASSERT_EQ(DLP_OK, DlpPermissionKit::QueryDlpFileAccess(permInfo));
742 ASSERT_EQ(permInfo.dlpFileAccess, CONTENT_EDIT);
743 ASSERT_EQ(permInfo.flags, ACTION_SET_EDIT);
744
745 TestUninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID);
746 TestRecoverProcessInfo(uid, tokenId);
747 }
748
749 /**
750 * @tc.name: QueryDlpFileAccess004
751 * @tc.desc: QueryDlpFileAccess in full control sandbox app.
752 * @tc.type: FUNC
753 * @tc.require: SR000GVIGN AR000GVIGO
754 */
755 HWTEST_F(DlpPermissionKitTest, QueryDlpFileAccess004, TestSize.Level1)
756 {
757 // query dlp file access in full control sandbox app
758 SandboxInfo sandboxInfo;
759 TestInstallDlpSandbox(DLP_MANAGER_APP, FULL_CONTROL, DEFAULT_USERID, sandboxInfo);
760
761 int32_t uid = getuid();
762 AccessTokenID tokenId = GetSelfTokenID();
763 TestMockApp(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID);
764
765 DLPPermissionInfo permInfo;
766 ASSERT_EQ(DLP_OK, DlpPermissionKit::QueryDlpFileAccess(permInfo));
767 ASSERT_EQ(permInfo.dlpFileAccess, FULL_CONTROL);
768 ASSERT_EQ(permInfo.flags, ACTION_SET_FC);
769
770 TestUninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID);
771 TestRecoverProcessInfo(uid, tokenId);
772 }
773
774 /**
775 * @tc.name: IsInDlpSandbox001
776 * @tc.desc: IsInDlpSandbox in normal app.
777 * @tc.type: FUNC
778 * @tc.require: SR000GVIGN AR000GVIGO
779 */
780 HWTEST_F(DlpPermissionKitTest, IsInDlpSandbox001, TestSize.Level1)
781 {
782 // query whether in sandbox in normal app
783 bool inSandbox = false;
784
785 int32_t uid = getuid();
786 AccessTokenID tokenId = GetSelfTokenID();
787 TestMockApp(DLP_MANAGER_APP, 0, DEFAULT_USERID);
788
789 ASSERT_EQ(DLP_OK, DlpPermissionKit::IsInDlpSandbox(inSandbox));
790 ASSERT_EQ(inSandbox, false);
791
792 TestRecoverProcessInfo(uid, tokenId);
793 }
794
795 /**
796 * @tc.name: IsInDlpSandbox002
797 * @tc.desc: IsInDlpSandbox in read only sandbox app.
798 * @tc.type: FUNC
799 * @tc.require: SR000GVIGN AR000GVIGO
800 */
801 HWTEST_F(DlpPermissionKitTest, IsInDlpSandbox002, TestSize.Level1)
802 {
803 // query whether in sandbox in read only sandbox app
804 SandboxInfo sandboxInfo;
805 TestInstallDlpSandbox(DLP_MANAGER_APP, READ_ONLY, DEFAULT_USERID, sandboxInfo);
806
807 int32_t uid = getuid();
808 AccessTokenID tokenId = GetSelfTokenID();
809 TestMockApp(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID);
810
811 bool inSandbox = false;
812 ASSERT_EQ(DLP_OK, DlpPermissionKit::IsInDlpSandbox(inSandbox));
813 ASSERT_EQ(inSandbox, true);
814 TestUninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID);
815 TestRecoverProcessInfo(uid, tokenId);
816 }
817
818 /**
819 * @tc.name: IsInDlpSandbox003
820 * @tc.desc: IsInDlpSandbox in full control sandbox app.
