1 /*
2  * Copyright (c) 2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "accesstoken_short_time_permission_test.h"
17 #include "accesstoken_kit.h"
18 #include "access_token_error.h"
19 #include "nativetoken_kit.h"
20 #include "token_setproc.h"
21 
22 namespace OHOS {
23 namespace Security {
24 namespace AccessToken {
25 namespace {
26 static const int32_t INDEX_ZERO = 0;
27 static std::string SHORT_TEMP_PERMISSION = "ohos.permission.SHORT_TERM_WRITE_IMAGEVIDEO"; // todo
28 static PermissionStateFull g_permiState = {
29     .permissionName = SHORT_TEMP_PERMISSION,
30     .isGeneral = true,
31     .resDeviceID = {"localC"},
32     .grantStatus = {PermissionState::PERMISSION_GRANTED},
33     .grantFlags = {1}
34 };
35 
36 static HapPolicyParams g_policyPrams = {
37     .apl = APL_NORMAL,
38     .domain = "test.domain",
39     .permStateList = {g_permiState}
40 };
41 
42 static HapInfoParams g_infoParms = {
43     .userID = 1,
44     .bundleName = "AccessTokenShortTimePermTest",
45     .instIndex = 0,
46     .appIDDesc = "test.bundle",
47     .isSystemApp = true
48 };
49 }
50 
GetNativeTokenTest(const char * processName,const char ** perms,int32_t permNum)51 static uint64_t GetNativeTokenTest(const char *processName, const char **perms, int32_t permNum)
52 {
53     uint64_t tokenId;
54     NativeTokenInfoParams infoInstance = {
55         .dcapsNum = 0,
56         .permsNum = permNum,
57         .aclsNum = 0,
58         .dcaps = nullptr,
59         .perms = perms,
60         .acls = nullptr,
61         .aplStr = "system_core",
62         .processName = processName,
63     };
64 
65     tokenId = GetAccessTokenId(&infoInstance);
66     AccessTokenKit::ReloadNativeTokenInfo();
67     return tokenId;
68 }
69 
NativeTokenGet()70 static void NativeTokenGet()
71 {
72     uint64_t tokenID;
73     const char **perms = new const char *[1]; // 1: array size
74     // todo
75     perms[INDEX_ZERO] = "ohos.permission.DISTRIBUTED_DATASYNC";
76 
77     tokenID = GetNativeTokenTest("AccessTokenShortTimePermTest", perms, 1); // 1: array size
78     EXPECT_EQ(0, SetSelfTokenID(tokenID));
79     delete[] perms;
80 }
81 
82 using namespace testing::ext;
83 
SetUpTestCase()84 void AccessTokenShortTimePermTest::SetUpTestCase()
85 {
86     NativeTokenGet();
87     GTEST_LOG_(INFO) << "tokenID is " << GetSelfTokenID();
88     GTEST_LOG_(INFO) << "uid is " << getuid();
89 }
90 
TearDownTestCase()91 void AccessTokenShortTimePermTest::TearDownTestCase()
92 {
93 }
94 
SetUp()95 void AccessTokenShortTimePermTest::SetUp()
96 {
97     AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoParms.userID,
98                                                           g_infoParms.bundleName,
99                                                           g_infoParms.instIndex);
100     AccessTokenKit::DeleteToken(tokenID);
101 
102     AccessTokenKit::AllocHapToken(g_infoParms, g_policyPrams);
103 }
104 
TearDown()105 void AccessTokenShortTimePermTest::TearDown()
106 {
107     AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoParms.userID,
108                                                           g_infoParms.bundleName,
109                                                           g_infoParms.instIndex);
110     AccessTokenKit::DeleteToken(tokenID);
111 }
112 
113 /**
114  * @tc.name: GrantPermissionForSpecifiedTime001
115  * @tc.desc: GrantPermissionForSpecifiedTime without invalid parameter.
116  * @tc.type: FUNC
117  * @tc.require:Issue Number
118  */
119 HWTEST_F(AccessTokenShortTimePermTest, GrantPermissionForSpecifiedTime001, TestSize.Level1)
120 {
121     AccessTokenID tokenId = INVALID_TOKENID;
122     uint32_t onceTime = 0;
123 
124     /* 0 is invalid token id */
125     ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID,
126         AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, "permission", onceTime));
127 
128     tokenId = 123;
129     /* 0 is invalid permissionName length */
130     const std::string invalidPerm1 = "";
131     ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID,
132         AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, invalidPerm1, onceTime));
133 
134     /* 256 is invalid permissionName length */
135     const std::string invalidPerm2 (257, 'x');
136     ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID,
137         AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, invalidPerm2, onceTime));
138 
139     /* 0 is invalid time */
140     uint32_t invalidOnceTime1 = 0;
141     ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID,
142         AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, SHORT_TEMP_PERMISSION, invalidOnceTime1));
143 
144     /* 301 is invalid time */
145     uint32_t invalidOnceTime2 = 301;
146     ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID,
147         AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, SHORT_TEMP_PERMISSION, invalidOnceTime2));
148 }
149 
150 /**
151  * @tc.name: GrantPermissionForSpecifiedTime003
152  * @tc.desc: permission is not request.
