1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "security_component_grant_test.h"
17 #include <thread>
18
19 #include "accesstoken_kit.h"
20 #include "access_token_error.h"
21 #include "permission_grant_info.h"
22 #include "nativetoken_kit.h"
23 #include "token_setproc.h"
24
25 using namespace testing::ext;
26 using namespace OHOS::Security::AccessToken;
27
28 namespace {
29 static const std::string TEST_BUNDLE_NAME = "ohos";
30 static const std::string TEST_PKG_NAME = "com.softbus.test";
31 static const std::string TEST_PERMISSION = "ohos.permission.DISTRIBUTED_DATASYNC";
32 static const std::string TEST_PERMISSION_NOT_REQUESTED = "ohos.permission.GRANT_SENSITIVE_PERMISSIONS";
33 static const int TEST_USER_ID = 0;
34
35 PermissionStateFull g_infoManagerTestState1 = {
36 .permissionName = TEST_PERMISSION,
37 .isGeneral = true,
38 .resDeviceID = {"local5"},
39 .grantStatus = {PermissionState::PERMISSION_DENIED},
40 .grantFlags = {0},
41 };
42
43 HapInfoParams g_infoManagerTestInfoParms = {
44 .userID = 1,
45 .bundleName = "accesstoken_test",
46 .instIndex = 0,
47 .appIDDesc = "test5"
48 };
49
50 HapPolicyParams g_infoManagerTestPolicyPrams = {
51 .apl = APL_NORMAL,
52 .domain = "test.domain5",
53 .permList = {},
54 .permStateList = {g_infoManagerTestState1}
55 };
56
NativeTokenGet()57 void NativeTokenGet()
58 {
59 uint64_t fullTokenId;
60 const char **perms = new const char *[4];
61 perms[0] = "ohos.permission.DISTRIBUTED_DATASYNC";
62 perms[2] = "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS"; // 2 means the index.
63 perms[1] = "ohos.permission.GRANT_SENSITIVE_PERMISSIONS";
64 perms[3] = "ohos.permission.GET_SENSITIVE_PERMISSIONS"; // 3 means the index.
65
66 NativeTokenInfoParams infoInstance = {
67 .dcapsNum = 0,
68 .permsNum = 4,
69 .aclsNum = 0,
70 .dcaps = nullptr,
71 .perms = perms,
72 .acls = nullptr,
73 .aplStr = "system_core",
74 };
75
76 infoInstance.processName = "TestCase";
77 fullTokenId = GetAccessTokenId(&infoInstance);
78 EXPECT_EQ(0, SetSelfTokenID(fullTokenId));
79 AccessTokenKit::ReloadNativeTokenInfo();
80 delete[] perms;
81 }
82 }
83
SetUpTestCase()84 void SecurityComponentGrantTest::SetUpTestCase()
85 {
86 // make test case clean
87 AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID,
88 g_infoManagerTestInfoParms.bundleName,
89 g_infoManagerTestInfoParms.instIndex);
90 AccessTokenKit::DeleteToken(tokenID);
91
92 tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
93 AccessTokenKit::DeleteToken(tokenID);
94
95 NativeTokenGet();
96 }
97
TearDownTestCase()98 void SecurityComponentGrantTest::TearDownTestCase()
99 {
100 }
101
SetUp()102 void SecurityComponentGrantTest::SetUp()
103 {
104 selfTokenId_ = GetSelfTokenID();
105 }
106
TearDown()107 void SecurityComponentGrantTest::TearDown()
108 {
109 EXPECT_EQ(0, SetSelfTokenID(selfTokenId_));
110 }
111
DeleteTestToken() const112 void SecurityComponentGrantTest::DeleteTestToken() const
113 {
114 }
115
AllocTestToken() const116 AccessTokenID SecurityComponentGrantTest::AllocTestToken() const
117 {
118 AccessTokenIDEx tokenIdEx = {0};
119 tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams);
120 return tokenIdEx.tokenIdExStruct.tokenID;
121 }
122
123 /**
124 * @tc.name: SecurityComponentGrantTest001
125 * @tc.desc: test security component grant when user has not operated.
