From 99bf80593d2ab3484753dabc62221c9ba0e4469e Mon Sep 17 00:00:00 2001 From: y1585740638 Date: Mon, 8 Jul 2024 14:58:51 +0800 Subject: [PATCH] =?UTF-8?q?=E8=A1=A5=E5=85=85=E6=96=B0=E6=8E=A5=E5=8F=A3?= =?UTF-8?q?=E7=94=A8=E4=BE=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: y1585740638 Change-Id: I9d23a791ee7c08c7add8d39c8af9b2dae97d740d --- .../unittest/src/sandbox_manager_kit_test.cpp | 1236 +++++++++++++++-- .../unittest/policy_info_manager_test.cpp | 181 +-- .../unittest/sandbox_manager_service_test.cpp | 79 +- 3 files changed, 1134 insertions(+), 362 deletions(-) diff --git a/interfaces/innerkits/sandbox_manager/test/unittest/src/sandbox_manager_kit_test.cpp b/interfaces/innerkits/sandbox_manager/test/unittest/src/sandbox_manager_kit_test.cpp index b71bc71..81dcca9 100644 --- a/interfaces/innerkits/sandbox_manager/test/unittest/src/sandbox_manager_kit_test.cpp +++ b/interfaces/innerkits/sandbox_manager/test/unittest/src/sandbox_manager_kit_test.cpp @@ -16,6 +16,9 @@ #include "sandbox_manager_kit_test.h" #include +#include +#include +#include #include #include "access_token.h" #include "accesstoken_kit.h" @@ -32,6 +35,10 @@ #include "sandbox_manager_kit.h" #include "token_setproc.h" +#define HM_DEC_IOCTL_BASE 's' +#define HM_DENY_POLICY_ID 6 +#define DENY_DEC_POLICY_CMD _IOW(HM_DEC_IOCTL_BASE, HM_DENY_POLICY_ID, struct SandboxPolicyInfo) + using namespace testing::ext; namespace OHOS { @@ -40,7 +47,12 @@ namespace SandboxManager { namespace { const std::string SET_POLICY_PERMISSION = "ohos.permission.SET_SANDBOX_POLICY"; const std::string ACCESS_PERSIST_PERMISSION = "ohos.permission.FILE_ACCESS_PERSIST"; -uint64_t g_mockToken; +const Security::AccessToken::AccessTokenID INVALID_TOKENID = 0; +const uint64_t POLICY_VECTOR_SIZE_LIMIT = 500; +const int32_t FOUNDATION_UID = 5523; +const size_t MAX_POLICY_NUM = 32; +uint32_t g_selfTokenId; +uint32_t g_mockToken; Security::AccessToken::PermissionStateFull g_testState1 = { .permissionName = SET_POLICY_PERMISSION, .isGeneral = true, @@ -70,41 +82,46 @@ Security::AccessToken::HapPolicyParams g_testPolicyPrams = { }; }; -void NativeTokenGet() -{ - uint64_t fullTokenId; - const char **perms = new const char *[1]; - perms[0] = "ohos.permission.DISTRIBUTED_DATASYNC"; +struct PathInfo { + char *path = nullptr; + uint32_t pathLen = 0; + uint32_t mode = 0; + bool result = false; +}; - NativeTokenInfoParams infoInstance = { - .dcapsNum = 0, - .permsNum = 1, - .aclsNum = 0, - .dcaps = nullptr, - .perms = perms, - .acls = nullptr, - .aplStr = "system_core", - }; +struct SandboxPolicyInfo { + uint64_t tokenId = 0; + struct PathInfo pathInfos[MAX_POLICY_NUM]; + uint32_t pathNum = 0; + bool persist = false; +}; - infoInstance.processName = "TestCase"; - fullTokenId = GetAccessTokenId(&infoInstance); - EXPECT_EQ(0, SetSelfTokenID(fullTokenId)); - Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo(); - delete[] perms; +static void SetDeny(const std::string& path) +{ + struct PathInfo info; + string infoPath = path; + info.path = const_cast(infoPath.c_str()); + info.pathLen = infoPath.length(); + struct SandboxPolicyInfo policyInfo; + policyInfo.tokenId = g_mockToken; + policyInfo.pathInfos[0] = info; + policyInfo.pathNum = 1; + policyInfo.persist = true; + + auto fd = open("/dev/dec", O_RDWR); + if (fd < 0) { + std::cout << "fd open err" << std::endl; + return; + } + auto ret = ioctl(fd, DENY_DEC_POLICY_CMD, &policyInfo); + std::cout << "set deny ret: " << ret << std::endl; + close(fd); } - void SandboxManagerKitTest::SetUpTestCase() { - NativeTokenGet(); - Security::AccessToken::AccessTokenID tokenID = - Security::AccessToken::AccessTokenKit::GetNativeTokenId("foundation"); - EXPECT_NE(0, tokenID); - EXPECT_EQ(0, SetSelfTokenID(tokenID)); - Security::AccessToken::AccessTokenIDEx tokenIdEx = {0}; - tokenIdEx = Security::AccessToken::AccessTokenKit::AllocHapToken(g_testInfoParms, g_testPolicyPrams); - EXPECT_NE(0, tokenIdEx.tokenIdExStruct.tokenID); - g_mockToken = tokenIdEx.tokenIdExStruct.tokenID; - EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIdExStruct.tokenID)); + g_selfTokenId = GetSelfTokenID(); + SetDeny("/A"); + SetDeny("/C/D"); } void SandboxManagerKitTest::TearDownTestCase() @@ -114,10 +131,16 @@ void SandboxManagerKitTest::TearDownTestCase() void SandboxManagerKitTest::SetUp() { + Security::AccessToken::AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = Security::AccessToken::AccessTokenKit::AllocHapToken(g_testInfoParms, g_testPolicyPrams); + EXPECT_NE(0, tokenIdEx.tokenIdExStruct.tokenID); + g_mockToken = tokenIdEx.tokenIdExStruct.tokenID; + EXPECT_EQ(0, SetSelfTokenID(g_mockToken)); } void SandboxManagerKitTest::TearDown() { + EXPECT_EQ(0, SetSelfTokenID(g_selfTokenId)); } /** @@ -128,27 +151,36 @@ void SandboxManagerKitTest::TearDown() */ HWTEST_F(SandboxManagerKitTest, PersistPolicy003, TestSize.Level1) { - PolicyInfo info = { - .path = "/data/log", + std::vector policy; + uint64_t policyFlag = 1; + std::vector policyResult; + PolicyInfo infoParent = { + .path = "/A/B", .mode = OperateMode::READ_MODE }; - std::vector policy; - policy.emplace_back(info); - std::vector result; + policy.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicy(g_mockToken, policy, policyFlag, policyResult)); + ASSERT_EQ(1, policyResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, policyResult[0]); - ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::PersistPolicy(policy, result)); + std::vector result; + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policy, result)); ASSERT_EQ(1, result.size()); - EXPECT_EQ(OPERATE_SUCCESSFULLY, result[0]); + EXPECT_TRUE(result[0]); + + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::PersistPolicy(policy, policyResult)); + ASSERT_EQ(1, policyResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, policyResult[0]); std::vector checkResult1; - ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPersistPolicy(GetSelfTokenID(), policy, checkResult1)); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPersistPolicy(g_mockToken, policy, checkResult1)); EXPECT_EQ(true, checkResult1[0]); std::vector unPersistResult; ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::UnPersistPolicy(policy, unPersistResult)); std::vector checkResult2; - ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPersistPolicy(GetSelfTokenID(), policy, checkResult2)); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPersistPolicy(g_mockToken, policy, checkResult2)); ASSERT_EQ(false, checkResult2[0]); } @@ -161,18 +193,22 @@ HWTEST_F(SandboxManagerKitTest, PersistPolicy003, TestSize.Level1) HWTEST_F(SandboxManagerKitTest, PersistPolicyByTokenID001, TestSize.Level1) { PolicyInfo info = { - .path = "/data/log", + .path = "/A/B", .mode = OperateMode::READ_MODE }; + std::vector policyResult; + uint64_t policyFlag = 1; std::vector policy; policy.emplace_back(info); - std::vector result; const uint32_t tokenId = 123456; // 123456 is a mocked tokenid. + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicy(tokenId, policy, policyFlag, policyResult)); + ASSERT_EQ(1, policyResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, policyResult[0]); - ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::PersistPolicy(tokenId, policy, result)); - ASSERT_EQ(1, result.size()); - EXPECT_EQ(OPERATE_SUCCESSFULLY, result[0]); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::PersistPolicy(tokenId, policy, policyResult)); + ASSERT_EQ(1, policyResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, policyResult[0]); std::vector checkResult1; ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPersistPolicy(tokenId, policy, checkResult1)); @@ -193,7 +229,8 @@ HWTEST_F(SandboxManagerKitTest, PersistPolicyByTokenID001, TestSize.Level1) * @tc.require: */ HWTEST_F(SandboxManagerKitTest, PersistPolicy004, TestSize.Level1) -{ PolicyInfo info = { +{ + PolicyInfo info = { .path = "", .mode = OperateMode::WRITE_MODE }; @@ -205,7 +242,7 @@ HWTEST_F(SandboxManagerKitTest, PersistPolicy004, TestSize.Level1) EXPECT_EQ(1, result1.size()); EXPECT_EQ(INVALID_PATH, result1[0]); - info.path = "/data/log/"; + info.path = "/A/B/"; info.mode = 222221; // 222221 means invalid mode. policy.emplace_back(info); std::vector result2; @@ -214,60 +251,6 @@ HWTEST_F(SandboxManagerKitTest, PersistPolicy004, TestSize.Level1) EXPECT_EQ(INVALID_MODE, result2[1]); } -/** - * @tc.name: StartAccessingPolicy003 - * @tc.desc: StartAccessingPolicy without permission. - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(SandboxManagerKitTest, StartAccessingPolicy003, TestSize.Level1) -{ - PolicyInfo infoA = { - .path = "/data/log", - .mode = OperateMode::READ_MODE - }; - PolicyInfo infoB = { - .path = "/system/usr", - .mode = OperateMode::READ_MODE - }; - std::vector policy; - policy.emplace_back(infoA); - policy.emplace_back(infoB); - std::vector persistResult; - - ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::PersistPolicy(policy, persistResult)); - ASSERT_EQ(2, persistResult.size()); - EXPECT_EQ(OPERATE_SUCCESSFULLY, persistResult[0]); - EXPECT_EQ(OPERATE_SUCCESSFULLY, persistResult[1]); - - std::vector result1; - ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::StartAccessingPolicy(policy, result1)); - ASSERT_EQ(2, result1.size()); - EXPECT_EQ(OPERATE_SUCCESSFULLY, result1[0]); - EXPECT_EQ(OPERATE_SUCCESSFULLY, result1[1]); - - result1.clear(); - ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::StopAccessingPolicy(policy, result1)); - ASSERT_EQ(2, result1.size()); - EXPECT_EQ(OPERATE_SUCCESSFULLY, result1[0]); - EXPECT_EQ(OPERATE_SUCCESSFULLY, result1[1]); - - std::vector unPersistResult; - ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::UnPersistPolicy(policy, unPersistResult)); - - std::vector result2; - ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::StartAccessingPolicy(policy, result2)); - ASSERT_EQ(2, result2.size()); - EXPECT_EQ(POLICY_HAS_NOT_BEEN_PERSISTED, result2[0]); - EXPECT_EQ(POLICY_HAS_NOT_BEEN_PERSISTED, result2[1]); - - result2.clear(); - ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::StopAccessingPolicy(policy, result2)); - ASSERT_EQ(2, result2.size()); - EXPECT_EQ(POLICY_HAS_NOT_BEEN_PERSISTED, result2[0]); - EXPECT_EQ(POLICY_HAS_NOT_BEEN_PERSISTED, result2[1]); -} - /** * @tc.name: PersistPolicy005 * @tc.desc: PersistPolicy directory. @@ -277,17 +260,23 @@ HWTEST_F(SandboxManagerKitTest, StartAccessingPolicy003, TestSize.Level1) HWTEST_F(SandboxManagerKitTest, PersistPolicy005, TestSize.Level1) { PolicyInfo infoParent = { - .path = "/data/log", + .path = "/A/B", .mode = OperateMode::READ_MODE }; PolicyInfo infoSub = { - .path = "/data/log/hilog", + .path = "/A/B/C", .mode = OperateMode::READ_MODE }; + uint64_t policyFlag = 1; std::vector policyParent; policyParent.emplace_back(infoParent); std::vector persistResult; + + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicy(g_mockToken, policyParent, policyFlag, persistResult)); + ASSERT_EQ(1, persistResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, persistResult[0]); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::PersistPolicy(policyParent, persistResult)); EXPECT_EQ(1, persistResult.size()); EXPECT_EQ(OPERATE_SUCCESSFULLY, persistResult[0]); @@ -316,16 +305,22 @@ HWTEST_F(SandboxManagerKitTest, PersistPolicy005, TestSize.Level1) HWTEST_F(SandboxManagerKitTest, PersistPolicy006, TestSize.Level1) { PolicyInfo infoSub = { - .path = "/data/log/hilog", + .path = "/A/B/C", .mode = OperateMode::WRITE_MODE }; PolicyInfo infoParent = { - .path = "/data/log", + .path = "/A/B", .mode = OperateMode::WRITE_MODE }; + uint64_t policyFlag = 1; std::vector persistResult; std::vector policySub; policySub.emplace_back(infoSub); + + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicy(g_mockToken, policySub, policyFlag, persistResult)); + ASSERT_EQ(1, persistResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, persistResult[0]); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::PersistPolicy(policySub, persistResult)); EXPECT_EQ(1, persistResult.size()); EXPECT_EQ(OPERATE_SUCCESSFULLY, persistResult[0]); @@ -333,6 +328,11 @@ HWTEST_F(SandboxManagerKitTest, PersistPolicy006, TestSize.Level1) std::vector policyParent; policyParent.emplace_back(infoParent); persistResult.clear(); + + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicy(g_mockToken, policyParent, policyFlag, persistResult)); + ASSERT_EQ(1, persistResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, persistResult[0]); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::PersistPolicy(policyParent, persistResult)); EXPECT_EQ(1, persistResult.size()); EXPECT_EQ(OPERATE_SUCCESSFULLY, persistResult[0]); @@ -353,18 +353,25 @@ HWTEST_F(SandboxManagerKitTest, PersistPolicy006, TestSize.Level1) */ HWTEST_F(SandboxManagerKitTest, PersistPolicy007, TestSize.Level1) { - std::vector persistResult; std::vector policy; PolicyInfo infoSub = { - .path = "/data/log/hilog", + .path = "/A/B/C", .mode = OperateMode::WRITE_MODE }; PolicyInfo infoParent = { - .path = "/data/log", + .path = "/A/B", .mode = OperateMode::WRITE_MODE }; + uint64_t policyFlag = 1; policy.emplace_back(infoSub); policy.emplace_back(infoParent); + + std::vector persistResult; + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicy(g_mockToken, policy, policyFlag, persistResult)); + ASSERT_EQ(2, persistResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, persistResult[0]); + EXPECT_EQ(OPERATE_SUCCESSFULLY, persistResult[1]); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::PersistPolicy(policy, persistResult)); EXPECT_EQ(2, persistResult.size()); EXPECT_EQ(OPERATE_SUCCESSFULLY, persistResult[0]); @@ -397,18 +404,22 @@ HWTEST_F(SandboxManagerKitTest, PersistPolicy008, TestSize.Level1) std::vector policyParent; std::vector policySub; std::vector persistResult; - + uint64_t policyFlag = 1; PolicyInfo infoSub = { - .path = "/data/log/hilog", + .path = "/A/B/C", .mode = OperateMode::WRITE_MODE }; policySub.emplace_back(infoSub); PolicyInfo infoParent = { - .path = "/data/log", + .path = "/A/B", .mode = OperateMode::WRITE_MODE }; policyParent.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicy(g_mockToken, policyParent, policyFlag, persistResult)); + ASSERT_EQ(1, persistResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, persistResult[0]); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::PersistPolicy(policyParent, persistResult)); EXPECT_EQ(1, persistResult.size()); EXPECT_EQ(OPERATE_SUCCESSFULLY, persistResult[0]); @@ -435,15 +446,20 @@ HWTEST_F(SandboxManagerKitTest, PersistPolicy009, TestSize.Level1) std::vector policyParent; std::vector persistResult; PolicyInfo infoParent = { - .path = "/data/log", + .path = "/A/B", .mode = OperateMode::WRITE_MODE }; policyParent.emplace_back(infoParent); PolicyInfo infoSub = { - .path = "/data/log/hilog", + .path = "/A/B/C", .mode = OperateMode::WRITE_MODE }; policySub.emplace_back(infoSub); + uint64_t policyFlag = 1; + + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicy(g_mockToken, policySub, policyFlag, persistResult)); + ASSERT_EQ(1, persistResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, persistResult[0]); ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::PersistPolicy(policySub, persistResult)); EXPECT_EQ(1, persistResult.size()); @@ -473,20 +489,23 @@ HWTEST_F(SandboxManagerKitTest, PersistPolicy009, TestSize.Level1) */ HWTEST_F(SandboxManagerKitTest, PersistPolicy010, TestSize.Level1) { - std::vector policySub; std::vector policy; std::vector policyParent; std::vector persistResult; PolicyInfo infoParent = { - .path = "/data/log", + .path = "/A/B", .mode = OperateMode::WRITE_MODE }; policyParent.emplace_back(infoParent); PolicyInfo infoSub = { - .path = "/data/log/hilog", + .path = "/A/B/C", .mode = OperateMode::WRITE_MODE }; - policySub.emplace_back(infoSub); + uint64_t policyFlag = 1; + + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicy(g_mockToken, policyParent, policyFlag, persistResult)); + ASSERT_EQ(1, persistResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, persistResult[0]); ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::PersistPolicy(policyParent, persistResult)); EXPECT_EQ(1, persistResult.size()); @@ -517,18 +536,21 @@ HWTEST_F(SandboxManagerKitTest, PersistPolicy011, TestSize.Level1) { std::vector policy; std::vector policySub; - std::vector policyParent; std::vector persistResult; PolicyInfo infoParent = { - .path = "/data/log", + .path = "/A/B", .mode = OperateMode::WRITE_MODE }; PolicyInfo infoSub = { - .path = "/data/log/hilog", + .path = "/A/B/C", .mode = OperateMode::WRITE_MODE }; - policyParent.emplace_back(infoParent); policySub.emplace_back(infoSub); + uint64_t policyFlag = 1; + + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicy(g_mockToken, policySub, policyFlag, persistResult)); + ASSERT_EQ(1, persistResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, persistResult[0]); ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::PersistPolicy(policySub, persistResult)); EXPECT_EQ(1, persistResult.size()); @@ -550,34 +572,38 @@ HWTEST_F(SandboxManagerKitTest, PersistPolicy011, TestSize.Level1) } /** - * @tc.name: PersistPolicy009 + * @tc.name: PersistPolicy012 * @tc.desc: PersistPolicy directory. * @tc.type: FUNC * @tc.require: */ HWTEST_F(SandboxManagerKitTest, PersistPolicy012, TestSize.Level1) { - std::vector policySub; std::vector