1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "accesstoken_deny_test.h"
17 #include "accesstoken_kit.h"
18 #include "access_token_error.h"
19 #include "token_setproc.h"
20 #ifdef TOKEN_SYNC_ENABLE
21 #include "token_sync_kit_interface.h"
22 #endif
23
24 namespace OHOS {
25 namespace Security {
26 namespace AccessToken {
27 namespace {
28 static AccessTokenID g_selfTokenId = 0;
29 static AccessTokenIDEx g_testTokenIDEx = {0};
30 static int32_t g_selfUid;
31
32 static HapPolicyParams g_PolicyPrams = {
33 .apl = APL_NORMAL,
34 .domain = "test.domain",
35 };
36
37 static HapInfoParams g_InfoParms = {
38 .userID = 1,
39 .bundleName = "ohos.test.bundle",
40 .instIndex = 0,
41 .appIDDesc = "test.bundle",
42 .isSystemApp = true
43 };
44
45 #ifdef TOKEN_SYNC_ENABLE
46 static const int32_t FAKE_SYNC_RET = 0xabcdef;
47 class TokenSyncCallbackImpl : public TokenSyncKitInterface {
GetRemoteHapTokenInfo(const std::string & deviceID,AccessTokenID tokenID) const48 int32_t GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID) const override
49 {
50 return FAKE_SYNC_RET;
51 };
52
DeleteRemoteHapTokenInfo(AccessTokenID tokenID) const53 int32_t DeleteRemoteHapTokenInfo(AccessTokenID tokenID) const override
54 {
55 return FAKE_SYNC_RET;
56 };
57
UpdateRemoteHapTokenInfo(const HapTokenInfoForSync & tokenInfo) const58 int32_t UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& tokenInfo) const override
59 {
60 return FAKE_SYNC_RET;
61 };
62 };
63 #endif
64 }
65 using namespace testing::ext;
66
SetUpTestCase()67 void AccessTokenDenyTest::SetUpTestCase()
68 {
69 g_selfTokenId = GetSelfTokenID();
70 g_selfUid = getuid();
71 }
72
TearDownTestCase()73 void AccessTokenDenyTest::TearDownTestCase()
74 {
75 setuid(g_selfUid);
76 EXPECT_EQ(0, SetSelfTokenID(g_selfTokenId));
77 GTEST_LOG_(INFO) << "PermStateChangeCallback, tokenID is " << GetSelfTokenID();
78 GTEST_LOG_(INFO) << "PermStateChangeCallback, uid is " << getuid();
79 }
80
SetUp()81 void AccessTokenDenyTest::SetUp()
82 {
83 AccessTokenKit::AllocHapToken(g_InfoParms, g_PolicyPrams);
84
85 g_testTokenIDEx = AccessTokenKit::GetHapTokenIDEx(g_InfoParms.userID,
86 g_InfoParms.bundleName,
87 g_InfoParms.instIndex);
88 ASSERT_NE(INVALID_TOKENID, g_testTokenIDEx.tokenIDEx);
89 setuid(g_selfUid);
90 EXPECT_EQ(0, SetSelfTokenID(g_testTokenIDEx.tokenIDEx));
91 setuid(1234); // 1234: UID
92 }
93
TearDown()94 void AccessTokenDenyTest::TearDown()
95 {
96 setuid(g_selfUid);
97 EXPECT_EQ(0, SetSelfTokenID(g_selfTokenId));
98 setuid(g_selfUid);
99 }
100
101 /**
102 * @tc.name: AllocHapToken001
103 * @tc.desc: AllocHapToken with no permission
104 * @tc.type: FUNC
105 * @tc.require:
106 */
107 HWTEST_F(AccessTokenDenyTest, AllocHapToken001, TestSize.Level1)
108 {
109 AccessTokenIDEx tokenIdEx = {0};
110 tokenIdEx = AccessTokenKit::AllocHapToken(g_InfoParms, g_PolicyPrams);
111 ASSERT_EQ(INVALID_TOKENID, tokenIdEx.tokenIdExStruct.tokenID);
112 }
113
114 /**
115 * @tc.name: InitHapToken001
116 * @tc.desc: InitHapToken with no permission
