From aa097437ee576a536d45b12627cecedf1b22766e Mon Sep 17 00:00:00 2001 From: cuiruibin Date: Tue, 21 Nov 2023 14:59:36 +0800 Subject: [PATCH 1/2] =?UTF-8?q?*=20=E6=96=B0=E5=A2=9EPC=E7=AB=AFUri?= =?UTF-8?q?=E8=BD=AC=E5=BA=94=E7=94=A8=E6=B2=99=E7=AE=B1=E8=B7=AF=E5=BE=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: cuiruibin --- bundle.json | 3 +- interfaces/innerkits/native/BUILD.gn | 2 + .../native/file_uri/src/file_uri.cpp | 64 +++++++- test/unittest/file_uri_native/BUILD.gn | 2 + .../file_uri_native/file_uri_test.cpp | 148 +++++++++++++++++- 5 files changed, 210 insertions(+), 9 deletions(-) diff --git a/bundle.json b/bundle.json index 0d0c382c7..e0eb0a57d 100644 --- a/bundle.json +++ b/bundle.json @@ -37,7 +37,8 @@ "napi", "safwk", "samgr", - "storage_service" + "storage_service", + "os_account" ], "third_party": [ "bounds_checking_function", diff --git a/interfaces/innerkits/native/BUILD.gn b/interfaces/innerkits/native/BUILD.gn index a66a94ad7..a60af1fa7 100644 --- a/interfaces/innerkits/native/BUILD.gn +++ b/interfaces/innerkits/native/BUILD.gn @@ -80,7 +80,9 @@ ohos_shared_library("fileuri_native") { "bundle_framework:appexecfwk_core", "c_utils:utils", "hilog:libhilog", + "init:libbegetutil", "ipc:ipc_core", + "os_account:os_account_innerkits", "samgr:samgr_proxy", ] diff --git a/interfaces/innerkits/native/file_uri/src/file_uri.cpp b/interfaces/innerkits/native/file_uri/src/file_uri.cpp index fe9591efb..c662fd4e6 100644 --- a/interfaces/innerkits/native/file_uri/src/file_uri.cpp +++ b/interfaces/innerkits/native/file_uri/src/file_uri.cpp @@ -15,16 +15,17 @@ #include "file_uri.h" -#include #include #include +#include #include "uri.h" #include "common_func.h" #include "log.h" +#include "os_account_manager.h" +#include "parameter.h" #include "sandbox_helper.h" - using namespace std; namespace OHOS { namespace AppFileService { @@ -36,6 +37,59 @@ const std::string FILE_SCHEME_PREFIX = "file://"; const std::string FILE_MANAGER_AUTHORITY = "docs"; const std::string MEDIA_AUTHORITY = "media"; const std::string NETWORK_PARA = "?networkid="; +const std::string STORAGE_USERS = "storage/Users/"; +const std::string EL1_APPDATA = "/appdata/el1/"; +const std::string EL2_APPDATA = "/appdata/el2/"; +const std::string APP_EL1_SANDBOX_HEAD = "/data/storage/el1/base"; +const std::string APP_EL2_SANDBOX_HEAD = "/data/storage/el2/base"; +const std::string DEFAULT_USERNAME = "currentUser"; +const char *g_fileManagerFullMountEnableParameter = "const.filemanager.full_mout.enable"; +bool CheckFileManagerFullMountEnable() +{ + char value[] = "false"; + int retSystem = GetParameter(g_fileManagerFullMountEnableParameter, "false", value, sizeof(value)); + if (retSystem > 0 && !std::strcmp(value, "true")) { + return true; + } + LOGD("Not supporting all mounts"); + return false; +} +bool checkInvalidUri(const string &bundleName) +{ + if (bundleName == MEDIA_AUTHORITY) { + return true; + } + if (bundleName == CommonFunc::GetSelfBundleName()) { + return true; + } + return false; +} +static string GetUserName() +{ + std::string userName; + ErrCode errCode = OHOS::AccountSA::OsAccountManager::GetOsAccountShortName(userName); + if (errCode != ERR_OK || userName.empty()) { + LOGD("Get userName Failed"); + userName = DEFAULT_USERNAME; + } + return userName; +} +static string GetPathFromShareUri(string &realPath, std::string &bundleName) +{ + if(bundleName == FILE_MANAGER_AUTHORITY){ + return realPath; + } + string securityLevel = EL1_APPDATA; + string sandboxHead = APP_EL1_SANDBOX_HEAD; + if (realPath.find(APP_EL1_SANDBOX_HEAD) == string::npos) { + securityLevel = EL2_APPDATA; + sandboxHead = APP_EL2_SANDBOX_HEAD; + } + size_t posBegin = realPath.find(sandboxHead) + sandboxHead.size(); + string fileLowerPath = realPath.substr(posBegin, realPath.size() - 1); + string userName = GetUserName(); + return STORAGE_USERS + userName + securityLevel + bundleName + fileLowerPath; +} string FileUri::GetName() { string sandboxPath = SandboxHelper::Decode(uri_.GetPath()); @@ -68,8 +122,10 @@ string FileUri::GetRealPath() string sandboxPath = SandboxHelper::Decode(uri_.GetPath()); string realPath = sandboxPath; string bundleName = uri_.GetAuthority(); - if (bundleName == FILE_MANAGER_AUTHORITY && - uri_.ToString().find(NETWORK_PARA) == string::npos && + if (CheckFileManagerFullMountEnable() && !checkInvalidUri(bundleName)) { + return GetPathFromShareUri(realPath, bundleName); + } + if (bundleName == FILE_MANAGER_AUTHORITY && uri_.ToString().find(NETWORK_PARA) == string::npos && access(realPath.c_str(), F_OK) == 0) { return realPath; } diff --git a/test/unittest/file_uri_native/BUILD.gn b/test/unittest/file_uri_native/BUILD.gn index 554e71fc6..2fb40de9f 100644 --- a/test/unittest/file_uri_native/BUILD.gn +++ b/test/unittest/file_uri_native/BUILD.gn @@ -27,7 +27,9 @@ ohos_unittest("file_uri_test") { "app_file_service:fileuri_native", "c_utils:utils", "hilog:libhilog", + "init:libbegetutil", "ipc:ipc_core", + "os_account:os_account_innerkits", ] deps = [ diff --git a/test/unittest/file_uri_native/file_uri_test.cpp b/test/unittest/file_uri_native/file_uri_test.cpp index e9efac2a1..9f703cee5 100644 --- a/test/unittest/file_uri_native/file_uri_test.cpp +++ b/test/unittest/file_uri_native/file_uri_test.cpp @@ -26,7 +26,8 @@ #include "common_func.h" #include "file_share.h" #include "log.h" - +#include "os_account_manager.h" +#include "parameter.h" using namespace std; using namespace OHOS::Security::AccessToken; using namespace OHOS::AppFileService; @@ -45,7 +46,7 @@ namespace OHOS::AppFileService::ModuleFileUri { const string MODE_RW = "/rw/"; const string MODE_R = "/r/"; const int E_OK = 0; - + const char* g_fileManagerFullMoutEnableParameter = "const.filemanager.full_mout.enable"; class FileUriTest : public testing::Test { public: static void SetUpTestCase(void) {}; @@ -53,7 +54,6 @@ namespace OHOS::AppFileService::ModuleFileUri { void SetUp() {}; void TearDown() {}; }; - /** * @tc.name: file_uri_test_0000 * @tc.desc: Test function of ToString() interface for SUCCESS. @@ -193,7 +193,7 @@ namespace OHOS::AppFileService::ModuleFileUri { vector retList; int32_t ret = FileShare::CreateShareFile(uriList, tokenId, flag, retList); EXPECT_EQ(ret, E_OK); - + string rltStr = PATH_SHARE + MODE_R + bundleB + actStr; FileUri fileUri(uri); string path = fileUri.GetRealPath(); @@ -250,4 +250,144 @@ namespace OHOS::AppFileService::ModuleFileUri { EXPECT_EQ(folderUriObject.GetFullDirectoryUri(), folderDirectoryUri); GTEST_LOG_(INFO) << "FileUriTest-end File_uri_GetPath_0000"; } + /** + * @tc.name: file_uri_test_0008 + * @tc.desc: Test function of GetRealPath() interface for SUCCESS. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: + */ + HWTEST_F(FileUriTest, File_uri_GetRealPath_0005, testing::ext::TestSize.Level1) + { + GTEST_LOG_(INFO) << "FileUriTest-begin File_uri_GetRealPath_0005"; + string fileUri = "file://media/data/storage/el2/base/files/1.txt"; + string filePath = PATH_SHARE + MODE_R + "media/data/storage/el2/base/files/1.txt"; + FileUri folderUriObject(fileUri); + EXPECT_EQ(folderUriObject.GetRealPath(), filePath); + GTEST_LOG_(INFO) << "FileUriTest-end File_uri_GetRealPath_0005"; + } + /** + * @tc.name: file_uri_test_0009 + * @tc.desc: Test function of GetRealPath() interface for SUCCESS. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: + */ + HWTEST_F(FileUriTest, File_uri_GetRealPath_0006, testing::ext::TestSize.Level1) + { + GTEST_LOG_(INFO) << "FileUriTest-begin File_uri_GetRealPath_0006"; + string fileUri = "file://com.demo.a/data/storage/el1/base/files/1.txt"; + string userName; + ErrCode errCode = OHOS::AccountSA::OsAccountManager::GetOsAccountShortName(userName); + if (errCode != ERR_OK) { + GTEST_LOG_(INFO) << "GetOsAccountShortName failed File_uri_GetRealPath_0006"; + } + string filePath = "storage/Users/" + userName + "/appdata/el1/com.demo.a/files/1.txt"; + string RealPath = PATH_SHARE + MODE_R + "com.demo.a/data/storage/el1/base/files/1.txt"; + FileUri folderUriObject(fileUri); + char value[] = "false"; + int retSystem = GetParameter(g_fileManagerFullMoutEnableParameter, "false", value, sizeof(value)); + if (retSystem > 0 && !std::strcmp(value, "true")) { + EXPECT_EQ(folderUriObject.GetRealPath(), filePath); + } else { + EXPECT_EQ(folderUriObject.GetRealPath(), RealPath); + } + GTEST_LOG_(INFO) << "FileUriTest-end File_uri_GetRealPath_0006"; + } + /** + * @tc.name: file_uri_test_0010 + * @tc.desc: Test function of GetRealPath() interface for SUCCESS. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: + */ + HWTEST_F(FileUriTest, File_uri_GetRealPath_0007, testing::ext::TestSize.Level1) + { + GTEST_LOG_(INFO) << "FileUriTest-begin File_uri_GetRealPath_0007"; + string fileUri = "file://com.demo.a/data/storage/el2/base/files/1.txt"; + string filePath = PATH_SHARE + MODE_R + "com.demo.a/data/storage/el2/base/files/1.txt"; + FileUri folderUriObject(fileUri); + EXPECT_EQ(folderUriObject.GetRealPath(), filePath); + GTEST_LOG_(INFO) << "FileUriTest-end File_uri_GetRealPath_0007"; + } + /** + * @tc.name: file_uri_test_0011 + * @tc.desc: Test function of GetRealPath() interface for SUCCESS. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: + */ + HWTEST_F(FileUriTest, File_uri_GetRealPath_0008, testing::ext::TestSize.Level1) + { + GTEST_LOG_(INFO) << "FileUriTest-begin File_uri_GetRealPath_0008"; + string fileUri = "file://com.demo.a/data/storage/el2/base/files/1.txt"; + string userName; + ErrCode errCode = OHOS::AccountSA::OsAccountManager::GetOsAccountShortName(userName); + if (errCode != ERR_OK) { + GTEST_LOG_(INFO) << "GetOsAccountShortName failed File_uri_GetRealPath_0008"; + } + string filePath = "storage/Users/" + userName + "/appdata/el2/com.demo.a/files/1.txt"; + string RealPath = PATH_SHARE + MODE_R + "com.demo.a/data/storage/el2/base/files/1.txt"; + FileUri folderUriObject(fileUri); + char value[] = "false"; + int retSystem = GetParameter(g_fileManagerFullMoutEnableParameter, "false", value, sizeof(value)); + if (retSystem > 0 && !std::strcmp(value, "true")) { + EXPECT_EQ(folderUriObject.GetRealPath(), filePath); + } else { + EXPECT_EQ(folderUriObject.GetRealPath(), RealPath); + } + GTEST_LOG_(INFO) << "FileUriTest-end File_uri_GetRealPath_0008"; + } + /** + * @tc.name: file_uri_test_0012 + * @tc.desc: Test function of GetRealPath() interface for SUCCESS. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: + */ + HWTEST_F(FileUriTest, File_uri_GetRealPath_0009, testing::ext::TestSize.Level1) + { + GTEST_LOG_(INFO) << "FileUriTest-begin File_uri_GetRealPath_0009"; + string fileUri = "file://docs/storage/Users/user/files/1.txt"; + string filePath = "/storage/Users/user/files/1.txt"; + string RealPath = PATH_SHARE + MODE_R + "docs/storage/Users/user/files/1.txt"; + FileUri folderUriObject(fileUri); + char value[] = "false"; + int retSystem = GetParameter(g_fileManagerFullMoutEnableParameter, "false", value, sizeof(value)); + if (retSystem > 0 && !std::strcmp(value, "true")) { + EXPECT_EQ(folderUriObject.GetRealPath(), filePath); + } else { + EXPECT_EQ(folderUriObject.GetRealPath(), RealPath); + } + GTEST_LOG_(INFO) << "FileUriTest-end File_uri_GetRealPath_0009"; + } + /** + * @tc.name: file_uri_test_0012 + * @tc.desc: Test function of GetRealPath() interface for SUCCESS. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: + */ + HWTEST_F(FileUriTest, File_uri_GetRealPath_0010, testing::ext::TestSize.Level1) + { + GTEST_LOG_(INFO) << "FileUriTest-begin File_uri_GetRealPath_0010"; + string fileUri = "file://docs/storage/Users/user/Download/files/1.txt"; + string filePath = "/storage/Users/user/Download/files/1.txt"; + string RealPath = PATH_SHARE + MODE_R + "docs/storage/Users/user/Download/files/1.txt"; + FileUri folderUriObject(fileUri); + char value[] = "false"; + int retSystem = GetParameter(g_fileManagerFullMoutEnableParameter, "false", value, sizeof(value)); + if (retSystem > 0 && !std::strcmp(value, "true")) { + EXPECT_EQ(folderUriObject.GetRealPath(), filePath); + } else { + EXPECT_EQ(folderUriObject.GetRealPath(), RealPath); + } + GTEST_LOG_(INFO) << "FileUriTest-end File_uri_GetRealPath_0010"; + } } \ No newline at end of file -- Gitee From 7a197993777b04144993a20888a687c707820bba Mon Sep 17 00:00:00 2001 From: cuiruibin Date: Sat, 20 Jan 2024 10:44:25 +0800 Subject: [PATCH 2/2] =?UTF-8?q?=E9=80=82=E9=85=8Dsandbox=5Fmanager?= =?UTF-8?q?=E6=8E=88=E6=9D=83=E6=8E=A5=E5=8F=A3=20Signed-off-by:=20cuiruib?= =?UTF-8?q?in=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app_file_service.gni | 7 + bundle.json | 2 +- interfaces/innerkits/native/BUILD.gn | 12 +- .../file_share/include/file_permission.h | 18 +- .../native/file_share/src/file_permission.cpp | 143 ++++-- .../native/file_uri/src/file_uri.cpp | 64 +-- interfaces/kits/js/BUILD.gn | 9 +- test/unittest/BUILD.gn | 1 + .../file_share_native/file_share_test.cpp | 196 -------- test/unittest/file_uri_native/BUILD.gn | 2 - .../file_uri_native/file_uri_test.cpp | 148 +----- .../full_mount_permission_native/BUILD.gn | 43 ++ .../include/full_mount_permission_test.h | 31 ++ .../src/full_mount_permission_test.cpp | 431 ++++++++++++++++++ 14 files changed, 649 insertions(+), 458 deletions(-) create mode 100644 test/unittest/full_mount_permission_native/BUILD.gn create mode 100644 test/unittest/full_mount_permission_native/include/full_mount_permission_test.h create mode 100644 test/unittest/full_mount_permission_native/src/full_mount_permission_test.cpp diff --git a/app_file_service.gni b/app_file_service.gni index e97d14426..8a4903504 100644 --- a/app_file_service.gni +++ b/app_file_service.gni @@ -16,3 +16,10 @@ utils_system_safwk_path = "//utils/system/safwk" path_base = "//commonlibrary/c_utils/base" path_napi = "//foundation/arkui/napi" app_file_service_path = "//foundation/filemanagement/app_file_service" +declare_args() { + sandbox_manarer = false + if (defined(global_parts_info) && + defined(global_parts_info.accesscontrol_sandbox_manager)) { + sandbox_manarer = true + } +} diff --git a/bundle.json b/bundle.json index cfb59e6eb..688519e6d 100644 --- a/bundle.json +++ b/bundle.json @@ -39,7 +39,7 @@ "safwk", "samgr", "storage_service", - "os_account" + "sandbox_manager" ], "third_party": [ "bounds_checking_function", diff --git a/interfaces/innerkits/native/BUILD.gn b/interfaces/innerkits/native/BUILD.gn index c4159417d..69ab2b3e2 100644 --- a/interfaces/innerkits/native/BUILD.gn +++ b/interfaces/innerkits/native/BUILD.gn @@ -57,10 +57,18 @@ ohos_shared_library("fileshare_native") { "ability_base:want", "ability_base:zuri", "access_token:libaccesstoken_sdk", + "bundle_framework:appexecfwk_base", "c_utils:utils", + "file_api:filemgmt_libn", "hilog:libhilog", + "ipc:ipc_core", + "napi:ace_napi", ] - + defines = [] + if (sandbox_manarer) { + external_deps += [ "sandbox_manager:libsandbox_manager_sdk" ] + defines += [ "SANDBOX_MANAGER" ] + } part_name = "app_file_service" subsystem_name = "filemanagement" } @@ -81,9 +89,7 @@ ohos_shared_library("fileuri_native") { "bundle_framework:appexecfwk_core", "c_utils:utils", "hilog:libhilog", - "init:libbegetutil", "ipc:ipc_core", - "os_account:os_account_innerkits", "samgr:samgr_proxy", ] diff --git a/interfaces/innerkits/native/file_share/include/file_permission.h b/interfaces/innerkits/native/file_share/include/file_permission.h index ce50bc532..d563e234a 100644 --- a/interfaces/innerkits/native/file_share/include/file_permission.h +++ b/interfaces/innerkits/native/file_share/include/file_permission.h @@ -19,10 +19,16 @@ #include #include #include +#ifdef SANDBOX_MANAGER +#include "sandbox_manager_kit.h" +#endif namespace OHOS { namespace AppFileService { using namespace std; +#ifdef SANDBOX_MANAGER +using namespace AccessControl::SandboxManager; +#endif typedef enum OperationMode { READ_MODE = 1 << 0, WRITE_MODE = 1 << 1, @@ -65,14 +71,14 @@ public: deque &errorResults); static int32_t DeactivatePermission(const vector &uriPolicies, deque &errorResults); - +#ifdef SANDBOX_MANAGER private: - static void GetErrorResults(const vector &resultCodes, - const vector &pathPolicies, + static void ParseErrorResults(const vector &resultCodes, + const vector &pathPolicies, deque &errorResults); - static void GetPathPolicyInfoFromUriPolicyInfo(const vector &uriPolicies, - deque &errorResults, - vector &pathPolicies); + static vector GetPathPolicyInfoFromUriPolicyInfo(const vector &uriPolicies, + deque &errorResults); +#endif }; } // namespace AppFileService } // namespace OHOS diff --git a/interfaces/innerkits/native/file_share/src/file_permission.cpp b/interfaces/innerkits/native/file_share/src/file_permission.cpp index 71e427f6f..9769b9389 100644 --- a/interfaces/innerkits/native/file_share/src/file_permission.cpp +++ b/interfaces/innerkits/native/file_share/src/file_permission.cpp @@ -17,6 +17,15 @@ #include "log.h" #include "uri.h" +#ifdef SANDBOX_MANAGER +#include "accesstoken_kit.h" +#include "bundle_constants.h" +#include "hap_token_info.h" +#include "ipc_skeleton.h" +#include "n_error.h" +#include "sandbox_helper.h" +#include "sandbox_manager_err_code.h" +#endif namespace OHOS { namespace AppFileService { @@ -28,6 +37,7 @@ const std::string INVALID_PATH_MESSAGE = "Invalid path!"; const std::string FILE_SCHEME_PREFIX = "file://"; namespace { +#ifdef SANDBOX_MANAGER bool CheckValidUri(const string &uriStr) { if (uriStr.find(FILE_SCHEME_PREFIX) != 0) { @@ -46,11 +56,48 @@ bool CheckValidUri(const string &uriStr) } return true; } +int32_t ErrorCodeConversion(int32_t sandboxManagerErrorCode, + const deque &errorResults, + const vector &resultCodes) +{ + if (sandboxManagerErrorCode == PERMISSION_DENIED) { + LOGE("permission error"); + return FileManagement::LibN::E_PERMISSION; + } + if (sandboxManagerErrorCode == INVALID_PARAMTER) { + if (resultCodes.size() != 0) { + // The number of incoming URIs is too many + LOGE("Sandbox Manager Error Invalid Paramter"); + return FileManagement::LibN::E_PARAMS; + } else { + // The incoming URI is invalid + LOGE("The incoming URI is invalid"); + return EPERM; + } + } + if (!errorResults.empty()) { + // The operation with a URI part failed + LOGE("Some of the incoming URIs failed"); + return EPERM; + } + for (size_t i = 0; i < resultCodes.size(); i++) { + if (resultCodes[i] != 0) { + // Reason for URI authorization failure + LOGE("Some of the incoming URIs failed"); + return EPERM; + } + } + if (sandboxManagerErrorCode == SANDBOX_MANAGER_OK) { + return 0; + } + return FileManagement::LibN::E_UNKNOWN_ERROR; +} +#endif } // namespace - -void FilePermission::GetErrorResults(const vector &resultCodes, - const vector &pathPolicies, - deque &errorResults) +#ifdef SANDBOX_MANAGER +void FilePermission::ParseErrorResults(const vector &resultCodes, + const vector &pathPolicies, + deque &errorResults) { for (size_t i = 0; i < resultCodes.size(); i++) { PolicyErrorResult result; @@ -74,10 +121,10 @@ void FilePermission::GetErrorResults(const vector &resultCodes, } } -void FilePermission::GetPathPolicyInfoFromUriPolicyInfo(const vector &uriPolicies, - deque &errorResults, - vector &pathPolicies) +vector FilePermission::GetPathPolicyInfoFromUriPolicyInfo(const vector &uriPolicies, + deque &errorResults) { + vector pathPolicies; for (auto uriPolicy : uriPolicies) { Uri uri(uriPolicy.uri); string path = uri.GetPath(); @@ -86,74 +133,80 @@ void FilePermission::GetPathPolicyInfoFromUriPolicyInfo(const vector &uriPolicies, deque &errorResults) { - vector pathPolicies; + int errorCode = 0; +#ifdef SANDBOX_MANAGER + vector pathPolicies = GetPathPolicyInfoFromUriPolicyInfo(uriPolicies, errorResults); vector resultCodes; - GetPathPolicyInfoFromUriPolicyInfo(uriPolicies, errorResults, pathPolicies); - // SandboxManager interface call - GetErrorResults(resultCodes, pathPolicies, errorResults); - if (!errorResults.empty()) { - LOGE("There are some URI operations that fail"); - return EPERM; + int32_t sandboxManagerErrorCode = SandboxManagerKit::PersistPolicy(pathPolicies, resultCodes); + errorCode = ErrorCodeConversion(sandboxManagerErrorCode, errorResults, resultCodes); + if (errorCode == EPERM) { + ParseErrorResults(resultCodes, pathPolicies, errorResults); } - LOGD("PersistPermission success"); - return 0; +#endif + return errorCode; } int32_t FilePermission::RevokePermission(const vector &uriPolicies, deque &errorResults) { - vector pathPolicies; + int errorCode = 0; +#ifdef SANDBOX_MANAGER + vector pathPolicies = GetPathPolicyInfoFromUriPolicyInfo(uriPolicies, errorResults); vector resultCodes; - GetPathPolicyInfoFromUriPolicyInfo(uriPolicies, errorResults, pathPolicies); - // SandboxManager interface call - GetErrorResults(resultCodes, pathPolicies, errorResults); - if (!errorResults.empty()) { - LOGE("There are some URI operations that fail"); - return EPERM; + int32_t sandboxManagerErrorCode = SandboxManagerKit::UnPersistPolicy(pathPolicies, resultCodes); + errorCode = ErrorCodeConversion(sandboxManagerErrorCode, errorResults, resultCodes); + if (errorCode == EPERM) { + ParseErrorResults(resultCodes, pathPolicies, errorResults); } - LOGD("RevokePermission success"); - return 0; +#endif + return errorCode; } int32_t FilePermission::ActivatePermission(const vector &uriPolicies, deque &errorResults) { - vector pathPolicies; + int errorCode = 0; +#ifdef SANDBOX_MANAGER + vector pathPolicies = GetPathPolicyInfoFromUriPolicyInfo(uriPolicies, errorResults); vector resultCodes; - GetPathPolicyInfoFromUriPolicyInfo(uriPolicies, errorResults, pathPolicies); - // SandboxManager interface call - GetErrorResults(resultCodes, pathPolicies, errorResults); - if (!errorResults.empty()) { - LOGE("There are some URI operations that fail"); - return EPERM; + int32_t sandboxManagerErrorCode = SandboxManagerKit::StartAccessingPolicy(pathPolicies, resultCodes); + errorCode = ErrorCodeConversion(sandboxManagerErrorCode, errorResults, resultCodes); + if (errorCode == EPERM) { + ParseErrorResults(resultCodes, pathPolicies, errorResults); } - LOGD("ActivatePermission success"); - return 0; +#endif + return errorCode; } int32_t FilePermission::DeactivatePermission(const vector &uriPolicies, deque &errorResults) { - vector pathPolicies; + int errorCode = 0; +#ifdef SANDBOX_MANAGER + vector pathPolicies = GetPathPolicyInfoFromUriPolicyInfo(uriPolicies, errorResults); vector resultCodes; - GetPathPolicyInfoFromUriPolicyInfo(uriPolicies, errorResults, pathPolicies); - // SandboxManager interface call - GetErrorResults(resultCodes, pathPolicies, errorResults); - if (!errorResults.empty()) { - LOGE("There are some URI