From e3bcbb9e7741114d2abc14ea196713cecc27c987 Mon Sep 17 00:00:00 2001 From: GengYinzong Date: Fri, 28 Feb 2025 01:40:53 -0800 Subject: [PATCH] fix Signed-off-by: GengYinzong --- .../src/sandbox_manager_kit.cpp | 23 ++++---- .../src/sandbox_manager_kit_coverage_test.cpp | 18 +++--- .../unittest/src/sandbox_manager_kit_test.cpp | 20 +++---- .../src/policy_info_vector_parcel.cpp | 9 --- .../unittest/sandbox_manager_parcel_test.cpp | 16 ++--- .../include/service/sandbox_manager_const.h | 1 - .../src/service/sandbox_manager_service.cpp | 20 +++---- .../cpp/src/service/sandbox_manager_stub.cpp | 4 -- .../unittest/sandbox_manager_service_test.cpp | 59 ++++++++++--------- 9 files changed, 79 insertions(+), 91 deletions(-) diff --git a/frameworks/inner_api/sandbox_manager/src/sandbox_manager_kit.cpp b/frameworks/inner_api/sandbox_manager/src/sandbox_manager_kit.cpp index d67392d..ed825a6 100644 --- a/frameworks/inner_api/sandbox_manager/src/sandbox_manager_kit.cpp +++ b/frameworks/inner_api/sandbox_manager/src/sandbox_manager_kit.cpp @@ -28,13 +28,12 @@ namespace { static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { LOG_CORE, ACCESSCONTROL_DOMAIN_SANDBOXMANAGER, "SandboxManagerKit"}; } -const uint64_t POLICY_VECTOR_SIZE_LIMIT = 500; const uint32_t POLICY_PATH_LIMIT = 4095; int32_t SandboxManagerKit::CleanPersistPolicyByPath(const std::vector& filePathList) { size_t filePathSize = filePathList.size(); - if ((filePathSize == 0) || (filePathSize > POLICY_VECTOR_SIZE_LIMIT)) { + if (filePathSize == 0) { SANDBOXMANAGER_LOG_ERROR(LABEL, "FilePathSize = %{public}zu", filePathSize); return SandboxManagerErrCode::INVALID_PARAMTER; } @@ -45,7 +44,7 @@ int32_t SandboxManagerKit::PersistPolicy(const std::vector &policy, { SANDBOXMANAGER_LOG_DEBUG(LABEL, "Called"); size_t policySize = policy.size(); - if (policySize == 0 || policySize > POLICY_VECTOR_SIZE_LIMIT) { + if (policySize == 0) { SANDBOXMANAGER_LOG_ERROR(LABEL, "PolicySize = %{public}u", static_cast(policySize)); return SandboxManagerErrCode::INVALID_PARAMTER; } @@ -57,7 +56,7 @@ int32_t SandboxManagerKit::UnPersistPolicy(const std::vector &policy { SANDBOXMANAGER_LOG_DEBUG(LABEL, "Called"); size_t policySize = policy.size(); - if (policySize == 0 || policySize > POLICY_VECTOR_SIZE_LIMIT) { + if (policySize == 0) { SANDBOXMANAGER_LOG_ERROR(LABEL, "PolicySize = %{public}u", static_cast(policySize)); return SandboxManagerErrCode::INVALID_PARAMTER; } @@ -70,7 +69,7 @@ int32_t SandboxManagerKit::PersistPolicy( { SANDBOXMANAGER_LOG_DEBUG(LABEL, "Called"); size_t policySize = policy.size(); - if ((policySize == 0) || (policySize > POLICY_VECTOR_SIZE_LIMIT) || (tokenId == 0)) { + if ((policySize == 0) || (tokenId == 0)) { SANDBOXMANAGER_LOG_ERROR(LABEL, "PolicySize = %{public}u, tokenId = %{public}d.", static_cast(policySize), tokenId); return SandboxManagerErrCode::INVALID_PARAMTER; @@ -84,7 +83,7 @@ int32_t SandboxManagerKit::UnPersistPolicy( { SANDBOXMANAGER_LOG_DEBUG(LABEL, "Called"); size_t policySize = policy.size(); - if ((policySize == 0) || (policySize > POLICY_VECTOR_SIZE_LIMIT) || (tokenId == 0)) { + if ((policySize == 0) || (tokenId == 0)) { SANDBOXMANAGER_LOG_ERROR(LABEL, "PolicySize = %{public}u, tokenId = %{public}d.", static_cast(policySize), tokenId); return SandboxManagerErrCode::INVALID_PARAMTER; @@ -103,7 +102,7 @@ int32_t SandboxManagerKit::SetPolicy(uint32_t tokenId, const std::vector &result, uint64_t timestamp) { size_t policySize = policy.size(); - if (policySize == 0 || policySize > POLICY_VECTOR_SIZE_LIMIT) { + if (policySize == 0) { SANDBOXMANAGER_LOG_ERROR(LABEL, "Check policy size failed, size = %{public}zu.", policySize); return INVALID_PARAMTER; } @@ -141,7 +140,7 @@ int32_t SandboxManagerKit::SetPolicyAsync(uint32_t tokenId, const std::vector POLICY_VECTOR_SIZE_LIMIT) { + if (policySize == 0) { SANDBOXMANAGER_LOG_ERROR(LABEL, "Check policy size failed, size = %{public}zu.", policySize); return INVALID_PARAMTER; } @@ -169,7 +168,7 @@ int32_t SandboxManagerKit::CheckPolicy(uint32_t tokenId, const std::vector &result) { size_t policySize = policy.size(); - if (policySize == 0 || policySize > POLICY_VECTOR_SIZE_LIMIT) { + if (policySize == 0) { SANDBOXMANAGER_LOG_ERROR(LABEL, "Check policy size failed, size = %{public}zu.", policySize); return INVALID_PARAMTER; } @@ -193,7 +192,7 @@ int32_t SandboxManagerKit::StartAccessingPolicy(const std::vector &p { SANDBOXMANAGER_LOG_DEBUG(LABEL, "Called"); size_t policySize = policy.size(); - if (policySize == 0 || policySize > POLICY_VECTOR_SIZE_LIMIT) { + if (policySize == 0) { SANDBOXMANAGER_LOG_ERROR(LABEL, "PolicySize = %{public}u", static_cast(policySize)); return SandboxManagerErrCode::INVALID_PARAMTER; } @@ -205,7 +204,7 @@ int32_t SandboxManagerKit::StopAccessingPolicy(const std::vector &po { SANDBOXMANAGER_LOG_DEBUG(LABEL, "Called"); size_t policySize = policy.size(); - if (policySize == 0 || policySize > POLICY_VECTOR_SIZE_LIMIT) { + if (policySize == 0) { SANDBOXMANAGER_LOG_ERROR(LABEL, "PolicySize = %{public}u", static_cast(policySize)); return SandboxManagerErrCode::INVALID_PARAMTER; } @@ -219,7 +218,7 @@ int32_t SandboxManagerKit::CheckPersistPolicy( SANDBOXMANAGER_LOG_INFO(LABEL, "Check persist policy target:%{public}u policySize:%{public}zu", tokenId, policy.size()); size_t policySize = policy.size(); - if (policySize == 0 || policySize > POLICY_VECTOR_SIZE_LIMIT || tokenId == 0) { + if (policySize == 0 || tokenId == 0) { SANDBOXMANAGER_LOG_ERROR(LABEL, "PolicySize = %{public}u", static_cast(policySize)); return SandboxManagerErrCode::INVALID_PARAMTER; } diff --git a/frameworks/inner_api/sandbox_manager/test/unittest/src/sandbox_manager_kit_coverage_test.cpp b/frameworks/inner_api/sandbox_manager/test/unittest/src/sandbox_manager_kit_coverage_test.cpp index 7d6c785..8dac361 100644 --- a/frameworks/inner_api/sandbox_manager/test/unittest/src/sandbox_manager_kit_coverage_test.cpp +++ b/frameworks/inner_api/sandbox_manager/test/unittest/src/sandbox_manager_kit_coverage_test.cpp @@ -36,7 +36,7 @@ namespace OHOS { namespace AccessControl { namespace SandboxManager { namespace { -static const uint32_t INVALID_POLICY_SIZE = 501; +static const uint32_t LARGE_POLICY_SIZE = 550; static const uint32_t VALID_POLICY_SIZE = 10; const std::string SET_POLICY_PERMISSION = "ohos.permission.SET_SANDBOX_POLICY"; const std::string ACCESS_PERSIST_PERMISSION = "ohos.permission.FILE_ACCESS_PERSIST"; @@ -65,13 +65,13 @@ void SandboxManagerKitCoverageTest::TearDown() HWTEST_F(SandboxManagerKitCoverageTest, PersistPolicy001, TestSize.Level1) { std::vector policy; - for (uint32_t i = 0; i < INVALID_POLICY_SIZE; i++) { + for (uint32_t i = 0; i < LARGE_POLICY_SIZE; i++) { PolicyInfo info; policy.emplace_back(info); } std::vector result; - EXPECT_EQ(INVALID_PARAMTER, SandboxManagerKit::PersistPolicy(policy, result)); + EXPECT_EQ(PERMISSION_DENIED, SandboxManagerKit::PersistPolicy(policy, result)); std::vector filePaths; EXPECT_EQ(INVALID_PARAMTER, SandboxManagerKit::CleanPersistPolicyByPath(filePaths)); @@ -108,13 +108,13 @@ HWTEST_F(SandboxManagerKitCoverageTest, PersistPolicy002, TestSize.Level1) HWTEST_F(SandboxManagerKitCoverageTest, UnPersistPolicy001, TestSize.Level1) { std::vector policy; - for (uint32_t i = 0; i < INVALID_POLICY_SIZE; i++) { + for (uint32_t i = 0; i < LARGE_POLICY_SIZE; i++) { PolicyInfo info; policy.emplace_back(info); } std::vector