126 * @tc.type: FUNC
127 * @tc.require:Issue Number
128 */
129 HWTEST_F(SecurityComponentGrantTest, SecurityComponentGrantTest001, TestSize.Level1)
130 {
131 AccessTokenID tokenID = AllocTestToken();
132 ASSERT_NE(tokenID, INVALID_TOKENID);
133 int32_t status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
134 ASSERT_EQ(status, PERMISSION_DENIED);
135 int32_t res = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
136 ASSERT_EQ(res, RET_SUCCESS);
137 uint32_t flag;
138 res = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION, flag);
139 ASSERT_EQ(res, RET_SUCCESS);
140 ASSERT_NE(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
141
142 status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
143 ASSERT_EQ(status, PERMISSION_GRANTED);
144
145 res = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
146 ASSERT_EQ(res, RET_SUCCESS);
147 status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
148 ASSERT_EQ(status, PERMISSION_DENIED);
149 res = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION, flag);
150 ASSERT_EQ(res, RET_SUCCESS);
151 ASSERT_EQ(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
152 res = AccessTokenKit::DeleteToken(tokenID);
153 ASSERT_EQ(res, RET_SUCCESS);
154 }
155
156 /**
157 * @tc.name: SecurityComponentGrantTest002
158 * @tc.desc: test security component grant when user has granted.
159 * @tc.type: FUNC
160 * @tc.require:Issue Number
161 */
162 HWTEST_F(SecurityComponentGrantTest, SecurityComponentGrantTest002, TestSize.Level1)
163 {
164 AccessTokenID tokenID = AllocTestToken();
165 ASSERT_NE(tokenID, INVALID_TOKENID);
166
167 // user grant
168 int32_t res = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION, PERMISSION_USER_FIXED);
169 ASSERT_EQ(res, RET_SUCCESS);
170
171 // security component grant
172 res = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
173 ASSERT_EQ(res, RET_SUCCESS);
174 int32_t status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
175 ASSERT_EQ(status, PERMISSION_GRANTED);
176 uint32_t flag;
177 res = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION, flag);
178 ASSERT_EQ(res, RET_SUCCESS);
179 ASSERT_EQ(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
180
181 // security component revoke
182 res = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
183 ASSERT_EQ(res, RET_SUCCESS);
184 status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
185 ASSERT_EQ(status, PERMISSION_GRANTED);
186 res = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION, flag);
187 ASSERT_EQ(res, RET_SUCCESS);
188 ASSERT_EQ(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
189 res = AccessTokenKit::DeleteToken(tokenID);
190 ASSERT_EQ(res, RET_SUCCESS);
191 }
192
193 /**
194 * @tc.name: SecurityComponentGrantTest003
195 * @tc.desc: test security component grant when system has operated.
196 * @tc.type: FUNC
197 * @tc.require:Issue Number
198 */
199 HWTEST_F(SecurityComponentGrantTest, SecurityComponentGrantTest003, TestSize.Level1)
200 {
201 AccessTokenID tokenID = AllocTestToken();
202 ASSERT_NE(tokenID, INVALID_TOKENID);
203
204 // system grant
205 int32_t res = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION, PERMISSION_GRANTED_BY_POLICY);
206 ASSERT_EQ(res, RET_SUCCESS);
207
208 // security component grant
209 res = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
210 ASSERT_EQ(res, RET_SUCCESS);
211 int32_t status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
212 ASSERT_EQ(status, PERMISSION_GRANTED);
213 uint32_t flag;
214 AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION, flag);
215 ASSERT_EQ(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
216
217 // security component revoke
218 res = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
219 ASSERT_EQ(res, RET_SUCCESS);
220 status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
221 ASSERT_EQ(status, PERMISSION_GRANTED);
222 res = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION, flag);
223 ASSERT_EQ(res, RET_SUCCESS);
224 ASSERT_EQ(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
225
226 res = AccessTokenKit::DeleteToken(tokenID);
227 ASSERT_EQ(res, RET_SUCCESS);
228 }
229
230 /**
231 * @tc.name: SecurityComponentGrantTest004
232 * @tc.desc: test security component grant when user has revoked.
233 * @tc.type: FUNC
234 * @tc.require:Issue Number
235 */
236 HWTEST_F(SecurityComponentGrantTest, SecurityComponentGrantTest004, TestSize.Level1)
237 {
238 AccessTokenID tokenID = AllocTestToken();
239 ASSERT_NE(tokenID, INVALID_TOKENID);
240
241 // user revoke
242 int32_t res = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION, PERMISSION_USER_FIXED);
243 ASSERT_EQ(res, RET_SUCCESS);
244 // security component grant
245 res = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
246 ASSERT_NE(res, RET_SUCCESS);
247 int32_t status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
248 ASSERT_EQ(status, PERMISSION_DENIED);
249
250 uint32_t flag;
251 res = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION, flag);
252 ASSERT_EQ(res, RET_SUCCESS);
253 ASSERT_EQ(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
254
255 // security component revoke
256 res = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
257 ASSERT_EQ(res, RET_SUCCESS);
258 status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
259 ASSERT_EQ(status, PERMISSION_DENIED);
260 AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION, flag);
261 ASSERT_EQ(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
262
263 res = AccessTokenKit::DeleteToken(tokenID);
264 ASSERT_EQ(res, RET_SUCCESS);
265 }
266
267 /**
268 * @tc.name: SecurityComponentGrantTest005
269 * @tc.desc: test user has grant after security component grant.
