1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "share_permission_with_sandbox_test.h"
17 #include <thread>
18
19 #include "accesstoken_kit.h"
20 #include "accesstoken_log.h"
21 #include "access_token_error.h"
22 #include "nativetoken_kit.h"
23 #include "token_setproc.h"
24 #include "tokenid_kit.h"
25
26 using namespace testing::ext;
27 using namespace OHOS::Security::AccessToken;
28
29 namespace {
30 static const std::string PERMISSION_ALL = "ohos.permission.CAMERA";
31 static const std::string PERMISSION_FULL_CONTROL = "ohos.permission.PRINT";
32 static const std::string PERMISSION_NONE = "ohos.permission.INTERNET";
33 static const std::string PERMISSION_NOT_DISPLAYED = "ohos.permission.ANSWER_CALL";
34 static const std::string TEST_PERMISSION_GRANT = "ohos.permission.GRANT_SENSITIVE_PERMISSIONS";
35 static const std::string TEST_PERMISSION_REVOKE = "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS";
36 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE,
37 SECURITY_DOMAIN_ACCESSTOKEN, "AccessTokenKitExtensionTest"};
38
39 HapInfoParams g_infoParmsCommon = {
40 .userID = 1,
41 .bundleName = "PermissionShareTest",
42 .instIndex = 0,
43 .dlpType = DLP_COMMON,
44 .appIDDesc = "PermissionShareTest"
45 };
46
47 HapInfoParams g_infoParmsFullControl = {
48 .userID = 1,
49 .bundleName = "PermissionShareTest",
50 .instIndex = 1,
51 .dlpType = DLP_FULL_CONTROL,
52 .appIDDesc = "PermissionShareTest"
53 };
54
55 HapInfoParams g_infoParmsReadOnly = {
56 .userID = 1,
57 .bundleName = "PermissionShareTest",
58 .instIndex = 2,
59 .dlpType = DLP_READ,
60 .appIDDesc = "PermissionShareTest"
61 };
62
63 PermissionStateFull g_stateFullControl = {
64 .permissionName = "ohos.permission.PRINT",
65 .isGeneral = true,
66 .resDeviceID = {"local"},
67 .grantStatus = {PermissionState::PERMISSION_DENIED},
68 .grantFlags = {0}
69 };
70
71 PermissionStateFull g_stateNone = {
72 .permissionName = "ohos.permission.INTERNET",
73 .isGeneral = true,
74 .resDeviceID = {"local"},
75 .grantStatus = {PermissionState::PERMISSION_DENIED},
76 .grantFlags = {0}
77 };
78
79 PermissionStateFull g_stateAll = {
80 .permissionName = "ohos.permission.CAMERA",
81 .isGeneral = true,
82 .resDeviceID = {"local"},
83 .grantStatus = {PermissionState::PERMISSION_DENIED},
84 .grantFlags = {0}
85 };
86
87 PermissionStateFull g_stateNotDisplayed = {
88 .permissionName = "ohos.permission.ANSWER_CALL",
89 .isGeneral = true,
90 .resDeviceID = {"local"},
91 .grantStatus = {PermissionState::PERMISSION_DENIED},
92 .grantFlags = {0}
93 };
94
95 HapPolicyParams g_policyParams = {
96 .apl = APL_NORMAL,
97 .domain = "test.domain",
98 .permList = {},
99 .permStateList = {g_stateFullControl, g_stateNone, g_stateAll, g_stateNotDisplayed}
100 };
101
102 }
103
SetUpTestCase()104 void SharePermissionTest::SetUpTestCase()
105 {
106 HapInfoParams infoParmsEnvironment = {
107 .userID = 1,
108 .bundleName = "PermissionEnvironment",
109 .instIndex = 0,
110 .dlpType = DLP_COMMON,
111 .appIDDesc = "PermissionEnvironment",
112 .isSystemApp = true
113 };
114 PermissionStateFull stateGrant = {
115 .permissionName = TEST_PERMISSION_GRANT,
116 .isGeneral = true,
117 .resDeviceID = {"local"},
118 .grantStatus = {PermissionState::PERMISSION_GRANTED},
119 .grantFlags = {0}
120 };
121 PermissionStateFull stateRevoke = {
122 .permissionName = TEST_PERMISSION_REVOKE,
123 .isGeneral = true,
124 .resDeviceID = {"local"},
125 .grantStatus = {PermissionState::PERMISSION_GRANTED},
126 .grantFlags = {0}
127 };
128 HapPolicyParams policyParams = {
129 .apl = APL_NORMAL,
130 .domain = "test.domain",
131 .permList = {},
132 .permStateList = {stateGrant, stateRevoke}
133 };
134 AccessTokenIDEx tokenIdEx = {0};
135 tokenIdEx = AccessTokenKit::AllocHapToken(infoParmsEnvironment, policyParams);
136 EXPECT_NE(0, tokenIdEx.tokenIdExStruct.tokenID);
137 EXPECT_EQ(true, TokenIdKit::IsSystemAppByFullTokenID(tokenIdEx.tokenIDEx));