policy; - std::vector policyParent; std::vector persistResult; PolicyInfo infoParent = { - .path = "/data/log", + .path = "/A/B", .mode = OperateMode::WRITE_MODE }; - policyParent.emplace_back(infoParent); PolicyInfo infoSub = { - .path = "/data/log/hilog", + .path = "/A/B/C", .mode = OperateMode::WRITE_MODE }; - policySub.emplace_back(infoSub); - - ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::PersistPolicy(policyParent, persistResult)); - EXPECT_EQ(1, persistResult.size()); - EXPECT_EQ(OPERATE_SUCCESSFULLY, persistResult[0]); policy.emplace_back(infoSub); policy.emplace_back(infoParent); + uint64_t policyFlag = 1; + + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicy(g_mockToken, policy, policyFlag, persistResult)); + ASSERT_EQ(2, persistResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, persistResult[0]); + EXPECT_EQ(OPERATE_SUCCESSFULLY, persistResult[1]); + + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::PersistPolicy(policy, persistResult)); + EXPECT_EQ(2, persistResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, persistResult[0]); + EXPECT_EQ(OPERATE_SUCCESSFULLY, persistResult[1]); + std::vector startResult; ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::StopAccessingPolicy(policy, startResult)); EXPECT_EQ(2, startResult.size()); @@ -588,7 +614,7 @@ HWTEST_F(SandboxManagerKitTest, PersistPolicy012, TestSize.Level1) ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::UnPersistPolicy(policy, unPersistResult)); EXPECT_EQ(2, unPersistResult.size()); EXPECT_EQ(OPERATE_SUCCESSFULLY, unPersistResult[1]); - EXPECT_EQ(POLICY_HAS_NOT_BEEN_PERSISTED, unPersistResult[0]); + EXPECT_EQ(OPERATE_SUCCESSFULLY, unPersistResult[0]); } /** @@ -604,15 +630,20 @@ HWTEST_F(SandboxManagerKitTest, PersistPolicy013, TestSize.Level1) std::vector policyParent; std::vector persistResult; PolicyInfo infoParent = { - .path = "/data/log", + .path = "/A/B", .mode = OperateMode::WRITE_MODE }; PolicyInfo infoSub = { - .path = "/data/log/hilog", + .path = "/A/B/C", .mode = OperateMode::WRITE_MODE }; policyParent.emplace_back(infoParent); policySub.emplace_back(infoSub); + uint64_t policyFlag = 1; + + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicy(g_mockToken, policySub, policyFlag, persistResult)); + ASSERT_EQ(1, persistResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, persistResult[0]); ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::PersistPolicy(policySub, persistResult)); EXPECT_EQ(1, persistResult.size()); @@ -646,7 +677,7 @@ HWTEST_F(SandboxManagerKitTest, PersistPolicy014, TestSize.Level1) std::vector result; uint64_t policyFlag = 0; std::vector flag; - PolicyInfo infoParent = {.path = "/data/log", .mode = OperateMode::WRITE_MODE}; + PolicyInfo infoParent = {.path = "/A/B", .mode = OperateMode::WRITE_MODE}; EXPECT_EQ(INVALID_PARAMTER, SandboxManagerKit::PersistPolicy(tokenId, policy, result)); EXPECT_EQ(SandboxManagerErrCode::INVALID_PARAMTER, SandboxManagerKit::UnPersistPolicy(tokenId, policy, result)); EXPECT_EQ(SandboxManagerErrCode::INVALID_PARAMTER, @@ -673,7 +704,7 @@ HWTEST_F(SandboxManagerKitTest, PersistPolicy014, TestSize.Level1) SandboxManagerKit::SetPolicy(tokenId, policy, policyFlag, result)); EXPECT_NE(SandboxManagerErrCode::INVALID_PARAMTER, SandboxManagerKit::CheckPersistPolicy(tokenId, policy, flag)); - for (int i = 0; i < 500; i++) { + for (int i = 0; i < POLICY_VECTOR_SIZE_LIMIT; i++) { policy.emplace_back(infoParent); } tokenId = 0; @@ -692,7 +723,7 @@ HWTEST_F(SandboxManagerKitTest, PersistPolicy014, TestSize.Level1) /** * @tc.name: PersistPolicy015 - * @tc.desc: add test. + * @tc.desc: PersistPolicy directory. * @tc.type: FUNC * @tc.require: */ @@ -703,13 +734,936 @@ HWTEST_F(SandboxManagerKitTest, PersistPolicy015, TestSize.Level1) std::vector result; uint64_t policyFlag = 0; std::vector flag; - PolicyInfo infoParent = {.path = "/data/log", .mode = OperateMode::WRITE_MODE}; + PolicyInfo infoParent = {.path = "/A/B", .mode = OperateMode::WRITE_MODE}; EXPECT_EQ(INVALID_PARAMTER, SandboxManagerKit::SetPolicy(tokenId, policy, policyFlag, result)); EXPECT_EQ(INVALID_PARAMTER, SandboxManagerKit::SetPolicyAsync(tokenId, policy, policyFlag)); EXPECT_EQ(INVALID_PARAMTER, SandboxManagerKit::UnSetPolicy(tokenId, infoParent)); EXPECT_EQ(INVALID_PARAMTER, SandboxManagerKit::UnSetPolicyAsync(tokenId, infoParent)); EXPECT_EQ(INVALID_PARAMTER, SandboxManagerKit::CheckPolicy(tokenId, policy, flag)); } -} //SandboxManager -} //AccessControl + +/** + * @tc.name: CheckPolicyTest001 + * @tc.desc: Check allowed policy + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SandboxManagerKitTest, CheckPolicyTest001, TestSize.Level1) +{ + std::vector policyA; + uint64_t policyFlag = 0; + std::vector policyResult; + PolicyInfo infoParent = { + .path = "/A/B", + .mode = OperateMode::READ_MODE | OperateMode::WRITE_MODE + }; + policyA.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicy(g_mockToken, policyA, policyFlag, policyResult)); + ASSERT_EQ(1, policyResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, policyResult[0]); + + std::vector result; + infoParent.mode = OperateMode::READ_MODE; + std::vector policyB; + policyB.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policyB, result)); + ASSERT_EQ(1, result.size()); + EXPECT_TRUE(result[0]); + + infoParent.mode = OperateMode::WRITE_MODE; + std::vector policyC; + policyC.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policyC, result)); + ASSERT_EQ(1, result.size()); + EXPECT_TRUE(result[0]); + + infoParent.mode = OperateMode::READ_MODE | OperateMode::WRITE_MODE; + std::vector policyD; + policyD.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policyD, result)); + ASSERT_EQ(1, result.size()); + EXPECT_TRUE(result[0]); + + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::UnSetPolicy(g_mockToken, policyA[0])); +} + +/** + * @tc.name: CheckPolicyTest002 + * @tc.desc: Check allowed policy + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SandboxManagerKitTest, CheckPolicyTest002, TestSize.Level1) +{ + std::vector policyA; + uint64_t policyFlag = 0; + std::vector policyResult; + PolicyInfo infoParent = { + .path = "/A/B", + .mode = OperateMode::READ_MODE | OperateMode::WRITE_MODE + }; + policyA.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicy(g_mockToken, policyA, policyFlag, policyResult)); + ASSERT_EQ(1, policyResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, policyResult[0]); + + std::vector result; + infoParent.path = "/A/B/C"; + infoParent.mode = OperateMode::READ_MODE; + std::vector policyE; + policyE.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policyE, result)); + ASSERT_EQ(1, result.size()); + EXPECT_TRUE(result[0]); + + infoParent.mode = OperateMode::WRITE_MODE; + std::vector policyF; + policyF.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policyF, result)); + ASSERT_EQ(1, result.size()); + EXPECT_TRUE(result[0]); + + infoParent.mode = OperateMode::READ_MODE | OperateMode::WRITE_MODE; + std::vector policyG; + policyG.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policyG, result)); + ASSERT_EQ(1, result.size()); + EXPECT_TRUE(result[0]); + + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::UnSetPolicy(g_mockToken, policyA[0])); +} + +/** + * @tc.name: CheckPolicyTest003 + * @tc.desc: Check parent directory policy with r+w + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SandboxManagerKitTest, CheckPolicyTest003, TestSize.Level1) +{ + std::vector policyA; + uint64_t policyFlag = 1; + std::vector policyResult; + PolicyInfo infoParent = { + .path = "/A/B", + .mode = OperateMode::READ_MODE | OperateMode::WRITE_MODE + }; + policyA.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicy(g_mockToken, policyA, policyFlag, policyResult)); + ASSERT_EQ(1, policyResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, policyResult[0]); + + std::vector result; + infoParent.path = "/A", + infoParent.mode = OperateMode::READ_MODE; + std::vector policyB; + policyB.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policyB, result)); + ASSERT_EQ(1, result.size()); + EXPECT_FALSE(result[0]); + + infoParent.mode = OperateMode::WRITE_MODE; + std::vector policyC; + policyC.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policyC, result)); + ASSERT_EQ(1, result.size()); + EXPECT_FALSE(result[0]); + + infoParent.mode = OperateMode::READ_MODE | OperateMode::WRITE_MODE; + std::vector policyD; + policyD.