1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "app_installation_optimized_test.h"
17 #include <thread>
18
19 #include "access_token_error.h"
20 #include "accesstoken_log.h"
21 #include "accesstoken_service_ipc_interface_code.h"
22 #include "native_token_info_for_sync_parcel.h"
23 #include "nativetoken_kit.h"
24 #include "permission_grant_info.h"
25 #include "permission_state_change_info_parcel.h"
26 #include "string_ex.h"
27 #include "tokenid_kit.h"
28 #include "token_setproc.h"
29
30 using namespace testing::ext;
31 namespace OHOS {
32 namespace Security {
33 namespace AccessToken {
34 namespace {
35 const std::string MANAGE_HAP_TOKENID_PERMISSION = "ohos.permission.MANAGE_HAP_TOKENID";
36 const std::string CERT_PERMISSION = "ohos.permission.ACCESS_CERT_MANAGER";
37 const std::string MICROPHONE_PERMISSION = "ohos.permission.MICROPHONE";
38 const std::string CAMERA_PERMISSION = "ohos.permission.CAMERA";
39 const std::string ACCESS_BLUETOOTH_PERMISSION = "ohos.permission.ACCESS_BLUETOOTH";
40 static constexpr int32_t DEFAULT_API_VERSION = 8;
41 static constexpr int32_t MAX_PERM_LIST_SIZE = 1024;
42 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE,
43 SECURITY_DOMAIN_ACCESSTOKEN, "AppInstallationOptimizedTest"};
44
45 PermissionStateFull g_tddPermReq = {
46 .permissionName = MANAGE_HAP_TOKENID_PERMISSION,
47 .isGeneral = true,
48 .resDeviceID = {"device3"},
49 .grantStatus = {PermissionState::PERMISSION_GRANTED},
50 .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED}
51 };
52
53 PermissionStateFull g_tddPermGrant = {
54 .permissionName = "ohos.permission.GRANT_SENSITIVE_PERMISSIONS",
55 .isGeneral = true,
56 .resDeviceID = {"device3"},
57 .grantStatus = {PermissionState::PERMISSION_GRANTED},
58 .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED}
59 };
60
61 PermissionStateFull g_tddPermRevoke = {
62 .permissionName = "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS",
63 .isGeneral = true,
64 .resDeviceID = {"device3"},
65 .grantStatus = {PermissionState::PERMISSION_GRANTED},
66 .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED}
67 };
68 PermissionStateFull g_infoManagerCameraState = {
69 .permissionName = CAMERA_PERMISSION,
70 .isGeneral = true,
71 .resDeviceID = {"local2"},
72 .grantStatus = {PermissionState::PERMISSION_DENIED},
73 .grantFlags = {0}
74 };
75
76 PermissionStateFull g_infoBlueToothManagerState = {
77 .permissionName = ACCESS_BLUETOOTH_PERMISSION,
78 .isGeneral = true,
79 .resDeviceID = {"local2"},
80 .grantStatus = {PermissionState::PERMISSION_DENIED},
81 .grantFlags = {0}
82 };
83
84 PermissionStateFull g_infoManagerMicrophoneState = {
85 .permissionName = MICROPHONE_PERMISSION,
86 .isGeneral = true,
87 .resDeviceID = {"local2"},
88 .grantStatus = {PermissionState::PERMISSION_DENIED},
89 .grantFlags = {0}
90 };
91
92 PermissionStateFull g_infoManagerCertState = {
93 .permissionName = CERT_PERMISSION,
94 .isGeneral = true,
95 .resDeviceID = {"local3"},
96 .grantStatus = {PermissionState::PERMISSION_DENIED},
97 .grantFlags = {0}
98 };
99
100 PermissionStateFull g_infoManagerTestState4 = {
101 .permissionName = "ohos.permission.ACCESS_BUNDLE_DIR",
102 .isGeneral = true,
103 .resDeviceID = {"local3"},
104 .grantStatus = {PermissionState::PERMISSION_DENIED},
105 .grantFlags = {0}
106 };
107
108 PermissionStateFull g_infoManagerTestStateMdm = {
109 .permissionName = "ohos.permission.SET_ENTERPRISE_INFO",
110 .isGeneral = true,
111 .resDeviceID = {"local3"},
112 .grantStatus = {PermissionState::PERMISSION_DENIED},
113 .grantFlags = {0}
114 };
115
116 HapInfoParams g_tddHapInfoParams = {
117 .userID = 1,
118 .bundleName = "AppInstallationOptimizedTest",
119 .instIndex = 0,
120 .appIDDesc = "test2",
121 .apiVersion = 11, // api version is 11
122 .isSystemApp = true
123 };
124
125 HapPolicyParams g_tddPolicyParams = {
126 .apl = APL_NORMAL,
127 .domain = "test.domain2",
128 .permStateList = {g_tddPermReq, g_tddPermGrant, g_tddPermRevoke}
129 };
130
131 HapInfoParams g_testHapInfoParams = {
132 .userID = 1,
133 .bundleName = "testName",
134 .instIndex = 0,
135 .appIDDesc = "test2",
136 .apiVersion = 11 // api version is 11
137 };
138
139 HapPolicyParams g_testPolicyParams = {
140 .apl = APL_NORMAL,
141 .domain = "test.domain2",
142 .permStateList = {
143 g_infoManagerCameraState,
144 g_infoManagerMicrophoneState,
145 g_infoManagerCertState
146 }
147 };
148 uint64_t g_selfShellTokenId;
149 }
150
SetUpTestCase()151 void AppInstallationOptimizedTest::SetUpTestCase()
152 {
153 g_selfShellTokenId = GetSelfTokenID();
154 // clean up test cases
155 AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(g_tddHapInfoParams.userID,
156 g_tddHapInfoParams.bundleName,
157 g_tddHapInfoParams.instIndex);
158 AccessTokenKit::DeleteToken(tokenId);
159
160 tokenId = AccessTokenKit::GetHapTokenID(g_testHapInfoParams.userID,
161 g_testHapInfoParams.bundleName,
162 g_testHapInfoParams.instIndex);
163 AccessTokenKit::DeleteToken(tokenId);
164 AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_tddHapInfoParams, g_tddPolicyParams);
165 SetSelfTokenID(tokenIdEx.tokenIDEx);
166 }
167
TearDownTestCase()168 void AppInstallationOptimizedTest::TearDownTestCase()
169 {
170 AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(g_tddHapInfoParams.userID,
171 g_tddHapInfoParams.bundleName,
172 g_tddHapInfoParams.instIndex);
173 AccessTokenKit::DeleteToken(tokenId);
174 }
175
SetUp()176 void AppInstallationOptimizedTest::SetUp()
177 {
178 ACCESSTOKEN_LOG_INFO(LABEL, "SetUp ok.");
179 }
180
TearDown()181 void AppInstallationOptimizedTest::TearDown()
182 {
183 }
184
185 /**
186 * @tc.name: InitHapToken001
187 * @tc.desc:Init a tokenId successfully, delete it successfully the first time and fail to delete it again.