138 EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx));
139 ACCESSTOKEN_LOG_INFO(LABEL, "SetUpTestCase ok.");
140 }
141
TearDownTestCase()142 void SharePermissionTest::TearDownTestCase()
143 {
144 AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(1, "PermissionEnvironment", 0);
145 int32_t ret = AccessTokenKit::DeleteToken(tokenId);
146 EXPECT_EQ(RET_SUCCESS, ret);
147 }
148
SetUp()149 void SharePermissionTest::SetUp()
150 {
151 ACCESSTOKEN_LOG_INFO(LABEL, "SetUp ok.");
152 }
153
TearDown()154 void SharePermissionTest::TearDown()
155 {
156 }
157
AllocHapTokenId(HapInfoParams info,HapPolicyParams policy)158 static AccessTokenID AllocHapTokenId(HapInfoParams info, HapPolicyParams policy)
159 {
160 AccessTokenIDEx tokenIdEx = {0};
161 tokenIdEx = AccessTokenKit::AllocHapToken(info, policy);
162 AccessTokenID tokenId = tokenIdEx.tokenIdExStruct.tokenID;
163 EXPECT_NE(0, tokenId);
164 int ret = AccessTokenKit::VerifyAccessToken(tokenId, PERMISSION_FULL_CONTROL, false);
165 EXPECT_EQ(ret, PermissionState::PERMISSION_DENIED);
166 ret = AccessTokenKit::VerifyAccessToken(tokenId, PERMISSION_ALL, false);
167 EXPECT_EQ(ret, PermissionState::PERMISSION_DENIED);
168 ret = AccessTokenKit::VerifyAccessToken(tokenId, PERMISSION_NONE, false);
169 EXPECT_EQ(ret, PermissionState::PERMISSION_DENIED);
170 return tokenId;
171 }
172
173 /**
174 * @tc.name: SharePermissionTest001
175 * @tc.desc: .
176 * @tc.type: FUNC
177 * @tc.require:Issue Number
178 */
179 HWTEST_F(SharePermissionTest, PermissionShareTest001, TestSize.Level1)
180 {
181 int ret;
182 AccessTokenID tokenCommon = AllocHapTokenId(g_infoParmsCommon, g_policyParams);
183 AccessTokenID tokenFullControl = AllocHapTokenId(g_infoParmsFullControl, g_policyParams);
184 AccessTokenID tokenFullRead = AllocHapTokenId(g_infoParmsReadOnly, g_policyParams);
185
186 // grant common app
187 ret = AccessTokenKit::GrantPermission(tokenCommon, PERMISSION_ALL, PERMISSION_USER_FIXED);
188 EXPECT_EQ(RET_SUCCESS, ret);
189 ret = AccessTokenKit::VerifyAccessToken(tokenCommon, PERMISSION_ALL, false);
190 EXPECT_EQ(ret, PermissionState::PERMISSION_GRANTED);
191 ret = AccessTokenKit::VerifyAccessToken(tokenFullControl, PERMISSION_ALL, false);
192 EXPECT_EQ(ret, PermissionState::PERMISSION_GRANTED);
193 ret = AccessTokenKit::VerifyAccessToken(tokenFullRead, PERMISSION_ALL, false);
194 EXPECT_EQ(ret, PermissionState::PERMISSION_GRANTED);
195
196 // grant common app
197 ret = AccessTokenKit::GrantPermission(tokenCommon, PERMISSION_FULL_CONTROL, PERMISSION_USER_FIXED);
198 EXPECT_EQ(RET_SUCCESS, ret);
199 ret = AccessTokenKit::VerifyAccessToken(tokenCommon, PERMISSION_FULL_CONTROL, false);
200 EXPECT_EQ(ret, PermissionState::PERMISSION_GRANTED);
201 ret = AccessTokenKit::VerifyAccessToken(tokenFullControl, PERMISSION_FULL_CONTROL, false);
202 EXPECT_EQ(ret, PermissionState::PERMISSION_GRANTED);
203 ret = AccessTokenKit::VerifyAccessToken(tokenFullRead, PERMISSION_FULL_CONTROL, false);
204 EXPECT_EQ(ret, PermissionState::PERMISSION_DENIED);
205
206 // grant common app
207 ret = AccessTokenKit::GrantPermission(tokenCommon, PERMISSION_NONE, PERMISSION_USER_FIXED);
208 EXPECT_EQ(RET_SUCCESS, ret);
209 ret = AccessTokenKit::VerifyAccessToken(tokenCommon, PERMISSION_NONE, false);
210 EXPECT_EQ(ret, PermissionState::PERMISSION_GRANTED);
211 ret = AccessTokenKit::VerifyAccessToken(tokenFullControl, PERMISSION_NONE, false);
212 EXPECT_EQ(ret, PermissionState::PERMISSION_DENIED);
213 ret = AccessTokenKit::VerifyAccessToken(tokenFullRead, PERMISSION_NONE, false);
214 EXPECT_EQ(ret, PermissionState::PERMISSION_DENIED);
215
216 ret = AccessTokenKit::DeleteToken(tokenCommon);
217 EXPECT_EQ(RET_SUCCESS, ret);
218 ret = AccessTokenKit::DeleteToken(tokenFullControl);
219 EXPECT_EQ(RET_SUCCESS, ret);
220 ret = AccessTokenKit::DeleteToken(tokenFullRead);
221 EXPECT_EQ(RET_SUCCESS, ret);
222 }
223
224 /**
225 * @tc.name: SharePermissionTest002
226 * @tc.desc: .
