From c72db132ce8b55ed53efdc7d94860c57026e96e7 Mon Sep 17 00:00:00 2001 From: zfeixiang Date: Thu, 27 Mar 2025 16:30:49 +0800 Subject: [PATCH] =?UTF-8?q?idl=E5=8C=96=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: zfeixiang --- frameworks/inner_api/sandbox_manager/BUILD.gn | 9 +- .../include/sandbox_manager_client.h | 2 +- .../include/sandbox_manager_proxy.h | 64 -- .../src/sandbox_manager_client.cpp | 150 +++- .../src/sandbox_manager_proxy.cpp | 720 ---------------- frameworks/sandbox_manager/BUILD.gn | 38 + .../sandbox_manager/ISandboxManager.idl | 38 + .../include/bool_vec_raw_data.h | 72 ++ .../include/i_sandbox_manager.h | 60 -- .../include/policy_vec_raw_data.h | 81 ++ ...interface_code.h => uint32_vec_raw_data.h} | 69 +- services/sandbox_manager/BUILD.gn | 2 +- .../include/service/sandbox_manager_service.h | 34 +- .../include/service/sandbox_manager_stub.h | 65 -- .../src/service/sandbox_manager_service.cpp | 240 ++++-- .../cpp/src/service/sandbox_manager_stub.cpp | 781 ------------------ services/sandbox_manager/test/BUILD.gn | 3 +- .../checkpersistpolicystub_fuzzer.cpp | 5 +- .../checkpolicystub_fuzzer.cpp | 5 +- .../cleanpersistpolicybypathstub_fuzzer.cpp | 5 +- .../persistpolicystub_fuzzer.cpp | 5 +- .../persistpolicytokenstub_fuzzer.cpp | 5 +- .../sandbox_manager_service_fuzz.gni | 2 +- .../setpolicyasyncstub_fuzzer.cpp | 5 +- .../setpolicystub_fuzzer.cpp | 5 +- .../startaccessingbytokenidstub_fuzzer.cpp | 5 +- .../startaccessingpolicystub_fuzzer.cpp | 5 +- .../stopaccessingpolicystub_fuzzer.cpp | 5 +- .../unpersistpolicystub_fuzzer.cpp | 5 +- .../unpersistpolicytokenstub_fuzzer.cpp | 5 +- .../unsetallpolicybytokenstub_fuzzer.cpp | 5 +- .../unsetpolicyasyncstub_fuzzer.cpp | 5 +- .../unsetpolilcystub_fuzzer.cpp | 5 +- 33 files changed, 647 insertions(+), 1858 deletions(-) delete mode 100644 frameworks/inner_api/sandbox_manager/include/sandbox_manager_proxy.h delete mode 100644 frameworks/inner_api/sandbox_manager/src/sandbox_manager_proxy.cpp create mode 100644 frameworks/sandbox_manager/ISandboxManager.idl create mode 100644 frameworks/sandbox_manager/include/bool_vec_raw_data.h delete mode 100644 frameworks/sandbox_manager/include/i_sandbox_manager.h create mode 100644 frameworks/sandbox_manager/include/policy_vec_raw_data.h rename frameworks/sandbox_manager/include/{sandboxmanager_service_ipc_interface_code.h => uint32_vec_raw_data.h} (30%) delete mode 100644 services/sandbox_manager/main/cpp/include/service/sandbox_manager_stub.h delete mode 100644 services/sandbox_manager/main/cpp/src/service/sandbox_manager_stub.cpp diff --git a/frameworks/inner_api/sandbox_manager/BUILD.gn b/frameworks/inner_api/sandbox_manager/BUILD.gn index 4d29fb3..d5d4d78 100644 --- a/frameworks/inner_api/sandbox_manager/BUILD.gn +++ b/frameworks/inner_api/sandbox_manager/BUILD.gn @@ -16,7 +16,8 @@ import("../../../sandbox_manager.gni") config("sandbox_manager") { visibility = [ ":*" ] - include_dirs = [ "${sandbox_manager_path}/interfaces/inner_api/sandbox_manager/include" ] + include_dirs = + [ "${sandbox_manager_path}/interfaces/inner_api/sandbox_manager/include" ] } if (is_standard_system) { @@ -53,10 +54,12 @@ if (is_standard_system) { sources = [ "${sandbox_manager_path}/frameworks/inner_api/sandbox_manager/src/sandbox_manager_client.cpp", "${sandbox_manager_path}/frameworks/inner_api/sandbox_manager/src/sandbox_manager_kit.cpp", - "${sandbox_manager_path}/frameworks/inner_api/sandbox_manager/src/sandbox_manager_proxy.cpp", ] - deps = [ "${sandbox_manager_path}/frameworks/sandbox_manager:sandbox_manager_communication_adapter_cxx" ] + deps = [ + "${sandbox_manager_path}/frameworks/sandbox_manager:sandbox_manager_communication_adapter_cxx", + "${sandbox_manager_path}/frameworks/sandbox_manager:sandbox_manager_proxy", + ] external_deps = [ "c_utils:utils", diff --git a/frameworks/inner_api/sandbox_manager/include/sandbox_manager_client.h b/frameworks/inner_api/sandbox_manager/include/sandbox_manager_client.h index d672b11..17fc170 100644 --- a/frameworks/inner_api/sandbox_manager/include/sandbox_manager_client.h +++ b/frameworks/inner_api/sandbox_manager/include/sandbox_manager_client.h @@ -26,7 +26,7 @@ #ifndef SANDBOXMANAGER_CLIENT_H #define SANDBOXMANAGER_CLIENT_H -#include "i_sandbox_manager.h" +#include "isandbox_manager.h" #include "nocopyable.h" #include "policy_info.h" #include "refbase.h" diff --git a/frameworks/inner_api/sandbox_manager/include/sandbox_manager_proxy.h b/frameworks/inner_api/sandbox_manager/include/sandbox_manager_proxy.h deleted file mode 100644 index c87e489..0000000 --- a/frameworks/inner_api/sandbox_manager/include/sandbox_manager_proxy.h +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright (c) 2023-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef SANDBOX_MANAGER_PROXY_H -#define SANDBOX_MANAGER_PROXY_H - -#include "iremote_object.h" -#include "iremote_proxy.h" -#include "i_sandbox_manager.h" -#include "refbase.h" -#include "sandboxmanager_service_ipc_interface_code.h" -#include "system_ability_definition.h" - -namespace OHOS { -namespace AccessControl { -namespace SandboxManager { -class SandboxManagerProxy : public IRemoteProxy { -public: - explicit SandboxManagerProxy(const sptr &impl); - ~SandboxManagerProxy() override; - - int32_t CleanPersistPolicyByPath(const std::vector& filePathList) override; - int32_t PersistPolicy(const std::vector &policy, std::vector &result) override; - int32_t UnPersistPolicy(const std::vector &policy, std::vector &result) override; - int32_t SetPolicy(uint32_t tokenId, const std::vector &policy, uint64_t policyFlag, - std::vector &result, uint64_t timestamp) override; - int32_t UnSetPolicy(uint32_t tokenId, const PolicyInfo &policy) override; - int32_t SetPolicyAsync(uint32_t tokenId, const std::vector &policy, uint64_t policyFlag, - uint64_t timestamp) override; - int32_t UnSetPolicyAsync(uint32_t tokenId, const PolicyInfo &policy) override; - int32_t CheckPolicy(uint32_t tokenId, const std::vector &policy, std::vector &result) override; - int32_t StartAccessingPolicy(const std::vector &policy, std::vector &result, - bool useCallerToken, uint32_t tokenId, uint64_t timestamp) override; - int32_t StopAccessingPolicy(const std::vector &policy, std::vector &result) override; - int32_t CheckPersistPolicy( - uint32_t tokenId, const std::vector &policy, std::vector &result) override; - int32_t PersistPolicyByTokenId( - uint32_t tokenId, const std::vector &policy, std::vector &result) override; - int32_t UnPersistPolicyByTokenId( - uint32_t tokenId, const std::vector &policy, std::vector &result) override; - int32_t StartAccessingByTokenId(uint32_t tokenId, uint64_t timestamp) override; - int32_t UnSetAllPolicyByToken(uint32_t tokenId, uint64_t timestamp) override; -private: - int32_t SendRequest(SandboxManagerInterfaceCode code, MessageParcel &data, MessageParcel &reply); - int32_t SendRequest(SandboxManagerInterfaceCode code, MessageParcel &data, MessageParcel &reply, - MessageOption &option); - static inline BrokerDelegator delegator_; -}; -} // namespace SandboxManager -} // namespace AccessControl -} // namespace OHOS -#endif // SANDBOX_MANAGER_PROXY_H diff --git a/frameworks/inner_api/sandbox_manager/src/sandbox_manager_client.cpp b/frameworks/inner_api/sandbox_manager/src/sandbox_manager_client.cpp index a92626d..7b6ee7d 100644 --- a/frameworks/inner_api/sandbox_manager/src/sandbox_manager_client.cpp +++ b/frameworks/inner_api/sandbox_manager/src/sandbox_manager_client.cpp @@ -17,12 +17,12 @@ #include #include -#include "i_sandbox_manager.h" #include "iservice_registry.h" #include "refbase.h" #include "sandbox_manager_err_code.h" #include "sandbox_manager_log.h" #include "sys_binder.h" +#include "system_ability_definition.h" namespace OHOS { namespace AccessControl { @@ -68,94 +68,182 @@ int32_t SandboxManagerClient::CleanPersistPolicyByPath(const std::vector &policy, std::vector &result) { + PolicyVecRawData policyRawData; + policyRawData.Marshalling(policy); + Uint32VecRawData resultRawData; std::function &)> func = - [&](sptr &proxy) { return proxy->PersistPolicy(policy, result); }; - return CallProxyWithRetry(func, __FUNCTION__); + [&](sptr &proxy) { return proxy->PersistPolicy(policyRawData, resultRawData); }; + int32_t ret = CallProxyWithRetry(func, __FUNCTION__); + if (ret != SANDBOX_MANAGER_OK) { + return ret; + } + resultRawData.Unmarshalling(result); + return ret; } int32_t SandboxManagerClient::UnPersistPolicy(const std::vector &policy, std::vector &result) { + PolicyVecRawData policyRawData; + policyRawData.Marshalling(policy); + Uint32VecRawData resultRawData; std::function &)> func = - [&](sptr &proxy) { return proxy->UnPersistPolicy(policy, result); }; - return CallProxyWithRetry(func, __FUNCTION__); + [&](sptr &proxy) { return proxy->UnPersistPolicy(policyRawData, resultRawData); }; + int32_t ret = CallProxyWithRetry(func, __FUNCTION__); + if (ret != SANDBOX_MANAGER_OK) { + return ret; + } + resultRawData.Unmarshalling(result); + return ret; } int32_t SandboxManagerClient::PersistPolicyByTokenId( uint32_t tokenId, const std::vector &policy, std::vector &result) { - std::function &)> func = - [&](sptr &proxy) { return proxy->PersistPolicyByTokenId(tokenId, policy, result); }; - return CallProxyWithRetry(func, __FUNCTION__); + PolicyVecRawData policyRawData; + policyRawData.Marshalling(policy); + Uint32VecRawData resultRawData; + std::function &)> func = [&](sptr &proxy) { + return proxy->PersistPolicyByTokenId(tokenId, policyRawData, resultRawData); + }; + int32_t ret = CallProxyWithRetry(func, __FUNCTION__); + if (ret != SANDBOX_MANAGER_OK) { + return ret; + } + resultRawData.Unmarshalling(result); + return ret; } int32_t SandboxManagerClient::UnPersistPolicyByTokenId( uint32_t tokenId, const std::vector &policy, std::vector &result) { - std::function &)> func = - [&](sptr &proxy) { return proxy->UnPersistPolicyByTokenId(tokenId, policy, result); }; - return CallProxyWithRetry(func, __FUNCTION__); + PolicyVecRawData policyRawData; + policyRawData.Marshalling(policy); + Uint32VecRawData resultRawData; + std::function &)> func = [&](sptr &proxy) { + return proxy->UnPersistPolicyByTokenId(tokenId, policyRawData, resultRawData); + }; + int32_t ret = CallProxyWithRetry(func, __FUNCTION__); + if (ret != SANDBOX_MANAGER_OK) { + return ret; + } + resultRawData.Unmarshalling(result); + return ret; } int32_t SandboxManagerClient::SetPolicy(uint32_t tokenId, const std::vector &policy, uint64_t policyFlag, std::vector &result, uint64_t timestamp) { - std::function &)> func = - [&](sptr &proxy) { return proxy->SetPolicy(tokenId, policy, policyFlag, result, timestamp); }; - return CallProxyWithRetry(func, __FUNCTION__); + PolicyVecRawData policyRawData; + policyRawData.Marshalling(policy); + + result.clear(); + Uint32VecRawData resultRawData; + std::function &)> func = [&](sptr &proxy) { + return proxy->SetPolicy(tokenId, policyRawData, policyFlag, resultRawData, timestamp); + }; + int32_t ret = CallProxyWithRetry(func, __FUNCTION__); + if (ret != SANDBOX_MANAGER_OK) { + return ret; + } + resultRawData.Unmarshalling(result); + return ret; } int32_t SandboxManagerClient::UnSetPolicy(uint32_t tokenId, const PolicyInfo &policy) { + PolicyInfoParcel policyParcel; + policyParcel.policyInfo = policy; std::function &)> func = - [&](sptr &proxy) { return proxy->UnSetPolicy(tokenId, policy); }; + [&](sptr &proxy) { return proxy->UnSetPolicy(tokenId, policyParcel); }; return CallProxyWithRetry(func, __FUNCTION__); } int32_t SandboxManagerClient::SetPolicyAsync(uint32_t tokenId, const std::vector &policy, uint64_t policyFlag, uint64_t timestamp) { - std::function &)> func = - [&](sptr &proxy) { return proxy->SetPolicyAsync(tokenId, policy, policyFlag, timestamp); }; + PolicyVecRawData policyRawData; + policyRawData.Marshalling(policy); + std::function &)> func = [&](sptr &proxy) { + return proxy->SetPolicyAsync(tokenId, policyRawData, policyFlag, timestamp); + }; return CallProxyWithRetry(func, __FUNCTION__); } int32_t SandboxManagerClient::UnSetPolicyAsync(uint32_t tokenId, const PolicyInfo &policy) { + PolicyInfoParcel policyParcel; + policyParcel.policyInfo = policy; std::function &)> func = - [&](sptr &proxy) { return proxy->UnSetPolicyAsync(tokenId, policy); }; + [&](sptr &proxy) { return proxy->UnSetPolicyAsync(tokenId, policyParcel); }; return CallProxyWithRetry(func, __FUNCTION__); } int32_t SandboxManagerClient::CheckPolicy(uint32_t tokenId, const std::vector &policy, std::vector &result) { - std::function &)> func = - [&](sptr &proxy) { return proxy->CheckPolicy(tokenId, policy, result); }; - return CallProxyWithRetry(func, __FUNCTION__); + PolicyVecRawData policyRawData; + policyRawData.Marshalling(policy); + + result.clear(); + BoolVecRawData resultRawData; + std::function &)> func = [&](sptr &proxy) { + return proxy->CheckPolicy(tokenId, policyRawData, resultRawData); + }; + int32_t ret = CallProxyWithRetry(func, __FUNCTION__); + if (ret != SANDBOX_MANAGER_OK) { + return ret; + } + resultRawData.Unmarshalling(result); + return ret; } -int32_t SandboxManagerClient::StartAccessingPolicy(const std::vector &policy, std::vector &result, - bool useCallerToken, uint32_t tokenId, uint64_t timestamp) +int32_t SandboxManagerClient::StartAccessingPolicy(const std::vector &policy, + std::vector &result, bool useCallerToken, uint32_t tokenId, uint64_t timestamp) { + PolicyVecRawData policyRawData; + policyRawData.Marshalling(policy); + Uint32VecRawData resultRawData; std::function &)> func = [&](sptr &proxy) { - return proxy->StartAccessingPolicy(policy, result, useCallerToken, tokenId, timestamp); + return proxy->StartAccessingPolicy(policyRawData, resultRawData, useCallerToken, tokenId, timestamp); }; - return CallProxyWithRetry(func, __FUNCTION__); + int32_t ret = CallProxyWithRetry(func, __FUNCTION__); + if (ret != SANDBOX_MANAGER_OK) { + return ret; + } + resultRawData.Unmarshalling(result); + return ret; } int32_t SandboxManagerClient::StopAccessingPolicy(const std::vector &policy, std::vector &result) { + PolicyVecRawData policyRawData; + policyRawData.Marshalling(policy); + Uint32VecRawData resultRawData; std::function &)> func = - [&](sptr &proxy) { return proxy->StopAccessingPolicy(policy, result); }; - return CallProxyWithRetry(func, __FUNCTION__); + [&](sptr &proxy) { return proxy->StopAccessingPolicy(policyRawData, resultRawData); }; + int32_t ret = CallProxyWithRetry(func, __FUNCTION__); + if (ret != SANDBOX_MANAGER_OK) { + return ret; + } + resultRawData.Unmarshalling(result); + return ret; } int32_t SandboxManagerClient::CheckPersistPolicy( uint32_t tokenId, const std::vector &policy, std::vector &result) { + PolicyVecRawData policyRawData; + policyRawData.Marshalling(policy); + + BoolVecRawData resultRawData; std::function &)> func = - [&](sptr &proxy) { return proxy->CheckPersistPolicy(tokenId, policy, result); }; - return CallProxyWithRetry(func, __FUNCTION__); + [&](sptr &proxy) { return proxy->CheckPersistPolicy(tokenId, policyRawData, resultRawData); }; + int32_t ret = CallProxyWithRetry(func, __FUNCTION__); + if (ret != SANDBOX_MANAGER_OK) { + return ret; + } + resultRawData.Unmarshalling(result); + return ret; } int32_t SandboxManagerClient::StartAccessingByTokenId(uint32_t tokenId, uint64_t timestamp) @@ -182,7 +270,7 @@ sptr SandboxManagerClient::GetProxy() return nullptr; } // If sa is loaded, CheckSystemAbility return not null. - auto remoteObject = samgr->CheckSystemAbility(ISandboxManager::SA_ID_SANDBOX_MANAGER_SERVICE); + auto remoteObject = samgr->CheckSystemAbility(SANDBOX_MANAGER_SERVICE_ID); if (remoteObject != nullptr) { auto proxy = iface_cast(remoteObject); if (proxy != nullptr) { @@ -191,7 +279,7 @@ sptr SandboxManagerClient::GetProxy() } // Try to load sa for SANDBOX_MANAGER_LOAD_SA_TRY_TIMES times. for (int32_t i = 0; i < SANDBOX_MANAGER_LOAD_SA_TRY_TIMES; i++) { - remoteObject = samgr->LoadSystemAbility(ISandboxManager::SA_ID_SANDBOX_MANAGER_SERVICE, + remoteObject = samgr->LoadSystemAbility(SANDBOX_MANAGER_SERVICE_ID, SANDBOX_MANAGER_LOAD_SA_TIMEOUT_SEC); if (remoteObject != nullptr) { auto proxy = iface_cast(remoteObject); diff --git a/frameworks/inner_api/sandbox_manager/src/sandbox_manager_proxy.cpp b/frameworks/inner_api/sandbox_manager/src/sandbox_manager_proxy.cpp deleted file mode 100644 index d27f33f..0000000 --- a/frameworks/inner_api/sandbox_manager/src/sandbox_manager_proxy.cpp +++ /dev/null @@ -1,720 +0,0 @@ -/* - * Copyright (c) 2023-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "sandbox_manager_proxy.h" - -#include -#include -#include -#include "iremote_object.h" -#include "iremote_proxy.h" -#include "message_option.h" -#include "message_parcel.h" -#include "parcel.h" -#include "policy_info_parcel.h" -#include "policy_info_vector_parcel.h" -#include "sandboxmanager_service_ipc_interface_code.h" -#include "sandbox_manager_err_code.h" -#include "sandbox_manager_log.h" -#include "string_ex.h" - -namespace OHOS { -namespace AccessControl { -namespace SandboxManager { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, - ACCESSCONTROL_DOMAIN_SANDBOXMANAGER, "SandboxManagerProxy"}; -} - -SandboxManagerProxy::SandboxManagerProxy(const sptr &impl) - : IRemoteProxy(impl) -{} - -SandboxManagerProxy::~SandboxManagerProxy() -{} - -static void MarshalPolicy(std::stringstream &ss, const std::vector &policy) -{ - uint32_t policyNum = policy.size(); - ss.write(reinterpret_cast(&policyNum), sizeof(policyNum)); - for (uint32_t i = 0; i < policyNum; i++) { - uint32_t pathLen = policy[i].path.length(); - ss.write(reinterpret_cast(&pathLen), sizeof(pathLen)); - ss.write(policy[i].path.c_str(), pathLen); - ss.write(reinterpret_cast(&policy[i].mode), sizeof(policy[i].mode)); - } -} -int32_t SandboxManagerProxy::SendRequest(SandboxManagerInterfaceCode code, MessageParcel &data, MessageParcel &reply) -{ - MessageOption option(MessageOption::TF_SYNC); - return SendRequest(code, data, reply, option); -} - -int32_t SandboxManagerProxy::SendRequest(SandboxManagerInterfaceCode code, MessageParcel &data, MessageParcel &reply, - MessageOption &option) -{ - sptr remote = Remote(); - if (remote == nullptr) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Remote service null."); - return SANDBOX_MANAGER_SERVICE_REMOTE_ERR; - } - int32_t requestResult = remote->SendRequest(static_cast(code), data, reply, option); - if (requestResult != SANDBOX_MANAGER_OK) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Request fail, result: %{public}d", requestResult); - } - return requestResult; -} - -int32_t SandboxManagerProxy::CleanPersistPolicyByPath(const std::vector& filePathList) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(ISandboxManager::GetDescriptor())) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write descriptor fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - if (!data.WriteStringVector(filePathList)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write filePathList failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - MessageParcel reply; - MessageOption option(MessageOption::TF_ASYNC); - return SendRequest(SandboxManagerInterfaceCode::CLEAN_PERSIST_POLICY_BY_PATH, data, reply, option); -} - -int32_t SandboxManagerProxy::PersistPolicy(const std::vector &policy, std::vector &result) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(ISandboxManager::GetDescriptor())) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write descriptor fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - std::stringstream ss; - MarshalPolicy(ss, policy); - - if (!data.WriteUint32(ss.str().length())) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write policy len failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - if (!data.WriteRawData(reinterpret_cast(ss.str().data()), ss.str().length())) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write raw data failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - MessageParcel reply; - int32_t requestRet = SendRequest(SandboxManagerInterfaceCode::PERSIST_PERMISSION, data, reply); - if (requestRet != SANDBOX_MANAGER_OK) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Remote fail"); - return requestRet; - } - - int32_t remoteRet; - if (!reply.ReadInt32(remoteRet)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read ret fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - if (remoteRet == SANDBOX_MANAGER_OK && !reply.ReadUInt32Vector(&result)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read result fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - return remoteRet; -} - -int32_t SandboxManagerProxy::UnPersistPolicy(const std::vector &policy, std::vector &result) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(ISandboxManager::GetDescriptor())) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write descriptor fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - std::stringstream ss; - MarshalPolicy(ss, policy); - - if (!data.WriteUint32(ss.str().length())) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write policy len failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - if (!data.WriteRawData(reinterpret_cast(ss.str().data()), ss.str().length())) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write raw data failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - MessageParcel reply; - int32_t requestRet = SendRequest(SandboxManagerInterfaceCode::UNPERSIST_PERMISSION, data, reply); - if (requestRet != SANDBOX_MANAGER_OK) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Remote fail"); - return requestRet; - } - - int32_t remoteRet; - if (!reply.ReadInt32(remoteRet)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read ret fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - if (remoteRet == SANDBOX_MANAGER_OK && !reply.ReadUInt32Vector(&result)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read result fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - return remoteRet; -} - -int32_t SandboxManagerProxy::PersistPolicyByTokenId( - uint32_t tokenId, const std::vector &policy, std::vector &result) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(ISandboxManager::GetDescriptor())) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write descriptor fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - if (!data.WriteUint32(tokenId)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write tokenId fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - std::stringstream ss; - MarshalPolicy(ss, policy); - - if (!data.WriteUint32(ss.str().length())) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write policy len failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - if (!data.WriteRawData(reinterpret_cast(ss.str().data()), ss.str().length())) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write raw data failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - MessageParcel reply; - int32_t requestRet = SendRequest(SandboxManagerInterfaceCode::PERSIST_PERMISSION_BY_TOKENID, data, reply); - if (requestRet != SANDBOX_MANAGER_OK) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Remote fail"); - return requestRet; - } - - int32_t remoteRet; - if (!reply.ReadInt32(remoteRet)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read ret fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - if (remoteRet == SANDBOX_MANAGER_OK && !reply.ReadUInt32Vector(&result)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read result fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - return remoteRet; -} - -int32_t SandboxManagerProxy::UnPersistPolicyByTokenId( - uint32_t tokenId, const std::vector &policy, std::vector &result) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(ISandboxManager::GetDescriptor())) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write descriptor fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - if (!data.WriteUint32(tokenId)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write tokenId fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - std::stringstream ss; - MarshalPolicy(ss, policy); - - if (!data.WriteUint32(ss.str().length())) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write policy len failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - if (!data.WriteRawData(reinterpret_cast(ss.str().data()), ss.str().length())) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write raw data failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - MessageParcel reply; - int32_t requestRet = SendRequest(SandboxManagerInterfaceCode::UNPERSIST_PERMISSION_BY_TOKENID, data, reply); - if (requestRet != SANDBOX_MANAGER_OK) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Remote fail"); - return requestRet; - } - - int32_t remoteRet; - if (!reply.ReadInt32(remoteRet)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read ret fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - if (remoteRet == SANDBOX_MANAGER_OK && !reply.ReadUInt32Vector(&result)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read result fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - return remoteRet; -} - -static bool WriteSetPolicyParcel(MessageParcel &data, uint32_t tokenId, const std::vector &policy, - uint64_t policyFlag, uint64_t timestamp) -{ - if (!data.WriteInterfaceToken(ISandboxManager::GetDescriptor())) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write descriptor failed."); - return false; - } - if (!data.WriteUint32(tokenId)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write tokenId failed."); - return false; - } - if (!data.WriteUint64(timestamp)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write timestamp failed."); - return false; - } - - std::stringstream ss; - MarshalPolicy(ss, policy); - - if (!data.WriteUint32(ss.str().length())) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write policy len failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - if (!data.WriteRawData(reinterpret_cast(ss.str().data()), ss.str().length())) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write raw data failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - if (!data.WriteUint64(policyFlag)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write policyFlag failed."); - return false; - } - return true; -} - -/** - * Unmarshals a vector of uint32_t from a stringstream. - * @param inputStream The stringstream from which to read the data. - * @param result The vector that will hold the unmarshaled data. - * @return Returns a status code indicating whether the operation is successful. - */ -static int UnMarshalResult(std::stringstream &inputStream, std::vector &result) -{ - uint32_t resultNum = 0; - if (!inputStream.read(reinterpret_cast(&resultNum), sizeof(resultNum))) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Failed to read result count from inputStream."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - for (uint32_t i = 0; i < resultNum; i++) { - uint32_t value = 0; - if (!inputStream.read(reinterpret_cast(&value), sizeof(value))) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Failed to read result value from inputStream."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - result.emplace_back(value); - } - return SANDBOX_MANAGER_OK; -} - -/** - * Unmarshals a vector of bool values from a stringstream. - * The stringstream is expected to contain binary data where '1' represents true and '0' represents false. - * @param inputStream The stringstream from which to read the data. - * @param result The vector that will hold the unmarshaled data. - * @return Returns a status code indicating whether the operation is successful. - */ -static int UnMarshalResult(std::stringstream &inputStream, std::vector &result) -{ - uint32_t resultNum = 0; - if (!inputStream.read(reinterpret_cast(&resultNum), sizeof(resultNum))) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Failed to read result count from inputStream."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - for (uint32_t i = 0; i < resultNum; i++) { - char value = 0; - if (!inputStream.read(&value, sizeof(value))) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Failed to read result value from inputStream."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - bool bitValue = value == '1' ? true : false; - result.emplace_back(bitValue); - } - return SANDBOX_MANAGER_OK; -} - -int32_t SandboxManagerProxy::SetPolicy(uint32_t tokenId, const std::vector &policy, - uint64_t policyFlag, std::vector &result, uint64_t timestamp) -{ - MessageParcel data; - if (!WriteSetPolicyParcel(data, tokenId, policy, policyFlag, timestamp)) { - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - MessageParcel reply; - int32_t requestRet = SendRequest(SandboxManagerInterfaceCode::SET_POLICY, data, reply); - if (requestRet != SANDBOX_MANAGER_OK) { - return requestRet; - } - - int32_t remoteRet; - if (!reply.ReadInt32(remoteRet)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read ret failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - result.clear(); - if (remoteRet != SANDBOX_MANAGER_OK) { - return remoteRet; - } - uint32_t rawStringLength = reply.ReadUint32(); - const void *buffer = reply.ReadRawData(rawStringLength); - if (buffer == nullptr) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read raw data failed"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - std::stringstream replyRawStream; - replyRawStream.write(reinterpret_cast(buffer), rawStringLength); - int32_t unMarshlResultRet = UnMarshalResult(replyRawStream, result); - if (unMarshlResultRet != SANDBOX_MANAGER_OK) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "UnMarshalResult data failed"); - return unMarshlResultRet; - } - return remoteRet; -} - -int32_t SandboxManagerProxy::SetPolicyAsync(uint32_t tokenId, const std::vector &policy, - uint64_t policyFlag, uint64_t timestamp) -{ - MessageParcel data; - if (!WriteSetPolicyParcel(data, tokenId, policy, policyFlag, timestamp)) { - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - MessageParcel reply; - MessageOption option(MessageOption::TF_ASYNC); - return SendRequest(SandboxManagerInterfaceCode::SET_POLICY_ASYNC, data, reply, option); -} - -static bool WriteUnSetPolicyParcel(MessageParcel &data, uint32_t tokenId, const PolicyInfo &policy) -{ - if (!data.WriteInterfaceToken(ISandboxManager::GetDescriptor())) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write descriptor failed."); - return false; - } - if (!data.WriteUint32(tokenId)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write tokenId failed."); - return false; - } - - PolicyInfoParcel policyInfoParcel; - policyInfoParcel.policyInfo = policy; - if (!data.WriteParcelable(&policyInfoParcel)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write policyInfoParcel failed."); - return false; - } - return true; -} - -int32_t SandboxManagerProxy::UnSetPolicy(uint32_t tokenId, const PolicyInfo &policy) -{ - MessageParcel data; - if (!WriteUnSetPolicyParcel(data, tokenId, policy)) { - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - MessageParcel reply; - int32_t requestRet = SendRequest(SandboxManagerInterfaceCode::UNSET_POLICY, data, reply); - if (requestRet != SANDBOX_MANAGER_OK) { - return requestRet; - } - - int32_t remoteRet; - if (!reply.ReadInt32(remoteRet)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read ret failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - return remoteRet; -} - -int32_t SandboxManagerProxy::UnSetPolicyAsync(uint32_t tokenId, const PolicyInfo &policy) -{ - MessageParcel data; - if (!WriteUnSetPolicyParcel(data, tokenId, policy)) { - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - MessageParcel reply; - MessageOption option(MessageOption::TF_ASYNC); - return SendRequest(SandboxManagerInterfaceCode::UNSET_POLICY_ASYNC, data, reply, option); -} - -int32_t SandboxManagerProxy::CheckPolicy(uint32_t tokenId, const std::vector &policy, - std::vector &result) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(ISandboxManager::GetDescriptor())) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write descriptor failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - if (!data.WriteUint32(tokenId)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write tokenId failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - std::stringstream ss; - MarshalPolicy(ss, policy); - - if (!data.WriteUint32(ss.str().length())) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write policy len failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - if (!data.WriteRawData(reinterpret_cast(ss.str().data()), ss.str().length())) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write raw data failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - MessageParcel reply; - int32_t requestRet = SendRequest(SandboxManagerInterfaceCode::CHECK_POLICY, data, reply); - if (requestRet != SANDBOX_MANAGER_OK) { - return requestRet; - } - - int32_t remoteRet; - if (!reply.ReadInt32(remoteRet)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read ret failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - result.clear(); - if (remoteRet != SANDBOX_MANAGER_OK) { - return remoteRet; - } - uint32_t rawStringLength = reply.ReadUint32(); - const void *buffer = reply.ReadRawData(rawStringLength); - if (buffer == nullptr) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read raw data failed"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - std::stringstream replyRawStream; - replyRawStream.write(reinterpret_cast(buffer), rawStringLength); - int32_t unMarshlResultRet = UnMarshalResult(replyRawStream, result); - if (unMarshlResultRet != SANDBOX_MANAGER_OK) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "UnMarshalResult data failed"); - return unMarshlResultRet; - } - return remoteRet; -} - -int32_t SandboxManagerProxy::StartAccessingPolicy(const std::vector &policy, std::vector &result, - bool useCallerToken, uint32_t tokenId, uint64_t timestamp) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(ISandboxManager::GetDescriptor())) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write descriptor fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - if (!data.WriteBool(useCallerToken)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write useCallerToken failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - if (!data.WriteUint32(tokenId)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write tokenId failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - if (!data.WriteUint64(timestamp)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write timestamp failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - std::stringstream ss; - MarshalPolicy(ss, policy); - - if (!data.WriteUint32(ss.str().length())) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write policy len failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - if (!data.WriteRawData(reinterpret_cast(ss.str().data()), ss.str().length())) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write raw data failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - MessageParcel reply; - int32_t requestRet = SendRequest(SandboxManagerInterfaceCode::START_ACCESSING_URI, data, reply); - if (requestRet != SANDBOX_MANAGER_OK) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Remote fail"); - return requestRet; - } - - int32_t remoteRet; - if (!reply.ReadInt32(remoteRet)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read ret fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - if (remoteRet == SANDBOX_MANAGER_OK && !reply.ReadUInt32Vector(&result)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read result fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - return remoteRet; -} - -int32_t SandboxManagerProxy::StopAccessingPolicy(const std::vector &policy, std::vector &result) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(ISandboxManager::GetDescriptor())) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write descriptor fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - std::stringstream ss; - MarshalPolicy(ss, policy); - - if (!data.WriteUint32(ss.str().length())) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write policy len failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - if (!data.WriteRawData(reinterpret_cast(ss.str().data()), ss.str().length())) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write raw data failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - MessageParcel reply; - int32_t requestRet = SendRequest(SandboxManagerInterfaceCode::STOP_ACCESSING_URI, data, reply); - if (requestRet != SANDBOX_MANAGER_OK) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Remote fail"); - return requestRet; - } - - int32_t remoteRet; - if (!reply.ReadInt32(remoteRet)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read ret fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - if (remoteRet == SANDBOX_MANAGER_OK && !reply.ReadUInt32Vector(&result)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read result fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - return remoteRet; -} - -int32_t SandboxManagerProxy::CheckPersistPolicy(uint32_t tokenId, const std::vector &policy, - std::vector &result) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(ISandboxManager::GetDescriptor())) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write descriptor fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - if (!data.WriteUint32(tokenId)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write tokenId fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - std::stringstream ss; - MarshalPolicy(ss, policy); - - if (!data.WriteUint32(ss.str().length())) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write policy len failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - if (!data.WriteRawData(reinterpret_cast(ss.str().data()), ss.str().length())) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write raw data failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - MessageParcel reply; - int32_t requestRet = SendRequest(SandboxManagerInterfaceCode::CHECK_PERSIST_PERMISSION, data, reply); - if (requestRet != SANDBOX_MANAGER_OK) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Remote fail"); - return requestRet; - } - - int32_t remoteRet; - if (!reply.ReadInt32(remoteRet)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read ret fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - if (remoteRet == SANDBOX_MANAGER_OK && !reply.ReadBoolVector(&result)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read result fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - return remoteRet; -} - -int32_t SandboxManagerProxy::StartAccessingByTokenId(uint32_t tokenId, uint64_t timestamp) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(ISandboxManager::GetDescriptor())) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write descriptor fail."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - if (!data.WriteUint32(tokenId)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write tokenId fail."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - if (!data.WriteUint64(timestamp)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write timestamp fail."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - MessageParcel reply; - MessageOption option(MessageOption::TF_ASYNC); - int32_t requestRet = SendRequest(SandboxManagerInterfaceCode::START_ACCESSING_BY_TOKEN, data, reply, option); - if (requestRet != SANDBOX_MANAGER_OK) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Remote fail, requestRet = %{public}d.", requestRet); - return SANDBOX_MANAGER_SERVICE_REMOTE_ERR; - } - return SANDBOX_MANAGER_OK; -} - -int32_t SandboxManagerProxy::UnSetAllPolicyByToken(uint32_t tokenId, uint64_t timestamp) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(ISandboxManager::GetDescriptor())) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write descriptor fail."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - if (!data.WriteUint32(tokenId)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write tokenId fail."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - if (!data.WriteUint64(timestamp)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write timestamp failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - MessageParcel reply; - MessageOption option(MessageOption::TF_ASYNC); - int32_t requestRet = SendRequest(SandboxManagerInterfaceCode::UNSET_ALL_POLICY_BY_TOKEN, data, reply, option); - if (requestRet != SANDBOX_MANAGER_OK) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Remote fail, requestRet = %{public}d.", requestRet); - return SANDBOX_MANAGER_SERVICE_REMOTE_ERR; - } - return SANDBOX_MANAGER_OK; -} -} // namespace SandboxManager -} // namespace AccessControl -} // namespace OHOS \ No newline at end of file diff --git a/frameworks/sandbox_manager/BUILD.gn b/frameworks/sandbox_manager/BUILD.gn index 3f6e3c2..d400681 100644 --- a/frameworks/sandbox_manager/BUILD.gn +++ b/frameworks/sandbox_manager/BUILD.gn @@ -11,12 +11,50 @@ # See the License for the specific language governing permissions and # limitations under the License. +import("//build/config/components/idl_tool/idl.gni") import("//build/ohos.gni") import("../../sandbox_manager.gni") +idl_gen_interface("sandbox_manager_interface") { + sources = [ "ISandboxManager.idl" ] +} + +ohos_source_set("sandbox_manager_proxy") { + output_values = get_target_outputs(":sandbox_manager_interface") + sources = filter_include(output_values, [ "*_proxy.cpp" ]) + public_configs = + [ ":sandbox_manager_communication_adapter_cxx_public_config" ] + deps = [ ":sandbox_manager_interface" ] + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + "ipc:ipc_single", + "samgr:samgr_proxy", + ] + subsystem_name = "accesscontrol" + part_name = "sandbox_manager" +} + +ohos_source_set("sandbox_manager_stub") { + output_values = get_target_outputs(":sandbox_manager_interface") + sources = filter_include(output_values, [ "*_stub.cpp" ]) + public_configs = + [ ":sandbox_manager_communication_adapter_cxx_public_config" ] + deps = [ ":sandbox_manager_interface" ] + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + "ipc:ipc_single", + "samgr:samgr_proxy", + ] + subsystem_name = "accesscontrol" + part_name = "sandbox_manager" +} + config("sandbox_manager_communication_adapter_cxx_public_config") { visibility = [ ":*" ] include_dirs = [ + "${target_gen_dir}", "include", "${sandbox_manager_path}/frameworks/common/include", "${sandbox_manager_path}/interfaces/inner_api/sandbox_manager/include", diff --git a/frameworks/sandbox_manager/ISandboxManager.idl b/frameworks/sandbox_manager/ISandboxManager.idl new file mode 100644 index 0000000..7c5ba51 --- /dev/null +++ b/frameworks/sandbox_manager/ISandboxManager.idl @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package OHOS.AccessControl.SandboxManager; +sequenceable OHOS.AccessControl.SandboxManager.PolicyInfoParcel; +rawdata OHOS.AccessControl.SandboxManager.BoolVecRawData; +rawdata OHOS.AccessControl.SandboxManager.PolicyVecRawData; +rawdata OHOS.AccessControl.SandboxManager.Uint32VecRawData; + +interface OHOS.AccessControl.SandboxManager.ISandboxManager { + [ipccode 0xffb0] void PersistPolicy([in] PolicyVecRawData policyRawData, [out] Uint32VecRawData resultRawData); + [ipccode 0xffb1] void UnPersistPolicy([in] PolicyVecRawData policyRawData, [out] Uint32VecRawData resultRawData); + [ipccode 0xffb2] void SetPolicy([in] unsigned int tokenId, [in] PolicyVecRawData policyRawData, [in] unsigned long policyFlag, [out] Uint32VecRawData resultRawData, [in] unsigned long timestamp); + [ipccode 0xffb3] void UnSetPolicy([in] unsigned int tokenId, [in] PolicyInfoParcel policyParcel); + [ipccode 0xffb4, oneway] void SetPolicyAsync([in] unsigned int tokenId, [in] PolicyVecRawData policyRawData, [in] unsigned long policyFlag, [in] unsigned long timestamp); + [ipccode 0xffb5, oneway] void UnSetPolicyAsync([in] unsigned int tokenId, [in] PolicyInfoParcel policyParcel); + [ipccode 0xffb6] void CheckPolicy([in] unsigned int tokenId, [in] PolicyVecRawData policyRawData, [out] BoolVecRawData resultRawData); + [ipccode 0xffb7] void StartAccessingPolicy([in] PolicyVecRawData policyRawData, [out] Uint32VecRawData resultRawData, [in] boolean useCallerToken, [in] unsigned int tokenId, [in] unsigned long timestamp); + [ipccode 0xffb8] void StopAccessingPolicy([in] PolicyVecRawData policyRawData, [out] Uint32VecRawData resultRawData); + [ipccode 0xffb9] void CheckPersistPolicy([in] unsigned int tokenId, [in] PolicyVecRawData policyRawData, [out] BoolVecRawData resultRawData); + [ipccode 0xffba, oneway] void StartAccessingByTokenId([in] unsigned int tokenId, [in] unsigned long timestamp); + [ipccode 0xffbb, oneway] void UnSetAllPolicyByToken([in] unsigned int tokenId, [in] unsigned long timestamp); + [ipccode 0xffbc] void PersistPolicyByTokenId([in] unsigned int tokenId, [in] PolicyVecRawData policyRawData, [out] Uint32VecRawData resultRawData); + [ipccode 0xffbd] void UnPersistPolicyByTokenId([in] unsigned int tokenId, [in] PolicyVecRawData policyRawData, [out] Uint32VecRawData resultRawData); + [ipccode 0xffbe, oneway] void CleanPersistPolicyByPath([in] List filePathList); +} \ No newline at end of file diff --git a/frameworks/sandbox_manager/include/bool_vec_raw_data.h b/frameworks/sandbox_manager/include/bool_vec_raw_data.h new file mode 100644 index 0000000..24294e8 --- /dev/null +++ b/frameworks/sandbox_manager/include/bool_vec_raw_data.h @@ -0,0 +1,72 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef BOOL_VEC_RAW_DATA_H +#define BOOL_VEC_RAW_DATA_H +#include +#include "sandbox_manager_err_code.h" + +namespace OHOS { +namespace AccessControl { +namespace SandboxManager { +struct BoolVecRawData { + uint32_t size; + const void* data; + std::string serializedData; + + int32_t Marshalling(const std::vector &in) + { + std::stringstream ss; + uint32_t valueNum = in.size(); + ss.write(reinterpret_cast(&valueNum), sizeof(valueNum)); + for (uint32_t i = 0; i < valueNum; i++) { + // Convert the boolean value to a character ('1' for true, '0' for false) + char boolChar = in[i] ? '1' : '0'; + ss.write(&boolChar, sizeof(char)); + } + serializedData = ss.str(); + data = reinterpret_cast(serializedData.data()); + size = serializedData.length(); + return SANDBOX_MANAGER_OK; + } + + int32_t Unmarshalling(std::vector &out) const + { + std::stringstream ss; + ss.write(reinterpret_cast(data), size); + uint32_t valueNum = 0; + ss.read(reinterpret_cast(&valueNum), sizeof(valueNum)); + for (uint32_t i = 0; i < valueNum; i++) { + char value; + ss.read(&value, sizeof(value)); + bool