188 * @tc.type: FUNC
189 * @tc.require: Issue Number
190 */
191 HWTEST_F(AppInstallationOptimizedTest, InitHapToken001, TestSize.Level1)
192 {
193 AccessTokenIDEx fullTokenId;
194 int32_t ret = AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullTokenId);
195 GTEST_LOG_(INFO) << "tokenID :" << fullTokenId.tokenIdExStruct.tokenID;
196 EXPECT_EQ(RET_SUCCESS, ret);
197 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
198 ASSERT_NE(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
199 }
200
201 /**
202 * @tc.name: InitHapToken002
203 * @tc.desc:
204 * @tc.type: FUNC
205 * @tc.require: Issue Number
206 */
207 HWTEST_F(AppInstallationOptimizedTest, InitHapToken002, TestSize.Level1)
208 {
209 HapPolicyParams testPolicyParams = {
210 .apl = APL_SYSTEM_BASIC,
211 .domain = "test.domain2",
212 .permStateList = {g_infoManagerCertState}
213 };
214 AccessTokenIDEx fullTokenId;
215 int32_t res = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParams, fullTokenId);
216 GTEST_LOG_(INFO) << "tokenID :" << fullTokenId.tokenIdExStruct.tokenID;
217 EXPECT_EQ(RET_SUCCESS, res);
218 int32_t ret = AccessTokenKit::VerifyAccessToken(
219 fullTokenId.tokenIdExStruct.tokenID, CERT_PERMISSION);
220 EXPECT_EQ(ret, PERMISSION_GRANTED);
221 std::vector<PermissionStateFull> permStatList;
222 res = AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, permStatList, true);
223 ASSERT_EQ(RET_SUCCESS, res);
224 ASSERT_EQ(static_cast<uint32_t>(1), permStatList.size());
225 ASSERT_EQ(CERT_PERMISSION, permStatList[0].permissionName);
226 EXPECT_EQ(permStatList[0].grantFlags[0], PERMISSION_SYSTEM_FIXED);
227 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
228 }
229
230 /**
231 * @tc.name: InitHapToken003
232 * @tc.desc:
233 * @tc.type: FUNC
234 * @tc.require: Issue Number
235 */
236 HWTEST_F(AppInstallationOptimizedTest, InitHapToken003, TestSize.Level1)
237 {
238 HapPolicyParams testPolicyParams = {
239 .apl = APL_NORMAL,
240 .domain = "test.domain2",
241 .permStateList = {g_infoManagerMicrophoneState}
242 };
243 AccessTokenIDEx fullTokenId;
244 int32_t res = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParams, fullTokenId);
245 EXPECT_EQ(RET_SUCCESS, res);
246 int32_t ret = AccessTokenKit::VerifyAccessToken(
247 fullTokenId.tokenIdExStruct.tokenID, MICROPHONE_PERMISSION);
248 EXPECT_EQ(ret, PERMISSION_DENIED);
249 uint32_t flag;
250 AccessTokenKit::GetPermissionFlag(
251 fullTokenId.tokenIdExStruct.tokenID, MICROPHONE_PERMISSION, flag);
252 EXPECT_EQ(flag, PERMISSION_DEFAULT_FLAG);
253 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
254 }
255
256 /**
257 * @tc.name: InitHapToken004
258 * @tc.desc:
259 * @tc.type: FUNC
260 * @tc.require: Issue Number
261 */
262 HWTEST_F(AppInstallationOptimizedTest, InitHapToken004, TestSize.Level1)
263 {
264 PreAuthorizationInfo info1 = {
265 .permissionName = MICROPHONE_PERMISSION,
266 .userCancelable = false
267 };
268 HapPolicyParams testPolicyParams = {
269 .apl = APL_NORMAL,
270 .domain = "test.domain2",
271 .permStateList = {g_infoManagerMicrophoneState},
272 .preAuthorizationInfo = {info1},
273 };
274 AccessTokenIDEx fullTokenId;
275 int32_t res = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParams, fullTokenId);
276 EXPECT_EQ(RET_SUCCESS, res);
277 int32_t ret = AccessTokenKit::VerifyAccessToken(
278 fullTokenId.tokenIdExStruct.tokenID, MICROPHONE_PERMISSION);
279 EXPECT_EQ(ret, PERMISSION_GRANTED);
280 std::vector<PermissionStateFull> permStatList;
281 res = AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, permStatList, false);
282 ASSERT_EQ(RET_SUCCESS, res);
283 ASSERT_EQ(static_cast<uint32_t>(1), permStatList.size());
284 ASSERT_EQ(MICROPHONE_PERMISSION, permStatList[0].permissionName);
285 EXPECT_EQ(permStatList[0].grantFlags[0], PERMISSION_SYSTEM_FIXED);
286 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
287 }
288
289
290 /**
291 * @tc.name: InitHapToken005
292 * @tc.desc:
293 * @tc.type: FUNC
294 * @tc.require: Issue Number
295 */
296 HWTEST_F(AppInstallationOptimizedTest, InitHapToken005, TestSize.Level1)
297 {
298 PreAuthorizationInfo info1 = {
299 .permissionName = MICROPHONE_PERMISSION,
300 .userCancelable = true
301 };
302 HapPolicyParams testPolicyParams = {
303 .apl = APL_NORMAL,
304 .domain = "test.domain2",
305 .permStateList = {g_infoManagerMicrophoneState},
306 .preAuthorizationInfo = {info1},
307 };
308 AccessTokenIDEx fullTokenId;
309 int32_t res = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParams, fullTokenId);
310 EXPECT_EQ(RET_SUCCESS, res);
311 int32_t ret = AccessTokenKit::VerifyAccessToken(
312 fullTokenId.tokenIdExStruct.tokenID, MICROPHONE_PERMISSION);
313 EXPECT_EQ(ret, PERMISSION_GRANTED);
314
315 std::vector<PermissionStateFull> permStatList;
316 res = AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, permStatList, false);
317 ASSERT_EQ(RET_SUCCESS, res);
318 ASSERT_EQ(static_cast<uint32_t>(1), permStatList.size());
319 ASSERT_EQ(MICROPHONE_PERMISSION, permStatList[0].permissionName);
320 EXPECT_EQ(permStatList[0].grantFlags[0], PERMISSION_GRANTED_BY_POLICY);
321 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
322 }
323
324 /**
325 * @tc.name: InitHapToken006
326 * @tc.desc:
327 * @tc.type: FUNC
328 * @tc.require: Issue Number
329 */
330 HWTEST_F(AppInstallationOptimizedTest, InitHapToken006, TestSize.Level1)
331 {
332 HapPolicyParams testPolicyParam = {
333 .apl = APL_SYSTEM_BASIC,
334 .domain = "test.domain2",
335 .permStateList = {g_infoManagerTestStateMdm},
336 };
337 g_testHapInfoParams.appDistributionType = "enterprise_mdm";
338 AccessTokenIDEx fullTokenId;