821 * @tc.type: FUNC
822 * @tc.require: SR000GVIGN AR000GVIGO
823 */
824 HWTEST_F(DlpPermissionKitTest, IsInDlpSandbox003, TestSize.Level1)
825 {
826 // query whether in sandbox in full control sandbox app
827 SandboxInfo sandboxInfo;
828 TestInstallDlpSandbox(DLP_MANAGER_APP, FULL_CONTROL, DEFAULT_USERID, sandboxInfo);
829
830 int32_t uid = getuid();
831 AccessTokenID tokenId = GetSelfTokenID();
832 TestMockApp(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID);
833
834 bool inSandbox = false;
835 ASSERT_EQ(DLP_OK, DlpPermissionKit::IsInDlpSandbox(inSandbox));
836 ASSERT_EQ(inSandbox, true);
837
838 TestUninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID);
839 TestRecoverProcessInfo(uid, tokenId);
840 }
841
842 /**
843 * @tc.name: GetDlpSupportFileType001
844 * @tc.desc: GetDlpSupportFileType in normal app.
845 * @tc.type: FUNC
846 * @tc.require: SR000GVIGN AR000GVIGO
847 */
848 HWTEST_F(DlpPermissionKitTest, GetDlpSupportFileType001, TestSize.Level1)
849 {
850 DLP_LOG_INFO(LABEL, "enter GetDlpSupportFileType001");
851 // query support dlp file types in normal app
852 std::vector<std::string> supportFileType;
853 int32_t uid = getuid();
854 AccessTokenID tokenId = GetSelfTokenID();
855 TestMockApp(DLP_MANAGER_APP, 0, DEFAULT_USERID);
856
857 ASSERT_EQ(DLP_OK, DlpPermissionKit::GetDlpSupportFileType(supportFileType));
858 ASSERT_EQ(supportFileType.empty(), false);
859
860 TestRecoverProcessInfo(uid, tokenId);
861 }
862
863 /**
864 * @tc.name: GetDlpSupportFileType002
865 * @tc.desc: GetDlpSupportFileType in read only sandbox app.
866 * @tc.type: FUNC
867 * @tc.require: SR000GVIGN AR000GVIGO
868 */
869 HWTEST_F(DlpPermissionKitTest, GetDlpSupportFileType002, TestSize.Level1)
870 {
871 // query support dlp file types in read only sandbox app
872 SandboxInfo sandboxInfo;
873 TestInstallDlpSandbox(DLP_MANAGER_APP, READ_ONLY, DEFAULT_USERID, sandboxInfo);
874
875 int32_t uid = getuid();
876 AccessTokenID tokenId = GetSelfTokenID();
877 TestMockApp(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID);
878 std::vector<std::string> supportFileType;
879 ASSERT_EQ(DLP_OK, DlpPermissionKit::GetDlpSupportFileType(supportFileType));
880 ASSERT_EQ(supportFileType.empty(), false);
881
882 TestUninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID);
883 TestRecoverProcessInfo(uid, tokenId);
884 }
885
886 /**
887 * @tc.name: GetDlpSupportFileType003
888 * @tc.desc: GetDlpSupportFileType in context edit sandbox app.
889 * @tc.type: FUNC
890 * @tc.require:
891 */
892 HWTEST_F(DlpPermissionKitTest, GetDlpSupportFileType003, TestSize.Level1)
893 {
894 // query support dlp file types in context edit sandbox app
895 SandboxInfo sandboxInfo;
896 TestInstallDlpSandbox(DLP_MANAGER_APP, CONTENT_EDIT, DEFAULT_USERID, sandboxInfo);
897
898 int32_t uid = getuid();
899 AccessTokenID tokenId = GetSelfTokenID();
900 TestMockApp(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID);
901 std::vector<std::string> supportFileType;
902 ASSERT_EQ(DLP_OK, DlpPermissionKit::GetDlpSupportFileType(supportFileType));
903 ASSERT_EQ(supportFileType.empty(), false);
904
905 TestUninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID);
906 TestRecoverProcessInfo(uid, tokenId);
907 }
908
909 /**
910 * @tc.name: GetDlpSupportFileType004
911 * @tc.desc: GetDlpSupportFileType in full control sandbox app.
