diff --git a/bundle.json b/bundle.json index 0d0c382c74525a704144437d930aaea892741a46..369f46e64dc3180ca23612259664eafb24fb916e 100644 --- a/bundle.json +++ b/bundle.json @@ -56,7 +56,8 @@ "//foundation/filemanagement/app_file_service/interfaces/innerkits/native:app_file_service_native", "//foundation/filemanagement/app_file_service/interfaces/kits/js:fileshare", "//foundation/filemanagement/app_file_service/interfaces/kits/js:fileuri", - "//foundation/filemanagement/app_file_service/interfaces/kits/js:backup" + "//foundation/filemanagement/app_file_service/interfaces/kits/js:backup", + "//foundation/filemanagement/app_file_service/interfaces/kits/js:filepermission" ], "service_group": [ "//foundation/filemanagement/app_file_service:tgt_backup_extension", diff --git a/interfaces/innerkits/native/BUILD.gn b/interfaces/innerkits/native/BUILD.gn index 67c3c077e568597edeaf97bd3d29dbce1868d2d9..c6305ded1b12782c59c46dfb323805bd91b42aa8 100644 --- a/interfaces/innerkits/native/BUILD.gn +++ b/interfaces/innerkits/native/BUILD.gn @@ -150,12 +150,45 @@ ohos_shared_library("sandbox_helper_native") { subsystem_name = "filemanagement" } +config("file_permission_config") { + visibility = [ ":*" ] + include_dirs = [ + "file_permission/include", + "//third_party/json/include", + "../../common/include", + ] +} + +ohos_shared_library("filepermission_native") { + sources = [ + "../../common/src/json_utils.cpp", + "../../common/src/sandbox_helper.cpp", + "file_permission/src/file_permission.cpp", + ] + + public_configs = [ ":file_permission_config" ] + + external_deps = [ + "ability_base:base", + "ability_base:want", + "ability_base:zuri", + "c_utils:utils", + "file_api:filemgmt_libn", + "hilog:libhilog", + "init:libbegetutil", + ] + + part_name = "app_file_service" + subsystem_name = "filemanagement" +} + group("app_file_service_native") { deps = [ ":fileshare_native", ":fileuri_native", ":remote_file_share_native", ":sandbox_helper_native", + ":filepermission_native" ] } diff --git a/interfaces/innerkits/native/file_permission/include/file_permission.h b/interfaces/innerkits/native/file_permission/include/file_permission.h new file mode 100644 index 0000000000000000000000000000000000000000..e567c080bb9a0d02f5f24ee353699dd0f38bca56 --- /dev/null +++ b/interfaces/innerkits/native/file_permission/include/file_permission.h @@ -0,0 +1,76 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef APP_FILE_SERVICE_FILE_PERMISSION +#define APP_FILE_SERVICE_FILE_PERMISSION + +#include +#include +#include + +namespace OHOS { +namespace AppFileService { +using namespace std; +typedef enum OperateMode { + READ_MODE = 1 << 0, + WRITE_MODE = 1 << 1, +} OperateMode; +typedef enum PolicyFlag { + ALLOWED_PERSIST = 1 << 0, + FORBID_PERSIST = 1 << 1, +} PolicyFlag; +enum PolicyErrorCode { + FORBIDDEN_TO_BE_PERSISTED = 1, + INVALID_MODE = 2, + INVALID_PATH = 3, +}; +struct UriPolicyInfo { + string uri = ""; + uint32_t mode = OperateMode::READ_MODE; +}; +struct PolicyInfo { + string path = ""; + uint32_t mode = OperateMode::READ_MODE; +}; +struct PolicyErrorResult { + string uri = ""; + PolicyErrorCode code = PolicyErrorCode::FORBIDDEN_TO_BE_PERSISTED; + string message = ""; +}; + +class FilePermission { +public: + static int32_t GrantPolicy(uint32_t tokenId, vector uriPolicies, uint32_t policyFlag); + static int32_t PersistPermission(vector uriPolicies, deque &errorResults); + static int32_t DesistPersistedPermission(vector uriPolicies, + deque &errorResults); + static int32_t ActivateAccessingUri(vector uriPolicies, + deque &errorResults); + static int32_t DeactivateAccessingUri(vector uriPolicies, + deque &errorResults); + +private: + static void GetErrorResults(const vector &resultCodes, + const vector &resultUris, + deque &errorResults); + static void GetPolicyInformation(const vector &uriPolicies, + vector &resultUris, + deque &errorResults, + vector &policies); +}; +} // namespace AppFileService +} // namespace OHOS + +#endif \ No newline at end of file diff --git a/interfaces/innerkits/native/file_permission/src/file_permission.cpp b/interfaces/innerkits/native/file_permission/src/file_permission.cpp new file mode 100644 index 0000000000000000000000000000000000000000..ca4b8385f9698ab738548cc420137a4bbc550629 --- /dev/null +++ b/interfaces/innerkits/native/file_permission/src/file_permission.cpp @@ -0,0 +1,213 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "file_permission.h" +#include + +#include "filemgmt_libn.h" +#include "log.h" +#include "parameter.h" +#include "uri.h" + +namespace OHOS { +namespace AppFileService { +const std::string MEDIA_AUTHORITY = "media"; +const std::string REMOTE_SHARE_PATH_DIR = "/.remote_share"; +const std::string FORBIDDEN_TO_BE_PERSISTED_MESSAGE = "URI refusal to be persisted!"; +const std::string INVALID_MODE_MESSAGE = "Invalid operation mode!"; +const std::string INVALID_PATH_MESSAGE = "Invalid path!"; +const int32_t FULL_MOUNT_ENABLE_SIZE = 6; +const char *FULL_MOUNT_ENABLE_PARAMETER = "const.filemanager.full_mout.enable"; + +namespace { +bool CheckValidUri(const string &uriStr) +{ + Uri uri(uriStr); + std::string bundleName = uri.GetAuthority(); + if (bundleName == MEDIA_AUTHORITY) { + LOGE("the URI is media URI"); + return false; + } + if (uriStr.find(REMOTE_SHARE_PATH_DIR) != string::npos) { + LOGE("the URI is distributed URI"); + return false; + } + return true; +} + +bool CheckFileManagerFullMountEnable() +{ + char value[FULL_MOUNT_ENABLE_SIZE] = "false"; + int retSystem = GetParameter(FULL_MOUNT_ENABLE_PARAMETER, "false", value, FULL_MOUNT_ENABLE_SIZE); + if (retSystem > 0 && !strcmp(value, "true")) { + LOGE("The full mount enable parameter is true"); + return true; + } + LOGD("The full mount enable