diff --git a/frameworks/inner_api/sandbox_manager/test/BUILD.gn b/frameworks/inner_api/sandbox_manager/test/BUILD.gn index 29ca097486be42c8720c8be8db93753c3df016c7..125ecf60aa3d631187888f7455995a161b1b636b 100644 --- a/frameworks/inner_api/sandbox_manager/test/BUILD.gn +++ b/frameworks/inner_api/sandbox_manager/test/BUILD.gn @@ -16,8 +16,7 @@ import("../../../../sandbox_manager.gni") ohos_unittest("libsandbox_manager_sdk_test") { subsystem_name = "accesscontrol" - part_name = "sandbox_manager" - module_out_path = part_name + "/" + part_name + module_out_path = "sandbox_manager/sandbox_manager" sanitize = { cfi = true @@ -28,6 +27,7 @@ ohos_unittest("libsandbox_manager_sdk_test") { include_dirs = [ "${sandbox_manager_path}/frameworks/sandbox_manager/include", + "${sandbox_manager_path}/frameworks/sandbox_test_common/include", "${sandbox_manager_path}/frameworks/common/include", "${sandbox_manager_path}/interfaces/inner_api/sandbox_manager/include", "${sandbox_manager_path}/services/sandbox_manager/main/cpp/include/mac", @@ -51,6 +51,7 @@ ohos_unittest("libsandbox_manager_sdk_test") { deps = [ "${sandbox_manager_path}/frameworks/inner_api/sandbox_manager/:libsandbox_manager_sdk", "${sandbox_manager_path}/frameworks/sandbox_manager:sandbox_manager_communication_adapter_cxx", + "${sandbox_manager_path}/frameworks/sandbox_test_common:sandbox_test_common_source_set", ] external_deps = [ diff --git a/frameworks/inner_api/sandbox_manager/test/unittest/src/sandbox_manager_kit_test.cpp b/frameworks/inner_api/sandbox_manager/test/unittest/src/sandbox_manager_kit_test.cpp index 0d72e164a9bfc783beb2c8e4737d473112e10080..fb52e5559f5173a5610a8061133a027d4f0d70c2 100644 --- a/frameworks/inner_api/sandbox_manager/test/unittest/src/sandbox_manager_kit_test.cpp +++ b/frameworks/inner_api/sandbox_manager/test/unittest/src/sandbox_manager_kit_test.cpp @@ -32,6 +32,7 @@ #include "sandbox_manager_err_code.h" #include "sandbox_manager_log.h" #include "sandbox_manager_kit.h" +#include "sandbox_test_common.h" #include "token_setproc.h" #include "mac_adapter.h" @@ -145,6 +146,8 @@ void SandboxManagerKitTest::TearDownTestCase() void SandboxManagerKitTest::SetUp() { + int mockRet = MockTokenId("foundation"); + EXPECT_NE(0, mockRet); Security::AccessToken::AccessTokenIDEx tokenIdEx = {0}; tokenIdEx = Security::AccessToken::AccessTokenKit::AllocHapToken(g_testInfoParms, g_testPolicyPrams); EXPECT_NE(0, tokenIdEx.tokenIdExStruct.tokenID); @@ -1563,8 +1566,7 @@ HWTEST_F(SandboxManagerKitTest, CleanPersistPolicyByPathTest001, TestSize.Level1 ASSERT_EQ(1, result.size()); EXPECT_TRUE(result[0]); - Security::AccessToken::AccessTokenID tokenID = - Security::AccessToken::AccessTokenKit::GetNativeTokenId("file_manager_service"); + Security::AccessToken::AccessTokenID tokenID = GetTokenIdFromProcess("file_manager_service"); EXPECT_NE(0, tokenID); EXPECT_EQ(0, SetSelfTokenID(tokenID)); @@ -1622,8 +1624,7 @@ HWTEST_F(SandboxManagerKitTest, CleanPersistPolicyByPathTest002, TestSize.Level1 ASSERT_EQ(1, retType.size()); EXPECT_EQ(OPERATE_SUCCESSFULLY, retType[0]); - Security::AccessToken::AccessTokenID tokenID = - Security::AccessToken::AccessTokenKit::GetNativeTokenId("file_manager_service"); + Security::AccessToken::AccessTokenID tokenID = GetTokenIdFromProcess("file_manager_service"); EXPECT_NE(0, tokenID); EXPECT_EQ(0, SetSelfTokenID(tokenID)); @@ -1680,8 +1681,7 @@ HWTEST_F(SandboxManagerKitTest, CleanPersistPolicyByPathTest003, TestSize.Level1 ASSERT_EQ(1, retType.size()); EXPECT_EQ(OPERATE_SUCCESSFULLY, retType[0]); - Security::AccessToken::AccessTokenID tokenID = - Security::AccessToken::AccessTokenKit::GetNativeTokenId("file_manager_service"); + Security::AccessToken::AccessTokenID tokenID = GetTokenIdFromProcess("file_manager_service"); EXPECT_NE(0, tokenID); EXPECT_EQ(0, SetSelfTokenID(tokenID)); @@ -1796,8 +1796,7 @@ HWTEST_F(SandboxManagerKitTest, CleanPersistPolicyByPathTest006, TestSize.Level1 ASSERT_EQ(1, retType.size()); EXPECT_EQ(OPERATE_SUCCESSFULLY, retType[0]); - Security::AccessToken::AccessTokenID tokenID = - Security::AccessToken::AccessTokenKit::GetNativeTokenId("file_manager_service"); + Security::AccessToken::AccessTokenID tokenID = GetTokenIdFromProcess("file_manager_service"); EXPECT_NE(0, tokenID); EXPECT_EQ(0, SetSelfTokenID(tokenID)); diff --git a/frameworks/sandbox_test_common/BUILD.gn b/frameworks/sandbox_test_common/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..166a40ae01d0eb5b70427d93a4a8d9f8072e942a --- /dev/null +++ b/frameworks/sandbox_test_common/BUILD.gn @@ -0,0 +1,57 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/ohos.gni") +import("../../sandbox_manager.gni") + +config("sandbox_manager") { + include_dirs = [ "include" ] +} + +ohos_source_set("sandbox_test_common_source_set") { + branch_protector_ret = "pac_ret" + + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + } + + sources = [ "src/sandbox_test_common.cpp" ] + + public_configs = [ ":sandbox_manager" ] + + cflags = [ "-pipe" ] + cflags_cc = [ + "-Wdate-time", + "-Wformat=2", + "-Wfloat-equal", + "-Wshadow", + ] + + if (target_cpu == "arm64") { + defines = [ "_ARM64_" ] + } + + deps = [] + + external_deps = [ + "access_token:libaccesstoken_sdk", + "access_token:libtokenid_sdk", + "access_token:libtokensetproc_shared", + "c_utils:utils", + "hilog:libhilog", + ] + subsystem_name = "accesscontrol" + part_name = "sandbox_manager" +} diff --git a/frameworks/sandbox_test_common/include/sandbox_test_common.h b/frameworks/sandbox_test_common/include/sandbox_test_common.h new file mode 100644 index 0000000000000000000000000000000000000000..bfef827c8ef6a9fd76309bebbee7052606c9b9fa --- /dev/null +++ b/frameworks/sandbox_test_common/include/sandbox_test_common.h @@ -0,0 +1,30 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SANDBOX_TEST_COMMON_H +#define SANDBOX_TEST_COMMON_H + +#include + +namespace OHOS { +namespace AccessControl { +namespace SandboxManager { + uint64_t GetTokenIdFromProcess(const std::string &process); + bool MockTokenId(const std::string &process); + +} // namespace SandboxManager +} // namespace AccessControl +} // namespace OHOS +#endif // SANDBOX_TEST_COMMON_H diff --git a/frameworks/sandbox_test_common/src/sandbox_test_common.cpp b/frameworks/sandbox_test_common/src/sandbox_test_common.cpp new file mode 100644 index 0000000000000000000000000000000000000000..ba6b2d1957e9d57db72c81e0a113738beb369a51 --- /dev/null +++ b/frameworks/sandbox_test_common/src/sandbox_test_common.cpp @@ -0,0 +1,78 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "sandbox_test_common.h" +#include +#include "accesstoken_kit.h" +#include "ipc_skeleton.h" +#include "token_setproc.h" + +namespace OHOS { +namespace AccessControl { +namespace SandboxManager { +using namespace OHOS::Security::AccessToken; + +namespace { + static uint64_t g_shellTokenID = IPCSkeleton::GetSelfTokenID(); +} + +static uint64_t GetTokenId(const AtmToolsParamInfo &info) +{ + std::string dumpInfo; + AccessTokenKit::DumpTokenInfo(info, dumpInfo); + size_t pos = dumpInfo.find("\"tokenID\": "); + if (pos == std::string::npos) { + return 0; + } + pos += std::string("\"tokenID\": ").length(); + std::string numStr; + while (pos < dumpInfo.length() && std::isdigit(dumpInfo[pos])) { + numStr += dumpInfo[pos]; + ++pos; + } + + std::istringstream iss(numStr); + uint64_t tokenID; + iss >> tokenID; + return tokenID; +} + +uint64_t GetTokenIdFromProcess(const std::string &process) +{ + auto tokenId = IPCSkeleton::GetSelfTokenID(); + SetSelfTokenID(g_shellTokenID); // only shell can dump tokenid + + AtmToolsParamInfo info; + info.processName = process; + auto res = GetTokenId(info); + + SetSelfTokenID(tokenId); + return res; +} + +bool MockTokenId(const std::string &process) +{ + auto mockTokenId = GetTokenIdFromProcess(process); + if (mockTokenId == 0) { + return false; + } + if (SetSelfTokenID(mockTokenId) != 0) { + return false; + } + return IPCSkeleton::GetSelfTokenID() != 0; +} +} // namespace SandboxManager +} // namespace AccessControl +} // namespace OHOS diff --git a/frameworks/test/BUILD.gn b/frameworks/test/BUILD.gn index d51ea35ef3f2e1c4302f24f5ce20d303c1be652c..baac00f8b1da446f98a1d0657c2d30ea19941a36 100644 --- a/frameworks/test/BUILD.gn +++ b/frameworks/test/BUILD.gn @@ -16,8 +16,7 @@ import("../../sandbox_manager.gni") ohos_unittest("libsandbox_manager_communication_adapter_cxx_test") { subsystem_name = "accesscontrol" - part_name = "sandbox_manager" - module_out_path = part_name + "/" + part_name + module_out_path = "sandbox_manager/sandbox_manager" sanitize = { cfi = true diff --git a/services/sandbox_manager/test/BUILD.gn b/services/sandbox_manager/test/BUILD.gn index d68945be4dd0fc81b9583628d2cffde0f01eaf4c..2a2bd54cc12881ed0a227dc9f40879f5855f2132 100644 --- a/services/sandbox_manager/test/BUILD.gn +++ b/services/sandbox_manager/test/BUILD.gn @@ -29,8 +29,7 @@ sandbox_manager_service_src = [ ohos_unittest("libsandbox_manager_service_standard_test") { subsystem_name = "accesscontrol" - part_name = "sandbox_manager" - module_out_path = part_name + "/" + part_name + module_out_path = "sandbox_manager/sandbox_manager" sanitize = { cfi = true @@ -41,6 +40,7 @@ ohos_unittest("libsandbox_manager_service_standard_test") { include_dirs = [ "${sandbox_manager_path}/frameworks/sandbox_manager/include", + "${sandbox_manager_path}/frameworks/sandbox_test_common/include", "${sandbox_manager_path}/frameworks/common/include", "${sandbox_manager_path}/services/common/database/include", "${sandbox_manager_path}/services/sandbox_manager/main/cpp/include/database", @@ -65,6 +65,7 @@ ohos_unittest("libsandbox_manager_service_standard_test") { deps = [ "${sandbox_manager_path}/frameworks/sandbox_manager:sandbox_manager_communication_adapter_cxx", + "${sandbox_manager_path}/frameworks/sandbox_test_common:sandbox_test_common_source_set" "${sandbox_manager_path}/services/common:sandbox_manager_service_common", "${sandbox_manager_path}/services/sandbox_manager:sandbox_manager_service", ] diff --git a/services/sandbox_manager/test/unittest/sandbox_manager_service_test.cpp b/services/sandbox_manager/test/unittest/sandbox_manager_service_test.cpp index 387c5b3091a0dc5dec1a3dc895283944e2c5545e..2458a6a9240f603847f7fc2407fe408342af5e5d 100644 --- a/services/sandbox_manager/test/unittest/sandbox_manager_service_test.cpp +++ b/services/sandbox_manager/test/unittest/sandbox_manager_service_test.cpp @@ -36,6 +36,7 @@ #include "sandbox_manager_service.h" #undef private #include "sandboxmanager_service_ipc_interface_code.h" +#include "sandbox_test_common.h" #include "token_setproc.h" using namespace testing::ext; @@ -123,6 +124,8 @@ void SandboxManagerServiceTest::TearDownTestCase(void) void SandboxManagerServiceTest::SetUp(void) { + int mockRet = MockTokenId("foundation"); + EXPECT_NE(0, mockRet); sandboxManagerService_ = DelayedSingleton::GetInstance(); ASSERT_NE(nullptr, sandboxManagerService_);