339 int32_t res = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParam, fullTokenId);
340 EXPECT_EQ(RET_SUCCESS, res);
341 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
342 }
343
344 /**
345 * @tc.name: InitHapToken007
346 * @tc.desc:
347 * @tc.type: FUNC
348 * @tc.require: Issue Number
349 */
350 HWTEST_F(AppInstallationOptimizedTest, InitHapToken007, TestSize.Level1)
351 {
352 HapPolicyParams testPolicyParam = {
353 .apl = APL_SYSTEM_BASIC,
354 .domain = "test.domain2",
355 .permStateList = {g_infoManagerTestStateMdm},
356 };
357 g_testHapInfoParams.appDistributionType = "";
358 AccessTokenIDEx fullTokenId;
359 int32_t res = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParam, fullTokenId);
360 EXPECT_EQ(ERR_PERM_REQUEST_CFG_FAILED, res);
361 }
362
363 /**
364 * @tc.name: InitHapToken008
365 * @tc.desc:
366 * @tc.type: FUNC
367 * @tc.require: Issue Number
368 */
369 HWTEST_F(AppInstallationOptimizedTest, InitHapToken008, TestSize.Level1)
370 {
371 HapPolicyParams testPolicyParam = {
372 .apl = APL_SYSTEM_BASIC,
373 .domain = "test.domain2",
374 .permStateList = {g_infoManagerTestStateMdm},
375 };
376 g_testHapInfoParams.appDistributionType = "none";
377 AccessTokenIDEx fullTokenId;
378 int32_t res = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParam, fullTokenId);
379 EXPECT_EQ(RET_SUCCESS, res);
380 }
381
382 /**
383 * @tc.name: InitHapToken009
384 * @tc.desc:
385 * @tc.type: FUNC
386 * @tc.require: Issue Number
387 */
388 HWTEST_F(AppInstallationOptimizedTest, InitHapToken009, TestSize.Level1)
389 {
390 HapPolicyParams testPolicyParam = {
391 .apl = APL_NORMAL,
392 .domain = "test.domain2",
393 .permStateList = {g_infoManagerTestState4},
394 };
395
396 AccessTokenIDEx fullTokenId;
397 int32_t res = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParam, fullTokenId);
398 EXPECT_EQ(ERR_PERM_REQUEST_CFG_FAILED, res);
399 }
400
401 /**
402 * @tc.name: InitHapToken010
403 * @tc.desc:
404 * @tc.type: FUNC
405 * @tc.require: Issue Number
406 */
407 HWTEST_F(AppInstallationOptimizedTest, InitHapToken010, TestSize.Level1)
408 {
409 HapPolicyParams testPolicyParam = {
410 .apl = APL_SYSTEM_BASIC,
411 .domain = "test.domain2",
412 .permStateList = {g_infoManagerTestState4},
413 };
414 g_testHapInfoParams.appDistributionType = "";
415 AccessTokenIDEx fullTokenId;
416 int32_t res = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParam, fullTokenId);
417 EXPECT_EQ(RET_SUCCESS, res);
418 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
419 }
420
421 /**
422 * @tc.name: InitHapToken011
423 * @tc.desc: InitHapToken with dlp type.
424 * @tc.type: FUNC
425 * @tc.require: Issue Number
426 */
427 HWTEST_F(AppInstallationOptimizedTest, InitHapToken011, TestSize.Level1)
428 {
429 HapPolicyParams testPolicyParams = {
430 .apl = APL_SYSTEM_BASIC,
431 .domain = "test.domain2",
432 .permStateList = {g_infoManagerCameraState, g_infoManagerMicrophoneState, g_infoManagerCertState}
433 };
434 AccessTokenIDEx fullTokenId;
435 int32_t res = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParams, fullTokenId);
436 EXPECT_EQ(RET_SUCCESS, res);
437
438 HapInfoParams testHapInfoParams1 = g_testHapInfoParams;
439 testHapInfoParams1.dlpType = DLP_FULL_CONTROL;
440 testHapInfoParams1.instIndex++;
441 AccessTokenIDEx dlpFullTokenId1;
442 res = AccessTokenKit::InitHapToken(testHapInfoParams1, testPolicyParams, dlpFullTokenId1);
443 EXPECT_EQ(RET_SUCCESS, res);
444
445 res = AccessTokenKit::VerifyAccessToken(dlpFullTokenId1.tokenIdExStruct.tokenID, CAMERA_PERMISSION);
446 EXPECT_EQ(res, PERMISSION_DENIED);
447
448 (void)AccessTokenKit::GrantPermission(fullTokenId.tokenIdExStruct.tokenID, CAMERA_PERMISSION, PERMISSION_USER_SET);
449 (void)AccessTokenKit::RevokePermission(
450 fullTokenId.tokenIdExStruct.tokenID, MICROPHONE_PERMISSION, PERMISSION_USER_SET);
451
452 testHapInfoParams1.instIndex++;
453 AccessTokenIDEx dlpFullTokenId2;
454 res = AccessTokenKit::InitHapToken(testHapInfoParams1, testPolicyParams, dlpFullTokenId2);
455 EXPECT_EQ(RET_SUCCESS, res);
456 res = AccessTokenKit::VerifyAccessToken(dlpFullTokenId2.tokenIdExStruct.tokenID, CAMERA_PERMISSION);
457 EXPECT_EQ(res, PERMISSION_GRANTED);
458 res = AccessTokenKit::VerifyAccessToken(dlpFullTokenId1.tokenIdExStruct.tokenID, CAMERA_PERMISSION);
459 EXPECT_EQ(res, PERMISSION_GRANTED);
460
461 std::vector<PermissionStateFull> permStatList1;
462 res = AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, permStatList1, false);
463 ASSERT_EQ(RET_SUCCESS, res);
464 std::vector<PermissionStateFull> permStatList2;
465 res = AccessTokenKit::GetReqPermissions(dlpFullTokenId2.tokenIdExStruct.tokenID, permStatList2, false);
466 ASSERT_EQ(permStatList2.size(), permStatList1.size());
467 EXPECT_EQ(CAMERA_PERMISSION, permStatList2[0].permissionName);
468 EXPECT_EQ(permStatList2[0].grantStatus[0], PERMISSION_GRANTED);
469 EXPECT_EQ(permStatList2[0].grantFlags[0], PERMISSION_USER_SET);
470 EXPECT_EQ(MICROPHONE_PERMISSION, permStatList2[1].permissionName);
471 EXPECT_EQ(permStatList2[1].grantStatus[0], PERMISSION_DENIED);
472 EXPECT_EQ(permStatList2[1].grantFlags[0], PERMISSION_USER_SET);
473 ASSERT_EQ(RET_SUCCESS, res);
474 }
475
476 /**
477 * @tc.name: UpdateHapToken001
478 * @tc.desc:
479 * @tc.type: FUNC
480 * @tc.require: Issue Number
481 */
482 HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken001, TestSize.Level1)
483 {
484 HapPolicyParams testPolicyParams1 = {
485 .apl = APL_NORMAL,
486 .domain = "test.domain2",
487 .permStateList = {g_infoManagerCameraState, g_infoBlueToothManagerState, g_infoManagerCertState}
488 };
489 AccessTokenIDEx fullTokenId;