bitValue = value == '1' ? true : false; + out.emplace_back(bitValue); + } + return SANDBOX_MANAGER_OK; + } + + int32_t RawDataCpy(const void* inData) + { + std::stringstream ss; + ss.write(reinterpret_cast(inData), size); + serializedData = ss.str(); + data = reinterpret_cast(serializedData.data()); + return SANDBOX_MANAGER_OK; + } +}; +} // namespace SandboxManager +} // namespace AccessControl +} // namespace OHOS +#endif // BOOL_VEC_RAW_DATA_H \ No newline at end of file diff --git a/frameworks/sandbox_manager/include/i_sandbox_manager.h b/frameworks/sandbox_manager/include/i_sandbox_manager.h deleted file mode 100644 index 63c0599..0000000 --- a/frameworks/sandbox_manager/include/i_sandbox_manager.h +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright (c) 2023-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef I_SANDBOX_MANAGER_H -#define I_SANDBOX_MANAGER_H -#include -#include "errors.h" -#include "iremote_broker.h" -#include "policy_info.h" -#include "sandboxmanager_service_ipc_interface_code.h" -#include "system_ability_definition.h" - -namespace OHOS { -namespace AccessControl { -namespace SandboxManager { -class ISandboxManager : public IRemoteBroker { -public: - DECLARE_INTERFACE_DESCRIPTOR(u"ohos.accesscontrol.sandbox_manager.ISandboxManager"); - - static const int SA_ID_SANDBOX_MANAGER_SERVICE = SANDBOX_MANAGER_SERVICE_ID; - - virtual int32_t CleanPersistPolicyByPath(const std::vector& filePathList) = 0; - virtual int32_t PersistPolicy(const std::vector &policy, std::vector &result) = 0; - virtual int32_t UnPersistPolicy(const std::vector &policy, std::vector &result) = 0; - virtual int32_t PersistPolicyByTokenId( - uint32_t tokenId, const std::vector &policy, std::vector &result) = 0; - virtual int32_t UnPersistPolicyByTokenId( - uint32_t tokenId, const std::vector &policy, std::vector &result) = 0; - virtual int32_t SetPolicy(uint32_t tokenId, const std::vector &policy, uint64_t policyFlag, - std::vector &result, uint64_t timestamp) = 0; - virtual int32_t UnSetPolicy(uint32_t tokenId, const PolicyInfo &policy) = 0; - virtual int32_t SetPolicyAsync(uint32_t tokenId, const std::vector &policy, uint64_t policyFlag, - uint64_t timestamp) = 0; - virtual int32_t UnSetPolicyAsync(uint32_t tokenId, const PolicyInfo &policy) = 0; - virtual int32_t CheckPolicy(uint32_t tokenId, const std::vector &policy, std::vector &result) = 0; - virtual int32_t StartAccessingPolicy(const std::vector &policy, std::vector &result, - bool useCallerToken, uint32_t tokenId, uint64_t timestamp) = 0; - virtual int32_t StopAccessingPolicy(const std::vector &policy, std::vector &result) = 0; - virtual int32_t CheckPersistPolicy( - uint32_t tokenId, const std::vector &policy, std::vector &result) = 0; - virtual int32_t StartAccessingByTokenId(uint32_t tokenId, uint64_t timestamp) = 0; - virtual int32_t UnSetAllPolicyByToken(uint32_t tokenId, uint64_t timestamp) = 0; -}; -} // namespace SandboxManager -} // namespace AccessControl -} // namespace OHOS - -#endif // I_SANDBOX_MANAGER_H \ No newline at end of file diff --git a/frameworks/sandbox_manager/include/policy_vec_raw_data.h b/frameworks/sandbox_manager/include/policy_vec_raw_data.h new file mode 100644 index 0000000..3bcf2fe --- /dev/null +++ b/frameworks/sandbox_manager/include/policy_vec_raw_data.h @@ -0,0 +1,81 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef POLICY_VEC_RAW_DATA_H +#define POLICY_VEC_RAW_DATA_H +#include +#include "policy_info.h" +#include "sandbox_manager_err_code.h" + +namespace OHOS { +namespace AccessControl { +namespace SandboxManager { +struct PolicyVecRawData { + uint32_t size; + const void* data; + std::string serializedData; + + int32_t Marshalling(const std::vector &in) + { + std::stringstream ss; + uint32_t policyNum = in.size(); + ss.write(reinterpret_cast(&policyNum), sizeof(policyNum)); + for (uint32_t i = 0; i < policyNum; i++) { + uint32_t pathLen = in[i].path.length(); + ss.write(reinterpret_cast(&pathLen), sizeof(pathLen)); + ss.write(in[i].path.c_str(), pathLen); + ss.write(reinterpret_cast(&in[i].mode), sizeof(in[i].mode)); + } + serializedData = ss.str(); + data = reinterpret_cast(serializedData.data()); + size = serializedData.length(); + return SANDBOX_MANAGER_OK; + } + + int32_t Unmarshalling(std::vector &out) const + { + std::stringstream ss; + ss.write(reinterpret_cast(data), size); + uint32_t ssLength = static_cast(ss.tellp()); + uint32_t policyNum = 0; + ss.read(reinterpret_cast(&policyNum), sizeof(policyNum)); + for (uint32_t i = 0; i < policyNum; i++) { + uint32_t pathLen = 0; + ss.read(reinterpret_cast(&pathLen), sizeof(pathLen)); + if (pathLen > ssLength - static_cast(ss.tellg())) { + return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; + } + PolicyInfo info; + info.path.resize(pathLen); + ss.read(info.path.data(), pathLen); + ss.read(reinterpret_cast(&info.mode), sizeof(info.mode)); + out.push_back(info); + } + return SANDBOX_MANAGER_OK; + } + + int32_t RawDataCpy(const void* inData) + { + std::stringstream ss; + ss.write(reinterpret_cast(inData), size); + serializedData = ss.str(); + data = reinterpret_cast(serializedData.data()); + return SANDBOX_MANAGER_OK; + } +}; +} // namespace SandboxManager +} // namespace AccessControl +} // namespace OHOS +#endif // POLICY_VEC_RAW_DATA_H \ No newline at end of file diff --git a/frameworks/sandbox_manager/include/sandboxmanager_service_ipc_interface_code.h b/frameworks/sandbox_manager/include/uint32_vec_raw_data.h similarity index 30% rename from frameworks/sandbox_manager/include/sandboxmanager_service_ipc_interface_code.h rename to frameworks/sandbox_manager/include/uint32_vec_raw_data.h index e2b13d1..ac95e47 100644 --- a/frameworks/sandbox_manager/include/sandboxmanager_service_ipc_interface_code.h +++ b/frameworks/sandbox_manager/include/uint32_vec_raw_data.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023-2024 Huawei Device Co., Ltd. + * Copyright (c) 2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -13,32 +13,57 @@ * limitations under the License. */ -#ifndef SANDBOXMANAGER_SERVICE_IPC_INTERFACE_CODE_H -#define SANDBOXMANAGER_SERVICE_IPC_INTERFACE_CODE_H +#ifndef UINT32_VEC_RAW_DATA_H +#define UINT32_VEC_RAW_DATA_H +#include +#include "sandbox_manager_err_code.h" namespace OHOS { namespace AccessControl { namespace SandboxManager { -/* SAID:3508*/ -enum class SandboxManagerInterfaceCode { - PERSIST_PERMISSION = 0xffb0, - UNPERSIST_PERMISSION, - SET_POLICY, - UNSET_POLICY, - SET_POLICY_ASYNC, - UNSET_POLICY_ASYNC, - CHECK_POLICY, - START_ACCESSING_URI, - STOP_ACCESSING_URI, - CHECK_PERSIST_PERMISSION, - START_ACCESSING_BY_TOKEN, - UNSET_ALL_POLICY_BY_TOKEN, - PERSIST_PERMISSION_BY_TOKENID, - UNPERSIST_PERMISSION_BY_TOKENID, - CLEAN_PERSIST_POLICY_BY_PATH, +struct Uint32VecRawData { + uint32_t size; + const void* data; + std::string serializedData; + + int32_t Marshalling(const std::vector &in) + { + std::stringstream ss; + uint32_t valueNum = in.size(); + ss.write(reinterpret_cast(&valueNum), sizeof(valueNum)); + for (uint32_t i = 0; i < valueNum; i++) { + ss.write(reinterpret_cast(&in[i]), sizeof(uint32_t)); + } + serializedData = ss.str(); + data = reinterpret_cast(serializedData.data()); + size = serializedData.length(); + return SANDBOX_MANAGER_OK; + } + + int32_t Unmarshalling(std::vector &out) const + { + std::stringstream ss; + ss.write(reinterpret_cast(data), size); + uint32_t valueNum = 0; + ss.read(reinterpret_cast(&valueNum), sizeof(valueNum)); + for (uint32_t i = 0; i < valueNum; i++) { + uint32_t value; + ss.read(reinterpret_cast(&value), sizeof(value)); + out.emplace_back(value); + } + return SANDBOX_MANAGER_OK; + } + + int32_t RawDataCpy(const void* inData) + { + std::stringstream ss; + ss.write(reinterpret_cast(inData), size); + serializedData = ss.str(); + data = reinterpret_cast(serializedData.data()); + return SANDBOX_MANAGER_OK; + } }; } // namespace SandboxManager } // namespace AccessControl } // namespace OHOS - -#endif //SANDBOXMANAGER_SERVICE_IPC_INTERFACE_CODE_H \ No newline at end of file +#endif // UINT32_VEC_RAW_DATA_H \ No newline at end of file diff --git a/services/sandbox_manager/BUILD.gn b/services/sandbox_manager/BUILD.gn index f7e2205..77c95f4 100644 --- a/services/sandbox_manager/BUILD.gn +++ b/services/sandbox_manager/BUILD.gn @@ -61,7 +61,6 @@ if (is_standard_system) { "main/cpp/src/service/policy_info_manager.cpp", "main/cpp/src/service/policy_trie.cpp", "main/cpp/src/service/sandbox_manager_service.cpp", - "main/cpp/src/service/sandbox_manager_stub.cpp", ] cflags_cc = [ "-DHILOG_ENABLE" ] @@ -73,6 +72,7 @@ if (is_standard_system) { deps = [ "${sandbox_manager_path}/frameworks/sandbox_manager:sandbox_manager_communication_adapter_cxx", + "${sandbox_manager_path}/frameworks/sandbox_manager:sandbox_manager_stub", "${sandbox_manager_path}/services/common:sandbox_manager_service_common", "${sandbox_manager_path}/services/sandbox_manager:sandbox_manager_service.rc", ] diff --git a/services/sandbox_manager/main/cpp/include/service/sandbox_manager_service.h b/services/sandbox_manager/main/cpp/include/service/sandbox_manager_service.h index 3122cd4..d4aa253 100644 --- a/services/sandbox_manager/main/cpp/include/service/sandbox_manager_service.h +++ b/services/sandbox_manager/main/cpp/include/service/sandbox_manager_service.h @@ -42,42 +42,44 @@ public: void OnStart(const SystemAbilityOnDemandReason& startReason) override; int32_t CleanPersistPolicyByPath(const std::vector& filePathList) override; - int32_t PersistPolicy(const std::vector &policy, std::vector &result) override; - int32_t UnPersistPolicy(const std::vector &policy, std::vector &result) override; + int32_t PersistPolicy(const PolicyVecRawData &policyRawData, Uint32VecRawData &resultRawData) override; + int32_t UnPersistPolicy(const PolicyVecRawData &policyRawData, Uint32VecRawData &resultRawData) override; int32_t PersistPolicyByTokenId( - uint32_t tokenId, const std::vector &policy, std::vector &result) override; + uint32_t tokenId, const PolicyVecRawData &policyRawData, Uint32VecRawData &resultRawData) override; int32_t UnPersistPolicyByTokenId( - uint32_t tokenId, const std::vector &policy, std::vector &result) override; - int32_t SetPolicy(uint32_t tokenId, const std::vector &policy, uint64_t policyFlag, - std::vector &result, uint64_t timestamp = 0) override; - int32_t UnSetPolicy(uint32_t tokenId, const PolicyInfo &policy) override; - int32_t SetPolicyAsync(uint32_t tokenId, const std::vector &policy, uint64_t policyFlag, + uint32_t tokenId, const PolicyVecRawData &policyRawData, Uint32VecRawData &resultRawData) override; + int32_t SetPolicy(uint32_t tokenId, const PolicyVecRawData &policyRawData, uint64_t policyFlag, + Uint32VecRawData &resultRawData, uint64_t timestamp = 0) override; + int32_t UnSetPolicy(uint32_t tokenId, const PolicyInfoParcel &policyParcel) override; + int32_t SetPolicyAsync(uint32_t tokenId, const PolicyVecRawData &policyRawData, uint64_t policyFlag, uint64_t timestamp = 0) override; - int32_t UnSetPolicyAsync(uint32_t tokenId, const PolicyInfo &policy) override; - int32_t CheckPolicy(uint32_t tokenId, const std::vector &policy, std::vector &result) override; - int32_t StartAccessingPolicy(const std::vector &policy, std::vector &result, + int32_t UnSetPolicyAsync(uint32_t tokenId, const PolicyInfoParcel &policyParcel) override; + int32_t CheckPolicy(uint32_t tokenId, const PolicyVecRawData &policyRawData, + BoolVecRawData &resultRawData) override; + int32_t StartAccessingPolicy(const PolicyVecRawData &policyRawData, Uint32VecRawData &resultRawData, bool useCallerToken = true, uint32_t tokenId = 0, uint64_t timestamp = 0) override; - int32_t StopAccessingPolicy(const std::vector &policy, std::vector &result) override; + int32_t StopAccessingPolicy(const PolicyVecRawData &policyRawData, Uint32VecRawData &resultRawData) override; int32_t CheckPersistPolicy( - uint32_t tokenId, const std::vector &policy, std::vector &result) override; + uint32_t tokenId, const PolicyVecRawData &policyRawData, BoolVecRawData &resultRawData) override; int32_t StartAccessingByTokenId(uint32_t tokenId, uint64_t timestamp = 0) override; int32_t UnSetAllPolicyByToken(uint32_t tokenId, uint64_t timestamp = 0) override; void onRemovePackage(uint32_t tokenId); -#ifdef NOT_RESIDENT - void DelayUnloadService() override; -#endif + bool CheckPermission(const uint32_t tokenId, const std::string &permission); + void DelayUnloadService(); private: bool Initialize(); bool InitDelayUnloadHandler(); void OnAddSystemAbility(int32_t systemAbilityId, const std::string& deviceId) override; bool StartByEventAction(const SystemAbilityOnDemandReason& startReason); + bool IsFileManagerCalling(uint32_t tokenCaller); std::mutex stateMutex_; ServiceRunningState state_; static std::mutex unloadMutex_; static std::shared_ptr unloadHandler_; static std::shared_ptr unloadRunner_; + uint32_t tokenFileManagerId_ = 0; }; } // namespace SandboxManager } // namespace AccessControl diff --git a/services/sandbox_manager/main/cpp/include/service/sandbox_manager_stub.h b/services/sandbox_manager/main/cpp/include/service/sandbox_manager_stub.h deleted file mode 100644 index 316036b..0000000 --- a/services/sandbox_manager/main/cpp/include/service/sandbox_manager_stub.h +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright (c) 2023-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef SANDBOX_MANAGER_STUB_H -#define SANDBOX_MANAGER_STUB_H - -#include -#include -#include "iremote_stub.h" -#include "i_sandbox_manager.h" -#include "message_parcel.h" -#include "nocopyable.h" - -namespace OHOS { -namespace AccessControl { -namespace SandboxManager { -class SandboxManagerStub : public IRemoteStub { -public: - SandboxManagerStub(); - virtual ~SandboxManagerStub(); - - int OnRemoteRequest(uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &options) override; - -#ifdef NOT_RESIDENT - virtual void DelayUnloadService() = 0; -#endif - -private: - int32_t CleanPersistPolicyByPathInner(MessageParcel &data, MessageParcel &reply); - int32_t PersistPolicyInner(MessageParcel &data, MessageParcel &reply); - int32_t UnPersistPolicyInner(MessageParcel &data, MessageParcel &reply); - int32_t PersistPolicyByTokenIdInner(MessageParcel &data, MessageParcel &reply); - int32_t UnPersistPolicyByTokenIdInner(MessageParcel &data, MessageParcel &reply); - int32_t SetPolicyInner(MessageParcel &data, MessageParcel &reply); - int32_t UnSetPolicyInner(MessageParcel &data, MessageParcel &reply); - int32_t SetPolicyAsyncInner(MessageParcel &data, MessageParcel &reply); - int32_t UnSetPolicyAsyncInner(MessageParcel &data, MessageParcel &reply); - int32_t CheckPolicyInner(MessageParcel &data, MessageParcel &reply); - int32_t StartAccessingPolicyInner(MessageParcel &data, MessageParcel &reply); - int32_t StopAccessingPolicyInner(MessageParcel &data, MessageParcel &reply); - int32_t CheckPersistPolicyInner(MessageParcel &data, MessageParcel &reply); - int32_t StartAccessingByTokenIdInner(MessageParcel &data, MessageParcel &reply); - int32_t UnSetAllPolicyByTokenInner(MessageParcel &data, MessageParcel &reply); - void SetPolicyOpFuncInMap(); - bool IsFileManagerCalling(uint32_t tokenCaller); - using RequestFuncType = int32_t (SandboxManagerStub::*)(MessageParcel &data, MessageParcel &reply); - std::map requestFuncMap_; - uint32_t tokenFileManagerId_ = 0; -}; -} // namespace SandboxManager -} // namespace AccessControl -} // namespace OHOS -#endif // SANDBOX_MANAGER_STUB_H \ No newline at end of file diff --git