227 * @tc.type: FUNC
228 * @tc.require:Issue Number
229 */
230 HWTEST_F(SharePermissionTest, PermissionShareTest002, TestSize.Level1)
231 {
232 int ret;
233 AccessTokenID tokenCommon = AllocHapTokenId(g_infoParmsCommon, g_policyParams);
234 AccessTokenID tokenFullControl = AllocHapTokenId(g_infoParmsFullControl, g_policyParams);
235 AccessTokenID tokenFullRead = AllocHapTokenId(g_infoParmsReadOnly, g_policyParams);
236
237 // grant common app
238 ret = AccessTokenKit::GrantPermission(tokenFullControl, PERMISSION_ALL, PERMISSION_USER_FIXED);
239 EXPECT_EQ(RET_SUCCESS, ret);
240 ret = AccessTokenKit::VerifyAccessToken(tokenCommon, PERMISSION_ALL, false);
241 EXPECT_EQ(ret, PermissionState::PERMISSION_GRANTED);
242 ret = AccessTokenKit::VerifyAccessToken(tokenFullControl, PERMISSION_ALL, false);
243 EXPECT_EQ(ret, PermissionState::PERMISSION_GRANTED);
244 ret = AccessTokenKit::VerifyAccessToken(tokenFullRead, PERMISSION_ALL, false);
245 EXPECT_EQ(ret, PermissionState::PERMISSION_GRANTED);
246
247 // grant common app
248 ret = AccessTokenKit::GrantPermission(tokenFullControl, PERMISSION_FULL_CONTROL, PERMISSION_USER_FIXED);
249 EXPECT_EQ(RET_SUCCESS, ret);
250 ret = AccessTokenKit::VerifyAccessToken(tokenCommon, PERMISSION_FULL_CONTROL, false);
251 EXPECT_EQ(ret, PermissionState::PERMISSION_GRANTED);
252 ret = AccessTokenKit::VerifyAccessToken(tokenFullControl, PERMISSION_FULL_CONTROL, false);
253 EXPECT_EQ(ret, PermissionState::PERMISSION_GRANTED);
254 ret = AccessTokenKit::VerifyAccessToken(tokenFullRead, PERMISSION_FULL_CONTROL, false);
255 EXPECT_EQ(ret, PermissionState::PERMISSION_DENIED);
256
257 // grant common app
258 ret = AccessTokenKit::GrantPermission(tokenFullControl, PERMISSION_NONE, PERMISSION_USER_FIXED);
259 EXPECT_NE(RET_SUCCESS, ret);
260 ret = AccessTokenKit::VerifyAccessToken(tokenCommon, PERMISSION_NONE, false);
261 EXPECT_EQ(ret, PermissionState::PERMISSION_DENIED);
262 ret = AccessTokenKit::VerifyAccessToken(tokenFullControl, PERMISSION_NONE, false);
263 EXPECT_EQ(ret, PermissionState::PERMISSION_DENIED);
264 ret = AccessTokenKit::VerifyAccessToken(tokenFullRead, PERMISSION_NONE, false);
265 EXPECT_EQ(ret, PermissionState::PERMISSION_DENIED);
266
267 ret = AccessTokenKit::DeleteToken(tokenCommon);
268 EXPECT_EQ(RET_SUCCESS, ret);
269 ret = AccessTokenKit::DeleteToken(tokenFullControl);
270 EXPECT_EQ(RET_SUCCESS, ret);
271 ret = AccessTokenKit::DeleteToken(tokenFullRead);
272 EXPECT_EQ(RET_SUCCESS, ret);
273 }
274
275 /**
276 * @tc.name: PermissionShareClearUserGrantTest001
277 * @tc.desc: .