operations that fail"); - return EPERM; + int32_t sandboxManagerErrorCode = SandboxManagerKit::StopAccessingPolicy(pathPolicies, resultCodes); + errorCode = ErrorCodeConversion(sandboxManagerErrorCode, errorResults, resultCodes); + if (errorCode == EPERM) { + ParseErrorResults(resultCodes, pathPolicies, errorResults); } - LOGD("DeactivatePermission success"); - return 0; +#endif + return errorCode; } } // namespace AppFileService } // namespace OHOS \ No newline at end of file diff --git a/interfaces/innerkits/native/file_uri/src/file_uri.cpp b/interfaces/innerkits/native/file_uri/src/file_uri.cpp index c662fd4e6..fe9591efb 100644 --- a/interfaces/innerkits/native/file_uri/src/file_uri.cpp +++ b/interfaces/innerkits/native/file_uri/src/file_uri.cpp @@ -15,17 +15,16 @@ #include "file_uri.h" +#include #include #include -#include #include "uri.h" #include "common_func.h" #include "log.h" -#include "os_account_manager.h" -#include "parameter.h" #include "sandbox_helper.h" + using namespace std; namespace OHOS { namespace AppFileService { @@ -37,59 +36,6 @@ const std::string FILE_SCHEME_PREFIX = "file://"; const std::string FILE_MANAGER_AUTHORITY = "docs"; const std::string MEDIA_AUTHORITY = "media"; const std::string NETWORK_PARA = "?networkid="; -const std::string STORAGE_USERS = "storage/Users/"; -const std::string EL1_APPDATA = "/appdata/el1/"; -const std::string EL2_APPDATA = "/appdata/el2/"; -const std::string APP_EL1_SANDBOX_HEAD = "/data/storage/el1/base"; -const std::string APP_EL2_SANDBOX_HEAD = "/data/storage/el2/base"; -const std::string DEFAULT_USERNAME = "currentUser"; -const char *g_fileManagerFullMountEnableParameter = "const.filemanager.full_mout.enable"; -bool CheckFileManagerFullMountEnable() -{ - char value[] = "false"; - int retSystem = GetParameter(g_fileManagerFullMountEnableParameter, "false", value, sizeof(value)); - if (retSystem > 0 && !std::strcmp(value, "true")) { - return true; - } - LOGD("Not supporting all mounts"); - return false; -} -bool checkInvalidUri(const string &bundleName) -{ - if (bundleName == MEDIA_AUTHORITY) { - return true; - } - if (bundleName == CommonFunc::GetSelfBundleName()) { - return true; - } - return false; -} -static string GetUserName() -{ - std::string userName; - ErrCode errCode = OHOS::AccountSA::OsAccountManager::GetOsAccountShortName(userName); - if (errCode != ERR_OK || userName.empty()) { - LOGD("Get userName Failed"); - userName = DEFAULT_USERNAME; - } - return userName; -} -static string GetPathFromShareUri(string &realPath, std::string &bundleName) -{ - if(bundleName == FILE_MANAGER_AUTHORITY){ - return realPath; - } - string securityLevel = EL1_APPDATA; - string sandboxHead = APP_EL1_SANDBOX_HEAD; - if (realPath.find(APP_EL1_SANDBOX_HEAD) == string::npos) { - securityLevel = EL2_APPDATA; - sandboxHead = APP_EL2_SANDBOX_HEAD; - } - size_t posBegin = realPath.find(sandboxHead) + sandboxHead.size(); - string fileLowerPath = realPath.substr(posBegin, realPath.size() - 1); - string userName = GetUserName(); - return STORAGE_USERS + userName + securityLevel + bundleName + fileLowerPath; -} string FileUri::GetName() { string sandboxPath = SandboxHelper::Decode(uri_.GetPath()); @@ -122,10 +68,8 @@ string FileUri::GetRealPath() string sandboxPath = SandboxHelper::Decode(uri_.GetPath()); string realPath = sandboxPath; string bundleName = uri_.GetAuthority(); - if (CheckFileManagerFullMountEnable() && !checkInvalidUri(bundleName)) { - return GetPathFromShareUri(realPath, bundleName); - } - if (bundleName == FILE_MANAGER_AUTHORITY && uri_.ToString().find(NETWORK_PARA) == string::npos && + if (bundleName == FILE_MANAGER_AUTHORITY && + uri_.ToString().find(NETWORK_PARA) == string::npos && access(realPath.c_str(), F_OK) == 0) { return realPath; } diff --git a/interfaces/kits/js/BUILD.gn b/interfaces/kits/js/BUILD.gn index ee1a7758b..0d350384f 100644 --- a/interfaces/kits/js/BUILD.gn +++ b/interfaces/kits/js/BUILD.gn @@ -59,6 +59,8 @@ ohos_shared_library("fileshare") { ] sources = [ + "../../common/src/json_utils.cpp", + "../../common/src/sandbox_helper.cpp", "../../innerkits/native/file_share/src/file_permission.cpp", "file_share/fileshare_n_exporter.cpp", "file_share/grant_permissions.cpp", @@ -72,6 +74,7 @@ ohos_shared_library("fileshare") { "ability_runtime:uri_permission_mgr", "access_token:libaccesstoken_sdk", "access_token:libtokenid_sdk", + "bundle_framework:appexecfwk_base", "c_utils:utils", "common_event_service:cesfwk_innerkits", "data_share:datashare_common", @@ -84,7 +87,11 @@ ohos_shared_library("fileshare") { "ipc:ipc_core", "napi:ace_napi", ] - + defines = [] + if (sandbox_manarer) { + external_deps += [ "sandbox_manager:libsandbox_manager_sdk" ] + defines += [ "SANDBOX_MANAGER" ] + } relative_install_dir = "module" part_name = "app_file_service" diff --git a/test/unittest/BUILD.gn b/test/unittest/BUILD.gn index 8ae868099..c18f0eafc 100644 --- a/test/unittest/BUILD.gn +++ b/test/unittest/BUILD.gn @@ -17,6 +17,7 @@ group("unittest") { "file_share_native:file_share_test", "file_uri_native:file_uri_test", "remote_file_share:remote_file_share_test", + "full_mount_permission_native:full_mount_permission_test", "resource/bundle_dependencies/fileShareA:filesharea", "resource/bundle_dependencies/fileShareB:fileshareb", ] diff --git a/test/unittest/file_share_native/file_share_test.cpp b/test/unittest/file_share_native/file_share_test.cpp index 2fe61c3c1..b13e17849 100644 --- a/test/unittest/file_share_native/file_share_test.cpp +++ b/test/unittest/file_share_native/file_share_test.cpp @@ -421,200 +421,4 @@ HWTEST_F(FileShareTest, File_share_GetPhysicalPath_0006, testing::ext::TestSize. EXPECT_EQ(ret, -EINVAL); GTEST_LOG_(INFO) << "FileShareTest-end File_share_GetPhysicalPath_0006"; } - -/** - * @tc.name: PersistPermission_test_0000 - * @tc.desc: Test function of PersistPermission() interface for SUCCESS. - * @tc.size: MEDIUM - * @tc.type: FUNC - * @tc.level Level 1 - * @tc.require: - */ -HWTEST_F(FileShareTest, PersistPermission_test_0000, testing::ext::TestSize.Level1) -{ - GTEST_LOG_(INFO) << "FileShareTest-begin PersistPermission_test_0000"; - string uri = "file://" + BUNDLE_A + "/data/test"; - std::vector uriPolicies; - UriPolicyInfo uriPolicyInfo; - uriPolicyInfo.uri = uri; - uriPolicyInfo.mode = OperationMode::READ_MODE | OperationMode::WRITE_MODE; - uriPolicies.emplace_back(uriPolicyInfo); - deque errorResults; - int32_t ret = FilePermission::PersistPermission(uriPolicies, errorResults); - EXPECT_EQ(ret, 0); - GTEST_LOG_(INFO) << "FileShareTest-end PersistPermission_test_0000"; -} - -/** - * @tc.name: PersistPermission_test_0001 - * @tc.desc: Test function of PersistPermission() interface for error URI. - * @tc.size: MEDIUM - * @tc.type: FUNC - * @tc.level Level 1 - * @tc.require: - */ -HWTEST_F(FileShareTest, PersistPermission_test_0001, testing::ext::TestSize.Level1) -{ - GTEST_LOG_(INFO) << "FileShareTest-begin PersistPermission_test_0001"; - string inexistentUri = "file://" + BUNDLE_A + "/data/storage/el2/base/files/inexistentTest.txt"; - string mediaUri = "file://media/data/storage/el2/base"; - std::vector uriPolicies; - UriPolicyInfo uriPolicyInfo; - uriPolicyInfo.uri = inexistentUri; - uriPolicyInfo.mode = OperationMode::READ_MODE | OperationMode::WRITE_MODE; - uriPolicies.emplace_back(uriPolicyInfo); - uriPolicyInfo.uri = mediaUri; - uriPolicies.emplace_back(uriPolicyInfo); - deque errorResults; - int32_t ret = FilePermission::PersistPermission(uriPolicies, errorResults); - EXPECT_EQ(ret, EPERM); - GTEST_LOG_(INFO) << "FileShareTest-end