912 * @tc.type: FUNC
913 * @tc.require: SR000GVIGN AR000GVIGO
914 */
915 HWTEST_F(DlpPermissionKitTest, GetDlpSupportFileType004, TestSize.Level1)
916 {
917 DLP_LOG_INFO(LABEL, "enter GetDlpSupportFileType004");
918 // query support dlp file types in full control sandbox app
919 SandboxInfo sandboxInfo;
920 TestInstallDlpSandbox(DLP_MANAGER_APP, FULL_CONTROL, DEFAULT_USERID, sandboxInfo);
921
922 int32_t uid = getuid();
923 AccessTokenID tokenId = GetSelfTokenID();
924 TestMockApp(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID);
925
926 std::vector<std::string> supportFileType;
927 ASSERT_EQ(DLP_OK, DlpPermissionKit::GetDlpSupportFileType(supportFileType));
928 ASSERT_EQ(supportFileType.empty(), false);
929
930 TestUninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID);
931 TestRecoverProcessInfo(uid, tokenId);
932 }
933
934 /**
935 * @tc.name: GetDlpGatheringPolicy001
936 * @tc.desc: GetDlpGatheringPolicy test
937 * @tc.type: FUNC
938 * @tc.require:
939 */
940 HWTEST_F(DlpPermissionKitTest, GetDlpGatheringPolicy001, TestSize.Level1)
941 {
942 // query gathering policy on this device
943 bool isGathering = false;
944
945 ASSERT_EQ(DLP_OK, DlpPermissionKit::GetDlpGatheringPolicy(isGathering));
946 ASSERT_EQ(isGathering, false);
947 }
948
949 /**
950 * @tc.name: ClearUnreservedSandbox001
951 * @tc.desc: ClearUnreservedSandbox.
952 * @tc.type: FUNC
953 * @tc.require: SR000I38N7
954 */
955 HWTEST_F(DlpPermissionKitTest, ClearUnreservedSandbox001, TestSize.Level1)
956 {
957 ASSERT_EQ(DLP_OK, DlpPermissionKit::ClearUnreservedSandbox());
958 }
959
960 class CbCustomizeTest : public DlpSandboxChangeCallbackCustomize {
961 public:
CbCustomizeTest()962 explicit CbCustomizeTest() {}
~CbCustomizeTest()963 ~CbCustomizeTest() {}
964
DlpSandboxChangeCallback(DlpSandboxCallbackInfo & result)965 virtual void DlpSandboxChangeCallback(DlpSandboxCallbackInfo& result) {}
966 };
967
968 class TestOpenDlpFileCallbackCustomize : public OpenDlpFileCallbackCustomize {
969 public:
TestOpenDlpFileCallbackCustomize()970 explicit TestOpenDlpFileCallbackCustomize() {}
~TestOpenDlpFileCallbackCustomize()971 ~TestOpenDlpFileCallbackCustomize() {}
972
OnOpenDlpFile(OpenDlpFileCallbackInfo & result)973 void OnOpenDlpFile(OpenDlpFileCallbackInfo &result)
974 {
975 called = true;
976 }
977 bool called = false;
978 };
979
980 /**
981 * @tc.name: RegisterDlpSandboxChangeCallback001
982 * @tc.desc: RegisterDlpSandboxChangeCallback.
983 * @tc.type: FUNC
984 * @tc.require: DTS2023040302317
985 */
986 HWTEST_F(DlpPermissionKitTest, RegisterDlpSandboxChangeCallback001, TestSize.Level1)
987 {
988 const std::shared_ptr<DlpSandboxChangeCallbackCustomize> callbackPtr = std::make_shared<CbCustomizeTest>();
989 int32_t res = DlpPermissionKit::RegisterDlpSandboxChangeCallback(callbackPtr);
990 ASSERT_EQ(DLP_OK, res);
991 res = DlpPermissionKit::RegisterDlpSandboxChangeCallback(callbackPtr);
992 ASSERT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, res);
993 bool result;
994 SandboxInfo sandboxInfo;
995 ASSERT_EQ(DLP_OK,
996 DlpPermissionKit::InstallDlpSandbox(DLP_MANAGER_APP, FULL_CONTROL, DEFAULT_USERID, sandboxInfo, TEST_URI));
997 ASSERT_EQ(DLP_OK, DlpPermissionKit::UninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID));
998 res = DlpPermissionKit::UnregisterDlpSandboxChangeCallback(result);
999 ASSERT_EQ(DLP_OK, res);
1000 }
1001
1002 /**
1003 * @tc.name: RegisterDlpSandboxChangeCallback002
1004 * @tc.desc: RegisterDlpSandboxChangeCallback.