278 * @tc.type: FUNC
279 * @tc.require:Issue Number
280 */
281 HWTEST_F(SharePermissionTest, PermissionShareClearUserGrantTest001, TestSize.Level1)
282 {
283 int ret;
284 AccessTokenID tokenCommon = AllocHapTokenId(g_infoParmsCommon, g_policyParams);
285 AccessTokenID tokenFullControl = AllocHapTokenId(g_infoParmsFullControl, g_policyParams);
286 AccessTokenID tokenFullRead = AllocHapTokenId(g_infoParmsReadOnly, g_policyParams);
287
288 // grant pre-authorization
289 ret = AccessTokenKit::GrantPermission(tokenFullControl, PERMISSION_ALL, PERMISSION_GRANTED_BY_POLICY);
290 EXPECT_EQ(RET_SUCCESS, ret);
291 uint32_t flag;
292 (void)AccessTokenKit::GetPermissionFlag(tokenCommon, PERMISSION_ALL, flag);
293 EXPECT_EQ(flag, PERMISSION_DEFAULT_FLAG);
294 (void)AccessTokenKit::GetPermissionFlag(tokenFullControl, PERMISSION_ALL, flag);
295 EXPECT_EQ(flag, PERMISSION_DEFAULT_FLAG);
296 (void)AccessTokenKit::GetPermissionFlag(tokenFullRead, PERMISSION_ALL, flag);
297 EXPECT_EQ(flag, PERMISSION_DEFAULT_FLAG);
298
299 ret = AccessTokenKit::RevokePermission(tokenFullControl, PERMISSION_ALL, PERMISSION_USER_FIXED);
300 EXPECT_EQ(RET_SUCCESS, ret);
301
302 ret = AccessTokenKit::ClearUserGrantedPermissionState(tokenFullRead);
303 EXPECT_EQ(RET_SUCCESS, ret);
304 ret = AccessTokenKit::VerifyAccessToken(tokenCommon, PERMISSION_ALL, false);
305 EXPECT_EQ(ret, PermissionState::PERMISSION_GRANTED);
306 ret = AccessTokenKit::VerifyAccessToken(tokenFullControl, PERMISSION_ALL, false);
307 EXPECT_EQ(ret, PermissionState::PERMISSION_GRANTED);
308 ret = AccessTokenKit::VerifyAccessToken(tokenFullRead, PERMISSION_ALL, false);
309 EXPECT_EQ(ret, PermissionState::PERMISSION_GRANTED);
310
311 ret = AccessTokenKit::DeleteToken(tokenFullControl);
312 EXPECT_EQ(RET_SUCCESS, ret);
313 ret = AccessTokenKit::DeleteToken(tokenFullRead);
314 EXPECT_EQ(RET_SUCCESS, ret);
315 ret = AccessTokenKit::DeleteToken(tokenCommon);
316 EXPECT_EQ(RET_SUCCESS, ret);
317 }
318
319 /**
320 * @tc.name: PermissionShareClearUserGrantTest002
321 * @tc.desc: .
