diff --git a/interfaces/inner_api/appexecfwk_base/include/install_param.h b/interfaces/inner_api/appexecfwk_base/include/install_param.h index d0f4f06a93ab98dee0d71428c3296b38654ce40f..dc48ee87b2a90a725330290ab9179a16f5db2242 100644 --- a/interfaces/inner_api/appexecfwk_base/include/install_param.h +++ b/interfaces/inner_api/appexecfwk_base/include/install_param.h @@ -71,18 +71,6 @@ struct InstallParam : public Parcelable { int32_t userId = Constants::UNSPECIFIED_USERID; InstallFlag installFlag = InstallFlag::NORMAL; InstallLocation installLocation = InstallLocation::INTERNAL_ONLY; - // status of install bundle permission - PermissionStatus installBundlePermissionStatus = PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS; - // status of install enterprise bundle permission - PermissionStatus installEnterpriseBundlePermissionStatus = PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS; - // status of install enterprise normal bundle permission - PermissionStatus installEtpNormalBundlePermissionStatus = PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS; - // status of install enterprise mdm bundle permission - PermissionStatus installEtpMdmBundlePermissionStatus = PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS; - // status of install internaltesting bundle permission - PermissionStatus installInternaltestingBundlePermissionStatus = PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS; - // status of mdm update bundle for self - PermissionStatus installUpdateSelfBundlePermissionStatus = PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS; ApplicationInfoFlag preinstallSourceFlag = ApplicationInfoFlag::FLAG_INSTALLED; int64_t crowdtestDeadline = Constants::INVALID_CROWDTEST_DEADLINE; // for crowdtesting type hap // Indicates the distribution type diff --git a/services/bundlemgr/include/base_bundle_installer.h b/services/bundlemgr/include/base_bundle_installer.h index 3e3a1395f1c33d275a79f844efc58fc9f120adc2..fde1fa72fb7f671d22778228b5e41fdfc373e5a0 100644 --- a/services/bundlemgr/include/base_bundle_installer.h +++ b/services/bundlemgr/include/base_bundle_installer.h @@ -408,7 +408,8 @@ private: std::unordered_map &infos, bool isSysCapValid); ErrCode CheckInstallPermission(const InstallParam &installParam, - std::vector &hapVerifyRes); + std::vector &hapVerifyRes, + const Security::AccessToken::AccessTokenID &callerToken); /** * @brief To check dependency whether or not exists. * @param infos Indicates all innerBundleInfo for all haps need to be installed. diff --git a/services/bundlemgr/include/bundle_install_checker.h b/services/bundlemgr/include/bundle_install_checker.h index cbe8381b41f204025ceedaf9c684940fa303f8a7..d24e075fd1f25fd79ffa95c59bad52b12937ec90 100644 --- a/services/bundlemgr/include/bundle_install_checker.h +++ b/services/bundlemgr/include/bundle_install_checker.h @@ -38,16 +38,6 @@ struct InstallCheckParam { // is shell token bool isCallByShell = false; bool isInstalledForAllUser = false; - // status of install bundle permission - PermissionStatus installBundlePermissionStatus = PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS; - // status of install enterprise bundle permission - PermissionStatus installEnterpriseBundlePermissionStatus = PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS; - // status of install enterprise normal bundle permission - PermissionStatus installEtpNormalBundlePermissionStatus = PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS; - // status of install enterprise mdm bundle permission - PermissionStatus installEtpMdmBundlePermissionStatus = PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS; - // status of install internaltesting bundle permission - PermissionStatus installInternaltestingBundlePermissionStatus = PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS; Constants::AppType appType = Constants::AppType::THIRD_PARTY_APP; int64_t crowdtestDeadline = Constants::INVALID_CROWDTEST_DEADLINE; // for crowdtesting type hap @@ -142,19 +132,16 @@ public: const Security::AccessToken::AccessTokenID callerToken = 0); ErrCode CheckInstallPermission(const InstallCheckParam &checkParam, - const std::vector &hapVerifyRes); + const std::vector &hapVerifyRes, + const Security::AccessToken::AccessTokenID &callerToken); - bool VaildInstallPermission(const InstallParam &installParam, - const std::vector &hapVerifyRes); + bool VaildInstallPermission(const bool isCallByShell, + const std::vector &hapVerifyRes, + const Security::AccessToken::AccessTokenID &callerToken); - bool VaildEnterpriseInstallPermission(const InstallParam &installParam, - const Security::Verify::ProvisionInfo &provisionInfo); - - bool VaildInstallPermissionForShare(const InstallCheckParam &checkParam, - const std::vector &hapVerifyRes); - - bool VaildEnterpriseInstallPermissionForShare(const InstallCheckParam &checkParam, - const Security::Verify::ProvisionInfo &provisionInfo); + bool VaildEnterpriseInstallPermission(const bool isCallByShell, + const Security::Verify::ProvisionInfo &provisionInfo, + const Security::AccessToken::AccessTokenID &callerToken); ErrCode CheckModuleNameForMulitHaps(const std::unordered_map &infos); diff --git a/services/bundlemgr/include/shared/inner_shared_bundle_installer.h b/services/bundlemgr/include/shared/inner_shared_bundle_installer.h index e7c2eb2e7f14b1b40d8230fa3645be15bd88ba35..43f4e179d4c66055455d98988ba17d485e05c515 100644 --- a/services/bundlemgr/include/shared/inner_shared_bundle_installer.h +++ b/services/bundlemgr/include/shared/inner_shared_bundle_installer.h @@ -43,7 +43,8 @@ public: * @param checkParam Indicates the install check param. * @return Returns ERR_OK if the files are parsed successfully; returns error code otherwise. */ - ErrCode ParseFiles(const InstallCheckParam &checkParam); + ErrCode ParseFiles(const InstallCheckParam &checkParam, + const Security::AccessToken::AccessTokenID callerToken); /** * @brief Get the bundle name of current shared bundle to be installed. diff --git a/services/bundlemgr/include/shared/shared_bundle_installer.h b/services/bundlemgr/include/shared/shared_bundle_installer.h index 151eec428a7f64d0dbc3a4364e66e3f0bd63a13e..35a70b201c38ae355c563bbc05ffaee1b121ffb9 100644 --- a/services/bundlemgr/include/shared/shared_bundle_installer.h +++ b/services/bundlemgr/include/shared/shared_bundle_installer.h @@ -67,6 +67,8 @@ public: */ ErrCode Install(const EventInfo &eventTemplate); + void SetCallingTokenId(const