1005 * @tc.type: FUNC
1006 * @tc.require: DTS2023040302317
1007 */
1008 HWTEST_F(DlpPermissionKitTest, RegisterDlpSandboxChangeCallback002, TestSize.Level1)
1009 {
1010 int32_t res = DlpPermissionKit::RegisterDlpSandboxChangeCallback(nullptr);
1011 ASSERT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, res);
1012 bool result;
1013 res = DlpPermissionKit::UnregisterDlpSandboxChangeCallback(result);
1014 ASSERT_EQ(DLP_CALLBACK_PARAM_INVALID, res);
1015 }
1016
1017 /**
1018 * @tc.name: RegisterDlpSandboxChangeCallback003
1019 * @tc.desc: RegisterDlpSandboxChangeCallback.
1020 * @tc.type: FUNC
1021 * @tc.require: DTS2023040302317
1022 */
1023 HWTEST_F(DlpPermissionKitTest, RegisterDlpSandboxChangeCallback003, TestSize.Level1)
1024 {
1025 bool result;
1026 int32_t res = DlpPermissionKit::UnregisterDlpSandboxChangeCallback(result);
1027 ASSERT_EQ(DLP_CALLBACK_PARAM_INVALID, res);
1028 }
1029
1030 /**
1031 * @tc.name: DlpSandboxChangeCallback001
1032 * @tc.desc: DlpSandboxChangeCallback function test.
1033 * @tc.type: FUNC
1034 * @tc.require: DTS2023040302317
1035 */
1036 HWTEST_F(DlpPermissionKitTest, DlpSandboxChangeCallback001, TestSize.Level1)
1037 {
1038 std::shared_ptr<CbCustomizeTest> callbackPtr = nullptr;
1039 std::shared_ptr<DlpSandboxChangeCallback> callback = std::make_shared<DlpSandboxChangeCallback>(
1040 callbackPtr);
1041 ASSERT_NE(callback, nullptr);
1042 DlpSandboxCallbackInfo result;
1043 callback->DlpSandboxStateChangeCallback(result);
1044 ASSERT_EQ(callback->customizedCallback_, nullptr);
1045 }
1046
1047 /**
1048 * @tc.name: DlpSandboxChangeCallback002
1049 * @tc.desc: DlpSandboxChangeCallback function test.
1050 * @tc.type: FUNC
1051 * @tc.require: DTS2023040302317
1052 */
1053 HWTEST_F(DlpPermissionKitTest, DlpSandboxChangeCallback002, TestSize.Level1)
1054 {
1055 std::shared_ptr<CbCustomizeTest> callbackPtr = std::make_shared<CbCustomizeTest>();
1056 std::shared_ptr<DlpSandboxChangeCallback> callback = std::make_shared<DlpSandboxChangeCallback>(callbackPtr);
1057 ASSERT_NE(callback, nullptr);
1058 DlpSandboxCallbackInfo result;
1059 callback->DlpSandboxStateChangeCallback(result);
1060 ASSERT_NE(callback->customizedCallback_, nullptr);
1061 callback->Stop();
1062 }
1063
1064 /**
1065 * @tc.name: RegisterOpenDlpFileCallback001
1066 * @tc.desc: RegisterOpenDlpFileCallback.