result; - EXPECT_EQ(INVALID_PARAMTER, SandboxManagerKit::UnPersistPolicy(policy, result)); + EXPECT_EQ(PERMISSION_DENIED, SandboxManagerKit::UnPersistPolicy(policy, result)); std::vector policyEmpty; EXPECT_EQ(INVALID_PARAMTER, SandboxManagerKit::UnPersistPolicy(policyEmpty, result)); @@ -187,13 +187,13 @@ HWTEST_F(SandboxManagerKitCoverageTest, SetPolicy002, TestSize.Level1) HWTEST_F(SandboxManagerKitCoverageTest, StartAccessingPolicy001, TestSize.Level1) { std::vector policy; - for (uint32_t i = 0; i < INVALID_POLICY_SIZE; i++) { + for (uint32_t i = 0; i < LARGE_POLICY_SIZE; i++) { PolicyInfo info; policy.emplace_back(info); } std::vector result; - EXPECT_EQ(INVALID_PARAMTER, SandboxManagerKit::StartAccessingPolicy(policy, result)); + EXPECT_EQ(PERMISSION_DENIED, SandboxManagerKit::StartAccessingPolicy(policy, result)); std::vector policyEmpty; EXPECT_EQ(INVALID_PARAMTER, SandboxManagerKit::StartAccessingPolicy(policyEmpty, result)); @@ -228,12 +228,12 @@ HWTEST_F(SandboxManagerKitCoverageTest, StartAccessingPolicy002, TestSize.Level1 HWTEST_F(SandboxManagerKitCoverageTest, StopAccessingPolicy001, TestSize.Level1) { std::vector policy; - for (uint32_t i = 0; i < INVALID_POLICY_SIZE; i++) { + for (uint32_t i = 0; i < LARGE_POLICY_SIZE; i++) { PolicyInfo info; policy.emplace_back(info); } std::vector result; - EXPECT_EQ(INVALID_PARAMTER, SandboxManagerKit::StopAccessingPolicy(policy, result)); + EXPECT_EQ(PERMISSION_DENIED, SandboxManagerKit::StopAccessingPolicy(policy, result)); std::vector policyEmpty; EXPECT_EQ(INVALID_PARAMTER, SandboxManagerKit::StopAccessingPolicy(policyEmpty, result)); diff --git a/frameworks/inner_api/sandbox_manager/test/unittest/src/sandbox_manager_kit_test.cpp b/frameworks/inner_api/sandbox_manager/test/unittest/src/sandbox_manager_kit_test.cpp index e3166ac..a278503 100644 --- a/frameworks/inner_api/sandbox_manager/test/unittest/src/sandbox_manager_kit_test.cpp +++ b/frameworks/inner_api/sandbox_manager/test/unittest/src/sandbox_manager_kit_test.cpp @@ -48,7 +48,7 @@ namespace { const std::string SET_POLICY_PERMISSION = "ohos.permission.SET_SANDBOX_POLICY"; const std::string ACCESS_PERSIST_PERMISSION = "ohos.permission.FILE_ACCESS_PERSIST"; const Security::AccessToken::AccessTokenID INVALID_TOKENID = 0; -const uint64_t POLICY_VECTOR_SIZE_LIMIT = 500; +const uint64_t POLICY_VECTOR_SIZE = 5000; #ifdef DEC_ENABLED const int32_t FOUNDATION_UID = 5523; #endif @@ -734,7 +734,7 @@ HWTEST_F(SandboxManagerKitTest, PersistPolicy014, TestSize.Level1) SandboxManagerKit::SetPolicy(tokenId, policy, policyFlag, result)); EXPECT_NE(SandboxManagerErrCode::INVALID_PARAMTER, SandboxManagerKit::CheckPersistPolicy(tokenId, policy, flag)); - for (int i = 0; i < POLICY_VECTOR_SIZE_LIMIT; i++) { + for (int i = 0; i < POLICY_VECTOR_SIZE; i++) { policy.emplace_back(infoParent); } tokenId = 0; @@ -744,11 +744,11 @@ HWTEST_F(SandboxManagerKitTest, PersistPolicy014, TestSize.Level1) SandboxManagerKit::SetPolicy(tokenId, policy, policyFlag, result)); EXPECT_EQ(SandboxManagerErrCode::INVALID_PARAMTER, SandboxManagerKit::CheckPersistPolicy(tokenId, policy, flag)); tokenId = 1; - EXPECT_EQ(SandboxManagerErrCode::INVALID_PARAMTER, SandboxManagerKit::PersistPolicy(tokenId, policy, result)); - EXPECT_EQ(SandboxManagerErrCode::INVALID_PARAMTER, SandboxManagerKit::UnPersistPolicy(tokenId, policy, result)); - EXPECT_EQ(SandboxManagerErrCode::INVALID_PARAMTER, + EXPECT_EQ(SandboxManagerErrCode::SANDBOX_MANAGER_OK, SandboxManagerKit::PersistPolicy(tokenId, policy, result)); + EXPECT_EQ(SandboxManagerErrCode::SANDBOX_MANAGER_OK, SandboxManagerKit::UnPersistPolicy(tokenId, policy, result)); + EXPECT_EQ(SandboxManagerErrCode::SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicy(tokenId, policy, policyFlag, result)); - EXPECT_EQ(SandboxManagerErrCode::INVALID_PARAMTER, SandboxManagerKit::CheckPersistPolicy(tokenId, policy, flag)); + EXPECT_EQ(SandboxManagerErrCode::SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPersistPolicy(tokenId, policy, flag)); } /** @@ -1170,12 +1170,12 @@ HWTEST_F(SandboxManagerKitTest, CheckPolicyTest008, TestSize.Level1) .mode = OperateMode::READ_MODE }; policyA.emplace_back(infoParent); - for (int i = 0; i < POLICY_VECTOR_SIZE_LIMIT; i++) { + for (int i = 0; i < POLICY_VECTOR_SIZE; i++) { policyA.emplace_back(infoParent); } - EXPECT_EQ(SandboxManagerErrCode::INVALID_PARAMTER, + EXPECT_EQ(SandboxManagerErrCode::SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policyA, result)); - EXPECT_EQ(0, result.size()); + EXPECT_EQ(POLICY_VECTOR_SIZE + 1, result.size()); PolicyInfo infoParent1 = { .path = "/A/B", @@ -1705,7 +1705,7 @@ HWTEST_F(SandboxManagerKitTest, CleanPersistPolicyByPathTest004, TestSize.Level1 { std::string filePath = "/A/B"; std::vector filePaths; - for (int i = 0; i < POLICY_VECTOR_SIZE_LIMIT; i++) { + for (int i = 0; i < POLICY_VECTOR_SIZE; i++) { filePaths.emplace_back(filePath); } EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CleanPersistPolicyByPath(filePaths)); diff --git a/frameworks/sandbox_manager/src/policy_info_vector_parcel.cpp b/frameworks/sandbox_manager/src/policy_info_vector_parcel.cpp index 3859c7c..59b769b 100644 --- a/frameworks/sandbox_manager/src/policy_info_vector_parcel.cpp +++ b/frameworks/sandbox_manager/src/policy_info_vector_parcel.cpp @@ -24,11 +24,7 @@ namespace SandboxManager { bool PolicyInfoVectorParcel::Marshalling(Parcel &out) const { const std::vector policy = this->policyVector; - const uint32_t POLICY_VECTOR_SIZE_LIMIT = 500; uint32_t vecSize = policy.size(); - if (vecSize > POLICY_VECTOR_SIZE_LIMIT) { - return false; - } RETURN_IF_FALSE(out.WriteUint32(vecSize)); for (uint32_t i = 0; i < vecSize; i++) { @@ -52,12 +48,7 @@ PolicyInfoVectorParcel* PolicyInfoVectorParcel::Unmarshalling(Parcel &in) return nullptr; } uint32_t vecSize; - const uint32_t POLICY_VECTOR_SIZE_LIMIT = 500; RELEASE_IF_FALSE(in.ReadUint32(vecSize), policyInfoVectorParcel); - if (vecSize > POLICY_VECTOR_SIZE_LIMIT) { - delete policyInfoVectorParcel; - return nullptr; - } for (uint32_t i = 0; i < vecSize; i++) { sptr policyInfoParcel = in.ReadParcelable(); if (policyInfoParcel == nullptr) { diff --git a/frameworks/test/unittest/sandbox_manager_parcel_test.cpp b/frameworks/test/unittest/sandbox_manager_parcel_test.cpp index 19eb8c3..2cc9861 100644 --- a/frameworks/test/unittest/sandbox_manager_parcel_test.cpp +++ b/frameworks/test/unittest/sandbox_manager_parcel_test.cpp @@ -124,28 +124,30 @@ HWTEST_F(SandboxManagerParcelTest, PolicyInfoParcel003, TestSize.Level1) { PolicyInfoVectorParcel policyInfoVectorParcel; std::vector policyVector; - for (int i = 0; i < 501; i++) { + for (int i = 0; i < 550; i++) { policyVector.emplace_back(g_info1); } policyInfoVectorParcel.policyVector = policyVector; Parcel parcel; - EXPECT_EQ(false, policyInfoVectorParcel.Marshalling(parcel)); + EXPECT_EQ(true, policyInfoVectorParcel.Marshalling(parcel)); - parcel.WriteUint32(501); - std::shared_ptr readedData(PolicyInfoParcel::Unmarshalling(parcel)); - EXPECT_EQ(nullptr, readedData); + std::shared_ptr readedData(PolicyInfoVectorParcel::Unmarshalling(parcel)); + ASSERT_NE(nullptr, readedData); + for (int i = 0; i < 550; i++) { + EXPECT_EQ(g_info1.path, readedData->policyVector[i].path); + } } /** * @tc.name: PolicyInfoParcel004 - * @tc.desc: Test PolicyInfoVector Marshalling/Unmarshalling, larger than max size + * @tc.desc: Test PolicyInfoVector Marshalling/Unmarshalling, no actual policyinfo messages * @tc.type: FUNC * @tc.require: */ HWTEST_F(SandboxManagerParcelTest, PolicyInfoParcel004, TestSize.Level1) { Parcel parcel; - uint32_t maxSize = 500; // 500 is max + uint32_t maxSize = 5000; EXPECT_EQ(true, parcel.WriteUint32(maxSize + 1)); std::shared_ptr readedData(PolicyInfoVectorParcel::Unmarshalling(parcel)); diff --git a/services/sandbox_manager/main/cpp/include/service/sandbox_manager_const.h b/services/sandbox_manager/main/cpp/include/service/sandbox_manager_const.h index 6a3e0a9..6728be2 100644 --- a/services/sandbox_manager/main/cpp/include/service/sandbox_manager_const.h +++ b/services/sandbox_manager/main/cpp/include/service/sandbox_manager_const.h @@ -30,7 +30,6 @@ const uint64_t MODE_FILTER = 0b11; const std::string SET_POLICY_PERMISSION_NAME = "ohos.permission.SET_SANDBOX_POLICY"; const std::string ACCESS_PERSIST_PERMISSION_NAME = "ohos.permission.FILE_ACCESS_PERSIST"; -const uint32_t POLICY_VECTOR_SIZE_LIMIT = 500; const int32_t FOUNDATION_UID = 5523; } // namespace SandboxManager } // namespace AccessControl diff --git a/services/sandbox_manager/main/cpp/src/service/sandbox_manager_service.cpp b/services/sandbox_manager/main/cpp/src/service/sandbox_manager_service.cpp index 569801e..04c7f03 100644 --- a/services/sandbox_manager/main/cpp/src/service/sandbox_manager_service.cpp +++ b/services/sandbox_manager/main/cpp/src/service/sandbox_manager_service.cpp @@ -137,7 +137,7 @@ void SandboxManagerService::OnStart(const SystemAbilityOnDemandReason& startReas int32_t SandboxManagerService::CleanPersistPolicyByPath(const std::vector& filePathList) { size_t filePathSize = filePathList.size(); - if (filePathSize == 0 || filePathSize > POLICY_VECTOR_SIZE_LIMIT) { + if (filePathSize == 0) { SANDBOXMANAGER_LOG_ERROR(LABEL, "FilePath vector size error, size = %{public}zu.", filePathSize); return INVALID_PARAMTER; } @@ -148,7 +148,7 @@ int32_t SandboxManagerService::PersistPolicy(const std::vector &poli { uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); size_t policySize = policy.size(); - if (policySize == 0 || policySize > POLICY_VECTOR_SIZE_LIMIT) { + if (policySize == 0) { SANDBOXMANAGER_LOG_ERROR(LABEL, "Policy vector size error, size = %{public}zu.", policy.size()); return INVALID_PARAMTER; } @@ -165,7 +165,7 @@ int32_t SandboxManagerService::UnPersistPolicy( { uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); size_t policySize = policy.size(); - if (policySize == 0 || policySize > POLICY_VECTOR_SIZE_LIMIT) { + if (policySize == 0) { SANDBOXMANAGER_LOG_ERROR(LABEL, "Policy vector size error, size = %{public}zu.", policy.size()); return INVALID_PARAMTER; } @@ -177,7 +177,7 @@ int32_t SandboxManagerService::PersistPolicyByTokenId( uint32_t tokenId, const std::vector &policy, std::vector &result) { size_t policySize = policy.size(); - if ((policySize == 0) || (policySize > POLICY_VECTOR_SIZE_LIMIT) || (tokenId == 0)) { + if ((policySize == 0) || (tokenId == 0)) { SANDBOXMANAGER_LOG_ERROR( LABEL, "Policy vector size error or invalid tokenid, size = %{public}zu, tokenid = %{public}d.", policy.size(), tokenId); @@ -195,7 +195,7 @@ int32_t SandboxManagerService::UnPersistPolicyByTokenId( uint32_t tokenId, const std::vector &policy, std::vector &result) { size_t policySize = policy.size(); - if ((policySize == 0) || (policySize > POLICY_VECTOR_SIZE_LIMIT) || (tokenId == 0)) { + if ((policySize == 0) || (tokenId == 0)) { SANDBOXMANAGER_LOG_ERROR( LABEL, "Policy vector size error or invalid tokenid, size = %{public}zu, tokenid = %{public}d.", policy.size(), tokenId); @@ -209,7 +209,7 @@ int32_t SandboxManagerService::SetPolicy(uint32_t tokenId, const std::vector &result, uint64_t timestamp) { size_t policySize = policy.size(); - if (policySize == 0 || policySize > POLICY_VECTOR_SIZE_LIMIT) { + if (policySize == 0) { SANDBOXMANAGER_LOG_ERROR(LABEL, "Check policy size failed, size = %{public}zu.", policySize); return INVALID_PARAMTER; } @@ -256,7 +256,7 @@ int32_t SandboxManagerService::CheckPolicy(uint32_t tokenId, const std::vector