117 * @tc.type: FUNC
118 * @tc.require:
119 */
120 HWTEST_F(AccessTokenDenyTest, InitHapToken001, TestSize.Level1)
121 {
122 AccessTokenIDEx tokenIdEx = {0};
123 int32_t ret = AccessTokenKit::InitHapToken(g_InfoParms, g_PolicyPrams, tokenIdEx);
124 ASSERT_NE(ret, RET_SUCCESS);
125 }
126
127 /**
128 * @tc.name: AllocLocalTokenID001
129 * @tc.desc: AllocLocalTokenID with no permission
130 * @tc.type: FUNC
131 * @tc.require:
132 */
133 HWTEST_F(AccessTokenDenyTest, AllocLocalTokenID001, TestSize.Level1)
134 {
135 std::string remoteDevice = "remote device";
136 AccessTokenID tokenId = 123;
137 AccessTokenID localTokenId = AccessTokenKit::AllocLocalTokenID(remoteDevice, tokenId);
138 ASSERT_EQ(INVALID_TOKENID, localTokenId);
139 }
140
141 /**
142 * @tc.name: UpdateHapToken001
143 * @tc.desc: UpdateHapToken with no permission
144 * @tc.type: FUNC
145 * @tc.require:
146 */
147 HWTEST_F(AccessTokenDenyTest, UpdateHapToken001, TestSize.Level1)
148 {
149 AccessTokenIDEx tokenIdEx = {0};
150 tokenIdEx.tokenIdExStruct.tokenID = 123;
151 UpdateHapInfoParams info;
152 info.appIDDesc = "appId desc";
153 info.apiVersion = 9;
154 info.isSystemApp = false;
155 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED,
156 AccessTokenKit::UpdateHapToken(tokenIdEx, info, g_PolicyPrams));
157 }
158
159 /**
160 * @tc.name: DeleteToken001
161 * @tc.desc: DeleteToken with no permission
162 * @tc.type: FUNC
163 * @tc.require:
164 */
165 HWTEST_F(AccessTokenDenyTest, DeleteToken001, TestSize.Level1)
166 {
167 AccessTokenID tokenId = 123;
168 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::DeleteToken(tokenId));
169 }
170
171 /**
172 * @tc.name: CheckNativeDCap001
173 * @tc.desc: CheckNativeDCap with no permission
174 * @tc.type: FUNC
175 * @tc.require:
176 */
177 HWTEST_F(AccessTokenDenyTest, CheckNativeDCap001, TestSize.Level1)
178 {
179 AccessTokenID tokenId = 123;
180 const std::string dcap = "AT_CAP";
181 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::CheckNativeDCap(tokenId, dcap));
182 }
183
184 /**
185 * @tc.name: GetHapTokenID001
186 * @tc.desc: GetHapTokenID with no permission
187 * @tc.type: FUNC
188 * @tc.require:
189 */
190 HWTEST_F(AccessTokenDenyTest, GetHapTokenID001, TestSize.Level1)
191 {
192 int32_t userID = 0;
193 std::string bundleName = "test";
194 int32_t instIndex = 0;
195 AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(userID, bundleName, instIndex);
196 ASSERT_EQ(INVALID_TOKENID, tokenId);
197 }
198
199 /**
200 * @tc.name: GetHapTokenInfo001
201 * @tc.desc: GetHapTokenInfo with no permission
202 * @tc.type: FUNC
203 * @tc.require:
204 */
205 HWTEST_F(AccessTokenDenyTest, GetHapTokenInfo001, TestSize.Level1)
206 {
207 AccessTokenID tokenId = 123;
208 HapTokenInfo tokenInfo;
209 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::GetHapTokenInfo(tokenId, tokenInfo));
210 }
211
212 /**
213 * @tc.name: GetNativeTokenInfo001
214 * @tc.desc: GetNativeTokenInfo with no permission
215 * @tc.type: FUNC
216 * @tc.require:
217 */
218 HWTEST_F(AccessTokenDenyTest, GetNativeTokenInfo001, TestSize.Level1)
219 {
220 AccessTokenID tokenId = 805920561; //805920561 is a native tokenId.
221 NativeTokenInfo tokenInfo;
222 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::GetNativeTokenInfo(tokenId, tokenInfo));
223 }
224
225 /**
226 * @tc.name: GetPermissionFlag001
227 * @tc.desc: GetPermissionFlag with no permission
228 * @tc.type: FUNC
229 * @tc.require:
230 */
231 HWTEST_F(AccessTokenDenyTest, GetPermissionFlag001, TestSize.Level1)
232 {
233 AccessTokenID tokenId = 123;
234 std::string permission = "ohos.permission.CAMERA";
235 uint32_t flag;
236 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::GetPermissionFlag(tokenId, permission, flag));
237 }
238
239 /**
240 * @tc.name: SetPermissionRequestToggleStatus001
241 * @tc.desc: SetPermissionRequestToggleStatus with no permission
242 * @tc.type: FUNC
243 * @tc.require:
244 */
245 HWTEST_F(AccessTokenDenyTest, SetPermissionRequestToggleStatus001, TestSize.Level1)
246 {
247 int32_t userID = 123;
248 uint32_t status = PermissionRequestToggleStatus::CLOSED;
249 std::string permission = "ohos.permission.CAMERA";
250
251 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::SetPermissionRequestToggleStatus(
252 permission, status, userID));
253 }
254
255 /**
256 * @tc.name: GetPermissionRequestToggleStatus001
257 * @tc.desc: GetPermissionRequestToggleStatus with no permission
258 * @tc.type: FUNC
259 * @tc.require:
260 */
261 HWTEST_F(AccessTokenDenyTest, GetPermissionRequestToggleStatus001, TestSize.Level1)
262 {
263 int32_t userID = 123;
264 uint32_t status;
265 std::string permission = "ohos.permission.CAMERA";
266
267 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::GetPermissionRequestToggleStatus(
268 permission, status, userID));
269 }
270
271 /**
272 * @tc.name: GrantPermission001
273 * @tc.desc: GrantPermission with no permission
274 * @tc.type: FUNC
275 * @tc.require:
276 */
277 HWTEST_F(AccessTokenDenyTest, GrantPermission001, TestSize.Level1)
278 {
279 AccessTokenID tokenId = 123;
280 std::string permission = "ohos.permission.CAMERA";
281 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED,
282 AccessTokenKit::GrantPermission(tokenId, permission, PERMISSION_USER_FIXED));
283 }
284
285 /**
286 * @tc.name: RevokePermission001
287 * @tc.desc: RevokePermission with no permission
288 * @tc.type: FUNC
289 * @tc.require:
290 */
291 HWTEST_F(AccessTokenDenyTest, RevokePermission001, TestSize.Level1)
292 {
293 AccessTokenID tokenId = 123;
294 std::string permission = "ohos.permission.CAMERA";
295 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED,
296 AccessTokenKit::RevokePermission(tokenId, permission, PERMISSION_USER_FIXED));
297 }
298
299 /**
300 * @tc.name: ClearUserGrantedPermissionState001
301 * @tc.desc: ClearUserGrantedPermissionState with no permission
302 * @tc.type: FUNC
303 * @tc.require:
304 */
305 HWTEST_F(AccessTokenDenyTest, ClearUserGrantedPermissionState001, TestSize.Level1)
306 {
307 AccessTokenID tokenId = 123;
308 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::ClearUserGrantedPermissionState(tokenId));
309 }
310
311 class CbCustomizeTest1 : public PermStateChangeCallbackCustomize {
312 public:
CbCustomizeTest1(const PermStateChangeScope & scopeInfo)313 explicit CbCustomizeTest1(const PermStateChangeScope &scopeInfo)
314 : PermStateChangeCallbackCustomize(scopeInfo)
315 {
316 }
~CbCustomizeTest1()317 ~CbCustomizeTest1() {}
318
PermStateChangeCallback(PermStateChangeInfo & result)319 virtual void PermStateChangeCallback(PermStateChangeInfo& result)
320 {
321 }
322 };
323
324 /**
325 * @tc.name: RegisterPermStateChangeCallback001
326 * @tc.desc: RegisterPermStateChangeCallback with no permission
327 * @tc.type: FUNC
328 * @tc.require:
329 */
330 HWTEST_F(AccessTokenDenyTest, RegisterPermStateChangeCallback001, TestSize.Level1)
331 {
332 PermStateChangeScope scopeInfo;
333 scopeInfo.permList = {"ohos.permission.CAMERA"};
334 scopeInfo.tokenIDs = {};
335 auto callbackPtr = std::make_shared<CbCustomizeTest1>(scopeInfo);
336 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr));
337 }
338
339 /**
340 * @tc.name: UnregisterPermStateChangeCallback001
341 * @tc.desc: UnRegisterPermStateChangeCallback with no permission
342 * @tc.type: FUNC
343 * @tc.require:
344 */
345 HWTEST_F(AccessTokenDenyTest, UnregisterPermStateChangeCallback001, TestSize.Level1)
346 {
347 setuid(g_selfUid);
348
349 PermissionStateFull testState = {
350 .permissionName = "ohos.permission.GET_SENSITIVE_PERMISSIONS",
351 .isGeneral = true,
352 .resDeviceID = {"local"},
353 .grantStatus = {PermissionState::PERMISSION_GRANTED},
354 .grantFlags = {1}
355 };
356 HapPolicyParams policyPrams = {
357 .apl = APL_NORMAL,
358 .domain = "test.domain",
359 .permList = {},
360 .permStateList = {testState}
361 };
362 AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_InfoParms, policyPrams);
363 ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIdExStruct.tokenID);
364 EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx));
365
366 PermStateChangeScope scopeInfo;
367 scopeInfo.permList = {"ohos.permission.CAMERA"};
368 scopeInfo.tokenIDs = {};
369 auto callbackPtr = std::make_shared<CbCustomizeTest1>(scopeInfo);
370 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr));
371
372 EXPECT_EQ(0, SetSelfTokenID(g_testTokenIDEx.tokenIDEx));
373
374 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr));
375
376 EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx));
377 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr));
378
379 setuid(g_selfUid);
380 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenIdEx.tokenIdExStruct.tokenID));
381 }
382
383 /**
384 * @tc.name: ReloadNativeTokenInfo001
385 * @tc.desc: ReloadNativeTokenInfo with no permission
386 * @tc.type: FUNC
387 * @tc.require:
388 */
389 HWTEST_F(AccessTokenDenyTest, ReloadNativeTokenInfo001, TestSize.Level1)
390 {
391 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::ReloadNativeTokenInfo());
392 }
393
394 /**
395 * @tc.name: GetNativeTokenId001
396 * @tc.desc: Verify the GetNativeTokenId abnormal branch return nullptr proxy.
397 * @tc.type: FUNC
398 * @tc.require: Issue Number
399 */
400 HWTEST_F(AccessTokenDenyTest, GetNativeTokenId001, TestSize.Level1)
401 {
402 std::string processName = "hdcd";
403 AccessTokenID tokenID = AccessTokenKit::GetNativeTokenId(processName);
404 ASSERT_EQ(INVALID_TOKENID, tokenID);
405 }
406
407 /**
408 * @tc.name: DumpTokenInfo001
409 * @tc.desc: Verify the DumpTokenInfo abnormal branch return nullptr proxy.