PersistPermission_test_0001"; -} - -/** - * @tc.name: DesistPersistedPermission_test_0000 - * @tc.desc: Test function of RevokePermission() interface for SUCCESS. - * @tc.size: MEDIUM - * @tc.type: FUNC - * @tc.level Level 1 - * @tc.require: - */ -HWTEST_F(FileShareTest, DesistPersistedPermission_test_0000, testing::ext::TestSize.Level1) -{ - GTEST_LOG_(INFO) << "FileShareTest-begin DesistPersistedPermission_test_0000"; - string uri = "file://" + BUNDLE_A + "/data/test"; - std::vector uriPolicies; - UriPolicyInfo uriPolicyInfo; - uriPolicyInfo.uri = uri; - uriPolicyInfo.mode = OperationMode::READ_MODE | OperationMode::WRITE_MODE; - uriPolicies.emplace_back(uriPolicyInfo); - deque errorResults; - int32_t ret = FilePermission::RevokePermission(uriPolicies, errorResults); - EXPECT_EQ(ret, 0); - GTEST_LOG_(INFO) << "FileShareTest-end DesistPersistedPermission_test_0000"; -} - -/** - * @tc.name: DesistPersistedPermission_test_0001 - * @tc.desc: Test function of RevokePermission() interface for error URI. - * @tc.size: MEDIUM - * @tc.type: FUNC - * @tc.level Level 1 - * @tc.require: - */ -HWTEST_F(FileShareTest, DesistPersistedPermission_test_0001, testing::ext::TestSize.Level1) -{ - GTEST_LOG_(INFO) << "FileShareTest-begin DesistPersistedPermission_test_0001"; - string inexistentUri = "file://" + BUNDLE_A + "/data/storage/el2/base/files/inexistentTest.txt"; - string mediaUri = "file://media/data/storage/el2/base"; - std::vector uriPolicies; - UriPolicyInfo uriPolicyInfo; - uriPolicyInfo.uri = inexistentUri; - uriPolicyInfo.mode = OperationMode::READ_MODE | OperationMode::WRITE_MODE; - uriPolicies.emplace_back(uriPolicyInfo); - uriPolicyInfo.uri = mediaUri; - uriPolicies.emplace_back(uriPolicyInfo); - deque errorResults; - int32_t ret = FilePermission::RevokePermission(uriPolicies, errorResults); - EXPECT_EQ(ret, EPERM); - GTEST_LOG_(INFO) << "FileShareTest-end DesistPersistedPermission_test_0001"; -} - -/** - * @tc.name: ActivatePermission_test_0000 - * @tc.desc: Test function of ActivatePermission() interface for SUCCESS. - * @tc.size: MEDIUM - * @tc.type: FUNC - * @tc.level Level 1 - * @tc.require: - */ -HWTEST_F(FileShareTest, ActivatePermission_test_0000, testing::ext::TestSize.Level1) -{ - GTEST_LOG_(INFO) << "FileShareTest-begin ActivatePermission_test_0000"; - string uri = "file://" + BUNDLE_A + "/data/test"; - std::vector uriPolicies; - UriPolicyInfo uriPolicyInfo; - uriPolicyInfo.uri = uri; - uriPolicyInfo.mode = OperationMode::READ_MODE | OperationMode::WRITE_MODE; - uriPolicies.emplace_back(uriPolicyInfo); - deque errorResults; - int32_t ret = FilePermission::ActivatePermission(uriPolicies, errorResults); - EXPECT_EQ(ret, 0); - GTEST_LOG_(INFO) << "FileShareTest-end ActivatePermission_test_0000"; -} - -/** - * @tc.name: ActivatePermission_test_0001 - * @tc.desc: Test function of ActivatePermission() interface for error URI. - * @tc.size: MEDIUM - * @tc.type: FUNC - * @tc.level Level 1 - * @tc.require: - */ -HWTEST_F(FileShareTest, ActivatePermission_test_0001, testing::ext::TestSize.Level1) -{ - GTEST_LOG_(INFO) << "FileShareTest-begin ActivatePermission_test_0001"; - string inexistentUri = "file://" + BUNDLE_A + "/data/storage/el2/base/files/inexistentTest.txt"; - string mediaUri = "file://media/data/storage/el2/base"; - std::vector uriPolicies; - UriPolicyInfo uriPolicyInfo; - uriPolicyInfo.uri = inexistentUri; - uriPolicyInfo.mode = OperationMode::READ_MODE | OperationMode::WRITE_MODE; - uriPolicies.emplace_back(uriPolicyInfo); - uriPolicyInfo.uri = mediaUri; - uriPolicies.emplace_back(uriPolicyInfo); - deque errorResults; - int32_t ret = FilePermission::ActivatePermission(uriPolicies, errorResults); - EXPECT_EQ(ret, EPERM); - GTEST_LOG_(INFO) << "FileShareTest-end ActivatePermission_test_0001"; -} - -/** - * @tc.name: DeactivatePermission_test_0000 - * @tc.desc: Test function of DeactivatePermission() interface for SUCCESS. - * @tc.size: MEDIUM - * @tc.type: FUNC - * @tc.level Level 1 - * @tc.require: - */ -HWTEST_F(FileShareTest, DeactivatePermission_test_0000, testing::ext::TestSize.Level1) -{ - GTEST_LOG_(INFO) << "FileShareTest-begin DeactivatePermission_test_0000"; - string uri = "file://" + BUNDLE_A + "/data/test"; - std::vector uriPolicies; - UriPolicyInfo uriPolicyInfo; - uriPolicyInfo.uri = uri; - uriPolicyInfo.mode = OperationMode::READ_MODE | OperationMode::WRITE_MODE; - uriPolicies.emplace_back(uriPolicyInfo); - deque errorResults; - int32_t ret = FilePermission::DeactivatePermission(uriPolicies, errorResults); - EXPECT_EQ(ret, 0); - GTEST_LOG_(INFO) << "FileShareTest-end DeactivatePermission_test_0000"; -} - -/** - * @tc.name: DeactivatePermission_test_0001 - * @tc.desc: Test function of DeactivatePermission() interface for error URI. - * @tc.size: MEDIUM - * @tc.type: FUNC - * @tc.level Level 1 - * @tc.require: - */ -HWTEST_F(FileShareTest, DeactivatePermission_test_0001, testing::ext::TestSize.Level1) -{ - GTEST_LOG_(INFO) << "FileShareTest-begin DeactivatePermission_test_0001"; - string inexistentUri = "file://" + BUNDLE_A + "/data/storage/el2/base/files/inexistentTest.txt"; - string mediaUri = "file://media/data/storage/el2/base"; - std::vector uriPolicies; - UriPolicyInfo uriPolicyInfo; - uriPolicyInfo.uri = inexistentUri; - uriPolicyInfo.mode = OperationMode::READ_MODE | OperationMode::WRITE_MODE; - uriPolicies.emplace_back(uriPolicyInfo); - uriPolicyInfo.uri = mediaUri; - uriPolicies.emplace_back(uriPolicyInfo); - deque errorResults; - int32_t ret = FilePermission::DeactivatePermission(uriPolicies, errorResults); - EXPECT_EQ(ret, EPERM); - GTEST_LOG_(INFO) << "FileShareTest-end DeactivatePermission_test_0001"; -} } // namespace \ No newline at end of file diff --git a/test/unittest/file_uri_native/BUILD.gn b/test/unittest/file_uri_native/BUILD.gn index 2fb40de9f..554e71fc6 100644 --- a/test/unittest/file_uri_native/BUILD.gn +++ b/test/unittest/file_uri_native/BUILD.gn @@ -27,9 +27,7 @@ ohos_unittest("file_uri_test") { "app_file_service:fileuri_native", "c_utils:utils", "hilog:libhilog", - "init:libbegetutil", "ipc:ipc_core", - "os_account:os_account_innerkits", ] deps = [ diff --git a/test/unittest/file_uri_native/file_uri_test.cpp b/test/unittest/file_uri_native/file_uri_test.cpp index 9f703cee5..e9efac2a1 100644 --- a/test/unittest/file_uri_native/file_uri_test.cpp +++ b/test/unittest/file_uri_native/file_uri_test.cpp @@ -26,8 +26,7 @@ #include "common_func.h" #include "file_share.h" #include "log.h" -#include "os_account_manager.h" -#include "parameter.h" + using namespace std; using namespace OHOS::Security::AccessToken; using namespace OHOS::AppFileService; @@ -46,7 +45,7 @@ namespace OHOS::AppFileService::ModuleFileUri { const string MODE_RW = "/rw/"; const string MODE_R = "/r/"; const int E_OK = 0; - const char* g_fileManagerFullMoutEnableParameter = "const.filemanager.full_mout.enable"; + class FileUriTest : public testing::Test { public: static void SetUpTestCase(void) {}; @@ -54,6 +53,7 @@ namespace OHOS::AppFileService::ModuleFileUri { void SetUp() {}; void TearDown() {}; }; + /** * @tc.name: file_uri_test_0000 * @tc.desc: Test function of ToString() interface for SUCCESS. @@ -193,7 +193,7 @@ namespace OHOS::AppFileService::ModuleFileUri { vector retList; int32_t ret = FileShare::CreateShareFile(uriList, tokenId, flag, retList); EXPECT_EQ(ret, E_OK); - + string rltStr = PATH_SHARE + MODE_R + bundleB + actStr; FileUri fileUri(uri); string path = fileUri.GetRealPath(); @@ -250,144 +250,4 @@ namespace OHOS::AppFileService::ModuleFileUri { EXPECT_EQ(folderUriObject.GetFullDirectoryUri(), folderDirectoryUri); GTEST_LOG_(INFO) << "FileUriTest-end File_uri_GetPath_0000"; } - /** - * @tc.name: file_uri_test_0008 - * @tc.desc: Test function of GetRealPath() interface for SUCCESS. - * @tc.size: MEDIUM - * @tc.type: FUNC - * @tc.level Level 1 - * @tc.require: - */ - HWTEST_F(FileUriTest, File_uri_GetRealPath_0005, testing::ext::TestSize.Level1) - { - GTEST_LOG_(INFO) << "FileUriTest-begin File_uri_GetRealPath_0005"; - string fileUri = "file://media/data/storage/el2/base/files/1.txt"; - string filePath = PATH_SHARE + MODE_R + "media/data/storage/el2/base/files/1.txt"; - FileUri folderUriObject(fileUri); - EXPECT_EQ(folderUriObject.GetRealPath(), filePath); - GTEST_LOG_(INFO) << "FileUriTest-end File_uri_GetRealPath_0005"; - } - /** - * @tc.name: file_uri_test_0009 - * @tc.desc: Test function of GetRealPath() interface for SUCCESS. - * @tc.size: MEDIUM - * @tc.type: FUNC - * @tc.level Level 1 - * @tc.require: - */ - HWTEST_F(FileUriTest, File_uri_GetRealPath_0006, testing::ext::TestSize.Level1) - { - GTEST_LOG_(INFO) << "FileUriTest-begin File_uri_GetRealPath_0006"; - string fileUri = "file://com.demo.a/data/storage/el1/base/files/1.txt"; - string userName; - ErrCode errCode = OHOS::AccountSA::OsAccountManager::GetOsAccountShortName(userName); - if (errCode != ERR_OK) { - GTEST_LOG_(INFO) << "GetOsAccountShortName failed File_uri_GetRealPath_0006"; - } - string filePath = "storage/Users/" + userName + "/appdata/el1/com.demo.a/files/1.txt"; - string RealPath = PATH_SHARE + MODE_R + "com.demo.a/data/storage/el1/base/files/1.txt"; - FileUri folderUriObject(fileUri); - char value[] = "false"; - int retSystem = GetParameter(g_fileManagerFullMoutEnableParameter, "false", value, sizeof(value)); - if (retSystem > 0 && !std::strcmp(value, "true")) { - EXPECT_EQ(folderUriObject.GetRealPath(), filePath); - } else { - EXPECT_EQ(folderUriObject.GetRealPath(), RealPath); - } - GTEST_LOG_(INFO) << "FileUriTest-end File_uri_GetRealPath_0006"; - } - /** - * @tc.name: file_uri_test_0010 - * @tc.desc: Test function of GetRealPath() interface for SUCCESS. - * @tc.size: MEDIUM - * @tc.type: FUNC - * @tc.level Level 1 - * @tc.require: - */ - HWTEST_F(FileUriTest, File_uri_GetRealPath_0007, testing::ext::TestSize.Level1) - { - GTEST_LOG_(INFO) << "FileUriTest-begin File_uri_GetRealPath_0007"; - string fileUri = "file://com.demo.a/data/storage/el2/base/files/1.txt"; - string filePath = PATH_SHARE + MODE_R + "com.demo.a/data/storage/el2/base/files/1.txt"; - FileUri folderUriObject(fileUri); - EXPECT_EQ(folderUriObject.GetRealPath(), filePath); - GTEST_LOG_(INFO) << "FileUriTest-end File_uri_GetRealPath_0007"; - } - /** - * @tc.name: file_uri_test_0011 - * @tc.desc: Test function of GetRealPath() interface for SUCCESS. - * @tc.size: MEDIUM - * @tc.type: FUNC - * @tc.level Level 1 - * @tc.require: - */ - HWTEST_F(FileUriTest, File_uri_GetRealPath_0008, testing::ext::TestSize.Level1) - { - GTEST_LOG_(INFO) << "FileUriTest-begin File_uri_GetRealPath_0008"; - string fileUri = "file://com.demo.a/data/storage/el2/base/files/1.txt"; - string userName; - ErrCode errCode = OHOS::AccountSA::OsAccountManager::GetOsAccountShortName(userName); - if (errCode != ERR_OK) { - GTEST_LOG_(INFO) << "GetOsAccountShortName failed File_uri_GetRealPath_0008"; - } - string filePath = "storage/Users/" + userName + "/appdata/el2/com.demo.a/files/1.txt"; - string RealPath = PATH_SHARE + MODE_R + "com.demo.a/data/storage/el2/base/files/1.txt"; - FileUri folderUriObject(fileUri); - char value[] = "false"; - int retSystem = GetParameter(g_fileManagerFullMoutEnableParameter, "false", value, sizeof(value)); - if (retSystem > 0 && !std::strcmp(value, "true")) { - EXPECT_EQ(folderUriObject.GetRealPath(), filePath); - } else { - EXPECT_EQ(folderUriObject.GetRealPath(), RealPath); - } - GTEST_LOG_(INFO) << "FileUriTest-end File_uri_GetRealPath_0008"; - } - /** - * @tc.name: file_uri_test_0012 - * @tc.desc: Test function of GetRealPath() interface for SUCCESS. - * @tc.size: MEDIUM - * @tc.type: FUNC - * @tc.level Level 1 - * @tc.require: - */ - HWTEST_F(FileUriTest, File_uri_GetRealPath_0009, testing::ext::TestSize.Level1) - { - GTEST_LOG_(INFO) << "FileUriTest-begin File_uri_GetRealPath_0009"; - string fileUri = "file://docs/storage/Users/user/files/1.txt"; - string filePath = "/storage/Users/user/files/1.txt"; - string RealPath = PATH_SHARE + MODE_R + "docs/storage/Users/user/files/1.txt"; - FileUri folderUriObject(fileUri); - char value[] = "false"; - int retSystem = GetParameter(g_fileManagerFullMoutEnableParameter, "false", value, sizeof(value)); - if (retSystem > 0 && !std::strcmp(value, "true")) { - EXPECT_EQ(folderUriObject.GetRealPath(), filePath); - } else { - EXPECT_EQ(folderUriObject.GetRealPath(), RealPath); - } - GTEST_LOG_(INFO) << "FileUriTest-end File_uri_GetRealPath_0009"; - } - /** - * @tc.name: file_uri_test_0012 - * @tc.desc: Test function of GetRealPath() interface for SUCCESS. - * @tc.size: MEDIUM - * @tc.type: FUNC - * @tc.level Level 1 - * @tc.require: - */ - HWTEST_F(FileUriTest, File_uri_GetRealPath_0010, testing::ext::TestSize.Level1) - { - GTEST_LOG_(INFO) << "FileUriTest-begin File_uri_GetRealPath_0010"; - string fileUri = "file://docs/storage/Users/user/Download/files/1.txt"; - string filePath = "/storage/Users/user/Download/files/1.txt"; - string RealPath = PATH_SHARE + MODE_R + "docs/storage/Users/user/Download/files/1.txt"; - FileUri folderUriObject(fileUri); - char value[] = "false"; - int retSystem = GetParameter(g_fileManagerFullMoutEnableParameter, "false", value, sizeof(value)); - if (retSystem > 0 && !std::strcmp(value, "true")) { - EXPECT_EQ(folderUriObject.GetRealPath(), filePath); - } else { - EXPECT_EQ(folderUriObject.GetRealPath(), RealPath); - } - GTEST_LOG_(INFO) << "FileUriTest-end File_uri_GetRealPath_0010"; - } } \ No newline at end of file diff --git a/test/unittest/full_mount_permission_native/BUILD.gn b/test/unittest/full_mount_permission_native/BUILD.gn new file mode 100644 index 000000000..46e52f9ef --- /dev/null +++ b/test/unittest/full_mount_permission_native/BUILD.gn @@ -0,0 +1,43 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/test.gni") + +ohos_unittest("full_mount_permission_test") { + module_out_path = "filemanagement/app_file_service" + include_dirs = [ + "include", + "//third_party/googletest/include", + ] + sources = [ "src/full_mount_permission_test.cpp" ] + + external_deps = [ + "ability_base:base", + "ability_base:want", + "ability_base:zuri", + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken", + "access_token:libtoken_setproc", + "app_file_service:fileshare_native", + "c_utils:utils", + "common_event_service:cesfwk_innerkits", + "hilog:libhilog", + "ipc:ipc_core", + "init:libbegetutil", + "samgr:samgr_proxy", + ] + deps = [ + "//third_party/googletest:gmock_main", + "//third_party/googletest:gtest_main", + ] +} diff --git a/test/unittest/full_mount_permission_native/include/full_mount_permission_test.h b/test/unittest/full_mount_permission_native/include/full_mount_permission_test.h new file mode 100644 index 000000000..73f620b38 --- /dev/null +++ b/test/unittest/full_mount_permission_native/include/full_mount_permission_test.h @@ -0,0 +1,31 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef FULL_MOUNT_PERMISSION_TEST_H +#define FULL_MOUNT_PERMISSION_TEST_H + +#include + +namespace OHOS { +namespace AppFileService { +class FullMountPermissionTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp() {}; + void TearDown() {}; +}; +} // namespace AppFileService +} // namespace OHOS +#endif // FULL_MOUNT_PERMISSION_TEST_H diff --git a/test/unittest/full_mount_permission_native/src/full_mount_permission_test.cpp b/test/unittest/full_mount_permission_native/src/full_mount_permission_test.cpp new file mode 100644 index 000000000..386a15658 --- /dev/null +++ b/test/unittest/full_mount_permission_native/src/full_mount_permission_test.cpp @@ -0,0 +1,431 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "full_mount_permission_test.h" +#include +#include + +#include +#include +#include +#include +#include + +#include "access_token_error.h" +#include "accesstoken_kit.h" +#include "file_permission.h" +#include "ipc_skeleton.h" +#include "log.h" +#include "parameter.h" +#include "sandbox_helper.h" +#include "uri.h" + +#include "nativetoken_kit.h" +#include "permission_def.h" +#include "permission_state_full.h" +#include "token_setproc.h" + +using namespace testing::ext; +namespace OHOS { +namespace AppFileService { +const char *g_fileManagerFullMountEnableParameter = "const.filemanager.full_mount.enable"; +const std::string SET_POLICY_PERMISSION = "ohos.permission.SET_SANDBOX_POLICY"; +const std::string ACCESS_PERSIST_PERMISSION = "ohos.permission.FILE_ACCESS_PERSIST"; +const std::string BundleName = "com.example.filesharea"; +uint64_t g_mockToken; +OHOS::Security::AccessToken::PermissionStateFull g_testState1 = { + .permissionName = SET_POLICY_PERMISSION, + .isGeneral = true, + .resDeviceID = {"1"}, + .grantStatus = {0}, + .grantFlags = {0}, +}; +OHOS::Security::AccessToken::PermissionStateFull g_testState2 = { + .permissionName = ACCESS_PERSIST_PERMISSION, + .isGeneral = true, + .resDeviceID = {"1"}, + .grantStatus = {0}, + .grantFlags = {0}, +}; +OHOS::Security::AccessToken::HapInfoParams g_testInfoParams = { + .userID = 1, + .bundleName = "full_mount_permission_test", + .instIndex = 0, + .appIDDesc = "test", +}; +OHOS::Security::AccessToken::HapPolicyParams g_testPolicyParams = { + .apl = OHOS::Security::AccessToken::APL_NORMAL, + .domain = "test.domain", + .permList = {}, + .permStateList = {g_testState1, g_testState2}, +}; + +void NativeTokenGet() +{ + uint64_t fullTokenId; + const char **perms = new const char *[1]; + perms[0] = "ohos.permission.DISTRIBUTED_DATASYNC"; + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = 1, + .aclsNum = 0, + .dcaps = nullptr, + .perms = perms, + .acls = nullptr, + .aplStr = "system_core", + }; + infoInstance.processName = "TestCase"; + fullTokenId = GetAccessTokenId(&infoInstance); + EXPECT_EQ(0, SetSelfTokenID(fullTokenId)); + OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo(); + delete[] perms; +} +void FullMountPermissionTest::SetUpTestCase() +{ + NativeTokenGet(); + OHOS::Security::AccessToken::AccessTokenID tokenId = + OHOS::Security::AccessToken::AccessTokenKit::GetNativeTokenId("foundation"); + EXPECT_EQ(0, tokenId); + EXPECT_EQ(0, SetSelfTokenID(tokenId)); + OHOS::Security::AccessToken::AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = OHOS::Security::AccessToken::AccessTokenKit::AllocHapToken(g_testInfoParams, g_testPolicyParams); + EXPECT_EQ(0, tokenIdEx.tokenIdExStruct.tokenID); + g_mockToken = tokenIdEx.tokenIdExStruct.tokenID; + EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIdExStruct.tokenID)); +} +void FullMountPermissionTest::TearDownTestCase() +{ + OHOS::Security::AccessToken::AccessTokenKit::DeleteToken(g_mockToken); +} + +static bool CheckFileManagerFullMountEnable() +{ + char value[] = "false"; + int retSystem = GetParameter(g_fileManagerFullMountEnableParameter, "false", value, sizeof(value)); + if (retSystem > 0 && !std::strcmp(value, "true")) { + return true; + } + LOGE("Not supporting all mounts"); + return false; +} +/** + * @tc.name: PersistPermission_test_0000 + * @tc.desc: Test function of PersistPermission() interface for SUCCESS. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: + */ +HWTEST_F(FullMountPermissionTest, PersistPermission_test_0000, testing::ext::TestSize.Level1) +{ + GTEST_LOG_(INFO) << "FileShareTest-begin PersistPermission_test_0000"; + UriPolicyInfo infoA = {.uri = "file://" + BundleName + "/storage", + .mode = OperationMode::READ_MODE | OperationMode::WRITE_MODE}; + std::vector uriPolicies; + uriPolicies.emplace_back(infoA); + deque errorResults; + int32_t ret = FilePermission::PersistPermission(uriPolicies, errorResults); + if (CheckFileManagerFullMountEnable()) { + EXPECT_EQ(ret, 0); + } else { + EXPECT_EQ(ret, 0); + }; + GTEST_LOG_(INFO) << "FileShareTest-end PersistPermission_test_0000"; +} +/** + * @tc.name: PersistPermission_test_0001 + * @tc.desc: Test function of PersistPermission() interface for SUCCESS. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: + */ +HWTEST_F(FullMountPermissionTest, PersistPermission_test_0001, testing::ext::TestSize.Level1) +{ + GTEST_LOG_(INFO) << "FileShareTest-begin PersistPermission_test_0001"; + UriPolicyInfo infoA = {.uri = "file://" + BundleName + "/storage", + .mode = OperationMode::READ_MODE | OperationMode::WRITE_MODE}; + UriPolicyInfo infoB = {.uri = "file://" + BundleName + "/storage", .mode = -1}; + std::vector uriPolicies; + uriPolicies.emplace_back(infoA); + uriPolicies.emplace_back(infoB); + deque errorResults; + int32_t ret = FilePermission::PersistPermission(uriPolicies, errorResults); + if (CheckFileManagerFullMountEnable()) { + EXPECT_EQ(ret, EPERM); + EXPECT_EQ(INVALID_MODE, errorResults[0].code); + } else { + EXPECT_EQ(ret, 0); + }; + GTEST_LOG_(INFO) << "FileShareTest-end PersistPermission_test_0001"; +} +/** + * @tc.name: PersistPermission_test_0002 + * @tc.desc: Test function of PersistPermission() interface for SUCCESS. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: + */ +HWTEST_F(FullMountPermissionTest, PersistPermission_test_0002, testing::ext::TestSize.Level1) +{ + GTEST_LOG_(INFO) << "FileShareTest-begin PersistPermission_test_0002"; + UriPolicyInfo infoA = {.uri = "file://" + BundleName + "/storage/test01.test", + .mode = OperationMode::READ_MODE | OperationMode::WRITE_MODE}; + std::vector uriPolicies; + uriPolicies.emplace_back(infoA); + deque errorResults; + int32_t ret = FilePermission::PersistPermission(uriPolicies, errorResults); + if (CheckFileManagerFullMountEnable()) { + EXPECT_EQ(ret, EPERM); + ASSERT_EQ(uriPolicies.size(), errorResults.size()); + EXPECT_EQ(INVALID_PATH, errorResults[0].code); + } else { + EXPECT_EQ(ret, 0); + }; + GTEST_LOG_(INFO) << "FileShareTest-end PersistPermission_test_0002"; +} +/** + * @tc.name: ActivatePermission_test_0000 + * @tc.desc: Test function of ActivatePermission() interface for SUCCESS. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: + */ +HWTEST_F(FullMountPermissionTest, ActivatePermission_test_0000, testing::ext::TestSize.Level1) +{ + GTEST_LOG_(INFO) << "FileShareTest-begin ActivatePermission_test_0000"; + UriPolicyInfo infoA = {.uri = "file://" + BundleName + "/storage", + .mode = OperationMode::READ_MODE | OperationMode::WRITE_MODE}; + std::vector uriPolicies; + uriPolicies.emplace_back(infoA); + deque errorResults; + int32_t ret = FilePermission::ActivatePermission(uriPolicies, errorResults); + if (CheckFileManagerFullMountEnable()) { + EXPECT_EQ(ret, 0); + } else { + EXPECT_EQ(ret, 0); + }; + GTEST_LOG_(INFO) << "FileShareTest-end ActivatePermission_test_0000"; +} +/** + * @tc.name: ActivatePermission_test_0001 + * @tc.desc: Test function of PersistPermission() interface for SUCCESS. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: + */ +HWTEST_F(FullMountPermissionTest, ActivatePermission_test_0001, testing::ext::TestSize.Level1) +{ + GTEST_LOG_(INFO) << "FileShareTest-begin ActivatePermission_test_0001"; + UriPolicyInfo infoA = {.uri = "file://" + BundleName + "/storage", + .mode = OperationMode::READ_MODE | OperationMode::WRITE_MODE}; + UriPolicyInfo infoB = {.uri = "file://" + BundleName + "/storage", .mode = -1}; + std::vector uriPolicies; + uriPolicies.emplace_back(infoA); + uriPolicies.emplace_back(infoB); + deque errorResults; + int32_t ret = FilePermission::ActivatePermission(uriPolicies, errorResults); + if (CheckFileManagerFullMountEnable()) { + EXPECT_EQ(ret, EPERM); + EXPECT_EQ(INVALID_MODE, errorResults[0].code); + } else { + EXPECT_EQ(ret, 0); + }; + GTEST_LOG_(INFO) << "FileShareTest-end ActivatePermission_test_0001"; +} +/** + * @tc.name: ActivatePermission_test_0002 + * @tc.desc: Test function of PersistPermission() interface for SUCCESS. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: + */ +HWTEST_F(FullMountPermissionTest, ActivatePermission_test_0002, testing::ext::TestSize.Level1) +{ + GTEST_LOG_(INFO) << "FileShareTest-begin ActivatePermission_test_0002"; + UriPolicyInfo infoA = {.uri = "file://" + BundleName + "/storage/test01.test", + .mode = OperationMode::READ_MODE | OperationMode::WRITE_MODE}; + std::vector uriPolicies; + uriPolicies.emplace_back(infoA); + deque errorResults; + int32_t ret = FilePermission::ActivatePermission(uriPolicies, errorResults); + if (CheckFileManagerFullMountEnable()) { + EXPECT_EQ(ret, EPERM); + ASSERT_EQ(uriPolicies.size(), errorResults.size()); + EXPECT_EQ(INVALID_PATH, errorResults[0].code); + } else { + EXPECT_EQ(ret, 0); + }; + GTEST_LOG_(INFO) << "FileShareTest-end ActivatePermission_test_0002"; +} +/** + * @tc.name: DeactivatePermission_test_0000 + * @tc.desc: Test function of DeactivatePermission() interface for SUCCESS. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: + */ +HWTEST_F(FullMountPermissionTest, DeactivatePermission_test_0000, testing::ext::TestSize.Level1) +{ + GTEST_LOG_(INFO) << "FileShareTest-begin DeactivatePermission_test_0000"; + UriPolicyInfo infoA = {.uri = "file://" + BundleName + "/storage", + .mode = OperationMode::READ_MODE | OperationMode::WRITE_MODE}; + std::vector uriPolicies; + uriPolicies.emplace_back(infoA); + deque errorResults; + int32_t ret = FilePermission::DeactivatePermission(uriPolicies, errorResults); + if (CheckFileManagerFullMountEnable()) { + EXPECT_EQ(ret, 0); + } else { + EXPECT_EQ(ret, 0); + }; + GTEST_LOG_(INFO) << "FileShareTest-end DeactivatePermission_test_0000"; +} +/** + * @tc.name: DeactivatePermission_test_0001 + * @tc.desc: Test function of DeactivatePermission() interface for SUCCESS. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: + */ +HWTEST_F(FullMountPermissionTest, DeactivatePermission_test_0001, testing::ext::TestSize.Level1) +{ + GTEST_LOG_(INFO) << "FileShareTest-begin DeactivatePermission_test_0001"; + UriPolicyInfo infoA = {.uri = "file://" + BundleName + "/storage", + .mode = OperationMode::READ_MODE | OperationMode::WRITE_MODE}; + UriPolicyInfo infoB = {.uri = "file://" + BundleName + "/storage", .mode = -1}; + std::vector uriPolicies; + uriPolicies.emplace_back(infoA); + uriPolicies.emplace_back(infoB); + deque errorResults; + int32_t ret = FilePermission::DeactivatePermission(uriPolicies, errorResults); + if (CheckFileManagerFullMountEnable()) { + EXPECT_EQ(ret, EPERM); + EXPECT_EQ(INVALID_MODE, errorResults[0].code); + } else { + EXPECT_EQ(ret, 0); + }; + GTEST_LOG_(INFO) << "FileShareTest-end DeactivatePermission_test_0001"; +} +/** + * @tc.name: DeactivatePermission_test_0002 + * @tc.desc: Test function of DeactivatePermission() interface for SUCCESS. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: + */ +HWTEST_F(FullMountPermissionTest, DeactivatePermission_test_0002, testing::ext::TestSize.Level1) +{ + GTEST_LOG_(INFO) << "FileShareTest-begin DeactivatePermission_test_0002"; + UriPolicyInfo infoA = {.uri = "file://" + BundleName + "/storage/test01.test", + .mode = OperationMode::READ_MODE | OperationMode::WRITE_MODE}; + std::vector uriPolicies; + uriPolicies.emplace_back(infoA); + deque errorResults; + int32_t ret = FilePermission::DeactivatePermission(uriPolicies, errorResults); + if (CheckFileManagerFullMountEnable()) { + EXPECT_EQ(ret, EPERM); + ASSERT_EQ(uriPolicies.size(), errorResults.size()); + EXPECT_EQ(INVALID_PATH, errorResults[0].code); + } else { + EXPECT_EQ(ret, 0); + }; + GTEST_LOG_(INFO) << "FileShareTest-end DeactivatePermission_test_0002"; +} +/** + * @tc.name: RevokePermission_test_0000 + * @tc.desc: Test function of RevokePermission() interface for SUCCESS. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: + */ +HWTEST_F(FullMountPermissionTest, RevokePermission_test_0000, testing::ext::TestSize.Level1) +{ + GTEST_LOG_(INFO) << "FileShareTest-begin RevokePermission_test_0000"; + UriPolicyInfo infoA = {.uri = "file://" + BundleName + "/storage", + .mode = OperationMode::READ_MODE | OperationMode::WRITE_MODE}; + std::vector uriPolicies; + uriPolicies.emplace_back(infoA); + deque errorResults; + int32_t ret = FilePermission::RevokePermission(uriPolicies, errorResults); + if (CheckFileManagerFullMountEnable()) { + EXPECT_EQ(ret, 0); + } else { + EXPECT_EQ(ret, 0); + }; + GTEST_LOG_(INFO) << "FileShareTest-end RevokePermission_test_0000"; +} +/** + * @tc.name: RevokePermission_test_0001 + * @tc.desc: Test function of RevokePermission() interface for SUCCESS. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: + */ +HWTEST_F(FullMountPermissionTest, RevokePermission_test_0001, testing::ext::TestSize.Level1) +{ + GTEST_LOG_(INFO) << "FileShareTest-begin RevokePermission_test_0001"; + UriPolicyInfo infoA = {.uri = "file://" + BundleName + "/storage", + .mode = OperationMode::READ_MODE | OperationMode::WRITE_MODE}; + UriPolicyInfo infoB = {.uri = "file://" + BundleName + "/storage", .mode = -1}; + std::vector uriPolicies; + uriPolicies.emplace_back(infoA); + uriPolicies.emplace_back(infoB); + deque errorResults; + int32_t ret = FilePermission::RevokePermission(uriPolicies, errorResults); + if (CheckFileManagerFullMountEnable()) { + EXPECT_EQ(ret, EPERM); + EXPECT_EQ(INVALID_MODE, errorResults[0].code); + } else { + EXPECT_EQ(ret, 0); + }; + GTEST_LOG_(INFO) << "FileShareTest-end RevokePermission_test_0001"; +} +/** + * @tc.name: RevokePermission_test_0002 + * @tc.desc: Test function of RevokePermission() interface for SUCCESS. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: + */ +HWTEST_F(FullMountPermissionTest, RevokePermission_test_0002, testing::ext::TestSize.Level1) +{ + GTEST_LOG_(INFO) << "FileShareTest-begin RevokePermission_test_0002"; + UriPolicyInfo infoA = {.uri = "file://" + BundleName + "/storage/test01.test", + .mode = OperationMode::READ_MODE | OperationMode::WRITE_MODE}; + std::vector uriPolicies; + uriPolicies.emplace_back(infoA); + deque errorResults; + int32_t ret = FilePermission::RevokePermission(uriPolicies, errorResults); + if (CheckFileManagerFullMountEnable()) { + EXPECT_EQ(ret, EPERM); + ASSERT_EQ(uriPolicies.size(), errorResults.size()); + EXPECT_EQ(INVALID_PATH, errorResults[0].code); + } else { + EXPECT_EQ(ret, 0); + }; + GTEST_LOG_(INFO) << "FileShareTest-end RevokePermission_test_0002"; +} +} // namespace AppFileService +} // namespace OHOS \ No newline at end of file -- Gitee