490 int32_t ret = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParams1, fullTokenId);
491 GTEST_LOG_(INFO) << "tokenID :" << fullTokenId.tokenIdExStruct.tokenID;
492 EXPECT_EQ(RET_SUCCESS, ret);
493 ret = AccessTokenKit::VerifyAccessToken(
494 fullTokenId.tokenIdExStruct.tokenID, CAMERA_PERMISSION);
495 EXPECT_EQ(PERMISSION_DENIED, ret);
496 ret = AccessTokenKit::VerifyAccessToken(
497 fullTokenId.tokenIdExStruct.tokenID, CERT_PERMISSION);
498 EXPECT_EQ(PERMISSION_GRANTED, ret);
499
500 ret = AccessTokenKit::GrantPermission(fullTokenId.tokenIdExStruct.tokenID, CAMERA_PERMISSION, 0);
501 EXPECT_EQ(RET_SUCCESS, ret);
502 ret = AccessTokenKit::VerifyAccessToken(fullTokenId.tokenIdExStruct.tokenID, CAMERA_PERMISSION);
503 EXPECT_EQ(PERMISSION_GRANTED, ret);
504 ret = AccessTokenKit::GrantPermission(
505 fullTokenId.tokenIdExStruct.tokenID, ACCESS_BLUETOOTH_PERMISSION, PERMISSION_SYSTEM_FIXED);
506 EXPECT_EQ(RET_SUCCESS, ret);
507 ret = AccessTokenKit::VerifyAccessToken(
508 fullTokenId.tokenIdExStruct.tokenID, ACCESS_BLUETOOTH_PERMISSION);
509 EXPECT_EQ(PERMISSION_GRANTED, ret);
510
511 UpdateHapInfoParams info;
512 info.appIDDesc = "TEST";
513 info.apiVersion = DEFAULT_API_VERSION;
514 info.isSystemApp = false;
515 HapPolicyParams testPolicyParams2 = {
516 .apl = APL_NORMAL,
517 .domain = "test.domain2",
518 .permStateList = {g_infoManagerCameraState, g_infoBlueToothManagerState, g_infoManagerMicrophoneState}
519 };
520 ret = AccessTokenKit::UpdateHapToken(fullTokenId, info, testPolicyParams2);
521 ASSERT_EQ(RET_SUCCESS, ret);
522 ret = AccessTokenKit::VerifyAccessToken(fullTokenId.tokenIdExStruct.tokenID, CAMERA_PERMISSION);
523 EXPECT_EQ(PERMISSION_GRANTED, ret);
524 ret = AccessTokenKit::VerifyAccessToken(fullTokenId.tokenIdExStruct.tokenID, MICROPHONE_PERMISSION);
525 EXPECT_EQ(PERMISSION_DENIED, ret);
526 ret = AccessTokenKit::VerifyAccessToken(fullTokenId.tokenIdExStruct.tokenID, ACCESS_BLUETOOTH_PERMISSION);
527 EXPECT_EQ(PERMISSION_DENIED, ret);
528 ret = AccessTokenKit::VerifyAccessToken(fullTokenId.tokenIdExStruct.tokenID, CERT_PERMISSION);
529 EXPECT_EQ(PERMISSION_DENIED, ret);
530
531 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
532 }
533
534 /**
535 * @tc.name: UpdateHapToken002
536 * @tc.desc:
537 * @tc.type: FUNC
538 * @tc.require: Issue Number
539 */
540 HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken002, TestSize.Level1)
541 {
542 HapPolicyParams testPolicyParams1 = {
543 .apl = APL_NORMAL,
544 .domain = "test.domain2",
545 .permStateList = {g_infoManagerCameraState}
546 };
547 AccessTokenIDEx fullTokenId;
548 int32_t ret = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParams1, fullTokenId);
549 EXPECT_EQ(RET_SUCCESS, ret);
550 ret = AccessTokenKit::RevokePermission(
551 fullTokenId.tokenIdExStruct.tokenID, CAMERA_PERMISSION, PERMISSION_USER_FIXED);
552 EXPECT_EQ(RET_SUCCESS, ret);
553
554 std::vector<PermissionStateFull> permStatList;
555 int32_t res = AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, permStatList, false);
556 ASSERT_EQ(RET_SUCCESS, res);
557 ASSERT_EQ(static_cast<uint32_t>(1), permStatList.size());
558 ASSERT_EQ(CAMERA_PERMISSION, permStatList[0].permissionName);
559 EXPECT_EQ(permStatList[0].grantStatus[0], PERMISSION_DENIED);
560 EXPECT_EQ(permStatList[0].grantFlags[0], PERMISSION_USER_FIXED);
561
562 UpdateHapInfoParams info;
563 info.appIDDesc = "TEST";
564 info.apiVersion = DEFAULT_API_VERSION;
565 info.isSystemApp = false;
566 HapPolicyParams testPolicyParams2 = {
567 .apl = APL_NORMAL,
568 .domain = "test.domain2",
569 .permStateList = {g_infoManagerCameraState, g_infoManagerMicrophoneState}
570 };
571 ret = AccessTokenKit::UpdateHapToken(fullTokenId, info, testPolicyParams2);
572 ASSERT_EQ(RET_SUCCESS, ret);
573 std::vector<PermissionStateFull> permStatList1;
574 res = AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, permStatList1, false);
575 ASSERT_EQ(RET_SUCCESS, res);
576 ASSERT_EQ(static_cast<uint32_t>(2), permStatList1.size());
577 ASSERT_EQ(CAMERA_PERMISSION, permStatList1[0].permissionName);
578 EXPECT_EQ(permStatList1[0].grantStatus[0], PERMISSION_DENIED);
579 EXPECT_EQ(permStatList1[0].grantFlags[0], PERMISSION_USER_FIXED);
580 ASSERT_EQ(MICROPHONE_PERMISSION, permStatList1[1].permissionName);
581 EXPECT_EQ(permStatList1[1].grantStatus[0], PERMISSION_DENIED);
582 EXPECT_EQ(permStatList1[1].grantFlags[0], PERMISSION_DEFAULT_FLAG);
583
584 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
585 }
586
587 /**
588 * @tc.name: UpdateHapToken003
589 * @tc.desc:
590 * @tc.type: FUNC
591 * @tc.require: Issue Number
592 */
593 HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken003, TestSize.Level1)
594 {
595 HapPolicyParams testPolicyParams1 = {
596 .apl = APL_NORMAL,
597 .domain = "test.domain2",
598 .permStateList = {g_infoManagerCameraState}
599 };
600 AccessTokenIDEx fullTokenId;
601 int32_t ret = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParams1, fullTokenId);
602 GTEST_LOG_(INFO) << "tokenID :" << fullTokenId.tokenIdExStruct.tokenID;
603 EXPECT_EQ(RET_SUCCESS, ret);
604 ret = AccessTokenKit::VerifyAccessToken(
605 fullTokenId.tokenIdExStruct.tokenID, CAMERA_PERMISSION);
606 EXPECT_EQ(PERMISSION_DENIED, ret);
607
608 UpdateHapInfoParams info;
609 info.appIDDesc = "TEST";
610 info.apiVersion = DEFAULT_API_VERSION;
611 info.isSystemApp = false;
612 PreAuthorizationInfo info1 = {
613 .permissionName = MICROPHONE_PERMISSION,
614 .userCancelable = true
615 };
616 HapPolicyParams testPolicyParams2 = {
617 .apl = APL_NORMAL,
618 .domain = "test.domain2",
619 .permStateList = {g_infoManagerCameraState, g_infoManagerMicrophoneState},