410 * @tc.type: FUNC
411 * @tc.require:Issue Number
412 */
413 HWTEST_F(AccessTokenDenyTest, DumpTokenInfo001, TestSize.Level1)
414 {
415 std::string dumpInfo;
416 AtmToolsParamInfo info;
417 info.tokenId = 123;
418 AccessTokenKit::DumpTokenInfo(info, dumpInfo);
419 ASSERT_EQ("", dumpInfo);
420 }
421
422 #ifdef TOKEN_SYNC_ENABLE
423 /**
424 * @tc.name: GetHapTokenInfoFromRemote001
425 * @tc.desc: GetHapTokenInfoFromRemote with no permission
426 * @tc.type: FUNC
427 * @tc.require:
428 */
429 HWTEST_F(AccessTokenDenyTest, GetHapTokenInfoFromRemote001, TestSize.Level1)
430 {
431 AccessTokenID tokenId = 123;
432 HapTokenInfoForSync hapSync;
433 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::GetHapTokenInfoFromRemote(tokenId, hapSync));
434 }
435
436 /**
437 * @tc.name: SetRemoteHapTokenInfo001
438 * @tc.desc: SetRemoteHapTokenInfo with no permission
439 * @tc.type: FUNC
440 * @tc.require:
441 */
442 HWTEST_F(AccessTokenDenyTest, SetRemoteHapTokenInfo001, TestSize.Level1)
443 {
444 std::string device = "device";
445 HapTokenInfoForSync hapSync;
446 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::SetRemoteHapTokenInfo(device, hapSync));
447 }
448
449 /**
450 * @tc.name: DeleteRemoteToken001
451 * @tc.desc: DeleteRemoteToken with no permission
452 * @tc.type: FUNC
453 * @tc.require:
454 */
455 HWTEST_F(AccessTokenDenyTest, DeleteRemoteToken001, TestSize.Level1)
456 {
457 std::string device = "device";
458 AccessTokenID tokenId = 123;
459 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::DeleteRemoteToken(device, tokenId));
460 }
461
462 /**
463 * @tc.name: GetRemoteNativeTokenID001
464 * @tc.desc: GetRemoteNativeTokenID with no permission
465 * @tc.type: FUNC
466 * @tc.require:
467 */
468 HWTEST_F(AccessTokenDenyTest, GetRemoteNativeTokenID001, TestSize.Level1)
469 {
470 std::string device = "device";
471 AccessTokenID tokenId = 123;
472 ASSERT_EQ(INVALID_TOKENID, AccessTokenKit::GetRemoteNativeTokenID(device, tokenId));
473 }
474
475 /**
476 * @tc.name: DeleteRemoteDeviceTokens001
477 * @tc.desc: DeleteRemoteDeviceTokens with no permission
478 * @tc.type: FUNC
479 * @tc.require:
480 */
481 HWTEST_F(AccessTokenDenyTest, DeleteRemoteDeviceTokens001, TestSize.Level1)
482 {
483 std::string device = "device";
484 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::DeleteRemoteDeviceTokens(device));
485 }
486
487 HWTEST_F(AccessTokenDenyTest, RegisterTokenSyncCallback001, TestSize.Level1)
488 {
489 std::shared_ptr<TokenSyncKitInterface> callback = std::make_shared<TokenSyncCallbackImpl>();
490 EXPECT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::RegisterTokenSyncCallback(callback));
491 EXPECT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::UnRegisterTokenSyncCallback());
492 }
493 #endif
494
495 /**
496 * @tc.name: SetPermDialogCap001
497 * @tc.desc: SetPermDialogCap with no permission
498 * @tc.type: FUNC
499 * @tc.require:
500 */
501 HWTEST_F(AccessTokenDenyTest, SetPermDialogCap001, TestSize.Level1)
502 {
503 HapBaseInfo hapBaseInfo;
504 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::SetPermDialogCap(hapBaseInfo, true));
505 }
506
507 /**
508 * @tc.name: GrantPermissionForSpecifiedTime001
509 * @tc.desc: GrantPermissionForSpecifiedTime with no permission
510 * @tc.type: FUNC
511 * @tc.require:
512 */
513 HWTEST_F(AccessTokenDenyTest, GrantPermissionForSpecifiedTime001, TestSize.Level1)
514 {
515 AccessTokenID tokenId = 123;
516 std::string permission = "permission";
517 uint32_t onceTime = 1;
518 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED,
519 AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, permission, onceTime));
520 }
521 } // namespace AccessToken
522 } // namespace Security
523 } // namespace OHOS
524
525