1067 * @tc.type: FUNC
1068 * @tc.require:
1069 */
1070 HWTEST_F(DlpPermissionKitTest, RegisterOpenDlpFileCallback001, TestSize.Level1)
1071 {
1072 int32_t uid = getuid();
1073 AccessTokenID tokenId = GetSelfTokenID();
1074 TestMockApp(DLP_MANAGER_APP, 0, DEFAULT_USERID);
1075
1076 const std::shared_ptr<TestOpenDlpFileCallbackCustomize> callbackPtr =
1077 std::make_shared<TestOpenDlpFileCallbackCustomize>();
1078 ASSERT_NE(callbackPtr, nullptr);
1079 EXPECT_EQ(DLP_OK, DlpPermissionKit::RegisterOpenDlpFileCallback(callbackPtr));
1080 SandboxInfo sandboxInfo;
1081 EXPECT_EQ(DLP_OK,
1082 DlpPermissionKit::InstallDlpSandbox(DLP_MANAGER_APP, FULL_CONTROL, DEFAULT_USERID, sandboxInfo, TEST_URI));
1083 usleep(50000); // sleep 50ms
1084 EXPECT_EQ(true, callbackPtr->called);
1085 EXPECT_EQ(DLP_OK, DlpPermissionKit::UninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID));
1086 EXPECT_EQ(DLP_OK, DlpPermissionKit::UnRegisterOpenDlpFileCallback(callbackPtr));
1087
1088 TestRecoverProcessInfo(uid, tokenId);
1089 }
1090
1091 /**
1092 * @tc.name: RegisterOpenDlpFileCallback002
1093 * @tc.desc: RegisterOpenDlpFileCallback.
1094 * @tc.type: FUNC
1095 * @tc.require:
1096 */
1097 HWTEST_F(DlpPermissionKitTest, RegisterOpenDlpFileCallback002, TestSize.Level1)
1098 {
1099 EXPECT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, DlpPermissionKit::RegisterOpenDlpFileCallback(nullptr));
1100 EXPECT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, DlpPermissionKit::UnRegisterOpenDlpFileCallback(nullptr));
1101 }
1102
1103 /**
1104 * @tc.name: RegisterOpenDlpFileCallback003
1105 * @tc.desc: RegisterOpenDlpFileCallback.
1106 * @tc.type: FUNC
1107 * @tc.require:
1108 */
1109 HWTEST_F(DlpPermissionKitTest, RegisterOpenDlpFileCallback003, TestSize.Level1)
1110 {
1111 int32_t uid = getuid();
1112 AccessTokenID tokenId = GetSelfTokenID();
1113 TestMockApp(DLP_MANAGER_APP, 0, DEFAULT_USERID);
1114
1115 const std::shared_ptr<TestOpenDlpFileCallbackCustomize> callbackPtr =
1116 std::make_shared<TestOpenDlpFileCallbackCustomize>();
1117 ASSERT_NE(callbackPtr, nullptr);
1118 EXPECT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, DlpPermissionKit::UnRegisterOpenDlpFileCallback(callbackPtr));
1119
1120 TestRecoverProcessInfo(uid, tokenId);
1121 }
1122
1123 /**
1124 * @tc.name: RegisterOpenDlpFileCallback004
1125 * @tc.desc: RegisterOpenDlpFileCallback.
1126 * @tc.type: FUNC
1127 * @tc.require:
1128 */
1129 HWTEST_F(DlpPermissionKitTest, RegisterOpenDlpFileCallback004, TestSize.Level1)
1130 {
1131 int32_t uid = getuid();
1132 AccessTokenID tokenId = GetSelfTokenID();
1133 TestMockApp(DLP_MANAGER_APP, 0, DEFAULT_USERID);
1134
1135 std::vector<std::shared_ptr<TestOpenDlpFileCallbackCustomize>> ptrList;
1136 const std::shared_ptr<TestOpenDlpFileCallbackCustomize> callbackPtr =
1137 std::make_shared<TestOpenDlpFileCallbackCustomize>();
1138 ASSERT_NE(callbackPtr, nullptr);
1139 EXPECT_EQ(DLP_OK, DlpPermissionKit::RegisterOpenDlpFileCallback(callbackPtr));
1140 ptrList.emplace_back(callbackPtr);
1141 EXPECT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, DlpPermissionKit::RegisterOpenDlpFileCallback(callbackPtr));
1142 for (int32_t i = 0; i < 99; i++) {
1143 const std::shared_ptr<TestOpenDlpFileCallbackCustomize> callback =
1144 std::make_shared<TestOpenDlpFileCallbackCustomize>();
1145 ASSERT_NE(callback, nullptr);
1146 EXPECT_EQ(DLP_OK, DlpPermissionKit::RegisterOpenDlpFileCallback(callback));
1147 ptrList.emplace_back(callback);
1148 }
1149 const std::shared_ptr<TestOpenDlpFileCallbackCustomize> callback =
1150 std::make_shared<TestOpenDlpFileCallbackCustomize>();
1151 ASSERT_NE(callback, nullptr);
1152 EXPECT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID, DlpPermissionKit::RegisterOpenDlpFileCallback(callback));
1153 ptrList.emplace_back(callback);
1154 for (auto& iter : ptrList) {
1155 DlpPermissionKit::UnRegisterOpenDlpFileCallback(iter);
1156 }
1157
1158 TestRecoverProcessInfo(uid, tokenId);
1159 }
1160
1161 /**
1162 * @tc.name: OpenDlpFileCallback001
1163 * @tc.desc: OpenDlpFileCallback function test.