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policyD, result)); + ASSERT_EQ(1, result.size()); + EXPECT_FALSE(result[0]); + + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::UnSetPolicy(g_mockToken, policyA[0])); +} + +/** + * @tc.name: CheckPolicyTest004 + * @tc.desc: Check parent directory policy with r + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SandboxManagerKitTest, CheckPolicyTest004, TestSize.Level1) +{ + std::vector policyA; + uint64_t policyFlag = 1; + std::vector policyResult; + PolicyInfo infoParent = { + .path = "/A/B", + .mode = OperateMode::READ_MODE + }; + policyA.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicy(g_mockToken, policyA, policyFlag, policyResult)); + ASSERT_EQ(1, policyResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, policyResult[0]); + + std::vector result; + infoParent.mode = OperateMode::READ_MODE; + std::vector policyB; + policyB.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policyB, result)); + ASSERT_EQ(1, result.size()); + EXPECT_TRUE(result[0]); + + infoParent.mode = OperateMode::WRITE_MODE; + std::vector policyC; + policyC.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policyC, result)); + ASSERT_EQ(1, result.size()); + EXPECT_FALSE(result[0]); + + infoParent.mode = OperateMode::READ_MODE | OperateMode::WRITE_MODE; + std::vector policyD; + policyD.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policyD, result)); + ASSERT_EQ(1, result.size()); + EXPECT_FALSE(result[0]); + + infoParent.path = "/A/B/C"; + infoParent.mode = OperateMode::READ_MODE; + std::vector policyE; + policyE.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policyE, result)); + ASSERT_EQ(1, result.size()); + EXPECT_TRUE(result[0]); + + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::UnSetPolicy(g_mockToken, policyA[0])); +} + +/** + * @tc.name: CheckPolicyTest005 + * @tc.desc: Check parent directory policy with w + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SandboxManagerKitTest, CheckPolicyTest005, TestSize.Level1) +{ + std::vector policyA; + uint64_t policyFlag = 1; + std::vector policyResult; + PolicyInfo infoParent = { + .path = "/A/B", + .mode = OperateMode::WRITE_MODE + }; + policyA.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicy(g_mockToken, policyA, policyFlag, policyResult)); + ASSERT_EQ(1, policyResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, policyResult[0]); + + std::vector result; + infoParent.mode = OperateMode::READ_MODE; + std::vector policyB; + policyB.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policyB, result)); + ASSERT_EQ(1, result.size()); + EXPECT_FALSE(result[0]); + + infoParent.mode = OperateMode::WRITE_MODE; + std::vector policyC; + policyC.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policyC, result)); + ASSERT_EQ(1, result.size()); + EXPECT_TRUE(result[0]); + + infoParent.mode = OperateMode::READ_MODE | OperateMode::WRITE_MODE; + std::vector policyD; + policyD.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policyD, result)); + ASSERT_EQ(1, result.size()); + EXPECT_FALSE(result[0]); + + infoParent.path = "/A/B/C"; + infoParent.mode = OperateMode::WRITE_MODE; + std::vector policyE; + policyE.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policyE, result)); + ASSERT_EQ(1, result.size()); + EXPECT_TRUE(result[0]); + + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::UnSetPolicy(g_mockToken, policyA[0])); +} + +/** + * @tc.name: CheckPolicyTest006 + * @tc.desc: Check parent directory policy with w + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SandboxManagerKitTest, CheckPolicyTest006, TestSize.Level1) +{ + std::vector policyA; + uint64_t policyFlag = 1; + std::vector policyResult; + PolicyInfo infoParentA = { + .path = "/A/B", + .mode = OperateMode::WRITE_MODE + }; + PolicyInfo infoParentB = { + .path = "/A/B/C", + .mode = OperateMode::WRITE_MODE + }; + PolicyInfo infoParentC = { + .path = "/C/D", + .mode = OperateMode::WRITE_MODE + }; + policyA.emplace_back(infoParentA); + policyA.emplace_back(infoParentB); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicy(g_mockToken, policyA, policyFlag, policyResult)); + ASSERT_EQ(2, policyResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, policyResult[0]); + EXPECT_EQ(OPERATE_SUCCESSFULLY, policyResult[1]); + + std::vector result; + std::vector policyB; + policyB.emplace_back(infoParentA); + policyB.emplace_back(infoParentB); + policyB.emplace_back(infoParentC); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policyB, result)); + ASSERT_EQ(3, result.size()); + EXPECT_TRUE(result[0]); + EXPECT_TRUE(result[1]); + EXPECT_FALSE(result[2]); +} + +/** + * @tc.name: CheckPolicyTest007 + * @tc.desc: Check allowed policy with invalid tokenID + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SandboxManagerKitTest, CheckPolicyTest007, TestSize.Level1) +{ + std::vector policy; + uint64_t policyFlag = 1; + std::vector policyResult; + PolicyInfo infoParent = { + .path = "/A/B", + .mode = OperateMode::READ_MODE + }; + policy.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicy(g_mockToken, policy, policyFlag, policyResult)); + ASSERT_EQ(1, policyResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, policyResult[0]); + + std::vector result; + ASSERT_EQ(SandboxManagerErrCode::INVALID_PARAMTER, SandboxManagerKit::CheckPolicy(INVALID_TOKENID, policy, result)); + EXPECT_EQ(0, result.size()); + + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_selfTokenId, policy, result)); + EXPECT_EQ(1, result.size()); + EXPECT_FALSE(result[0]); + + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::UnSetPolicy(g_mockToken, policy[0])); +} + +/** + * @tc.name: CheckPolicyTest008 + * @tc.desc: Check allowed policy with invalid policy + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SandboxManagerKitTest, CheckPolicyTest008, TestSize.Level1) +{ + std::vector policyA; + std::vector result; + PolicyInfo infoParent = { + .path = "/A/B", + .mode = OperateMode::READ_MODE + }; + policyA.emplace_back(infoParent); + for (int i = 0; i < POLICY_VECTOR_SIZE_LIMIT; i++) { + policyA.emplace_back(infoParent); + } + EXPECT_EQ(SandboxManagerErrCode::INVALID_PARAMTER, + SandboxManagerKit::CheckPolicy(g_mockToken, policyA, result)); + EXPECT_EQ(0, result.size()); + + PolicyInfo infoParent1 = { + .path = "/A/B", + .mode = OperateMode::READ_MODE + }; + for (int i = 0; i < 100; i++) { + infoParent1.path += "/A/B/C"; + } + std::vector policyB; + policyB.emplace_back(infoParent1); + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policyB, result)); + EXPECT_EQ(1, result.size()); + EXPECT_FALSE(result[0]); + + std::vector policyC; + infoParent.mode = 0; + policyC.emplace_back(infoParent); + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policyC, result)); + ASSERT_EQ(1, result.size()); + EXPECT_FALSE(result[0]); + + std::vector policyD; + // err mode number + infoParent.mode = OperateMode::WRITE_MODE + OperateMode::WRITE_MODE; + policyD.emplace_back(infoParent); + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policyD, result)); + ASSERT_EQ(1, result.size()); + EXPECT_FALSE(result[0]); +} + +/** + * @tc.name: UnSetPolicyTest001 + * @tc.desc: Unset policy with invalid tokenID + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SandboxManagerKitTest, UnSetPolicyTest001, TestSize.Level1) +{ + std::vector policy; + uint64_t policyFlag = 1; + std::vector policyResult; + PolicyInfo infoParent = { + .path = "/A/B", + .mode = OperateMode::READ_MODE | OperateMode::WRITE_MODE + }; + policy.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicy(g_mockToken, policy, policyFlag, policyResult)); + ASSERT_EQ(1, policyResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, policyResult[0]); + + EXPECT_EQ(SandboxManagerErrCode::INVALID_PARAMTER, SandboxManagerKit::UnSetPolicy(INVALID_TOKENID, policy[0])); + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::UnSetPolicy(g_selfTokenId, policy[0])); + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::UnSetPolicy(g_mockToken, policy[0])); +} + +/** + * @tc.name: UnSetPolicyTest002 + * @tc.desc: Unset allowed policy + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SandboxManagerKitTest, UnSetPolicyTest002, TestSize.Level1) +{ + std::vector policy; + uint64_t policyFlag = 1; + std::vector policyResult; + PolicyInfo infoParent = { + .path = "/A/B", + .mode = OperateMode::READ_MODE | OperateMode::WRITE_MODE + }; + policy.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicy(g_mockToken, policy, policyFlag, policyResult)); + ASSERT_EQ(1, policyResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, policyResult[0]); + + std::vector result; + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policy, result)); + ASSERT_EQ(1, result.size()); + EXPECT_TRUE(result[0]); + + std::vector retType; + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::PersistPolicy(g_mockToken, policy, retType)); + ASSERT_EQ(1, retType.