322 * @tc.type: FUNC
323 * @tc.require:Issue Number
324 */
325 HWTEST_F(SharePermissionTest, PermissionShareClearUserGrantTest002, TestSize.Level1)
326 {
327 int ret;
328 AccessTokenID tokenCommon = AllocHapTokenId(g_infoParmsCommon, g_policyParams);
329 AccessTokenID tokenFullControl = AllocHapTokenId(g_infoParmsFullControl, g_policyParams);
330 AccessTokenID tokenFullRead = AllocHapTokenId(g_infoParmsReadOnly, g_policyParams);
331
332 // grant pre-authorization
333 ret = AccessTokenKit::GrantPermission(tokenFullControl, PERMISSION_FULL_CONTROL, PERMISSION_USER_FIXED);
334 EXPECT_EQ(RET_SUCCESS, ret);
335 uint32_t flag;
336 (void)AccessTokenKit::GetPermissionFlag(tokenCommon, PERMISSION_FULL_CONTROL, flag);
337 EXPECT_EQ(flag, PERMISSION_USER_FIXED);
338 (void)AccessTokenKit::GetPermissionFlag(tokenFullControl, PERMISSION_FULL_CONTROL, flag);
339 EXPECT_EQ(flag, PERMISSION_USER_FIXED);
340 (void)AccessTokenKit::GetPermissionFlag(tokenFullRead, PERMISSION_FULL_CONTROL, flag);
341 EXPECT_EQ(flag, PERMISSION_DEFAULT_FLAG);
342
343 ret = AccessTokenKit::RevokePermission(tokenFullControl, PERMISSION_FULL_CONTROL, PERMISSION_USER_FIXED);
344 EXPECT_EQ(RET_SUCCESS, ret);
345 (void)AccessTokenKit::GetPermissionFlag(tokenCommon, PERMISSION_FULL_CONTROL, flag);
346 EXPECT_EQ(flag, PERMISSION_USER_FIXED);
347 (void)AccessTokenKit::GetPermissionFlag(tokenFullControl, PERMISSION_FULL_CONTROL, flag);
348 EXPECT_EQ(flag, PERMISSION_USER_FIXED);
349 (void)AccessTokenKit::GetPermissionFlag(tokenFullRead, PERMISSION_FULL_CONTROL, flag);
350 EXPECT_EQ(flag, PERMISSION_DEFAULT_FLAG);
351
352 ret = AccessTokenKit::ClearUserGrantedPermissionState(tokenCommon);
353 EXPECT_EQ(RET_SUCCESS, ret);
354 (void)AccessTokenKit::GetPermissionFlag(tokenCommon, PERMISSION_FULL_CONTROL, flag);
355 EXPECT_EQ(flag, PERMISSION_DEFAULT_FLAG);
356 (void)AccessTokenKit::GetPermissionFlag(tokenFullControl, PERMISSION_FULL_CONTROL, flag);
357 EXPECT_EQ(flag, PERMISSION_DEFAULT_FLAG);
358 (void)AccessTokenKit::GetPermissionFlag(tokenFullRead, PERMISSION_FULL_CONTROL, flag);
359 EXPECT_EQ(flag, PERMISSION_DEFAULT_FLAG);
360 ret = AccessTokenKit::VerifyAccessToken(tokenCommon, PERMISSION_FULL_CONTROL, false);
361 EXPECT_EQ(ret, PermissionState::PERMISSION_DENIED);
362 ret = AccessTokenKit::VerifyAccessToken(tokenFullControl, PERMISSION_FULL_CONTROL, false);
363 EXPECT_EQ(ret, PermissionState::PERMISSION_DENIED);
364 ret = AccessTokenKit::VerifyAccessToken(tokenFullRead, PERMISSION_FULL_CONTROL, false);
365 EXPECT_EQ(ret, PermissionState::PERMISSION_DENIED);
366
367 ret = AccessTokenKit::DeleteToken(tokenFullControl);
368 EXPECT_EQ(RET_SUCCESS, ret);
369 ret = AccessTokenKit::DeleteToken(tokenFullRead);
370 EXPECT_EQ(RET_SUCCESS, ret);
371 ret = AccessTokenKit::DeleteToken(tokenCommon);
372 EXPECT_EQ(RET_SUCCESS, ret);
373 }
374
375 /**
376 * @tc.name: SharePermissionTest003
377 * @tc.desc: .
378 * @tc.type: FUNC
379 * @tc.require:Issue Number
380 */
381 HWTEST_F(SharePermissionTest, PermissionShareTest03, TestSize.Level1)
382 {
383 uint64_t tokenId = GetSelfTokenID();
384 AccessTokenID tokenCommon = AllocHapTokenId(g_infoParmsCommon, g_policyParams);
385 ASSERT_EQ(0, SetSelfTokenID(tokenCommon));
386
387 int32_t ret = AccessTokenKit::VerifyAccessToken(tokenId, PERMISSION_NOT_DISPLAYED, false);
388 EXPECT_EQ(ret, PermissionState::PERMISSION_DENIED);
389
390 std::vector<PermissionListState> permsList;
391 PermissionListState perm = {
392 .permissionName = PERMISSION_NOT_DISPLAYED,
393 .state = SETTING_OPER,
394 };
395 permsList.emplace_back(perm);
396 PermissionGrantInfo info;
397 AccessTokenKit::GetSelfPermissionsState(permsList, info);
398 EXPECT_EQ(permsList[0].state, INVALID_OPER);
399
400 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenCommon));
401 ASSERT_EQ(0, SetSelfTokenID(tokenId));
402 }
403
SetPermList(std::vector<PermissionListState> & permsList)404 static void SetPermList(std::vector<PermissionListState> &permsList)
405 {
406 PermissionListState permAll = {
407 .permissionName = PERMISSION_ALL,
408 .state = SETTING_OPER,
409 };
410 PermissionListState permFullControl = {
411 .permissionName = PERMISSION_FULL_CONTROL,
412 .state = SETTING_OPER,
413 };
414 PermissionListState permNone = {
415 .permissionName = PERMISSION_NONE,
416 .state = SETTING_OPER,
417 };
418 permsList.emplace_back(permAll);
419 permsList.emplace_back(permFullControl);
420 permsList.emplace_back(permNone);
421 }
422
423 /**
424 * @tc.name: SharePermissionTest004
425 * @tc.desc: .