parameter is false"); + return false; +} +} // namespace + +void FilePermission::GetErrorResults(const vector &resultCodes, + const vector &resultUris, + deque &errorResults) +{ + for (int i = 0; i < resultCodes.size(); i++) { + PolicyErrorResult result; + switch (resultCodes[i]) { + case static_cast(PolicyErrorCode::FORBIDDEN_TO_BE_PERSISTED): + result = {resultUris[i], PolicyErrorCode::FORBIDDEN_TO_BE_PERSISTED, FORBIDDEN_TO_BE_PERSISTED_MESSAGE}; + errorResults.emplace_back(result); + break; + case static_cast(PolicyErrorCode::INVALID_MODE): + result = {resultUris[i], PolicyErrorCode::INVALID_MODE, INVALID_MODE_MESSAGE}; + errorResults.emplace_back(result); + break; + case static_cast(PolicyErrorCode::INVALID_PATH): + result = {resultUris[i], PolicyErrorCode::INVALID_PATH, INVALID_PATH_MESSAGE}; + errorResults.emplace_back(result); + break; + default: + break; + } + } +} + +void FilePermission::GetPolicyInformation(const vector &uriPolicies, + vector &resultUris, + deque &errorResults, + vector &policies) +{ + for (auto uriPolicy : uriPolicies) { + Uri uri(uriPolicy.uri); + string path = uri.GetPath(); + if (!CheckValidUri(uriPolicy.uri) || access(path.c_str(), F_OK) != 0) { + LOGE("Not the correct uri!"); + PolicyErrorResult result = {uriPolicy.uri, PolicyErrorCode::INVALID_PATH, INVALID_PATH_MESSAGE}; + errorResults.emplace_back(result); + } else { + PolicyInfo policyInfo = {path, uriPolicy.mode}; + policies.emplace_back(policyInfo); + resultUris.emplace_back(uriPolicy.uri); + } + } +} + +int32_t FilePermission::GrantPolicy(uint32_t tokenId, vector uriPolicies, uint32_t policyFlag) +{ + if (!CheckFileManagerFullMountEnable()) { + LOGE("The device doesn't support this apil"); + return E_DEVICENOTSUPPORT; + } + vector policies; + vector resultUris; + deque errorResults; + GetPolicyInformation(uriPolicies, resultUris, errorResults, policies); + // SandboxManager interface call + // int32_t SandboxRet = SandboxManager::GrantPolicy(tokenId, resultCodes); + if (!errorResults.empty()) { + LOGE("There are some URI operations that fail"); + return EPERM; + } + LOGD("GrantPolicy success"); + return 0; +} + +int32_t FilePermission::PersistPermission(vector uriPolicies, + deque &errorResults) +{ + if (!CheckFileManagerFullMountEnable()) { + LOGE("The device doesn't support this apil"); + return E_DEVICENOTSUPPORT; + } + vector policies; + vector resultUris; + vector resultCodes; + GetPolicyInformation(uriPolicies, resultUris, errorResults, policies); + // SandboxManager interface call + // int32_t SandboxRet = SandboxManager::PersistPermission(policies, resultCodes); + GetErrorResults(resultCodes, resultUris, errorResults); + if (!errorResults.empty()) { + LOGE("There are some URI operations that fail"); + return EPERM; + } + LOGD("PersistPermission success"); + return 0; +} +int32_t FilePermission::DesistPersistedPermission(vector uriPolicies, + deque &errorResults) +{ + if (!CheckFileManagerFullMountEnable()) { + LOGE("The device doesn't support this apil"); + return E_DEVICENOTSUPPORT; + } + vector policies; + vector resultUris; + vector resultCodes; + GetPolicyInformation(uriPolicies, resultUris, errorResults, policies); + // SandboxManager interface call + // int32_t SandboxRet = SandboxManager::DesistPersistedPermission(policies, resultCodes); + GetErrorResults(resultCodes, resultUris, errorResults); + if (!errorResults.empty()) { + LOGE("There are some URI operations that fail"); + return EPERM; + } + LOGD("DesistPersistedPermission success"); + return 0; +} +int32_t FilePermission::ActivateAccessingUri(vector uriPolicies, + deque &errorResults) +{ + if (!CheckFileManagerFullMountEnable()) { + LOGE("The device doesn't support this apil"); + return E_DEVICENOTSUPPORT; + } + vector policies; + vector resultUris; + vector resultCodes; + GetPolicyInformation(uriPolicies, resultUris, errorResults, policies); + // SandboxManager interface call + // int32_t SandboxRet = SandboxManager::ActivateAccessingUri(policies, resultCodes); + GetErrorResults(resultCodes, resultUris, errorResults); + if (!errorResults.empty()) { + LOGE("There are some URI operations that fail"); + return EPERM; + } + LOGD("ActivateAccessingUri success"); + return 0; +} +int32_t FilePermission::DeactivateAccessingUri(vector uriPolicies, + deque &errorResults) +{ + if (!CheckFileManagerFullMountEnable()) { + LOGE("The device doesn't support this apil"); + return E_DEVICENOTSUPPORT; + } + vector policies; + vector resultUris; + vector resultCodes; + GetPolicyInformation(uriPolicies, resultUris, errorResults, policies); + // SandboxManager interface call + // int32_t SandboxRet = SandboxManager::DeactivateAccessingUri(policies, resultCodes); + GetErrorResults(resultCodes, resultUris, errorResults); + if (!errorResults.empty()) { + LOGE("There are some URI operations that fail"); + return EPERM; + } + LOGD("DeactivateAccessingUri success"); + return 0; +} + +} // namespace AppFileService +} // namespace OHOS \ No newline at end of file diff --git a/interfaces/kits/js/BUILD.gn b/interfaces/kits/js/BUILD.gn index 47ecdfc165742d9a6667dd99b2246e59e72931d1..7db48e462f322060670e1e336813cac26e11b7c1 100644 --- a/interfaces/kits/js/BUILD.gn +++ b/interfaces/kits/js/BUILD.gn @@ -147,3 +147,35 @@ ohos_shared_library("backup") { "napi:ace_napi", ] } + +ohos_shared_library("filepermission") { + include_dirs = [ + ".", + "../../common/include", + "${app_file_service_path}/interfaces/innerkits/native/file_permission/include", + ] + + sources = [ + "../../innerkits/native/file_permission/src/file_permission.cpp", + "file_permission/file_permission_n_exporter.cpp", + "file_permission/file_permission_napi.cpp", + ] + + external_deps = [ + "ability_base:zuri", + "ability_runtime:abilitykit_native", + "access_token:libaccesstoken_sdk", + "access_token:libtokenid_sdk", + "c_utils:utils", + "file_api:filemgmt_libhilog", + "file_api:filemgmt_libn", + "hilog:libhilog", + "ipc:ipc_core", + "napi:ace_napi", + ] + + relative_install_dir = "module" + + part_name = "app_file_service" + subsystem_name = "filemanagement" +} diff --git a/interfaces/kits/js/file_permission/file_permission_n_exporter.cpp b/interfaces/kits/js/file_permission/file_permission_n_exporter.cpp new file mode 100644 index 0000000000000000000000000000000000000000..d3147ffc3ca7ad5a568daf06d40731e7a4b0481d --- /dev/null +++ b/interfaces/kits/js/file_permission/file_permission_n_exporter.cpp @@ -0,0 +1,366 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "file_permission_n_exporter.h" + +#include +#include + +#include "access_token.h" +#include "accesstoken_kit.h" +#include "ipc_skeleton.h" +#include "log.h" +#include "tokenid_kit.h" +#include "n_napi.h" + + +namespace OHOS { +namespace AppFileService { +namespace ModuleFilePermission { +using namespace OHOS::FileManagement::LibN; +using namespace std; + +const std::string FILE_ACCESS_PERMISSION = "ohos.permission.FILE_ACCESS_PERSIST"; +const std::string SET_SANDBOX_POLICY_PERMISSION = "ohos.permission.SET_SANDBOX_POLICY"; + +namespace { +bool IsSystemApp() +{ + uint32_t fullTokenId = OHOS::IPCSkeleton::GetCallingFullTokenID(); + return Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(fullTokenId); +} + +bool CheckPermission(const string &permission) +{ + Security::AccessToken::AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); + return Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenCaller, permission) == + Security::AccessToken::PermissionState::PERMISSION_GRANTED; +} +} // namespace + +static napi_value GetErrData(napi_env env, deque &errorResults) +{ + napi_value res = nullptr; + napi_status status = napi_create_array(env, &res); + if (status != napi_ok) { + LOGE("Failed to create array"); + return nullptr; + } + size_t index = 0; + for (auto &iter : errorResults) { + NVal obj = NVal::CreateObject(env); + obj.AddProp("uri", NVal::CreateUTF8String(env, iter.uri).val_); + obj.AddProp("code", NVal::CreateInt32(env, iter.code).val_); + obj.AddProp("message", NVal::CreateUTF8String(env, iter.message).val_); + status = napi_set_element(env, res, index++, obj.val_); + if (status != napi_ok) { + LOGE("Failed to set element on data"); + return nullptr; + } + } + return res; +} + +static napi_status GetUriPoliciesArg(napi_env env, napi_value agrv, std::vector &uriPolicies){ + uint32_t count; + napi_status status = napi_get_array_length(env, agrv, &count); + if (status != napi_ok) { + LOGE("get array length failed"); + return status; + } + for (uint32_t i = 0; i < count; i++) { + napi_handle_scope scope; + status = napi_open_handle_scope(env, &scope); + if (status != napi_ok) { + return status; + } + napi_value object; + status = napi_get_element(env, agrv, i, &object); + if (status != napi_ok) { + LOGE("get element failed"); + return status; + } + UriPolicyInfo uriPolicy; + napi_value uriValue; + napi_value modeValue; + status = napi_get_named_property(env, object, "uri", &uriValue); + if (status != napi_ok) { + LOGE("get named property failed"); + return status; + } + status = napi_get_named_property(env, object, "operateMode", &modeValue); + if (status != napi_ok) { + LOGE("get named property failed"); + return status; + } + auto [succStr, str, ignore] = NVal(env, uriValue).ToUTF8String(); + auto [succMode, mode] = NVal(env, modeValue).ToUint32(); + if(!succStr || !succMode){ + LOGE("the argument error"); + return napi_invalid_arg; + } + uriPolicy.uri = str.get(); + uriPolicy.mode = mode; + uriPolicies.emplace_back(uriPolicy); + status = napi_close_handle_scope(env, scope); + if (status != napi_ok) { + return status; + } + } + return napi_ok; +} + +napi_value GrantPolicy(napi_env env, napi_callback_info info) +{ + NFuncArg funcArg(env, info); + if (!funcArg.InitArgs(NARG_CNT::THREE)) { + LOGE("GrantPolicy Number of arguments unmatched"); + NError(E_PARAMS).ThrowErr(env); + return nullptr; + } + if (!IsSystemApp()) { + LOGE("GrantPolicy is not System App!"); + NError(E_PERMISSION_SYS).ThrowErr(env); + return nullptr; + } + if (!CheckPermission(SET_SANDBOX_POLICY_PERMISSION)) { + LOGE("GrantPolicy has not ohos permission!"); + NError(E_PERMISSION).ThrowErr(env); + return nullptr; + } + auto [succTokenId, id] = NVal(env, funcArg[NARG_POS::FIRST]).ToUint32(); + auto [succPolicyFlag, flag] = NVal(env, funcArg[NARG_POS::THIRD]).ToUint32(); + if (!succTokenId || !succPolicyFlag) { + LOGE("The first/third argument error"); + NError(E_PARAMS).ThrowErr(env); + return nullptr; + } + int32_t tokenId = id; + uint32_t policyFlag = flag; + std::vector uriPolicies; + napi_status status = GetUriPoliciesArg(env, funcArg[NARG_POS::SECOND], uriPolicies); + if(status != napi_ok){ + LOGE("the second argument error"); + NError(E_PARAMS).ThrowErr(env); + return nullptr; + } + auto cbExec = [tokenId, uriPolicies, policyFlag]() -> NError { + int32_t ret = FilePermission::GrantPolicy(tokenId, uriPolicies, policyFlag); + return NError(ret); + }; + auto cbCompl = [](napi_env env, NError err) -> NVal { + if (err) { + return {env, err.GetNapiErr(env)}; + } + return NVal::CreateUndefined(env); + }; + + const string procedureName = "grant_policy"; + NVal thisVar(env, funcArg.GetThisVar()); + return NAsyncWorkPromise(env, thisVar).Schedule(procedureName, cbExec, cbCompl).val_; +} + +napi_value PersistPermission(napi_env env, napi_callback_info info) +{ + NFuncArg funcArg(env, info); + if (!funcArg.InitArgs(NARG_CNT::ONE)) { + LOGE("PersistPermission Number of arguments unmatched"); + NError(E_PARAMS).ThrowErr(env); + return