620 .preAuthorizationInfo = {info1}
621 };
622 ret = AccessTokenKit::UpdateHapToken(fullTokenId, info, testPolicyParams2);
623 ASSERT_EQ(RET_SUCCESS, ret);
624 std::vector<PermissionStateFull> permStatList1;
625 int32_t res = AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, permStatList1, false);
626 ASSERT_EQ(RET_SUCCESS, res);
627 ASSERT_EQ(static_cast<uint32_t>(2), permStatList1.size());
628 ASSERT_EQ(CAMERA_PERMISSION, permStatList1[0].permissionName);
629 EXPECT_EQ(permStatList1[0].grantStatus[0], PERMISSION_DENIED);
630 EXPECT_EQ(permStatList1[0].grantFlags[0], PERMISSION_DEFAULT_FLAG);
631 ASSERT_EQ(MICROPHONE_PERMISSION, permStatList1[1].permissionName);
632 EXPECT_EQ(permStatList1[1].grantStatus[0], PERMISSION_GRANTED);
633 EXPECT_EQ(permStatList1[1].grantFlags[0], PERMISSION_GRANTED_BY_POLICY);
634
635 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
636 }
637
638 /**
639 * @tc.name: UpdateHapToken004
640 * @tc.desc:
641 * @tc.type: FUNC
642 * @tc.require: Issue Number
643 */
644 HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken004, TestSize.Level1)
645 {
646 HapPolicyParams testPolicyParams1 = {
647 .apl = APL_NORMAL,
648 .domain = "test.domain2",
649 .permStateList = {g_infoManagerCameraState}
650 };
651 AccessTokenIDEx fullTokenId;
652 int32_t ret = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParams1, fullTokenId);
653 GTEST_LOG_(INFO) << "tokenID :" << fullTokenId.tokenIdExStruct.tokenID;
654 EXPECT_EQ(RET_SUCCESS, ret);
655
656 UpdateHapInfoParams info;
657 info.appIDDesc = "TEST";
658 info.apiVersion = DEFAULT_API_VERSION;
659 info.isSystemApp = true;
660 PreAuthorizationInfo info1 = {
661 .permissionName = MICROPHONE_PERMISSION,
662 .userCancelable = false
663 };
664 HapPolicyParams testPolicyParams2 = {
665 .apl = APL_NORMAL,
666 .domain = "test.domain2",
667 .permStateList = {g_infoManagerCameraState, g_infoManagerMicrophoneState},
668 .preAuthorizationInfo = {info1}
669 };
670 ret = AccessTokenKit::UpdateHapToken(fullTokenId, info, testPolicyParams2);
671 ASSERT_EQ(RET_SUCCESS, ret);
672 std::vector<PermissionStateFull> state;
673 int32_t res = AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, state, false);
674 ASSERT_EQ(RET_SUCCESS, res);
675 ASSERT_EQ(static_cast<uint32_t>(2), state.size());
676 ASSERT_EQ(MICROPHONE_PERMISSION, state[1].permissionName);
677 EXPECT_EQ(state[1].grantStatus[0], PERMISSION_GRANTED);
678 EXPECT_EQ(state[1].grantFlags[0], PERMISSION_SYSTEM_FIXED);
679
680 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
681 }
682
683 /**
684 * @tc.name: UpdateHapToken005
685 * @tc.desc:
686 * @tc.type: FUNC
687 * @tc.require: Issue Number
688 */
689 HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken005, TestSize.Level1)
690 {
691 HapPolicyParams testPolicyParam = {
692 .apl = APL_SYSTEM_BASIC,
693 .domain = "test.domain2",
694 .permStateList = {g_infoManagerCameraState}
695 };
696 AccessTokenIDEx fullTokenId;
697 int32_t res = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParam, fullTokenId);
698 EXPECT_EQ(RET_SUCCESS, res);
699
700 HapPolicyParams testPolicyParam2 = {
701 .apl = APL_SYSTEM_BASIC,
702 .domain = "test.domain2",
703 .permStateList = {g_infoManagerCameraState, g_infoManagerTestStateMdm},
704 };
705 UpdateHapInfoParams info = {
706 .appIDDesc = "TEST",
707 .apiVersion = DEFAULT_API_VERSION,
708 .isSystemApp = false
709 };
710 info.appDistributionType = "enterprise_mdm";
711 res = AccessTokenKit::UpdateHapToken(fullTokenId, info, testPolicyParam2);
712 EXPECT_EQ(RET_SUCCESS, res);
713 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
714 }
715
716 /**
717 * @tc.name: UpdateHapToken006
718 * @tc.desc:
719 * @tc.type: FUNC
720 * @tc.require: Issue Number
721 */
722 HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken006, TestSize.Level1)
723 {
724 HapPolicyParams testPolicyParam = {
725 .apl = APL_SYSTEM_BASIC,
726 .domain = "test.domain2",
727 .permStateList = {g_infoManagerCameraState}
728 };
729 AccessTokenIDEx fullTokenId;
730 int32_t res = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParam, fullTokenId);
731 EXPECT_EQ(RET_SUCCESS, res);
732
733 HapPolicyParams testPolicyParam2 = {
734 .apl = APL_SYSTEM_BASIC,
735 .domain = "test.domain2",
736 .permStateList = {g_infoManagerCameraState, g_infoManagerTestStateMdm},
737 };
738 UpdateHapInfoParams info = {
739 .appIDDesc = "TEST",
740 .apiVersion = DEFAULT_API_VERSION,
741 .isSystemApp = false
742 };
743 info.appDistributionType = "";
744 res = AccessTokenKit::UpdateHapToken(fullTokenId, info, testPolicyParam2);
745 EXPECT_EQ(ERR_PERM_REQUEST_CFG_FAILED, res);
746 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
747 }
748
749 /**
750 * @tc.name: UpdateHapToken007
751 * @tc.desc:
752 * @tc.type: FUNC
753 * @tc.require: Issue Number
754 */
755 HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken007, TestSize.Level1)
756 {
757 HapPolicyParams testPolicyParam = {
758 .apl = APL_SYSTEM_BASIC,
759 .domain = "test.domain2",
760 .permStateList = {g_infoManagerCameraState}
761 };
762 AccessTokenIDEx fullTokenId;
763 int32_t res = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParam, fullTokenId);
764 EXPECT_EQ(RET_SUCCESS, res);
765
766 HapPolicyParams testPolicyParam2 = {
767 .apl = APL_SYSTEM_BASIC,
768 .domain = "test.domain2",
769 .permStateList = {g_infoManagerCameraState, g_infoManagerTestStateMdm},
770 };
771 UpdateHapInfoParams info = {
772 .appIDDesc = "TEST",
773 .apiVersion = DEFAULT_API_VERSION,
774 .isSystemApp = false
775 };
776 info.appDistributionType = "none";