270 * @tc.type: FUNC
271 * @tc.require:Issue Number
272 */
273 HWTEST_F(SecurityComponentGrantTest, SecurityComponentGrantTest005, TestSize.Level1)
274 {
275 AccessTokenID tokenID = AllocTestToken();
276 ASSERT_NE(tokenID, INVALID_TOKENID);
277
278 // security component grant
279 int32_t res = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
280 ASSERT_EQ(res, RET_SUCCESS);
281 int32_t status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
282 ASSERT_EQ(status, PERMISSION_GRANTED);
283
284 // user grant
285 uint32_t flag;
286 res = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION, flag);
287 ASSERT_EQ(res, RET_SUCCESS);
288 ASSERT_NE(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
289 res = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION, PERMISSION_USER_FIXED);
290 ASSERT_EQ(res, RET_SUCCESS);
291 AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION, flag);
292 ASSERT_EQ(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
293
294 // security component revoke
295 res = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
296 ASSERT_EQ(res, RET_SUCCESS);
297 status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
298 ASSERT_EQ(status, PERMISSION_GRANTED);
299
300 res = AccessTokenKit::DeleteToken(tokenID);
301 ASSERT_EQ(res, RET_SUCCESS);
302 }
303
304 /**
305 * @tc.name: SecurityComponentGrantTest006
306 * @tc.desc: test user has revoked after security component grant.
307 * @tc.type: FUNC
308 * @tc.require:Issue Number
309 */
310 HWTEST_F(SecurityComponentGrantTest, SecurityComponentGrantTest006, TestSize.Level1)
311 {
312 AccessTokenID tokenID = AllocTestToken();
313 ASSERT_NE(tokenID, INVALID_TOKENID);
314
315 // security component grant
316 int32_t res = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
317 ASSERT_EQ(res, RET_SUCCESS);
318 int32_t status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
319 ASSERT_EQ(status, PERMISSION_GRANTED);
320
321 uint32_t flag;
322 res = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION, flag);
323 ASSERT_EQ(res, RET_SUCCESS);
324 ASSERT_NE(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
325
326 // user revoke
327 res = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION, PERMISSION_USER_FIXED);
328 ASSERT_EQ(res, RET_SUCCESS);
329 status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
330 ASSERT_EQ(status, PERMISSION_DENIED);
331 AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION, flag);
332 ASSERT_EQ(((static_cast<uint32_t>(flag)) & PERMISSION_COMPONENT_SET), 0);
333
334 // security component revoke
335 res = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
336 ASSERT_EQ(res, RET_SUCCESS);
337 status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
338 ASSERT_EQ(status, PERMISSION_DENIED);
339
340 res = AccessTokenKit::DeleteToken(tokenID);
341 ASSERT_EQ(res, RET_SUCCESS);
342 }
343
344 /**
345 * @tc.name: SecurityComponentGrantTest007
346 * @tc.desc: test permission pop-up after security component grant.