nullptr; + } + if (!CheckPermission(FILE_ACCESS_PERMISSION)) { + LOGE("PersistPermission has not ohos permission!"); + NError(E_PERMISSION).ThrowErr(env); + return nullptr; + } + std::vector uriPolicies; + napi_status status = GetUriPoliciesArg(env, funcArg[NARG_POS::FIRST], uriPolicies); + if(status != napi_ok){ + LOGE("get arguments failed"); + NError(E_PARAMS).ThrowErr(env); + return nullptr; + } + shared_ptr arg = make_shared(); + if (arg == nullptr) { + LOGE("Failed to request heap memory."); + NError(EILSEQ).ThrowErr(env); + return nullptr; + } + auto cbExec = [uriPolicies, arg]() -> NError { + arg->errNo = FilePermission::PersistPermission(uriPolicies, arg->errorResults); + return NError(arg->errNo); + }; + auto cbCompl = [arg](napi_env env, NError err) -> NVal { + if (err) { + if(arg->errNo == EPERM){ + napi_value data = err.GetNapiErr(env); + napi_status status = napi_set_named_property(env, data, FILEIO_TAG_ERR_DATA.c_str(), + GetErrData(env, arg->errorResults)); + if (status != napi_ok) { + LOGE("Failed to set data property on Error"); + } + return { env, data }; + } + return {env, err.GetNapiErr(env)}; + } + return NVal::CreateUndefined(env); + }; + const string procedureName = "persist_permission"; + NVal thisVar(env, funcArg.GetThisVar()); + return NAsyncWorkPromise(env, thisVar).Schedule(procedureName, cbExec, cbCompl).val_; +} + +napi_value DesistPersistedPermission(napi_env env, napi_callback_info info) +{ + NFuncArg funcArg(env, info); + if (!funcArg.InitArgs(NARG_CNT::ONE)) { + LOGE("DesistPersistedPermission Number of arguments unmatched"); + NError(E_PARAMS).ThrowErr(env); + return nullptr; + } + if (!CheckPermission(FILE_ACCESS_PERMISSION)) { + LOGE("DesistPersistedPermission has not ohos permission!"); + NError(E_PERMISSION).ThrowErr(env); + return nullptr; + } + std::vector uriPolicies; + napi_status status = GetUriPoliciesArg(env, funcArg[NARG_POS::FIRST], uriPolicies); + if(status != napi_ok){ + LOGE("get arguments failed"); + NError(E_PARAMS).ThrowErr(env); + return nullptr; + } + shared_ptr arg = make_shared(); + if (arg == nullptr) { + LOGE("Failed to request heap memory."); + NError(EILSEQ).ThrowErr(env); + return nullptr; + } + auto cbExec = [uriPolicies, arg]() -> NError { + arg->errNo = FilePermission::DesistPersistedPermission(uriPolicies, arg->errorResults); + return NError(arg->errNo); + }; + auto cbCompl = [arg](napi_env env, NError err) -> NVal { + if (err) { + if(arg->errNo == EPERM){ + napi_value data = err.GetNapiErr(env); + napi_status status = napi_set_named_property(env, data, FILEIO_TAG_ERR_DATA.c_str(), + GetErrData(env, arg->errorResults)); + if (status != napi_ok) { + LOGE("Failed to set data property on Error"); + } + return { env, data }; + } + return {env, err.GetNapiErr(env)}; + } + return NVal::CreateUndefined(env); + }; + const string procedureName = "desist_persist_permission"; + NVal thisVar(env, funcArg.GetThisVar()); + return NAsyncWorkPromise(env, thisVar).Schedule(procedureName, cbExec, cbCompl).val_; +} + +napi_value ActivateAccessingUri(napi_env env, napi_callback_info info) +{ + NFuncArg funcArg(env, info); + if (!funcArg.InitArgs(NARG_CNT::ONE)) { + LOGE("ActivateAccessingUri Number of arguments unmatched"); + NError(E_PARAMS).ThrowErr(env); + return nullptr; + } + std::vector uriPolicies; + napi_status status = GetUriPoliciesArg(env, funcArg[NARG_POS::FIRST], uriPolicies); + if(status != napi_ok){ + LOGE("get arguments failed"); + NError(E_PARAMS).ThrowErr(env); + return nullptr; + } + shared_ptr arg = make_shared(); + if (arg == nullptr) { + LOGE("Failed to request heap memory."); + NError(EILSEQ).ThrowErr(env); + return nullptr; + } + auto cbExec = [uriPolicies, arg]() -> NError { + arg->errNo = FilePermission::ActivateAccessingUri(uriPolicies, arg->errorResults); + return NError(arg->errNo); + }; + auto cbCompl = [arg](napi_env env, NError err) -> NVal { + if (err) { + if(arg->errNo == EPERM){ + napi_value data = err.GetNapiErr(env); + napi_status status = napi_set_named_property(env, data, FILEIO_TAG_ERR_DATA.c_str(), + GetErrData(env, arg->errorResults)); + if (status != napi_ok) { + LOGE("Failed to set data property on Error"); + } + return { env, data }; + } + return {env, err.GetNapiErr(env)}; + } + return NVal::CreateUndefined(env); + }; + const string procedureName = "activate_accessing_uri"; + NVal thisVar(env, funcArg.GetThisVar()); + return NAsyncWorkPromise(env, thisVar).Schedule(procedureName, cbExec, cbCompl).val_; +} + +napi_value DeactivateAccessingUri(napi_env env, napi_callback_info info) +{ + NFuncArg funcArg(env, info); + if (!funcArg.InitArgs(NARG_CNT::ONE)) { + LOGE("DeactivateAccessingUri Number of arguments unmatched"); + NError(E_PARAMS).ThrowErr(env); + return nullptr; + } + std::vector uriPolicies; + napi_status status = GetUriPoliciesArg(env, funcArg[NARG_POS::FIRST], uriPolicies); + if(status != napi_ok){ + LOGE("get arguments failed"); + NError(E_PARAMS).ThrowErr(env); + return nullptr; + } + LOGE("DeactivateAccessingUri %{public}d", uriPolicies.size()); + shared_ptr arg = make_shared(); + if (arg == nullptr) { + LOGE("Failed to request heap memory."); + NError(EILSEQ).ThrowErr(env); + return nullptr; + } + auto cbExec = [uriPolicies, arg]() -> NError { + arg->errNo = FilePermission::DeactivateAccessingUri(uriPolicies, arg->errorResults); + return NError(arg->errNo); + }; + auto cbCompl = [arg](napi_env env, NError err) -> NVal { + if (err) { + if(arg->errNo == EPERM){ + napi_value data = err.GetNapiErr(env); + napi_status status = napi_set_named_property(env, data, FILEIO_TAG_ERR_DATA.c_str(), + GetErrData(env, arg->errorResults)); + if (status != napi_ok) { + LOGE("Failed to set data property on