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, retType[0]); + + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::UnSetPolicy(g_mockToken, policy[0])); + + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policy, result)); + ASSERT_EQ(1, result.size()); + EXPECT_FALSE(result[0]); + + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::StartAccessingPolicy(policy, retType)); + ASSERT_EQ(1, retType.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, retType[0]); + + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policy, result)); + ASSERT_EQ(1, result.size()); + EXPECT_TRUE(result[0]); + + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::UnSetPolicy(g_mockToken, policy[0])); +} + +/** + * @tc.name: UnSetPolicyTest003 + * @tc.desc: Unset parent policy + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SandboxManagerKitTest, UnSetPolicyTest003, TestSize.Level1) +{ + std::vector policyA; + uint64_t policyFlag = 1; + std::vector policyResult; + PolicyInfo infoParent = { + .path = "/A/B", + .mode = OperateMode::READ_MODE | OperateMode::WRITE_MODE + }; + policyA.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicy(g_mockToken, policyA, policyFlag, policyResult)); + ASSERT_EQ(1, policyResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, policyResult[0]); + + std::vector result; + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policyA, result)); + ASSERT_EQ(1, result.size()); + EXPECT_TRUE(result[0]); + + infoParent.path = "/A"; + std::vector policyB; + policyB.emplace_back(infoParent); + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::UnSetPolicy(g_mockToken, policyB[0])); + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::UnSetPolicy(g_mockToken, policyA[0])); +} + +/** + * @tc.name: UnSetPolicyTest004 + * @tc.desc: Unset policy without permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SandboxManagerKitTest, UnSetPolicyTest004, TestSize.Level1) +{ + std::vector policy; + uint64_t policyFlag = 1; + std::vector policyResult; + PolicyInfo infoParent = { + .path = "/A/B", + .mode = OperateMode::READ_MODE | OperateMode::WRITE_MODE + }; + policy.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicy(g_mockToken, policy, policyFlag, policyResult)); + ASSERT_EQ(1, policyResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, policyResult[0]); + + std::vector result; + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policy, result)); + ASSERT_EQ(1, result.size()); + EXPECT_TRUE(result[0]); + + ASSERT_EQ(0, SetSelfTokenID(g_selfTokenId)); + EXPECT_EQ(PERMISSION_DENIED, SandboxManagerKit::UnSetPolicy(g_mockToken, policy[0])); + ASSERT_EQ(0, SetSelfTokenID(g_mockToken)); + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::UnSetPolicy(g_mockToken, policy[0])); +} + +/** + * @tc.name: PolicyAsyncTest001 + * @tc.desc: Set/Unset policy with invalid tokenID + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SandboxManagerKitTest, PolicyAsyncTest001, TestSize.Level1) +{ + std::vector policy; + uint64_t policyFlag = 1; + PolicyInfo infoParent = { + .path = "/A/B", + .mode = OperateMode::READ_MODE | OperateMode::WRITE_MODE + }; + policy.emplace_back(infoParent); + ASSERT_EQ(SandboxManagerErrCode::INVALID_PARAMTER, + SandboxManagerKit::SetPolicyAsync(INVALID_TOKENID, policy, policyFlag)); + + EXPECT_EQ(SandboxManagerErrCode::INVALID_PARAMTER, + SandboxManagerKit::UnSetPolicyAsync(INVALID_TOKENID, policy[0])); + + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicyAsync(g_selfTokenId, policy, policyFlag)); + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::UnSetPolicyAsync(g_selfTokenId, policy[0])); +} + +/** + * @tc.name: PolicyAsyncTest002 + * @tc.desc: Set/Unset allowed policy + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SandboxManagerKitTest, PolicyAsyncTest002, TestSize.Level1) +{ + std::vector policy; + uint64_t policyFlag = 1; + PolicyInfo infoParent = { + .path = "/A/B", + .mode = OperateMode::READ_MODE | OperateMode::WRITE_MODE + }; + policy.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicyAsync(g_mockToken, policy, policyFlag)); + sleep(1); + std::vector result; + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policy, result)); + ASSERT_EQ(1, result.size()); + EXPECT_TRUE(result[0]); + + std::vector retType; + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::PersistPolicy(g_mockToken, policy, retType)); + ASSERT_EQ(1, retType.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, retType[0]); + + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::UnSetPolicyAsync(g_mockToken, policy[0])); + sleep(1); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policy, result)); + ASSERT_EQ(1, result.size()); + EXPECT_FALSE(result[0]); + + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::StartAccessingPolicy(policy, retType)); + ASSERT_EQ(1, retType.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, retType[0]); + + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policy, result)); + ASSERT_EQ(1, result.size()); + EXPECT_TRUE(result[0]); + + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::UnSetPolicyAsync(g_mockToken, policy[0])); +} + +/** + * @tc.name: PolicyAsyncTest003 + * @tc.desc: Set/UnSet parent policy + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SandboxManagerKitTest, PolicyAsyncTest003, TestSize.Level1) +{ + std::vector policy; + uint64_t policyFlag = 1; + PolicyInfo infoParent = { + .path = "/A/B", + .mode = OperateMode::READ_MODE | OperateMode::WRITE_MODE + }; + policy.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicyAsync(g_mockToken, policy, policyFlag)); + sleep(1); + std::vector result; + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policy, result)); + ASSERT_EQ(1, result.size()); + EXPECT_TRUE(result[0]); + + infoParent.path = "/A"; + std::vector policyB; + policyB.emplace_back(infoParent); + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::UnSetPolicyAsync(g_mockToken, policyB[0])); +} + +/** + * @tc.name: PolicyAsyncTest004 + * @tc.desc: Set/UnSet policy without permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SandboxManagerKitTest, PolicyAsyncTest004, TestSize.Level1) +{ + std::vector policy; + uint64_t policyFlag = 1; + PolicyInfo infoParent = { + .path = "/A/B", + .mode = OperateMode::READ_MODE | OperateMode::WRITE_MODE + }; + policy.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicyAsync(g_mockToken, policy, policyFlag)); + sleep(1); + std::vector result; + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policy, result)); + ASSERT_EQ(1, result.size()); + EXPECT_TRUE(result[0]); + + ASSERT_EQ(0, SetSelfTokenID(g_selfTokenId)); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicyAsync(g_mockToken, policy, policyFlag)); + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::UnSetPolicyAsync(g_mockToken, policy[0])); + ASSERT_EQ(0, SetSelfTokenID(g_mockToken)); + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::UnSetPolicyAsync(g_mockToken, policy[0])); +} + +/** + * @tc.name: CleanPersistPolicyByPathTest001 + * @tc.desc: Clean persist policy by path + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SandboxManagerKitTest, CleanPersistPolicyByPathTest001, TestSize.Level1) +{ + std::vector policy; + uint64_t policyFlag = 1; + std::vector policyResult; + PolicyInfo infoParent = { + .path = "/A/B", + .mode = OperateMode::READ_MODE | OperateMode::WRITE_MODE + }; + policy.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicy(g_mockToken, policy, policyFlag, policyResult)); + ASSERT_EQ(1, policyResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, policyResult[0]); + + std::vector retType; + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::PersistPolicy(g_mockToken, policy, retType)); + ASSERT_EQ(1, retType.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, retType[0]); + + std::vector result; + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policy, result)); + ASSERT_EQ(1, result.size()); + EXPECT_TRUE(result[0]); + + Security::AccessToken::AccessTokenID tokenID = + Security::AccessToken::AccessTokenKit::GetNativeTokenId("file_manager_service"); + EXPECT_NE(0, tokenID); + EXPECT_EQ(0, SetSelfTokenID(tokenID)); + + std::vector filePaths; + filePaths.emplace_back(infoParent.path); + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CleanPersistPolicyByPath(filePaths)); + sleep(1); + std::vector result1; + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policy, result1)); + ASSERT_EQ(1, result1.size()); + EXPECT_FALSE(result1[0]); + + std::vector result2; + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPersistPolicy(g_mockToken, policy, result2)); + ASSERT_EQ(1, result2.size()); + EXPECT_FALSE(result2[0]); +} + +/** + * @tc.name: CleanPersistPolicyByPathTest002 + * @tc.desc: Clean child persist policy by path + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SandboxManagerKitTest, CleanPersistPolicyByPathTest002, TestSize.Level1) +{ + std::vector policy; + uint64_t policyFlag = 1; + std::vector policyResult; + PolicyInfo infoParent = { + .path = "/A/B", + .mode = OperateMode::READ_MODE | OperateMode::WRITE_MODE + }; + policy.