777 res = AccessTokenKit::UpdateHapToken(fullTokenId, info, testPolicyParam2);
778 EXPECT_EQ(RET_SUCCESS, res);
779 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
780 }
781
782 /**
783 * @tc.name: UpdateHapToken008
784 * @tc.desc:
785 * @tc.type: FUNC
786 * @tc.require: Issue Number
787 */
788 HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken008, TestSize.Level1)
789 {
790 HapPolicyParams testPolicyParam = {
791 .apl = APL_NORMAL,
792 .domain = "test.domain2",
793 .permStateList = {g_infoManagerCameraState}
794 };
795 AccessTokenIDEx fullTokenId;
796 int32_t res = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParam, fullTokenId);
797 EXPECT_EQ(RET_SUCCESS, res);
798
799 HapPolicyParams testPolicyParam2 = {
800 .apl = APL_SYSTEM_BASIC,
801 .domain = "test.domain2",
802 .permStateList = {g_infoManagerCameraState, g_infoManagerTestState4},
803 };
804 UpdateHapInfoParams info = {
805 .appIDDesc = "TEST",
806 .apiVersion = DEFAULT_API_VERSION,
807 .isSystemApp = true
808 };
809 res = AccessTokenKit::UpdateHapToken(fullTokenId, info, testPolicyParam2);
810 EXPECT_EQ(RET_SUCCESS, res);
811 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
812 }
813
814 /**
815 * @tc.name: UpdateHapToken009
816 * @tc.desc:
817 * @tc.type: FUNC
818 * @tc.require: Issue Number
819 */
820 HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken009, TestSize.Level1)
821 {
822 HapPolicyParams testPolicyParam = {
823 .apl = APL_NORMAL,
824 .domain = "test.domain2",
825 .permStateList = {g_infoManagerCameraState}
826 };
827 AccessTokenIDEx fullTokenId;
828 int32_t res = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParam, fullTokenId);
829 EXPECT_EQ(RET_SUCCESS, res);
830
831 HapPolicyParams testPolicyParam1 = {
832 .apl = APL_NORMAL,
833 .domain = "test.domain2",
834 .permStateList = {g_infoManagerCameraState, g_infoManagerTestState4},
835 };
836 UpdateHapInfoParams info = {
837 .appIDDesc = "TEST",
838 .apiVersion = DEFAULT_API_VERSION,
839 .isSystemApp = true
840 };
841 res = AccessTokenKit::UpdateHapToken(fullTokenId, info, testPolicyParam1);
842 EXPECT_NE(RET_SUCCESS, res);
843 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
844 }
845
846 /**
847 * @tc.name: UpdateHapToken010
848 * @tc.desc:
849 * @tc.type: FUNC
850 * @tc.require: Issue Number
851 */
852 HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken010, TestSize.Level1)
853 {
854 HapPolicyParams testPolicyParams1 = {
855 .apl = APL_NORMAL,
856 .domain = "test.domain2",
857 .permStateList = {g_infoManagerCameraState}
858 };
859 AccessTokenIDEx fullTokenId;
860 int32_t ret = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParams1, fullTokenId);
861 GTEST_LOG_(INFO) << "tokenID :" << fullTokenId.tokenIdExStruct.tokenID;
862 EXPECT_EQ(RET_SUCCESS, ret);
863
864 UpdateHapInfoParams info;
865 info.appIDDesc = "TEST";
866 info.apiVersion = DEFAULT_API_VERSION;
867 info.isSystemApp = true;
868 PreAuthorizationInfo info1 = {
869 .permissionName = CAMERA_PERMISSION,
870 .userCancelable = false
871 };
872 HapPolicyParams testPolicyParams2 = {
873 .apl = APL_NORMAL,
874 .domain = "test.domain2",
875 .permStateList = {g_infoManagerCameraState},
876 .preAuthorizationInfo = {info1}
877 };
878 ret = AccessTokenKit::UpdateHapToken(fullTokenId, info, testPolicyParams2);
879 ASSERT_EQ(RET_SUCCESS, ret);
880 std::vector<PermissionStateFull> state;
881 int32_t res = AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, state, false);
882 ASSERT_EQ(RET_SUCCESS, res);
883 ASSERT_EQ(static_cast<uint32_t>(1), state.size());
884 ASSERT_EQ(CAMERA_PERMISSION, state[0].permissionName);
885 EXPECT_EQ(state[0].grantStatus[0], PERMISSION_GRANTED);
886 EXPECT_EQ(state[0].grantFlags[0], PERMISSION_SYSTEM_FIXED);
887
888 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
889 }
890
891 /**
892 * @tc.name: UpdateHapToken011
893 * @tc.desc: app user_grant permission has not been operated, update with pre-authorization
894 * @tc.type: FUNC
895 * @tc.require: Issue Number
896 */
897 HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken011, TestSize.Level1)
898 {
899 HapPolicyParams testPolicyParams1 = {
900 .apl = APL_NORMAL,
901 .domain = "test.domain2",
902 .permStateList = {g_infoManagerCameraState}
903 };
904 AccessTokenIDEx fullTokenId;
905 int32_t ret = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParams1, fullTokenId);
906 GTEST_LOG_(INFO) << "tokenID :" << fullTokenId.tokenIdExStruct.tokenID;
907 EXPECT_EQ(RET_SUCCESS, ret);
908
909 UpdateHapInfoParams info;
910 info.appIDDesc = "TEST";
911 info.apiVersion = DEFAULT_API_VERSION;
912 info.isSystemApp = true;
913 PreAuthorizationInfo info1 = {
914 .permissionName = CAMERA_PERMISSION,
915 .userCancelable = false
916 };
917 HapPolicyParams testPolicyParams2 = {
918 .apl = APL_NORMAL,
919 .domain = "test.domain2",
920 .permStateList = {g_infoManagerCameraState},
921 .preAuthorizationInfo = {info1}
922 };
923 ret = AccessTokenKit::UpdateHapToken(fullTokenId, info, testPolicyParams2);
924 ASSERT_EQ(RET_SUCCESS, ret);
925 std::vector<PermissionStateFull> state;
926 int32_t res = AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, state, false);
927 ASSERT_EQ(RET_SUCCESS, res);
928 ASSERT_EQ(static_cast<uint32_t>(1), state.size());
929 ASSERT_EQ(CAMERA_PERMISSION, state[0].permissionName);
930 EXPECT_EQ(state[0].grantStatus[0], PERMISSION_GRANTED);
931 EXPECT_EQ(state[0].grantFlags[0], PERMISSION_SYSTEM_FIXED);
932
933 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
934 }
935
936 /**
937 * @tc.name: UpdateHapToken012
938 * @tc.desc: app user_grant permission has been granted or revoked by user, update with pre-authorization