a/services/sandbox_manager/main/cpp/src/service/sandbox_manager_service.cpp b/services/sandbox_manager/main/cpp/src/service/sandbox_manager_service.cpp index 93ff6bb..f5ba9c3 100644 --- a/services/sandbox_manager/main/cpp/src/service/sandbox_manager_service.cpp +++ b/services/sandbox_manager/main/cpp/src/service/sandbox_manager_service.cpp @@ -26,6 +26,7 @@ #include "policy_info.h" #include "policy_info_manager.h" #include "sandbox_manager_const.h" +#include "sandbox_manager_dfx_helper.h" #include "sandbox_manager_err_code.h" #include "sandbox_manager_event_subscriber.h" #include "sandbox_manager_log.h" @@ -42,7 +43,7 @@ static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { } REGISTER_SYSTEM_ABILITY_BY_ID(SandboxManagerService, - SandboxManagerService::SA_ID_SANDBOX_MANAGER_SERVICE, true); + SANDBOX_MANAGER_SERVICE_ID, true); SandboxManagerService::SandboxManagerService(int saId, bool runOnCreate) @@ -52,7 +53,7 @@ SandboxManagerService::SandboxManagerService(int saId, bool runOnCreate) } SandboxManagerService::SandboxManagerService() - : SystemAbility(SA_ID_SANDBOX_MANAGER_SERVICE, true), state_(ServiceRunningState::STATE_NOT_START) + : SystemAbility(SANDBOX_MANAGER_SERVICE_ID, true), state_(ServiceRunningState::STATE_NOT_START) { SANDBOXMANAGER_LOG_INFO(LABEL, "SandboxManagerService()"); } @@ -82,9 +83,7 @@ void SandboxManagerService::OnStart() SANDBOXMANAGER_LOG_ERROR(LABEL, "Failed to publish service! "); return; } -#ifdef NOT_RESIDENT DelayUnloadService(); -#endif SANDBOXMANAGER_LOG_INFO(LABEL, "SandboxManagerService start successful."); } @@ -128,14 +127,18 @@ void SandboxManagerService::OnStart(const SystemAbilityOnDemandReason& startReas SANDBOXMANAGER_LOG_ERROR(LABEL, "Failed to publish service."); return; } -#ifdef NOT_RESIDENT DelayUnloadService(); -#endif SANDBOXMANAGER_LOG_INFO(LABEL, "SandboxManagerService start successful."); } int32_t SandboxManagerService::CleanPersistPolicyByPath(const std::vector& filePathList) { + DelayUnloadService(); + uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); + if (!IsFileManagerCalling(callingTokenId)) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenId); + return PERMISSION_DENIED; + } size_t filePathSize = filePathList.size(); if (filePathSize == 0) { SANDBOXMANAGER_LOG_ERROR(LABEL, "FilePath vector size error, size = %{public}zu.", filePathSize); @@ -144,9 +147,15 @@ int32_t SandboxManagerService::CleanPersistPolicyByPath(const std::vector &policy, std::vector &result) +int32_t SandboxManagerService::PersistPolicy(const PolicyVecRawData &policyRawData, Uint32VecRawData &resultRawData) { + DelayUnloadService(); uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); + if (!CheckPermission(callingTokenId, ACCESS_PERSIST_PERMISSION_NAME)) { + return PERMISSION_DENIED; + } + std::vector policy; + policyRawData.Unmarshalling(policy); size_t policySize = policy.size(); if (policySize == 0) { SANDBOXMANAGER_LOG_ERROR(LABEL, "Policy vector size error, size = %{public}zu.", policy.size()); @@ -157,25 +166,51 @@ int32_t SandboxManagerService::PersistPolicy(const std::vector &poli if (IPCSkeleton::GetCallingUid() == FOUNDATION_UID) { flag = 1; } - return PolicyInfoManager::GetInstance().AddPolicy(callingTokenId, policy, result, flag); + + std::vector result; + int32_t ret = PolicyInfoManager::GetInstance().AddPolicy(callingTokenId, policy, result, flag); + if (ret != SANDBOX_MANAGER_OK) { + return ret; + } + resultRawData.Marshalling(result); + return SANDBOX_MANAGER_OK; } int32_t SandboxManagerService::UnPersistPolicy( - const std::vector &policy, std::vector &result) + const PolicyVecRawData &policyRawData, Uint32VecRawData &resultRawData) { + DelayUnloadService(); uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); + if (!CheckPermission(callingTokenId, ACCESS_PERSIST_PERMISSION_NAME)) { + return PERMISSION_DENIED; + } + std::vector policy; + policyRawData.Unmarshalling(policy); size_t policySize = policy.size(); if (policySize == 0) { SANDBOXMANAGER_LOG_ERROR(LABEL, "Policy vector size error, size = %{public}zu.", policy.size()); return INVALID_PARAMTER; } - return PolicyInfoManager::GetInstance().RemovePolicy(callingTokenId, policy, result); + std::vector result; + int32_t ret = PolicyInfoManager::GetInstance().RemovePolicy(callingTokenId, policy, result); + if (ret != SANDBOX_MANAGER_OK) { + return ret; + } + resultRawData.Marshalling(result); + return SANDBOX_MANAGER_OK; } int32_t SandboxManagerService::PersistPolicyByTokenId( - uint32_t tokenId, const std::vector &policy, std::vector &result) + uint32_t tokenId, const PolicyVecRawData &policyRawData, Uint32VecRawData &resultRawData) { + DelayUnloadService(); + uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); + if (!CheckPermission(callingTokenId, ACCESS_PERSIST_PERMISSION_NAME)) { + return PERMISSION_DENIED; + } + std::vector policy; + policyRawData.Unmarshalling(policy); size_t policySize = policy.size(); if ((policySize == 0) || (tokenId == 0)) { SANDBOXMANAGER_LOG_ERROR( @@ -188,12 +223,26 @@ int32_t SandboxManagerService::PersistPolicyByTokenId( if (IPCSkeleton::GetCallingUid() == FOUNDATION_UID) { flag = 1; } - return PolicyInfoManager::GetInstance().AddPolicy(tokenId, policy, result, flag); + + std::vector result; + int32_t ret = PolicyInfoManager::GetInstance().AddPolicy(tokenId, policy, result, flag); + if (ret != SANDBOX_MANAGER_OK) { + return ret; + } + resultRawData.Marshalling(result); + return SANDBOX_MANAGER_OK; } int32_t SandboxManagerService::UnPersistPolicyByTokenId( - uint32_t tokenId, const std::vector &policy, std::vector &result) + uint32_t tokenId, const PolicyVecRawData &policyRawData, Uint32VecRawData &resultRawData) { + DelayUnloadService(); + uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); + if (!CheckPermission(callingTokenId, ACCESS_PERSIST_PERMISSION_NAME)) { + return PERMISSION_DENIED; + } + std::vector policy; + policyRawData.Unmarshalling(policy); size_t policySize = policy.size(); if ((policySize == 0) || (tokenId == 0)) { SANDBOXMANAGER_LOG_ERROR( @@ -202,12 +251,25 @@ int32_t SandboxManagerService::UnPersistPolicyByTokenId( return INVALID_PARAMTER; } - return PolicyInfoManager::GetInstance().RemovePolicy(tokenId, policy, result); + std::vector result; + int32_t ret = PolicyInfoManager::GetInstance().RemovePolicy(tokenId, policy, result); + if (ret != SANDBOX_MANAGER_OK) { + return ret; + } + resultRawData.Marshalling(result); + return SANDBOX_MANAGER_OK; } -int32_t SandboxManagerService::SetPolicy(uint32_t tokenId, const std::vector &policy, - uint64_t policyFlag, std::vector &result, uint64_t timestamp) +int32_t SandboxManagerService::SetPolicy(uint32_t tokenId, const PolicyVecRawData &policyRawData, + uint64_t policyFlag, Uint32VecRawData &resultRawData, uint64_t timestamp) { + DelayUnloadService(); + uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); + if (!CheckPermission(callingTokenId, SET_POLICY_PERMISSION_NAME)) { + return PERMISSION_DENIED; + } + std::vector policy; + policyRawData.Unmarshalling(policy); size_t policySize = policy.size(); if (policySize == 0) { SANDBOXMANAGER_LOG_ERROR(LABEL, "Check policy size failed, size = %{public}zu.", policySize); @@ -221,40 +283,59 @@ int32_t SandboxManagerService::SetPolicy(uint32_t tokenId, const std::vector result; + int32_t ret = PolicyInfoManager::GetInstance().SetPolicy(tokenId, policy, policyFlag, result, timestamp); + if (ret != SANDBOX_MANAGER_OK) { + return ret; + } + resultRawData.Marshalling(result); + return SANDBOX_MANAGER_OK; } -int32_t SandboxManagerService::UnSetPolicy(uint32_t tokenId, const PolicyInfo &policy) +int32_t SandboxManagerService::UnSetPolicy(uint32_t tokenId, const PolicyInfoParcel &policyParcel) { + DelayUnloadService(); + uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); + if (!CheckPermission(callingTokenId, SET_POLICY_PERMISSION_NAME)) { + return PERMISSION_DENIED; + } if (tokenId == 0) { SANDBOXMANAGER_LOG_ERROR(LABEL, "Check tokenId failed."); return INVALID_PARAMTER; } - uint32_t length = policy.path.length(); + uint32_t length = policyParcel.policyInfo.path.length(); if (length == 0 || length > POLICY_PATH_LIMIT) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Policy path size check failed, path=%{private}s", policy.path.c_str()); + SANDBOXMANAGER_LOG_ERROR(LABEL, "Policy path size check failed, path=%{private}s", + policyParcel.policyInfo.path.c_str()); return INVALID_PARAMTER; } - return PolicyInfoManager::GetInstance().UnSetPolicy(tokenId, policy); + return PolicyInfoManager::GetInstance().UnSetPolicy(tokenId, policyParcel.policyInfo); } -int32_t SandboxManagerService::SetPolicyAsync(uint32_t tokenId, const std::vector &policy, +int32_t SandboxManagerService::SetPolicyAsync(uint32_t tokenId, const PolicyVecRawData &policyRawData, uint64_t policyFlag, uint64_t timestamp) { - std::vector result; - return SetPolicy(tokenId, policy, policyFlag, result, timestamp); + Uint32VecRawData resultRawData; + return SetPolicy(tokenId, policyRawData, policyFlag, resultRawData, timestamp); } -int32_t SandboxManagerService::UnSetPolicyAsync(uint32_t tokenId, const PolicyInfo &policy) +int32_t SandboxManagerService::UnSetPolicyAsync(uint32_t tokenId, const PolicyInfoParcel &policyParcel) { - return UnSetPolicy(tokenId, policy); + return UnSetPolicy(tokenId, policyParcel); } -int32_t SandboxManagerService::CheckPolicy(uint32_t tokenId, const std::vector &policy, - std::vector &result) +int32_t SandboxManagerService::CheckPolicy(uint32_t tokenId, const PolicyVecRawData &policyRawData, + BoolVecRawData &resultRawData) { + DelayUnloadService(); + uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); + if ((tokenId != callingTokenId) && + !CheckPermission(callingTokenId, CHECK_POLICY_PERMISSION_NAME)) { + return PERMISSION_DENIED; + } + std::vector policy; + policyRawData.Unmarshalling(policy); size_t policySize = policy.size(); if (policySize == 0) { SANDBOXMANAGER_LOG_ERROR(LABEL, "Check policy size failed, size = %{public}zu.", policySize); @@ -264,17 +345,26 @@ int32_t SandboxManagerService::CheckPolicy(uint32_t tokenId, const std::vector

result; + int32_t ret = PolicyInfoManager::GetInstance().CheckPolicy(tokenId, policy, result); + if (ret != SANDBOX_MANAGER_OK) { + return ret; + } + resultRawData.Marshalling(result); + return SANDBOX_MANAGER_OK; } -int32_t SandboxManagerService::StartAccessingPolicy(const std::vector &policy, - std::vector &result, bool useCallerToken, uint32_t tokenId, uint64_t timestamp) +int32_t SandboxManagerService::StartAccessingPolicy(const PolicyVecRawData &policyRawData, + Uint32VecRawData &resultRawData, bool useCallerToken, uint32_t tokenId, uint64_t timestamp) { - uint32_t callingTokenId = 0; - if (useCallerToken) { - callingTokenId = IPCSkeleton::GetCallingTokenID(); - } else { + DelayUnloadService(); + uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); + if (!CheckPermission(callingTokenId, ACCESS_PERSIST_PERMISSION_NAME)) { + return PERMISSION_DENIED; + } + std::vector policy; + policyRawData.Unmarshalling(policy); + if (!useCallerToken) { callingTokenId = tokenId; } size_t policySize = policy.size(); @@ -283,25 +373,51 @@ int32_t SandboxManagerService::StartAccessingPolicy(const std::vector result; + int32_t ret = PolicyInfoManager::GetInstance().StartAccessingPolicy(callingTokenId, policy, result, timestamp); + if (ret != SANDBOX_MANAGER_OK) { + return ret; + } + resultRawData.Marshalling(result); + return SANDBOX_MANAGER_OK; } int32_t SandboxManagerService::StopAccessingPolicy( - const std::vector &policy, std::vector &result) + const PolicyVecRawData &policyRawData, Uint32VecRawData &resultRawData) { + DelayUnloadService(); uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); + if (!CheckPermission(callingTokenId, ACCESS_PERSIST_PERMISSION_NAME)) { + return PERMISSION_DENIED; + } + std::vector policy; + policyRawData.Unmarshalling(policy); size_t policySize = policy.size(); if (policySize == 0) { SANDBOXMANAGER_LOG_ERROR(LABEL, "Policy vector size error, size = %{public}zu", policy.size()); return INVALID_PARAMTER; } - return PolicyInfoManager::GetInstance().StopAccessingPolicy(callingTokenId, policy, result); + std::vector result; + int32_t ret = PolicyInfoManager::GetInstance().StopAccessingPolicy(callingTokenId, policy, result); + if (ret != SANDBOX_MANAGER_OK) { + return ret; + } + resultRawData.Marshalling(result); + return SANDBOX_MANAGER_OK; } int32_t SandboxManagerService::CheckPersistPolicy( - uint32_t tokenId, const std::vector &policy, std::vector &result) + uint32_t tokenId, const PolicyVecRawData &policyRawData, BoolVecRawData &resultRawData) { + DelayUnloadService(); + uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); + if ((tokenId != callingTokenId) && + !CheckPermission(callingTokenId, CHECK_POLICY_PERMISSION_NAME)) { + return PERMISSION_DENIED; + } + std::vector policy; + policyRawData.Unmarshalling(policy); size_t policySize = policy.size(); if (policySize == 0 || tokenId == 0) { SANDBOXMANAGER_LOG_ERROR(LABEL, "Policy vector size error, size = %{public}zu, tokenid = %{public}d.", @@ -315,15 +431,21 @@ int32_t SandboxManagerService::CheckPersistPolicy( if (ret != SANDBOX_MANAGER_OK) { return ret; } - result.resize(policySize); + std::vector result(policySize); for (size_t i = 0; i < policy.size(); i++) { result[i] = (matchResult[i] == OPERATE_SUCCESSFULLY); } + resultRawData.Marshalling(result); return SANDBOX_MANAGER_OK; } int32_t SandboxManagerService::StartAccessingByTokenId(uint32_t tokenId, uint64_t timestamp) { + DelayUnloadService(); + if (IPCSkeleton::GetCallingUid() != FOUNDATION_UID) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "Not foundation userid, permision denied."); + return PERMISSION_DENIED; + } if (tokenId == 0) { SANDBOXMANAGER_LOG_ERROR(LABEL, "Invalid Tokenid."); return INVALID_PARAMTER; @@ -333,6 +455,11 @@ int32_t SandboxManagerService::StartAccessingByTokenId(uint32_t tokenId, uint64_ int32_t SandboxManagerService::UnSetAllPolicyByToken(uint32_t tokenId, uint64_t timestamp) { + DelayUnloadService(); + uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); + if (!CheckPermission(callingTokenId, SET_POLICY_PERMISSION_NAME)) { + return PERMISSION_DENIED; + } if (tokenId == 0) { SANDBOXMANAGER_LOG_ERROR(LABEL, "Invalid Tokenid."); return INVALID_PARAMTER; @@ -364,7 +491,7 @@ bool SandboxManagerService::InitDelayUnloadHandler() SANDBOXMANAGER_LOG_INFO(LABEL, "UnloadRunner_ and UnloadHandler_ already init."); return true; } - unloadRunner_ = EventRunner::Create(SA_ID_SANDBOX_MANAGER_SERVICE, AppExecFwk::ThreadMode::FFRT); + unloadRunner_ = EventRunner::Create(SANDBOX_MANAGER_SERVICE_ID, AppExecFwk::ThreadMode::FFRT); if (unloadRunner_ == nullptr) { SANDBOXMANAGER_LOG_ERROR(LABEL, "UnloadRunner_ init failed."); return false; @@ -377,9 +504,9 @@ bool SandboxManagerService::InitDelayUnloadHandler() return true; } -#ifdef NOT_RESIDENT void SandboxManagerService::DelayUnloadService() { +#ifdef NOT_RESIDENT std::lock_guard lock(unloadMutex_); if (!InitDelayUnloadHandler()) { return; @@ -390,7 +517,7 @@ void SandboxManagerService::DelayUnloadService() SANDBOXMANAGER_LOG_ERROR(LABEL, "Get samgr failed."); return; } - int32_t ret = samgrProxy->UnloadSystemAbility(SA_ID_SANDBOX_MANAGER_SERVICE); + int32_t ret = samgrProxy->UnloadSystemAbility(SANDBOX_MANAGER_SERVICE_ID); if (ret != ERR_OK) { SANDBOXMANAGER_LOG_ERROR(LABEL, "Unload system ability failed."); return; @@ -399,8 +526,8 @@ void SandboxManagerService::DelayUnloadService() unloadHandler_->RemoveTask("SandboxManagerUnload"); unloadHandler_->PostTask(task, "SandboxManagerUnload", SA_LIFE_TIME); SANDBOXMANAGER_LOG_INFO(LABEL, "Delay