1164 * @tc.type: FUNC
1165 * @tc.require:
1166 */
1167 HWTEST_F(DlpPermissionKitTest, OpenDlpFileCallback001, TestSize.Level1)
1168 {
1169 std::shared_ptr<TestOpenDlpFileCallbackCustomize> callbackPtr = nullptr;
1170 std::shared_ptr<OpenDlpFileCallback> callback = std::make_shared<OpenDlpFileCallback>(callbackPtr);
1171 ASSERT_NE(callback, nullptr);
1172 OpenDlpFileCallbackInfo result;
1173 callback->OnOpenDlpFile(result);
1174 ASSERT_EQ(callback->customizedCallback_, nullptr);
1175 }
1176
1177 /**
1178 * @tc.name: OpenDlpFileCallback002
1179 * @tc.desc: OpenDlpFileCallback function test.
1180 * @tc.type: FUNC
1181 * @tc.require:
1182 */
1183 HWTEST_F(DlpPermissionKitTest, OpenDlpFileCallback002, TestSize.Level1)
1184 {
1185 std::shared_ptr<TestOpenDlpFileCallbackCustomize> callbackPtr =
1186 std::make_shared<TestOpenDlpFileCallbackCustomize>();
1187 std::shared_ptr<OpenDlpFileCallback> callback = std::make_shared<OpenDlpFileCallback>(callbackPtr);
1188 ASSERT_NE(callback, nullptr);
1189 OpenDlpFileCallbackInfo result;
1190 callback->OnOpenDlpFile(result);
1191 EXPECT_EQ(true, callbackPtr->called);
1192 ASSERT_NE(callback->customizedCallback_, nullptr);
1193 }
1194
1195 /**
1196 * @tc.name: OnGenerateDlpCertificate002
1197 * @tc.desc: OnGenerateDlpCertificate function test.
1198 * @tc.type: FUNC
1199 * @tc.require: DTS2023040302317
1200 */
1201 HWTEST_F(DlpPermissionKitTest, OnGenerateDlpCertificate002, TestSize.Level1)
1202 {
1203 std::vector<uint8_t> cert;
1204 auto generateDlpCertificateCallback = std::make_shared<ClientGenerateDlpCertificateCallback>();
1205 generateDlpCertificateCallback->OnGenerateDlpCertificate(0, cert);
1206 ASSERT_EQ(0, generateDlpCertificateCallback->result_);
1207 PermissionPolicy policy;
1208 auto parseDlpCertificateCallback = std::make_shared<ClientParseDlpCertificateCallback>();
1209 parseDlpCertificateCallback->OnParseDlpCertificate(0, policy, {});
1210 ASSERT_EQ(0, generateDlpCertificateCallback->result_);
1211 }
1212
1213 /**
1214 * @tc.name: ParseDlpCertificate002
1215 * @tc.desc: ParseDlpCertificate abnormal input test.