426 * @tc.type: FUNC
427 * @tc.require:Issue Number
428 */
429 HWTEST_F(SharePermissionTest, PermissionShareTest004, TestSize.Level1)
430 {
431 AccessTokenID tokenCommon = AllocHapTokenId(g_infoParmsCommon, g_policyParams);
432 AccessTokenID tokenFullControl = AllocHapTokenId(g_infoParmsFullControl, g_policyParams);
433 AccessTokenID tokenFullRead = AllocHapTokenId(g_infoParmsReadOnly, g_policyParams);
434
435 std::vector<PermissionListState> permsList;
436 SetPermList(permsList);
437
438 uint64_t tokenId = GetSelfTokenID();
439 PermissionGrantInfo info;
440
441 ASSERT_EQ(0, SetSelfTokenID(tokenFullControl));
442 AccessTokenKit::GetSelfPermissionsState(permsList, info);
443 EXPECT_EQ(permsList[0].state, DYNAMIC_OPER);
444 ASSERT_EQ(0, SetSelfTokenID(tokenFullRead));
445 AccessTokenKit::GetSelfPermissionsState(permsList, info);
446 EXPECT_EQ(permsList[0].state, DYNAMIC_OPER);
447
448 ASSERT_EQ(0, SetSelfTokenID(tokenId));
449 (void)AccessTokenKit::RevokePermission(tokenCommon, PERMISSION_ALL, PERMISSION_USER_FIXED);
450
451 ASSERT_EQ(0, SetSelfTokenID(tokenFullControl));
452 AccessTokenKit::GetSelfPermissionsState(permsList, info);
453 EXPECT_EQ(permsList[0].state, SETTING_OPER);
454 ASSERT_EQ(0, SetSelfTokenID(tokenFullRead));
455 AccessTokenKit::GetSelfPermissionsState(permsList, info);
456 EXPECT_EQ(permsList[0].state, SETTING_OPER);
457
458 ASSERT_EQ(0, SetSelfTokenID(tokenId));
459 (void)AccessTokenKit::RevokePermission(tokenCommon, PERMISSION_FULL_CONTROL, PERMISSION_USER_FIXED);
460
461 ASSERT_EQ(0, SetSelfTokenID(tokenFullControl));
462 AccessTokenKit::GetSelfPermissionsState(permsList, info);
463 EXPECT_EQ(permsList[1].state, SETTING_OPER);
464 ASSERT_EQ(0, SetSelfTokenID(tokenFullRead));
465 AccessTokenKit::GetSelfPermissionsState(permsList, info);
466 EXPECT_EQ(permsList[1].state, INVALID_OPER);
467
468 ASSERT_EQ(0, SetSelfTokenID(tokenId));
469 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::RevokePermission(tokenCommon, PERMISSION_NONE, PERMISSION_USER_FIXED));
470
471 ASSERT_EQ(0, SetSelfTokenID(tokenCommon));
472 AccessTokenKit::GetSelfPermissionsState(permsList, info);
473 EXPECT_EQ(permsList[2].state, SETTING_OPER);
474 ASSERT_EQ(0, SetSelfTokenID(tokenFullControl));
475 AccessTokenKit::GetSelfPermissionsState(permsList, info);
476 EXPECT_EQ(permsList[2].state, INVALID_OPER);
477 ASSERT_EQ(0, SetSelfTokenID(tokenFullRead));
478 AccessTokenKit::GetSelfPermissionsState(permsList, info);
479 EXPECT_EQ(permsList[2].state, INVALID_OPER);
480
481 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenCommon));
482 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenFullControl));
483 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenFullRead));
484 ASSERT_EQ(0, SetSelfTokenID(tokenId));
485 }
486
487
488 /**
489 * @tc.name: SharePermissionTest005
490 * @tc.desc: .
