diff --git a/interfaces/innerkits/accesstoken/test/BUILD.gn b/interfaces/innerkits/accesstoken/test/BUILD.gn index 6069ca1382eb7b5accb77266f577ae491515d095..38f1f98418de1bded0e541d31e9269630bb1d2ba 100644 --- a/interfaces/innerkits/accesstoken/test/BUILD.gn +++ b/interfaces/innerkits/accesstoken/test/BUILD.gn @@ -14,11 +14,7 @@ import("//base/security/access_token/access_token.gni") import("//build/test.gni") -ohos_unittest("libaccesstoken_sdk_test") { - subsystem_name = "security" - part_name = "access_token" - module_out_path = part_name + "/" + part_name - +config("accesstoken_test_config") { include_dirs = [ "//commonlibrary/c_utils/base/include", "//third_party/googletest/include", @@ -27,12 +23,21 @@ ohos_unittest("libaccesstoken_sdk_test") { "//base/security/access_token/interfaces/innerkits/token_setproc/include", "//base/security/access_token/frameworks/common/include", ] +} + +ohos_unittest("libaccesstoken_sdk_test") { + subsystem_name = "security" + part_name = "access_token" + module_out_path = part_name + "/" + part_name sources = [ "unittest/src/accesstoken_kit_test.cpp" ] cflags_cc = [ "-DHILOG_ENABLE" ] - configs = [ "//base/security/access_token/config:coverage_flags" ] + configs = [ + ":accesstoken_test_config", + "//base/security/access_token/config:coverage_flags", + ] deps = [ "//base/security/access_token/interfaces/innerkits/accesstoken:libaccesstoken_sdk", @@ -51,7 +56,171 @@ ohos_unittest("libaccesstoken_sdk_test") { } } +ohos_unittest("libhap_token_test") { + subsystem_name = "security" + part_name = "access_token" + module_out_path = part_name + "/" + part_name + + sources = [ "unittest/src/hap_token_test.cpp" ] + + configs = [ + ":accesstoken_test_config", + "//base/security/access_token/config:coverage_flags", + ] + + deps = [ "//base/security/access_token/interfaces/innerkits/accesstoken:libaccesstoken_sdk" ] + + external_deps = [ "c_utils:utils" ] +} + +ohos_unittest("libtoken_info_test") { + subsystem_name = "security" + part_name = "access_token" + module_out_path = part_name + "/" + part_name + + sources = [ "unittest/src/token_info_test.cpp" ] + + configs = [ + ":accesstoken_test_config", + "//base/security/access_token/config:coverage_flags", + ] + + deps = [ + "//base/security/access_token/interfaces/innerkits/accesstoken:libaccesstoken_sdk", + "//base/security/access_token/interfaces/innerkits/nativetoken:libnativetoken", + ] + + external_deps = [ "c_utils:utils" ] +} + +ohos_unittest("libverify_token_test") { + subsystem_name = "security" + part_name = "access_token" + module_out_path = part_name + "/" + part_name + + sources = [ "unittest/src/verify_token_test.cpp" ] + + configs = [ + ":accesstoken_test_config", + "//base/security/access_token/config:coverage_flags", + ] + + deps = [ "//base/security/access_token/interfaces/innerkits/accesstoken:libaccesstoken_sdk" ] + + external_deps = [ "c_utils:utils" ] +} + +ohos_unittest("libperm_info_test") { + subsystem_name = "security" + part_name = "access_token" + module_out_path = part_name + "/" + part_name + + sources = [ "unittest/src/perm_info_test.cpp" ] + + configs = [ + ":accesstoken_test_config", + "//base/security/access_token/config:coverage_flags", + ] + + deps = [ + "//base/security/access_token/interfaces/innerkits/accesstoken:libaccesstoken_sdk", + "//base/security/access_token/interfaces/innerkits/token_setproc:libtoken_setproc", + ] + + external_deps = [ "c_utils:utils" ] +} + +ohos_unittest("libgrant_revoke_permission_test") { + subsystem_name = "security" + part_name = "access_token" + module_out_path = part_name + "/" + part_name + + sources = [ "unittest/src/grant_revoke_permission_test.cpp" ] + + configs = [ + ":accesstoken_test_config", + "//base/security/access_token/config:coverage_flags", + ] + + deps = [ "//base/security/access_token/interfaces/innerkits/accesstoken:libaccesstoken_sdk" ] + + external_deps = [ "c_utils:utils" ] +} + +ohos_unittest("libpermission_callback_test") { + subsystem_name = "security" + part_name = "access_token" + module_out_path = part_name + "/" + part_name + + sources = [ "unittest/src/permission_callback_test.cpp" ] + + configs = [ + ":accesstoken_test_config", + "//base/security/access_token/config:coverage_flags", + ] + + deps = [ "//base/security/access_token/interfaces/innerkits/accesstoken:libaccesstoken_sdk" ] + + external_deps = [ "c_utils:utils" ] +} + +ohos_unittest("libremote_token_test") { + subsystem_name = "security" + part_name = "access_token" + module_out_path = part_name + "/" + part_name + + cflags_cc = [ "-DHILOG_ENABLE" ] + sources = [ "unittest/src/remote_token_test.cpp" ] + + configs = [ + ":accesstoken_test_config", + "//base/security/access_token/config:coverage_flags", + ] + + deps = [ + "//base/security/access_token/interfaces/innerkits/accesstoken:libaccesstoken_sdk", + "//base/security/access_token/interfaces/innerkits/nativetoken:libnativetoken", + "//base/security/access_token/interfaces/innerkits/token_setproc:libtoken_setproc", + ] + + external_deps = [ + "c_utils:utils", + "dsoftbus:softbus_client", + "hiviewdfx_hilog_native:libhilog", + ] + if (token_sync_enable == true) { + cflags_cc += [ "-DTOKEN_SYNC_ENABLE" ] + } +} + +ohos_unittest("libperformance_test") { + subsystem_name = "security" + part_name = "access_token" + module_out_path = part_name + "/" + part_name + + sources = [ "unittest/src/performance_test.cpp" ] + + configs = [ + ":accesstoken_test_config", + "//base/security/access_token/config:coverage_flags", + ] + + deps = [ "//base/security/access_token/interfaces/innerkits/accesstoken:libaccesstoken_sdk" ] + + external_deps = [ "c_utils:utils" ] +} + group("unittest") { testonly = true - deps = [ ":libaccesstoken_sdk_test" ] + deps = [ + ":libaccesstoken_sdk_test", + ":libgrant_revoke_permission_test", + ":libhap_token_test", + ":libperformance_test", + ":libperm_info_test", + ":libpermission_callback_test", + ":libremote_token_test", + ":libtoken_info_test", + ":libverify_token_test", + ] } diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.h b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.h index a6c2757ec5fc4fbb0175354206422ef1d218fce0..6a0ce25eebbe49e67dbba8659cc7f8945c530a0c 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.h +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.h @@ -26,22 +26,23 @@ namespace OHOS { namespace Security { namespace AccessToken { static const std::string TEST_BUNDLE_NAME = "ohos"; +static const std::string TEST_LOCATION_BUNDLE_NAME = "accesstoken_location_test"; static const std::string TEST_PERMISSION_NAME_ALPHA = "ohos.permission.ALPHA"; static const std::string TEST_PERMISSION_NAME_BETA = "ohos.permission.BETA"; static const std::string TEST_PERMISSION_NAME_GAMMA = "ohos.permission.GAMMA"; static const std::string TEST_PKG_NAME = "com.softbus.test"; -static const int TEST_USER_ID = 0; -static const int TEST_USER_ID_INVALID = -1; -static const unsigned int TEST_TOKENID_INVALID = 0; -static const int INVALID_BUNDLENAME_LEN = 260; -static const int INVALID_APPIDDESC_LEN = 10244; -static const int INVALID_LABEL_LEN = 260; -static const int INVALID_DESCRIPTION_LEN = 260; -static const int INVALID_PERMNAME_LEN = 260; -static const int CYCLE_TIMES = 100; -static const int THREAD_NUM = 3; -static const int INVALID_DCAP_LEN = 1025; -static const int INVALID_DLP_TYPE = 4; +static const int32_t TEST_USER_ID = 0; +static const int32_t TEST_USER_ID_INVALID = -1; +static const uint32_t TEST_TOKENID_INVALID = 0; +static const int32_t INVALID_BUNDLENAME_LEN = 260; +static const int32_t INVALID_APPIDDESC_LEN = 10244; +static const int32_t INVALID_LABEL_LEN = 260; +static const int32_t INVALID_DESCRIPTION_LEN = 260; +static const int32_t INVALID_PERMNAME_LEN = 260; +static const int32_t CYCLE_TIMES = 100; +static const int32_t THREAD_NUM = 3; +static const int32_t INVALID_DCAP_LEN = 1025; +static const int32_t INVALID_DLP_TYPE = 4; class AccessTokenKitTest : public testing::Test { public: static void SetUpTestCase(); diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/grant_revoke_permission_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/grant_revoke_permission_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..3e5e99534f0595dc013b1bfc511c7a48c8a200b0 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/src/grant_revoke_permission_test.cpp @@ -0,0 +1,391 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "accesstoken_kit_test.h" + +#include "accesstoken_kit.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" + +using namespace testing::ext; +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static constexpr int32_t DEFAULT_API_VERSION = 8; +} +class GrantRevokePermissionTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); + uint32_t GetAccessTokenID(int32_t userID, std::string bundleName, int32_t instIndex); +}; + +void GrantRevokePermissionTest::SetUpTestCase() +{ + // make test case clean + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); +} + +void GrantRevokePermissionTest::TearDownTestCase() +{ +} + +void GrantRevokePermissionTest::SetUp() +{ + HapInfoParams info = { + .userID = TEST_USER_ID, + .bundleName = TEST_BUNDLE_NAME, + .instIndex = 0, + .appIDDesc = "appIDDesc", + .apiVersion = DEFAULT_API_VERSION + }; + + HapPolicyParams policy = { + .apl = APL_NORMAL, + .domain = "domain" + }; + + PermissionDef permissionDefAlpha = { + .permissionName = TEST_PERMISSION_NAME_ALPHA, + .bundleName = TEST_BUNDLE_NAME, + .grantMode = GrantMode::USER_GRANT, + .availableLevel = APL_NORMAL, + .provisionEnable = false, + .distributedSceneEnable = false + }; + + PermissionDef permissionDefBeta = { + .permissionName = TEST_PERMISSION_NAME_BETA, + .bundleName = TEST_BUNDLE_NAME, + .grantMode = GrantMode::SYSTEM_GRANT, + .availableLevel = APL_NORMAL, + .provisionEnable = false, + .distributedSceneEnable = false + }; + policy.permList.emplace_back(permissionDefAlpha); + policy.permList.emplace_back(permissionDefBeta); + + PermissionStateFull permStatAlpha = { + .permissionName = TEST_PERMISSION_NAME_ALPHA, + .isGeneral = true, + .resDeviceID = {"device"}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .grantFlags = {PermissionFlag::PERMISSION_USER_SET} + }; + PermissionStateFull permStatBeta = { + .permissionName = TEST_PERMISSION_NAME_BETA, + .isGeneral = true, + .resDeviceID = {"device"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED} + }; + + policy.permStateList.emplace_back(permStatAlpha); + policy.permStateList.emplace_back(permStatBeta); + AccessTokenKit::AllocHapToken(info, policy); +} + +void GrantRevokePermissionTest::TearDown() +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); +} + +uint32_t GrantRevokePermissionTest::GetAccessTokenID(int32_t userID, std::string bundleName, int32_t instIndex) +{ + return AccessTokenKit::GetHapTokenID(userID, bundleName, instIndex); +} + +/** + * @tc.name: GrantPermission001 + * @tc.desc: Grant permission that has ohos.permission.GRANT_SENSITIVE_PERMISSIONS + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GrantRevokePermissionTest, GrantPermission001, TestSize.Level0) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + int32_t ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA); + ASSERT_EQ(PERMISSION_GRANTED, ret); + + ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_BETA, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA); + ASSERT_EQ(PERMISSION_GRANTED, ret); +} + +/** + * @tc.name: GrantPermission002 + * @tc.desc: Grant permission that tokenID or permission is invalid. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GrantRevokePermissionTest, GrantPermission002, TestSize.Level0) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + + int32_t ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_GAMMA, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::GrantPermission(tokenID, "", PERMISSION_USER_FIXED); + ASSERT_EQ(RET_FAILED, ret); + + std::string invalidPerm(INVALID_PERMNAME_LEN, 'a'); + ret = AccessTokenKit::GrantPermission(tokenID, invalidPerm, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_FAILED, ret); + + ret = AccessTokenKit::GrantPermission(TEST_TOKENID_INVALID, TEST_PERMISSION_NAME_BETA, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_FAILED, ret); + + AccessTokenKit::DeleteToken(tokenID); + + ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_BETA, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); +} + +/** + * @tc.name: GrantPermission003 + * @tc.desc: GrantPermission is invoked multiple times. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GrantRevokePermissionTest, GrantPermission003, TestSize.Level0) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + int32_t ret = RET_FAILED; + for (int32_t i = 0; i < CYCLE_TIMES; i++) { + ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA); + ASSERT_EQ(PERMISSION_GRANTED, ret); + + ret = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_ALPHA); + ASSERT_EQ(PERMISSION_USER_FIXED, ret); + } +} + +/** + * @tc.name: RevokePermission001 + * @tc.desc: Revoke permission that has ohos.permission.GRANT_SENSITIVE_PERMISSIONS + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GrantRevokePermissionTest, RevokePermission001, TestSize.Level0) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + int32_t ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA); + ASSERT_EQ(PERMISSION_DENIED, ret); + + ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_BETA, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA); + ASSERT_EQ(PERMISSION_DENIED, ret); +} + +/** + * @tc.name: RevokePermission002 + * @tc.desc: Revoke permission that tokenID or permission is invalid. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GrantRevokePermissionTest, RevokePermission002, TestSize.Level0) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + + int32_t ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_GAMMA, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::RevokePermission(tokenID, "", PERMISSION_USER_FIXED); + ASSERT_EQ(RET_FAILED, ret); + + std::string invalidPerm(INVALID_PERMNAME_LEN, 'a'); + ret = AccessTokenKit::RevokePermission(tokenID, invalidPerm, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_FAILED, ret); + + ret = AccessTokenKit::RevokePermission(TEST_TOKENID_INVALID, TEST_PERMISSION_NAME_BETA, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_FAILED, ret); + + AccessTokenKit::DeleteToken(tokenID); + + ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_BETA, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); +} + +/** + * @tc.name: RevokePermission003 + * @tc.desc: RevokePermission is invoked multiple times. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GrantRevokePermissionTest, RevokePermission003, TestSize.Level0) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + int32_t ret = RET_FAILED; + for (int32_t i = 0; i < CYCLE_TIMES; i++) { + ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA); + ASSERT_EQ(PERMISSION_DENIED, ret); + + ret = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_ALPHA); + ASSERT_EQ(PERMISSION_USER_FIXED, ret); + } +} + +/** + * @tc.name: ClearUserGrantedPermissionState001 + * @tc.desc: Clear user/system granted permission after ClearUserGrantedPermissionState has been invoked. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GrantRevokePermissionTest, ClearUserGrantedPermissionState001, TestSize.Level0) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + int32_t ret = AccessTokenKit::ClearUserGrantedPermissionState(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA); + ASSERT_EQ(PERMISSION_DENIED, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_BETA); + ASSERT_EQ(PERMISSION_GRANTED, ret); +} + +/** + * @tc.name: ClearUserGrantedPermissionState002 + * @tc.desc: Clear user/system granted permission that tokenID or permission is invalid. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GrantRevokePermissionTest, ClearUserGrantedPermissionState002, TestSize.Level0) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + + int32_t ret = AccessTokenKit::ClearUserGrantedPermissionState(TEST_TOKENID_INVALID); + ASSERT_EQ(RET_FAILED, ret); + + AccessTokenKit::DeleteToken(tokenID); + + ret = AccessTokenKit::ClearUserGrantedPermissionState(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); +} + +/** + * @tc.name: ClearUserGrantedPermissionState003 + * @tc.desc: ClearUserGrantedPermissionState is invoked multiple times. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GrantRevokePermissionTest, ClearUserGrantedPermissionState003, TestSize.Level0) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + int32_t ret = RET_FAILED; + for (int32_t i = 0; i < CYCLE_TIMES; i++) { + ret = AccessTokenKit::ClearUserGrantedPermissionState(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA); + ASSERT_EQ(PERMISSION_DENIED, ret); + } +} + +/** + * @tc.name: ClearUserGrantedPermissionState004 + * @tc.desc: Clear user/system granted permission after ClearUserGrantedPermissionState has been invoked. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GrantRevokePermissionTest, ClearUserGrantedPermissionState004, TestSize.Level0) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + AccessTokenKit::DeleteToken(tokenID); + + HapInfoParams info = { + .userID = TEST_USER_ID, + .bundleName = TEST_BUNDLE_NAME, + .instIndex = 0, + .appIDDesc = "appIDDesc", + .apiVersion = DEFAULT_API_VERSION + }; + PermissionStateFull cameraPerm = { + .permissionName = "ohos.permission.CAMERA", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {PERMISSION_GRANTED_BY_POLICY | PERMISSION_DEFAULT_FLAG} + }; + PermissionStateFull sendMsgPerm = { + .permissionName = "ohos.permission.SEND_MESSAGES", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .grantFlags = {PERMISSION_GRANTED_BY_POLICY | PERMISSION_USER_FIXED} + }; + PermissionStateFull recvSmsPerm = { + .permissionName = "ohos.permission.RECEIVE_SMS", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {PERMISSION_USER_FIXED} + }; + HapPolicyParams policy = { + .apl = ATokenAplEnum::APL_NORMAL, + .domain = "test.domain", + .permStateList = {cameraPerm, sendMsgPerm, recvSmsPerm} + }; + AccessTokenKit::AllocHapToken(info, policy); + tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::ClearUserGrantedPermissionState(tokenID)); + + int32_t ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.CAMERA"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.SEND_MESSAGES"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.RECEIVE_SMS"); + ASSERT_EQ(PERMISSION_DENIED, ret); + + ret = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/hap_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/hap_token_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..6d1bb6882d1197018ed3c6f50bb6bea2ff26de93 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/src/hap_token_test.cpp @@ -0,0 +1,968 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "accesstoken_kit_test.h" + +#include "accesstoken_kit.h" + +using namespace testing::ext; +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static constexpr int32_t DEFAULT_API_VERSION = 8; +} +PermissionDef g_infoManagerTestPermDef1 = { + .permissionName = "ohos.permission.test1", + .bundleName = "accesstoken_test", + .grantMode = 1, + .availableLevel = APL_NORMAL, + .label = "label", + .labelId = 1, + .description = "open the door", + .descriptionId = 1 +}; + +PermissionDef g_infoManagerTestPermDef2 = { + .permissionName = "ohos.permission.test2", + .bundleName = "accesstoken_test", + .grantMode = 1, + .availableLevel = APL_NORMAL, + .label = "label", + .labelId = 1, + .description = "break the door", + .descriptionId = 1 +}; + +PermissionStateFull g_infoManagerTestState1 = { + .permissionName = "ohos.permission.test1", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {1} +}; + +PermissionStateFull g_infoManagerTestState2 = { + .permissionName = "ohos.permission.test2", + .isGeneral = false, + .resDeviceID = {"device 1", "device 2"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED, PermissionState::PERMISSION_GRANTED}, + .grantFlags = {1, 2} +}; + +HapInfoParams g_infoManagerTestInfoParms = { + .userID = 1, + .bundleName = "accesstoken_test", + .instIndex = 0, + .appIDDesc = "testtesttesttest", + .apiVersion = DEFAULT_API_VERSION +}; + +HapPolicyParams g_infoManagerTestPolicyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain", + .permList = {g_infoManagerTestPermDef1, g_infoManagerTestPermDef2}, + .permStateList = {g_infoManagerTestState1, g_infoManagerTestState2} +}; + +static void DeleteTestToken() +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); +} + +class HapTokenTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); + uint32_t GetAccessTokenID(const HapInfoParams& info); +}; + +void HapTokenTest::SetUpTestCase() +{ + // make test case clean + DeleteTestToken(); +} + +void HapTokenTest::TearDownTestCase() +{ +} + +void HapTokenTest::SetUp() +{ +} + +void HapTokenTest::TearDown() +{ + DeleteTestToken(); +} + +uint32_t HapTokenTest::GetAccessTokenID(const HapInfoParams& info) +{ + return AccessTokenKit::GetHapTokenID(info.userID, info.bundleName, info.instIndex); +} + +/** + * @tc.name: AllocHapToken001 + * @tc.desc: alloc a tokenId successfully, delete it successfully the first time and fail to delete it again. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(HapTokenTest, AllocHapToken001, TestSize.Level1) +{ + AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + AccessTokenID tokenID = GetAccessTokenID(g_infoManagerTestInfoParms); + GTEST_LOG_(INFO) << "tokenID :" << tokenID; + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); + ASSERT_EQ(RET_FAILED, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: AllocHapToken002 + * @tc.desc: alloc a tokenId successfully, + * and fail to alloc it with the same info and policy again. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(HapTokenTest, AllocHapToken002, TestSize.Level1) +{ + AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + AccessTokenID tokenID = GetAccessTokenID(g_infoManagerTestInfoParms); + + int32_t ret = AccessTokenKit::DeleteToken(tokenID); + GTEST_LOG_(INFO) << "DeleteToken ret:" << ret; + GTEST_LOG_(INFO) << "tokenID :" << tokenID; + + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + GTEST_LOG_(INFO) << "tokenIdEx.tokenIdExStruct.tokenID :" << tokenIdEx.tokenIdExStruct.tokenID; + + tokenID = GetAccessTokenID(g_infoManagerTestInfoParms); + GTEST_LOG_(INFO) << "tokenID :" << tokenID; + ASSERT_NE(0, tokenID); + + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_EQ(0, tokenIdEx.tokenIdExStruct.tokenID); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: AllocHapToken003 + * @tc.desc: cannot alloc a tokenId with invalid bundleName. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(HapTokenTest, AllocHapToken003, TestSize.Level1) +{ + std::string invalidBundleName (INVALID_BUNDLENAME_LEN, 'x'); + + HapInfoParams info = g_infoManagerTestInfoParms; + HapPolicyParams policy = g_infoManagerTestPolicyPrams; + info.bundleName = invalidBundleName; + + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(info, policy); + ASSERT_EQ(0, tokenIdEx.tokenIdExStruct.tokenID); +} + +/** + * @tc.name: AllocHapToken004 + * @tc.desc: cannot alloc a tokenId with invalid apl. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(HapTokenTest, AllocHapToken004, TestSize.Level1) +{ + HapInfoParams info = g_infoManagerTestInfoParms; + HapPolicyParams policy = g_infoManagerTestPolicyPrams; + policy.apl = (ATokenAplEnum)5; + + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(info, policy); + ASSERT_EQ(0, tokenIdEx.tokenIdExStruct.tokenID); +} + +/** + * @tc.name: AllocHapToken005 + * @tc.desc: can alloc a tokenId when bundleName in permDef is different with bundleName in info. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(HapTokenTest, AllocHapToken005, TestSize.Level1) +{ + HapInfoParams info = g_infoManagerTestInfoParms; + HapPolicyParams policy = g_infoManagerTestPolicyPrams; + + policy.permList[0].bundleName = "invalid_bundleName"; + policy.permList[0].permissionName = "ohos.permission.testtmp01"; + + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(info, policy); + ASSERT_NE(0, tokenIdEx.tokenIdExStruct.tokenID); + + PermissionDef permDefResultBeta; + int32_t ret = AccessTokenKit::GetDefPermission(policy.permList[0].permissionName, permDefResultBeta); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::GetDefPermission(policy.permList[1].permissionName, permDefResultBeta); + ASSERT_EQ(RET_SUCCESS, ret); +} + +/** + * @tc.name: AllocHapToken006 + * @tc.desc: can alloc a tokenId with a invalid permList permissionName. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(HapTokenTest, AllocHapToken006, TestSize.Level1) +{ + const std::string invalidPermissionName (INVALID_BUNDLENAME_LEN, 'x'); + + HapInfoParams info = g_infoManagerTestInfoParms; + HapPolicyParams policy = g_infoManagerTestPolicyPrams; + policy.permList[0].permissionName = invalidPermissionName; + + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(info, policy); + ASSERT_NE(0, tokenIdEx.tokenIdExStruct.tokenID); + + PermissionDef permDefResultBeta; + int32_t ret = AccessTokenKit::GetDefPermission(invalidPermissionName, permDefResultBeta); + ASSERT_EQ(RET_FAILED, ret); + ret = AccessTokenKit::GetDefPermission(policy.permList[1].permissionName, permDefResultBeta); + ASSERT_EQ(RET_SUCCESS, ret); +} + +/** + * @tc.name: AllocHapToken007 + * @tc.desc: can alloc a tokenId with invalid permDef. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(HapTokenTest, AllocHapToken007, TestSize.Level1) +{ + const std::string invalidBundleName (INVALID_BUNDLENAME_LEN, 'x'); + HapInfoParams info = g_infoManagerTestInfoParms; + HapPolicyParams policy = g_infoManagerTestPolicyPrams; + policy.permList[0].permissionName = "ohos.permission.testtmp02"; + policy.permList[0].bundleName = invalidBundleName; + + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(info, policy); + ASSERT_NE(0, tokenIdEx.tokenIdExStruct.tokenID); + + PermissionDef permDefResultBeta; + int32_t ret = AccessTokenKit::GetDefPermission(policy.permList[0].permissionName, permDefResultBeta); + ASSERT_EQ(RET_FAILED, ret); + ret = AccessTokenKit::GetDefPermission(policy.permList[1].permissionName, permDefResultBeta); + ASSERT_EQ(RET_SUCCESS, ret); +} + +/** + * @tc.name: AllocHapToken008 + * @tc.desc: can alloc a tokenId with invalid permDef. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(HapTokenTest, AllocHapToken008, TestSize.Level1) +{ + const std::string invalidLabel (INVALID_LABEL_LEN, 'x'); + HapInfoParams info = g_infoManagerTestInfoParms; + HapPolicyParams policy = g_infoManagerTestPolicyPrams; + policy.permList[0].permissionName = "ohos.permission.testtmp03"; + policy.permList[0].label = invalidLabel; + + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_NE(0, tokenIdEx.tokenIdExStruct.tokenID); + + PermissionDef permDefResultBeta; + ASSERT_EQ(RET_FAILED, AccessTokenKit::GetDefPermission(policy.permList[0].permissionName, permDefResultBeta)); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetDefPermission(policy.permList[1].permissionName, permDefResultBeta)); +} + +/** + * @tc.name: AllocHapToken009 + * @tc.desc: can alloc a tokenId with invalid permDef. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(HapTokenTest, AllocHapToken009, TestSize.Level1) +{ + const std::string invalidDescription (INVALID_DESCRIPTION_LEN, 'x'); + HapInfoParams info = g_infoManagerTestInfoParms; + HapPolicyParams policy = g_infoManagerTestPolicyPrams; + policy.permList[0].permissionName = "ohos.permission.testtmp04"; + policy.permList[0].description = invalidDescription; + + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_NE(0, tokenIdEx.tokenIdExStruct.tokenID); + + PermissionDef permDefResultBeta; + int32_t ret = AccessTokenKit::GetDefPermission(policy.permList[0].permissionName, permDefResultBeta); + ASSERT_EQ(RET_FAILED, ret); + ret = AccessTokenKit::GetDefPermission(policy.permList[1].permissionName, permDefResultBeta); + ASSERT_EQ(RET_SUCCESS, ret); +} + +static bool ExistInVector(vector array, uint32_t value) +{ + auto it = find(array.begin(), array.end(), value); + if (it != array.end()) { + return true; + } else { + return false; + } +} + +/** + * @tc.name: AllocHapToken010 + * @tc.desc: alloc and delete in a loop. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(HapTokenTest, AllocHapToken010, TestSize.Level1) +{ + AccessTokenIDEx tokenIdEx = {0}; + AccessTokenID tokenID; + int32_t ret; + bool exist = false; + int32_t allocFlag = 0; + int32_t deleteFlag = 0; + + vector obj; + for (int32_t i = 0; i < CYCLE_TIMES; i++) { + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + tokenID = GetAccessTokenID(g_infoManagerTestInfoParms); + + exist = ExistInVector(obj, tokenID); + if (exist) { + allocFlag = 1; + } + obj.push_back(tokenID); + + ret = AccessTokenKit::DeleteToken(tokenID); + if (RET_SUCCESS != ret) { + deleteFlag = 1; + } + } + ASSERT_EQ(allocFlag, 0); + ASSERT_EQ(deleteFlag, 0); +} + +/** + * @tc.name: AllocHapToken011 + * @tc.desc: cannot alloc a tokenId with invalid appIDDesc. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(HapTokenTest, AllocHapToken011, TestSize.Level1) +{ + std::string invalidAppIDDesc (INVALID_APPIDDESC_LEN, 'x'); + HapInfoParams info = g_infoManagerTestInfoParms; + HapPolicyParams policy = g_infoManagerTestPolicyPrams; + info.appIDDesc = invalidAppIDDesc; + + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(info, policy); + ASSERT_EQ(0, tokenIdEx.tokenIdExStruct.tokenID); +} + +/** + * @tc.name: AllocHapToken012 + * @tc.desc: cannot alloc a tokenId with invalid bundleName. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(HapTokenTest, AllocHapToken012, TestSize.Level1) +{ + HapInfoParams info = g_infoManagerTestInfoParms; + HapPolicyParams policy = g_infoManagerTestPolicyPrams; + info.bundleName = ""; + + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(info, policy); + ASSERT_EQ(0, tokenIdEx.tokenIdExStruct.tokenID); +} + +/** + * @tc.name: AllocHapToken013 + * @tc.desc: cannot alloc a tokenId with invalid appIDDesc. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(HapTokenTest, AllocHapToken013, TestSize.Level1) +{ + HapInfoParams info = g_infoManagerTestInfoParms; + HapPolicyParams policy = g_infoManagerTestPolicyPrams; + info.appIDDesc = ""; + + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(info, policy); + ASSERT_EQ(0, tokenIdEx.tokenIdExStruct.tokenID); +} + +/** + * @tc.name: AllocHapToken014 + * @tc.desc: can alloc a tokenId with permList permissionName as "". + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(HapTokenTest, AllocHapToken014, TestSize.Level1) +{ + HapInfoParams info = g_infoManagerTestInfoParms; + HapPolicyParams policy = g_infoManagerTestPolicyPrams; + policy.permList[0].permissionName = ""; + + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(info, policy); + ASSERT_NE(0, tokenIdEx.tokenIdExStruct.tokenID); + + PermissionDef permDefResultBeta; + ASSERT_EQ(RET_FAILED, AccessTokenKit::GetDefPermission("", permDefResultBeta)); +} + +/** + * @tc.name: AllocHapToken015 + * @tc.desc: can alloc a tokenId with permList bundleName as "". + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(HapTokenTest, AllocHapToken015, TestSize.Level1) +{ + HapInfoParams info = g_infoManagerTestInfoParms; + HapPolicyParams policy = g_infoManagerTestPolicyPrams; + policy.permList[0].bundleName = ""; + policy.permList[0].permissionName = "ohos.permission.testtmp05"; + + AccessTokenKit::AllocHapToken(info, policy); + + PermissionDef permDefResultBeta; + int32_t ret = AccessTokenKit::GetDefPermission(policy.permList[0].permissionName, permDefResultBeta); + ASSERT_EQ(RET_FAILED, ret); + ret = AccessTokenKit::GetDefPermission(policy.permList[1].permissionName, permDefResultBeta); + ASSERT_EQ(RET_SUCCESS, ret); +} + +/** + * @tc.name: AllocHapToken016 + * @tc.desc: can alloc a tokenId with label as "". + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(HapTokenTest, AllocHapToken016, TestSize.Level1) +{ + HapInfoParams info = g_infoManagerTestInfoParms; + HapPolicyParams policy = g_infoManagerTestPolicyPrams; + policy.permList[0].label = ""; + policy.permList[0].permissionName = "ohos.permission.testtmp06"; + + AccessTokenKit::AllocHapToken(info, policy); + + PermissionDef permDefResult; + int32_t ret = AccessTokenKit::GetDefPermission(policy.permList[0].permissionName, permDefResult); + ASSERT_EQ(ret, RET_SUCCESS); +} + +/** + * @tc.name: AllocHapToken017 + * @tc.desc: cannot alloc a tokenId with invalid permDef. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(HapTokenTest, AllocHapToken017, TestSize.Level1) +{ + HapInfoParams info = g_infoManagerTestInfoParms; + HapPolicyParams policy = g_infoManagerTestPolicyPrams; + policy.permList[0].description = ""; + policy.permList[0].permissionName = "ohos.permission.testtmp07"; + + AccessTokenKit::AllocHapToken(info, policy); + + PermissionDef permDefResult; + int32_t ret = AccessTokenKit::GetDefPermission(policy.permList[0].permissionName, permDefResult); + ASSERT_EQ(ret, RET_SUCCESS); +} + +/** + * @tc.name: AllocHapToken018 + * @tc.desc: alloc a tokenId with valid dlptype. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(HapTokenTest, AllocHapToken018, TestSize.Level1) +{ + HapInfoParams infoManagerTestInfoParms1 = g_infoManagerTestInfoParms; + HapInfoParams infoManagerTestInfoParms2 = g_infoManagerTestInfoParms; + HapInfoParams infoManagerTestInfoParms3 = g_infoManagerTestInfoParms; + HapPolicyParams policy = g_infoManagerTestPolicyPrams; + infoManagerTestInfoParms1.dlpType = DLP_COMMON; + infoManagerTestInfoParms1.instIndex = 0; + infoManagerTestInfoParms2.dlpType = DLP_READ; + infoManagerTestInfoParms1.instIndex = 1; + infoManagerTestInfoParms3.dlpType = DLP_FULL_CONTROL; + infoManagerTestInfoParms1.instIndex = 2; + + HapTokenInfo hapTokenInfoRes; + + AccessTokenID tokenID = GetAccessTokenID(infoManagerTestInfoParms1); + if (tokenID != 0) { + AccessTokenKit::DeleteToken(tokenID); + } + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(infoManagerTestInfoParms1, policy); + ASSERT_NE(0, tokenIdEx.tokenIdExStruct.tokenID); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID, hapTokenInfoRes)); + ASSERT_EQ(0, AccessTokenKit::GetHapDlpFlag(tokenIdEx.tokenIdExStruct.tokenID)); + ASSERT_EQ(DLP_COMMON, hapTokenInfoRes.dlpType); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenIdEx.tokenIdExStruct.tokenID)); + ASSERT_EQ(RET_FAILED, AccessTokenKit::GetHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID, hapTokenInfoRes)); + + tokenID = GetAccessTokenID(infoManagerTestInfoParms2); + if (tokenID != 0) { + AccessTokenKit::DeleteToken(tokenID); + } + tokenIdEx = AccessTokenKit::AllocHapToken(infoManagerTestInfoParms2, policy); + ASSERT_NE(0, tokenIdEx.tokenIdExStruct.tokenID); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID, hapTokenInfoRes)); + ASSERT_EQ(1, AccessTokenKit::GetHapDlpFlag(tokenIdEx.tokenIdExStruct.tokenID)); + ASSERT_EQ(DLP_READ, hapTokenInfoRes.dlpType); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenIdEx.tokenIdExStruct.tokenID)); + ASSERT_EQ(RET_FAILED, AccessTokenKit::GetHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID, hapTokenInfoRes)); + + tokenID = GetAccessTokenID(infoManagerTestInfoParms3); + if (tokenID != 0) { + AccessTokenKit::DeleteToken(tokenID); + } + tokenIdEx = AccessTokenKit::AllocHapToken(infoManagerTestInfoParms3, policy); + ASSERT_NE(0, tokenIdEx.tokenIdExStruct.tokenID); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID, hapTokenInfoRes)); + ASSERT_EQ(hapTokenInfoRes.dlpType, DLP_FULL_CONTROL); + ASSERT_EQ(1, AccessTokenKit::GetHapDlpFlag(tokenIdEx.tokenIdExStruct.tokenID)); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenIdEx.tokenIdExStruct.tokenID)); + ASSERT_EQ(RET_FAILED, AccessTokenKit::GetHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID, hapTokenInfoRes)); +} + +/** + * @tc.name: AllocHapToken019 + * @tc.desc: cannot alloc a tokenId with invalid dlptype. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(HapTokenTest, AllocHapToken019, TestSize.Level1) +{ + HapInfoParams info = g_infoManagerTestInfoParms; + HapPolicyParams policy = g_infoManagerTestPolicyPrams; + info.dlpType = INVALID_DLP_TYPE; + info.instIndex = 4; + + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(info, policy); + ASSERT_EQ(0, tokenIdEx.tokenIdExStruct.tokenID); +} + +/** + * @tc.name: UpdateHapToken001 + * @tc.desc: alloc a tokenId successfully, update it successfully and verify it. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(HapTokenTest, UpdateHapToken001, TestSize.Level1) +{ + const std::string appIDDesc = "housework app"; + HapInfoParams info = g_infoManagerTestInfoParms; + HapPolicyParams policy = g_infoManagerTestPolicyPrams; + + AccessTokenKit::AllocHapToken(info, policy); + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(info.userID, info.bundleName, info.instIndex); + policy.apl = APL_SYSTEM_BASIC; + + ASSERT_EQ(0, AccessTokenKit::UpdateHapToken(tokenID, appIDDesc, DEFAULT_API_VERSION, policy)); + + HapTokenInfo hapTokenInfoRes; + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes)); + + ASSERT_EQ(appIDDesc, hapTokenInfoRes.appID); + ASSERT_EQ(policy.apl, hapTokenInfoRes.apl); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: UpdateHapToken002 + * @tc.desc: cannot update hap token info with invalid userId. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(HapTokenTest, UpdateHapToken002, TestSize.Level1) +{ + int32_t ret = AccessTokenKit::UpdateHapToken( + TEST_USER_ID_INVALID, "appIDDesc", DEFAULT_API_VERSION, g_infoManagerTestPolicyPrams); + ASSERT_EQ(RET_FAILED, ret); +} + +/** + * @tc.name: UpdateHapToken003 + * @tc.desc: cannot update hap token info with invalid appIDDesc. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(HapTokenTest, UpdateHapToken003, TestSize.Level1) +{ + HapInfoParams info = g_infoManagerTestInfoParms; + HapPolicyParams policy = g_infoManagerTestPolicyPrams; + + const std::string appIDDesc (INVALID_APPIDDESC_LEN, 'x'); + + AccessTokenKit::AllocHapToken(info, policy); + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(info.userID, info.bundleName, info.instIndex); + ASSERT_EQ(RET_FAILED, AccessTokenKit::UpdateHapToken(tokenID, appIDDesc, DEFAULT_API_VERSION, policy)); + + HapTokenInfo hapTokenInfoRes; + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes)); + ASSERT_EQ(info.appIDDesc, hapTokenInfoRes.appID); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: UpdateHapToken004 + * @tc.desc: cannot update a tokenId with invalid apl. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(HapTokenTest, UpdateHapToken004, TestSize.Level1) +{ + HapInfoParams info = g_infoManagerTestInfoParms; + HapPolicyParams policy = g_infoManagerTestPolicyPrams; + + const std::string appIDDesc = "housework app"; + + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(info, policy); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(info.userID, info.bundleName, info.instIndex); + + policy.apl = (ATokenAplEnum)5; + + HapTokenInfo hapTokenInfoRes; + ASSERT_EQ(RET_FAILED, AccessTokenKit::UpdateHapToken(tokenID, appIDDesc, DEFAULT_API_VERSION, policy)); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes)); + ASSERT_EQ(hapTokenInfoRes.apl, APL_NORMAL); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: UpdateHapToken005 + * @tc.desc: cannot update a tokenId with invalid string value. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(HapTokenTest, UpdateHapToken005, TestSize.Level1) +{ + HapInfoParams info = g_infoManagerTestInfoParms; + HapPolicyParams policy = g_infoManagerTestPolicyPrams; + + std::string backUpPermission; + const std::string appIDDesc = info.appIDDesc; + PermissionDef permDefResult; + + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(info, policy); + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ASSERT_NE(0, tokenID); + + policy.permList[0].permissionName = ""; + AccessTokenKit::UpdateHapToken(tokenID, appIDDesc, DEFAULT_API_VERSION, policy); + ASSERT_EQ(RET_FAILED, AccessTokenKit::GetDefPermission(policy.permList[0].permissionName, permDefResult)); + policy = g_infoManagerTestPolicyPrams; + + policy.permList[0].permissionName = "ohos.permission.testtmp11"; + policy.permList[0].bundleName = ""; + AccessTokenKit::UpdateHapToken(tokenID, appIDDesc, DEFAULT_API_VERSION, policy); + ASSERT_EQ(RET_FAILED, AccessTokenKit::GetDefPermission(policy.permList[0].permissionName, permDefResult)); + policy = g_infoManagerTestPolicyPrams; + + policy.permList[0].permissionName = "ohos.permission.testtmp12"; + policy.permList[0].label = ""; + AccessTokenKit::UpdateHapToken(tokenID, appIDDesc, DEFAULT_API_VERSION, policy); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetDefPermission(policy.permList[0].permissionName, permDefResult)); + policy = g_infoManagerTestPolicyPrams; + + policy.permList[0].permissionName = "ohos.permission.testtmp13"; + policy.permList[0].description = ""; + AccessTokenKit::UpdateHapToken(tokenID, appIDDesc, DEFAULT_API_VERSION, policy); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetDefPermission(policy.permList[0].permissionName, permDefResult)); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: UpdateHapToken006 + * @tc.desc: update a batch of tokenId. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(HapTokenTest, UpdateHapToken006, TestSize.Level1) +{ + int32_t allocFlag = 0; + int32_t updateFlag = 0; + int32_t deleteFlag = 0; + AccessTokenIDEx tokenIdEx = {0}; + AccessTokenID tokenID; + int32_t ret; + vector obj; + bool exist; + const std::string appIDDesc = g_infoManagerTestInfoParms.appIDDesc; + HapInfoParams infoManagerTestInfo = g_infoManagerTestInfoParms; + + for (int32_t i = 0; i < CYCLE_TIMES; i++) { + tokenIdEx = AccessTokenKit::AllocHapToken(infoManagerTestInfo, g_infoManagerTestPolicyPrams); + tokenID = GetAccessTokenID(infoManagerTestInfo); + + exist = ExistInVector(obj, tokenID); + if (exist) { + allocFlag = 1; + break; + } + obj.push_back(tokenID); + infoManagerTestInfo.userID++; + } + + infoManagerTestInfo.instIndex = 1; + g_infoManagerTestPolicyPrams.apl = APL_SYSTEM_BASIC; + for (size_t i = 0; i < obj.size(); i++) { + ret = AccessTokenKit::UpdateHapToken(obj[i], appIDDesc, DEFAULT_API_VERSION, g_infoManagerTestPolicyPrams); + if (RET_SUCCESS != ret) { + updateFlag = 1; + break; + } + } + g_infoManagerTestPolicyPrams.apl = APL_NORMAL; + + for (size_t i = 0; i < obj.size(); i++) { + ret = AccessTokenKit::DeleteToken(obj[i]); + if (RET_SUCCESS != ret) { + deleteFlag = 1; + } + } + ASSERT_EQ(allocFlag, 0); + ASSERT_EQ(updateFlag, 0); + ASSERT_EQ(deleteFlag, 0); +} + +/** + * @tc.name: UpdateHapToken007 + * @tc.desc: add new permDef. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(HapTokenTest, UpdateHapToken007, TestSize.Level1) +{ + HapInfoParams info = g_infoManagerTestInfoParms; + HapPolicyParams policy = g_infoManagerTestPolicyPrams; + const std::string appIDDesc = info.appIDDesc; + + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(info, policy); + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + GTEST_LOG_(INFO) << "tokenID :" << tokenID; + + PermissionDef permDefResult; + /* check permission define before update */ + ASSERT_EQ(RET_FAILED, AccessTokenKit::GetDefPermission("ohos.permission.test3", permDefResult)); + + policy.permList[0].permissionName = "ohos.permission.test3"; + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(tokenID, appIDDesc, DEFAULT_API_VERSION, policy)); + + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetDefPermission("ohos.permission.test3", permDefResult)); + ASSERT_EQ("ohos.permission.test3", permDefResult.permissionName); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} +/** + * @tc.name: UpdateHapToken008 + * @tc.desc: modify permDef's grantMode. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(HapTokenTest, UpdateHapToken008, TestSize.Level1) +{ + HapInfoParams info = g_infoManagerTestInfoParms; + HapPolicyParams policy = g_infoManagerTestPolicyPrams; + const std::string appIDDesc = info.appIDDesc; + + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(info, policy); + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + GTEST_LOG_(INFO) << "tokenID :" << tokenID; + + PermissionDef permDefResult; + /* check permission define before update */ + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetDefPermission(policy.permList[0].permissionName, permDefResult)); + ASSERT_EQ(policy.permList[0].permissionName, permDefResult.permissionName); + ASSERT_EQ("label", permDefResult.label); + ASSERT_EQ(1, permDefResult.grantMode); + + policy.permList[0].grantMode = 0; + policy.permList[0].label = "updated label"; + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(tokenID, appIDDesc, DEFAULT_API_VERSION, policy)); + + /* check permission define after update */ + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetDefPermission(policy.permList[0].permissionName, permDefResult)); + ASSERT_EQ(policy.permList[0].permissionName, permDefResult.permissionName); + ASSERT_EQ("updated label", permDefResult.label); + ASSERT_EQ(0, permDefResult.grantMode); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: UpdateHapToken009 + * @tc.desc: old permission define will not update its grantStatus. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(HapTokenTest, UpdateHapToken009, TestSize.Level1) +{ + int32_t ret; + std::vector permDefList; + const std::string appIDDesc = g_infoManagerTestInfoParms.appIDDesc; + PermissionDef infoManagerTestPermDef = g_infoManagerTestPermDef1; + PermissionStateFull infoManagerTestState = { + .permissionName = "ohos.permission.test1", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {3}, + .grantFlags = {PermissionState::PERMISSION_DENIED} + }; + + HapPolicyParams infoManagerTestPolicyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain", + .permList = {infoManagerTestPermDef}, + .permStateList = {infoManagerTestState} + }; + + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + GTEST_LOG_(INFO) << "tokenID :" << tokenID; + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.test1"); + ASSERT_EQ(ret, g_infoManagerTestState1.grantStatus[0]); + + ret = AccessTokenKit::UpdateHapToken(tokenID, appIDDesc, DEFAULT_API_VERSION, infoManagerTestPolicyPrams); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.test1"); + ASSERT_EQ(ret, PermissionState::PERMISSION_DENIED); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: UpdateHapToken010 + * @tc.desc: update api version. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(HapTokenTest, UpdateHapToken010, TestSize.Level1) +{ + AccessTokenIDEx tokenIdEx = {0}; + const std::string appIDDesc = g_infoManagerTestInfoParms.appIDDesc; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + GTEST_LOG_(INFO) << "tokenID :" << tokenID; + + uint32_t apiVersion = DEFAULT_API_VERSION - 1; + AccessTokenKit::UpdateHapToken(tokenID, appIDDesc, apiVersion, g_infoManagerTestPolicyPrams); + + HapTokenInfo hapTokenInfoRes; + AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes); + ASSERT_EQ(apiVersion, hapTokenInfoRes.apiVersion); + + apiVersion = DEFAULT_API_VERSION + 1; + AccessTokenKit::UpdateHapToken(tokenID, appIDDesc, apiVersion, g_infoManagerTestPolicyPrams); + + AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes); + ASSERT_EQ(apiVersion, hapTokenInfoRes.apiVersion); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: DeleteToken001 + * @tc.desc: Cannot get permission definition info after DeleteToken function has been invoked. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(HapTokenTest, DeleteToken001, TestSize.Level1) +{ + AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + AccessTokenID tokenID = GetAccessTokenID(g_infoManagerTestInfoParms); + PermissionDef permDefResultAlpha; + ASSERT_EQ(RET_SUCCESS, + AccessTokenKit::GetDefPermission(g_infoManagerTestPolicyPrams.permList[0].permissionName, permDefResultAlpha)); + ASSERT_EQ(g_infoManagerTestPolicyPrams.permList[0].permissionName, permDefResultAlpha.permissionName); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); + + PermissionDef defResult; + ASSERT_EQ(RET_FAILED, + AccessTokenKit::GetDefPermission(g_infoManagerTestPolicyPrams.permList[0].permissionName, defResult)); +} + +/** + * @tc.name: DeleteToken002 + * @tc.desc: Delete invalid tokenID. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(HapTokenTest, DeleteToken002, TestSize.Level1) +{ + int32_t ret = AccessTokenKit::DeleteToken(TEST_USER_ID_INVALID); + ASSERT_EQ(RET_FAILED, ret); +} + +/** + * @tc.name: DeleteToken002 + * @tc.desc: Delete invalid tokenID. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(HapTokenTest, DeleteToken003, TestSize.Level1) +{ + AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + AccessTokenID tokenID = GetAccessTokenID(g_infoManagerTestInfoParms); + + HapTokenInfo hapTokenInfoRes; + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes)); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); + + ASSERT_EQ(RET_FAILED, AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes)); +} + +/** + * @tc.name: DeleteToken004 + * @tc.desc: alloc a tokenId successfully, delete it successfully the first time and fail to delete it again. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(HapTokenTest, DeleteToken004, TestSize.Level1) +{ + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + AccessTokenID tokenID = GetAccessTokenID(g_infoManagerTestInfoParms); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); + ASSERT_EQ(RET_FAILED, AccessTokenKit::DeleteToken(tokenID)); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/performance_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/performance_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..db8c0b35eeffd01259edb1bcb6c8cc5255aba93b --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/src/performance_test.cpp @@ -0,0 +1,209 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "accesstoken_kit_test.h" + +#include +#include "accesstoken_kit.h" + +using namespace testing::ext; +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static constexpr int32_t DEFAULT_API_VERSION = 8; +static PermissionDef g_infoManagerTestPermDef1 = { + .permissionName = "ohos.permission.test1", + .bundleName = "accesstoken_test", + .grantMode = 1, + .availableLevel = APL_NORMAL, + .label = "label", + .labelId = 1, + .description = "open the door", + .descriptionId = 1 +}; + +static PermissionDef g_infoManagerTestPermDef2 = { + .permissionName = "ohos.permission.test2", + .bundleName = "accesstoken_test", + .grantMode = 1, + .availableLevel = APL_NORMAL, + .label = "label", + .labelId = 1, + .description = "break the door", + .descriptionId = 1 +}; + +static PermissionStateFull g_infoManagerTestState1 = { + .permissionName = "ohos.permission.test1", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {1} +}; + +static PermissionStateFull g_infoManagerTestState2 = { + .permissionName = "ohos.permission.test2", + .isGeneral = false, + .resDeviceID = {"device 1", "device 2"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED, PermissionState::PERMISSION_GRANTED}, + .grantFlags = {1, 2} +}; + +static HapInfoParams g_infoManagerTestInfoParms = { + .userID = 1, + .bundleName = "accesstoken_test", + .instIndex = 0, + .appIDDesc = "testtesttesttest", + .apiVersion = DEFAULT_API_VERSION +}; + +static HapPolicyParams g_infoManagerTestPolicyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain", + .permList = {g_infoManagerTestPermDef1, g_infoManagerTestPermDef2}, + .permStateList = {g_infoManagerTestState1, g_infoManagerTestState2} +}; +} +class PerformanceTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); + uint32_t GetAccessTokenID(int32_t userID, std::string bundleName, int32_t instIndex); +}; + +void PerformanceTest::SetUpTestCase() +{ + // make test case clean + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); +} + +void PerformanceTest::TearDownTestCase() +{ +} + +void PerformanceTest::SetUp() +{ + AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); +} + +void PerformanceTest::TearDown() +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); +} + +uint32_t PerformanceTest::GetAccessTokenID(int32_t userID, std::string bundleName, int32_t instIndex) +{ + return AccessTokenKit::GetHapTokenID(userID, bundleName, instIndex); +} + +static void *ThreadTestFunc01(void *args) +{ + ATokenTypeEnum type; + AccessTokenID tokenID; + + for (int32_t i = 0; i < CYCLE_TIMES; i++) { + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + type = AccessTokenKit::GetTokenType(tokenID); + if (type != TOKEN_HAP) { + GTEST_LOG_(INFO) << "ThreadTestFunc01 failed" << tokenID; + } + } + return nullptr; +} + +static void *ThreadTestFunc02(void *args) +{ + int32_t ret; + AccessTokenID tokenID; + HapTokenInfo hapTokenInfoRes; + + for (int32_t i = 0; i < CYCLE_TIMES; i++) { + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + ret = AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes); + if (ret != RET_SUCCESS) { + GTEST_LOG_(INFO) << "ThreadTestFunc02 failed" << tokenID; + } + } + return nullptr; +} + +/** + * @tc.name: Mulitpulthread001 + * @tc.desc: Mulitpulthread test. + * @tc.type: FUNC + * @tc.require:AR000GK6TJ + */ +HWTEST_F(PerformanceTest, Mulitpulthread001, TestSize.Level1) +{ + pthread_t tid[2]; + (void)pthread_create(&tid[0], nullptr, &ThreadTestFunc01, nullptr); + (void)pthread_create(&tid[1], nullptr, &ThreadTestFunc01, nullptr); + pthread_join(tid[0], nullptr); + pthread_join(tid[1], nullptr); + + (void)pthread_create(&tid[0], nullptr, &ThreadTestFunc02, nullptr); + (void)pthread_create(&tid[1], nullptr, &ThreadTestFunc02, nullptr); + pthread_join(tid[0], nullptr); + pthread_join(tid[1], nullptr); +} + +void ConcurrencyTask(uint32_t tokenID) +{ + for (int32_t i = 0; i < CYCLE_TIMES; i++) { + AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED); + AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_ALPHA); + AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA); + + AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_SET); + AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_ALPHA); + AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA); + } +} + +/** + * @tc.name: ConcurrencyTest001 + * @tc.desc: Concurrency testing + * @tc.type: FUNC + * @tc.require:AR000GM5FC AR000GK6T8 AR000GK6TF + */ +HWTEST_F(PerformanceTest, ConcurrencyTest001, TestSize.Level1) +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + ASSERT_NE(0, tokenID); + std::vector threadVec; + for (int32_t i = 0; i < THREAD_NUM; i++) { + threadVec.emplace_back(std::thread(ConcurrencyTask, tokenID)); + } + for (auto it = threadVec.begin(); it != threadVec.end(); it++) { + it->join(); + } +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/perm_info_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/perm_info_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..8ade1539b307c728f6a91de03248e5b19e3bebbc --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/src/perm_info_test.cpp @@ -0,0 +1,1069 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "accesstoken_kit_test.h" + +#include "accesstoken_kit.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" + +using namespace testing::ext; +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static constexpr int32_t DEFAULT_API_VERSION = 8; +static constexpr int32_t VAGUE_LOCATION_API_VERSION = 9; +} +HapInfoParams g_locationTestInfo = { + .userID = TEST_USER_ID, + .bundleName = TEST_LOCATION_BUNDLE_NAME, + .instIndex = 0, + .appIDDesc = "testtesttesttest" +}; + +PermissionStateFull g_locationTestStateVague02 = { + .permissionName = "ohos.permission.APPROXIMATELY_LOCATION", + .isGeneral = true, + .resDeviceID = {"device"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {PermissionFlag::PERMISSION_USER_FIXED} +}; + +PermissionStateFull g_locationTestStateVague10 = { + .permissionName = "ohos.permission.APPROXIMATELY_LOCATION", + .isGeneral = true, + .resDeviceID = {"device"}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .grantFlags = {PermissionFlag::PERMISSION_DEFAULT_FLAG} +}; + +PermissionStateFull g_locationTestStateVague12 = { + .permissionName = "ohos.permission.APPROXIMATELY_LOCATION", + .isGeneral = true, + .resDeviceID = {"device"}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .grantFlags = {PermissionFlag::PERMISSION_USER_FIXED} +}; + +PermissionStateFull g_locationTestStateAccurate02 = { + .permissionName = "ohos.permission.LOCATION", + .isGeneral = true, + .resDeviceID = {"device"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {PermissionFlag::PERMISSION_USER_FIXED} +}; + +PermissionStateFull g_locationTestStateAccurate10 = { + .permissionName = "ohos.permission.LOCATION", + .isGeneral = true, + .resDeviceID = {"device"}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .grantFlags = {PermissionFlag::PERMISSION_DEFAULT_FLAG} +}; + +class PermInfoTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); + uint32_t GetAccessTokenID(int32_t userID, std::string bundleName, int32_t instIndex); + uint64_t selfTokenId_; +}; + +void PermInfoTest::SetUpTestCase() +{ + // make test case clean + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); +} + +void PermInfoTest::TearDownTestCase() +{ +} + +void PermInfoTest::SetUp() +{ + selfTokenId_ = GetSelfTokenID(); + HapInfoParams info = { + .userID = TEST_USER_ID, + .bundleName = TEST_BUNDLE_NAME, + .instIndex = 0, + .appIDDesc = "appIDDesc", + .apiVersion = DEFAULT_API_VERSION + }; + + HapPolicyParams policy = { + .apl = APL_NORMAL, + .domain = "domain" + }; + + PermissionDef permissionDefAlpha = { + .permissionName = TEST_PERMISSION_NAME_ALPHA, + .bundleName = TEST_BUNDLE_NAME, + .grantMode = GrantMode::USER_GRANT, + .availableLevel = APL_NORMAL, + .provisionEnable = false, + .distributedSceneEnable = false + }; + + PermissionDef permissionDefBeta = { + .permissionName = TEST_PERMISSION_NAME_BETA, + .bundleName = TEST_BUNDLE_NAME, + .grantMode = GrantMode::SYSTEM_GRANT, + .availableLevel = APL_NORMAL, + .provisionEnable = false, + .distributedSceneEnable = false + }; + PermissionDef testPermDef1 = { + .permissionName = "ohos.permission.testPermDef1", + .bundleName = TEST_BUNDLE_NAME, + .grantMode = GrantMode::USER_GRANT, + .availableLevel = APL_NORMAL, + .provisionEnable = false, + .distributedSceneEnable = false + }; + + PermissionDef testPermDef2 = { + .permissionName = "ohos.permission.testPermDef2", + .bundleName = TEST_BUNDLE_NAME, + .grantMode = GrantMode::USER_GRANT, + .availableLevel = APL_NORMAL, + .provisionEnable = false, + .distributedSceneEnable = false + }; + + PermissionDef testPermDef3 = { + .permissionName = "ohos.permission.testPermDef3", + .bundleName = TEST_BUNDLE_NAME, + .grantMode = GrantMode::USER_GRANT, + .availableLevel = APL_NORMAL, + .provisionEnable = false, + .distributedSceneEnable = false + }; + PermissionDef testPermDef4 = { + .permissionName = "ohos.permission.testPermDef4", + .bundleName = TEST_BUNDLE_NAME, + .grantMode = GrantMode::USER_GRANT, + .availableLevel = APL_NORMAL, + .provisionEnable = false, + .distributedSceneEnable = false + }; + policy.permList.emplace_back(permissionDefAlpha); + policy.permList.emplace_back(permissionDefBeta); + policy.permList.emplace_back(testPermDef1); + policy.permList.emplace_back(testPermDef2); + policy.permList.emplace_back(testPermDef3); + policy.permList.emplace_back(testPermDef4); + + PermissionStateFull permStatAlpha = { + .permissionName = TEST_PERMISSION_NAME_ALPHA, + .isGeneral = true, + .resDeviceID = {"device"}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .grantFlags = {PermissionFlag::PERMISSION_USER_SET} + }; + PermissionStateFull permStatBeta = { + .permissionName = TEST_PERMISSION_NAME_BETA, + .isGeneral = true, + .resDeviceID = {"device"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED} + }; + PermissionStateFull permTestState1 = { + .permissionName = "ohos.permission.testPermDef1", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .grantFlags = {0}, + }; + + PermissionStateFull permTestState2 = { + .permissionName = "ohos.permission.testPermDef2", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .grantFlags = {1} + }; + + PermissionStateFull permTestState3 = { + .permissionName = "ohos.permission.testPermDef3", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .grantFlags = {2} + }; + + PermissionStateFull permTestState4 = { + .permissionName = "ohos.permission.testPermDef4", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {1} + }; + + policy.permStateList.emplace_back(permStatAlpha); + policy.permStateList.emplace_back(permStatBeta); + policy.permStateList.emplace_back(permTestState1); + policy.permStateList.emplace_back(permTestState1); + policy.permStateList.emplace_back(permTestState2); + policy.permStateList.emplace_back(permTestState3); + policy.permStateList.emplace_back(permTestState4); + AccessTokenKit::AllocHapToken(info, policy); +} + +void PermInfoTest::TearDown() +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); + SetSelfTokenID(selfTokenId_); +} + +uint32_t PermInfoTest::GetAccessTokenID(int32_t userID, std::string bundleName, int32_t instIndex) +{ + return AccessTokenKit::GetHapTokenID(userID, bundleName, instIndex); +} + +/** + * @tc.name: GetDefPermission001 + * @tc.desc: Get permission definition info after AllocHapToken function has been invoked. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(PermInfoTest, GetDefPermission001, TestSize.Level1) +{ + PermissionDef permDefResultAlpha; + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetDefPermission(TEST_PERMISSION_NAME_ALPHA, permDefResultAlpha)); + ASSERT_EQ(TEST_PERMISSION_NAME_ALPHA, permDefResultAlpha.permissionName); + + PermissionDef permDefResultBeta; + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetDefPermission(TEST_PERMISSION_NAME_BETA, permDefResultBeta)); + ASSERT_EQ(TEST_PERMISSION_NAME_BETA, permDefResultBeta.permissionName); +} + +/** + * @tc.name: GetDefPermission002 + * @tc.desc: Get permission definition info that permission is invalid. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(PermInfoTest, GetDefPermission002, TestSize.Level1) +{ + PermissionDef permDefResult; + ASSERT_EQ(RET_FAILED, AccessTokenKit::GetDefPermission(TEST_PERMISSION_NAME_GAMMA, permDefResult)); + + ASSERT_EQ(RET_FAILED, AccessTokenKit::GetDefPermission("", permDefResult)); + + std::string invalidPerm(INVALID_PERMNAME_LEN, 'a'); + ASSERT_EQ(RET_FAILED, AccessTokenKit::GetDefPermission(invalidPerm, permDefResult)); +} + +/** + * @tc.name: GetDefPermission003 + * @tc.desc: GetDefPermission is invoked multiple times. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(PermInfoTest, GetDefPermission003, TestSize.Level0) +{ + int32_t ret = RET_FAILED; + for (int32_t i = 0; i < CYCLE_TIMES; i++) { + PermissionDef permDefResultAlpha; + ret = AccessTokenKit::GetDefPermission(TEST_PERMISSION_NAME_ALPHA, permDefResultAlpha); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(TEST_PERMISSION_NAME_ALPHA, permDefResultAlpha.permissionName); + } +} + +/** + * @tc.name: GetDefPermissions001 + * @tc.desc: Get permission definition info list after AllocHapToken function has been invoked. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(PermInfoTest, GetDefPermissions001, TestSize.Level1) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + std::vector permDefList; + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetDefPermissions(tokenID, permDefList)); + ASSERT_EQ(6, permDefList.size()); +} + +/** + * @tc.name: GetDefPermissions002 + * @tc.desc: Get permission definition info list after clear permission definition list + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(PermInfoTest, GetDefPermissions002, TestSize.Level1) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + AccessTokenKit::DeleteToken(tokenID); + + HapInfoParams info = { + .userID = TEST_USER_ID, + .bundleName = TEST_BUNDLE_NAME, + .instIndex = 0, + .appIDDesc = "appIDDesc", + .apiVersion = DEFAULT_API_VERSION + }; + HapPolicyParams policy = { + .apl = APL_NORMAL, + .domain = "domain" + }; + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(info, policy); + ASSERT_NE(0, tokenIdEx.tokenIdExStruct.tokenID); + + tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + + std::vector permDefList; + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetDefPermissions(tokenID, permDefList)); + ASSERT_EQ(0, permDefList.size()); + + AccessTokenKit::DeleteToken(tokenID); +} + +/** + * @tc.name: GetDefPermissions003 + * @tc.desc: Get permission definition info list that tokenID is invalid. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(PermInfoTest, GetDefPermissions003, TestSize.Level1) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + AccessTokenKit::DeleteToken(tokenID); + + std::vector permDefList; + int32_t ret = AccessTokenKit::GetDefPermissions(TEST_TOKENID_INVALID, permDefList); + ASSERT_EQ(RET_FAILED, ret); + + std::vector permDefListRes; + ret = AccessTokenKit::GetDefPermissions(tokenID, permDefListRes); + ASSERT_EQ(RET_FAILED, ret); + ASSERT_EQ(0, permDefListRes.size()); +} + +/** + * @tc.name: GetDefPermissions004 + * @tc.desc: GetDefPermissions is invoked multiple times. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(PermInfoTest, GetDefPermissions004, TestSize.Level0) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + int32_t ret = RET_FAILED; + for (int32_t i = 0; i < CYCLE_TIMES; i++) { + std::vector permDefList; + ret = AccessTokenKit::GetDefPermissions(tokenID, permDefList); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(6, permDefList.size()); + } +} + +/** + * @tc.name: GetReqPermissions001 + * @tc.desc: Get user granted permission state info. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(PermInfoTest, GetReqPermissions001, TestSize.Level1) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + std::vector permStatList; + int32_t ret = AccessTokenKit::GetReqPermissions(tokenID, permStatList, false); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(5, permStatList.size()); + ASSERT_EQ(TEST_PERMISSION_NAME_ALPHA, permStatList[0].permissionName); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA); + ASSERT_EQ(ret, permStatList[0].grantStatus[0]); +} + +/** + * @tc.name: GetReqPermissions002 + * @tc.desc: Get system granted permission state info. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(PermInfoTest, GetReqPermissions002, TestSize.Level1) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + std::vector permStatList; + int32_t ret = AccessTokenKit::GetReqPermissions(tokenID, permStatList, true); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(1, permStatList.size()); + ASSERT_EQ(TEST_PERMISSION_NAME_BETA, permStatList[0].permissionName); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_BETA); + ASSERT_EQ(ret, permStatList[0].grantStatus[0]); +} + +/** + * @tc.name: GetReqPermissions003 + * @tc.desc: Get user granted permission state info after clear request permission list. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(PermInfoTest, GetReqPermissions003, TestSize.Level1) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + + HapTokenInfo hapInfo; + int32_t ret = AccessTokenKit::GetHapTokenInfo(tokenID, hapInfo); + ASSERT_EQ(RET_SUCCESS, ret); + + HapPolicyParams policy = { + .apl = hapInfo.apl, + .domain = "domain" + }; + policy.permStateList.clear(); + + ret = AccessTokenKit::UpdateHapToken(tokenID, hapInfo.appID, DEFAULT_API_VERSION, policy); + ASSERT_EQ(RET_SUCCESS, ret); + + std::vector permStatUserList; + ret = AccessTokenKit::GetReqPermissions(tokenID, permStatUserList, false); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(0, permStatUserList.size()); + + std::vector permStatSystemList; + ret = AccessTokenKit::GetReqPermissions(tokenID, permStatSystemList, true); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(0, permStatSystemList.size()); +} + +/** + * @tc.name: GetReqPermissions004 + * @tc.desc: Get permission state info list that tokenID is invalid. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(PermInfoTest, GetReqPermissions004, TestSize.Level1) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + + std::vector permStatList; + int32_t ret = AccessTokenKit::GetReqPermissions(TEST_TOKENID_INVALID, permStatList, false); + ASSERT_EQ(RET_FAILED, ret); + + AccessTokenKit::DeleteToken(tokenID); + + ret = AccessTokenKit::GetReqPermissions(tokenID, permStatList, false); + ASSERT_EQ(RET_FAILED, ret); + ASSERT_EQ(0, permStatList.size()); +} + +/** + * @tc.name: GetReqPermissions005 + * @tc.desc: GetReqPermissions is invoked multiple times. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(PermInfoTest, GetReqPermissions005, TestSize.Level0) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + int32_t ret = RET_FAILED; + for (int32_t i = 0; i < CYCLE_TIMES; i++) { + std::vector permStatList; + ret = AccessTokenKit::GetReqPermissions(tokenID, permStatList, false); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(5, permStatList.size()); + ASSERT_EQ(TEST_PERMISSION_NAME_ALPHA, permStatList[0].permissionName); + } +} + +/** + * @tc.name: GetPermissionFlag001 + * @tc.desc: Get permission flag after grant permission. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(PermInfoTest, GetPermissionFlag001, TestSize.Level1) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + int32_t ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_ALPHA); + ASSERT_EQ(PERMISSION_USER_FIXED, ret); +} + +/** + * @tc.name: GetPermissionFlag002 + * @tc.desc: Get permission flag that tokenID or permission is invalid. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(PermInfoTest, GetPermissionFlag002, TestSize.Level1) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + + int32_t ret = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_GAMMA); + ASSERT_EQ(PERMISSION_DEFAULT_FLAG, ret); + + ret = AccessTokenKit::GetPermissionFlag(tokenID, ""); + ASSERT_EQ(PERMISSION_DEFAULT_FLAG, ret); + + std::string invalidPerm(INVALID_PERMNAME_LEN, 'a'); + ret = AccessTokenKit::GetPermissionFlag(tokenID, invalidPerm); + ASSERT_EQ(PERMISSION_DEFAULT_FLAG, ret); + + ret = AccessTokenKit::GetPermissionFlag(TEST_TOKENID_INVALID, TEST_PERMISSION_NAME_ALPHA); + ASSERT_EQ(PERMISSION_DEFAULT_FLAG, ret); + + AccessTokenKit::DeleteToken(tokenID); + + ret = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_ALPHA); + ASSERT_EQ(PERMISSION_DEFAULT_FLAG, ret); +} + +/** + * @tc.name: GetPermissionFlag003 + * @tc.desc: GetPermissionFlag is invoked multiple times. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(PermInfoTest, GetPermissionFlag003, TestSize.Level0) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + int32_t ret = RET_FAILED; + for (int32_t i = 0; i < CYCLE_TIMES; i++) { + ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_ALPHA); + ASSERT_EQ(PERMISSION_USER_FIXED, ret); + } +} + +/** + * @tc.name: GetSelfPermissionsState001 + * @tc.desc: get permission list state + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(PermInfoTest, GetSelfPermissionsState001, TestSize.Level1) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + ASSERT_EQ(0, SetSelfTokenID(tokenID)); + + PermissionListState perm1 = { + .permissionName = "ohos.permission.testPermDef1", + .state = -1, + }; + PermissionListState perm2 = { + .permissionName = "ohos.permission.testPermDef2", + .state = -1, + }; + PermissionListState perm3 = { + .permissionName = "ohos.permission.testPermDef3", + .state = -1, + }; + PermissionListState perm4 = { + .permissionName = "ohos.permission.testPermDef4", + .state = -1, + }; + + std::vector permsList1; + permsList1.emplace_back(perm1); + permsList1.emplace_back(perm2); + permsList1.emplace_back(perm3); + permsList1.emplace_back(perm4); + + PermissionOper ret = AccessTokenKit::GetSelfPermissionsState(permsList1); + ASSERT_EQ(DYNAMIC_OPER, ret); + ASSERT_EQ(4, permsList1.size()); + ASSERT_EQ(DYNAMIC_OPER, permsList1[0].state); + ASSERT_EQ(DYNAMIC_OPER, permsList1[1].state); + ASSERT_EQ(SETTING_OPER, permsList1[2].state); + ASSERT_EQ(PASS_OPER, permsList1[3].state); + ASSERT_EQ("ohos.permission.testPermDef1", permsList1[0].permissionName); + ASSERT_EQ("ohos.permission.testPermDef2", permsList1[1].permissionName); + ASSERT_EQ("ohos.permission.testPermDef3", permsList1[2].permissionName); + ASSERT_EQ("ohos.permission.testPermDef4", permsList1[3].permissionName); + + PermissionListState perm5 = { + .permissionName = "ohos.permission.testPermDef5", + .state = -1, + }; + permsList1.emplace_back(perm5); + ASSERT_EQ(DYNAMIC_OPER, AccessTokenKit::GetSelfPermissionsState(permsList1)); + ASSERT_EQ(INVALID_OPER, permsList1[4].state); +} + +void AllocHapToken(std::vector& permmissionDefs, + std::vector& permissionStateFulls, int32_t apiVersion) +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_LOCATION_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); + + HapInfoParams info = g_locationTestInfo; + info.apiVersion = apiVersion; + + HapPolicyParams policy = { + .apl = APL_NORMAL, + .domain = "domain" + }; + + policy.permList = permmissionDefs; + policy.permStateList = permissionStateFulls; + + AccessTokenKit::AllocHapToken(info, policy); +} + +/** + * @tc.name: GetSelfPermissionsState002 + * @tc.desc: only vague location permission + * @tc.type: FUNC + * @tc.require: issue I5NOQI + */ +HWTEST_F(PermInfoTest, GetSelfPermissionsState002, TestSize.Level1) +{ + std::vector permmissionDefs; + std::vector permissionStateFulls; + permissionStateFulls.emplace_back(g_locationTestStateVague10); // {-1,0} + + AllocHapToken(permmissionDefs, permissionStateFulls, VAGUE_LOCATION_API_VERSION); + + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_LOCATION_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + ASSERT_EQ(0, SetSelfTokenID(tokenID)); + + PermissionListState permVague = { + .permissionName = "ohos.permission.APPROXIMATELY_LOCATION", + .state = -1, + }; + + std::vector permsList; + permsList.emplace_back(permVague); + + PermissionOper ret = AccessTokenKit::GetSelfPermissionsState(permsList); + ASSERT_EQ(DYNAMIC_OPER, ret); + ASSERT_EQ(1, permsList.size()); + ASSERT_EQ(DYNAMIC_OPER, permsList[0].state); + + AccessTokenKit::DeleteToken(tokenID); +} + +/** + * @tc.name: GetSelfPermissionsState003 + * @tc.desc: only vague location permission after refuse + * @tc.type: FUNC + * @tc.require: issue I5NOQI + */ +HWTEST_F(PermInfoTest, GetSelfPermissionsState003, TestSize.Level1) +{ + std::vector permmissionDefs; + std::vector permissionStateFulls; + permissionStateFulls.emplace_back(g_locationTestStateVague12); // {-1,2} + + AllocHapToken(permmissionDefs, permissionStateFulls, VAGUE_LOCATION_API_VERSION); + + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_LOCATION_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + ASSERT_EQ(0, SetSelfTokenID(tokenID)); + + PermissionListState permVague = { + .permissionName = "ohos.permission.APPROXIMATELY_LOCATION", + .state = -1, + }; + + std::vector permsList; + permsList.emplace_back(permVague); + + PermissionOper ret = AccessTokenKit::GetSelfPermissionsState(permsList); + ASSERT_EQ(PASS_OPER, ret); + ASSERT_EQ(1, permsList.size()); + ASSERT_EQ(SETTING_OPER, permsList[0].state); + + AccessTokenKit::DeleteToken(tokenID); + SetSelfTokenID(selfTokenId_); +} + +/** + * @tc.name: GetSelfPermissionsState004 + * @tc.desc: only vague location permission after accept + * @tc.type: FUNC + * @tc.require: issue I5NOQI + */ +HWTEST_F(PermInfoTest, GetSelfPermissionsState004, TestSize.Level1) +{ + std::vector permmissionDefs; + std::vector permissionStateFulls; + permissionStateFulls.emplace_back(g_locationTestStateVague02); // {0,2} + + AllocHapToken(permmissionDefs, permissionStateFulls, VAGUE_LOCATION_API_VERSION); + + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_LOCATION_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + ASSERT_EQ(0, SetSelfTokenID(tokenID)); + + PermissionListState permVague = { + .permissionName = "ohos.permission.APPROXIMATELY_LOCATION", + .state = -1, + }; + + std::vector permsList; + permsList.emplace_back(permVague); + + PermissionOper ret = AccessTokenKit::GetSelfPermissionsState(permsList); + ASSERT_EQ(PASS_OPER, ret); + ASSERT_EQ(1, permsList.size()); + ASSERT_EQ(PASS_OPER, permsList[0].state); + + AccessTokenKit::DeleteToken(tokenID); + SetSelfTokenID(selfTokenId_); +} + +/** + * @tc.name: GetSelfPermissionsState005 + * @tc.desc: only accurate location permission + * @tc.type: FUNC + * @tc.require: issue I5NOQI + */ +HWTEST_F(PermInfoTest, GetSelfPermissionsState005, TestSize.Level1) +{ + std::vector permmissionDefs; + std::vector permissionStateFulls; + permissionStateFulls.emplace_back(g_locationTestStateAccurate10); // {-1,0} + + AllocHapToken(permmissionDefs, permissionStateFulls, VAGUE_LOCATION_API_VERSION); + + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_LOCATION_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + ASSERT_EQ(0, SetSelfTokenID(tokenID)); + + PermissionListState permAccurate = { + .permissionName = "ohos.permission.LOCATION", + .state = -1, + }; + + std::vector permsList; + permsList.emplace_back(permAccurate); + + PermissionOper ret = AccessTokenKit::GetSelfPermissionsState(permsList); + ASSERT_EQ(INVALID_OPER, ret); + ASSERT_EQ(1, permsList.size()); + ASSERT_EQ(INVALID_OPER, permsList[0].state); + + AccessTokenKit::DeleteToken(tokenID); + SetSelfTokenID(selfTokenId_); +} + +/** + * @tc.name: GetSelfPermissionsState006 + * @tc.desc: all location permissions + * @tc.type: FUNC + * @tc.require: issue I5NOQI + */ +HWTEST_F(PermInfoTest, GetSelfPermissionsState006, TestSize.Level1) +{ + std::vector permmissionDefs; + std::vector permissionStateFulls; + permissionStateFulls.emplace_back(g_locationTestStateVague10); // {-1,0} + permissionStateFulls.emplace_back(g_locationTestStateAccurate10); // {-1,0} + + AllocHapToken(permmissionDefs, permissionStateFulls, VAGUE_LOCATION_API_VERSION); + + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_LOCATION_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + ASSERT_EQ(0, SetSelfTokenID(tokenID)); + + PermissionListState permVague = { + .permissionName = "ohos.permission.APPROXIMATELY_LOCATION", + .state = -1, + }; + PermissionListState permAccurate = { + .permissionName = "ohos.permission.LOCATION", + .state = -1, + }; + + std::vector permsList; + permsList.emplace_back(permVague); + permsList.emplace_back(permAccurate); + + PermissionOper ret = AccessTokenKit::GetSelfPermissionsState(permsList); + ASSERT_EQ(DYNAMIC_OPER, ret); + ASSERT_EQ(2, permsList.size()); + ASSERT_EQ(DYNAMIC_OPER, permsList[0].state); + ASSERT_EQ(DYNAMIC_OPER, permsList[1].state); + + AccessTokenKit::DeleteToken(tokenID); + SetSelfTokenID(selfTokenId_); +} + +/** + * @tc.name: GetSelfPermissionsState007 + * @tc.desc: all location permissions after accept vague location permission + * @tc.type: FUNC + * @tc.require: issue I5NOQI + */ +HWTEST_F(PermInfoTest, GetSelfPermissionsState007, TestSize.Level1) +{ + std::vector permmissionDefs; + std::vector permissionStateFulls; + permissionStateFulls.emplace_back(g_locationTestStateVague02); // {0,2} + permissionStateFulls.emplace_back(g_locationTestStateAccurate10); // {-1,0} + + AllocHapToken(permmissionDefs, permissionStateFulls, VAGUE_LOCATION_API_VERSION); + + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_LOCATION_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + ASSERT_EQ(0, SetSelfTokenID(tokenID)); + + PermissionListState permVague = { + .permissionName = "ohos.permission.APPROXIMATELY_LOCATION", + .state = -1, + }; + PermissionListState permAccurate = { + .permissionName = "ohos.permission.LOCATION", + .state = -1, + }; + + std::vector permsList; + permsList.emplace_back(permVague); + permsList.emplace_back(permAccurate); + + PermissionOper ret = AccessTokenKit::GetSelfPermissionsState(permsList); + ASSERT_EQ(DYNAMIC_OPER, ret); + ASSERT_EQ(2, permsList.size()); + ASSERT_EQ(PASS_OPER, permsList[0].state); + ASSERT_EQ(DYNAMIC_OPER, permsList[1].state); + + AccessTokenKit::DeleteToken(tokenID); + SetSelfTokenID(selfTokenId_); +} + +/** + * @tc.name: GetSelfPermissionsState008 + * @tc.desc: all location permissions after refuse vague location permission + * @tc.type: FUNC + * @tc.require: issue I5NOQI + */ +HWTEST_F(PermInfoTest, GetSelfPermissionsState008, TestSize.Level1) +{ + std::vector permmissionDefs; + std::vector permissionStateFulls; + permissionStateFulls.emplace_back(g_locationTestStateVague12); // {-1,2} + permissionStateFulls.emplace_back(g_locationTestStateAccurate10); // {-1,0} + + AllocHapToken(permmissionDefs, permissionStateFulls, VAGUE_LOCATION_API_VERSION); + + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_LOCATION_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + ASSERT_EQ(0, SetSelfTokenID(tokenID)); + + PermissionListState permVague = { + .permissionName = "ohos.permission.APPROXIMATELY_LOCATION", + .state = -1, + }; + PermissionListState permAccurate = { + .permissionName = "ohos.permission.LOCATION", + .state = -1, + }; + + std::vector permsList; + permsList.emplace_back(permVague); + permsList.emplace_back(permAccurate); + + PermissionOper ret = AccessTokenKit::GetSelfPermissionsState(permsList); + ASSERT_EQ(PASS_OPER, ret); + ASSERT_EQ(2, permsList.size()); + ASSERT_EQ(SETTING_OPER, permsList[0].state); + ASSERT_EQ(SETTING_OPER, permsList[1].state); + + AccessTokenKit::DeleteToken(tokenID); + SetSelfTokenID(selfTokenId_); +} + +/** + * @tc.name: GetSelfPermissionsState009 + * @tc.desc: all location permissions after accept all location permissions + * @tc.type: FUNC + * @tc.require: issue I5NOQI + */ +HWTEST_F(PermInfoTest, GetSelfPermissionsState009, TestSize.Level1) +{ + std::vector permmissionDefs; + std::vector permissionStateFulls; + permissionStateFulls.emplace_back(g_locationTestStateVague02); // {0,2} + permissionStateFulls.emplace_back(g_locationTestStateAccurate02); // {0,2} + + AllocHapToken(permmissionDefs, permissionStateFulls, VAGUE_LOCATION_API_VERSION); + + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_LOCATION_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + ASSERT_EQ(0, SetSelfTokenID(tokenID)); + + PermissionListState permVague = { + .permissionName = "ohos.permission.APPROXIMATELY_LOCATION", + .state = -1, + }; + PermissionListState permAccurate = { + .permissionName = "ohos.permission.LOCATION", + .state = -1, + }; + + std::vector permsList; + permsList.emplace_back(permVague); + permsList.emplace_back(permAccurate); + + PermissionOper ret = AccessTokenKit::GetSelfPermissionsState(permsList); + ASSERT_EQ(PASS_OPER, ret); + ASSERT_EQ(2, permsList.size()); + ASSERT_EQ(PASS_OPER, permsList[0].state); + ASSERT_EQ(PASS_OPER, permsList[1].state); + + AccessTokenKit::DeleteToken(tokenID); + SetSelfTokenID(selfTokenId_); +} + +/** + * @tc.name: GetSelfPermissionsState010 + * @tc.desc: all location permissions whith other permissions + * @tc.type: FUNC + * @tc.require: issue I5NOQI + */ +HWTEST_F(PermInfoTest, GetSelfPermissionsState010, TestSize.Level1) +{ + std::vector permmissionDefs; + std::vector permissionStateFulls; + permissionStateFulls.emplace_back(g_locationTestStateVague10); // {-1,0} + permissionStateFulls.emplace_back(g_locationTestStateAccurate10); // {-1,0} + + AllocHapToken(permmissionDefs, permissionStateFulls, VAGUE_LOCATION_API_VERSION); + + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_LOCATION_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + ASSERT_EQ(0, SetSelfTokenID(tokenID)); + + PermissionListState permVague = { + .permissionName = "ohos.permission.APPROXIMATELY_LOCATION", + .state = -1, + }; + PermissionListState permAccurate = { + .permissionName = "ohos.permission.LOCATION", + .state = -1, + }; + + std::vector permsList; + permsList.emplace_back(permVague); + permsList.emplace_back(permAccurate); + + PermissionOper ret = AccessTokenKit::GetSelfPermissionsState(permsList); + ASSERT_EQ(DYNAMIC_OPER, ret); + ASSERT_EQ(2, permsList.size()); + ASSERT_EQ(DYNAMIC_OPER, permsList[0].state); + ASSERT_EQ(DYNAMIC_OPER, permsList[1].state); + + AccessTokenKit::DeleteToken(tokenID); + SetSelfTokenID(selfTokenId_); +} + +/** + * @tc.name: GetSelfPermissionsState011 + * @tc.desc: only accurate location permission whith api8 + * @tc.type: FUNC + * @tc.require: issue I5NOQI + */ +HWTEST_F(PermInfoTest, GetSelfPermissionsState011, TestSize.Level1) +{ + std::vector permmissionDefs; + std::vector permissionStateFulls; + permissionStateFulls.emplace_back(g_locationTestStateAccurate10); // {-1,0} + + AllocHapToken(permmissionDefs, permissionStateFulls, DEFAULT_API_VERSION); + + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_LOCATION_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + ASSERT_EQ(0, SetSelfTokenID(tokenID)); + + PermissionListState permAccurate = { + .permissionName = "ohos.permission.LOCATION", + .state = -1, + }; + + std::vector permsList; + permsList.emplace_back(permAccurate); + + PermissionOper ret = AccessTokenKit::GetSelfPermissionsState(permsList); + ASSERT_EQ(DYNAMIC_OPER, ret); + ASSERT_EQ(1, permsList.size()); + ASSERT_EQ(DYNAMIC_OPER, permsList[0].state); + + AccessTokenKit::DeleteToken(tokenID); + SetSelfTokenID(selfTokenId_); +} + +/** + * @tc.name: GetSelfPermissionsState012 + * @tc.desc: all location permissions with api8 + * @tc.type: FUNC + * @tc.require: issue I5NOQI + */ +HWTEST_F(PermInfoTest, GetSelfPermissionsState012, TestSize.Level1) +{ + std::vector permmissionDefs; + std::vector permissionStateFulls; + permissionStateFulls.emplace_back(g_locationTestStateVague10); // {-1,0} + permissionStateFulls.emplace_back(g_locationTestStateAccurate10); // {-1,0} + + AllocHapToken(permmissionDefs, permissionStateFulls, DEFAULT_API_VERSION); + + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_LOCATION_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + ASSERT_EQ(0, SetSelfTokenID(tokenID)); + + PermissionListState permVague = { + .permissionName = "ohos.permission.APPROXIMATELY_LOCATION", + .state = -1, + }; + PermissionListState permAccurate = { + .permissionName = "ohos.permission.LOCATION", + .state = -1, + }; + + std::vector permsList; + permsList.emplace_back(permVague); + permsList.emplace_back(permAccurate); + + PermissionOper ret = AccessTokenKit::GetSelfPermissionsState(permsList); + ASSERT_EQ(DYNAMIC_OPER, ret); + ASSERT_EQ(2, permsList.size()); + ASSERT_EQ(INVALID_OPER, permsList[0].state); + ASSERT_EQ(DYNAMIC_OPER, permsList[1].state); + + AccessTokenKit::DeleteToken(tokenID); + SetSelfTokenID(selfTokenId_); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/permission_callback_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/permission_callback_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..04586d431c5a7c431fac47f91dced07eed6c750c --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/src/permission_callback_test.cpp @@ -0,0 +1,475 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "accesstoken_kit_test.h" + +#include "accesstoken_kit.h" +#include "token_setproc.h" + +using namespace testing::ext; +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static constexpr int32_t DEFAULT_API_VERSION = 8; +} +PermissionDef g_infoManagerTestPermDef1 = { + .permissionName = "ohos.permission.test1", + .bundleName = "accesstoken_test", + .grantMode = 1, + .availableLevel = APL_NORMAL, + .label = "label", + .labelId = 1, + .description = "open the door", + .descriptionId = 1 +}; + +PermissionDef g_infoManagerTestPermDef2 = { + .permissionName = "ohos.permission.test2", + .bundleName = "accesstoken_test", + .grantMode = 1, + .availableLevel = APL_NORMAL, + .label = "label", + .labelId = 1, + .description = "break the door", + .descriptionId = 1 +}; + +PermissionStateFull g_infoManagerTestState1 = { + .permissionName = "ohos.permission.test1", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {1} +}; + +PermissionStateFull g_infoManagerTestState2 = { + .permissionName = "ohos.permission.test2", + .isGeneral = false, + .resDeviceID = {"device 1", "device 2"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED, PermissionState::PERMISSION_GRANTED}, + .grantFlags = {1, 2} +}; + +HapInfoParams g_infoManagerTestInfoParms = { + .userID = 1, + .bundleName = "accesstoken_test", + .instIndex = 0, + .appIDDesc = "testtesttesttest", + .apiVersion = DEFAULT_API_VERSION +}; + +HapPolicyParams g_infoManagerTestPolicyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain", + .permList = {g_infoManagerTestPermDef1, g_infoManagerTestPermDef2}, + .permStateList = {g_infoManagerTestState1, g_infoManagerTestState2} +}; + +class PermissionCallbackTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); + uint32_t GetAccessTokenID(int32_t userID, std::string bundleName, int32_t instIndex); +}; + +void PermissionCallbackTest::SetUpTestCase() +{ + // make test case clean + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); +} + +void PermissionCallbackTest::TearDownTestCase() +{ +} + +void PermissionCallbackTest::SetUp() +{ +} + +void PermissionCallbackTest::TearDown() +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); +} + +uint32_t PermissionCallbackTest::GetAccessTokenID(int32_t userID, std::string bundleName, int32_t instIndex) +{ + return AccessTokenKit::GetHapTokenID(userID, bundleName, instIndex); +} + + +class CbCustomizeTest : public PermStateChangeCallbackCustomize { +public: + explicit CbCustomizeTest(const PermStateChangeScope &scopeInfo) + : PermStateChangeCallbackCustomize(scopeInfo) + { + GTEST_LOG_(INFO) << "CbCustomizeTest create"; + } + + ~CbCustomizeTest() + {} + + virtual void PermStateChangeCallback(PermStateChangeInfo& result) + { + ready_ = true; + GTEST_LOG_(INFO) << "CbCustomizeTest PermStateChangeCallback"; + GTEST_LOG_(INFO) << "tokenid" << result.tokenID; + GTEST_LOG_(INFO) << "permissionName" << result.permissionName; + } + + bool ready_; +}; + +/** + * @tc.name: RegisterPermStateChangeCallback001 + * @tc.desc: RegisterPermStateChangeCallback permList + * @tc.type: FUNC + * @tc.require: issue I5NT1X + */ +HWTEST_F(PermissionCallbackTest, RegisterPermStateChangeCallback001, TestSize.Level1) +{ + PermStateChangeScope scopeInfo; + scopeInfo.permList = {"ohos.permission.CAMERA"}; + scopeInfo.tokenIDs = {}; + auto callbackPtr = std::make_shared(scopeInfo); + callbackPtr->ready_ = false; + + int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); + + static PermissionStateFull infoManagerTestStateA = { + .permissionName = "ohos.permission.CAMERA", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {1} + }; + static HapPolicyParams infoManagerTestPolicyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain", + .permList = {}, + .permStateList = {infoManagerTestStateA} + }; + + AccessTokenIDEx tokenIdEx = {0}; + AccessTokenID tokenID; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams); + + tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ASSERT_NE(0, tokenID); + + ATokenTypeEnum ret = AccessTokenKit::GetTokenTypeFlag(tokenID); + ASSERT_EQ(ret, TOKEN_HAP); + + res = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.CAMERA"); + ASSERT_EQ(PERMISSION_DENIED, res); + + res = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.CAMERA", 2); + ASSERT_EQ(RET_SUCCESS, res); + + res = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.CAMERA"); + ASSERT_EQ(PERMISSION_GRANTED, res); + + ASSERT_EQ(true, callbackPtr->ready_); + + callbackPtr->ready_ = false; + + res = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.CAMERA", 2); + ASSERT_EQ(RET_SUCCESS, res); + + ASSERT_EQ(true, callbackPtr->ready_); + + res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, res); + + callbackPtr->ready_ = false; + + res = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.CAMERA", 2); + ASSERT_EQ(RET_SUCCESS, res); + + ASSERT_EQ(false, callbackPtr->ready_); + + callbackPtr->ready_ = false; + + res = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.CAMERA", 2); + ASSERT_EQ(RET_SUCCESS, res); + + ASSERT_EQ(false, callbackPtr->ready_); + + res = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, res); +} + +/** + * @tc.name: RegisterPermStateChangeCallback002 + * @tc.desc: RegisterPermStateChangeCallback permList + * @tc.type: FUNC + * @tc.require: issue I5NT1X + */ +HWTEST_F(PermissionCallbackTest, RegisterPermStateChangeCallback002, TestSize.Level1) +{ + PermStateChangeScope scopeInfo; + scopeInfo.permList = {"ohos.permission.GET_BUNDLE_INFO"}; + scopeInfo.tokenIDs = {}; + auto callbackPtr = std::make_shared(scopeInfo); + callbackPtr->ready_ = false; + + int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); + + static PermissionStateFull infoManagerTestStateA = { + .permissionName = "ohos.permission.GET_BUNDLE_INFO", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_GRANTED}, + .grantFlags = {1} + }; + static PermissionStateFull infoManagerTestStateB = { + .permissionName = "ohos.permission.CAMERA", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_GRANTED}, + .grantFlags = {1} + }; + static HapPolicyParams infoManagerTestPolicyPrams = { + .apl = APL_SYSTEM_BASIC, + .domain = "test.domain", + .permList = {}, + .permStateList = {infoManagerTestStateA, infoManagerTestStateB} + }; + + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams); + + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + + res = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.CAMERA"); + ASSERT_EQ(PERMISSION_GRANTED, res); + + res = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.CAMERA", 2); + ASSERT_EQ(RET_SUCCESS, res); + + ASSERT_EQ(false, callbackPtr->ready_); + + res = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, res); + + res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, res); +} + +/** + * @tc.name: RegisterPermStateChangeCallback003 + * @tc.desc: RegisterPermStateChangeCallback permList + * @tc.type: FUNC + * @tc.require: issue I5NT1X + */ +HWTEST_F(PermissionCallbackTest, RegisterPermStateChangeCallback003, TestSize.Level1) +{ + PermStateChangeScope scopeInfo; + scopeInfo.permList = {}; + scopeInfo.tokenIDs = {}; + auto callbackPtr = std::make_shared(scopeInfo); + callbackPtr->ready_ = false; + + int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); + + static PermissionStateFull infoManagerTestStateA = { + .permissionName = "ohos.permission.GET_BUNDLE_INFO", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {1} + }; + static PermissionStateFull infoManagerTestStateB = { + .permissionName = "ohos.permission.CAMERA", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {1} + }; + static HapPolicyParams infoManagerTestPolicyPrams = { + .apl = APL_SYSTEM_CORE, + .domain = "test.domain", + .permList = {}, + .permStateList = {infoManagerTestStateA, infoManagerTestStateB} + }; + + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams); + + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + + callbackPtr->ready_ = false; + res = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.CAMERA"); + ASSERT_EQ(PERMISSION_DENIED, res); + res = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.CAMERA", 2); + ASSERT_EQ(RET_SUCCESS, res); + res = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.CAMERA"); + ASSERT_EQ(PERMISSION_GRANTED, res); + ASSERT_EQ(true, callbackPtr->ready_); + + callbackPtr->ready_ = false; + res = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.GET_BUNDLE_INFO"); + ASSERT_EQ(PERMISSION_DENIED, res); + res = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.GET_BUNDLE_INFO", 2); + ASSERT_EQ(RET_SUCCESS, res); + + ASSERT_EQ(true, callbackPtr->ready_); + + res = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, res); + + res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, res); +} + +/** + * @tc.name: RegisterPermStateChangeCallback004 + * @tc.desc: RegisterPermStateChangeCallback permList + * @tc.type: FUNC + * @tc.require: issue I5NT1X + */ +HWTEST_F(PermissionCallbackTest, RegisterPermStateChangeCallback004, TestSize.Level1) +{ + PermStateChangeScope scopeInfo; + scopeInfo.permList = {"ohos.permission.GET_BUNDLE_INFO", "ohos.permission.CAMERA"}; + scopeInfo.tokenIDs = {555555}; // 555555为模拟的tokenid + auto callbackPtr = std::make_shared(scopeInfo); + callbackPtr->ready_ = false; + + int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); + + static PermissionStateFull infoManagerTestStateA = { + .permissionName = "ohos.permission.GET_BUNDLE_INFO", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_GRANTED}, + .grantFlags = {1}, + }; + static PermissionStateFull infoManagerTestStateB = { + .permissionName = "ohos.permission.CAMERA", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_GRANTED}, + .grantFlags = {1} + }; + static HapPolicyParams infoManagerTestPolicyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain", + .permList = {}, + .permStateList = {infoManagerTestStateA, infoManagerTestStateB} + }; + + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams); + + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + + callbackPtr->ready_ = false; + res = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.CAMERA"); + ASSERT_EQ(PERMISSION_GRANTED, res); + res = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.CAMERA", 2); + ASSERT_EQ(RET_SUCCESS, res); + res = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.CAMERA"); + ASSERT_EQ(PERMISSION_DENIED, res); + ASSERT_EQ(false, callbackPtr->ready_); + + callbackPtr->ready_ = false; + res = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.GET_BUNDLE_INFO"); + ASSERT_EQ(PERMISSION_GRANTED, res); + res = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.GET_BUNDLE_INFO", 2); + ASSERT_EQ(RET_SUCCESS, res); + + ASSERT_EQ(false, callbackPtr->ready_); + + res = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, res); + + res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, res); +} + +/** + * @tc.name: RegisterPermStateChangeCallback005 + * @tc.desc: RegisterPermStateChangeCallback permList + * @tc.type: FUNC + * @tc.require: issue I5NT1X + */ +HWTEST_F(PermissionCallbackTest, RegisterPermStateChangeCallback005, TestSize.Level1) +{ + static PermissionStateFull infoManagerTestStateA = { + .permissionName = "ohos.permission.CAMERA", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {1} + }; + static PermissionStateFull infoManagerTestStateB = { + .permissionName = "ohos.permission.GET_BUNDLE_INFO", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_GRANTED}, + .grantFlags = {1} + }; + static HapPolicyParams infoManagerTestPolicyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain", + .permList = {}, + .permStateList = {infoManagerTestStateA, infoManagerTestStateB} + }; + + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams); + + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + + PermStateChangeScope scopeInfo; + scopeInfo.permList = {"ohos.permission.GET_BUNDLE_INFO", "ohos.permission.CAMERA"}; + scopeInfo.tokenIDs = {tokenID, 0}; + auto callbackPtr = std::make_shared(scopeInfo); + callbackPtr->ready_ = false; + + int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); + + callbackPtr->ready_ = false; + res = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.CAMERA"); + ASSERT_EQ(PERMISSION_DENIED, res); + res = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.CAMERA", 2); + ASSERT_EQ(RET_SUCCESS, res); + ASSERT_EQ(true, callbackPtr->ready_); + + callbackPtr->ready_ = false; + res = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.GET_BUNDLE_INFO"); + ASSERT_EQ(PERMISSION_GRANTED, res); + res = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.GET_BUNDLE_INFO", 2); + ASSERT_EQ(RET_SUCCESS, res); + + ASSERT_EQ(false, callbackPtr->ready_); + + res = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, res); + + res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, res); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/remote_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/remote_token_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..ea19e2ea5b66cd3e2a51af19f266a329b3515f15 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/src/remote_token_test.cpp @@ -0,0 +1,1345 @@ +/* + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include "accesstoken_kit_test.h" +#include "accesstoken_kit.h" +#include "nativetoken_kit.h" +#include "accesstoken_log.h" +#include "token_setproc.h" +#include "softbus_bus_center.h" + +using namespace testing::ext; +using namespace OHOS::Security::AccessToken; +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "RemoteTokenTest"}; +PermissionDef g_infoManagerTestPermDef1 = { + .permissionName = "ohos.permission.test1", + .bundleName = "accesstoken_test", + .grantMode = 1, + .label = "label", + .labelId = 1, + .description = "open the door", + .descriptionId = 1, + .availableLevel = APL_NORMAL +}; + +PermissionDef g_infoManagerTestPermDef2 = { + .permissionName = "ohos.permission.test2", + .bundleName = "accesstoken_test", + .grantMode = 1, + .label = "label", + .labelId = 1, + .description = "break the door", + .descriptionId = 1, + .availableLevel = APL_NORMAL +}; + +PermissionStateFull g_infoManagerTestState1 = { + .grantFlags = {1}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .isGeneral = true, + .permissionName = "ohos.permission.test1", + .resDeviceID = {"local"} +}; + +PermissionStateFull g_infoManagerTestState2 = { + .permissionName = "ohos.permission.test2", + .isGeneral = false, + .grantFlags = {1, 2}, + .grantStatus = {PermissionState::PERMISSION_GRANTED, PermissionState::PERMISSION_GRANTED}, + .resDeviceID = {"device 1", "device 2"} +}; + +HapInfoParams g_infoManagerTestInfoParms = { + .bundleName = "accesstoken_test", + .userID = 1, + .instIndex = 0, + .appIDDesc = "testtesttesttest" +}; + +HapPolicyParams g_infoManagerTestPolicyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain", + .permList = {g_infoManagerTestPermDef1, g_infoManagerTestPermDef2}, + .permStateList = {g_infoManagerTestState1, g_infoManagerTestState2} +}; +} + +class RemoteTokenTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); + uint32_t GetAccessTokenID(int32_t userID, std::string bundleName, int32_t instIndex); + void DeleteTestToken() const; + void AllocTestToken() const; + uint64_t selfTokenId_; + std::string udid_; + std::string networkId_; +}; + +void NativeTokenGet() +{ + uint64_t tokenId; + const char **perms = new const char *[1]; + perms[0] = "ohos.permission.DISTRIBUTED_DATASYNC"; // system_core + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = 1, + .aclsNum = 0, + .dcaps = nullptr, + .perms = perms, + .acls = nullptr, + .aplStr = "system_basic", + }; + + infoInstance.processName = "SetUpTestCase"; + tokenId = GetAccessTokenId(&infoInstance); + ASSERT_NE(tokenId, 0); + SetSelfTokenID(tokenId); + delete[] perms; +} + +void RemoteTokenTest::SetUpTestCase() +{ + // make test case clean + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); + + NativeTokenGet(); + AccessTokenKit::ReloadNativeTokenInfo(); +} + +void RemoteTokenTest::TearDownTestCase() +{ +} + +void RemoteTokenTest::SetUp() +{ + selfTokenId_ = GetSelfTokenID(); + HapInfoParams info = { + .userID = TEST_USER_ID, + .bundleName = TEST_BUNDLE_NAME, + .instIndex = 0, + .appIDDesc = "appIDDesc", + }; + + HapPolicyParams policy = { + .apl = APL_NORMAL, + .domain = "domain" + }; + + PermissionDef permissionDefAlpha = { + .permissionName = TEST_PERMISSION_NAME_ALPHA, + .bundleName = TEST_BUNDLE_NAME, + .grantMode = GrantMode::USER_GRANT, + .availableLevel = APL_NORMAL, + .provisionEnable = false, + .distributedSceneEnable = false + }; + + PermissionDef permissionDefBeta = { + .permissionName = TEST_PERMISSION_NAME_BETA, + .bundleName = TEST_BUNDLE_NAME, + .grantMode = GrantMode::SYSTEM_GRANT, + .availableLevel = APL_NORMAL, + .provisionEnable = false, + .distributedSceneEnable = false + }; + PermissionDef testPermDef1 = { + .permissionName = "ohos.permission.testPermDef1", + .bundleName = TEST_BUNDLE_NAME, + .grantMode = GrantMode::USER_GRANT, + .availableLevel = APL_NORMAL, + .provisionEnable = false, + .distributedSceneEnable = false + }; + + PermissionDef testPermDef2 = { + .permissionName = "ohos.permission.testPermDef2", + .bundleName = TEST_BUNDLE_NAME, + .grantMode = GrantMode::USER_GRANT, + .availableLevel = APL_NORMAL, + .provisionEnable = false, + .distributedSceneEnable = false + }; + + PermissionDef testPermDef3 = { + .permissionName = "ohos.permission.testPermDef3", + .bundleName = TEST_BUNDLE_NAME, + .grantMode = GrantMode::USER_GRANT, + .availableLevel = APL_NORMAL, + .provisionEnable = false, + .distributedSceneEnable = false + }; + PermissionDef testPermDef4 = { + .permissionName = "ohos.permission.testPermDef4", + .bundleName = TEST_BUNDLE_NAME, + .grantMode = GrantMode::USER_GRANT, + .availableLevel = APL_NORMAL, + .provisionEnable = false, + .distributedSceneEnable = false + }; + policy.permList.emplace_back(permissionDefAlpha); + policy.permList.emplace_back(permissionDefBeta); + policy.permList.emplace_back(testPermDef1); + policy.permList.emplace_back(testPermDef2); + policy.permList.emplace_back(testPermDef3); + policy.permList.emplace_back(testPermDef4); + + PermissionStateFull permStatAlpha = { + .permissionName = TEST_PERMISSION_NAME_ALPHA, + .isGeneral = true, + .resDeviceID = {"device"}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .grantFlags = {PermissionFlag::PERMISSION_USER_SET} + }; + PermissionStateFull permStatBeta = { + .permissionName = TEST_PERMISSION_NAME_BETA, + .isGeneral = true, + .resDeviceID = {"device"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED} + }; + PermissionStateFull permTestState1 = { + .grantFlags = {0}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .isGeneral = true, + .permissionName = "ohos.permission.testPermDef1", + .resDeviceID = {"local"} + }; + + PermissionStateFull permTestState2 = { + .grantFlags = {1}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .isGeneral = true, + .permissionName = "ohos.permission.testPermDef2", + .resDeviceID = {"local"} + }; + + PermissionStateFull permTestState3 = { + .grantFlags = {2}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .isGeneral = true, + .permissionName = "ohos.permission.testPermDef3", + .resDeviceID = {"local"} + }; + + PermissionStateFull permTestState4 = { + .grantFlags = {1}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .isGeneral = true, + .permissionName = "ohos.permission.testPermDef4", + .resDeviceID = {"local"} + }; + + policy.permStateList.emplace_back(permStatAlpha); + policy.permStateList.emplace_back(permStatBeta); + policy.permStateList.emplace_back(permTestState1); + policy.permStateList.emplace_back(permTestState1); + policy.permStateList.emplace_back(permTestState2); + policy.permStateList.emplace_back(permTestState3); + policy.permStateList.emplace_back(permTestState4); + AccessTokenKit::AllocHapToken(info, policy); + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + (void)remove("/data/token.json"); + + NodeBasicInfo deviceInfo; + int32_t res = ::GetLocalNodeDeviceInfo(TEST_PKG_NAME.c_str(), &deviceInfo); + ASSERT_EQ(res, RET_SUCCESS); + char udid[128] = {0}; // 128 is udid length + ::GetNodeKeyInfo(TEST_PKG_NAME.c_str(), deviceInfo.networkId, + NodeDeviceInfoKey::NODE_KEY_UDID, (uint8_t *)udid, 128); // 128 is udid length + + udid_.append(udid); + networkId_.append(deviceInfo.networkId); + + ACCESSTOKEN_LOG_INFO(LABEL, "SetUp ok."); +} + +void RemoteTokenTest::TearDown() +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); + SetSelfTokenID(selfTokenId_); + udid_.clear(); + networkId_.clear(); +} + +uint32_t RemoteTokenTest::GetAccessTokenID(int32_t userID, std::string bundleName, int32_t instIndex) +{ + return AccessTokenKit::GetHapTokenID(userID, bundleName, instIndex); +} + +void RemoteTokenTest::DeleteTestToken() const +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + int32_t ret = AccessTokenKit::DeleteToken(tokenID); + if (tokenID != 0) { + ASSERT_EQ(RET_SUCCESS, ret); + } +} + +void RemoteTokenTest::AllocTestToken() const +{ + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_NE(0, tokenIdEx.tokenIdExStruct.tokenID); +} + +#ifdef TOKEN_SYNC_ENABLE +/** + * @tc.name: SetRemoteHapTokenInfo001 + * @tc.desc: set remote hap token info success + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(RemoteTokenTest, SetRemoteHapTokenInfo001, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo001 start."); + std::string deviceID = udid_; + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + HapTokenInfo baseInfo = { + .apl = APL_NORMAL, + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .appID = "testtesttesttest", + .deviceID = deviceID, + .tokenID = 0x20100000, + .tokenAttr = 0 + }; + + PermissionStateFull infoManagerTestState = { + .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .isGeneral = true, + .permissionName = "ohos.permission.test1", + .resDeviceID = {"local"}}; + std::vector permStateList; + permStateList.emplace_back(infoManagerTestState); + + HapTokenInfoForSync remoteTokenInfo = { + .baseInfo = baseInfo, + .permStateList = permStateList + }; + + int32_t ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_EQ(ret, RET_SUCCESS); + + // Get local map token ID + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); + ASSERT_NE(mapID, 0); + + // check local map token + HapTokenInfo resultInfo; + ret = AccessTokenKit::GetHapTokenInfo(mapID, resultInfo); + ASSERT_EQ(ret, RET_SUCCESS); + ASSERT_EQ(resultInfo.apl, remoteTokenInfo.baseInfo.apl); + ASSERT_EQ(resultInfo.ver, remoteTokenInfo.baseInfo.ver); + ASSERT_EQ(resultInfo.userID, remoteTokenInfo.baseInfo.userID); + ASSERT_EQ(resultInfo.bundleName, remoteTokenInfo.baseInfo.bundleName); + ASSERT_EQ(resultInfo.instIndex, remoteTokenInfo.baseInfo.instIndex); + ASSERT_EQ(resultInfo.appID, remoteTokenInfo.baseInfo.appID); + ASSERT_EQ(resultInfo.deviceID, remoteTokenInfo.baseInfo.deviceID); + ASSERT_NE(resultInfo.tokenID, remoteTokenInfo.baseInfo.tokenID); // tokenID already is map tokenID + ASSERT_EQ(resultInfo.tokenAttr, remoteTokenInfo.baseInfo.tokenAttr); + + ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1"); + ASSERT_EQ(ret, PermissionState::PERMISSION_GRANTED); + + ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + ASSERT_EQ(ret, RET_SUCCESS); +} + +/** + * @tc.name: SetRemoteHapTokenInfo002 + * @tc.desc: set remote hap token info, token info is wrong + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(RemoteTokenTest, SetRemoteHapTokenInfo002, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo002 start."); + std::string deviceID = udid_; + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + HapTokenInfo rightBaseInfo = { + .apl = APL_NORMAL, + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .appID = "testtesttesttest", + .deviceID = udid_, + .tokenID = 0x20100000, + .tokenAttr = 0 + }; + + HapTokenInfo wrongBaseInfo = rightBaseInfo; + wrongBaseInfo.apl = (ATokenAplEnum)11; // wrong apl + + PermissionStateFull infoManagerTestState = { + .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .isGeneral = true, + .permissionName = "ohos.permission.test1", + .resDeviceID = {"local"}}; + std::vector permStateList; + permStateList.emplace_back(infoManagerTestState); + + HapTokenInfoForSync remoteTokenInfo = { + .baseInfo = wrongBaseInfo, + .permStateList = permStateList + }; + + int32_t ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_NE(ret, RET_SUCCESS); + + std::string wrongStr(10241, 'x'); + + wrongBaseInfo = rightBaseInfo; + wrongBaseInfo.appID = wrongStr; // wrong appID + remoteTokenInfo.baseInfo = wrongBaseInfo; + ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_NE(ret, RET_SUCCESS); + + wrongBaseInfo = rightBaseInfo; + wrongBaseInfo.bundleName = wrongStr; // wrong bundleName + remoteTokenInfo.baseInfo = wrongBaseInfo; + ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_NE(ret, RET_SUCCESS); + + wrongBaseInfo = rightBaseInfo; + wrongBaseInfo.deviceID = wrongStr; // wrong deviceID + remoteTokenInfo.baseInfo = wrongBaseInfo; + ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_NE(ret, RET_SUCCESS); + + wrongBaseInfo = rightBaseInfo; + wrongBaseInfo.tokenID = 0; // wrong tokenID + remoteTokenInfo.baseInfo = wrongBaseInfo; + ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_NE(ret, RET_SUCCESS); +} + +/** + * @tc.name: SetRemoteHapTokenInfo003 + * @tc.desc: set remote hap token wrong permission grant + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(RemoteTokenTest, SetRemoteHapTokenInfo003, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo003 start."); + std::string deviceID = udid_; + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + HapTokenInfo baseInfo = { + .apl = APL_NORMAL, + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .appID = "testtesttesttest", + .deviceID = udid_, + .tokenID = 0x20100000, + .tokenAttr = 0 + }; + + PermissionStateFull infoManagerTestState = { + .grantFlags = {11}, // wrong flags + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .isGeneral = true, + .permissionName = "ohos.permission.test1", + .resDeviceID = {"local"}}; + std::vector permStateList; + permStateList.emplace_back(infoManagerTestState); + + HapTokenInfoForSync remoteTokenInfo = { + .baseInfo = baseInfo, + .permStateList = permStateList + }; + + int32_t ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_EQ(ret, RET_SUCCESS); + + // Get local map token ID + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); + ASSERT_NE(mapID, 0); + + ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1"); + ASSERT_EQ(ret, PermissionState::PERMISSION_DENIED); + + ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + ASSERT_EQ(ret, RET_SUCCESS); +} + +/** + * @tc.name: SetRemoteHapTokenInfo004 + * @tc.desc: update remote hap token when remote exist + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(RemoteTokenTest, SetRemoteHapTokenInfo004, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo004 start."); + std::string deviceID = udid_; + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + HapTokenInfo baseInfo = { + .apl = APL_NORMAL, + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .appID = "testtesttesttest", + .deviceID = udid_, + .tokenID = 0x20100000, + .tokenAttr = 0 + }; + + PermissionStateFull infoManagerTestState = { + .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, // first denied + .isGeneral = true, + .permissionName = "ohos.permission.test1", + .resDeviceID = {"local"}}; + std::vector permStateList; + permStateList.emplace_back(infoManagerTestState); + + HapTokenInfoForSync remoteTokenInfo = { + .baseInfo = baseInfo, + .permStateList = permStateList + }; + + int32_t ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_EQ(ret, RET_SUCCESS); + + // Get local map token ID + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); + ASSERT_NE(mapID, 0); + + ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1"); + ASSERT_EQ(ret, PermissionState::PERMISSION_DENIED); + + remoteTokenInfo.permStateList[0].grantStatus[0] = PermissionState::PERMISSION_GRANTED; // second granted + ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_EQ(ret, RET_SUCCESS); + + ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1"); + ASSERT_EQ(ret, PermissionState::PERMISSION_GRANTED); + + ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + ASSERT_EQ(ret, RET_SUCCESS); +} + +/** + * @tc.name: SetRemoteHapTokenInfo005 + * @tc.desc: add remote hap token, it can not grant by GrantPermission + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(RemoteTokenTest, SetRemoteHapTokenInfo005, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo005 start."); + std::string deviceID = udid_; + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + HapTokenInfo baseInfo = { + .apl = APL_NORMAL, + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .appID = "testtesttesttest", + .deviceID = udid_, + .tokenID = 0x20100000, + .tokenAttr = 0 + }; + + PermissionStateFull infoManagerTestState = { + .