diff --git a/interfaces/innerkits/accesstoken/test/unittest/BUILD.gn b/interfaces/innerkits/accesstoken/test/unittest/BUILD.gn index b6037329f32b2fc5bf36b464fb4277f2cf4bb822..9d723cd802205bb7e6770e3af04db99c764f97f5 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/BUILD.gn +++ b/interfaces/innerkits/accesstoken/test/unittest/BUILD.gn @@ -96,6 +96,7 @@ ohos_unittest("libaccesstoken_sdk_test") { "cJSON:cjson", "c_utils:utils", "hilog:libhilog", + "init:libbegetutil", "ipc:ipc_single", "samgr:samgr_proxy", ] diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp index 0d2973bb8fc6fea07bc18fd90f4a7ee6f0dfdf37..56d10b2bf847ab41f6e30b344333f400e31679fc 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp @@ -22,6 +22,8 @@ #include "accesstoken_common_log.h" #include "iaccess_token_manager.h" #include "nativetoken_kit.h" +#include "parameter.h" +#include "parameters.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" @@ -34,6 +36,7 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { +static const char* ENTERPRISE_NORMAL_CHECK = "accesstoken.enterprise_normal_check"; static constexpr uint32_t NUMBER_ONE = 1; static constexpr uint32_t NUMBER_TWO = 2; static constexpr uint32_t NUMBER_THREE = 3; @@ -1245,11 +1248,22 @@ HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest019, TestSize.Level0) AccessTokenIDEx fullTokenId; int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; - ASSERT_EQ(RET_SUCCESS, ret); + bool isEnterpriseNormal = OHOS::system::GetBoolParameter(ENTERPRISE_NORMAL_CHECK, false); + if (isEnterpriseNormal) { + ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, ret); + } else { + ASSERT_EQ(RET_SUCCESS, ret); + } HapInfoCheckResult result; ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId, result); - ASSERT_EQ(RET_SUCCESS, ret); + if (isEnterpriseNormal) { + ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, ret); + ASSERT_EQ(result.permCheckResult.permissionName, "ohos.permission.FILE_GUARD_MANAGER"); + ASSERT_EQ(result.permCheckResult.rule, PERMISSION_ENTERPRISE_NORMAL_RULE); + } else { + ASSERT_EQ(RET_SUCCESS, ret); + } ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.FILE_GUARD_MANAGER"); EXPECT_EQ(PERMISSION_DENIED, ret); diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp index dfef21b0bd0bf26a625b1a4b9ab058a324e49921..8d4201d3ea6a0806ae77e5a0d2fe5a044280ffb5 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp @@ -22,6 +22,8 @@ #include "accesstoken_common_log.h" #include "iaccess_token_manager.h" #include "nativetoken_kit.h" +#include "parameter.h" +#include "parameters.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" @@ -34,6 +36,7 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { +static const char* ENTERPRISE_NORMAL_CHECK = "accesstoken.enterprise_normal_check"; static const std::string TEST_BUNDLE_NAME = "ohos"; static const int TEST_USER_ID = 0; static const int THREAD_NUM = 3; @@ -1548,9 +1551,20 @@ HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest015, TestSize.Level0) .isSystemApp = false, .appDistributionType = "" }; - ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams)); - HapInfoCheckResult result; - ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams, result)); + bool isEnterpriseNormal = OHOS::system::GetBoolParameter(ENTERPRISE_NORMAL_CHECK, false); + if (isEnterpriseNormal) { + ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, + AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams)); + HapInfoCheckResult result; + ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, + AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams, result)); + EXPECT_EQ(result.permCheckResult.permissionName, "ohos.permission.FILE_GUARD_MANAGER"); + EXPECT_EQ(result.permCheckResult.rule, PERMISSION_ENTERPRISE_NORMAL_RULE); + } else { + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams)); + HapInfoCheckResult result; + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams, result)); + } EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); } diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index bede23533246c61d3f277f8584f7be1155293fdb..441c5c00975a78a9092aea5eefdce2f24930f330 