Security::AccessToken::AccessTokenID callerToken); + private: bool FindDependencyInInstalledBundles(const Dependency &dependency) const; void SendBundleSystemEvent(const EventInfo &eventTemplate, ErrCode errCode); @@ -76,6 +78,7 @@ private: const Constants::AppType appType_; // the key is the bundle name of cross-app shared bundle to be installed std::unordered_map> innerInstallers_; + Security::AccessToken::AccessTokenID callerToken_; DISALLOW_COPY_AND_MOVE(SharedBundleInstaller); diff --git a/services/bundlemgr/src/app_service_fwk/app_service_fwk_installer.cpp b/services/bundlemgr/src/app_service_fwk/app_service_fwk_installer.cpp index d373147d6e5f5a739b07764ea7465aae99e2e347..c231fb9983033ef116897470ff7b980ca5d57408 100644 --- a/services/bundlemgr/src/app_service_fwk/app_service_fwk_installer.cpp +++ b/services/bundlemgr/src/app_service_fwk/app_service_fwk_installer.cpp @@ -62,10 +62,6 @@ void BuildCheckParam( checkParam.crowdtestDeadline = installParam.crowdtestDeadline; checkParam.appType = AppExecFwk::Constants::AppType::SYSTEM_APP; checkParam.removable = installParam.removable; - checkParam.installBundlePermissionStatus = installParam.installBundlePermissionStatus; - checkParam.installEnterpriseBundlePermissionStatus = installParam.installEnterpriseBundlePermissionStatus; - checkParam.installEtpNormalBundlePermissionStatus = installParam.installEtpNormalBundlePermissionStatus; - checkParam.installEtpMdmBundlePermissionStatus = installParam.installEtpMdmBundlePermissionStatus; checkParam.isCallByShell = installParam.isCallByShell; checkParam.needSendEvent = installParam.needSendEvent; checkParam.specifiedDistributionType = installParam.specifiedDistributionType; @@ -421,8 +417,9 @@ ErrCode AppServiceFwkInstaller::CheckAndParseFiles( checkedHspPaths, checkParam, hapVerifyResults, newInfos); CHECK_RESULT(result, "Parse hsps file failed %{public}d"); + Security::AccessToken::AccessTokenID callerToken = 0; // check install permission - result = bundleInstallChecker_->CheckInstallPermission(checkParam, hapVerifyResults); + result = bundleInstallChecker_->CheckInstallPermission(checkParam, hapVerifyResults, callerToken); CHECK_RESULT(result, "Check install permission failed %{public}d"); // check hsp install condition diff --git a/services/bundlemgr/src/base_bundle_installer.cpp b/services/bundlemgr/src/base_bundle_installer.cpp index 2a161e1186c1e08707e16d8ce5bb2f6b4ec202f5..571975e361e811b04134263928d2ffab74e9874b 100644 --- a/services/bundlemgr/src/base_bundle_installer.cpp +++ b/services/bundlemgr/src/base_bundle_installer.cpp @@ -1140,6 +1140,7 @@ ErrCode BaseBundleInstaller::ProcessBundleInstall(const std::vector CHECK_RESULT(result, "parse cross-app shared bundles failed %{public}d"); if (inBundlePaths.empty() && sharedBundleInstaller.NeedToInstall()) { + sharedBundleInstaller.SetCallingTokenId(callerToken_); result = sharedBundleInstaller.Install(sysEventInfo_); bundleType_ = BundleType::SHARED; LOG_I(BMS_TAG_INSTALLER, "install cross-app shared bundles only, result : %{public}d", result); @@ -1225,7 +1226,7 @@ ErrCode BaseBundleInstaller::ProcessBundleInstall(const std::vector result = CheckShellCanInstallPreApp(newInfos); CHECK_RESULT(result, "check shell can install pre app failed %{public}d"); CheckPreBundle(newInfos, installParam, isRecover); - result = CheckInstallPermission(installParam, hapVerifyResults); + result = CheckInstallPermission(installParam, hapVerifyResults, callerToken_); CHECK_RESULT(result, "check install permission failed %{public}d"); result = CheckInstallCondition(hapVerifyResults, newInfos, isSysCapValid); CHECK_RESULT(result, "check install condition failed %{public}d"); @@ -4257,15 +4258,21 @@ ErrCode BaseBundleInstaller::CheckInstallCondition( } ErrCode BaseBundleInstaller::CheckInstallPermission(const InstallParam &installParam, - std::vector &hapVerifyRes) -{ - if ((installParam.installBundlePermissionStatus != PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS || - installParam.installEnterpriseBundlePermissionStatus != PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS || - installParam.installEtpNormalBundlePermissionStatus != PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS || - installParam.installEtpMdmBundlePermissionStatus != PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS || - installParam.installInternaltestingBundlePermissionStatus != PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS || - installParam.installUpdateSelfBundlePermissionStatus != PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS) && - !bundleInstallChecker_->VaildInstallPermission(installParam, hapVerifyRes)) { + std::vector &hapVerifyRes, + const Security::AccessToken::AccessTokenID &callerToken) +{ + if (hapVerifyRes.empty()) { + LOG_E(BMS_TAG_INSTALLER, "hapVerifyRes empty"); + return ERR_APPEXECFWK_INSTALL_PERMISSION_DENIED; + } + Security::Verify::ProvisionInfo provisionInfo = hapVerifyRes[0].GetProvisionInfo(); + if (installParam.isSelfUpdate && + provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE_MDM && + BundlePermissionMgr::VerifyPermissionByCallingTokenId(ServiceConstants::PERMISSION_INSTALL_SELF_BUNDLE, + callerToken)) { + return ERR_OK; + } + if (!bundleInstallChecker_->VaildInstallPermission(installParam.isCallByShell, hapVerifyRes, callerToken)) { // need vaild permission LOG_E(BMS_TAG_INSTALLER, "install permission denied"); return ERR_APPEXECFWK_INSTALL_PERMISSION_DENIED; diff --git a/services/bundlemgr/src/bundle_install_checker.cpp b/services/bundlemgr/src/bundle_install_checker.cpp index 18081dadbc03f6f7087ea13b7c4fd301f2dfd3f3..37c5add7ad1cb0b60e29114447fdafa20eed40b7 100644 --- a/services/bundlemgr/src/bundle_install_checker.cpp +++ b/services/bundlemgr/src/bundle_install_checker.cpp @@ -271,84 +271,64 @@ bool BundleInstallChecker::CheckProvisionInfoIsValid( return !isInvalid; } -bool BundleInstallChecker::VaildInstallPermission(const InstallParam &installParam, - const std::vector &hapVerifyRes) +bool BundleInstallChecker::VaildInstallPermission(const bool isCallByShell, + const std::vector &hapVerifyRes, + const Security::AccessToken::AccessTokenID &callerToken) { - PermissionStatus installBundleStatus = installParam.installBundlePermissionStatus; - PermissionStatus installEnterpriseBundleStatus = installParam.installEnterpriseBundlePermissionStatus; - PermissionStatus installEtpMdmBundleStatus = installParam.installEtpMdmBundlePermissionStatus; - PermissionStatus