unload task updated."); -} #endif +} bool SandboxManagerService::StartByEventAction(const SystemAbilityOnDemandReason& startReason) { @@ -440,6 +567,27 @@ bool SandboxManagerService::StartByEventAction(const SystemAbilityOnDemandReason } return true; } + +bool SandboxManagerService::CheckPermission(const uint32_t tokenId, const std::string &permission) +{ + int32_t ret = Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenId, permission); + if (ret == Security::AccessToken::PermissionState::PERMISSION_GRANTED) { + SANDBOXMANAGER_LOG_INFO(LABEL, "Check permission token:%{public}d pass", tokenId); + return true; + } + SandboxManagerDfxHelper::WritePermissionCheckFailEvent(permission, tokenId); + SANDBOXMANAGER_LOG_ERROR(LABEL, "Check permission token:%{public}d fail", tokenId); + return false; +} + +bool SandboxManagerService::IsFileManagerCalling(uint32_t tokenCaller) +{ + if (tokenFileManagerId_ == 0) { + tokenFileManagerId_ = Security::AccessToken::AccessTokenKit::GetNativeTokenId( + "file_manager_service"); + } + return tokenCaller == tokenFileManagerId_; +} } // namespace SandboxManager } // namespace AccessControl } // namespace OHOS \ No newline at end of file diff --git a/services/sandbox_manager/main/cpp/src/service/sandbox_manager_stub.cpp b/services/sandbox_manager/main/cpp/src/service/sandbox_manager_stub.cpp deleted file mode 100644 index 8e0a2e0..0000000 --- a/services/sandbox_manager/main/cpp/src/service/sandbox_manager_stub.cpp +++ /dev/null @@ -1,781 +0,0 @@ -/* - * Copyright (c) 2023-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "sandbox_manager_stub.h" - -#include -#include -#include -#include -#include -#include -#include "accesstoken_kit.h" -#include "ipc_skeleton.h" -#include "policy_info.h" -#include "policy_info_parcel.h" -#include "policy_info_vector_parcel.h" -#include "sandbox_manager_const.h" -#include "sandbox_manager_dfx_helper.h" -#include "sandbox_manager_err_code.h" -#include "sandbox_manager_log.h" -#include "sandbox_manager_service.h" -#include "string" -#include "string_ex.h" - -namespace OHOS { -namespace AccessControl { -namespace SandboxManager { - -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, ACCESSCONTROL_DOMAIN_SANDBOXMANAGER, "SandboxManagerStub"}; -} - -static bool CheckPermission(const uint32_t tokenId, const std::string &permission); - -static int UnMarshalPolicy(std::stringstream &ss, std::vector &policyVec) -{ - uint32_t policyNum = 0; - ss.read(reinterpret_cast(&policyNum), sizeof(policyNum)); - - for (uint32_t i = 0; i < policyNum; i++) { - uint32_t pathLen = 0; - ss.read(reinterpret_cast(&pathLen), sizeof(pathLen)); - if (pathLen > ss.str().length()) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "path eln:%{public}u is invalid", pathLen); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - PolicyInfo info; - info.path.resize(pathLen); - ss.read(info.path.data(), pathLen); - ss.read(reinterpret_cast(&info.mode), sizeof(info.mode)); - policyVec.push_back(info); - } - return SANDBOX_MANAGER_OK; -} - -int32_t SandboxManagerStub::OnRemoteRequest( - uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option) -{ - uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); - SANDBOXMANAGER_LOG_DEBUG(LABEL, "Code %{public}u token %{public}u", code, callingTokenID); - std::u16string descriptor = data.ReadInterfaceToken(); - if (descriptor != ISandboxManager::GetDescriptor()) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Get unexpect descriptor: %{public}s", Str16ToStr8(descriptor).c_str()); - return -1; - } - auto itFunc = requestFuncMap_.find(code); - if (itFunc != requestFuncMap_.end()) { - auto requestFunc = itFunc->second; - if (requestFunc != nullptr) { -#ifdef NOT_RESIDENT - DelayUnloadService(); -#endif - return (this->*requestFunc)(data, reply); - } else { - // when valid code without any function to handle - return IPCObjectStub::OnRemoteRequest(code, data, reply, option); - } - } else { - return IPCObjectStub::OnRemoteRequest(code, data, reply, option); // when code invalid - } - - return NO_ERROR; -} - -int32_t SandboxManagerStub::CleanPersistPolicyByPathInner(MessageParcel &data, MessageParcel &reply) -{ - SANDBOXMANAGER_LOG_INFO(LABEL, "Call CleanPersistPolicyByPathInner"); - uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); - if (!IsFileManagerCalling(callingTokenId)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenId); - return PERMISSION_DENIED; - } - - std::vector filePathList; - if (!data.ReadStringVector(&filePathList)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read filePathList failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - this->CleanPersistPolicyByPath(filePathList); - SANDBOXMANAGER_LOG_INFO(LABEL, "End CleanPersistPolicyByPathInner"); - return SANDBOX_MANAGER_OK; -} - -int32_t SandboxManagerStub::PersistPolicyInner(MessageParcel &data, MessageParcel &reply) -{ - uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); - if (!CheckPermission(callingTokenId, ACCESS_PERSIST_PERMISSION_NAME)) { - return PERMISSION_DENIED; - } - - std::vector policyVec; - auto vecDataSize = data.ReadUint32(); - const void *buffer = data.ReadRawData(vecDataSize); - if (buffer == nullptr) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read raw data failed"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - std::stringstream ss; - ss.write(reinterpret_cast(buffer), vecDataSize); - if (UnMarshalPolicy(ss, policyVec) != SANDBOX_MANAGER_OK) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Unmarshal failed"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - std::vector result; - int32_t ret = this->PersistPolicy(policyVec, result); - if (!reply.WriteInt32(ret)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Reply sandbox manager ret parcel fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - if (ret != SANDBOX_MANAGER_OK) { - return ret; - } - - if (!reply.WriteUInt32Vector(result)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Reply sandbox manager vector parcel fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - return SANDBOX_MANAGER_OK; -} - -int32_t SandboxManagerStub::UnPersistPolicyInner(MessageParcel &data, MessageParcel &reply) -{ - uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); - if (!CheckPermission(callingTokenId, ACCESS_PERSIST_PERMISSION_NAME)) { - return PERMISSION_DENIED; - } - - std::vector policyVec; - auto vecDataSize = data.ReadUint32(); - const void *buffer = data.ReadRawData(vecDataSize); - if (buffer == nullptr) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read raw data failed"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - std::stringstream ss; - ss.write(reinterpret_cast(buffer), vecDataSize); - if (UnMarshalPolicy(ss, policyVec) != SANDBOX_MANAGER_OK) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Unmarshal failed"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - std::vector result; - - int32_t ret = this->UnPersistPolicy(policyVec, result); - if (!reply.WriteInt32(ret)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Reply sandbox manager ret parcel fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - if (ret != SANDBOX_MANAGER_OK) { - return ret; - } - - if (!reply.WriteUInt32Vector(result)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Reply sandbox manager vector parcel fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - return SANDBOX_MANAGER_OK; -} - -int32_t SandboxManagerStub::PersistPolicyByTokenIdInner(MessageParcel &data, MessageParcel &reply) -{ - uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); - if (!CheckPermission(callingTokenId, ACCESS_PERSIST_PERMISSION_NAME)) { - return PERMISSION_DENIED; - } - uint32_t tokenId; - if (!data.ReadUint32(tokenId)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read tokenId parcel fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - std::vector policyVec; - auto vecDataSize = data.ReadUint32(); - const void *buffer = data.ReadRawData(vecDataSize); - if (buffer == nullptr) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read raw data failed"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - std::stringstream ss; - ss.write(reinterpret_cast(buffer), vecDataSize); - if (UnMarshalPolicy(ss, policyVec) != SANDBOX_MANAGER_OK) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Unmarshal failed"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - std::vector result; - int32_t ret = this->PersistPolicyByTokenId(tokenId, policyVec, result); - if (!reply.WriteInt32(ret)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Reply sandbox manager ret parcel fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - if (ret != SANDBOX_MANAGER_OK) { - return ret; - } - - if (!reply.WriteUInt32Vector(result)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Reply sandbox manager vector parcel fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - return SANDBOX_MANAGER_OK; -} - -int32_t SandboxManagerStub::UnPersistPolicyByTokenIdInner(MessageParcel &data, MessageParcel &reply) -{ - uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); - if (!CheckPermission(callingTokenId, ACCESS_PERSIST_PERMISSION_NAME)) { - return PERMISSION_DENIED; - } - uint32_t tokenId; - if (!data.ReadUint32(tokenId)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Reply tokenId parcel fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - std::vector policyVec; - auto vecDataSize = data.ReadUint32(); - const void *buffer = data.ReadRawData(vecDataSize); - if (buffer == nullptr) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read raw data failed"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - std::stringstream ss; - ss.write(reinterpret_cast(buffer), vecDataSize); - if (UnMarshalPolicy(ss, policyVec) != SANDBOX_MANAGER_OK) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Unmarshal failed"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - std::vector result; - - int32_t ret = this->UnPersistPolicyByTokenId(tokenId, policyVec, result); - if (!reply.WriteInt32(ret)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Reply sandbox manager ret parcel fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - if (ret != SANDBOX_MANAGER_OK) { - return ret; - } - - if (!reply.WriteUInt32Vector(result)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Reply sandbox manager vector parcel fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - return SANDBOX_MANAGER_OK; -} - -static int32_t ReadSetPolicyParcel(MessageParcel &data, uint32_t &tokenId, - std::vector &policyVec, uint64_t &policyFlag, uint64_t ×tamp) -{ - uint64_t callingTokenId = IPCSkeleton::GetCallingTokenID(); - if (!CheckPermission(callingTokenId, SET_POLICY_PERMISSION_NAME)) { - return PERMISSION_DENIED; - } - - if (!data.ReadUint32(tokenId)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read tokenId failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - if (!data.ReadUint64(timestamp)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read timestamp failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - auto vecDataSize = data.ReadUint32(); - const void *buffer = data.ReadRawData(vecDataSize); - if (buffer == nullptr) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read raw data failed"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - std::stringstream ss; - ss.write(reinterpret_cast(buffer), vecDataSize); - if (UnMarshalPolicy(ss, policyVec) != SANDBOX_MANAGER_OK) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Unmarshal failed"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - if (!data.ReadUint64(policyFlag)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read policyFlag failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - return SANDBOX_MANAGER_OK; -} - -/** - * Serializes a `std::vector` into binary data and writes it to an output stream. - * @param outputStream The output stream to write the serialized data to. - * @param result The `std::vector` to serialize. - * @return Returns a status code indicating whether the operation is successful. - */ -static int MarshalResult(std::stringstream &outputStream, const std::vector &result) -{ - uint32_t resultNum = result.size(); - if (!outputStream.write(reinterpret_cast(&resultNum), sizeof(resultNum))) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Failed to write result count to outputStream."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - for (uint32_t i = 0; i < resultNum; i++) { - if (!outputStream.write(reinterpret_cast(&result[i]), sizeof(uint32_t))) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Failed to write result value to outputStream."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - } - return SANDBOX_MANAGER_OK; -} - -/** - * Serializes a `std::vector` into binary data and writes it to an output stream. - * @param outputStream The output stream to write the serialized data to. - * @param result The `std::vector` to serialize. - * @return Returns a status code indicating whether the operation is successful. - */ -static int MarshalResult(std::stringstream &outputStream, const std::vector &result) -{ - uint32_t resultNum = result.size(); - if (!outputStream.write(reinterpret_cast(&resultNum), sizeof(resultNum))) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Failed to write result count to outputStream."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - for (uint32_t i = 0; i < resultNum; i++) { - // Convert the boolean value to a character ('1' for true, '0' for false) - char boolChar = result[i] ? '1' : '0'; - if (!outputStream.write(&boolChar, sizeof(char))) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Failed to write result value to outputStream."