From ca02420995f3f5ea50b6f4e130d8618f881ef65c Mon Sep 17 00:00:00 2001 From: wu-liushuan Date: Thu, 24 Jul 2025 17:43:51 +0800 Subject: [PATCH] =?UTF-8?q?=E6=94=AF=E6=8C=81=E6=A0=A1=E9=AA=8C=E5=BA=94?= =?UTF-8?q?=E7=94=A8=E7=94=B3=E8=AF=B7=E4=BC=81=E4=B8=9A=E6=99=AE=E9=80=9A?= =?UTF-8?q?=E6=9D=83=E9=99=9020250721--=E7=9B=91=E8=A7=86=E4=BF=AE?= =?UTF-8?q?=E6=94=B920250724?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: wu-liushuan Change-Id: I79da8969d177c56dfdb905f7e850bd0aafec8922 --- .../accesstoken/test/unittest/BUILD.gn | 1 + .../HapTokenTest/init_hap_token_test.cpp | 18 ++++- .../HapTokenTest/update_hap_token_test.cpp | 20 +++++- .../cpp/src/permission/permission_manager.cpp | 8 +-- .../service/accesstoken_manager_service.cpp | 2 +- .../accesstokenmanager/test/coverage/BUILD.gn | 3 + .../permission_manager_coverage_test.cpp | 70 ++++++++++++++++++- .../test/unittest/cjson_utils_test.cpp | 24 +++++++ 8 files changed, 135 insertions(+), 11 deletions(-) diff --git a/interfaces/innerkits/accesstoken/test/unittest/BUILD.gn b/interfaces/innerkits/accesstoken/test/unittest/BUILD.gn index b6037329f..9d723cd80 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/BUILD.gn +++ b/interfaces/innerkits/accesstoken/test/unittest/BUILD.gn @@ -96,6 +96,7 @@ ohos_unittest("libaccesstoken_sdk_test") { "cJSON:cjson", "c_utils:utils", "hilog:libhilog", + "init:libbegetutil", "ipc:ipc_single", "samgr:samgr_proxy", ] diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp index 0d2973bb8..56d10b2bf 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp @@ -22,6 +22,8 @@ #include "accesstoken_common_log.h" #include "iaccess_token_manager.h" #include "nativetoken_kit.h" +#include "parameter.h" +#include "parameters.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" @@ -34,6 +36,7 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { +static const char* ENTERPRISE_NORMAL_CHECK = "accesstoken.enterprise_normal_check"; static constexpr uint32_t NUMBER_ONE = 1; static constexpr uint32_t NUMBER_TWO = 2; static constexpr uint32_t NUMBER_THREE = 3; @@ -1245,11 +1248,22 @@ HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest019, TestSize.Level0) AccessTokenIDEx fullTokenId; int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; - ASSERT_EQ(RET_SUCCESS, ret); + bool isEnterpriseNormal = OHOS::system::GetBoolParameter(ENTERPRISE_NORMAL_CHECK, false); + if (isEnterpriseNormal) { + ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, ret); + } else { + ASSERT_EQ(RET_SUCCESS, ret); + } HapInfoCheckResult result; ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId, result); - ASSERT_EQ(RET_SUCCESS, ret); + if (isEnterpriseNormal) { + ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, ret); + ASSERT_EQ(result.permCheckResult.permissionName, "ohos.permission.FILE_GUARD_MANAGER"); + ASSERT_EQ(result.permCheckResult.rule, PERMISSION_ENTERPRISE_NORMAL_RULE); + } else { + ASSERT_EQ(RET_SUCCESS, ret); + } ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.FILE_GUARD_MANAGER"); EXPECT_EQ(PERMISSION_DENIED, ret); diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp index dfef21b0b..8d4201d3e 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp @@ -22,6 +22,8 @@ #include "accesstoken_common_log.h" #include "iaccess_token_manager.h" #include "nativetoken_kit.h" +#include "parameter.h" +#include "parameters.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" @@ -34,6 +36,7 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { +static const char* ENTERPRISE_NORMAL_CHECK = "accesstoken.enterprise_normal_check"; static const std::string TEST_BUNDLE_NAME = "ohos"; static const int TEST_USER_ID = 0; static const int THREAD_NUM = 3; @@ -1548,9 +1551,20 @@ HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest015, TestSize.Level0) .isSystemApp = false, .appDistributionType = "" }; - ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams)); - HapInfoCheckResult result; - ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams, result)); + bool isEnterpriseNormal = OHOS::system::GetBoolParameter(ENTERPRISE_NORMAL_CHECK, false); + if (isEnterpriseNormal) { + ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, + AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams)); + HapInfoCheckResult result; + ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, + AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams, result)); + EXPECT_EQ(result.permCheckResult.permissionName, "ohos.permission.FILE_GUARD_MANAGER"); + EXPECT_EQ(result.permCheckResult.rule, PERMISSION_ENTERPRISE_NORMAL_RULE); + } else { + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams)); + HapInfoCheckResult result; + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams, result)); + } EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); } diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index bede23533..441c5c009 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -50,7 +50,7 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { -const char* ENTERPRISE_NORMAL_CHECK = "accesstoken.enterprise_normal_check"; +static const char* ENTERPRISE_NORMAL_CHECK = "accesstoken.enterprise_normal_check"; static const char* PERMISSION_STATUS_CHANGE_KEY = "accesstoken.permission.change"; static const char* PERMISSION_STATUS_FLAG_CHANGE_KEY = "accesstoken.permission.flagchange"; static constexpr int32_t VALUE_MAX_LEN = 32; @@ -427,7 +427,7 @@ int32_t PermissionManager::UpdateMultiTokenPermissionState(const std::shared_ptr ClearThreadErrorMsg(); int32_t ret = RET_SUCCESS; - bool isHadSuccess = false; + bool isUpdateSuccess = false; for (const std::string &permissionName : permissionList) { HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_PERMISSION", HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "SCENE_CODE", CommonSceneCode::AT_COMMOM_START, "TOKENID", @@ -439,7 +439,7 @@ int32_t PermissionManager::UpdateMultiTokenPermissionState(const std::shared_ptr break; } - isHadSuccess = true; + isUpdateSuccess = true; uint32_t newFlag = flag; if (GetPermissionFlag(tokenID, permissionName, flag) == RET_SUCCESS) { @@ -454,7 +454,7 @@ int32_t PermissionManager::UpdateMultiTokenPermissionState(const std::shared_ptr IAccessTokenManagerIpcCode::COMMAND_REVOKE_PERMISSION), ret); } - if (isHadSuccess) { + if (isUpdateSuccess) { ParamFlagUpdate(); #ifdef TOKEN_SYNC_ENABLE TokenModifyNotifier::GetInstance().NotifyTokenModify(tokenID); diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index 058775800..84f476bc9 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -1467,7 +1467,7 @@ void AccessTokenManagerService::FilterInvalidData(const std::vector(tokenId); if (!PermissionManager::GetInstance().IsPermAvailableRangeSatisfied( data, appDistributionType, iter->second.isSystemApp, rule, initInfo)) { continue; diff --git a/services/accesstokenmanager/test/coverage/BUILD.gn b/services/accesstokenmanager/test/coverage/BUILD.gn index 070715f52..e76db6dac 100644 --- a/services/accesstokenmanager/test/coverage/BUILD.gn +++ b/services/accesstokenmanager/test/coverage/BUILD.gn @@ -41,6 +41,8 @@ accesstoken_manager_service_source = [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp", + "${access_token_path}/services/accesstokenmanager/test/unittest/parameter.cpp", + "${access_token_path}/services/accesstokenmanager/test/unittest/parameters.cpp", ] ohos_unittest("libaccesstoken_manager_service_coverage_test") { @@ -79,6 +81,7 @@ ohos_unittest("libaccesstoken_manager_service_coverage_test") { "${access_token_path}/services/accesstokenmanager/main/cpp/include/seccomp", "${access_token_path}/services/accesstokenmanager/main/cpp/include/service", "${access_token_path}/services/accesstokenmanager/main/cpp/include/token", + "${access_token_path}/services/accesstokenmanager/test/unittest", ] sources = [ diff --git a/services/accesstokenmanager/test/coverage/permission_manager_coverage_test.cpp b/services/accesstokenmanager/test/coverage/permission_manager_coverage_test.cpp index 1f01fd81a..acd519ab0 100644 --- a/services/accesstokenmanager/test/coverage/permission_manager_coverage_test.cpp +++ b/services/accesstokenmanager/test/coverage/permission_manager_coverage_test.cpp @@ -29,16 +29,19 @@ #undef private #include "accesstoken_callback_stubs.h" #include "callback_death_recipients.h" +#include "parameters.h" +#include "permission_data_brief.h" #include "token_field_const.h" #include "token_setproc.h" -#include "permission_data_brief.h" +using namespace OHOS; using namespace testing::ext; namespace OHOS { namespace Security { namespace AccessToken { namespace { +static const char* ENTERPRISE_NORMAL_CHECK = "accesstoken.enterprise_normal_check"; static const std::string FORM_VISIBLE_NAME = "#1"; static constexpr int USER_ID = 100; static constexpr int INST_INDEX = 0; @@ -464,6 +467,47 @@ HWTEST_F(PermissionManagerCoverageTest, HandleHapUndefinedInfo002, TestSize.Leve atManagerService_ = nullptr; } +/** + * @tc.name: HandleHapUndefinedInfo003 + * @tc.desc: AccessTokenManagerService::HandleHapUndefinedInfo function test + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionManagerCoverageTest, HandleHapUndefinedInfo003, TestSize.Level4) +{ + AtmDataType type = AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO; + std::vector oriData; + BackupAndDelOriData(type, oriData); + + GenericValues value; + value.Put(TokenFiledConst::FIELD_TOKEN_ID, RANDOM_TOKENID); + // enterprise_normal permission + value.Put(TokenFiledConst::FIELD_PERMISSION_NAME, "ohos.permission.FILE_GUARD_MANAGER"); + value.Put(TokenFiledConst::FIELD_ACL, 0); + value.Put(TokenFiledConst::FIELD_APP_DISTRIBUTION_TYPE, "os_integration"); + AddInfo addInfo; + addInfo.addType = type; + addInfo.addValues.emplace_back(value); + + std::vector delInfoVec; + std::vector addInfoVec; + addInfoVec.emplace_back(addInfo); + // add test data + EXPECT_EQ(RET_SUCCESS, AccessTokenDb::GetInstance()->DeleteAndInsertValues(delInfoVec, addInfoVec)); + + std::shared_ptr atManagerService_ = + DelayedSingleton::GetInstance(); + EXPECT_NE(nullptr, atManagerService_); + + std::map tokenIdAplMap; + std::vector delInfoVec2; + std::vector addInfoVec2; + atManagerService_->HandleHapUndefinedInfo(tokenIdAplMap, delInfoVec2, addInfoVec2); + + DelTestDataAndRestoreOri(type, oriData); + atManagerService_ = nullptr; +} + /** * @tc.name: HandlePermDefUpdate001 * @tc.desc: AccessTokenManagerService::HandlePermDefUpdate function test @@ -522,6 +566,30 @@ HWTEST_F(PermissionManagerCoverageTest, HandlePermDefUpdate002, TestSize.Level4) DelTestDataAndRestoreOri(type, oriData); atManagerService_ = nullptr; } + +/** + * @tc.name: IsPermAvailableRangeSatisfied001 + * @tc.desc: PermissionManager::IsPermAvailableRangeSatisfied function test + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionManagerCoverageTest, IsPermAvailableRangeSatisfied001, TestSize.Level4) +{ + PermissionBriefDef briefDef; + briefDef.availableType = ATokenAvailableTypeEnum::ENTERPRISE_NORMAL; + char permissionName[] = "ohos.permission.FILE_GUARD_MANAGER"; + briefDef.permissionName = permissionName; + std::string appDistributionType = "os_integration"; + bool isSystemApp = false; + PermissionRulesEnum rule; + HapInitInfo initInfo; + system::SetBoolParameter(ENTERPRISE_NORMAL_CHECK, true); + ASSERT_FALSE(PermissionManager::GetInstance().IsPermAvailableRangeSatisfied( + briefDef, appDistributionType, isSystemApp, rule, initInfo)); + system::SetBoolParameter(ENTERPRISE_NORMAL_CHECK, false); + ASSERT_TRUE(PermissionManager::GetInstance().IsPermAvailableRangeSatisfied( + briefDef, appDistributionType, isSystemApp, rule, initInfo)); +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/common/json_parse/test/unittest/cjson_utils_test.cpp b/services/common/json_parse/test/unittest/cjson_utils_test.cpp index 961eec013..04c90ca9c 100644 --- a/services/common/json_parse/test/unittest/cjson_utils_test.cpp +++ b/services/common/json_parse/test/unittest/cjson_utils_test.cpp @@ -104,6 +104,30 @@ HWTEST_F(CJsonUtilsTest, GetArrayFromJsonTest001, TestSize.Level3) EXPECT_EQ(nullptr, GetArrayFromJson(jsonInner, test)); } +/* + * @tc.name: GetArrayFromJson + * @tc.desc: GetArrayFromJson + * @tc.type: FUNC + * @tc.require: TDD coverage + */ +HWTEST_F(CJsonUtilsTest, GetArrayFromJsonTest002, TestSize.Level3) +{ + std::string test; + std::vector out; + EXPECT_FALSE(GetArrayFromJson(nullptr, test, out)); + + cJSON* arrayJson = cJSON_CreateArray(); + cJSON* arrayItem = cJSON_CreateString("test"); + cJSON_AddItemToArray(arrayJson, arrayItem); + std::string key = "data"; + cJSON* array = cJSON_CreateObject(); + EXPECT_NE(NULL, array); + cJSON_AddItemToObject(array, key.c_str(), arrayJson); + EXPECT_TRUE(GetArrayFromJson(array, key, out)); + EXPECT_FALSE(GetArrayFromJson(arrayItem, key, out)); + cJSON_Delete(array); +} + /* * @tc.name: GetStringFromJson * @tc.desc: GetStringFromJson -- Gitee