&result) { size_t policySize = policy.size(); - if (policySize == 0 || policySize > POLICY_VECTOR_SIZE_LIMIT) { + if (policySize == 0) { SANDBOXMANAGER_LOG_ERROR(LABEL, "Check policy size failed, size = %{public}zu.", policySize); return INVALID_PARAMTER; } @@ -278,7 +278,7 @@ int32_t SandboxManagerService::StartAccessingPolicy(const std::vector POLICY_VECTOR_SIZE_LIMIT) { + if (policySize == 0) { SANDBOXMANAGER_LOG_ERROR(LABEL, "Policy vector size error, size = %{public}zu", policy.size()); return INVALID_PARAMTER; } @@ -291,7 +291,7 @@ int32_t SandboxManagerService::StopAccessingPolicy( { uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); size_t policySize = policy.size(); - if (policySize == 0 || policySize > POLICY_VECTOR_SIZE_LIMIT) { + if (policySize == 0) { SANDBOXMANAGER_LOG_ERROR(LABEL, "Policy vector size error, size = %{public}zu", policy.size()); return INVALID_PARAMTER; } @@ -303,7 +303,7 @@ int32_t SandboxManagerService::CheckPersistPolicy( uint32_t tokenId, const std::vector &policy, std::vector &result) { size_t policySize = policy.size(); - if (policySize == 0 || policySize > POLICY_VECTOR_SIZE_LIMIT || tokenId == 0) { + if (policySize == 0 || tokenId == 0) { SANDBOXMANAGER_LOG_ERROR(LABEL, "Policy vector size error, size = %{public}zu, tokenid = %{public}d.", policy.size(), tokenId); return INVALID_PARAMTER; diff --git a/services/sandbox_manager/main/cpp/src/service/sandbox_manager_stub.cpp b/services/sandbox_manager/main/cpp/src/service/sandbox_manager_stub.cpp index 421f48b..758817a 100644 --- a/services/sandbox_manager/main/cpp/src/service/sandbox_manager_stub.cpp +++ b/services/sandbox_manager/main/cpp/src/service/sandbox_manager_stub.cpp @@ -49,10 +49,6 @@ static int UnMarshalPolicy(std::stringstream &ss, std::vector &polic { uint32_t policyNum = 0; ss.read(reinterpret_cast(&policyNum), sizeof(policyNum)); - if (policyNum > POLICY_VECTOR_SIZE_LIMIT) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "policy num:%{public}u is invalid", policyNum); - return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; - } for (uint32_t i = 0; i < policyNum; i++) { uint32_t pathLen = 0; diff --git a/services/sandbox_manager/test/unittest/sandbox_manager_service_test.cpp b/services/sandbox_manager/test/unittest/sandbox_manager_service_test.cpp index 7b6204c..04c6688 100644 --- a/services/sandbox_manager/test/unittest/sandbox_manager_service_test.cpp +++ b/services/sandbox_manager/test/unittest/sandbox_manager_service_test.cpp @@ -46,6 +46,7 @@ namespace SandboxManager { namespace { const std::string SET_POLICY_PERMISSION = "ohos.permission.SET_SANDBOX_POLICY"; const std::string ACCESS_PERSIST_PERMISSION = "ohos.permission.FILE_ACCESS_PERSIST"; +const uint64_t POLICY_VECTOR_SIZE = 5000; Security::AccessToken::PermissionStateFull g_testState1 = { .permissionName = SET_POLICY_PERMISSION, .isGeneral = true, @@ -144,10 +145,10 @@ HWTEST_F(SandboxManagerServiceTest, SandboxManagerServiceTest001, TestSize.Level uint64_t sizeLimit = 0; EXPECT_EQ(sizeLimit, result0.size()); - policy.resize(POLICY_VECTOR_SIZE_LIMIT + 1); + policy.resize(POLICY_VECTOR_SIZE + 1); std::vector result1; - EXPECT_EQ(INVALID_PARAMTER, sandboxManagerService_->PersistPolicy(policy, result1)); - sizeLimit = 