939 * @tc.type: FUNC
940 * @tc.require: Issue Number
941 */
942 HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken012, TestSize.Level1)
943 {
944 HapPolicyParams testPolicyParams1 = {
945 .apl = APL_NORMAL,
946 .domain = "test.domain2",
947 .permStateList = {g_infoManagerCameraState, g_infoManagerMicrophoneState}
948 };
949 AccessTokenIDEx fullTokenId;
950 int32_t ret = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParams1, fullTokenId);
951 EXPECT_EQ(RET_SUCCESS, ret);
952
953 ret = AccessTokenKit::GrantPermission(
954 fullTokenId.tokenIdExStruct.tokenID, CAMERA_PERMISSION, PERMISSION_USER_FIXED);
955 EXPECT_EQ(RET_SUCCESS, ret);
956 ret = AccessTokenKit::RevokePermission(
957 fullTokenId.tokenIdExStruct.tokenID, MICROPHONE_PERMISSION, PERMISSION_USER_FIXED);
958 EXPECT_EQ(RET_SUCCESS, ret);
959
960 UpdateHapInfoParams info;
961 info.appIDDesc = "TEST";
962 info.apiVersion = DEFAULT_API_VERSION;
963 info.isSystemApp = true;
964 PreAuthorizationInfo info1 = {
965 .permissionName = CAMERA_PERMISSION,
966 .userCancelable = false
967 };
968 PreAuthorizationInfo info2 = {
969 .permissionName = MICROPHONE_PERMISSION,
970 .userCancelable = false
971 };
972 HapPolicyParams testPolicyParams2 = {
973 .apl = APL_NORMAL,
974 .domain = "test.domain2",
975 .permStateList = {g_infoManagerCameraState, g_infoManagerMicrophoneState},
976 .preAuthorizationInfo = {info1, info2}
977 };
978 ret = AccessTokenKit::UpdateHapToken(fullTokenId, info, testPolicyParams2);
979 ASSERT_EQ(RET_SUCCESS, ret);
980 std::vector<PermissionStateFull> state;
981 AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, state, false);
982 ASSERT_EQ(static_cast<uint32_t>(2), state.size());
983 ASSERT_EQ(CAMERA_PERMISSION, state[0].permissionName);
984 EXPECT_EQ(state[0].grantStatus[0], PERMISSION_GRANTED);
985 EXPECT_EQ(state[0].grantFlags[0], PERMISSION_USER_FIXED);
986 ASSERT_EQ(MICROPHONE_PERMISSION, state[1].permissionName);
987 EXPECT_EQ(state[1].grantStatus[0], PERMISSION_DENIED);
988 EXPECT_EQ(state[1].grantFlags[0], PERMISSION_USER_FIXED);
989
990 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
991 }
992
993
994 /**
995 * @tc.name: UpdateHapToken013
996 * @tc.desc: app user_grant permission has been pre-authorized with
997 * userUnCancelable flag, update with userCancelable pre-authorization
998 * @tc.type: FUNC
999 * @tc.require: Issue Number
1000 */
1001 HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken013, TestSize.Level1)
1002 {
1003 PreAuthorizationInfo info1 = {
1004 .permissionName = CAMERA_PERMISSION,
1005 .userCancelable = false
1006 };
1007 PreAuthorizationInfo info2 = {
1008 .permissionName = MICROPHONE_PERMISSION,
1009 .userCancelable = false
1010 };
1011 HapPolicyParams testPolicyParams1 = {
1012 .apl = APL_NORMAL,
1013 .domain = "test.domain2",
1014 .permStateList = {g_infoManagerCameraState, g_infoManagerMicrophoneState},
1015 .preAuthorizationInfo = {info1, info2}
1016 };
1017 AccessTokenIDEx fullTokenId;
1018 int32_t ret = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParams1, fullTokenId);
1019 EXPECT_EQ(RET_SUCCESS, ret);
1020
1021 ret = AccessTokenKit::GrantPermission(
1022 fullTokenId.tokenIdExStruct.tokenID, CAMERA_PERMISSION, PERMISSION_USER_FIXED);
1023 EXPECT_NE(RET_SUCCESS, ret);
1024 ret = AccessTokenKit::RevokePermission(
1025 fullTokenId.tokenIdExStruct.tokenID, MICROPHONE_PERMISSION, PERMISSION_USER_FIXED);
1026 EXPECT_NE(RET_SUCCESS, ret);
1027
1028 UpdateHapInfoParams info;
1029 info.appIDDesc = "TEST";
1030 info.apiVersion = DEFAULT_API_VERSION;
1031 info.isSystemApp = true;
1032 info1.userCancelable = true;
1033 testPolicyParams1.preAuthorizationInfo = {info1};
1034
1035 ret = AccessTokenKit::UpdateHapToken(fullTokenId, info, testPolicyParams1);
1036 ASSERT_EQ(RET_SUCCESS, ret);
1037 std::vector<PermissionStateFull> state;
1038 AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, state, false);
1039 ASSERT_EQ(static_cast<uint32_t>(2), state.size());
1040 EXPECT_EQ(state[0].grantStatus[0], PERMISSION_GRANTED);
1041 EXPECT_EQ(state[0].grantFlags[0], PERMISSION_GRANTED_BY_POLICY);
1042 EXPECT_EQ(state[1].grantStatus[0], PERMISSION_DENIED);
1043 EXPECT_EQ(state[1].grantFlags[0], PERMISSION_DEFAULT_FLAG);
1044
1045 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
1046 }
1047
1048 /**
1049 * @tc.name: UpdateHapToken014
1050 * @tc.desc: app user_grant permission has been pre-authorized with userCancelable flag,
1051 * update with userCancelable pre-authorization
1052 * @tc.type: FUNC
1053 * @tc.require: Issue Number
1054 */
1055 HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken014, TestSize.Level1)
1056 {
1057 PreAuthorizationInfo info1 = {
1058 .permissionName = CAMERA_PERMISSION,
1059 .userCancelable = true
1060 };
1061 PreAuthorizationInfo info2 = {
1062 .permissionName = MICROPHONE_PERMISSION,
1063 .userCancelable = true
1064 };
1065 HapPolicyParams testPolicyParams1 = {
1066 .apl = APL_NORMAL,
1067 .domain = "test.domain2",
1068 .permStateList = {g_infoManagerCameraState, g_infoManagerMicrophoneState},
1069 .preAuthorizationInfo = {info1, info2}
1070 };
1071 AccessTokenIDEx fullTokenId;
1072 int32_t ret = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParams1, fullTokenId);
1073 EXPECT_EQ(RET_SUCCESS, ret);
1074
1075 ret = AccessTokenKit::RevokePermission(
1076 fullTokenId.tokenIdExStruct.tokenID, MICROPHONE_PERMISSION, PERMISSION_USER_FIXED);
1077 EXPECT_EQ(RET_SUCCESS, ret);
1078
1079 UpdateHapInfoParams info;
1080 info.appIDDesc = "TEST";
1081 info.apiVersion = DEFAULT_API_VERSION;
1082 info.isSystemApp = true;
1083 info1.userCancelable = false;
