1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "short_grant_manager_test.h"
17
18 #include "access_token.h"
19 #include "access_token_error.h"
20 #include "accesstoken_info_manager.h"
21 #include "permission_definition_cache.h"
22
23 #define private public
24 #include "short_grant_manager.h"
25 #undef private
26
27 using namespace testing::ext;
28 using namespace OHOS;
29
30 namespace OHOS {
31 namespace Security {
32 namespace AccessToken {
33 namespace {
34 static std::string SHORT_TEMP_PERMISSION = "ohos.permission.SHORT_TERM_WRITE_IMAGEVIDEO"; // todo
35 static PermissionStateFull g_permiState = {
36 .permissionName = SHORT_TEMP_PERMISSION,
37 .isGeneral = true,
38 .resDeviceID = {"localC"},
39 .grantStatus = {PermissionState::PERMISSION_DENIED},
40 .grantFlags = {1}
41 };
42
43 static HapPolicyParams g_policyParams = {
44 .apl = APL_NORMAL,
45 .domain = "test.domain",
46 .permStateList = {g_permiState}
47 };
48
49 static HapInfoParams g_infoParms = {
50 .userID = 1,
51 .bundleName = "AccessTokenShortTimePermTest",
52 .instIndex = 0,
53 .appIDDesc = "test.bundle",
54 .isSystemApp = true
55 };
56 }
57
SetUpTestCase()58 void ShortGrantManagerTest::SetUpTestCase()
59 {
60 }
61
TearDownTestCase()62 void ShortGrantManagerTest::TearDownTestCase()
63 {
64 }
65
SetUp()66 void ShortGrantManagerTest::SetUp()
67 {
68 shortGrantEventRunner_ = AppExecFwk::EventRunner::Create(true, AppExecFwk::ThreadMode::FFRT);
69 if (!shortGrantEventRunner_) {
70 return;
71 }
72 shortGrantEventHandler_ = std::make_shared<AccessEventHandler>(shortGrantEventRunner_);
73 ShortGrantManager::GetInstance().InitEventHandler(shortGrantEventHandler_);
74
75 PermissionDef permDefAlpha = {
76 .permissionName = "ohos.permission.SHORT_TERM_WRITE_IMAGEVIDEO",
77 .bundleName = "accesstoken_test",
78 .grantMode = 1,
79 .availableLevel = APL_NORMAL,
80 .label = "label",
81 .labelId = 1,
82 .description = "annoying",
83 .descriptionId = 1
84 };
85 PermissionDefinitionCache::GetInstance().Insert(permDefAlpha, 537719865); // 537719865 means a tokenId.
86 }
87
TearDown()88 void ShortGrantManagerTest::TearDown()
89 {
90 }
91
92 /**
93 * @tc.name: RefreshPermission001
94 * @tc.desc: 1. The permission is granted when onceTime is not reached;
95 * 2. The permission is revoked after onceTime is reached.
96 * @tc.type: FUNC
97 * @tc.require:Issue Number
98 */
99 HWTEST_F(ShortGrantManagerTest, RefreshPermission001, TestSize.Level1)
100 {
101 AccessTokenIDEx tokenIdEx = {0};
102 int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoParms, g_policyParams, tokenIdEx);
103 ASSERT_EQ(RET_SUCCESS, ret);
104
105 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
106 ASSERT_NE(INVALID_TOKENID, tokenID);
107 uint32_t onceTime = 10;
108
109 ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, onceTime);
110 ASSERT_EQ(RET_SUCCESS, ret);
111
112 ASSERT_EQ(PERMISSION_GRANTED, PermissionManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
113
114 sleep(onceTime + 1);
115 EXPECT_EQ(PERMISSION_DENIED, PermissionManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
116
117 ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID);
118 ASSERT_EQ(RET_SUCCESS, ret);
119 }
120
121 /**
122 * @tc.name: RefreshPermission002
123 * @tc.desc: 1. set onceTime is equal to maxTime;
124 * 2. set onceTime is over maxTime.
125 * @tc.type: FUNC
126 * @tc.require:Issue Number
127 */
128 HWTEST_F(ShortGrantManagerTest, RefreshPermission002, TestSize.Level1)
129 {
130 const uint32_t maxTime = 10; // 10s
131 ShortGrantManager::GetInstance().maxTime_ = maxTime;
132 AccessTokenIDEx tokenIdEx = {0};
133 int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoParms, g_policyParams, tokenIdEx);
134 ASSERT_EQ(RET_SUCCESS, ret);
135
136 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
137 ASSERT_NE(INVALID_TOKENID, tokenID);
138
139 // onceTime = maxTime
140 ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, maxTime);
141 ASSERT_EQ(RET_SUCCESS, ret);
142
143 sleep(maxTime - 1);
144 ASSERT_EQ(PERMISSION_GRANTED, PermissionManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
145
146 sleep(1 + 1);
147 ASSERT_EQ(PERMISSION_DENIED, PermissionManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
148
149 // onceTime = maxTime + 1
150 ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, maxTime + 1);
151 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret);
152
153 sleep(maxTime + 2);
154 ASSERT_EQ(PERMISSION_DENIED, PermissionManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
155
156 ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID);
157 ASSERT_EQ(RET_SUCCESS, ret);
158 }
159
160 /**
161 * @tc.name: RefreshPermission003
162 * @tc.desc: 1. remaminTime is less
163 * @tc.type: FUNC
164 * @tc.require:Issue Number
165 */
166 HWTEST_F(ShortGrantManagerTest, RefreshPermission003, TestSize.Level1)
167 {
168 const uint32_t maxTime = 10; // 10s
169 ShortGrantManager::GetInstance().maxTime_ = maxTime;
170 AccessTokenIDEx tokenIdEx = {0};
171 int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoParms, g_policyParams, tokenIdEx);
172 ASSERT_EQ(RET_SUCCESS, ret);
173
174 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
175 ASSERT_NE(INVALID_TOKENID, tokenID);
176
177 // first set 3s
178 uint32_t onceTime = 3;
179 ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, onceTime);
180 ASSERT_EQ(RET_SUCCESS, ret);
181
182 sleep(onceTime - 1);
183 ASSERT_EQ(PERMISSION_GRANTED, PermissionManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
184
185 ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, onceTime);
186 ASSERT_EQ(RET_SUCCESS, ret);
187
188 // second set 3s
189 ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, onceTime);
190 ASSERT_EQ(RET_SUCCESS, ret);
191
192 sleep(onceTime - 1);
193 ASSERT_EQ(PERMISSION_GRANTED, PermissionManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
194
195 // thirdth set 3s
196 ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, onceTime);
197 ASSERT_EQ(RET_SUCCESS, ret);
198
199 sleep(onceTime - 1);
200 ASSERT_EQ(PERMISSION_GRANTED, PermissionManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
201
202 // fourth set 5s
203 ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, onceTime);
204 ASSERT_EQ(RET_SUCCESS, ret);
205
206 sleep(onceTime + 1);
207 ASSERT_EQ(PERMISSION_DENIED, PermissionManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION));
208
209 ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID);
210 ASSERT_EQ(RET_SUCCESS, ret);
211 }
212 } // namespace AccessToken
213 } // namespace Security
214 } // namespace OHOS
215