0; + EXPECT_EQ(SANDBOX_MANAGER_OK, sandboxManagerService_->PersistPolicy(policy, result1)); + sizeLimit = POLICY_VECTOR_SIZE + 1; EXPECT_EQ(sizeLimit, result1.size()); } @@ -166,11 +167,11 @@ HWTEST_F(SandboxManagerServiceTest, SandboxManagerServiceTest002, TestSize.Level uint64_t sizeLimit = 0; EXPECT_EQ(sizeLimit, result0.size()); - policy.resize(POLICY_VECTOR_SIZE_LIMIT + 1); + policy.resize(POLICY_VECTOR_SIZE + 1); std::vector result; - EXPECT_EQ(INVALID_PARAMTER, sandboxManagerService_->SetPolicy(selfTokenId_, policy, policyFlag, result)); - sizeLimit = 0; + EXPECT_EQ(SANDBOX_MANAGER_OK, sandboxManagerService_->SetPolicy(selfTokenId_, policy, policyFlag, result)); + sizeLimit = POLICY_VECTOR_SIZE + 1; EXPECT_EQ(sizeLimit, result.size()); policy.resize(1); @@ -194,10 +195,10 @@ HWTEST_F(SandboxManagerServiceTest, SandboxManagerServiceTest003, TestSize.Level uint64_t sizeLimit = 0; EXPECT_EQ(sizeLimit, result0.size()); - policy.resize(POLICY_VECTOR_SIZE_LIMIT + 1); + policy.resize(POLICY_VECTOR_SIZE + 1); std::vector result1; - EXPECT_EQ(INVALID_PARAMTER, sandboxManagerService_->StartAccessingPolicy(policy, result1)); - sizeLimit = 0; + EXPECT_EQ(SANDBOX_MANAGER_OK, sandboxManagerService_->StartAccessingPolicy(policy, result1)); + sizeLimit = POLICY_VECTOR_SIZE + 1; EXPECT_EQ(sizeLimit, result1.size()); } @@ -216,10 +217,10 @@ HWTEST_F(SandboxManagerServiceTest, SandboxManagerServiceTest004, TestSize.Level uint64_t sizeLimit = 0; EXPECT_EQ(sizeLimit, result0.size()); - policy.resize(POLICY_VECTOR_SIZE_LIMIT + 1); + policy.resize(POLICY_VECTOR_SIZE + 1); std::vector result1; - EXPECT_EQ(INVALID_PARAMTER, sandboxManagerService_->StopAccessingPolicy(policy, result1)); - sizeLimit = 0; + EXPECT_EQ(SANDBOX_MANAGER_OK, sandboxManagerService_->StopAccessingPolicy(policy, result1)); + sizeLimit = POLICY_VECTOR_SIZE + 1; EXPECT_EQ(sizeLimit, result1.size()); } @@ -237,10 +238,10 @@ HWTEST_F(SandboxManagerServiceTest, SandboxManagerServiceTest005, TestSize.Level uint64_t sizeLimit = 0; EXPECT_EQ(sizeLimit, result0.size()); - policy.resize(POLICY_VECTOR_SIZE_LIMIT + 1); + policy.resize(POLICY_VECTOR_SIZE + 1); std::vector result1; - EXPECT_EQ(INVALID_PARAMTER, sandboxManagerService_->CheckPersistPolicy(selfTokenId_, policy, result1)); - sizeLimit = 0; + EXPECT_EQ(SANDBOX_MANAGER_OK, sandboxManagerService_->CheckPersistPolicy(selfTokenId_, policy, result1)); + sizeLimit = POLICY_VECTOR_SIZE + 1; EXPECT_EQ(sizeLimit, result1.size()); policy.resize(0); @@ -262,10 +263,10 @@ HWTEST_F(SandboxManagerServiceTest, SandboxManagerServiceTest006, TestSize.Level uint64_t sizeLimit = 0; EXPECT_EQ(sizeLimit, result0.size()); - policy.resize(POLICY_VECTOR_SIZE_LIMIT + 1); + policy.resize(POLICY_VECTOR_SIZE + 1); std::vector result1; - EXPECT_EQ(INVALID_PARAMTER, sandboxManagerService_->UnPersistPolicy(policy, result1)); - sizeLimit = 0; + EXPECT_EQ(SANDBOX_MANAGER_OK, sandboxManagerService_->UnPersistPolicy(policy, result1)); + sizeLimit = POLICY_VECTOR_SIZE + 1; EXPECT_EQ(sizeLimit, result1.size()); } @@ -301,9 +302,9 @@ HWTEST_F(SandboxManagerServiceTest, SandboxManagerServiceTest008, TestSize.Level EXPECT_EQ(INVALID_PARAMTER, sandboxManagerService_->PersistPolicyByTokenId(tokenId, policy, result)); EXPECT_EQ(INVALID_PARAMTER, sandboxManagerService_->UnPersistPolicyByTokenId(tokenId, policy, result)); - policy.resize(POLICY_VECTOR_SIZE_LIMIT + 1); - EXPECT_EQ(INVALID_PARAMTER, sandboxManagerService_->PersistPolicyByTokenId(tokenId, policy, result)); - EXPECT_EQ(INVALID_PARAMTER, sandboxManagerService_->UnPersistPolicyByTokenId(tokenId, policy, result)); + policy.resize(POLICY_VECTOR_SIZE + 