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - } - return SANDBOX_MANAGER_OK; -} - -int32_t SandboxManagerStub::SetPolicyInner(MessageParcel &data, MessageParcel &reply) -{ - uint32_t tokenId; - sptr policyInfoVectorParcel = nullptr; - uint64_t policyFlag; - uint64_t timestamp; - std::vector policyVec; - int32_t readRes = ReadSetPolicyParcel(data, tokenId, policyVec, policyFlag, timestamp); - if (readRes != SANDBOX_MANAGER_OK) { - return readRes; - } - - std::vector result; - int32_t ret = this->SetPolicy(tokenId, policyVec, policyFlag, result, timestamp); - if (!reply.WriteInt32(ret)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write ret failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - if (ret != SANDBOX_MANAGER_OK) { - return ret; - } - - std::stringstream replyRawString; - int32_t marshlResultRet = MarshalResult(replyRawString, result); - if (marshlResultRet != SANDBOX_MANAGER_OK) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "MarshalResult failed."); - return marshlResultRet; - } - size_t rawStringLength = replyRawString.str().length(); - if (!reply.WriteUint32(rawStringLength)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write rawStringLength failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - if (!reply.WriteRawData(reinterpret_cast(replyRawString.str().data()), rawStringLength)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write raw data failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - return SANDBOX_MANAGER_OK; -} - -int32_t SandboxManagerStub::SetPolicyAsyncInner(MessageParcel &data, MessageParcel &reply) -{ - uint32_t tokenId; - sptr policyInfoVectorParcel = nullptr; - uint64_t policyFlag; - uint64_t timestamp; - std::vector policyVec; - int32_t readRes = ReadSetPolicyParcel(data, tokenId, policyVec, policyFlag, timestamp); - if (readRes != SANDBOX_MANAGER_OK) { - return readRes; - } - - return this->SetPolicyAsync(tokenId, policyVec, policyFlag, timestamp); -} - -static int32_t ReadUnSetPolicyParcel(MessageParcel &data, uint32_t &tokenId, - sptr &policyInfoParcel) -{ - uint64_t callingTokenId = IPCSkeleton::GetCallingTokenID(); - if (!CheckPermission(callingTokenId, SET_POLICY_PERMISSION_NAME)) { - return PERMISSION_DENIED; - } - - if (!data.ReadUint32(tokenId)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read tokenId failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - policyInfoParcel = data.ReadParcelable(); - if (policyInfoParcel == nullptr) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read policyInfoParcel failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - return SANDBOX_MANAGER_OK; -} - -int32_t SandboxManagerStub::UnSetPolicyInner(MessageParcel &data, MessageParcel &reply) -{ - uint32_t tokenId; - sptr policyInfoParcel = nullptr; - int32_t readRes = ReadUnSetPolicyParcel(data, tokenId, policyInfoParcel); - if (readRes != SANDBOX_MANAGER_OK) { - return readRes; - } - - int32_t ret = this->UnSetPolicy(tokenId, policyInfoParcel->policyInfo); - if (!reply.WriteInt32(ret)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write ret failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - return SANDBOX_MANAGER_OK; -} - -int32_t SandboxManagerStub::UnSetPolicyAsyncInner(MessageParcel &data, MessageParcel &reply) -{ - uint32_t tokenId; - sptr policyInfoParcel = nullptr; - int32_t readRes = ReadUnSetPolicyParcel(data, tokenId, policyInfoParcel); - if (readRes != SANDBOX_MANAGER_OK) { - return readRes; - } - - return this->UnSetPolicyAsync(tokenId, policyInfoParcel->policyInfo); -} - -int32_t SandboxManagerStub::CheckPolicyInner(MessageParcel &data, MessageParcel &reply) -{ - uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); - uint32_t tokenId; - if (!data.ReadUint32(tokenId)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read tokenId failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - if ((tokenId != callingTokenId) && - !CheckPermission(callingTokenId, CHECK_POLICY_PERMISSION_NAME)) { - return PERMISSION_DENIED; - } - - std::vector policyVec; - auto vecDataSize = data.ReadUint32(); - const void *buffer = data.ReadRawData(vecDataSize); - if (buffer == nullptr) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read raw data failed"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - std::stringstream ss; - ss.write(reinterpret_cast(buffer), vecDataSize); - if (UnMarshalPolicy(ss, policyVec) != SANDBOX_MANAGER_OK) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Unmarshal failed"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - std::vector result; - int32_t ret = this->CheckPolicy(tokenId, policyVec, result); - if (!reply.WriteInt32(ret)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write ret failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - if (ret != SANDBOX_MANAGER_OK) { - return ret; - } - - std::stringstream replyRawString; - int32_t marshlResultRet = MarshalResult(replyRawString, result); - if (marshlResultRet != SANDBOX_MANAGER_OK) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "MarshalResult failed."); - return marshlResultRet; - } - size_t rawStringLength = replyRawString.str().length(); - if (!reply.WriteUint32(rawStringLength)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write rawStringLength failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - if (!reply.WriteRawData(reinterpret_cast(replyRawString.str().data()), rawStringLength)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write raw data failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - return SANDBOX_MANAGER_OK; -} - -int32_t SandboxManagerStub::StartAccessingPolicyInner(MessageParcel &data, MessageParcel &reply) -{ - uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); - if (!CheckPermission(callingTokenId, ACCESS_PERSIST_PERMISSION_NAME)) { - return PERMISSION_DENIED; - } - - bool useCallerToken; - if (!data.ReadBool(useCallerToken)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read useCallerToken failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - uint32_t tokenId; - if (!data.ReadUint32(tokenId)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read tokenId failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - uint64_t timestamp; - if (!data.ReadUint64(timestamp)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read timestamp failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - std::vector policyVec; - auto vecDataSize = data.ReadUint32(); - const void *buffer = data.ReadRawData(vecDataSize); - if (buffer == nullptr) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read raw data failed"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - std::stringstream ss; - ss.write(reinterpret_cast(buffer), vecDataSize); - if (UnMarshalPolicy(ss, policyVec) != SANDBOX_MANAGER_OK) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Unmarshal failed"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - std::vector result; - int32_t ret = - this->StartAccessingPolicy(policyVec, result, useCallerToken, tokenId, timestamp); - if (!reply.WriteInt32(ret)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Reply sandbox manager ret parcel fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - if (ret != SANDBOX_MANAGER_OK) { - return ret; - } - - if (!reply.WriteUInt32Vector(result)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write sandbox manager reply parcel fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - return SANDBOX_MANAGER_OK; -} - -int32_t SandboxManagerStub::StopAccessingPolicyInner(MessageParcel &data, MessageParcel &reply) -{ - uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); - if (!CheckPermission(callingTokenId, ACCESS_PERSIST_PERMISSION_NAME)) { - return PERMISSION_DENIED; - } - - std::vector policyVec; - auto vecDataSize = data.ReadUint32(); - const void *buffer = data.ReadRawData(vecDataSize); - if (buffer == nullptr) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read raw data failed"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - std::stringstream ss; - ss.write(reinterpret_cast(buffer), vecDataSize); - if (UnMarshalPolicy(ss, policyVec) != SANDBOX_MANAGER_OK) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Unmarshal failed"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - std::vector result; - - int32_t ret = this->StopAccessingPolicy(policyVec, result); - if (!reply.WriteInt32(ret)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Reply sandbox manager ret parcel fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - if (ret != SANDBOX_MANAGER_OK) { - return ret; - } - - if (!reply.WriteUInt32Vector(result)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write sandbox manager reply parcel fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - return SANDBOX_MANAGER_OK; -} - -int32_t SandboxManagerStub::CheckPersistPolicyInner(MessageParcel &data, MessageParcel &reply) -{ - uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); - uint32_t tokenId; - if (!data.ReadUint32(tokenId)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Reply tokenId parcel fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - if ((tokenId != callingTokenId) && - !CheckPermission(callingTokenId, CHECK_POLICY_PERMISSION_NAME)) { - return PERMISSION_DENIED; - } - - std::vector policyVec; - auto vecDataSize = data.ReadUint32(); - const void *buffer = data.ReadRawData(vecDataSize); - if (buffer == nullptr) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read raw data failed"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - std::stringstream ss; - ss.write(reinterpret_cast(buffer), vecDataSize); - if (UnMarshalPolicy(ss, policyVec) != SANDBOX_MANAGER_OK) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Unmarshal failed"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - std::vector result; - int32_t ret = this->CheckPersistPolicy(tokenId, policyVec, result); - if (!reply.WriteInt32(ret)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Reply sandbox manager ret parcel fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - if (ret != SANDBOX_MANAGER_OK) { - return ret; - } - - if (!reply.WriteBoolVector(result)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Write sandbox manager reply parcel fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - return SANDBOX_MANAGER_OK; -} - -int32_t SandboxManagerStub::StartAccessingByTokenIdInner(MessageParcel &data, MessageParcel &reply) -{ - if (IPCSkeleton::GetCallingUid() != FOUNDATION_UID) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Not foundation userid, permision denied."); - return PERMISSION_DENIED; - } - uint32_t tokenId; - if (!data.ReadUint32(tokenId)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read tokenId parcel fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - uint64_t timestamp; - if (!data.ReadUint64(timestamp)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read timestamp failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - - this->StartAccessingByTokenId(tokenId, timestamp); - return SANDBOX_MANAGER_OK; -} - -int32_t SandboxManagerStub::UnSetAllPolicyByTokenInner(MessageParcel &data, MessageParcel &reply) -{ - uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); - if (!CheckPermission(callingTokenId, SET_POLICY_PERMISSION_NAME)) { - return PERMISSION_DENIED; - } - - uint32_t tokenId; - if (!data.ReadUint32(tokenId)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read tokenId parcel fail"); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - uint64_t timestamp; - if (!data.ReadUint64(timestamp)) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Read timestamp failed."); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } - this->UnSetAllPolicyByToken(tokenId, timestamp); - return SANDBOX_MANAGER_OK; -} - -void SandboxManagerStub::SetPolicyOpFuncInMap() -{ - requestFuncMap_[static_cast(SandboxManagerInterfaceCode::CLEAN_PERSIST_POLICY_BY_PATH)] = - &SandboxManagerStub::CleanPersistPolicyByPathInner; - requestFuncMap_[static_cast(SandboxManagerInterfaceCode::PERSIST_PERMISSION)] = - &SandboxManagerStub::PersistPolicyInner; - requestFuncMap_[static_cast(SandboxManagerInterfaceCode::UNPERSIST_PERMISSION)] = - &SandboxManagerStub::UnPersistPolicyInner; - requestFuncMap_[static_cast(SandboxManagerInterfaceCode::PERSIST_PERMISSION_BY_TOKENID)] = - &SandboxManagerStub::PersistPolicyByTokenIdInner; - requestFuncMap_[static_cast(SandboxManagerInterfaceCode::UNPERSIST_PERMISSION_BY_TOKENID)] = - &SandboxManagerStub::UnPersistPolicyByTokenIdInner; - requestFuncMap_[static_cast(SandboxManagerInterfaceCode::SET_POLICY)] = - &SandboxManagerStub::SetPolicyInner; - requestFuncMap_[static_cast(SandboxManagerInterfaceCode::UNSET_POLICY)] = - &SandboxManagerStub::UnSetPolicyInner; - requestFuncMap_[static_cast(SandboxManagerInterfaceCode::SET_POLICY_ASYNC)] = - &SandboxManagerStub::SetPolicyAsyncInner; - requestFuncMap_[static_cast(SandboxManagerInterfaceCode::UNSET_POLICY_ASYNC)] = - &SandboxManagerStub::UnSetPolicyAsyncInner; - requestFuncMap_[static_cast(SandboxManagerInterfaceCode::CHECK_POLICY)] = - &SandboxManagerStub::CheckPolicyInner; - requestFuncMap_[static_cast(SandboxManagerInterfaceCode::START_ACCESSING_URI)] = - &SandboxManagerStub::StartAccessingPolicyInner; - requestFuncMap_[static_cast(SandboxManagerInterfaceCode::STOP_ACCESSING_URI)] = - &SandboxManagerStub::StopAccessingPolicyInner; - requestFuncMap_[static_cast(SandboxManagerInterfaceCode::CHECK_PERSIST_PERMISSION)] = - &SandboxManagerStub::CheckPersistPolicyInner; - requestFuncMap_[static_cast(SandboxManagerInterfaceCode::START_ACCESSING_BY_TOKEN)] = - &SandboxManagerStub::StartAccessingByTokenIdInner; - requestFuncMap_[static_cast(SandboxManagerInterfaceCode::UNSET_ALL_POLICY_BY_TOKEN)] = - &SandboxManagerStub::UnSetAllPolicyByTokenInner; -} - -SandboxManagerStub::SandboxManagerStub() -{ - SetPolicyOpFuncInMap(); -} - -SandboxManagerStub::~SandboxManagerStub() -{ - requestFuncMap_.clear(); -} - -bool CheckPermission(const uint32_t tokenId, const std::string &permission) -{ - int32_t ret = Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenId, permission); - if (ret == Security::AccessToken::PermissionState::PERMISSION_GRANTED) { - SANDBOXMANAGER_LOG_INFO(LABEL, "Check permission token:%{public}d pass", tokenId); - return true; - } - SandboxManagerDfxHelper::WritePermissionCheckFailEvent(permission, tokenId); - SANDBOXMANAGER_LOG_ERROR(LABEL, "Check permission token:%{public}d fail", tokenId); - return false; -} -bool SandboxManagerStub::IsFileManagerCalling(uint32_t tokenCaller) -{ - if (tokenFileManagerId_ == 0) { - tokenFileManagerId_ = Security::AccessToken::AccessTokenKit::GetNativeTokenId( - "file_manager_service"); - } - return tokenCaller == tokenFileManagerId_; -} -} // namespace SandboxManager -} // namespace AccessControl -} // namespace OHOS \ No newline at end of file diff --git a/services/sandbox_manager/test/BUILD.gn b/services/sandbox_manager/test/BUILD.gn index 54d6255..f706d79 100644 --- a/services/sandbox_manager/test/BUILD.gn +++ b/services/sandbox_manager/test/BUILD.gn @@ -16,7 +16,6 @@ import("../../../sandbox_manager.gni") sandbox_manager_service_src = [ "../main/cpp/src/service/sandbox_manager_service.cpp", - "../main/cpp/src/service/sandbox_manager_stub.cpp", "../main/cpp/src/sensitive/sandbox_manager_event_subscriber.cpp", "../main/cpp/src/service/policy_info_manager.cpp", "../main/cpp/src/service/policy_trie.cpp", @@ -52,7 +51,6 @@ ohos_unittest("libsandbox_manager_service_standard_test") { sources = [ "unittest/policy_info_manager_test.cpp", "unittest/sandbox_manager_rdb_test.cpp", - "unittest/sandbox_manager_service_test.cpp", ] sources += sandbox_manager_service_src @@ -65,6 +63,7 @@ ohos_unittest("libsandbox_manager_service_standard_test") { deps = [ "${sandbox_manager_path}/frameworks/sandbox_manager:sandbox_manager_communication_adapter_cxx", + "${sandbox_manager_path}/frameworks/sandbox_manager:sandbox_manager_stub", "${sandbox_manager_path}/frameworks/sandbox_test_common:sandbox_test_common_source_set", "${sandbox_manager_path}/services/common:sandbox_manager_service_common", "${sandbox_manager_path}/services/sandbox_manager:sandbox_manager_service", diff --git a/test/fuzztest/services/sandbox_manager/checkpersistpolicystub_fuzzer/checkpersistpolicystub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/checkpersistpolicystub_fuzzer/checkpersistpolicystub_fuzzer.cpp index f1c83f9..192ce5f 100644 --- a/test/fuzztest/services/sandbox_manager/checkpersistpolicystub_fuzzer/checkpersistpolicystub_fuzzer.cpp +++ b/test/fuzztest/services/sandbox_manager/checkpersistpolicystub_fuzzer/checkpersistpolicystub_fuzzer.cpp @@ -19,9 +19,8 @@ #include #include #include "fuzz_common.h" -#include "i_sandbox_manager.h" +#include "isandbox_manager.h" #include "policy_info_vector_parcel.h" -#include "sandboxmanager_service_ipc_interface_code.h" #define private public #include "sandbox_manager_service.h" #undef private @@ -56,7 +55,7 @@ namespace OHOS { return false; } - uint32_t code = static_cast(SandboxManagerInterfaceCode::CHECK_PERSIST_PERMISSION); + uint32_t code = static_cast(ISandboxManagerIpcCode::COMMAND_CHECK_PERSIST_POLICY); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/sandbox_manager/checkpolicystub_fuzzer/checkpolicystub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/checkpolicystub_fuzzer/checkpolicystub_fuzzer.cpp