1216 * @tc.type: FUNC
1217 * @tc.require:AR000GVIG0
1218 */
1219 HWTEST_F(DlpPermissionKitTest, ParseDlpCertificate002, TestSize.Level1)
1220 {
1221 std::vector<uint8_t> cert;
1222 std::vector<uint8_t> offlineCert;
1223 offlineCert.push_back(1);
1224 PermissionPolicy policy;
1225 uint32_t offlineFlag = 0;
1226 ASSERT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID,
1227 DlpPermissionKit::ParseDlpCertificate(cert, offlineCert, offlineFlag, policy));
1228
1229 policy.ownerAccount_ = "test";
1230 policy.ownerAccountId_ = "test";
1231 policy.ownerAccountType_ = CLOUD_ACCOUNT;
1232 std::vector<AuthUserInfo> authUsers_;
1233 AuthUserInfo info;
1234 info.authAccount = "test";
1235 info.authPerm = FULL_CONTROL;
1236 info.permExpiryTime = 1784986283;
1237 info.authAccountType = CLOUD_ACCOUNT;
1238 authUsers_.push_back(info);
1239 uint8_t* iv = new (std::nothrow) uint8_t[16];
1240 uint8_t* aseKey = new (std::nothrow) uint8_t[16];
1241 policy.SetIv(iv, 16);
1242 policy.SetAeskey(aseKey, 16);
1243 ASSERT_EQ(DLP_SERVICE_ERROR_VALUE_INVALID,
1244 DlpPermissionKit::ParseDlpCertificate(cert, offlineCert, offlineFlag, policy));
1245 delete[] iv;
1246 delete[] aseKey;
1247 }
1248
1249 /**
1250 * @tc.name: GetDLPFileVisitRecord001
1251 * @tc.desc: GetDLPFileVisitRecord.
1252 * @tc.type: FUNC
1253 * @tc.require: AR000I38MV
1254 */
1255 HWTEST_F(DlpPermissionKitTest, GetDLPFileVisitRecord001, TestSize.Level1)
1256 {
1257 int32_t uid = getuid();
1258 AccessTokenID selfTokenId = GetSelfTokenID();
1259 std::vector<VisitedDLPFileInfo> infoVec;
1260 SandboxInfo sandboxInfo;
1261 ASSERT_EQ(DLP_OK,
1262 DlpPermissionKit::InstallDlpSandbox(DLP_MANAGER_APP, FULL_CONTROL, DEFAULT_USERID, sandboxInfo, TEST_URI));
1263 ASSERT_TRUE(sandboxInfo.appIndex != 0);
1264 TestMockApp(DLP_MANAGER_APP, 0, DEFAULT_USERID);
1265 ASSERT_TRUE(TestSetSelfTokenId(g_dlpManagerTokenId));
1266 ASSERT_EQ(DLP_OK, DlpPermissionKit::GetDLPFileVisitRecord(infoVec));
1267 DLP_LOG_INFO(LABEL, "GetDLPFileVisitRecord size:%{public}zu", infoVec.size());
1268 ASSERT_TRUE(1 == infoVec.size());
1269 setuid(g_selfUid);
1270 infoVec.clear();
1271 ASSERT_EQ(DLP_OK, DlpPermissionKit::GetDLPFileVisitRecord(infoVec));
1272 ASSERT_TRUE(0 == infoVec.size());
1273 AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(100, DLP_MANAGER_APP, sandboxInfo.appIndex);
1274 ASSERT_TRUE(TestSetSelfTokenId(tokenId));
1275 ASSERT_EQ(DLP_SERVICE_ERROR_API_NOT_FOR_SANDBOX_ERROR, DlpPermissionKit::GetDLPFileVisitRecord(infoVec));
1276 ASSERT_TRUE(TestSetSelfTokenId(g_dlpManagerTokenId));
1277 ASSERT_EQ(DLP_OK, DlpPermissionKit::UninstallDlpSandbox(DLP_MANAGER_APP, sandboxInfo.appIndex, DEFAULT_USERID));
1278
1279 TestRecoverProcessInfo(uid, selfTokenId);
1280 }
1281 } // namespace DlpPermission
1282 } // namespace Security
1283 } // namespace OHOS
1284