347 * @tc.type: FUNC
348 * @tc.require:Issue Number
349 */
350 HWTEST_F(SecurityComponentGrantTest, SecurityComponentGrantTest007, TestSize.Level1)
351 {
352 AccessTokenID tokenID = AllocTestToken();
353 ASSERT_NE(tokenID, INVALID_TOKENID);
354 AccessTokenID nativeTokenID = GetSelfTokenID();
355 // security component grant
356 int32_t res = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
357 ASSERT_EQ(res, RET_SUCCESS);
358 int32_t status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
359 ASSERT_EQ(status, PERMISSION_GRANTED);
360
361 PermissionOper result;
362 PermissionListState perm1 = {
363 .permissionName = TEST_PERMISSION,
364 .state = SETTING_OPER,
365 };
366 std::vector<PermissionListState> permList;
367 permList.emplace_back(perm1);
368 // check to pop up
369 EXPECT_EQ(0, SetSelfTokenID(tokenID));
370 PermissionGrantInfo info;
371 result = AccessTokenKit::GetSelfPermissionsState(permList, info);
372 ASSERT_EQ(result, DYNAMIC_OPER);
373
374 // check not to pop up
375 EXPECT_EQ(0, SetSelfTokenID(nativeTokenID));
376 AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION, PERMISSION_USER_FIXED);
377
378 EXPECT_EQ(0, SetSelfTokenID(tokenID));
379 result = AccessTokenKit::GetSelfPermissionsState(permList, info);
380 ASSERT_EQ(result, PASS_OPER);
381
382 // security component revoke
383 EXPECT_EQ(0, SetSelfTokenID(nativeTokenID));
384 AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
385
386 res = AccessTokenKit::DeleteToken(tokenID);
387 ASSERT_EQ(res, RET_SUCCESS);
388 }
389
390 /**
391 * @tc.name: SecurityComponentGrantTest008
392 * @tc.desc: test permission pop-up after security component grant.
393 * @tc.type: FUNC
394 * @tc.require:Issue Number
395 */
396 HWTEST_F(SecurityComponentGrantTest, SecurityComponentGrantTest008, TestSize.Level1)
397 {
398 AccessTokenID tokenID = AllocTestToken();
399 ASSERT_NE(tokenID, INVALID_TOKENID);
400
401 // security component grant
402 int32_t res = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
403 ASSERT_EQ(res, RET_SUCCESS);
404 int32_t status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION, false);
405 ASSERT_EQ(status, PERMISSION_GRANTED);
406
407 // security component grant repeat
408 res = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
409 ASSERT_EQ(res, RET_SUCCESS);
410
411 // security component revoke
412 res = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
413 ASSERT_EQ(res, RET_SUCCESS);
414
415 // security component revoke repeat
416 res = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
417 ASSERT_EQ(res, RET_SUCCESS);
418
419 res = AccessTokenKit::DeleteToken(tokenID);
420 ASSERT_EQ(res, RET_SUCCESS);
421 }
422
423 class CbCustomizeTest : public PermStateChangeCallbackCustomize {
424 public:
CbCustomizeTest(const PermStateChangeScope & scopeInfo)425 explicit CbCustomizeTest(const PermStateChangeScope &scopeInfo)
426 : PermStateChangeCallbackCustomize(scopeInfo)
427 {
428 }
429
~CbCustomizeTest()430 ~CbCustomizeTest()
431 {}
432
PermStateChangeCallback(PermStateChangeInfo & result)433 virtual void PermStateChangeCallback(PermStateChangeInfo& result)
434 {
435 ready2_ = true;
436 }
437
438 bool ready2_ = false;
439 };
440
441 /**
442 * @tc.name: SecurityComponentGrantTest009
443 * @tc.desc: test permission pop-up after security component grant.
444 * @tc.type: FUNC
445 * @tc.require:Issue Number
446 */
447 HWTEST_F(SecurityComponentGrantTest, SecurityComponentGrantTest009, TestSize.Level1)
448 {
449 PermStateChangeScope scopeInfo9;
450 scopeInfo9.permList = {TEST_PERMISSION};
451 scopeInfo9.tokenIDs = {};
452 auto callbackPtr = std::make_shared<CbCustomizeTest>(scopeInfo9);
453 callbackPtr->ready2_ = false;
454
455 int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr);
456 ASSERT_EQ(RET_SUCCESS, res);
457
458 AccessTokenID tokenID = AllocTestToken();
459 ASSERT_NE(tokenID, INVALID_TOKENID);
460
461 // security component grant
462 res = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
463 ASSERT_EQ(res, RET_SUCCESS);
464 usleep(500000); // 500000us = 0.5s
465 ASSERT_EQ(callbackPtr->ready2_, true);
466 callbackPtr->ready2_ = false;
467
468 // user grant
469 res = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION, PERMISSION_USER_FIXED);
470 ASSERT_EQ(res, RET_SUCCESS);
471 usleep(500000); // 500000us = 0.5s
472 ASSERT_EQ(callbackPtr->ready2_, false);
473
474 // security component revoke
475 res = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION, PERMISSION_USER_FIXED);
476 ASSERT_EQ(res, RET_SUCCESS);
477 usleep(500000); // 500000us = 0.5s
478 ASSERT_EQ(callbackPtr->ready2_, true);
479 callbackPtr->ready2_ = false;
480
481 // security component revoke repeat
482 res = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
483 ASSERT_NE(res, RET_SUCCESS);
484 usleep(500000); // 500000us = 0.5s
485 ASSERT_EQ(callbackPtr->ready2_, false);
486
487 res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr);
488 ASSERT_EQ(RET_SUCCESS, res);
489
490 res = AccessTokenKit::DeleteToken(tokenID);
491 ASSERT_EQ(res, RET_SUCCESS);
492 }
493
494 /**
495 * @tc.name: SecurityComponentGrantTest010
496 * @tc.desc: test permission pop-up after security component grant.