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicy(g_mockToken, policy, policyFlag, policyResult)); + ASSERT_EQ(1, policyResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, policyResult[0]); + + std::vector result; + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policy, result)); + ASSERT_EQ(1, result.size()); + EXPECT_TRUE(result[0]); + + std::vector retType; + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::PersistPolicy(g_mockToken, policy, retType)); + ASSERT_EQ(1, retType.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, retType[0]); + + infoParent.path = "/A/B/C"; + std::vector policyB; + policyB.emplace_back(infoParent); + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::PersistPolicy(g_mockToken, policyB, retType)); + ASSERT_EQ(1, retType.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, retType[0]); + + Security::AccessToken::AccessTokenID tokenID = + Security::AccessToken::AccessTokenKit::GetNativeTokenId("file_manager_service"); + EXPECT_NE(0, tokenID); + EXPECT_EQ(0, SetSelfTokenID(tokenID)); + + std::vector filePaths; + infoParent.path = "/A/B"; + filePaths.emplace_back(infoParent.path); + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CleanPersistPolicyByPath(filePaths)); + sleep(1); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policy, result)); + ASSERT_EQ(1, result.size()); + EXPECT_FALSE(result[0]); + + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPersistPolicy(g_mockToken, policy, result)); + ASSERT_EQ(1, result.size()); + EXPECT_FALSE(result[0]); + + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPersistPolicy(g_mockToken, policyB, result)); + ASSERT_EQ(1, result.size()); + EXPECT_FALSE(result[0]); +} + +/** + * @tc.name: CleanPersistPolicyByPathTest003 + * @tc.desc: Clean child persist policy by path + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SandboxManagerKitTest, CleanPersistPolicyByPathTest003, TestSize.Level1) +{ + std::vector policy; + uint64_t policyFlag = 1; + std::vector policyResult; + PolicyInfo infoParent = { + .path = "/A/B", + .mode = OperateMode::READ_MODE | OperateMode::WRITE_MODE + }; + policy.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicy(g_mockToken, policy, policyFlag, policyResult)); + ASSERT_EQ(1, policyResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, policyResult[0]); + + std::vector result; + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policy, result)); + ASSERT_EQ(1, result.size()); + EXPECT_TRUE(result[0]); + + std::vector retType; + infoParent.path = "/A/B/C"; + std::vector policyB; + policyB.emplace_back(infoParent); + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::PersistPolicy(g_mockToken, policyB, retType)); + ASSERT_EQ(1, retType.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, retType[0]); + + Security::AccessToken::AccessTokenID tokenID = + Security::AccessToken::AccessTokenKit::GetNativeTokenId("file_manager_service"); + EXPECT_NE(0, tokenID); + EXPECT_EQ(0, SetSelfTokenID(tokenID)); + + std::vector filePaths; + filePaths.emplace_back(infoParent.path); + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CleanPersistPolicyByPath(filePaths)); + sleep(1); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policyB, result)); + ASSERT_EQ(1, result.size()); + EXPECT_TRUE(result[0]); + + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPersistPolicy(g_mockToken, policyB, result)); + ASSERT_EQ(1, result.size()); + EXPECT_FALSE(result[0]); + + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPersistPolicy(g_mockToken, policy, result)); + ASSERT_EQ(1, result.size()); + EXPECT_FALSE(result[0]); +} + +/** + * @tc.name: CleanPersistPolicyByPathTest004 + * @tc.desc: Clean persist policy by path with invalid path + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SandboxManagerKitTest, CleanPersistPolicyByPathTest004, TestSize.Level1) +{ + std::string filePath = "/A/B"; + std::vector filePaths; + for (int i = 0; i < POLICY_VECTOR_SIZE_LIMIT; i++) { + filePaths.emplace_back(filePath); + } + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CleanPersistPolicyByPath(filePaths)); +} + +/** + * @tc.name: CleanPersistPolicyByPathTest005 + * @tc.desc: Clean persist policy by path with invalid path + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SandboxManagerKitTest, CleanPersistPolicyByPathTest005, TestSize.Level1) +{ + std::vector policy; + uint64_t policyFlag = 1; + std::vector policyResult; + PolicyInfo infoParent = { + .path = "/A/B", + .mode = OperateMode::READ_MODE | OperateMode::WRITE_MODE + }; + policy.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicy(g_mockToken, policy, policyFlag, policyResult)); + ASSERT_EQ(1, policyResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, policyResult[0]); + + std::vector result; + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policy, result)); + ASSERT_EQ(1, result.size()); + EXPECT_TRUE(result[0]); + + std::vector retType; + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::PersistPolicy(g_mockToken, policy, retType)); + ASSERT_EQ(1, retType.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, retType[0]); + + std::vector filePaths; + filePaths.emplace_back(infoParent.path); + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CleanPersistPolicyByPath(filePaths)); + ASSERT_EQ(0, SetSelfTokenID(g_mockToken)); + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CleanPersistPolicyByPath(filePaths)); +} + +/** + * @tc.name: StartAccessingByTokenIdTest001 + * @tc.desc: Start accessing by invalid tokenId + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SandboxManagerKitTest, StartAccessingByTokenIdTest001, TestSize.Level1) +{ + EXPECT_EQ(SandboxManagerErrCode::INVALID_PARAMTER, SandboxManagerKit::StartAccessingByTokenId(0)); +} + +/** + * @tc.name: StartAccessingByTokenIdTest002 + * @tc.desc: Start accessing without permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SandboxManagerKitTest, StartAccessingByTokenIdTest002, TestSize.Level1) +{ + ASSERT_EQ(0, SetSelfTokenID(g_selfTokenId)); + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::StartAccessingByTokenId(g_selfTokenId)); +} + +/** + * @tc.name: StartAccessingByTokenIdTest003 + * @tc.desc: Start accessing by tokenID + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SandboxManagerKitTest, StartAccessingByTokenIdTest003, TestSize.Level1) +{ + std::vector policyA; + uint64_t policyFlag = 1; + std::vector policyResult; + PolicyInfo infoParentA = { + .path = "/A/B", + .mode = OperateMode::READ_MODE | OperateMode::WRITE_MODE + }; + policyA.emplace_back(infoParentA); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicy(g_mockToken, policyA, policyFlag, policyResult)); + ASSERT_EQ(1, policyResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, policyResult[0]); + + std::vector result; + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policyA, result)); + ASSERT_EQ(1, result.size()); + EXPECT_TRUE(result[0]); + int32_t uid = getuid(); + setuid(FOUNDATION_UID); + std::vector retType; + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::PersistPolicy(g_mockToken, policyA, retType)); + ASSERT_EQ(1, retType.