1084 testPolicyParams1.preAuthorizationInfo = {info1};
1085
1086 ret = AccessTokenKit::UpdateHapToken(fullTokenId, info, testPolicyParams1);
1087 ASSERT_EQ(RET_SUCCESS, ret);
1088 std::vector<PermissionStateFull> state;
1089 AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, state, false);
1090 ASSERT_EQ(static_cast<uint32_t>(2), state.size());
1091 EXPECT_EQ(state[0].grantStatus[0], PERMISSION_GRANTED);
1092 EXPECT_EQ(state[0].grantFlags[0], PERMISSION_SYSTEM_FIXED);
1093 EXPECT_EQ(state[1].grantStatus[0], PERMISSION_DENIED);
1094 EXPECT_EQ(state[1].grantFlags[0], PERMISSION_USER_FIXED | PERMISSION_GRANTED_BY_POLICY);
1095
1096 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
1097 }
1098
1099 /**
1100 * @tc.name: InitHapTokenAbnormal001
1101 * @tc.desc:
1102 * @tc.type: FUNC
1103 * @tc.require: Issue Number
1104 */
1105 HWTEST_F(AppInstallationOptimizedTest, InitHapTokenAbnormal001, TestSize.Level1)
1106 {
1107 HapPolicyParams testPolicyParam = {
1108 .apl = APL_NORMAL,
1109 .domain = "test.domain2",
1110 .permStateList = {g_infoManagerCameraState},
1111 .aclRequestedList = {}
1112 };
1113 for (uint32_t i = 0; i < MAX_PERM_LIST_SIZE; i++) {
1114 testPolicyParam.aclRequestedList.emplace_back("ohos.permission.CAMERA");
1115 }
1116 AccessTokenIDEx fullTokenId;
1117 int32_t res = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParam, fullTokenId);
1118 EXPECT_EQ(RET_SUCCESS, res);
1119 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
1120 testPolicyParam.aclRequestedList.emplace_back("ohos.permission.CAMERA");
1121
1122 res = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParam, fullTokenId);
1123 EXPECT_NE(RET_SUCCESS, res);
1124 }
1125
1126 /**
1127 * @tc.name: InitHapTokenAbnormal002
1128 * @tc.desc:
1129 * @tc.type: FUNC
1130 * @tc.require: Issue Number
1131 */
1132 HWTEST_F(AppInstallationOptimizedTest, InitHapTokenAbnormal002, TestSize.Level1)
1133 {
1134 HapPolicyParams testPolicyParam = {
1135 .apl = APL_NORMAL,
1136 .domain = "test.domain2",
1137 .permStateList = {g_infoManagerCameraState},
1138 .aclRequestedList = {},
1139 };
1140 PreAuthorizationInfo info = {
1141 .permissionName = MICROPHONE_PERMISSION,
1142 .userCancelable = false
1143 };
1144 for (uint32_t i = 0; i < MAX_PERM_LIST_SIZE; i++) {
1145 testPolicyParam.preAuthorizationInfo.emplace_back(info);
1146 }
1147 AccessTokenIDEx fullTokenId;
1148 int32_t res = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParam, fullTokenId);
1149 EXPECT_EQ(RET_SUCCESS, res);
1150 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID));
1151 testPolicyParam.preAuthorizationInfo.emplace_back(info);
1152
1153 res = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParam, fullTokenId);
1154 EXPECT_NE(RET_SUCCESS, res);
1155 }
1156
1157 /**
1158 * @tc.name: InitHapTokenAbnormal003
1159 * @tc.desc:
1160 * @tc.type: FUNC
1161 * @tc.require: Issue Number
1162 */
1163 HWTEST_F(AppInstallationOptimizedTest, InitHapTokenAbnormal003, TestSize.Level1)
1164 {
1165 HapInfoParams testHapInfoParams = g_testHapInfoParams;
1166 HapPolicyParams testPolicyParam = {
1167 .apl = APL_NORMAL,
1168 .domain = "test.domain2",
1169 .permStateList = {g_infoManagerCameraState},
1170 .aclRequestedList = {},
1171 .preAuthorizationInfo = {}
1172 };
1173
1174 // invalid userID
1175 testHapInfoParams.userID = -1;
1176 AccessTokenIDEx fullTokenId;
1177 int32_t res = AccessTokenKit::InitHapToken(testHapInfoParams, testPolicyParam, fullTokenId);
1178 EXPECT_NE(RET_SUCCESS, res);
1179 testHapInfoParams.userID = g_testHapInfoParams.userID;
1180
1181 // invalid bundleName
1182 testHapInfoParams.bundleName = "";
1183 res = AccessTokenKit::InitHapToken(testHapInfoParams, testPolicyParam, fullTokenId);
1184 EXPECT_NE(RET_SUCCESS, res);
1185 testHapInfoParams.bundleName = g_testHapInfoParams.bundleName;
1186
1187 // invalid dlpType
1188 testHapInfoParams.dlpType = -1;
1189 res = AccessTokenKit::InitHapToken(testHapInfoParams, testPolicyParam, fullTokenId);
1190 EXPECT_NE(RET_SUCCESS, res);
1191 testHapInfoParams.dlpType = g_testHapInfoParams.dlpType;
1192
1193 int32_t invalidAppIdLen = 10241; // 10241 is invalid appid length
1194 // invalid dlpType
1195 std::string invalidAppIDDesc (invalidAppIdLen, 'x');
1196 testHapInfoParams.appIDDesc = invalidAppIDDesc;
1197 res = AccessTokenKit::InitHapToken(testHapInfoParams, testPolicyParam, fullTokenId);
1198 EXPECT_NE(RET_SUCCESS, res);
1199 testHapInfoParams.appIDDesc = g_testHapInfoParams.appIDDesc;
1200 }
1201
1202 /**
1203 * @tc.name: InitHapTokenAbnormal004
1204 * @tc.desc:
1205 * @tc.type: FUNC
1206 * @tc.require: Issue Number
1207 */
1208 HWTEST_F(AppInstallationOptimizedTest, InitHapTokenAbnormal004, TestSize.Level1)
1209 {
1210 HapInfoParams testHapInfoParams = g_testHapInfoParams;
1211 HapPolicyParams testPolicyParam = g_testPolicyParams;
1212
1213 // invalid apl 8
1214 testPolicyParam.apl = static_cast<AccessToken::TypeATokenAplEnum>(8);
1215 AccessTokenIDEx fullTokenId;
1216 int32_t res = AccessTokenKit::InitHapToken(testHapInfoParams, testPolicyParam, fullTokenId);
1217 EXPECT_NE(RET_SUCCESS, res);
1218 testPolicyParam.apl = g_testPolicyParams.apl;
1219
1220 // invalid domain 1025
1221 const static int32_t MAX_DCAP_LENGTH = 1025;
1222 std::string invalidDomain (MAX_DCAP_LENGTH, 'x');
1223 testPolicyParam.domain = invalidDomain;
1224 res = AccessTokenKit::InitHapToken(testHapInfoParams, testPolicyParam, fullTokenId);
1225 EXPECT_NE(RET_SUCCESS, res);
1226 testPolicyParam.domain = g_testPolicyParams.domain;
1227 }
1228
1229 } // namespace AccessToken
1230 } // namespace Security
1231 } // namespace OHOS
1232