497 * @tc.type: FUNC
498 * @tc.require:Issue Number
499 */
500 HWTEST_F(SecurityComponentGrantTest, SecurityComponentGrantTest010, TestSize.Level1)
501 {
502 PermStateChangeScope scopeInfo10;
503 scopeInfo10.permList = {TEST_PERMISSION};
504 scopeInfo10.tokenIDs = {};
505 auto callbackPtr = std::make_shared<CbCustomizeTest>(scopeInfo10);
506 callbackPtr->ready2_ = false;
507
508 int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr);
509 ASSERT_EQ(RET_SUCCESS, res);
510
511 AccessTokenID tokenID = AllocTestToken();
512 ASSERT_NE(tokenID, INVALID_TOKENID);
513
514 // security component grant
515 res = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
516 ASSERT_EQ(res, RET_SUCCESS);
517 usleep(500000); // 500000us = 0.5s
518 ASSERT_EQ(callbackPtr->ready2_, true);
519 callbackPtr->ready2_ = false;
520
521 // user revoke
522 res = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION, PERMISSION_USER_FIXED);
523 ASSERT_EQ(res, RET_SUCCESS);
524 usleep(500000); // 500000us = 0.5s
525 ASSERT_EQ(callbackPtr->ready2_, true);
526 callbackPtr->ready2_ = false;
527
528 // security component revoke
529 res = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION, PERMISSION_COMPONENT_SET);
530 ASSERT_NE(res, RET_SUCCESS);
531 usleep(500000); // 500000us = 0.5s
532 ASSERT_EQ(callbackPtr->ready2_, false);
533
534 res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr);
535 ASSERT_EQ(RET_SUCCESS, res);
536
537 res = AccessTokenKit::DeleteToken(tokenID);
538 ASSERT_EQ(res, RET_SUCCESS);
539 }
540
541 /**
542 * @tc.name: SecurityComponentGrantTest011
543 * @tc.desc: test permission pop-up after security component grant.
544 * @tc.type: FUNC
545 * @tc.require:Issue Number
546 */
547 HWTEST_F(SecurityComponentGrantTest, SecurityComponentGrantTest011, TestSize.Level1)
548 {
549 PermStateChangeScope scopeInfo;
550 scopeInfo.permList = {TEST_PERMISSION_NOT_REQUESTED};
551 scopeInfo.tokenIDs = {};
552 auto callbackPtr = std::make_shared<CbCustomizeTest>(scopeInfo);
553 callbackPtr->ready2_ = false;
554
555 int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr);
556 ASSERT_EQ(RET_SUCCESS, res);
557
558 AccessTokenID tokenID = AllocTestToken();
559 ASSERT_NE(tokenID, INVALID_TOKENID);
560
561 // security component grant a not requested permission
562 res = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NOT_REQUESTED, PERMISSION_COMPONENT_SET);
563 ASSERT_EQ(res, RET_SUCCESS);
564 usleep(500000); // 500000us = 0.5s
565 ASSERT_EQ(callbackPtr->ready2_, true);
566 callbackPtr->ready2_ = false;
567
568 int32_t status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NOT_REQUESTED, false);
569 ASSERT_EQ(status, PERMISSION_GRANTED);
570
571 // security component revoke
572 res = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NOT_REQUESTED, PERMISSION_COMPONENT_SET);
573 ASSERT_EQ(res, RET_SUCCESS);
574 usleep(500000); // 500000us = 0.5s
575 ASSERT_EQ(callbackPtr->ready2_, true);
576
577 status = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NOT_REQUESTED, false);
578 ASSERT_EQ(status, PERMISSION_DENIED);
579
580 res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr);
581 ASSERT_EQ(RET_SUCCESS, res);
582
583 res = AccessTokenKit::DeleteToken(tokenID);
584 ASSERT_EQ(res, RET_SUCCESS);
585 }
586