491 * @tc.type: FUNC
492 * @tc.require:Issue Number
493 */
494 HWTEST_F(SharePermissionTest, PermissionShareTest005, TestSize.Level1)
495 {
496 AccessTokenID tokenCommon = AllocHapTokenId(g_infoParmsCommon, g_policyParams);
497 AccessTokenID tokenFullControl = AllocHapTokenId(g_infoParmsFullControl, g_policyParams);
498 AccessTokenID tokenFullRead = AllocHapTokenId(g_infoParmsReadOnly, g_policyParams);
499
500 std::vector<PermissionListState> permsList;
501 PermissionListState permAll = {
502 .permissionName = PERMISSION_ALL,
503 .state = SETTING_OPER,
504 };
505 PermissionListState permFullControl = {
506 .permissionName = PERMISSION_FULL_CONTROL,
507 .state = SETTING_OPER,
508 };
509 permsList.emplace_back(permAll);
510 permsList.emplace_back(permFullControl);
511
512 uint64_t tokenId = GetSelfTokenID();
513
514 ASSERT_EQ(0, SetSelfTokenID(tokenCommon));
515 PermissionGrantInfo info;
516 AccessTokenKit::GetSelfPermissionsState(permsList, info);
517 EXPECT_EQ(permsList[1].state, DYNAMIC_OPER);
518 ASSERT_EQ(0, SetSelfTokenID(tokenFullControl));
519 AccessTokenKit::GetSelfPermissionsState(permsList, info);
520 EXPECT_EQ(permsList[1].state, DYNAMIC_OPER);
521 ASSERT_EQ(0, SetSelfTokenID(tokenFullRead));
522 AccessTokenKit::GetSelfPermissionsState(permsList, info);
523 EXPECT_EQ(permsList[1].state, INVALID_OPER);
524
525 ASSERT_EQ(0, SetSelfTokenID(tokenId));
526 AccessTokenKit::RevokePermission(tokenFullControl, PERMISSION_ALL, PERMISSION_USER_FIXED);
527
528 ASSERT_EQ(0, SetSelfTokenID(tokenCommon));
529 AccessTokenKit::GetSelfPermissionsState(permsList, info);
530 EXPECT_EQ(permsList[0].state, SETTING_OPER);
531 ASSERT_EQ(0, SetSelfTokenID(tokenFullControl));
532 AccessTokenKit::GetSelfPermissionsState(permsList, info);
533 EXPECT_EQ(permsList[0].state, SETTING_OPER);
534
535 ASSERT_EQ(0, SetSelfTokenID(tokenId));
536 AccessTokenKit::RevokePermission(tokenFullControl, PERMISSION_FULL_CONTROL, PERMISSION_USER_FIXED);
537
538 ASSERT_EQ(0, SetSelfTokenID(tokenCommon));
539 AccessTokenKit::GetSelfPermissionsState(permsList, info);
540 EXPECT_EQ(permsList[1].state, SETTING_OPER);
541 ASSERT_EQ(0, SetSelfTokenID(tokenFullControl));
542 AccessTokenKit::GetSelfPermissionsState(permsList, info);
543 EXPECT_EQ(permsList[1].state, SETTING_OPER);
544
545 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenCommon));
546 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenFullControl));
547 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenFullRead));
548 ASSERT_EQ(0, SetSelfTokenID(tokenId));
549 }
550
551 /**
552 * @tc.name: SharePermissionTest006
553 * @tc.desc: .
554 * @tc.type: FUNC
555 * @tc.require:Issue Number
556 */
557 HWTEST_F(SharePermissionTest, PermissionShareTest006, TestSize.Level1)
558 {
559 int ret;
560 AccessTokenID tokenCommon = AllocHapTokenId(g_infoParmsCommon, g_policyParams);
561 AccessTokenID tokenFullControl = AllocHapTokenId(g_infoParmsFullControl, g_policyParams);
562 AccessTokenID tokenFullRead = AllocHapTokenId(g_infoParmsReadOnly, g_policyParams);
563
564 // revoke common app
565 ret = AccessTokenKit::RevokePermission(tokenCommon, PERMISSION_ALL, PERMISSION_USER_FIXED);
566 EXPECT_EQ(RET_SUCCESS, ret);
567 ret = AccessTokenKit::VerifyAccessToken(tokenCommon, PERMISSION_ALL, false);
568 EXPECT_EQ(ret, PermissionState::PERMISSION_DENIED);
569 ret = AccessTokenKit::VerifyAccessToken(tokenFullControl, PERMISSION_ALL, false);