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -50,7 +50,7 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { -const char* ENTERPRISE_NORMAL_CHECK = "accesstoken.enterprise_normal_check"; +static const char* ENTERPRISE_NORMAL_CHECK = "accesstoken.enterprise_normal_check"; static const char* PERMISSION_STATUS_CHANGE_KEY = "accesstoken.permission.change"; static const char* PERMISSION_STATUS_FLAG_CHANGE_KEY = "accesstoken.permission.flagchange"; static constexpr int32_t VALUE_MAX_LEN = 32; @@ -427,7 +427,7 @@ int32_t PermissionManager::UpdateMultiTokenPermissionState(const std::shared_ptr ClearThreadErrorMsg(); int32_t ret = RET_SUCCESS; - bool isHadSuccess = false; + bool isUpdateSuccess = false; for (const std::string &permissionName : permissionList) { HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_PERMISSION", HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "SCENE_CODE", CommonSceneCode::AT_COMMOM_START, "TOKENID", @@ -439,7 +439,7 @@ int32_t PermissionManager::UpdateMultiTokenPermissionState(const std::shared_ptr break; } - isHadSuccess = true; + isUpdateSuccess = true; uint32_t newFlag = flag; if (GetPermissionFlag(tokenID, permissionName, flag) == RET_SUCCESS) { @@ -454,7 +454,7 @@ int32_t PermissionManager::UpdateMultiTokenPermissionState(const std::shared_ptr IAccessTokenManagerIpcCode::COMMAND_REVOKE_PERMISSION), ret); } - if (isHadSuccess) { + if (isUpdateSuccess) { ParamFlagUpdate(); #ifdef TOKEN_SYNC_ENABLE TokenModifyNotifier::GetInstance().NotifyTokenModify(tokenID); diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index 0587758008032e6cb2d1bdba29b8a9540b919d11..84f476bc9ca67d46bd70c92903d4a6cc74f40293 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -1467,7 +1467,7 @@ void AccessTokenManagerService::FilterInvalidData(const std::vector(tokenId); if (!PermissionManager::GetInstance().IsPermAvailableRangeSatisfied( data, appDistributionType, iter->second.isSystemApp, rule, initInfo)) { continue; diff --git a/services/accesstokenmanager/test/coverage/BUILD.gn b/services/accesstokenmanager/test/coverage/BUILD.gn index 070715f52f0ee8339b6786b56e7c5384614fe611..e76db6dac960ae273f5ba7df45f58a69b163cd79 100644 --- a/services/accesstokenmanager/test/coverage/BUILD.gn +++ b/services/accesstokenmanager/test/coverage/BUILD.gn @@ -41,6 +41,8 @@ accesstoken_manager_service_source = [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp", + "${access_token_path}/services/accesstokenmanager/test/unittest/parameter.cpp", + "${access_token_path}/services/accesstokenmanager/test/unittest/parameters.cpp", ] ohos_unittest("libaccesstoken_manager_service_coverage_test") { @@ -79,6 +81,7 @@ ohos_unittest("libaccesstoken_manager_service_coverage_test") { "${access_token_path}/services/accesstokenmanager/main/cpp/include/seccomp", "${access_token_path}/services/accesstokenmanager/main/cpp/include/service", "${access_token_path}/services/accesstokenmanager/main/cpp/include/token", + "${access_token_path}/services/accesstokenmanager/test/unittest", ] sources = [ diff --git a/services/accesstokenmanager/test/coverage/permission_manager_coverage_test.cpp b/services/accesstokenmanager/test/coverage/permission_manager_coverage_test.cpp index 1f01fd81ae37db8395580eb905a8a2d576f61cbf..acd519ab0bbc49cd3e3f5735e432e4dda2b33d72 100644 --- a/services/accesstokenmanager/test/coverage/permission_manager_coverage_test.cpp +++ b/services/accesstokenmanager/test/coverage/permission_manager_coverage_test.cpp @@ -29,16 +29,19 @@ #undef private #include "accesstoken_callback_stubs.h" #include "callback_death_recipients.h" +#include "parameters.h" +#include "permission_data_brief.h" #include "token_field_const.h" #include "token_setproc.h" -#include "permission_data_brief.h" +using namespace OHOS; using namespace testing::ext; namespace OHOS { namespace Security { namespace AccessToken { namespace { +static const char* ENTERPRISE_NORMAL_CHECK = "accesstoken.enterprise_normal_check"; static const std::string FORM_VISIBLE_NAME = "#1"; static constexpr int USER_ID = 100; static constexpr int INST_INDEX = 0; @@ -464,6 +467,47 @@ HWTEST_F(PermissionManagerCoverageTest, HandleHapUndefinedInfo002, TestSize.Leve atManagerService_ = nullptr; } +/** + * @tc.name: HandleHapUndefinedInfo003 + * @tc.desc: AccessTokenManagerService::HandleHapUndefinedInfo function test + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionManagerCoverageTest, HandleHapUndefinedInfo003, TestSize.Level4) +{ + AtmDataType type = AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO; + std::vector oriData; + BackupAndDelOriData(type, oriData); + + GenericValues value; + value.Put(TokenFiledConst::FIELD_TOKEN_ID, RANDOM_TOKENID); + // enterprise_normal permission + value.Put(TokenFiledConst::FIELD_PERMISSION_NAME, "ohos.permission.FILE_GUARD_MANAGER"); + value.Put(TokenFiledConst::FIELD_ACL, 0); + value.Put(TokenFiledConst::FIELD_APP_DISTRIBUTION_TYPE, "os_integration"); + AddInfo addInfo; + addInfo.addType = type; + addInfo.addValues.emplace_back(value); + + std::vector delInfoVec; + std::vector addInfoVec; + addInfoVec.emplace_back(addInfo); + // add test data + EXPECT_EQ(RET_SUCCESS, AccessTokenDb::GetInstance()->DeleteAndInsertValues(delInfoVec, addInfoVec)); + + std::shared_ptr atManagerService_ = + DelayedSingleton::GetInstance(); + EXPECT_NE(nullptr, atManagerService_); + + std::map tokenIdAplMap; + std::vector delInfoVec2; + std::vector addInfoVec2; + atManagerService_->HandleHapUndefinedInfo(tokenIdAplMap, delInfoVec2, addInfoVec2); + + DelTestDataAndRestoreOri(type, oriData); + atManagerService_ = nullptr; +} + /** * @tc.name: HandlePermDefUpdate001 * @tc.desc: AccessTokenManagerService::HandlePermDefUpdate function test @@ -522,6 +566,30 @@ HWTEST_F(PermissionManagerCoverageTest, HandlePermDefUpdate002, TestSize.Level4) DelTestDataAndRestoreOri(type, oriData); atManagerService_ = nullptr; } + +/** + * @tc.name: IsPermAvailableRangeSatisfied001 + * @tc.desc: PermissionManager::IsPermAvailableRangeSatisfied function test + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionManagerCoverageTest, IsPermAvailableRangeSatisfied001, TestSize.Level4) +{ + PermissionBriefDef briefDef; + briefDef.availableType = ATokenAvailableTypeEnum::ENTERPRISE_NORMAL; + char permissionName[] = "ohos.permission.FILE_GUARD_MANAGER"; + briefDef.permissionName = permissionName; + std::string appDistributionType = "os_integration"; + bool isSystemApp = false; + PermissionRulesEnum rule; + HapInitInfo initInfo; + system::SetBoolParameter(ENTERPRISE_NORMAL_CHECK, true); + ASSERT_FALSE(PermissionManager::GetInstance().IsPermAvailableRangeSatisfied( + briefDef, appDistributionType, isSystemApp, rule, initInfo)); + system::SetBoolParameter(ENTERPRISE_NORMAL_CHECK, false); + ASSERT_TRUE(PermissionManager::GetInstance().IsPermAvailableRangeSatisfied( + briefDef, appDistributionType, isSystemApp, rule, initInfo)); +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/common/json_parse/test/unittest/cjson_utils_test.cpp b/services/common/json_parse/test/unittest/cjson_utils_test.cpp index 961eec01350953dd529ecbba1b0cbddefba7f1f3..04c90ca9cb3782853e97a8dd677fb48a2cee37bd 100644 --- a/services/common/json_parse/test/unittest/cjson_utils_test.cpp +++ b/services/common/json_parse/test/unittest/cjson_utils_test.cpp @@ -104,6 +104,30 @@ HWTEST_F(CJsonUtilsTest, GetArrayFromJsonTest001, TestSize.Level3) EXPECT_EQ(nullptr, GetArrayFromJson(jsonInner, test)); } +/* + * @tc.name: GetArrayFromJson + * @tc.desc: GetArrayFromJson + * @tc.type: FUNC + * @tc.require: TDD coverage + */ +HWTEST_F(CJsonUtilsTest, GetArrayFromJsonTest002, TestSize.Level3) +{ + std::string test; + std::vector out; + EXPECT_FALSE(GetArrayFromJson(nullptr, test, out)); + + cJSON* arrayJson = cJSON_CreateArray(); + cJSON* arrayItem = cJSON_CreateString("test"); + cJSON_AddItemToArray(arrayJson, arrayItem); + std::string key = "data"; + cJSON* array = cJSON_CreateObject(); + EXPECT_NE(NULL, array); + cJSON_AddItemToObject(array, key.c_str(), arrayJson); + EXPECT_TRUE(GetArrayFromJson(array, key, out)); + EXPECT_FALSE(GetArrayFromJson(arrayItem, key, out)); + cJSON_Delete(array); +} + /* * @tc.name: GetStringFromJson * @tc.desc: GetStringFromJson