index 58f99ca..2462ab6 100644 --- a/test/fuzztest/services/sandbox_manager/checkpolicystub_fuzzer/checkpolicystub_fuzzer.cpp +++ b/test/fuzztest/services/sandbox_manager/checkpolicystub_fuzzer/checkpolicystub_fuzzer.cpp @@ -19,9 +19,8 @@ #include #include #include "fuzz_common.h" -#include "i_sandbox_manager.h" +#include "isandbox_manager.h" #include "policy_info_vector_parcel.h" -#include "sandboxmanager_service_ipc_interface_code.h" #define private public #include "sandbox_manager_service.h" #undef private @@ -55,7 +54,7 @@ namespace OHOS { return false; } - uint32_t code = static_cast(SandboxManagerInterfaceCode::CHECK_POLICY); + uint32_t code = static_cast(ISandboxManagerIpcCode::COMMAND_CHECK_POLICY); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/sandbox_manager/cleanpersistpolicybypathstub_fuzzer/cleanpersistpolicybypathstub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/cleanpersistpolicybypathstub_fuzzer/cleanpersistpolicybypathstub_fuzzer.cpp index 59f9729..8937ae7 100644 --- a/test/fuzztest/services/sandbox_manager/cleanpersistpolicybypathstub_fuzzer/cleanpersistpolicybypathstub_fuzzer.cpp +++ b/test/fuzztest/services/sandbox_manager/cleanpersistpolicybypathstub_fuzzer/cleanpersistpolicybypathstub_fuzzer.cpp @@ -20,9 +20,8 @@ #include #include "accesstoken_kit.h" #include "fuzz_common.h" -#include "i_sandbox_manager.h" +#include "isandbox_manager.h" #include "policy_info_vector_parcel.h" -#include "sandboxmanager_service_ipc_interface_code.h" #define private public #include "sandbox_manager_service.h" #undef private @@ -58,7 +57,7 @@ static uint32_t FILE_MANAGER_TOKEN = 0; return false; } - uint32_t code = static_cast(SandboxManagerInterfaceCode::CLEAN_PERSIST_POLICY_BY_PATH); + uint32_t code = static_cast(ISandboxManagerIpcCode::COMMAND_CLEAN_PERSIST_POLICY_BY_PATH); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/sandbox_manager/persistpolicystub_fuzzer/persistpolicystub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/persistpolicystub_fuzzer/persistpolicystub_fuzzer.cpp index 4f5d946..d799042 100644 --- a/test/fuzztest/services/sandbox_manager/persistpolicystub_fuzzer/persistpolicystub_fuzzer.cpp +++ b/test/fuzztest/services/sandbox_manager/persistpolicystub_fuzzer/persistpolicystub_fuzzer.cpp @@ -20,9 +20,8 @@ #include #include "alloc_token.h" #include "fuzz_common.h" -#include "i_sandbox_manager.h" +#include "isandbox_manager.h" #include "policy_info_vector_parcel.h" -#include "sandboxmanager_service_ipc_interface_code.h" #define private public #include "sandbox_manager_service.h" #undef private @@ -53,7 +52,7 @@ namespace OHOS { return false; } - uint32_t code = static_cast(SandboxManagerInterfaceCode::PERSIST_PERMISSION); + uint32_t code = static_cast(ISandboxManagerIpcCode::COMMAND_PERSIST_POLICY); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/sandbox_manager/persistpolicytokenstub_fuzzer/persistpolicytokenstub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/persistpolicytokenstub_fuzzer/persistpolicytokenstub_fuzzer.cpp index 586a682..886cb39 100644 --- a/test/fuzztest/services/sandbox_manager/persistpolicytokenstub_fuzzer/persistpolicytokenstub_fuzzer.cpp +++ b/test/fuzztest/services/sandbox_manager/persistpolicytokenstub_fuzzer/persistpolicytokenstub_fuzzer.cpp @@ -20,9 +20,8 @@ #include #include "alloc_token.h" #include "fuzz_common.h" -#include "i_sandbox_manager.h" +#include "isandbox_manager.h" #include "policy_info_vector_parcel.h" -#include "sandboxmanager_service_ipc_interface_code.h" #define private public #include "sandbox_manager_service.h" #undef private @@ -58,7 +57,7 @@ namespace OHOS { return false; } - uint32_t code = static_cast(SandboxManagerInterfaceCode::PERSIST_PERMISSION_BY_TOKENID); + uint32_t code = static_cast(ISandboxManagerIpcCode::COMMAND_PERSIST_POLICY_BY_TOKEN_ID); MessageParcel reply; MessageOption option; DelayedSingleton::GetInstance()->Initialize(); diff --git a/test/fuzztest/services/sandbox_manager/sandbox_manager_service_fuzz.gni b/test/fuzztest/services/sandbox_manager/sandbox_manager_service_fuzz.gni index b3475e8..7b4696e 100644 --- a/test/fuzztest/services/sandbox_manager/sandbox_manager_service_fuzz.gni +++ b/test/fuzztest/services/sandbox_manager/sandbox_manager_service_fuzz.gni @@ -38,7 +38,6 @@ sandbox_manager_sources = [ "${sandbox_manager_path}/services/sandbox_manager/main/cpp/src/service/policy_info_manager.cpp", "${sandbox_manager_path}/services/sandbox_manager/main/cpp/src/service/policy_trie.cpp", "${sandbox_manager_path}/services/sandbox_manager/main/cpp/src/service/sandbox_manager_service.cpp", - "${sandbox_manager_path}/services/sandbox_manager/main/cpp/src/service/sandbox_manager_stub.cpp", "${sandbox_manager_path}/test/fuzztest/common/alloc_token.cpp", "${sandbox_manager_path}/test/fuzztest/common/fuzz_common.cpp", ] @@ -46,6 +45,7 @@ sandbox_manager_sources = [ sandbox_manager_deps = [ "${sandbox_manager_path}/frameworks/inner_api/sandbox_manager:libsandbox_manager_sdk", "${sandbox_manager_path}/frameworks/sandbox_manager:sandbox_manager_communication_adapter_cxx", + "${sandbox_manager_path}/frameworks/sandbox_manager:sandbox_manager_stub", "${sandbox_manager_path}/services/common:sandbox_manager_service_common", "${sandbox_manager_path}/services/sandbox_manager:sandbox_manager_service", ] diff --git a/test/fuzztest/services/sandbox_manager/setpolicyasyncstub_fuzzer/setpolicyasyncstub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/setpolicyasyncstub_fuzzer/setpolicyasyncstub_fuzzer.cpp index 46a7deb..9dfe75f 100644 --- a/test/fuzztest/services/sandbox_manager/setpolicyasyncstub_fuzzer/setpolicyasyncstub_fuzzer.cpp +++ b/test/fuzztest/services/sandbox_manager/setpolicyasyncstub_fuzzer/setpolicyasyncstub_fuzzer.cpp @@ -21,8 +21,7 @@ #include "alloc_token.h" #include "fuzz_common.h" #include "policy_info_vector_parcel.h" -#include "i_sandbox_manager.h" -#include "sandboxmanager_service_ipc_interface_code.h" +#include "isandbox_manager.h" #define private public #include "sandbox_manager_service.h" #undef private @@ -62,7 +61,7 @@ namespace OHOS { return false; } - uint32_t code = static_cast(SandboxManagerInterfaceCode::SET_POLICY_ASYNC); + uint32_t code = static_cast(ISandboxManagerIpcCode::COMMAND_SET_POLICY_ASYNC); MessageParcel reply; MessageOption option; DelayedSingleton::GetInstance()->Initialize(); diff --git a/test/fuzztest/services/sandbox_manager/setpolicystub_fuzzer/setpolicystub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/setpolicystub_fuzzer/setpolicystub_fuzzer.cpp index c98e09c..01eba81 100644 --- a/test/fuzztest/services/sandbox_manager/setpolicystub_fuzzer/setpolicystub_fuzzer.cpp +++ b/test/fuzztest/services/sandbox_manager/setpolicystub_fuzzer/setpolicystub_fuzzer.cpp @@ -21,8 +21,7 @@ #include "alloc_token.h" #include "fuzz_common.h" #include "policy_info_vector_parcel.h" -#include "i_sandbox_manager.h" -#include "sandboxmanager_service_ipc_interface_code.h" +#include "isandbox_manager.h" #define private public #include "sandbox_manager_service.h" #undef private @@ -62,7 +61,7 @@ namespace OHOS { return false; } - uint32_t code = static_cast(SandboxManagerInterfaceCode::SET_POLICY); + uint32_t code = static_cast(ISandboxManagerIpcCode::COMMAND_SET_POLICY); MessageParcel reply; MessageOption option; DelayedSingleton::GetInstance()->Initialize(); diff --git a/test/fuzztest/services/sandbox_manager/startaccessingbytokenidstub_fuzzer/startaccessingbytokenidstub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/startaccessingbytokenidstub_fuzzer/startaccessingbytokenidstub_fuzzer.cpp index 68583d7..7cfdd8c 100644 --- a/test/fuzztest/services/sandbox_manager/startaccessingbytokenidstub_fuzzer/startaccessingbytokenidstub_fuzzer.cpp +++ b/test/fuzztest/services/sandbox_manager/startaccessingbytokenidstub_fuzzer/startaccessingbytokenidstub_fuzzer.cpp @@ -20,9 +20,8 @@ #include #include "alloc_token.h" #include "fuzz_common.h" -#include "i_sandbox_manager.h" +#include "isandbox_manager.h" #include "policy_info_vector_parcel.h" -#include "sandboxmanager_service_ipc_interface_code.h" #define private public #include "sandbox_manager_service.h" #undef private @@ -52,7 +51,7 @@ const int32_t FOUNDATION_UID = 5523; return false; } - uint32_t code = static_cast(SandboxManagerInterfaceCode::START_ACCESSING_BY_TOKEN); + uint32_t code = static_cast(ISandboxManagerIpcCode::COMMAND_START_ACCESSING_BY_TOKEN_ID); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/sandbox_manager/startaccessingpolicystub_fuzzer/startaccessingpolicystub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/startaccessingpolicystub_fuzzer/startaccessingpolicystub_fuzzer.cpp index 6e9836c..88e64eb 100644 --- a/test/fuzztest/services/sandbox_manager/startaccessingpolicystub_fuzzer/startaccessingpolicystub_fuzzer.cpp +++ b/test/fuzztest/services/sandbox_manager/startaccessingpolicystub_fuzzer/startaccessingpolicystub_fuzzer.cpp @@ -20,9 +20,8 @@ #include #include "alloc_token.h" #include "fuzz_common.h" -#include "i_sandbox_manager.h" +#include "isandbox_manager.h" #include "policy_info_vector_parcel.h" -#include "sandboxmanager_service_ipc_interface_code.h" #define private public #include "sandbox_manager_service.h" #undef private @@ -52,7 +51,7 @@ namespace OHOS { return false; } - uint32_t code = static_cast(SandboxManagerInterfaceCode::START_ACCESSING_URI); + uint32_t code = static_cast(ISandboxManagerIpcCode::COMMAND_START_ACCESSING_POLICY); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/sandbox_manager/stopaccessingpolicystub_fuzzer/stopaccessingpolicystub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/stopaccessingpolicystub_fuzzer/stopaccessingpolicystub_fuzzer.cpp index 6c7b253..6a28961 100644 --- a/test/fuzztest/services/sandbox_manager/stopaccessingpolicystub_fuzzer/stopaccessingpolicystub_fuzzer.cpp +++ b/test/fuzztest/services/sandbox_manager/stopaccessingpolicystub_fuzzer/stopaccessingpolicystub_fuzzer.cpp @@ -20,9 +20,8 @@ #include #include "alloc_token.h" #include "fuzz_common.h" -#include "i_sandbox_manager.h" +#include "isandbox_manager.h" #include "policy_info_vector_parcel.h" -#include "sandboxmanager_service_ipc_interface_code.h" #define private public #include "sandbox_manager_service.h" #undef private @@ -52,7 +51,7 @@ namespace OHOS { return false; } - uint32_t code = static_cast(SandboxManagerInterfaceCode::STOP_ACCESSING_URI); + uint32_t code = static_cast(ISandboxManagerIpcCode::COMMAND_STOP_ACCESSING_POLICY); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/sandbox_manager/unpersistpolicystub_fuzzer/unpersistpolicystub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/unpersistpolicystub_fuzzer/unpersistpolicystub_fuzzer.cpp index 31c8006..03a7247 100644 --- a/test/fuzztest/services/sandbox_manager/unpersistpolicystub_fuzzer/unpersistpolicystub_fuzzer.cpp +++ b/test/fuzztest/services/sandbox_manager/unpersistpolicystub_fuzzer/unpersistpolicystub_fuzzer.cpp @@ -20,9 +20,8 @@ #include #include "alloc_token.h" #include "fuzz_common.h" -#include "i_sandbox_manager.h" +#include "isandbox_manager.h" #include "policy_info_vector_parcel.h" -#include "sandboxmanager_service_ipc_interface_code.h" #define private public #include "sandbox_manager_service.h" #undef private @@ -52,7 +51,7 @@ namespace OHOS { return false; } - uint32_t code = static_cast(SandboxManagerInterfaceCode::UNPERSIST_PERMISSION); + uint32_t code = static_cast(ISandboxManagerIpcCode::COMMAND_UN_PERSIST_POLICY); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/sandbox_manager/unpersistpolicytokenstub_fuzzer/unpersistpolicytokenstub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/unpersistpolicytokenstub_fuzzer/unpersistpolicytokenstub_fuzzer.cpp index 71c41c9..9fcc43d 100644 --- a/test/fuzztest/services/sandbox_manager/unpersistpolicytokenstub_fuzzer/unpersistpolicytokenstub_fuzzer.cpp +++ b/test/fuzztest/services/sandbox_manager/unpersistpolicytokenstub_fuzzer/unpersistpolicytokenstub_fuzzer.cpp @@ -20,9 +20,8 @@ #include #include "alloc_token.h" #include "fuzz_common.h" -#include "i_sandbox_manager.h" +#include "isandbox_manager.h" #include "policy_info_vector_parcel.h" -#include "sandboxmanager_service_ipc_interface_code.h" #define private public #include "sandbox_manager_service.h" #undef private @@ -57,7 +56,7 @@ namespace OHOS { return false; } - uint32_t code = static_cast(SandboxManagerInterfaceCode::UNPERSIST_PERMISSION_BY_TOKENID); + uint32_t code = static_cast(ISandboxManagerIpcCode::COMMAND_UN_PERSIST_POLICY_BY_TOKEN_ID); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/sandbox_manager/unsetallpolicybytokenstub_fuzzer/unsetallpolicybytokenstub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/unsetallpolicybytokenstub_fuzzer/unsetallpolicybytokenstub_fuzzer.cpp index 1dfbacf..bbce107 100644 --- a/test/fuzztest/services/sandbox_manager/unsetallpolicybytokenstub_fuzzer/unsetallpolicybytokenstub_fuzzer.cpp +++ b/test/fuzztest/services/sandbox_manager/unsetallpolicybytokenstub_fuzzer/unsetallpolicybytokenstub_fuzzer.cpp @@ -20,9 +20,8 @@ #include #include "alloc_token.h" #include "fuzz_common.h" -#include "i_sandbox_manager.h" +#include "isandbox_manager.h" #include "policy_info_vector_parcel.h" -#include "sandboxmanager_service_ipc_interface_code.h" #define private public #include "sandbox_manager_service.h" #undef private @@ -46,7 +45,7 @@ namespace OHOS { return false; } - uint32_t code = static_cast(SandboxManagerInterfaceCode::UNSET_ALL_POLICY_BY_TOKEN); + uint32_t code = static_cast(ISandboxManagerIpcCode::COMMAND_UN_SET_ALL_POLICY_BY_TOKEN); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/sandbox_manager/unsetpolicyasyncstub_fuzzer/unsetpolicyasyncstub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/unsetpolicyasyncstub_fuzzer/unsetpolicyasyncstub_fuzzer.cpp index 3c717b3..9292704 100644 --- a/test/fuzztest/services/sandbox_manager/unsetpolicyasyncstub_fuzzer/unsetpolicyasyncstub_fuzzer.cpp +++ b/test/fuzztest/services/sandbox_manager/unsetpolicyasyncstub_fuzzer/unsetpolicyasyncstub_fuzzer.cpp @@ -20,9 +20,8 @@ #include #include "alloc_token.h" #include "fuzz_common.h" -#include "i_sandbox_manager.h" +#include "isandbox_manager.h" #include "policy_info_parcel.h" -#include "sandboxmanager_service_ipc_interface_code.h" #define private public #include "sandbox_manager_service.h" #undef private @@ -54,7 +53,7 @@ namespace OHOS { return false; } - uint32_t code = static_cast(SandboxManagerInterfaceCode::UNSET_POLICY_ASYNC); + uint32_t code = static_cast(ISandboxManagerIpcCode::COMMAND_UN_SET_POLICY_ASYNC); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/sandbox_manager/unsetpolicystub_fuzzer/unsetpolilcystub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/unsetpolicystub_fuzzer/unsetpolilcystub_fuzzer.cpp index 21cd613..0eb8b23 100644 --- a/test/fuzztest/services/sandbox_manager/unsetpolicystub_fuzzer/unsetpolilcystub_fuzzer.cpp +++ b/test/fuzztest/services/sandbox_manager/unsetpolicystub_fuzzer/unsetpolilcystub_fuzzer.cpp @@ -20,9 +20,8 @@ #include #include "alloc_token.h" #include "fuzz_common.h" -#include "i_sandbox_manager.h" +#include "isandbox_manager.h" #include "policy_info_parcel.h" -#include "sandboxmanager_service_ipc_interface_code.h" #define private public #include "sandbox_manager_service.h" #undef private @@ -54,7 +53,7 @@ namespace OHOS { return false; } - uint32_t code = static_cast(SandboxManagerInterfaceCode::UNSET_POLICY); + uint32_t code = static_cast(ISandboxManagerIpcCode::COMMAND_UN_SET_POLICY); MessageParcel reply; MessageOption option; -- Gitee