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, retType[0]); + + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::UnSetPolicy(g_mockToken, policyA[0])); + + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::StartAccessingByTokenId(g_mockToken)); + sleep(1); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policyA, result)); + ASSERT_EQ(1, result.size()); + EXPECT_TRUE(result[0]); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPersistPolicy(g_mockToken, policyA, result)); + ASSERT_EQ(1, result.size()); + EXPECT_TRUE(result[0]); + + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::UnSetPolicy(g_mockToken, policyA[0])); + setuid(uid); + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::StartAccessingByTokenId(g_mockToken)); + sleep(1); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policyA, result)); + ASSERT_EQ(1, result.size()); + EXPECT_FALSE(result[0]); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPersistPolicy(g_mockToken, policyA, result)); + ASSERT_EQ(1, result.size()); + EXPECT_TRUE(result[0]); +} +} // SandboxManager +} // AccessControl } // OHOS \ No newline at end of file diff --git a/services/sandbox_manager/test/unittest/policy_info_manager_test.cpp b/services/sandbox_manager/test/unittest/policy_info_manager_test.cpp index f49edac..7c89d73 100644 --- a/services/sandbox_manager/test/unittest/policy_info_manager_test.cpp +++ b/services/sandbox_manager/test/unittest/policy_info_manager_test.cpp @@ -23,6 +23,7 @@ #include "accesstoken_kit.h" #include "generic_values.h" #include "hap_token_info.h" +#include "mac_adapter.h" #include "policy_field_const.h" #include "policy_info.h" #define private public @@ -44,7 +45,7 @@ public: static void TearDownTestCase(void); void SetUp(); void TearDown(); - uint64_t selfTokenId_; + uint32_t selfTokenId_; }; static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { @@ -68,6 +69,7 @@ void PolicyInfoManagerTest::TearDownTestCase(void) void PolicyInfoManagerTest::SetUp(void) { selfTokenId_ = 0; + PolicyInfoManager::GetInstance().Init(); } void PolicyInfoManagerTest::TearDown(void) @@ -100,63 +102,6 @@ void PrintDbRecords() } } -/** - * @tc.name: PolicyInfoManagerTest001 - * @tc.desc: Test AddPolicy - invalid input - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(PolicyInfoManagerTest, PolicyInfoManagerTest001, TestSize.Level1) -{ - std::vector policy; - std::vector result0; - EXPECT_EQ(INVALID_PARAMTER, PolicyInfoManager::GetInstance().AddPolicy(selfTokenId_, policy, result0)); - uint64_t sizeLimit = 0; - EXPECT_EQ(sizeLimit, result0.size()); - - policy.resize(POLICY_VECTOR_SIZE_LIMIT + 1); - std::vector result1; - EXPECT_EQ(INVALID_PARAMTER, PolicyInfoManager::GetInstance().AddPolicy(selfTokenId_, policy, result1)); - sizeLimit = 0; - EXPECT_EQ(sizeLimit, result1.size()); - - sizeLimit = 1; - policy.resize(0); - - //test invalid case - PolicyInfo info = { - .path = "", - .mode = OperateMode::READ_MODE, - }; - policy.emplace_back(info); - std::vector result2; - EXPECT_EQ(SANDBOX_MANAGER_OK, PolicyInfoManager::GetInstance().AddPolicy(selfTokenId_, policy, result2)); - EXPECT_EQ(sizeLimit, result2.size()); - EXPECT_EQ(SandboxRetType::INVALID_PATH, result2[0]); - - info.path.resize(POLICY_PATH_LIMIT + 1); - std::vector result3; - EXPECT_EQ(SANDBOX_MANAGER_OK, PolicyInfoManager::GetInstance().AddPolicy(selfTokenId_, policy, result3)); - EXPECT_EQ(sizeLimit, result3.size()); - EXPECT_EQ(SandboxRetType::INVALID_PATH, result3[0]); - - info.path = "/data/log"; - info.mode = 0; // 0 is an invalid mode - policy[0] = info; - std::vector result4; - EXPECT_EQ(SANDBOX_MANAGER_OK, PolicyInfoManager::GetInstance().AddPolicy(selfTokenId_, policy, result4)); - EXPECT_EQ(sizeLimit, result4.size()); - EXPECT_EQ(SandboxRetType::INVALID_MODE, result4[0]); - - info.path = "/data/log"; - info.mode = 1234; // 1234 is an invalid mode - policy[0] = info; - std::vector result5; - EXPECT_EQ(SANDBOX_MANAGER_OK, PolicyInfoManager::GetInstance().AddPolicy(selfTokenId_, policy, result5)); - EXPECT_EQ(sizeLimit, result5.size()); - EXPECT_EQ(SandboxRetType::INVALID_MODE, result5[0]); -} - /** * @tc.name: PolicyInfoManagerTest002 * @tc.desc: Test AddPolicy - normal cases @@ -173,6 +118,11 @@ HWTEST_F(PolicyInfoManagerTest, PolicyInfoManagerTest002, TestSize.Level1) info.path = "/data/log"; info.mode = OperateMode::READ_MODE + OperateMode::WRITE_MODE; policy[0] = info; + std::vector setResult; + EXPECT_EQ(SANDBOX_MANAGER_OK, PolicyInfoManager::GetInstance().SetPolicy(selfTokenId_, policy, 1, setResult)); + ASSERT_EQ(1, setResult.size()); + EXPECT_EQ(SandboxRetType::OPERATE_SUCCESSFULLY, setResult[0]); + std::vector result11; EXPECT_EQ(SANDBOX_MANAGER_OK, PolicyInfoManager::GetInstance().AddPolicy(selfTokenId_, policy, result11)); EXPECT_EQ(sizeLimit, result11.size()); @@ -195,67 +145,13 @@ HWTEST_F(PolicyInfoManagerTest, PolicyInfoManagerTest002, TestSize.Level1) EXPECT_EQ(SANDBOX_MANAGER_OK, PolicyInfoManager::GetInstance().AddPolicy(selfTokenId_, policy, result13)); EXPECT_EQ(sizeLimit, result13.size()); EXPECT_EQ(SandboxRetType::OPERATE_SUCCESSFULLY, result13[0]); + EXPECT_EQ(SandboxRetType::OPERATE_SUCCESSFULLY, + PolicyInfoManager::GetInstance().UnSetAllPolicyByToken(selfTokenId_)); PrintDbRecords(); // db should have result9, result10, result11, result13 } -/** - * @tc.name: PolicyInfoManagerTest003 - * @tc.desc: Test MatchPolicy - invalid input - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(PolicyInfoManagerTest, PolicyInfoManagerTest003, TestSize.Level1) -{ - std::vector policy; - std::vector result0; - EXPECT_EQ(INVALID_PARAMTER, PolicyInfoManager::GetInstance().MatchPolicy(selfTokenId_, policy, result0)); - uint64_t sizeLimit = 0; - EXPECT_EQ(sizeLimit, result0.size()); - - policy.resize(POLICY_VECTOR_SIZE_LIMIT + 1); - std::vector result1; - EXPECT_EQ(INVALID_PARAMTER, PolicyInfoManager::GetInstance().MatchPolicy(selfTokenId_, policy, result1)); - sizeLimit = 0; - EXPECT_EQ(sizeLimit, result1.size()); - - sizeLimit = 1; - policy.resize(0); - PolicyInfo info = { - .path = "", - .mode = OperateMode::READ_MODE, - }; - policy.emplace_back(info); - - // invalid cases - std::vector result2; - EXPECT_EQ(SANDBOX_MANAGER_OK, PolicyInfoManager::GetInstance().MatchPolicy(selfTokenId_, policy, result2)); - EXPECT_EQ(sizeLimit, result2.size()); - EXPECT_EQ(SandboxRetType::INVALID_PATH, result2[0]); - - info.path.resize(POLICY_PATH_LIMIT + 1); - std::vector result3; - EXPECT_EQ(SANDBOX_MANAGER_OK, PolicyInfoManager::GetInstance().MatchPolicy(selfTokenId_, policy, result3)); - EXPECT_EQ(sizeLimit, result3.size()); - EXPECT_EQ(SandboxRetType::INVALID_PATH, result3[0]); - - info.path = "/data/log"; - info.mode = 0; // 0 is an invalid mode - policy[0] = info; - std::vector result4; - EXPECT_EQ(SANDBOX_MANAGER_OK, PolicyInfoManager::GetInstance().MatchPolicy(selfTokenId_, policy, result4)); - EXPECT_EQ(sizeLimit, result4.size()); - EXPECT_EQ(SandboxRetType::INVALID_MODE, result4[0]); - - info.mode = 1234; // 1234 is an invalid mode - policy[0] = info; - std::vector result5; - EXPECT_EQ(SANDBOX_MANAGER_OK, PolicyInfoManager::GetInstance().MatchPolicy(selfTokenId_, policy, result5)); - EXPECT_EQ(sizeLimit, result5.size()); - EXPECT_EQ(SandboxRetType::INVALID_MODE, result5[0]); -} - /** * @tc.name: PolicyInfoManagerTest004 * @tc.desc: Test MatchPolicy - normal @@ -302,63 +198,6 @@ HWTEST_F(PolicyInfoManagerTest, PolicyInfoManagerTest004, TestSize.Level1) EXPECT_EQ(SandboxRetType::OPERATE_SUCCESSFULLY, result14[0]); } -/** - * @tc.name: PolicyInfoManagerTest005 - * @tc.desc: Test RemovePolicy - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(PolicyInfoManagerTest, PolicyInfoManagerTest005, TestSize.Level1) -{ - std::vector policy; - std::vector result0; - EXPECT_EQ(INVALID_PARAMTER, PolicyInfoManager::GetInstance().RemovePolicy(selfTokenId_, policy, result0)); - uint64_t sizeLimit = 0; - EXPECT_EQ(sizeLimit, result0.size()); - - policy.resize(POLICY_VECTOR_SIZE_LIMIT + 1); - std::vector result1; - EXPECT_EQ(INVALID_PARAMTER, PolicyInfoManager::GetInstance().RemovePolicy(selfTokenId_, policy, result1)); - sizeLimit = 0; - EXPECT_EQ(sizeLimit, result1.size()); - - sizeLimit = 1; - policy.resize(0); - - // remove not exist policy - PolicyInfo info = { - .path = "/data/log/hilog", - .mode = OperateMode::READ_MODE, - }; - policy.emplace_back(info); - - std::vector result2; - EXPECT_EQ(SANDBOX_MANAGER_OK, PolicyInfoManager::GetInstance().RemovePolicy(selfTokenId_, policy, result2)); - EXPECT_EQ(sizeLimit, result2.size()); - EXPECT_EQ(SandboxRetType::POLICY_HAS_NOT_BEEN_PERSISTED, result2[0]); - - // remove exist policy - info.path = "/data/log"; - info.mode = OperateMode::WRITE_MODE; - policy[0] = info; - std::vector result3; - EXPECT_EQ(SANDBOX_MANAGER_OK, PolicyInfoManager::GetInstance().RemovePolicy(selfTokenId_, policy, result2)); - EXPECT_EQ(sizeLimit, result2.size()); - - std::vector result4; - EXPECT_EQ(SANDBOX_MANAGER_OK, PolicyInfoManager::GetInstance().MatchPolicy(selfTokenId_, policy, result4)); - EXPECT_EQ(sizeLimit, result4.size()); - EXPECT_EQ(SandboxRetType::OPERATE_SUCCESSFULLY, result4[0]); - - info.path = "/data/log"; - info.mode = OperateMode::WRITE_MODE + OperateMode::READ_MODE; - policy[0] = info; - std::vector result5; - EXPECT_EQ(SANDBOX_MANAGER_OK, PolicyInfoManager::GetInstance().MatchPolicy(selfTokenId_, policy, result5)); - EXPECT_EQ(sizeLimit, result5.size()); - EXPECT_EQ(SandboxRetType::OPERATE_SUCCESSFULLY, result5[0]); -} - /** * @tc.name: PolicyInfoManagerTest006 * @tc.desc: Test RemoveBundlePolicy diff --git a/services/sandbox_manager/test/unittest/sandbox_manager_service_test.cpp b/services/sandbox_manager/test/unittest/sandbox_manager_service_test.cpp index fcbd536..81efa4b 100644 --- a/services/sandbox_manager/test/unittest/sandbox_manager_service_test.cpp +++ b/services/sandbox_manager/test/unittest/sandbox_manager_service_test.cpp @@ -68,28 +68,6 @@ Security::AccessToken::HapPolicyParams g_testPolicyPrams = { .permList = {}, .permStateList = {g_testState1, g_testState2} }; -void NativeTokenGet() -{ - uint64_t fullTokenId; - const char **perms = new const char *[1]; - perms[0] = "ohos.permission.DISTRIBUTED_DATASYNC"; - - NativeTokenInfoParams infoInstance = { - .dcapsNum = 0, - .permsNum = 1, - .aclsNum = 0, - .dcaps = nullptr, - .perms = perms, - .acls = nullptr, - .aplStr = "system_core", - }; - - infoInstance.processName = "TestCase"; - fullTokenId = GetAccessTokenId(&infoInstance); - EXPECT_EQ(0, SetSelfTokenID(fullTokenId)); - Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo(); - delete[] perms; -}; }; class SandboxManagerServiceTest : public testing::Test { @@ -118,11 +96,6 @@ void SandboxManagerServiceTest::SetUp(void) ASSERT_NE(nullptr, sandboxManagerService_); selfTokenId_ = GetSelfTokenID(); - NativeTokenGet(); - Security::AccessToken::AccessTokenID tokenID = - Security::AccessToken::AccessTokenKit::GetNativeTokenId("foundation"); - ASSERT_NE(0, tokenID); - EXPECT_EQ(0, SetSelfTokenID(tokenID)); Security::AccessToken::AccessTokenIDEx tokenIdEx = {0}; tokenIdEx = Security::AccessToken::AccessTokenKit::AllocHapToken(g_testInfoParms, g_testPolicyPrams); ASSERT_NE(0, tokenIdEx.tokenIdExStruct.tokenID); @@ -397,6 +370,7 @@ HWTEST_F(SandboxManagerServiceTest, SandboxManagerServiceTest010, TestSize.Level */ HWTEST_F(SandboxManagerServiceTest, SandboxManagerStub001, TestSize.Level1) { + SetSelfTokenID(sysGrantToken_); uint32_t code = 0; MessageParcel data; MessageParcel reply; @@ -425,6 +399,7 @@ HWTEST_F(SandboxManagerServiceTest, SandboxManagerStub001, TestSize.Level1) EXPECT_EQ(SANDBOX_MANAGER_SERVICE_PARCEL_ERR, sandboxManagerService_->UnPersistPolicyInner(data, reply)); data.WriteParcelable(policyInfoVectorParcel); sandboxManagerService_->UnPersistPolicyInner(data, reply); + SetSelfTokenID(selfTokenId_); } /** @@ -435,22 +410,24 @@ HWTEST_F(SandboxManagerServiceTest, SandboxManagerStub001, TestSize.Level1) */ HWTEST_F(SandboxManagerServiceTest, SandboxManagerStub002, TestSize.Level1) { + SetSelfTokenID(sysGrantToken_); MessageParcel data; MessageParcel reply; EXPECT_EQ(SANDBOX_MANAGER_SERVICE_PARCEL_ERR, sandboxManagerService_->PersistPolicyByTokenIdInner(data, reply)); - data.WriteUint64(1); + data.WriteUint32(1); EXPECT_EQ(SANDBOX_MANAGER_SERVICE_PARCEL_ERR, sandboxManagerService_->PersistPolicyByTokenIdInner(data, reply)); - data.WriteUint64(1); + data.WriteUint32(1); sptr policyInfoVectorParcel; data.WriteParcelable(policyInfoVectorParcel); EXPECT_EQ(SANDBOX_MANAGER_SERVICE_PARCEL_ERR, sandboxManagerService_->PersistPolicyByTokenIdInner(data, reply)); EXPECT_EQ(SANDBOX_MANAGER_SERVICE_PARCEL_ERR, sandboxManagerService_->UnPersistPolicyByTokenIdInner(data, reply)); - data.WriteUint64(1); + data.WriteUint32(1); EXPECT_EQ(SANDBOX_MANAGER_SERVICE_PARCEL_ERR, sandboxManagerService_->UnPersistPolicyByTokenIdInner(data, reply)); - data.WriteUint64(1); + data.WriteUint32(1); data.WriteParcelable(policyInfoVectorParcel); EXPECT_EQ(SANDBOX_MANAGER_SERVICE_PARCEL_ERR, sandboxManagerService_->UnPersistPolicyByTokenIdInner(data, reply)); + SetSelfTokenID(selfTokenId_); } /** @@ -461,6 +438,7 @@ HWTEST_F(SandboxManagerServiceTest, SandboxManagerStub002, TestSize.Level1) */ HWTEST_F(SandboxManagerServiceTest, SandboxManagerStub003, TestSize.Level1) { + SetSelfTokenID(sysGrantToken_); MessageParcel data; MessageParcel reply; EXPECT_EQ(SANDBOX_MANAGER_SERVICE_PARCEL_ERR, sandboxManagerService_->SetPolicyInner(data, reply)); @@ -472,25 +450,26 @@ HWTEST_F(SandboxManagerServiceTest, SandboxManagerStub003, TestSize.Level1) EXPECT_EQ(SANDBOX_MANAGER_SERVICE_PARCEL_ERR, sandboxManagerService_->SetPolicyInner(data, reply)); EXPECT_EQ(SANDBOX_MANAGER_SERVICE_PARCEL_ERR, sandboxManagerService_->CheckPersistPolicyInner(data, reply)); - data.WriteUint64(1); + data.WriteUint32(1); EXPECT_EQ(SANDBOX_MANAGER_SERVICE_PARCEL_ERR, sandboxManagerService_->CheckPersistPolicyInner(data, reply)); - data.WriteUint64(1); + data.WriteUint32(1); data.WriteParcelable(policyInfoVectorParcel); EXPECT_EQ(SANDBOX_MANAGER_SERVICE_PARCEL_ERR, sandboxManagerService_->CheckPersistPolicyInner(data, reply)); EXPECT_EQ(SANDBOX_MANAGER_SERVICE_PARCEL_ERR, sandboxManagerService_->StartAccessingPolicyInner(data, reply)); - data.WriteUint64(1); - EXPECT_EQ(INVALID_PARAMTER, sandboxManagerService_->StartAccessingPolicyInner(data, reply)); - data.WriteUint64(1); + data.WriteUint32(1); + EXPECT_EQ(SANDBOX_MANAGER_SERVICE_PARCEL_ERR, sandboxManagerService_->StartAccessingPolicyInner(data, reply)); + data.WriteUint32(1); data.WriteParcelable(policyInfoVectorParcel); EXPECT_EQ(INVALID_PARAMTER, sandboxManagerService_->StartAccessingPolicyInner(data, reply)); EXPECT_EQ(SANDBOX_MANAGER_SERVICE_PARCEL_ERR, sandboxManagerService_->StopAccessingPolicyInner(data, reply)); - data.WriteUint64(1); - EXPECT_EQ(INVALID_PARAMTER, sandboxManagerService_->StopAccessingPolicyInner(data, reply)); - data.WriteUint64(1); + data.WriteUint32(1); + EXPECT_EQ(SANDBOX_MANAGER_SERVICE_PARCEL_ERR, sandboxManagerService_->StopAccessingPolicyInner(data, reply)); + data.WriteUint32(1); data.WriteParcelable(policyInfoVectorParcel); EXPECT_EQ(INVALID_PARAMTER, sandboxManagerService_->StopAccessingPolicyInner(data, reply)); + SetSelfTokenID(selfTokenId_); } /** @@ -557,11 +536,11 @@ HWTEST_F(SandboxManagerServiceTest, SandboxManagerStub006, TestSize.Level1) MessageParcel data, reply; EXPECT_EQ(SANDBOX_MANAGER_SERVICE_PARCEL_ERR, sandboxManagerService_->PersistPolicyByTokenIdInner(data, reply)); - data.WriteUint64(0); + data.WriteUint32(0); data.WriteUint32(POLICY_VECTOR_SIZE_LIMIT + 1); EXPECT_EQ(SANDBOX_MANAGER_SERVICE_PARCEL_ERR, sandboxManagerService_->PersistPolicyByTokenIdInner(data, reply)); - data.WriteUint64(0); + data.WriteUint32(0); std::vector policy; policy.emplace_back(PolicyInfo { .path = "", @@ -572,7 +551,7 @@ HWTEST_F(SandboxManagerServiceTest, SandboxManagerStub006, TestSize.Level1) data.WriteParcelable(&policyInfoVectorParcel); EXPECT_EQ(INVALID_PARAMTER, sandboxManagerService_->PersistPolicyByTokenIdInner(data, reply)); - data.WriteUint64(1); + data.WriteUint32(1); policy.clear(); policy.emplace_back(PolicyInfo { .path = "test path", @@ -596,11 +575,11 @@ HWTEST_F(SandboxManagerServiceTest, SandboxManagerStub007, TestSize.Level1) MessageParcel data, reply; EXPECT_EQ(SANDBOX_MANAGER_SERVICE_PARCEL_ERR, sandboxManagerService_->UnPersistPolicyByTokenIdInner(data, reply)); - data.WriteUint64(0); + data.WriteUint32(0); data.WriteUint32(POLICY_VECTOR_SIZE_LIMIT + 1); EXPECT_EQ(SANDBOX_MANAGER_SERVICE_PARCEL_ERR, sandboxManagerService_->UnPersistPolicyByTokenIdInner(data, reply)); - data.WriteUint64(0); + data.WriteUint32(0); std::vector policy; policy.emplace_back(PolicyInfo { .path = "", @@ -611,7 +590,7 @@ HWTEST_F(SandboxManagerServiceTest, SandboxManagerStub007, TestSize.Level1) data.WriteParcelable(&policyInfoVectorParcel); EXPECT_EQ(INVALID_PARAMTER, sandboxManagerService_->UnPersistPolicyByTokenIdInner(data, reply)); - data.WriteUint64(1); + data.WriteUint32(1); policy.clear(); policy.emplace_back(PolicyInfo { .path = "test path", @@ -648,8 +627,8 @@ HWTEST_F(SandboxManagerServiceTest, SandboxManagerStub008, TestSize.Level1) PolicyInfoVectorParcel policyInfoVectorParcel; policyInfoVectorParcel.policyVector = policy; data.WriteParcelable(&policyInfoVectorParcel); - data.WriteUint64(0); - EXPECT_EQ(SANDBOX_MANAGER_OK, sandboxManagerService_->SetPolicyInner(data, reply)); + data.WriteUint32(0); + EXPECT_EQ(SANDBOX_MANAGER_SERVICE_PARCEL_ERR, sandboxManagerService_->SetPolicyInner(data, reply)); SetSelfTokenID(selfTokenId_); } @@ -716,12 +695,12 @@ HWTEST_F(SandboxManagerServiceTest, SandboxManagerStub011, TestSize.Level1) EXPECT_EQ(SANDBOX_MANAGER_SERVICE_PARCEL_ERR, sandboxManagerService_->UnPersistPolicyByTokenIdInner(data, reply1)); MessageParcel reply2; - data.WriteUint64(0); + data.WriteUint32(0); data.WriteUint32(POLICY_VECTOR_SIZE_LIMIT + 1); EXPECT_EQ(SANDBOX_MANAGER_SERVICE_PARCEL_ERR, sandboxManagerService_->UnPersistPolicyByTokenIdInner(data, reply2)); MessageParcel reply3; - data.WriteUint64(1); + data.WriteUint32(1); std::vector policy; policy.emplace_back(PolicyInfo { .path = "test", @@ -733,7 +712,7 @@ HWTEST_F(SandboxManagerServiceTest, SandboxManagerStub011, TestSize.Level1) EXPECT_EQ(SANDBOX_MANAGER_OK, sandboxManagerService_->UnPersistPolicyByTokenIdInner(data, reply3)); MessageParcel reply4; - data.WriteUint64(1); + data.WriteUint32(1); data.WriteParcelable(&policyInfoVectorParcel); EXPECT_EQ(SANDBOX_MANAGER_OK, sandboxManagerService_->CheckPersistPolicyInner(data, reply4)); -- Gitee