installInternaltestingBundleStatus = installParam.installInternaltestingBundlePermissionStatus; - bool isCallByShell = installParam.isCallByShell; - if (!isCallByShell && installBundleStatus == PermissionStatus::HAVE_PERMISSION_STATUS && - installEnterpriseBundleStatus == PermissionStatus::HAVE_PERMISSION_STATUS && - installEtpMdmBundleStatus == PermissionStatus::HAVE_PERMISSION_STATUS && - installInternaltestingBundleStatus == PermissionStatus::HAVE_PERMISSION_STATUS) { - return true; - } - for (uint32_t i = 0; i < hapVerifyRes.size(); ++i) { - Security::Verify::ProvisionInfo provisionInfo = hapVerifyRes[i].GetProvisionInfo(); - if (provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE) { - if (isCallByShell && provisionInfo.type != Security::Verify::ProvisionType::DEBUG) { - LOG_E(BMS_TAG_INSTALLER, "enterprise bundle can not be installed by shell"); - return false; - } - if (!isCallByShell && installEnterpriseBundleStatus != PermissionStatus::HAVE_PERMISSION_STATUS) { - LOG_E(BMS_TAG_INSTALLER, "install enterprise bundle permission denied"); - return false; - } - continue; + Security::Verify::ProvisionInfo provisionInfo = hapVerifyRes[0].GetProvisionInfo(); + if (provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE) { + if (isCallByShell && provisionInfo.type != Security::Verify::ProvisionType::DEBUG) { + LOG_E(BMS_TAG_INSTALLER, "enterprise bundle can not be installed by shell"); + return false; } - if (provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE_NORMAL || - provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE_MDM) { - bool result = VaildEnterpriseInstallPermission(installParam, provisionInfo); - if (!result) { - return false; - } - continue; + if (!isCallByShell &&!BundlePermissionMgr::VerifyPermissionByCallingTokenId( + ServiceConstants::PERMISSION_INSTALL_ENTERPRISE_BUNDLE, callerToken)) { + LOG_E(BMS_TAG_INSTALLER, "install enterprise bundle permission denied"); + return false; } - if (provisionInfo.distributionType == Security::Verify::AppDistType::INTERNALTESTING) { - if (!isCallByShell && installInternaltestingBundleStatus != PermissionStatus::HAVE_PERMISSION_STATUS) { - LOG_E(BMS_TAG_INSTALLER, "install internaltesting bundle permission denied"); - return false; - } - continue; + return true; + } + if (provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE_NORMAL || + provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE_MDM) { + if (!VaildEnterpriseInstallPermission(isCallByShell, provisionInfo, callerToken)) { + return false; } - if (installBundleStatus != PermissionStatus::HAVE_PERMISSION_STATUS) { - LOG_E(BMS_TAG_INSTALLER, "install permission denied"); + return true; + } + if (provisionInfo.distributionType == Security::Verify::AppDistType::INTERNALTESTING) { + if (!isCallByShell && !BundlePermissionMgr::VerifyPermissionByCallingTokenId( + ServiceConstants::PERMISSION_INSTALL_INTERNALTESTING_BUNDLE, callerToken)) { + LOG_E(BMS_TAG_INSTALLER, "install internaltesting bundle permission denied"); return false; } + return true; + } + if (!BundlePermissionMgr::VerifyPermissionByCallingTokenId(Constants::PERMISSION_INSTALL_BUNDLE, callerToken)) { + LOG_E(BMS_TAG_INSTALLER, "install permission denied"); + return false; } return true; } -bool BundleInstallChecker::VaildEnterpriseInstallPermission(const InstallParam &installParam, - const Security::Verify::ProvisionInfo &provisionInfo) +bool BundleInstallChecker::VaildEnterpriseInstallPermission(const bool isCallByShell, + const Security::Verify::ProvisionInfo &provisionInfo, const Security::AccessToken::AccessTokenID &callerToken) { - if (installParam.isSelfUpdate) { - if (provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE_MDM) { - LOG_I(BMS_TAG_INSTALLER, "Mdm self update"); - return true; - } - LOG_E(BMS_TAG_INSTALLER, "Self update not MDM"); - return false; - } - bool isCallByShell = installParam.isCallByShell; - PermissionStatus installEtpNormalBundleStatus = installParam.installEtpNormalBundlePermissionStatus; - PermissionStatus installEtpMdmBundleStatus = installParam.installEtpMdmBundlePermissionStatus; + bool installEtpNormalBundleStatus = BundlePermissionMgr::VerifyPermissionByCallingTokenId( + ServiceConstants::PERMISSION_INSTALL_ENTERPRISE_NORMAL_BUNDLE, callerToken); + bool installEtpMdmBundleStatus = BundlePermissionMgr::VerifyPermissionByCallingTokenId( + ServiceConstants::PERMISSION_INSTALL_ENTERPRISE_MDM_BUNDLE, callerToken); if (isCallByShell && provisionInfo.type != Security::Verify::ProvisionType::DEBUG) { LOG_E(BMS_TAG_INSTALLER, "enterprise normal/mdm bundle can not be installed by shell"); return false; } - if (!isCallByShell && - provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE_NORMAL && - installEtpNormalBundleStatus != PermissionStatus::HAVE_PERMISSION_STATUS && - installEtpMdmBundleStatus != PermissionStatus::HAVE_PERMISSION_STATUS) { + if (!isCallByShell && !installEtpNormalBundleStatus && !installEtpMdmBundleStatus && + provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE_NORMAL) { LOG_E(BMS_TAG_INSTALLER, "install enterprise normal bundle permission denied"); return false; } if (!isCallByShell && provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE_MDM && - installEtpMdmBundleStatus != PermissionStatus::HAVE_PERMISSION_STATUS) { + !installEtpMdmBundleStatus) { LOG_E(BMS_TAG_INSTALLER, "install enterprise mdm bundle permission denied"); return false; } @@ -499,14 +479,10 @@ ErrCode BundleInstallChecker::CheckHspInstallCondition( } ErrCode BundleInstallChecker::CheckInstallPermission(const InstallCheckParam &checkParam, - const std::vector &hapVerifyRes) + const std::vector &hapVerifyRes, + const Security::AccessToken::AccessTokenID &callerToken) { - if ((checkParam.installBundlePermissionStatus != PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS || - checkParam.installEnterpriseBundlePermissionStatus != PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS || - checkParam.installEtpNormalBundlePermissionStatus != PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS || - checkParam.installInternaltestingBundlePermissionStatus != PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS || - checkParam.installEtpMdmBundlePermissionStatus != PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS) && - !VaildInstallPermissionForShare(checkParam, hapVerifyRes)) { + if (hapVerifyRes.empty() || !VaildInstallPermission(checkParam.isCallByShell, hapVerifyRes, callerToken)) { // need vaild permission