Error"); + } + return { env, data }; + } + return {env, err.GetNapiErr(env)}; + } + return NVal::CreateUndefined(env); + }; + const string procedureName = "deactivate_accessing_uri"; + NVal thisVar(env, funcArg.GetThisVar()); + return NAsyncWorkPromise(env, thisVar).Schedule(procedureName, cbExec, cbCompl).val_; +} +} // namespace ModuleFilePermission +} // namespace AppFileService +} // namespace OHOS diff --git a/interfaces/kits/js/file_permission/file_permission_n_exporter.h b/interfaces/kits/js/file_permission/file_permission_n_exporter.h new file mode 100644 index 0000000000000000000000000000000000000000..a14ba298b4dbe881da81b6899c1a222817e922da --- /dev/null +++ b/interfaces/kits/js/file_permission/file_permission_n_exporter.h @@ -0,0 +1,41 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FILE_PERMISSION_N_EXPOTER_H +#define FILE_PERMISSION_N_EXPOTER_H + +#include + +#include "file_permission.h" +#include "filemgmt_libn.h" + +namespace OHOS { +namespace AppFileService { +namespace ModuleFilePermission { +napi_value GrantPolicy(napi_env env, napi_callback_info info); +napi_value PersistPermission(napi_env env, napi_callback_info info); +napi_value DesistPersistedPermission(napi_env env, napi_callback_info info); +napi_value ActivateAccessingUri(napi_env env, napi_callback_info info); +napi_value DeactivateAccessingUri(napi_env env, napi_callback_info info); + +struct PolicyErrorArgs { + deque errorResults; + int32_t errNo = 0; + ~PolicyErrorArgs() = default; +}; +} // namespace ModuleFilePermission +} // namespace AppFileService +} // namespace OHOS +#endif // FILE_PERMISSION_N_EXPOTER_H diff --git a/interfaces/kits/js/file_permission/file_permission_napi.cpp b/interfaces/kits/js/file_permission/file_permission_napi.cpp new file mode 100644 index 0000000000000000000000000000000000000000..f590fd562a33e0799ed5b46045514b967c21b830 --- /dev/null +++ b/interfaces/kits/js/file_permission/file_permission_napi.cpp @@ -0,0 +1,194 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "file_permission_napi.h" +#include "file_permission.h" +#include "file_permission_n_exporter.h" +#include "log.h" + +namespace OHOS { +namespace AppFileService { +namespace ModuleFilePermission { +using namespace FileManagement; +using namespace FileManagement::LibN; +/*********************************************** + * Module export and register + ***********************************************/ +napi_value FilePermissionExport(napi_env env, napi_value exports) +{ + InitOperateMode(env, exports); + InitPolicyFlag(env, exports); + InitPolicyInfo(env, exports); + InitPolicyErrorCode(env, exports); + InitPolicyErrorResult(env, exports); + static napi_property_descriptor desc[] = { + DECLARE_NAPI_FUNCTION("grantPolicy", GrantPolicy), + DECLARE_NAPI_FUNCTION("persistPermission", PersistPermission), + DECLARE_NAPI_FUNCTION("desistPersistedPermission", DesistPersistedPermission), + DECLARE_NAPI_FUNCTION("activateAccessingUri", ActivateAccessingUri), + DECLARE_NAPI_FUNCTION("deactivateAccessingUri", DeactivateAccessingUri), + }; + napi_define_properties(env, exports, sizeof(desc) / sizeof(desc[0]), desc); + return exports; +} + +static napi_value InitPolicyConstructor(napi_env env, napi_callback_info info) +{ + size_t argc = 0; + napi_value args[1] = {0}; + napi_value res = nullptr; + void *data = nullptr; + napi_status status = napi_get_cb_info(env, info, &argc, args, &res, &data); + if (status != napi_ok) { + HILOGE("InitPolicyConstructor, status is not napi_ok"); + return nullptr; + } + return res; +} + +void InitOperateMode(napi_env env, napi_value exports) +{ + char propertyName[] = "OperateMode"; + napi_property_descriptor desc[] = { + DECLARE_NAPI_STATIC_PROPERTY("READ_MODE", + NVal::CreateUint32(env, static_cast(OperateMode::READ_MODE)).val_), + DECLARE_NAPI_STATIC_PROPERTY("WRITE_MODE", + NVal::CreateUint32(env, static_cast(OperateMode::WRITE_MODE)).val_), + }; + napi_value obj = nullptr; + napi_status status = napi_create_object(env, &obj); + if (status != napi_ok) { + HILOGE("Failed to create object at initializing OperateMode"); + return; + } + status = napi_define_properties(env, obj, sizeof(desc) / sizeof(desc[0]), desc); + if (status != napi_ok) { + HILOGE("Failed to set properties of character at initializing OperateMode"); + return; + } + status = napi_set_named_property(env, exports, propertyName, obj); + if (status != napi_ok) { + HILOGE("Failed to set direction property at initializing OperateMode"); + return; + } +} + +void InitPolicyFlag(napi_env env, napi_value exports) +{ + char propertyName[] = "PolicyFlag"; + napi_property_descriptor desc[] = { + DECLARE_NAPI_STATIC_PROPERTY("ALLOWED_PERSIST", + NVal::CreateUint32(env, static_cast(PolicyFlag::ALLOWED_PERSIST)).val_), + DECLARE_NAPI_STATIC_PROPERTY("FORBID_PERSIST", + NVal::CreateUint32(env, static_cast(PolicyFlag::FORBID_PERSIST)).val_), + }; + napi_value obj = nullptr; + napi_status status = napi_create_object(env, &obj); + if (status != napi_ok) { + HILOGE("Failed to create object at initializing PolicyFlag"); + return; + } + status = napi_define_properties(env, obj, sizeof(desc) / sizeof(desc[0]), desc); + if (status != napi_ok) { + HILOGE("Failed to set properties of character at initializing PolicyFlag"); + return; + } + status = napi_set_named_property(env, exports, propertyName, obj); + if (status != napi_ok) { + HILOGE("Failed to set direction property at initializing PolicyFlag"); + return; + } +} + +void InitPolicyErrorCode(napi_env env, napi_value exports) +{ + char propertyName[] = "PolicyErrorCode"; + napi_property_descriptor