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, // first denied + .isGeneral = true, + .permissionName = "ohos.permission.test1", + .resDeviceID = {"local"}}; + std::vector permStateList; + permStateList.emplace_back(infoManagerTestState); + + HapTokenInfoForSync remoteTokenInfo = { + .baseInfo = baseInfo, + .permStateList = permStateList + }; + + int32_t ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_EQ(ret, RET_SUCCESS); + + // Get local map token ID + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); + ASSERT_NE(mapID, 0); + + ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1"); + ASSERT_EQ(ret, PermissionState::PERMISSION_DENIED); + + ret = AccessTokenKit::GrantPermission(mapID, "ohos.permission.test1", PermissionFlag::PERMISSION_SYSTEM_FIXED); + ASSERT_EQ(ret, RET_SUCCESS); + + ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1"); + ASSERT_EQ(ret, PermissionState::PERMISSION_DENIED); + + ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + ASSERT_EQ(ret, RET_SUCCESS); +} + +/** + * @tc.name: SetRemoteHapTokenInfo006 + * @tc.desc: add remote hap token, it can not revoke by RevokePermission + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(RemoteTokenTest, SetRemoteHapTokenInfo006, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo006 start."); + std::string deviceID = udid_; + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + HapTokenInfo baseInfo = { + .apl = APL_NORMAL, + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .appID = "testtesttesttest", + .deviceID = udid_, + .tokenID = 0x20100000, + .tokenAttr = 0 + }; + + PermissionStateFull infoManagerTestState = { + .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, // first grant + .isGeneral = true, + .permissionName = "ohos.permission.test1", + .resDeviceID = {"local"}}; + std::vector permStateList; + permStateList.emplace_back(infoManagerTestState); + + HapTokenInfoForSync remoteTokenInfo = { + .baseInfo = baseInfo, + .permStateList = permStateList + }; + + int32_t ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_EQ(ret, RET_SUCCESS); + + // Get local map token ID + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); + ASSERT_NE(mapID, 0); + + ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1"); + ASSERT_EQ(ret, PermissionState::PERMISSION_GRANTED); + + ret = AccessTokenKit::RevokePermission(mapID, "ohos.permission.test1", PermissionFlag::PERMISSION_SYSTEM_FIXED); + ASSERT_EQ(ret, RET_SUCCESS); + + ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1"); + ASSERT_EQ(ret, PermissionState::PERMISSION_GRANTED); + + ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + ASSERT_EQ(ret, RET_SUCCESS); +} + +/** + * @tc.name: SetRemoteHapTokenInfo007 + * @tc.desc: add remote hap token, it can not delete by DeleteToken + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(RemoteTokenTest, SetRemoteHapTokenInfo007, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo007 start."); + std::string deviceID = udid_; + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + HapTokenInfo baseInfo = { + .apl = APL_NORMAL, + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .appID = "testtesttesttest", + .deviceID = udid_, + .tokenID = 0x20100000, + .tokenAttr = 0 + }; + + PermissionStateFull infoManagerTestState = { + .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, // first denied + .isGeneral = true, + .permissionName = "ohos.permission.test1", + .resDeviceID = {"local"}}; + std::vector permStateList; + permStateList.emplace_back(infoManagerTestState); + + HapTokenInfoForSync remoteTokenInfo = { + .baseInfo = baseInfo, + .permStateList = permStateList + }; + + int32_t ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_EQ(ret, RET_SUCCESS); + + // Get local map token ID + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); + ASSERT_NE(mapID, 0); + + ret = AccessTokenKit::DeleteToken(mapID); + ASSERT_EQ(ret, RET_FAILED); + + ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + ASSERT_EQ(ret, RET_SUCCESS); +} + +/** + * @tc.name: SetRemoteHapTokenInfo008 + * @tc.desc: add remote hap token, it can not update by UpdateHapToken + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(RemoteTokenTest, SetRemoteHapTokenInfo008, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo008 start."); + std::string deviceID = udid_; + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + HapTokenInfo baseInfo = { + .apl = APL_NORMAL, + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .appID = "testtesttesttest", + .deviceID = udid_, + .tokenID = 0x20100000, + .tokenAttr = 0 + }; + + PermissionStateFull infoManagerTestState = { + .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, // first denied + .isGeneral = true, + .permissionName = "ohos.permission.test1", + .resDeviceID = {"local"}}; + std::vector permStateList; + permStateList.emplace_back(infoManagerTestState); + + HapTokenInfoForSync remoteTokenInfo = { + .baseInfo = baseInfo, + .permStateList = permStateList + }; + + int32_t ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_EQ(ret, RET_SUCCESS); + + // Get local map token ID + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); + ASSERT_NE(mapID, 0); + + HapPolicyParams policy; + + int32_t apiVersion = 8; + ret = AccessTokenKit::UpdateHapToken(mapID, "updateFailed", apiVersion, policy); + ASSERT_EQ(ret, RET_FAILED); + + ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + ASSERT_EQ(ret, RET_SUCCESS); +} + +/** + * @tc.name: SetRemoteHapTokenInfo009 + * @tc.desc: add remote hap token, it can not clear by ClearUserGrantedPermissionState + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(RemoteTokenTest, SetRemoteHapTokenInfo009, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo009 start."); + std::string deviceID = udid_; + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + HapTokenInfo baseInfo = { + .apl = APL_NORMAL, + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .appID = "testtesttesttest", + .deviceID = udid_, + .tokenID = 0x20100000, + .tokenAttr = 0 + }; + + PermissionStateFull infoManagerTestState = { + .grantFlags = {PermissionFlag::PERMISSION_USER_SET}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .isGeneral = true, + .permissionName = "ohos.permission.test1", + .resDeviceID = {"local"}}; + std::vector permStateList; + permStateList.emplace_back(infoManagerTestState); + + HapTokenInfoForSync remoteTokenInfo = { + .baseInfo = baseInfo, + .permStateList = permStateList + }; + + int32_t ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_EQ(ret, RET_SUCCESS); + + // Get local map token ID + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); + ASSERT_NE(mapID, 0); + + ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1"); + ASSERT_EQ(ret, PermissionState::PERMISSION_GRANTED); + + ret = AccessTokenKit::ClearUserGrantedPermissionState(mapID); + ASSERT_EQ(ret, RET_SUCCESS); + + ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1"); + ASSERT_EQ(ret, PermissionState::PERMISSION_GRANTED); + + ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + ASSERT_EQ(ret, RET_SUCCESS); +} + +/** + * @tc.name: SetRemoteHapTokenInfo010 + * @tc.desc: tokenID is not hap token + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(RemoteTokenTest, SetRemoteHapTokenInfo010, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo009 start."); + std::string deviceID = udid_; + HapTokenInfo baseInfo = { + .apl = APL_NORMAL, + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .appID = "testtesttesttest", + .deviceID = udid_, + .tokenID = 0x28100000, + .tokenAttr = 0 + }; + + PermissionStateFull infoManagerTestState = { + .grantFlags = {PermissionFlag::PERMISSION_USER_SET}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .isGeneral = true, + .permissionName = "ohos.permission.test1", + .resDeviceID = {"local"}}; + std::vector permStateList; + permStateList.emplace_back(infoManagerTestState); + + HapTokenInfoForSync remoteTokenInfo = { + .baseInfo = baseInfo, + .permStateList = permStateList + }; + + int32_t ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_NE(ret, RET_SUCCESS); +} + +/** + * @tc.name: DeleteRemoteDeviceToken001 + * @tc.desc: delete exist device mapping tokenId + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(RemoteTokenTest, DeleteRemoteDeviceToken001, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "DeleteRemoteDeviceTokens001 start."); + std::string deviceID = udid_; + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + HapTokenInfo baseInfo = { + .apl = APL_NORMAL, + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .appID = "testtesttesttest", + .deviceID = deviceID, + .tokenID = 0x20100000, + .tokenAttr = 0 + }; + + PermissionStateFull infoManagerTestState = { + .grantFlags = {PermissionFlag::PERMISSION_USER_SET}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .isGeneral = true, + .permissionName = "ohos.permission.test1", + .resDeviceID = {"local"}}; + std::vector permStateList; + permStateList.emplace_back(infoManagerTestState); + + HapTokenInfoForSync remoteTokenInfo = { + .baseInfo = baseInfo, + .permStateList = permStateList + }; + + int32_t ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_EQ(ret, RET_SUCCESS); + + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); + ASSERT_NE(mapID, 0); + + HapTokenInfo info; + ret = AccessTokenKit::GetHapTokenInfo(mapID, info); + ASSERT_EQ(ret, RET_SUCCESS); + + ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + ASSERT_EQ(ret, RET_SUCCESS); + + ret = AccessTokenKit::GetHapTokenInfo(mapID, info); + ASSERT_NE(ret, RET_SUCCESS); +} + +/** + * @tc.name: DeleteRemoteDeviceToken002 + * @tc.desc: delete exist device mapping tokenId + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(RemoteTokenTest, DeleteRemoteDeviceToken002, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "DeleteRemoteDeviceTokens001 start."); + std::string deviceID = udid_; + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + HapTokenInfo baseInfo = { + .apl = APL_NORMAL, + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .appID = "testtesttesttest", + .deviceID = deviceID, + .tokenID = 0x20100000, + .tokenAttr = 0 + }; + + PermissionStateFull infoManagerTestState = { + .grantFlags = {PermissionFlag::PERMISSION_USER_SET}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .isGeneral = true, + .permissionName = "ohos.permission.test1", + .resDeviceID = {"local"}}; + std::vector permStateList; + permStateList.emplace_back(infoManagerTestState); + + HapTokenInfoForSync remoteTokenInfo = { + .baseInfo = baseInfo, + .permStateList = permStateList + }; + + int32_t ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_EQ(ret, RET_SUCCESS); + + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); + ASSERT_NE(mapID, 0); + + HapTokenInfo info; + ret = AccessTokenKit::GetHapTokenInfo(mapID, info); + ASSERT_EQ(ret, RET_SUCCESS); + + ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0); + ASSERT_NE(ret, RET_SUCCESS); + + // deviceID is wrong + std::string wrongStr(10241, 'x'); + deviceID = wrongStr; + ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + ASSERT_NE(ret, RET_SUCCESS); +} + +/** + * @tc.name: DeleteRemoteDeviceToken003 + * @tc.desc: delete exist device mapping tokenId + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(RemoteTokenTest, DeleteRemoteDeviceToken003, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "DeleteRemoteDeviceToken003 start."); + std::string deviceID = udid_; + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + + int32_t ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + ASSERT_NE(ret, RET_SUCCESS); +} + +/** + * @tc.name: DeleteRemoteDeviceTokens001 + * @tc.desc: delete all mapping tokens of exist device + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(RemoteTokenTest, DeleteRemoteDeviceTokens001, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "DeleteRemoteDeviceTokens001 start."); + std::string deviceID = udid_; + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100001); + HapTokenInfo baseInfo = { + .apl = APL_NORMAL, + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .appID = "testtesttesttest", + .deviceID = udid_, + .tokenID = 0x20100000, + .tokenAttr = 0 + }; + + PermissionStateFull infoManagerTestState = { + .grantFlags = {PermissionFlag::PERMISSION_USER_SET}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .isGeneral = true, + .permissionName = "ohos.permission.test1", + .resDeviceID = {"local"}}; + std::vector permStateList; + permStateList.emplace_back(infoManagerTestState); + + HapTokenInfoForSync remoteTokenInfo = { + .baseInfo = baseInfo, + .permStateList = permStateList + }; + + int32_t ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_EQ(ret, RET_SUCCESS); + + HapTokenInfoForSync remoteTokenInfo1 = remoteTokenInfo; + remoteTokenInfo1.baseInfo.tokenID = 0x20100001; + remoteTokenInfo1.baseInfo.bundleName = "com.ohos.access_token1"; + ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo1); + ASSERT_EQ(ret, RET_SUCCESS); + + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); + ASSERT_NE(mapID, 0); + AccessTokenID mapID1 = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100001); + ASSERT_NE(mapID1, 0); + + ret = AccessTokenKit::DeleteRemoteDeviceTokens(deviceID); + ASSERT_EQ(ret, RET_SUCCESS); + + HapTokenInfo info; + ret = AccessTokenKit::GetHapTokenInfo(mapID, info); + ASSERT_NE(ret, RET_SUCCESS); + ret = AccessTokenKit::GetHapTokenInfo(mapID1, info); + ASSERT_NE(ret, RET_SUCCESS); +} + +/** + * @tc.name: DeleteRemoteDeviceTokens002 + * @tc.desc: delete all mapping tokens of NOT exist device + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(RemoteTokenTest, DeleteRemoteDeviceTokens002, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "DeleteRemoteDeviceTokens002 start."); + std::string deviceID = udid_; + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100001); + HapTokenInfo baseInfo = { + .apl = APL_NORMAL, + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .appID = "testtesttesttest", + .deviceID = udid_, + .tokenID = 0x20100000, + .tokenAttr = 0 + }; + + PermissionStateFull infoManagerTestState = { + .grantFlags = {PermissionFlag::PERMISSION_USER_SET}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .isGeneral = true, + .permissionName = "ohos.permission.test1", + .resDeviceID = {"local"}}; + std::vector permStateList; + permStateList.emplace_back(infoManagerTestState); + + HapTokenInfoForSync remoteTokenInfo = { + .baseInfo = baseInfo, + .permStateList = permStateList + }; + + int32_t ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_EQ(ret, RET_SUCCESS); + + HapTokenInfoForSync remoteTokenInfo1 = remoteTokenInfo; + remoteTokenInfo1.baseInfo.tokenID = 0x20100001; + remoteTokenInfo1.baseInfo.bundleName = "com.ohos.access_token1"; + ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo1); + ASSERT_EQ(ret, RET_SUCCESS); + + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); + ASSERT_NE(mapID, 0); + AccessTokenID mapID1 = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100001); + ASSERT_NE(mapID1, 0); + + ret = AccessTokenKit::DeleteRemoteDeviceTokens("1111111"); + ASSERT_NE(ret, RET_SUCCESS); + + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100001); +} + +/** + * @tc.name: GetHapTokenInfoFromRemote001 + * @tc.desc: get normal local tokenInfo + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(RemoteTokenTest, GetHapTokenInfoFromRemote001, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "GetHapTokenInfoFromRemote001 start."); + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + AccessTokenID localTokenID = tokenIdEx.tokenIdExStruct.tokenID; + + HapTokenInfoForSync infoSync; + int32_t ret = AccessTokenKit::GetHapTokenInfoFromRemote(localTokenID, infoSync); + ASSERT_EQ(ret, RET_SUCCESS); + ASSERT_EQ(infoSync.baseInfo.apl, g_infoManagerTestPolicyPrams.apl); + ASSERT_EQ(infoSync.permStateList.size(), 2); + ASSERT_EQ(infoSync.permStateList[1].grantFlags.size(), 2); + + ASSERT_EQ(infoSync.permStateList[0].permissionName, g_infoManagerTestPolicyPrams.permStateList[0].permissionName); + ASSERT_EQ(infoSync.permStateList[0].grantFlags[0], g_infoManagerTestPolicyPrams.permStateList[0].grantFlags[0]); + ASSERT_EQ(infoSync.permStateList[0].grantStatus[0], g_infoManagerTestPolicyPrams.permStateList[0].grantStatus[0]); + ASSERT_EQ(infoSync.permStateList[0].resDeviceID[0], g_infoManagerTestPolicyPrams.permStateList[0].resDeviceID[0]); + ASSERT_EQ(infoSync.permStateList[0].isGeneral, g_infoManagerTestPolicyPrams.permStateList[0].isGeneral); + + ASSERT_EQ(infoSync.permStateList[1].permissionName, g_infoManagerTestPolicyPrams.permStateList[1].permissionName); + ASSERT_EQ(infoSync.permStateList[1].grantFlags[0], g_infoManagerTestPolicyPrams.permStateList[1].grantFlags[0]); + ASSERT_EQ(infoSync.permStateList[1].grantStatus[0], g_infoManagerTestPolicyPrams.permStateList[1].grantStatus[0]); + ASSERT_EQ(infoSync.permStateList[1].resDeviceID[0], g_infoManagerTestPolicyPrams.permStateList[1].resDeviceID[0]); + ASSERT_EQ(infoSync.permStateList[1].isGeneral, g_infoManagerTestPolicyPrams.permStateList[1].isGeneral); + + ASSERT_EQ(infoSync.permStateList[1].grantFlags[1], g_infoManagerTestPolicyPrams.permStateList[1].grantFlags[1]); + ASSERT_EQ(infoSync.permStateList[1].grantStatus[1], g_infoManagerTestPolicyPrams.permStateList[1].grantStatus[1]); + ASSERT_EQ(infoSync.permStateList[1].resDeviceID[1], g_infoManagerTestPolicyPrams.permStateList[1].resDeviceID[1]); + + ASSERT_EQ(infoSync.baseInfo.bundleName, g_infoManagerTestInfoParms.bundleName); + ASSERT_EQ(infoSync.baseInfo.userID, g_infoManagerTestInfoParms.userID); + ASSERT_EQ(infoSync.baseInfo.instIndex, g_infoManagerTestInfoParms.instIndex); + ASSERT_EQ(infoSync.baseInfo.appID, g_infoManagerTestInfoParms.appIDDesc); + ASSERT_EQ(infoSync.baseInfo.ver, 1); + ASSERT_EQ(infoSync.baseInfo.tokenID, localTokenID); + ASSERT_EQ(infoSync.baseInfo.tokenAttr, 0); + + AccessTokenKit::DeleteToken(localTokenID); +} + +/** + * @tc.name: GetHapTokenInfoFromRemote002 + * @tc.desc: get remote mapping tokenInfo + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(RemoteTokenTest, GetHapTokenInfoFromRemote002, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "GetHapTokenInfoFromRemote002 start."); + std::string deviceID = udid_; + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + HapTokenInfo baseInfo = { + .apl = APL_NORMAL, + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .appID = "testtesttesttest", + .deviceID = udid_, + .tokenID = 0x20100000, + .tokenAttr = 0 + }; + + PermissionStateFull infoManagerTestState = { + .grantFlags = {PermissionFlag::PERMISSION_USER_SET}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .isGeneral = true, + .permissionName = "ohos.permission.test1", + .resDeviceID = {"local"}}; + std::vector permStateList; + permStateList.emplace_back(infoManagerTestState); + + HapTokenInfoForSync remoteTokenInfo = { + .baseInfo = baseInfo, + .permStateList = permStateList + }; + + int32_t ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_EQ(ret, RET_SUCCESS); + + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); + ASSERT_NE(mapID, 0); + + HapTokenInfoForSync infoSync; + ret = AccessTokenKit::GetHapTokenInfoFromRemote(mapID, infoSync); + ASSERT_NE(ret, RET_SUCCESS); + + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); +} + +/** + * @tc.name: GetHapTokenInfoFromRemote003 + * @tc.desc: get wrong tokenInfo + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(RemoteTokenTest, GetHapTokenInfoFromRemote003, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "GetHapTokenInfoFromRemote003 start."); + HapTokenInfoForSync infoSync; + int32_t ret = AccessTokenKit::GetHapTokenInfoFromRemote(0, infoSync); + ASSERT_NE(ret, RET_SUCCESS); +} + +/** + * @tc.name: AllocLocalTokenID001 + * @tc.desc: get already mapping tokenInfo, makesure ipc right + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(RemoteTokenTest, AllocLocalTokenID001, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "AllocLocalTokenID001 start."); + std::string deviceID = udid_; + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + HapTokenInfo baseInfo = { + .apl = APL_NORMAL, + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .appID = "testtesttesttest", + .deviceID = udid_, + .tokenID = 0x20100000, + .tokenAttr = 0 + }; + + PermissionStateFull infoManagerTestState = { + .grantFlags = {PermissionFlag::PERMISSION_USER_SET}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .isGeneral = true, + .permissionName = "ohos.permission.test1", + .resDeviceID = {"local"}}; + std::vector permStateList; + permStateList.emplace_back(infoManagerTestState); + + HapTokenInfoForSync remoteTokenInfo = { + .baseInfo = baseInfo, + .permStateList = permStateList + }; + + int32_t ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_EQ(ret, RET_SUCCESS); + + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); + ASSERT_NE(mapID, 0); +} + +/** + * @tc.name: GetAllNativeTokenInfo001 + * @tc.desc: get all native token with dcaps + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(RemoteTokenTest, GetAllNativeTokenInfo001, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "GetAllNativeTokenInfo001 start."); + + std::vector nativeTokenInfosRes; + int32_t ret = AccessTokenKit::GetAllNativeTokenInfo(nativeTokenInfosRes); + ASSERT_EQ(ret, RET_SUCCESS); +} + +/** + * @tc.name: SetRemoteNativeTokenInfo001 + * @tc.desc: set already mapping tokenInfo + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(RemoteTokenTest, SetRemoteNativeTokenInfo001, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteNativeTokenInfo001 start."); + std::string deviceID = udid_; + + NativeTokenInfoForSync native1 = { + .baseInfo.apl = APL_NORMAL, + .baseInfo.ver = 1, + .baseInfo.processName = "native_test1", + .baseInfo.dcap = {"SYSDCAP", "DMSDCAP"}, + .baseInfo.tokenID = 0x28000000, + .baseInfo.tokenAttr = 0, + .baseInfo.nativeAcls = {"ohos.permission.DISTRIBUTED_DATASYNC"}, + }; + + std::vector nativeTokenInfoList; + nativeTokenInfoList.emplace_back(native1); + + int32_t ret = AccessTokenKit::SetRemoteNativeTokenInfo(deviceID, nativeTokenInfoList); + ASSERT_EQ(ret, RET_SUCCESS); + + AccessTokenID mapID = AccessTokenKit::GetRemoteNativeTokenID(deviceID, 0x28000000); + ASSERT_NE(mapID, 0); + + NativeTokenInfo resultInfo; + ret = AccessTokenKit::GetNativeTokenInfo(mapID, resultInfo); + ASSERT_EQ(ret, RET_SUCCESS); + + ASSERT_EQ(resultInfo.apl, native1.baseInfo.apl); + ASSERT_EQ(resultInfo.ver, native1.baseInfo.ver); + ASSERT_EQ(resultInfo.processName, native1.baseInfo.processName); + ASSERT_EQ(resultInfo.dcap.size(), 2); + ASSERT_EQ(resultInfo.dcap[0], "SYSDCAP"); + ASSERT_EQ(resultInfo.dcap[1], "DMSDCAP"); + ASSERT_EQ(resultInfo.nativeAcls.size(), 1); + ASSERT_EQ(resultInfo.nativeAcls[0], "ohos.permission.DISTRIBUTED_DATASYNC"); + ASSERT_EQ(resultInfo.tokenID, mapID); + ASSERT_EQ(resultInfo.tokenAttr, native1.baseInfo.tokenAttr); +} +#endif +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/token_info_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/token_info_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..9aa262e1123c68fedc57c7ddd4b90ad4ced2d582 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/src/token_info_test.cpp @@ -0,0 +1,399 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "accesstoken_kit_test.h" + +#include "accesstoken_kit.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" + +using namespace testing::ext; +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static constexpr int32_t DEFAULT_API_VERSION = 8; +static PermissionDef g_infoManagerTestPermDef1 = { + .permissionName = "ohos.permission.test1", + .bundleName = "accesstoken_test", + .grantMode = 1, + .availableLevel = APL_NORMAL, + .label = "label", + .labelId = 1, + .description = "open the door", + .descriptionId = 1 +}; + +static PermissionDef g_infoManagerTestPermDef2 = { + .permissionName = "ohos.permission.test2", + .bundleName = "accesstoken_test", + .grantMode = 1, + .availableLevel = APL_NORMAL, + .label = "label", + .labelId = 1, + .description = "break the door", + .descriptionId = 1 +}; + +static PermissionStateFull g_infoManagerTestState1 = { + .permissionName = "ohos.permission.test1", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {1} +}; + +static PermissionStateFull g_infoManagerTestState2 = { + .permissionName = "ohos.permission.test2", + .isGeneral = false, + .resDeviceID = {"device 1", "device 2"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED, PermissionState::PERMISSION_GRANTED}, + .grantFlags = {1, 2} +}; + +static HapInfoParams g_infoManagerTestInfoParms = { + .userID = 1, + .bundleName = "accesstoken_test", + .instIndex = 0, + .appIDDesc = "testtesttesttest", + .apiVersion = DEFAULT_API_VERSION +}; + +static HapPolicyParams g_infoManagerTestPolicyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain", + .permList = {g_infoManagerTestPermDef1, g_infoManagerTestPermDef2}, + .permStateList = {g_infoManagerTestState1, g_infoManagerTestState2} +}; +} + +static void AllocTestToken() +{ + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_NE(0, tokenIdEx.tokenIdExStruct.tokenID); +} + +static void DeleteTestToken() +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); +} + +class TokenInfoTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); + uint32_t GetAccessTokenID(const HapInfoParams& info); +}; + +void TokenInfoTest::SetUpTestCase() +{ + // make test case clean + DeleteTestToken(); +} + +void TokenInfoTest::TearDownTestCase() +{ +} + +void TokenInfoTest::SetUp() +{ + AllocTestToken(); +} + +void TokenInfoTest::TearDown() +{ + DeleteTestToken(); +} + +uint32_t TokenInfoTest::GetAccessTokenID(const HapInfoParams& info) +{ + return AccessTokenKit::GetHapTokenID(info.userID, info.bundleName, info.instIndex); +} + +/** + * @tc.name: GetTokenType001 + * @tc.desc: get the token type with invalid tokenId. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(TokenInfoTest, GetTokenType001, TestSize.Level0) +{ + ASSERT_EQ(TOKEN_INVALID, AccessTokenKit::GetTokenType(TEST_TOKENID_INVALID)); +} + +/** + * @tc.name: GetTokenType002 + * @tc.desc: get the token type. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(TokenInfoTest, GetTokenType002, TestSize.Level0) +{ + AccessTokenID tokenID = GetAccessTokenID(g_infoManagerTestInfoParms); + ASSERT_EQ(TOKEN_HAP, AccessTokenKit::GetTokenType(tokenID)); +} + +/** + * @tc.name: GetTokenTypeFlag001 + * @tc.desc: cannot get token type with invalid tokenID. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(TokenInfoTest, GetTokenTypeFlag001, TestSize.Level1) +{ + ASSERT_EQ(TOKEN_INVALID, AccessTokenKit::GetTokenTypeFlag(TEST_TOKENID_INVALID)); +} + +/** + * @tc.name: GetTokenTypeFlag002 + * @tc.desc: Get token type with native tokenID. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(TokenInfoTest, GetTokenTypeFlag002, TestSize.Level1) +{ + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = 0, + .aclsNum = 0, + .dcaps = nullptr, + .perms = nullptr, + .acls = nullptr, + .processName = "GetTokenTypeFlag002", + .aplStr = "system_core", + }; + uint64_t tokenId01 = GetAccessTokenId(&infoInstance); + + AccessTokenID tokenID = tokenId01 & 0xffffffff; + ASSERT_EQ(TOKEN_NATIVE, AccessTokenKit::GetTokenTypeFlag(tokenID)); +} + +/** + * @tc.name: GetTokenTypeFlag003 + * @tc.desc: Get token type with hap tokenID. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(TokenInfoTest, GetTokenTypeFlag003, TestSize.Level1) +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + + ATokenTypeEnum ret = AccessTokenKit::GetTokenTypeFlag(tokenID); + ASSERT_EQ(ret, TOKEN_HAP); + + int32_t res = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, res); +} + +/** + * @tc.name: CheckNativeDCap001 + * @tc.desc: cannot Check native dcap with invalid tokenID. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(TokenInfoTest, CheckNativeDCap001, TestSize.Level1) +{ + AccessTokenID tokenID = 0; + const std::string dcap = "AT_CAP"; + ASSERT_EQ(RET_FAILED, AccessTokenKit::CheckNativeDCap(tokenID, dcap)); + + tokenID = 1; + ASSERT_EQ(RET_FAILED, AccessTokenKit::CheckNativeDCap(tokenID, dcap)); +} + +/** + * @tc.name: CheckNativeDCap002 + * @tc.desc: cannot Check native dcap with invalid dcap. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(TokenInfoTest, CheckNativeDCap002, TestSize.Level1) +{ + AccessTokenID tokenID = 0Xff; + const std::string invalidDcap (INVALID_DCAP_LEN, 'x'); + ASSERT_EQ(RET_FAILED, AccessTokenKit::CheckNativeDCap(tokenID, invalidDcap)); +} + +/** + * @tc.name: GetNativeTokenInfo001 + * @tc.desc: cannot get native token with invalid tokenID. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(TokenInfoTest, GetNativeTokenInfo001, TestSize.Level1) +{ + AccessTokenID tokenID = 0; + NativeTokenInfo findInfo; + ASSERT_EQ(RET_FAILED, AccessTokenKit::GetNativeTokenInfo(tokenID, findInfo)); + + tokenID = 0xff; + ASSERT_EQ(RET_FAILED, AccessTokenKit::GetNativeTokenInfo(tokenID, findInfo)); +} + +/** + * @tc.name: GetHapTokenID001 + * @tc.desc: get hap tokenid. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(TokenInfoTest, GetHapTokenID001, TestSize.Level1) +{ + HapTokenInfo hapTokenInfoRes; + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes)); + ASSERT_EQ(hapTokenInfoRes.bundleName, g_infoManagerTestInfoParms.bundleName); +} + +/** + * @tc.name: GetHapTokenID002 + * @tc.desc: cannot get hap tokenid with invalid userId. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(TokenInfoTest, GetHapTokenID002, TestSize.Level1) +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID_INVALID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + ASSERT_EQ(0, tokenID); +} + +/** + * @tc.name: GetHapTokenID003 + * @tc.desc: cannot get hap tokenid with invalid bundlename. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(TokenInfoTest, GetHapTokenID003, TestSize.Level1) +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + "invalid bundlename", + g_infoManagerTestInfoParms.instIndex); + ASSERT_EQ(0, tokenID); +} + +/** + * @tc.name: GetHapTokenID004 + * @tc.desc: cannot get hap tokenid with invalid instIndex. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(TokenInfoTest, GetHapTokenID004, TestSize.Level1) +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + "invalid bundlename", + 0xffff); + ASSERT_EQ(0, tokenID); +} + +/** + * @tc.name: GetHapTokenInfo001 + * @tc.desc: get the token info and verify. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(TokenInfoTest, GetHapTokenInfo001, TestSize.Level0) +{ + HapTokenInfo hapTokenInfoRes; + AccessTokenID tokenID = GetAccessTokenID(g_infoManagerTestInfoParms); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes)); + + ASSERT_EQ(hapTokenInfoRes.apl, g_infoManagerTestPolicyPrams.apl); + ASSERT_EQ(hapTokenInfoRes.userID, g_infoManagerTestInfoParms.userID); + ASSERT_EQ(hapTokenInfoRes.tokenID, tokenID); + ASSERT_EQ(hapTokenInfoRes.tokenAttr, 0); + ASSERT_EQ(hapTokenInfoRes.instIndex, g_infoManagerTestInfoParms.instIndex); + ASSERT_EQ(hapTokenInfoRes.appID, g_infoManagerTestInfoParms.appIDDesc); + ASSERT_EQ(hapTokenInfoRes.bundleName, g_infoManagerTestInfoParms.bundleName); +} + +/** + * @tc.name: GetHapTokenInfo002 + * @tc.desc: try to get the token info with invalid tokenId. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(TokenInfoTest, GetHapTokenInfo002, TestSize.Level0) +{ + HapTokenInfo hapTokenInfoRes; + ASSERT_EQ(RET_FAILED, AccessTokenKit::GetHapTokenInfo(TEST_TOKENID_INVALID, hapTokenInfoRes)); +} + +/** + * @tc.name: ReloadNativeTokenInfo001 + * @tc.desc: cannot get hap tokenid with invalid bundlename. + * @tc.type: FUNC + * @tc.require:AR000GK6TH + */ +HWTEST_F(TokenInfoTest, ReloadNativeTokenInfo001, TestSize.Level1) +{ + int32_t ret = AccessTokenKit::ReloadNativeTokenInfo(); + ASSERT_EQ(RET_SUCCESS, ret); +} + +/** + * @tc.name: DumpTokenInfo001 + * @tc.desc: Get dump token information with invalid tokenID + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(TokenInfoTest, DumpTokenInfo001, TestSize.Level1) +{ + std::string info; + AccessTokenKit::DumpTokenInfo(123, info); + ASSERT_EQ("invalid tokenId", info); +} + +/** + * @tc.name: DumpTokenInfo002 + * @tc.desc: Get dump token information + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(TokenInfoTest, DumpTokenInfo002, TestSize.Level1) +{ + std::string info; + AccessTokenKit::DumpTokenInfo(0, info); + ASSERT_EQ(false, info.empty()); +} + +/** + * @tc.name: DumpTokenInfo003 + * @tc.desc: Get dump token information + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(TokenInfoTest, DumpTokenInfo003, TestSize.Level1) +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + std::string info; + AccessTokenKit::DumpTokenInfo(tokenID, info); + ASSERT_EQ(false, info.empty()); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/verify_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/verify_token_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..fb73c3b0ae9ba32f25009efa75439531e163dd3c --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/src/verify_token_test.cpp @@ -0,0 +1,231 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "accesstoken_kit_test.h" + +#include "accesstoken_kit.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" + +using namespace testing::ext; +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static constexpr int32_t DEFAULT_API_VERSION = 8; +} +class VerifyTokenTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); + uint32_t GetAccessTokenID(int32_t userID, std::string bundleName, int32_t instIndex); +}; + +void VerifyTokenTest::SetUpTestCase() +{ + // make test case clean + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); +} + +void VerifyTokenTest::TearDownTestCase() +{ +} + +void VerifyTokenTest::SetUp() +{ + HapInfoParams info = { + .userID = TEST_USER_ID, + .bundleName = TEST_BUNDLE_NAME, + .instIndex = 0, + .appIDDesc = "appIDDesc", + .apiVersion = DEFAULT_API_VERSION + }; + + HapPolicyParams policy = { + .apl = APL_NORMAL, + .domain = "domain" + }; + + PermissionDef permissionDefAlpha = { + .permissionName = TEST_PERMISSION_NAME_ALPHA, + .bundleName = TEST_BUNDLE_NAME, + .grantMode = GrantMode::USER_GRANT, + .availableLevel = APL_NORMAL, + .provisionEnable = false, + .distributedSceneEnable = false + }; + + PermissionDef permissionDefBeta = { + .permissionName = TEST_PERMISSION_NAME_BETA, + .bundleName = TEST_BUNDLE_NAME, + .grantMode = GrantMode::SYSTEM_GRANT, + .availableLevel = APL_NORMAL, + .provisionEnable = false, + .distributedSceneEnable = false + }; + policy.permList.emplace_back(permissionDefAlpha); + policy.permList.emplace_back(permissionDefBeta); + + PermissionStateFull permStatAlpha = { + .permissionName = TEST_PERMISSION_NAME_ALPHA, + .isGeneral = true, + .resDeviceID = {"device"}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .grantFlags = {PermissionFlag::PERMISSION_USER_SET} + }; + PermissionStateFull permStatBeta = { + .permissionName = TEST_PERMISSION_NAME_BETA, + .isGeneral = true, + .resDeviceID = {"device"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED} + }; + + policy.permStateList.emplace_back(permStatAlpha); + policy.permStateList.emplace_back(permStatBeta); + AccessTokenKit::AllocHapToken(info, policy); +} + +void VerifyTokenTest::TearDown() +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); +} + +uint32_t VerifyTokenTest::GetAccessTokenID(int32_t userID, std::string bundleName, int32_t instIndex) +{ + return AccessTokenKit::GetHapTokenID(userID, bundleName, instIndex); +} + +/** + * @tc.name: VerifyAccessToken001 + * @tc.desc: Verify user granted permission. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(VerifyTokenTest, VerifyAccessToken001, TestSize.Level0) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + int32_t ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA); + ASSERT_EQ(PERMISSION_GRANTED, ret); + + ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA); + ASSERT_EQ(PERMISSION_DENIED, ret); +} + +/** + * @tc.name: VerifyAccessToken002 + * @tc.desc: Verify system granted permission. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(VerifyTokenTest, VerifyAccessToken002, TestSize.Level0) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + int32_t ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_BETA, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_BETA); + ASSERT_EQ(PERMISSION_GRANTED, ret); + + ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_BETA, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_BETA); + ASSERT_EQ(PERMISSION_DENIED, ret); +} + +/** + * @tc.name: VerifyAccessToken003 + * @tc.desc: Verify permission that tokenID or permission is invalid. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(VerifyTokenTest, VerifyAccessToken003, TestSize.Level0) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + int32_t ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_GAMMA); + ASSERT_EQ(PERMISSION_DENIED, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, ""); + ASSERT_EQ(PERMISSION_DENIED, ret); + + std::string invalidPerm(INVALID_PERMNAME_LEN, 'a'); + ret = AccessTokenKit::VerifyAccessToken(tokenID, invalidPerm); + ASSERT_EQ(PERMISSION_DENIED, ret); + + AccessTokenKit::VerifyAccessToken(TEST_TOKENID_INVALID, TEST_PERMISSION_NAME_BETA); + ASSERT_EQ(PERMISSION_DENIED, ret); + + AccessTokenKit::DeleteToken(tokenID); + + AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_BETA); + ASSERT_EQ(PERMISSION_DENIED, ret); +} + +/** + * @tc.name: VerifyAccessToken004 + * @tc.desc: Verify permission after update. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(VerifyTokenTest, VerifyAccessToken004, TestSize.Level0) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + + int32_t ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + HapTokenInfo hapInfo; + ret = AccessTokenKit::GetHapTokenInfo(tokenID, hapInfo); + ASSERT_EQ(RET_SUCCESS, ret); + + std::vector permDefList; + ret = AccessTokenKit::GetDefPermissions(tokenID, permDefList); + ASSERT_EQ(RET_SUCCESS, ret); + + std::vector permStatList; + ret = AccessTokenKit::GetReqPermissions(tokenID, permStatList, false); + ASSERT_EQ(RET_SUCCESS, ret); + + HapPolicyParams policy = { + .apl = hapInfo.apl, + .domain = "domain", + .permList = permDefList, + .permStateList = permStatList + }; + + int32_t apiVersion = 8; + ret = AccessTokenKit::UpdateHapToken(tokenID, hapInfo.appID, apiVersion, policy); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA); + ASSERT_EQ(PERMISSION_GRANTED, ret); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/ohos.build b/ohos.build index 9bb34ca007ccbf63b9daf0e8b112575f2e0e1ceb..bc0163002e7a5fd989431cbb510877b037e1756f 100644 --- a/ohos.build +++ b/ohos.build @@ -44,11 +44,6 @@ } } ], - "module_list": [ - "//base/security/access_token:accesstoken_build_module", - "//base/security/access_token:tokensync_build_module", - "//base/security/access_token:privacy_build_module" - ], "test_list": [ "//base/security/access_token:accesstoken_build_module_test", "//base/security/access_token/interfaces/innerkits/accesstoken/test:unittest",