153  * @tc.type: FUNC
154  * @tc.require:Issue Number
155  */
156 HWTEST_F(AccessTokenShortTimePermTest, GrantPermissionForSpecifiedTime003, TestSize.Level1)
157 {
158     HapPolicyParams policyPrams = g_policyPrams;
159     HapInfoParams infoParms = g_infoParms;
160     policyPrams.permStateList.clear();
161 
162     AccessTokenKit::AllocHapToken(infoParms, policyPrams);
163     AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(infoParms.userID,
164                                                           infoParms.bundleName,
165                                                           infoParms.instIndex);
166     ASSERT_NE(INVALID_TOKENID, tokenID);
167     uint32_t onceTime = 10; // 10: 10s
168 
169     ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID,
170         AccessTokenKit::GrantPermissionForSpecifiedTime(tokenID, SHORT_TEMP_PERMISSION, onceTime));
171 }
172 
173 /**
174  * @tc.name: GrantPermissionForSpecifiedTime002
175  * @tc.desc: test unsupport permission.
176  * @tc.type: FUNC
177  * @tc.require:Issue Number
178  */
179 HWTEST_F(AccessTokenShortTimePermTest, GrantPermissionForSpecifiedTime002, TestSize.Level1)
180 {
181     AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoParms.userID,
182                                                           g_infoParms.bundleName,
183                                                           g_infoParms.instIndex);
184     ASSERT_NE(INVALID_TOKENID, tokenID);
185     uint32_t onceTime = 10; // 10: 10s
186     std::string permission = "ohos.permission.CAMERA";
187 
188     ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID,
189         AccessTokenKit::GrantPermissionForSpecifiedTime(tokenID, permission, onceTime));
190 }
191 
192 /**
193  * @tc.name: GrantPermissionForSpecifiedTime004
194  * @tc.desc: 1. The permission is granted when onceTime is not reached;
195  *           2. The permission is revoked after onceTime is reached.
196  * @tc.type: FUNC
197  * @tc.require:Issue Number
198  */
199 HWTEST_F(AccessTokenShortTimePermTest, GrantPermissionForSpecifiedTime004, TestSize.Level1)
200 {
201     AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoParms.userID,
202                                                           g_infoParms.bundleName,
203                                                           g_infoParms.instIndex);
204     ASSERT_NE(INVALID_TOKENID, tokenID);
205     uint32_t onceTime = 2;
206 
207     ASSERT_EQ(RET_SUCCESS,
208         AccessTokenKit::GrantPermissionForSpecifiedTime(tokenID, SHORT_TEMP_PERMISSION, onceTime));
209 
210     ASSERT_EQ(PermissionState::PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
211 
212     sleep(onceTime + 1);
213 
214     ASSERT_EQ(PermissionState::PERMISSION_DENIED,
215         AccessTokenKit::VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION, true));
216 }
217 
218 /**
219  * @tc.name: GrantPermissionForSpecifiedTime005
220  * @tc.desc: 1. The permission is granted when onceTime is not reached;
221  *           2. onceTime is update when GrantPermissionForSpecifiedTime is called twice.
222  * @tc.type: FUNC
223  * @tc.require:Issue Number
224  */
225 HWTEST_F(AccessTokenShortTimePermTest, GrantPermissionForSpecifiedTime005, TestSize.Level1)
226 {
227     AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoParms.userID,
228                                                           g_infoParms.bundleName,
229                                                           g_infoParms.instIndex);
230     ASSERT_NE(INVALID_TOKENID, tokenID);
231     uint32_t onceTime = 3;
232 
233     ASSERT_EQ(RET_SUCCESS,
234         AccessTokenKit::GrantPermissionForSpecifiedTime(tokenID, SHORT_TEMP_PERMISSION, onceTime));
235     sleep(onceTime - 1);
236     ASSERT_EQ(PermissionState::PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
237 
238     // update onceTime
239     onceTime = 5;
240     ASSERT_EQ(RET_SUCCESS,
241         AccessTokenKit::GrantPermissionForSpecifiedTime(tokenID, SHORT_TEMP_PERMISSION, onceTime));
242 
243     // first onceTime is reached, permission is not revoked
244     sleep(1);
245     ASSERT_EQ(PermissionState::PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
246 
247     // second onceTime is reached, permission is revoked
248     sleep(onceTime);
249     ASSERT_EQ(PermissionState::PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
250 }
251 } // namespace AccessToken
252 } // namespace Security
253 } // namespace OHOS