desc[] = { + DECLARE_NAPI_STATIC_PROPERTY( + "FORBIDDEN_TO_BE_PERSISTED", + NVal::CreateInt32(env, static_cast(PolicyErrorCode::FORBIDDEN_TO_BE_PERSISTED)).val_), + DECLARE_NAPI_STATIC_PROPERTY("INVALID_MODE", + NVal::CreateInt32(env, static_cast(PolicyErrorCode::INVALID_MODE)).val_), + DECLARE_NAPI_STATIC_PROPERTY("INVALID_PATH", + NVal::CreateInt32(env, static_cast(PolicyErrorCode::INVALID_PATH)).val_), + }; + napi_value obj = nullptr; + napi_status status = napi_create_object(env, &obj); + if (status != napi_ok) { + HILOGE("Failed to create object at initializing InitPolicyErrorCode"); + return; + } + status = napi_define_properties(env, obj, sizeof(desc) / sizeof(desc[0]), desc); + if (status != napi_ok) { + HILOGE("Failed to set properties of character at initializing InitPolicyErrorCode"); + return; + } + status = napi_set_named_property(env, exports, propertyName, obj); + if (status != napi_ok) { + HILOGE("Failed to set direction property at initializing InitPolicyErrorCode"); + return; + } +} + +void InitPolicyErrorResult(napi_env env, napi_value exports) +{ + char className[] = "PolicyErrorResult"; + napi_property_descriptor desc[] = { + DECLARE_NAPI_STATIC_PROPERTY("uri", NVal::CreateUTF8String(env, "uri").val_), + DECLARE_NAPI_STATIC_PROPERTY( + "code", NVal::CreateInt32(env, static_cast(PolicyErrorCode::FORBIDDEN_TO_BE_PERSISTED)).val_), + DECLARE_NAPI_STATIC_PROPERTY("message", NVal::CreateUTF8String(env, "message").val_), + }; + napi_value obj = nullptr; + napi_status status = napi_define_class(env, className, NAPI_AUTO_LENGTH, InitPolicyConstructor, nullptr, + sizeof(desc) / sizeof(desc[0]), desc, &obj); + napi_create_object(env, &obj); + if (status != napi_ok) { + HILOGE("Failed to define class at initializing PolicyErrorResult"); + return; + } + status = napi_set_named_property(env, exports, className, obj); + if (status != napi_ok) { + HILOGE("Failed to set direction property at initializing PolicyErrorResult"); + return; + } +} + +void InitPolicyInfo(napi_env env, napi_value exports) +{ + char className[] = "PolicyInfo"; + napi_property_descriptor desc[] = { + DECLARE_NAPI_STATIC_PROPERTY("uri", NVal::CreateUTF8String(env, "uri").val_), + DECLARE_NAPI_STATIC_PROPERTY("operaMode", + NVal::CreateUint32(env, static_cast(OperateMode::READ_MODE)).val_), + }; + napi_value obj = nullptr; + napi_status status = napi_define_class(env, className, NAPI_AUTO_LENGTH, InitPolicyConstructor, nullptr, + sizeof(desc) / sizeof(desc[0]), desc, &obj); + napi_create_object(env, &obj); + if (status != napi_ok) { + HILOGE("Failed to define class at initializing PolicyFlag"); + return; + } + status = napi_set_named_property(env, exports, className, obj); + if (status != napi_ok) { + HILOGE("Failed to set direction property at initializing PolicyFlag"); + return; + } +} + +NAPI_MODULE(filepermission, FilePermissionExport) +} // namespace ModuleFilePermission +} // namespace AppFileService +} // namespace OHOS diff --git a/interfaces/kits/js/file_permission/file_permission_napi.h b/interfaces/kits/js/file_permission/file_permission_napi.h new file mode 100644 index 0000000000000000000000000000000000000000..adeff5e76a6bc17d193478356a314664f55d49c5 --- /dev/null +++ b/interfaces/kits/js/file_permission/file_permission_napi.h @@ -0,0 +1,33 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef FILE_PERMISSION_NAPI_H +#define FILE_PERMISSION_NAPI_H + +#include "filemgmt_libn.h" + +namespace OHOS { +namespace AppFileService { +namespace ModuleFilePermission { +void InitOperateMode(napi_env env, napi_value exports); +void InitPolicyFlag(napi_env env, napi_value exports); +void InitPolicyInfo(napi_env env, napi_value exports); +void InitPolicyErrorResult(napi_env env, napi_value exports); +void InitPolicyErrorCode(napi_env env, napi_value exports); + +napi_value FilePermissionExport(napi_env env, napi_value exports); +} // namespace ModuleFilePermission +} // namespace AppFileService +} // namespace OHOS +#endif // FILE_PERMISSION_NAPI_H diff --git a/test/unittest/BUILD.gn b/test/unittest/BUILD.gn index 8ae868099038e97b31ca2780556465e5d319b45c..6a4a28f1c73884b418e7371389942bb1bfe03e88 100644 --- a/test/unittest/BUILD.gn +++ b/test/unittest/BUILD.gn @@ -14,6 +14,7 @@ group("unittest") { testonly = true deps = [ + "file_permission_native:file_permission_test", "file_share_native:file_share_test", "file_uri_native:file_uri_test", "remote_file_share:remote_file_share_test", diff --git a/test/unittest/file_permission_native/BUILD.gn b/test/unittest/file_permission_native/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..e1b9c924615d0603d47c12f39abb4e0b9127ae8e --- /dev/null +++ b/test/unittest/file_permission_native/BUILD.gn @@ -0,0 +1,42 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/test.gni") + +ohos_unittest("file_permission_test") { + module_out_path = "filemanagement/app_file_service" + resource_config_file = "../resource/ohos_test.xml" + sources = [ "file_permission_test.cpp" ] + + external_deps = [ + "ability_base:base", + "ability_base:want", + "ability_base:zuri", + "access_token:libaccesstoken_sdk", + "c_utils:utils", + "file_api:filemgmt_libn", + "hilog:libhilog", + "init:libbegetutil", + "ipc:ipc_core", + ] + + include_dirs = [ + "../../../interfaces/innerkits/native/file_permission/include", + ] + + deps = [ + "../../../interfaces/innerkits/native:filepermission_native", + "//third_party/googletest:gmock_main", + "//third_party/googletest:gtest_main", + ] +} diff --git a/test/unittest/file_permission_native/file_permission_test.cpp b/test/unittest/file_permission_native/file_permission_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..d75807a4fcdd3cc841f06b59d8b6ca6e73e2d8c3 --- /dev/null +++ b/test/unittest/file_permission_native/file_permission_test.cpp @@ -0,0 +1,336 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "file_permission.h" + +#include +#include +#include + +#include "uri.h" +#include "parameter.h" +#include "log.h" +#include "filemgmt_libn.h" + + +using namespace std; +using namespace OHOS::AppFileService; + +namespace OHOS::AppFileService { +const string bundleA = "com.example.filesharea"; + +class FilePermissionTest : public testing::Test { +public: + static void SetUpTestCase(void) {}; + static void TearDownTestCase() {}; + void SetUp() {}; + void TearDown() {}; +}; + +bool CheckFileManagerFullMountEnable() +{ + char value[FULL_MOUNT_ENABLE_SIZE] = "false"; + int retSystem = GetParameter(FULL_MOUNT_ENABLE_PARAMETER, "false", value, FULL_MOUNT_ENABLE_SIZE); + if (retSystem > 0 && !strcmp(value, "true")) { + return true; + } + return false; +} + +/** + * @tc.name: GrantPolicy_test_0000 + * @tc.desc: Test function of GrantPolicy() interface for SUCCESS. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: + */ +HWTEST_F(FilePermissionTest, GrantPolicy_test_0000, testing::ext::TestSize.Level1) +{ + GTEST_LOG_(INFO) << "FilePermissionTest-begin GrantPolicy"; + int32_t targetCode = 0; + if(!CheckFileManagerFullMountEnable()){ + targetCode = E_DEVICENOTSUPPORT; + } + string uri = "file://" + bundleA + "/data/storage/el2/base"; + int32_t tokenId = 0; + std::vector uriPolicies; + UriPolicyInfo uriPolicyInfo; + uriPolicyInfo.uri = uri; + uint32_t policyFlag = OperateMode::READ_MODE | OperateMode::WRITE_MODE; + uriPolicies.emplace_back(uriPolicyInfo); + int32_t ret = FilePermission::GrantPolicy(tokenId, uriPolicies, policyFlag); + EXPECT_EQ(ret, targetCode); + GTEST_LOG_(INFO) << "FilePermissionTest-end GrantPolicy"; +} + +/** + * @tc.name: GrantPolicy_test_0001 + * @tc.desc: Test function of GrantPolicy() interface for error URI. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: + */ +HWTEST_F(FilePermissionTest, GrantPolicy_test_0001, testing::ext::TestSize.Level1) +{ + GTEST_LOG_(INFO) << "FilePermissionTest-begin GrantPolicy_test_0001"; + int32_t targetCode = EPERM; + if(!CheckFileManagerFullMountEnable()){ + targetCode = E_DEVICENOTSUPPORT; + } + string inexistentUri = "file://" + bundleA + "/data/storage/el2/base/files/inexistentTest.txt"; + string mediaUri = "file://media/data/storage/el2/base"; + int32_t tokenId = 0; + std::vector uriPolicies; + UriPolicyInfo uriPolicyInfo; + uriPolicyInfo.uri = inexistentUri; + uint32_t policyFlag = OperateMode::READ_MODE | OperateMode::WRITE_MODE; + uriPolicies.emplace_back(uriPolicyInfo); + uriPolicyInfo.uri = mediaUri; + uriPolicies.emplace_back(uriPolicyInfo); + int32_t ret = FilePermission::GrantPolicy(tokenId, uriPolicies, policyFlag); + EXPECT_EQ(ret, targetCode); + GTEST_LOG_(INFO) << "FilePermissionTest-end GrantPolicy_test_0001"; +} + +/** + * @tc.name: PersistPermission_test_0000 + * @tc.desc: Test function of PersistPermission() interface for SUCCESS. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: + */ +HWTEST_F(FilePermissionTest, PersistPermission_test_0000, testing::ext::TestSize.Level1) +{ + GTEST_LOG_(INFO) << "FilePermissionTest-begin PersistPermission_test_0000"; + int32_t targetCode = 0; + if(!CheckFileManagerFullMountEnable()){ + targetCode = E_DEVICENOTSUPPORT; + } + string uri = "file://" + bundleA + "/data/storage/el2/base"; + int32_t tokenId = 0; + std::vector uriPolicies; + UriPolicyInfo uriPolicyInfo; + uriPolicyInfo.uri = uri; + uint32_t policyFlag = OperateMode::READ_MODE | OperateMode::WRITE_MODE; + uriPolicies.emplace_back(uriPolicyInfo); + int32_t ret = FilePermission::PersistPermission(uriPolicies); + EXPECT_EQ(ret, targetCode); + GTEST_LOG_(INFO) << "FilePermissionTest-end PersistPermission_test_0000"; +} + +/** + * @tc.name: PersistPermission_test_0001 + * @tc.desc: Test function of PersistPermission() interface for error URI. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: + */ +HWTEST_F(FilePermissionTest, PersistPermission_test_0001, testing::ext::TestSize.Level1) +{ + GTEST_LOG_(INFO) << "FilePermissionTest-begin PersistPermission_test_0001"; + int32_t targetCode = EPERM; + if(!CheckFileManagerFullMountEnable()){ + targetCode = E_DEVICENOTSUPPORT; + } + string inexistentUri = "file://" + bundleA + "/data/storage/el2/base/files/inexistentTest.txt"; + string mediaUri = "file://media/data/storage/el2/base"; + int32_t tokenId = 0; + std::vector uriPolicies; + UriPolicyInfo uriPolicyInfo; + uriPolicyInfo.uri = inexistentUri; + uint32_t policyFlag = OperateMode::READ_MODE | OperateMode::WRITE_MODE; + uriPolicies.emplace_back(uriPolicyInfo); + uriPolicyInfo.uri = mediaUri; + uriPolicies.emplace_back(uriPolicyInfo); + int32_t ret = FilePermission::PersistPermission(tokenId, uriPolicies, policyFlag); + EXPECT_EQ(ret, targetCode); + GTEST_LOG_(INFO) << "FilePermissionTest-end PersistPermission_test_0001"; +} + +/** + * @tc.name: DesistPersistedPermission_test_0000 + * @tc.desc: Test function of DesistPersistedPermission() interface for SUCCESS. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: + */ +HWTEST_F(FilePermissionTest, DesistPersistedPermission_test_0000, testing::ext::TestSize.Level1) +{ + GTEST_LOG_(INFO) << "FilePermissionTest-begin DesistPersistedPermission_test_0000"; + int32_t targetCode = 0; + if(!CheckFileManagerFullMountEnable()){ + targetCode = E_DEVICENOTSUPPORT; + } + string uri = "file://" + bundleA + "/data/storage/el2/base"; + int32_t tokenId = 0; + std::vector uriPolicies; + UriPolicyInfo uriPolicyInfo; + uriPolicyInfo.uri = uri; + uint32_t policyFlag = OperateMode::READ_MODE | OperateMode::WRITE_MODE; + uriPolicies.emplace_back(uriPolicyInfo); + int32_t ret = FilePermission::DesistPersistedPermission(uriPolicies); + EXPECT_EQ(ret, targetCode); + GTEST_LOG_(INFO) << "FilePermissionTest-end DesistPersistedPermission_test_0000"; +} + +/** + * @tc.name: DesistPersistedPermission_test_0001 + * @tc.desc: Test function of DesistPersistedPermission() interface for error URI. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: + */ +HWTEST_F(FilePermissionTest, DesistPersistedPermission_test_0001, testing::ext::TestSize.Level1) +{ + GTEST_LOG_(INFO) << "FilePermissionTest-begin DesistPersistedPermission_test_0001"; + int32_t targetCode = EPERM; + if(!CheckFileManagerFullMountEnable()){ + targetCode = E_DEVICENOTSUPPORT; + } + string inexistentUri = "file://" + bundleA + "/data/storage/el2/base/files/inexistentTest.txt"; + string mediaUri = "file://media/data/storage/el2/base"; + int32_t tokenId = 0; + std::vector uriPolicies; + UriPolicyInfo uriPolicyInfo; + uriPolicyInfo.uri = inexistentUri; + uint32_t policyFlag = OperateMode::READ_MODE | OperateMode::WRITE_MODE; + uriPolicies.emplace_back(uriPolicyInfo); + uriPolicyInfo.uri = mediaUri; + uriPolicies.emplace_back(uriPolicyInfo); + int32_t ret = FilePermission::DesistPersistedPermission(tokenId, uriPolicies, policyFlag); + EXPECT_EQ(ret, targetCode); + GTEST_LOG_(INFO) << "FilePermissionTest-end DesistPersistedPermission_test_0001"; +} + +/** + * @tc.name: ActivateAccessingUri_test_0000 + * @tc.desc: Test function of ActivateAccessingUri() interface for SUCCESS. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: + */ +HWTEST_F(FilePermissionTest, ActivateAccessingUri_test_0000, testing::ext::TestSize.Level1) +{ + GTEST_LOG_(INFO) << "FilePermissionTest-begin ActivateAccessingUri_test_0000"; + int32_t targetCode = 0; + if(!CheckFileManagerFullMountEnable()){ + targetCode = E_DEVICENOTSUPPORT; + } + string uri = "file://" + bundleA + "/data/storage/el2/base"; + int32_t tokenId = 0; + std::vector uriPolicies; + UriPolicyInfo uriPolicyInfo; + uriPolicyInfo.uri = uri; + uint32_t policyFlag = OperateMode::READ_MODE | OperateMode::WRITE_MODE; + uriPolicies.emplace_back(uriPolicyInfo); + int32_t ret = FilePermission::ActivateAccessingUri(uriPolicies); + EXPECT_EQ(ret, targetCode); + GTEST_LOG_(INFO) << "FilePermissionTest-end ActivateAccessingUri_test_0000"; +} + +/** + * @tc.name: ActivateAccessingUri_test_0001 + * @tc.desc: Test function of ActivateAccessingUri() interface for error URI. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: + */ +HWTEST_F(FilePermissionTest, ActivateAccessingUri_test_0001, testing::ext::TestSize.Level1) +{ + GTEST_LOG_(INFO) << "FilePermissionTest-begin ActivateAccessingUri_test_0001"; + int32_t targetCode = EPERM; + if(!CheckFileManagerFullMountEnable()){ + targetCode = E_DEVICENOTSUPPORT; + } + string inexistentUri = "file://" + bundleA + "/data/storage/el2/base/files/inexistentTest.txt"; + string mediaUri = "file://media/data/storage/el2/base"; + int32_t tokenId = 0; + std::vector uriPolicies; + UriPolicyInfo uriPolicyInfo; + uriPolicyInfo.uri = inexistentUri; + uint32_t policyFlag = OperateMode::READ_MODE | OperateMode::WRITE_MODE; + uriPolicies.emplace_back(uriPolicyInfo); + uriPolicyInfo.uri = mediaUri; + uriPolicies.emplace_back(uriPolicyInfo); + int32_t ret = FilePermission::ActivateAccessingUri(tokenId, uriPolicies, policyFlag); + EXPECT_EQ(ret, targetCode); + GTEST_LOG_(INFO) << "FilePermissionTest-end ActivateAccessingUri_test_0001"; +} + +/** + * @tc.name: DeactivateAccessingUri_test_0000 + * @tc.desc: Test function of DeactivateAccessingUri() interface for SUCCESS. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: + */ +HWTEST_F(FilePermissionTest, DeactivateAccessingUri_test_0000, testing::ext::TestSize.Level1) +{ + GTEST_LOG_(INFO) << "FilePermissionTest-begin DeactivateAccessingUri_test_0000"; + int32_t targetCode = 0; + if(!CheckFileManagerFullMountEnable()){ + targetCode = E_DEVICENOTSUPPORT; + } + string uri = "file://" + bundleA + "/data/storage/el2/base"; + int32_t tokenId = 0; + std::vector uriPolicies; + UriPolicyInfo uriPolicyInfo; + uriPolicyInfo.uri = uri; + uint32_t policyFlag = OperateMode::READ_MODE | OperateMode::WRITE_MODE; + uriPolicies.emplace_back(uriPolicyInfo); + int32_t ret = FilePermission::DeactivateAccessingUri(uriPolicies); + EXPECT_EQ(ret, targetCode); + GTEST_LOG_(INFO) << "FilePermissionTest-end DeactivateAccessingUri_test_0000"; +} + +/** + * @tc.name: DeactivateAccessingUri_test_0001 + * @tc.desc: Test function of DeactivateAccessingUri() interface for error URI. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: + */ +HWTEST_F(FilePermissionTest, DeactivateAccessingUri_test_0001, testing::ext::TestSize.Level1) +{ + GTEST_LOG_(INFO) << "FilePermissionTest-begin DeactivateAccessingUri_test_0001"; + int32_t targetCode = EPERM; + if(!CheckFileManagerFullMountEnable()){ + targetCode = E_DEVICENOTSUPPORT; + } + string inexistentUri = "file://" + bundleA + "/data/storage/el2/base/files/inexistentTest.txt"; + string mediaUri = "file://media/data/storage/el2/base"; + int32_t tokenId = 0; + std::vector uriPolicies; + UriPolicyInfo uriPolicyInfo; + uriPolicyInfo.uri = inexistentUri; + uint32_t policyFlag = OperateMode::READ_MODE | OperateMode::WRITE_MODE; + uriPolicies.emplace_back(uriPolicyInfo); + uriPolicyInfo.uri = mediaUri; + uriPolicies.emplace_back(uriPolicyInfo); + int32_t ret = FilePermission::DeactivateAccessingUri(tokenId, uriPolicies, policyFlag); + EXPECT_EQ(ret, targetCode); + GTEST_LOG_(INFO) << "FilePermissionTest-end DeactivateAccessingUri_test_0001"; +} +} // namespace OHOS::AppFileService \ No newline at end of file diff --git a/test/unittest/resource/ohos_test.xml b/test/unittest/resource/ohos_test.xml index df7e93bd1d63fcf7a8b576c750e9005f9c75c776..70d1b61dc9b2f3a5546201f1bb8da8e6b53913c9 100644 --- a/test/unittest/resource/ohos_test.xml +++ b/test/unittest/resource/ohos_test.xml @@ -43,4 +43,13 @@