1); + EXPECT_EQ(SANDBOX_MANAGER_OK, sandboxManagerService_->PersistPolicyByTokenId(tokenId, policy, result)); + EXPECT_EQ(SANDBOX_MANAGER_OK, sandboxManagerService_->UnPersistPolicyByTokenId(tokenId, policy, result)); tokenId = 0; EXPECT_EQ(INVALID_PARAMTER, sandboxManagerService_->PersistPolicyByTokenId(tokenId, policy, result)); EXPECT_EQ(INVALID_PARAMTER, sandboxManagerService_->UnPersistPolicyByTokenId(tokenId, policy, result)); @@ -519,7 +520,7 @@ HWTEST_F(SandboxManagerServiceTest, SandboxManagerStub004, TestSize.Level1) { SetSelfTokenID(sysGrantToken_); MessageParcel data, reply; - data.WriteUint32(POLICY_VECTOR_SIZE_LIMIT + 1); + data.WriteUint32(POLICY_VECTOR_SIZE + 1); EXPECT_EQ(SANDBOX_MANAGER_SERVICE_PARCEL_ERR, sandboxManagerService_->PersistPolicyInner(data, reply)); std::vector policy; @@ -547,7 +548,7 @@ HWTEST_F(SandboxManagerServiceTest, SandboxManagerStub005, TestSize.Level1) MessageParcel data, reply; EXPECT_EQ(SANDBOX_MANAGER_SERVICE_PARCEL_ERR, sandboxManagerService_->UnPersistPolicyInner(data, reply)); - data.WriteUint32(POLICY_VECTOR_SIZE_LIMIT + 1); + data.WriteUint32(POLICY_VECTOR_SIZE + 1); EXPECT_EQ(SANDBOX_MANAGER_SERVICE_PARCEL_ERR, sandboxManagerService_->UnPersistPolicyInner(data, reply)); std::vector policy; @@ -576,7 +577,7 @@ HWTEST_F(SandboxManagerServiceTest, SandboxManagerStub006, TestSize.Level1) EXPECT_EQ(SANDBOX_MANAGER_SERVICE_PARCEL_ERR, sandboxManagerService_->PersistPolicyByTokenIdInner(data, reply)); data.WriteUint32(0); - data.WriteUint32(POLICY_VECTOR_SIZE_LIMIT + 1); + data.WriteUint32(POLICY_VECTOR_SIZE + 1); EXPECT_EQ(SANDBOX_MANAGER_SERVICE_PARCEL_ERR, sandboxManagerService_->PersistPolicyByTokenIdInner(data, reply)); data.WriteUint32(0); @@ -618,7 +619,7 @@ HWTEST_F(SandboxManagerServiceTest, SandboxManagerStub007, TestSize.Level1) EXPECT_EQ(SANDBOX_MANAGER_SERVICE_PARCEL_ERR, sandboxManagerService_->UnPersistPolicyByTokenIdInner(data, reply)); data.WriteUint32(0); - data.WriteUint32(POLICY_VECTOR_SIZE_LIMIT + 1); + data.WriteUint32(POLICY_VECTOR_SIZE + 1); EXPECT_EQ(SANDBOX_MANAGER_SERVICE_PARCEL_ERR, sandboxManagerService_->UnPersistPolicyByTokenIdInner(data, reply)); data.WriteUint32(0); @@ -660,7 +661,7 @@ HWTEST_F(SandboxManagerServiceTest, SandboxManagerStub008, TestSize.Level1) EXPECT_EQ(SANDBOX_MANAGER_SERVICE_PARCEL_ERR, sandboxManagerService_->SetPolicyInner(data, reply)); data.WriteUint32(sysGrantToken_); - data.WriteUint32(POLICY_VECTOR_SIZE_LIMIT + 1); + data.WriteUint32(POLICY_VECTOR_SIZE + 1); EXPECT_EQ(SANDBOX_MANAGER_SERVICE_PARCEL_ERR, sandboxManagerService_->SetPolicyInner(data, reply)); data.WriteUint32(sysGrantToken_); @@ -689,7 +690,7 @@ HWTEST_F(SandboxManagerServiceTest, SandboxManagerStub009, TestSize.Level1) { SetSelfTokenID(sysGrantToken_); MessageParcel data, reply; - data.WriteUint32(POLICY_VECTOR_SIZE_LIMIT + 1); + data.WriteUint32(POLICY_VECTOR_SIZE + 1); EXPECT_EQ(SANDBOX_MANAGER_SERVICE_PARCEL_ERR, sandboxManagerService_->StartAccessingPolicyInner(data, reply)); std::vector policy; @@ -718,7 +719,7 @@ HWTEST_F(SandboxManagerServiceTest, SandboxManagerStub010, TestSize.Level1) { SetSelfTokenID(sysGrantToken_); MessageParcel data, reply; - data.WriteUint32(POLICY_VECTOR_SIZE_LIMIT + 1); + data.WriteUint32(POLICY_VECTOR_SIZE + 1); EXPECT_EQ(SANDBOX_MANAGER_SERVICE_PARCEL_ERR, sandboxManagerService_->StopAccessingPolicyInner(data, reply)); std::vector policy; @@ -747,7 +748,7 @@ HWTEST_F(SandboxManagerServiceTest, SandboxManagerStub011, TestSize.Level1) MessageParcel reply2; data.WriteUint32(0); - data.WriteUint32(POLICY_VECTOR_SIZE_LIMIT + 1); + data.WriteUint32(POLICY_VECTOR_SIZE + 1); EXPECT_EQ(SANDBOX_MANAGER_SERVICE_PARCEL_ERR, sandboxManagerService_->UnPersistPolicyByTokenIdInner(data, reply2)); MessageParcel reply3; -- Gitee