570 EXPECT_EQ(ret, PermissionState::PERMISSION_DENIED);
571 ret = AccessTokenKit::VerifyAccessToken(tokenFullRead, PERMISSION_ALL, false);
572 EXPECT_EQ(ret, PermissionState::PERMISSION_DENIED);
573
574 uint32_t flag;
575 // revoke common app
576 ret = AccessTokenKit::RevokePermission(tokenCommon, PERMISSION_FULL_CONTROL, PERMISSION_USER_FIXED);
577 EXPECT_EQ(RET_SUCCESS, ret);
578 (void)AccessTokenKit::GetPermissionFlag(tokenCommon, PERMISSION_FULL_CONTROL, flag);
579 EXPECT_EQ(flag, PERMISSION_USER_FIXED);
580 (void)AccessTokenKit::GetPermissionFlag(tokenFullControl, PERMISSION_FULL_CONTROL, flag);
581 EXPECT_EQ(flag, PERMISSION_USER_FIXED);
582 (void)AccessTokenKit::GetPermissionFlag(tokenFullRead, PERMISSION_FULL_CONTROL, flag);
583 EXPECT_EQ(flag, PERMISSION_DEFAULT_FLAG);
584
585 // revoke common app
586 ret = AccessTokenKit::GrantPermission(tokenCommon, PERMISSION_NONE, PERMISSION_USER_FIXED);
587 EXPECT_EQ(RET_SUCCESS, ret);
588 (void)AccessTokenKit::GetPermissionFlag(tokenCommon, PERMISSION_NONE, flag);
589 EXPECT_EQ(flag, PERMISSION_USER_FIXED);
590 (void)AccessTokenKit::GetPermissionFlag(tokenFullControl, PERMISSION_NONE, flag);
591 EXPECT_EQ(flag, PERMISSION_DEFAULT_FLAG);
592 (void)AccessTokenKit::GetPermissionFlag(tokenFullRead, PERMISSION_NONE, flag);
593 EXPECT_EQ(flag, PERMISSION_DEFAULT_FLAG);
594
595 (void)AccessTokenKit::DeleteToken(tokenCommon);
596 (void)AccessTokenKit::DeleteToken(tokenFullControl);
597 (void)AccessTokenKit::DeleteToken(tokenFullRead);
598 }
599
600 /**
601 * @tc.name: SharePermissionTest007
602 * @tc.desc: .
603 * @tc.type: FUNC
604 * @tc.require:Issue Number
605 */
606 HWTEST_F(SharePermissionTest, PermissionShareTest007, TestSize.Level1)
607 {
608 int ret;
609 uint32_t flag;
610 AccessTokenID tokenCommon = AllocHapTokenId(g_infoParmsCommon, g_policyParams);
611 AccessTokenID tokenFullControl = AllocHapTokenId(g_infoParmsFullControl, g_policyParams);
612 AccessTokenID tokenFullRead = AllocHapTokenId(g_infoParmsReadOnly, g_policyParams);
613
614 // revoke full control app
615 ret = AccessTokenKit::RevokePermission(tokenFullControl, PERMISSION_ALL, PERMISSION_USER_SET);
616 EXPECT_EQ(RET_SUCCESS, ret);
617 (void)AccessTokenKit::GetPermissionFlag(tokenCommon, PERMISSION_ALL, flag);
618 EXPECT_EQ(flag, PERMISSION_USER_SET);
619 (void)AccessTokenKit::GetPermissionFlag(tokenFullControl, PERMISSION_ALL, flag);
620 EXPECT_EQ(flag, PERMISSION_USER_SET);
621 (void)AccessTokenKit::GetPermissionFlag(tokenFullRead, PERMISSION_ALL, flag);
622 EXPECT_EQ(flag, PERMISSION_USER_SET);
623
624 // revoke full control app
625 ret = AccessTokenKit::RevokePermission(tokenFullControl, PERMISSION_FULL_CONTROL, PERMISSION_USER_FIXED);
626 EXPECT_EQ(RET_SUCCESS, ret);
627 (void)AccessTokenKit::GetPermissionFlag(tokenCommon, PERMISSION_FULL_CONTROL, flag);
628 EXPECT_EQ(flag, PERMISSION_USER_FIXED);
629 (void)AccessTokenKit::GetPermissionFlag(tokenFullControl, PERMISSION_FULL_CONTROL, flag);
630 EXPECT_EQ(flag, PERMISSION_USER_FIXED);
631 (void)AccessTokenKit::GetPermissionFlag(tokenFullRead, PERMISSION_FULL_CONTROL, flag);
632 EXPECT_EQ(flag, PERMISSION_DEFAULT_FLAG);
633
634 ret = AccessTokenKit::DeleteToken(tokenCommon);
635 EXPECT_EQ(RET_SUCCESS, ret);
636 ret = AccessTokenKit::DeleteToken(tokenFullControl);
637 EXPECT_EQ(RET_SUCCESS, ret);
638 ret = AccessTokenKit::DeleteToken(tokenFullRead);
639 EXPECT_EQ(RET_SUCCESS, ret);
640 }