LOG_E(BMS_TAG_INSTALLER, "install permission denied"); return ERR_APPEXECFWK_INSTALL_PERMISSION_DENIED; @@ -514,82 +490,6 @@ ErrCode BundleInstallChecker::CheckInstallPermission(const InstallCheckParam &ch return ERR_OK; } -bool BundleInstallChecker::VaildInstallPermissionForShare(const InstallCheckParam &checkParam, - const std::vector &hapVerifyRes) -{ - PermissionStatus installBundleStatus = checkParam.installBundlePermissionStatus; - PermissionStatus installEnterpriseBundleStatus = checkParam.installEnterpriseBundlePermissionStatus; - PermissionStatus installEtpMdmBundleStatus = checkParam.installEtpMdmBundlePermissionStatus; - PermissionStatus installInternaltestingBundleStatus = checkParam.installInternaltestingBundlePermissionStatus; - bool isCallByShell = checkParam.isCallByShell; - if (!isCallByShell && installBundleStatus == PermissionStatus::HAVE_PERMISSION_STATUS && - installEnterpriseBundleStatus == PermissionStatus::HAVE_PERMISSION_STATUS && - installEtpMdmBundleStatus == PermissionStatus::HAVE_PERMISSION_STATUS && - installInternaltestingBundleStatus == PermissionStatus::HAVE_PERMISSION_STATUS) { - return true; - } - for (uint32_t i = 0; i < hapVerifyRes.size(); ++i) { - Security::Verify::ProvisionInfo provisionInfo = hapVerifyRes[i].GetProvisionInfo(); - if (provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE) { - if (isCallByShell && provisionInfo.type != Security::Verify::ProvisionType::DEBUG) { - LOG_E(BMS_TAG_INSTALLER, "enterprise bundle can not be installed by shell"); - return false; - } - if (!isCallByShell && installEnterpriseBundleStatus != PermissionStatus::HAVE_PERMISSION_STATUS) { - LOG_E(BMS_TAG_INSTALLER, "install enterprise bundle permission denied"); - return false; - } - continue; - } - if (provisionInfo.distributionType == Security::Verify::AppDistType::INTERNALTESTING) { - if (!isCallByShell && installInternaltestingBundleStatus != PermissionStatus::HAVE_PERMISSION_STATUS) { - LOG_E(BMS_TAG_INSTALLER, "install internaltesting bundle permission denied"); - return false; - } - continue; - } - if (provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE_NORMAL || - provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE_MDM) { - bool result = VaildEnterpriseInstallPermissionForShare(checkParam, provisionInfo); - if (!result) { - return false; - } - continue; - } - if (installBundleStatus != PermissionStatus::HAVE_PERMISSION_STATUS) { - LOG_E(BMS_TAG_INSTALLER, "install permission denied"); - return false; - } - } - return true; -} - -bool BundleInstallChecker::VaildEnterpriseInstallPermissionForShare(const InstallCheckParam &checkParam, - const Security::Verify::ProvisionInfo &provisionInfo) -{ - bool isCallByShell = checkParam.isCallByShell; - PermissionStatus installEtpNormalBundleStatus = checkParam.installEtpNormalBundlePermissionStatus; - PermissionStatus installEtpMdmBundleStatus = checkParam.installEtpMdmBundlePermissionStatus; - if (isCallByShell && provisionInfo.type != Security::Verify::ProvisionType::DEBUG) { - LOG_E(BMS_TAG_INSTALLER, "enterprise normal/mdm bundle can not be installed by shell"); - return false; - } - if (!isCallByShell && - provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE_NORMAL && - installEtpNormalBundleStatus != PermissionStatus::HAVE_PERMISSION_STATUS && - installEtpMdmBundleStatus != PermissionStatus::HAVE_PERMISSION_STATUS) { - LOG_E(BMS_TAG_INSTALLER, "install enterprise normal bundle permission denied"); - return false; - } - if (!isCallByShell && - provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE_MDM && - installEtpMdmBundleStatus != PermissionStatus::HAVE_PERMISSION_STATUS) { - LOG_E(BMS_TAG_INSTALLER, "install enterprise mdm bundle permission denied"); - return false; - } - return true; -} - ErrCode BundleInstallChecker::CheckDependency(std::unordered_map &infos) { LOG_D(BMS_TAG_INSTALLER, "CheckDependency"); diff --git a/services/bundlemgr/src/bundle_installer_host.cpp b/services/bundlemgr/src/bundle_installer_host.cpp index fd5f4cea0acf10b3a3abd12172835860a2e921b1..233c15f7e1520d57eed8357a09730b3d7b5d9964 100644 --- a/services/bundlemgr/src/bundle_installer_host.cpp +++ b/services/bundlemgr/src/bundle_installer_host.cpp @@ -792,31 +792,12 @@ sptr BundleInstallerHost::CreateStreamInstaller(const In bool BundleInstallerHost::IsPermissionVaild(const InstallParam &installParam, InstallParam &verifiedInstallParam) { verifiedInstallParam.isCallByShell = BundlePermissionMgr::IsShellTokenType(); - verifiedInstallParam.installBundlePermissionStatus = - BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_BUNDLE) ? - PermissionStatus::HAVE_PERMISSION_STATUS : PermissionStatus::NON_HAVE_PERMISSION_STATUS; - verifiedInstallParam.installEnterpriseBundlePermissionStatus = - BundlePermissionMgr::VerifyCallingPermissionForAll(ServiceConstants::PERMISSION_INSTALL_ENTERPRISE_BUNDLE) ? - PermissionStatus::HAVE_PERMISSION_STATUS : PermissionStatus::NON_HAVE_PERMISSION_STATUS; - verifiedInstallParam.installEtpNormalBundlePermissionStatus = - BundlePermissionMgr::VerifyCallingPermissionForAll( - ServiceConstants::PERMISSION_INSTALL_ENTERPRISE_NORMAL_BUNDLE) ? - PermissionStatus::HAVE_PERMISSION_STATUS : PermissionStatus::NON_HAVE_PERMISSION_STATUS; - verifiedInstallParam.installEtpMdmBundlePermissionStatus = - BundlePermissionMgr::VerifyCallingPermissionForAll(ServiceConstants::PERMISSION_INSTALL_ENTERPRISE_MDM_BUNDLE) ? - PermissionStatus::HAVE_PERMISSION_STATUS : PermissionStatus::NON_HAVE_PERMISSION_STATUS; - verifiedInstallParam.installInternaltestingBundlePermissionStatus = - BundlePermissionMgr::VerifyCallingPermissionForAll(ServiceConstants::PERMISSION_INSTALL_INTERNALTESTING_BUNDLE) - ? PermissionStatus::HAVE_PERMISSION_STATUS - : PermissionStatus::NON_HAVE_PERMISSION_STATUS; - verifiedInstallParam.installUpdateSelfBundlePermissionStatus = - BundlePermissionMgr::VerifyCallingPermissionForAll(ServiceConstants::PERMISSION_INSTALL_SELF_BUNDLE) ? - PermissionStatus::HAVE_PERMISSION_STATUS : PermissionStatus::NON_HAVE_PERMISSION_STATUS; - return (verifiedInstallParam.installBundlePermissionStatus == PermissionStatus::HAVE_PERMISSION_STATUS || - verifiedInstallParam.installEnterpriseBundlePermissionStatus == PermissionStatus::HAVE_PERMISSION_STATUS || - verifiedInstallParam.installEtpNormalBundlePermissionStatus == PermissionStatus::HAVE_PERMISSION_STATUS || - verifiedInstallParam.installEtpMdmBundlePermissionStatus == PermissionStatus::HAVE_PERMISSION_STATUS || - verifiedInstallParam.installUpdateSelfBundlePermissionStatus == PermissionStatus::HAVE_PERMISSION_STATUS || + return (BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_BUNDLE) || + BundlePermissionMgr::VerifyCallingPermissionForAll(ServiceConstants::PERMISSION_INSTALL_ENTERPRISE_BUNDLE) || + BundlePermissionMgr::VerifyCallingPermissionForAll(ServiceConstants::PERMISSION_INSTALL_ENTERPRISE_NORMAL_BUNDLE) || + BundlePermissionMgr::VerifyCallingPermissionForAll(ServiceConstants::PERMISSION_INSTALL_ENTERPRISE_MDM_BUNDLE) || + BundlePermissionMgr::VerifyCallingPermissionForAll(ServiceConstants::PERMISSION_INSTALL_INTERNALTESTING_BUNDLE) || + BundlePermissionMgr::VerifyCallingPermissionForAll(ServiceConstants::PERMISSION_INSTALL_SELF_BUNDLE) || BundlePermissionMgr::VerifyCallingPermissionForAll(ServiceConstants::PERMISSION_INSTALL_QUICK_FIX_BUNDLE)); } diff --git a/services/bundlemgr/src/shared/inner_shared_bundle_installer.cpp b/services/bundlemgr/src/shared/inner_shared_bundle_installer.cpp index 3c74d3d7162bf44d9ddb3fad7c4c0e97b41d0dbf..88d4faa671d1cc92043588c6cde8d67fdb12b889 100644 --- a/services/bundlemgr/src/shared/inner_shared_bundle_installer.cpp +++ b/services/bundlemgr/src/shared/inner_shared_bundle_installer.cpp @@ -45,7 +45,8 @@ InnerSharedBundleInstaller::~InnerSharedBundleInstaller() BundleUtil::DeleteTempDirs(toDeleteTempHspPath_); } -ErrCode InnerSharedBundleInstaller::ParseFiles(const InstallCheckParam &checkParam) +ErrCode InnerSharedBundleInstaller::ParseFiles(const InstallCheckParam &checkParam, + const Security::AccessToken::AccessTokenID callerToken) { APP_LOGD("parsing shared bundle files, path : %{private}s", sharedBundlePath_.c_str()); ErrCode result = ERR_OK; @@ -82,7 +83,7 @@ ErrCode InnerSharedBundleInstaller::ParseFiles(const InstallCheckParam &checkPar CHECK_RESULT(result, "parse haps file failed %{public}d"); // check install permission - result = bundleInstallChecker_->CheckInstallPermission(checkParam, hapVerifyResults); + result = bundleInstallChecker_->CheckInstallPermission(checkParam, hapVerifyResults, callerToken); CHECK_RESULT(result, "check install permission failed %{public}d"); // check hsp install condition diff --git a/services/bundlemgr/src/shared/shared_bundle_installer.cpp b/services/bundlemgr/src/shared/shared_bundle_installer.cpp index 33bdf529971973a0f7f98a7cc0161b69ac59da43..e266cbb045e16cdf1bbe5270633f1efdc5121ba7 100644 --- a/services/bundlemgr/src/shared/shared_bundle_installer.cpp +++ b/services/bundlemgr/src/shared/shared_bundle_installer.cpp @@ -31,6 +31,11 @@ SharedBundleInstaller::~SharedBundleInstaller() APP_LOGD("shared bundle installer instance is destroyed"); } +void SharedBundleInstaller::SetCallingTokenId(const Security::AccessToken::AccessTokenID callerToken) +{ + callerToken_ = callerToken; +} + ErrCode SharedBundleInstaller::ParseFiles() { ErrCode result = ERR_OK; @@ -44,17 +49,11 @@ ErrCode SharedBundleInstaller::ParseFiles() checkParam.crowdtestDeadline = installParam_.crowdtestDeadline; checkParam.appType = appType_; checkParam.removable = installParam_.removable; - checkParam.installBundlePermissionStatus = installParam_.installBundlePermissionStatus; - checkParam.installEnterpriseBundlePermissionStatus = installParam_.installEnterpriseBundlePermissionStatus; - checkParam.installEtpNormalBundlePermissionStatus = installParam_.installEtpNormalBundlePermissionStatus; - checkParam.installEtpMdmBundlePermissionStatus = installParam_.installEtpMdmBundlePermissionStatus; - checkParam.installInternaltestingBundlePermissionStatus = - installParam_.installInternaltestingBundlePermissionStatus; checkParam.isCallByShell = installParam_.isCallByShell; for (const auto &path : installParam_.sharedBundleDirPaths) { auto installer = std::make_shared(path); - result = installer->ParseFiles(checkParam); + result = installer->ParseFiles(checkParam, callerToken_); CHECK_RESULT(result, "parse file failed %{public}d"); if (innerInstallers_.find(installer->GetBundleName()) != innerInstallers_.end()) { APP_LOGW("sharedBundleDirPaths does not support that different paths contain hsp of same bundleName"); diff --git a/services/bundlemgr/test/unittest/bms_bundle_app_provision_info_test/bms_bundle_app_provision_info_test.cpp b/services/bundlemgr/test/unittest/bms_bundle_app_provision_info_test/bms_bundle_app_provision_info_test.cpp index cd1248eee73c28696210279d947658f60a8dcc13..9185442d22fe2b607132682686785f156fdc9aaf 100644 --- a/services/bundlemgr/test/unittest/bms_bundle_app_provision_info_test/bms_bundle_app_provision_info_test.cpp +++ b/services/bundlemgr/test/unittest/bms_bundle_app_provision_info_test/bms_bundle_app_provision_info_test.cpp @@ -1383,10 +1383,11 @@ HWTEST_F(BmsBundleAppProvisionInfoTest, ParseFiles_0001, Function | SmallTest | { InnerSharedBundleInstaller installer(HAP_FILE_PATH1); InstallCheckParam checkParam; - ErrCode ret = installer.ParseFiles(checkParam); + Security::AccessToken::AccessTokenID callerToken = 0; + ErrCode ret = installer.ParseFiles(checkParam, callerToken); EXPECT_NE(ret, ERR_OK); checkParam.isPreInstallApp = true; - EXPECT_NE(ERR_OK, installer.ParseFiles(checkParam)); + EXPECT_NE(ERR_OK, installer.ParseFiles(checkParam, callerToken)); EXPECT_EQ(0, installer.GetBundleName().size()); } /** diff --git a/services/bundlemgr/test/unittest/bms_bundle_installer_test/bms_bundle_install_checker_test.cpp b/services/bundlemgr/test/unittest/bms_bundle_installer_test/bms_bundle_install_checker_test.cpp index 65360a3b65098c9635899318dd8fa1f71d9192eb..1754c5645caf6b4269f90e4d9ffbbd83db1b089b 100755 --- a/services/bundlemgr/test/unittest/bms_bundle_installer_test/bms_bundle_install_checker_test.cpp +++ b/services/bundlemgr/test/unittest/bms_bundle_installer_test/bms_bundle_install_checker_test.cpp @@ -2074,10 +2074,11 @@ HWTEST_F(BmsBundleInstallCheckerTest, VaildEnterpriseInstallPermission_0001, Fun InstallParam param; Security::Verify::ProvisionInfo provisionInfo; param.isSelfUpdate = true; - auto ret = installChecker.VaildEnterpriseInstallPermission(param, provisionInfo); + Security::AccessToken::AccessTokenID callerToken = 0; + auto ret = installChecker.VaildEnterpriseInstallPermission(param.isCallByShell, provisionInfo, callerToken); EXPECT_EQ(ret, false); provisionInfo.distributionType = Security::Verify::AppDistType::ENTERPRISE_MDM; - ret = installChecker.VaildEnterpriseInstallPermission(param, provisionInfo); + ret = installChecker.VaildEnterpriseInstallPermission(param.isCallByShell, provisionInfo, callerToken); EXPECT_EQ(ret, true); } @@ -2093,10 +2094,11 @@ HWTEST_F(BmsBundleInstallCheckerTest, VaildEnterpriseInstallPermission_0002, Fun Security::Verify::ProvisionInfo provisionInfo; param.isCallByShell = true; provisionInfo.type = Security::Verify::ProvisionType::RELEASE; - auto ret = installChecker.VaildEnterpriseInstallPermission(param, provisionInfo); + Security::AccessToken::AccessTokenID callerToken = 0; + auto ret = installChecker.VaildEnterpriseInstallPermission(param.isCallByShell, provisionInfo, callerToken); EXPECT_EQ(ret, false); provisionInfo.type = Security::Verify::ProvisionType::DEBUG; - ret = installChecker.VaildEnterpriseInstallPermission(param, provisionInfo); + ret = installChecker.VaildEnterpriseInstallPermission(param.isCallByShell, provisionInfo, callerToken); EXPECT_EQ(ret, true); } @@ -2112,13 +2114,14 @@ HWTEST_F(BmsBundleInstallCheckerTest, VaildEnterpriseInstallPermission_0003, Fun Security::Verify::ProvisionInfo provisionInfo; param.isCallByShell = false; provisionInfo.distributionType = Security::Verify::AppDistType::ENTERPRISE_NORMAL; - auto ret = installChecker.VaildEnterpriseInstallPermission(param, provisionInfo); + Security::AccessToken::AccessTokenID callerToken = 0; + auto ret = installChecker.VaildEnterpriseInstallPermission(param.isCallByShell, provisionInfo, callerToken); EXPECT_EQ(ret, false); param.installEtpNormalBundlePermissionStatus = PermissionStatus::HAVE_PERMISSION_STATUS; - ret = installChecker.VaildEnterpriseInstallPermission(param, provisionInfo); + ret = installChecker.VaildEnterpriseInstallPermission(param.isCallByShell, provisionInfo, callerToken); EXPECT_EQ(ret, true); param.installEtpMdmBundlePermissionStatus = PermissionStatus::HAVE_PERMISSION_STATUS; - ret = installChecker.VaildEnterpriseInstallPermission(param, provisionInfo); + ret = installChecker.VaildEnterpriseInstallPermission(param.isCallByShell, provisionInfo, callerToken); EXPECT_EQ(ret, true); } @@ -2134,10 +2137,11 @@ HWTEST_F(BmsBundleInstallCheckerTest, VaildEnterpriseInstallPermission_0004, Fun Security::Verify::ProvisionInfo provisionInfo; param.isCallByShell = false; provisionInfo.distributionType = Security::Verify::AppDistType::ENTERPRISE_MDM; - auto ret = installChecker.VaildEnterpriseInstallPermission(param, provisionInfo); + Security::AccessToken::AccessTokenID callerToken = 0; + auto ret = installChecker.VaildEnterpriseInstallPermission(param.isCallByShell, provisionInfo, callerToken); EXPECT_EQ(ret, false); param.installEtpMdmBundlePermissionStatus = PermissionStatus::HAVE_PERMISSION_STATUS; - ret = installChecker.VaildEnterpriseInstallPermission(param, provisionInfo); + ret = installChecker.VaildEnterpriseInstallPermission(param.isCallByShell, provisionInfo, callerToken); EXPECT_EQ(ret, true); } @@ -2175,143 +2179,6 @@ HWTEST_F(BmsBundleInstallCheckerTest, MatchSignature_0102, Function | SmallTest EXPECT_FALSE(res); } -/** - * @tc.number: VaildInstallPermissionForShare_0100 - * @tc.name: test VaildInstallPermissionForShare - * @tc.desc: 1.test isCallByShell is false - */ -HWTEST_F(BmsBundleInstallCheckerTest, VaildInstallPermissionForShare_0100, Function | SmallTest | Level0) -{ - BundleInstallChecker installChecker; - InstallCheckParam checkParam; - std::vector hapVerifyRes; - Security::Verify::HapVerifyResult result; - hapVerifyRes.emplace_back(result); - checkParam.isCallByShell = false; - checkParam.installBundlePermissionStatus = PermissionStatus::HAVE_PERMISSION_STATUS; - checkParam.installEnterpriseBundlePermissionStatus = PermissionStatus::HAVE_PERMISSION_STATUS; - checkParam.installEtpMdmBundlePermissionStatus = PermissionStatus::HAVE_PERMISSION_STATUS; - bool res1 = installChecker.VaildInstallPermissionForShare(checkParam, hapVerifyRes); - EXPECT_TRUE(res1); - - checkParam.installBundlePermissionStatus = PermissionStatus::NON_HAVE_PERMISSION_STATUS; - bool res2 = installChecker.VaildInstallPermissionForShare(checkParam, hapVerifyRes); - EXPECT_FALSE(res2); - - checkParam.installEnterpriseBundlePermissionStatus = PermissionStatus::NON_HAVE_PERMISSION_STATUS; - bool res3 = installChecker.VaildInstallPermissionForShare(checkParam, hapVerifyRes); - EXPECT_FALSE(res3); - - checkParam.installEtpMdmBundlePermissionStatus = PermissionStatus::NON_HAVE_PERMISSION_STATUS; - bool res4 = installChecker.VaildInstallPermissionForShare(checkParam, hapVerifyRes); - EXPECT_FALSE(res4); - - checkParam.installBundlePermissionStatus = PermissionStatus::HAVE_PERMISSION_STATUS; - bool res5 = installChecker.VaildInstallPermissionForShare(checkParam, hapVerifyRes); - EXPECT_TRUE(res5); - - checkParam.installEnterpriseBundlePermissionStatus = PermissionStatus::HAVE_PERMISSION_STATUS; - bool res6 = installChecker.VaildInstallPermissionForShare(checkParam, hapVerifyRes); - EXPECT_TRUE(res6); -} - -/** - * @tc.number: VaildInstallPermissionForShare_0200 - * @tc.name: test VaildInstallPermissionForShare - * @tc.desc: 1.test isCallByShell is true - */ -HWTEST_F(BmsBundleInstallCheckerTest, VaildInstallPermissionForShare_0200, Function | SmallTest | Level0) -{ - BundleInstallChecker installChecker; - InstallCheckParam checkParam; - std::vector hapVerifyRes; - Security::Verify::HapVerifyResult result; - hapVerifyRes.emplace_back(result); - checkParam.isCallByShell = true; - checkParam.installBundlePermissionStatus = PermissionStatus::HAVE_PERMISSION_STATUS; - checkParam.installEnterpriseBundlePermissionStatus = PermissionStatus::HAVE_PERMISSION_STATUS; - checkParam.installEtpMdmBundlePermissionStatus = PermissionStatus::HAVE_PERMISSION_STATUS; - bool res1 = installChecker.VaildInstallPermissionForShare(checkParam, hapVerifyRes); - EXPECT_TRUE(res1); - - checkParam.installBundlePermissionStatus = PermissionStatus::NON_HAVE_PERMISSION_STATUS; - bool res2 = installChecker.VaildInstallPermissionForShare(checkParam, hapVerifyRes); - EXPECT_FALSE(res2); - - checkParam.installEnterpriseBundlePermissionStatus = PermissionStatus::NON_HAVE_PERMISSION_STATUS; - bool res3 = installChecker.VaildInstallPermissionForShare(checkParam, hapVerifyRes); - EXPECT_FALSE(res3); - - checkParam.installEtpMdmBundlePermissionStatus = PermissionStatus::NON_HAVE_PERMISSION_STATUS; - bool res4 = installChecker.VaildInstallPermissionForShare(checkParam, hapVerifyRes); - EXPECT_FALSE(res4); - - checkParam.installBundlePermissionStatus = PermissionStatus::HAVE_PERMISSION_STATUS; - bool res5 = installChecker.VaildInstallPermissionForShare(checkParam, hapVerifyRes); - EXPECT_TRUE(res5); - - checkParam.installEnterpriseBundlePermissionStatus = PermissionStatus::HAVE_PERMISSION_STATUS; - bool res6 = installChecker.VaildInstallPermissionForShare(checkParam, hapVerifyRes); - EXPECT_TRUE(res6); -} - -/** - * @tc.number: VaildEnterpriseInstallPermissionForShare_0100 - * @tc.name: test VaildEnterpriseInstallPermissionForShare - * @tc.desc: 1.test VaildEnterpriseInstallPermissionForShare of BundleInstallChecker - */ -HWTEST_F(BmsBundleInstallCheckerTest, VaildEnterpriseInstallPermissionForShare_0100, Function | SmallTest | Level0) -{ - BundleInstallChecker installChecker; - InstallCheckParam checkParam; - Security::Verify::ProvisionInfo provisionInfo; - checkParam.isCallByShell = true; - provisionInfo.type = Security::Verify::ProvisionType::RELEASE; - bool res1 = installChecker.VaildEnterpriseInstallPermissionForShare(checkParam, provisionInfo); - EXPECT_FALSE(res1); - - checkParam.isCallByShell = false; - provisionInfo.type = Security::Verify::ProvisionType::DEBUG; - bool res2 = installChecker.VaildEnterpriseInstallPermissionForShare(checkParam, provisionInfo); - EXPECT_TRUE(res2); - - provisionInfo.distributionType = Security::Verify::AppDistType::ENTERPRISE_NORMAL; - bool res3 = installChecker.VaildEnterpriseInstallPermissionForShare(checkParam, provisionInfo); - EXPECT_FALSE(res3); - - checkParam.installEtpNormalBundlePermissionStatus = PermissionStatus::HAVE_PERMISSION_STATUS; - bool res4 = installChecker.VaildEnterpriseInstallPermissionForShare(checkParam, provisionInfo); - EXPECT_TRUE(res4); - - checkParam.installEtpMdmBundlePermissionStatus = PermissionStatus::HAVE_PERMISSION_STATUS; - bool res5 = installChecker.VaildEnterpriseInstallPermissionForShare(checkParam, provisionInfo); - EXPECT_TRUE(res5); - - checkParam.installEtpMdmBundlePermissionStatus = PermissionStatus::NON_HAVE_PERMISSION_STATUS; - bool res6 = installChecker.VaildEnterpriseInstallPermissionForShare(checkParam, provisionInfo); - EXPECT_TRUE(res6); - - checkParam.installEtpNormalBundlePermissionStatus = PermissionStatus::NON_HAVE_PERMISSION_STATUS; - bool res7 = installChecker.VaildEnterpriseInstallPermissionForShare(checkParam, provisionInfo); - EXPECT_FALSE(res7); - - checkParam.installEtpMdmBundlePermissionStatus = PermissionStatus::HAVE_PERMISSION_STATUS; - bool res8 = installChecker.VaildEnterpriseInstallPermissionForShare(checkParam, provisionInfo); - EXPECT_TRUE(res8); - - provisionInfo.distributionType = Security::Verify::AppDistType::ENTERPRISE_MDM; - bool res9 = installChecker.VaildEnterpriseInstallPermissionForShare(checkParam, provisionInfo); - EXPECT_TRUE(res9); - - checkParam.installEtpMdmBundlePermissionStatus = PermissionStatus::NON_HAVE_PERMISSION_STATUS; - bool res10 = installChecker.VaildEnterpriseInstallPermissionForShare(checkParam, provisionInfo); - EXPECT_FALSE(res10); - - checkParam.installEtpNormalBundlePermissionStatus = PermissionStatus::NON_HAVE_PERMISSION_STATUS; - bool res11 = installChecker.VaildEnterpriseInstallPermissionForShare(checkParam, provisionInfo); - EXPECT_FALSE(res11); -} - /** * @tc.number: ResetAOTCompileStatus_0100 * @tc.name: test ResetAOTCompileStatus @@ -2373,12 +2240,13 @@ HWTEST_F(BmsBundleInstallCheckerTest, VaildInstallPermission_0100, Function | Sm InstallParam installParam; installParam.isSelfUpdate = false; std::vector hapVerifyRes; - bool ret = installChecker.VaildInstallPermission(installParam, hapVerifyRes); + Security::AccessToken::AccessTokenID callerToken = 0; + bool ret = installChecker.VaildInstallPermission(installParam.isCallByShell, hapVerifyRes, callerToken); EXPECT_EQ(ret, true); Security::Verify::HapVerifyResult result; hapVerifyRes.emplace_back(result); - ret = installChecker.VaildInstallPermission(installParam, hapVerifyRes); + ret = installChecker.VaildInstallPermission(installParam.isCallByShell, hapVerifyRes, callerToken); EXPECT_EQ(ret, false); } diff --git a/services/bundlemgr/test/unittest/bms_bundle_installer_test/bms_bundle_installer_test.cpp b/services/bundlemgr/test/unittest/bms_bundle_installer_test/bms_bundle_installer_test.cpp index 7644ef62955dfbfd8296d5c3c30a12fe2c586c91..cbe77f3365e2d85fb8ca0503c01c21c59c2e39e2 100644 --- a/services/bundlemgr/test/unittest/bms_bundle_installer_test/bms_bundle_installer_test.cpp +++ b/services/bundlemgr/test/unittest/bms_bundle_installer_test/bms_bundle_installer_test.cpp @@ -3859,7 +3859,8 @@ HWTEST_F(BmsBundleInstallerTest, InstallChecker_1400, Function | SmallTest | Lev InstallParam installParam; installParam.isCallByShell = true; std::vector hapVerifyRes; - bool ret = installChecker.VaildInstallPermission(installParam, hapVerifyRes); + Security::AccessToken::AccessTokenID callerToken = 0; + bool ret = installChecker.VaildInstallPermission(installParam.isCallByShell, hapVerifyRes, callerToken); EXPECT_EQ(ret, true); } @@ -3874,13 +3875,14 @@ HWTEST_F(BmsBundleInstallerTest, InstallChecker_1500, Function | SmallTest | Lev InstallParam installParam; installParam.isCallByShell = false; std::vector hapVerifyRes; - bool ret = installChecker.VaildInstallPermission(installParam, hapVerifyRes); + Security::AccessToken::AccessTokenID callerToken = 0; + bool ret = installChecker.VaildInstallPermission(installParam.isCallByShell, hapVerifyRes, callerToken); EXPECT_EQ(ret, true); installParam.installBundlePermissionStatus = PermissionStatus::HAVE_PERMISSION_STATUS; - ret = installChecker.VaildInstallPermission(installParam, hapVerifyRes); + ret = installChecker.VaildInstallPermission(installParam.isCallByShell, hapVerifyRes, callerToken); EXPECT_EQ(ret, true); installParam.installEnterpriseBundlePermissionStatus = PermissionStatus::HAVE_PERMISSION_STATUS; - ret = installChecker.VaildInstallPermission(installParam, hapVerifyRes); + ret = installChecker.VaildInstallPermission(installParam.isCallByShell, hapVerifyRes, callerToken); EXPECT_EQ(ret, true); } @@ -3900,7 +3902,8 @@ HWTEST_F(BmsBundleInstallerTest, InstallChecker_1600, Function | SmallTest | Lev info.distributionType = Security::Verify::AppDistType::ENTERPRISE; info.type = Security::Verify::ProvisionType::DEBUG; result.SetProvisionInfo(info); - bool ret = installChecker.VaildInstallPermission(installParam, hapVerifyRes); + Security::AccessToken::AccessTokenID callerToken = 0; + bool ret = installChecker.VaildInstallPermission(installParam.isCallByShell, hapVerifyRes, callerToken); EXPECT_EQ(ret, true); } @@ -3922,7 +3925,8 @@ HWTEST_F(BmsBundleInstallerTest, InstallChecker_1700, Function | SmallTest | Lev info.type = Security::Verify::ProvisionType::RELEASE; result.SetProvisionInfo(info); hapVerifyRes.emplace_back(result); - bool ret = installChecker.VaildInstallPermission(installParam, hapVerifyRes); + Security::AccessToken::AccessTokenID callerToken = 0; + bool ret = installChecker.VaildInstallPermission(installParam.isCallByShell, hapVerifyRes, callerToken); EXPECT_EQ(ret, false); } @@ -3939,7 +3943,8 @@ HWTEST_F(BmsBundleInstallerTest, InstallChecker_1800, Function | SmallTest | Lev std::vector hapVerifyRes; Security::Verify::HapVerifyResult result; hapVerifyRes.emplace_back(result); - bool ret = installChecker.VaildInstallPermission(installParam, hapVerifyRes); + Security::AccessToken::AccessTokenID callerToken = 0; + bool ret = installChecker.VaildInstallPermission(installParam.isCallByShell, hapVerifyRes, callerToken); EXPECT_EQ(ret, false); } @@ -3959,7 +3964,8 @@ HWTEST_F(BmsBundleInstallerTest, InstallChecker_1900, Function | SmallTest | Lev info.distributionType = Security::Verify::AppDistType::ENTERPRISE; result.SetProvisionInfo(info); hapVerifyRes.emplace_back(result); - bool ret = installChecker.VaildInstallPermission(installParam, hapVerifyRes); + Security::AccessToken::AccessTokenID callerToken = 0; + bool ret = installChecker.VaildInstallPermission(installParam.isCallByShell, hapVerifyRes, callerToken); EXPECT_EQ(ret, false); } @@ -4789,6 +4795,8 @@ HWTEST_F(BmsBundleInstallerTest, ParseFiles_0100, Function | SmallTest | Level0) InstallParam installParam; auto appType = Constants::AppType::THIRD_PARTY_APP; SharedBundleInstaller installer(installParam, appType); + Security::AccessToken::AccessTokenID callerToken = 0; + installer.SetCallingTokenId(callerToken); installer.installParam_.sharedBundleDirPaths.clear(); auto res = installer.ParseFiles(); EXPECT_EQ(res, ERR_OK); @@ -4806,6 +4814,8 @@ HWTEST_F(BmsBundleInstallerTest, ParseFiles_0200, Function | SmallTest | Level0) InstallParam installParam; auto appType = Constants::AppType::THIRD_PARTY_APP; SharedBundleInstaller installer(installParam, appType); + Security::AccessToken::AccessTokenID callerToken = 0; + installer.SetCallingTokenId(callerToken); installParam.sharedBundleDirPaths = {"/path/to/test1", "/path/to/test2"}; installer.installParam_.sharedBundleDirPaths = installParam.sharedBundleDirPaths; auto ret = installer.ParseFiles(); @@ -9411,8 +9421,8 @@ HWTEST_F(BmsBundleInstallerTest, BaseBundleInstaller_8000, Function | SmallTest provisionInfo.type = Security::Verify::ProvisionType::RELEASE; hapVerifyResult.SetProvisionInfo(provisionInfo); hapVerifyRes.emplace_back(hapVerifyResult); - - auto ret = baseBundleInstaller.CheckInstallPermission(installParam, hapVerifyRes); + Security::AccessToken::AccessTokenID callerToken = 0; + auto ret = baseBundleInstaller.CheckInstallPermission(installParam, hapVerifyRes, callerToken); EXPECT_EQ(ret, ERR_APPEXECFWK_INSTALL_PERMISSION_DENIED); } diff --git a/services/bundlemgr/test/unittest/bundle_install_checker_test/bundle_install_checker_test.cpp b/services/bundlemgr/test/unittest/bundle_install_checker_test/bundle_install_checker_test.cpp index 008da36079f8e63223b5a433ddbff015c102f7e9..646ce5bdd80c59a93c6976d8ae19ab98afad7547 100644 --- a/services/bundlemgr/test/unittest/bundle_install_checker_test/bundle_install_checker_test.cpp +++ b/services/bundlemgr/test/unittest/bundle_install_checker_test/bundle_install_checker_test.cpp @@ -206,7 +206,8 @@ HWTEST_F(BundleInstallCheckerTest, BundleInstallCheckerTest_0006, TestSize.Level installParam.installInternaltestingBundlePermissionStatus = PermissionStatus::HAVE_PERMISSION_STATUS; BundleInstallChecker bundleInstallChecker; - bool isValid = bundleInstallChecker.VaildInstallPermission(installParam, hapVerifyRes); + Security::AccessToken::AccessTokenID callerToken = 0; + bool isValid = bundleInstallChecker.VaildInstallPermission(installParam.isCallByShell, hapVerifyRes, callerToken); EXPECT_TRUE(isValid); } @@ -230,7 +231,8 @@ HWTEST_F(BundleInstallCheckerTest, BundleInstallCheckerTest_0007, TestSize.Level installParam.isCallByShell = true; BundleInstallChecker bundleInstallChecker; - bool isValid = bundleInstallChecker.VaildInstallPermission(installParam, hapVerifyRes); + Security::AccessToken::AccessTokenID callerToken = 0; + bool isValid = bundleInstallChecker.VaildInstallPermission(installParam.isCallByShell, hapVerifyRes, callerToken); EXPECT_FALSE(isValid); } @@ -255,7 +257,8 @@ HWTEST_F(BundleInstallCheckerTest, BundleInstallCheckerTest_0008, TestSize.Level installParam.installEnterpriseBundlePermissionStatus = PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS; BundleInstallChecker bundleInstallChecker; - bool isValid = bundleInstallChecker.VaildInstallPermission(installParam, hapVerifyRes); + Security::AccessToken::AccessTokenID callerToken = 0; + bool isValid = bundleInstallChecker.VaildInstallPermission(installParam.isCallByShell, hapVerifyRes, callerToken); EXPECT_FALSE(isValid); } @@ -279,10 +282,10 @@ HWTEST_F(BundleInstallCheckerTest, BundleInstallCheckerTest_0009, TestSize.Level installParam.isSelfUpdate = true; BundleInstallChecker bundleInstallChecker; - bool ret1 = bundleInstallChecker.VaildEnterpriseInstallPermission(installParam, hapVerifyResult1.provisionInfo); + Security::AccessToken::AccessTokenID callerToken = 0; + bool ret1 = bundleInstallChecker.VaildEnterpriseInstallPermission(installParam.isCallByShell, hapVerifyResult1.provisionInfo, callerToken); EXPECT_FALSE(ret1); - - bool isValid = bundleInstallChecker.VaildInstallPermission(installParam, hapVerifyRes); + bool isValid = bundleInstallChecker.VaildInstallPermission(installParam.isCallByShell, hapVerifyRes, callerToken); EXPECT_FALSE(isValid); } @@ -306,10 +309,10 @@ HWTEST_F(BundleInstallCheckerTest, BundleInstallCheckerTest_0010, TestSize.Level installParam.isSelfUpdate = true; BundleInstallChecker bundleInstallChecker; - bool ret1 = bundleInstallChecker.VaildEnterpriseInstallPermission(installParam, hapVerifyResult1.provisionInfo); + Security::AccessToken::AccessTokenID callerToken = 0; + bool ret1 = bundleInstallChecker.VaildEnterpriseInstallPermission(installParam, hapVerifyResult1.provisionInfo, callerToken); EXPECT_TRUE(ret1); - - bool isValid = bundleInstallChecker.VaildInstallPermission(installParam, hapVerifyRes); + bool isValid = bundleInstallChecker.VaildInstallPermission(installParam.isCallByShell, hapVerifyRes, callerToken); EXPECT_TRUE(isValid); } @@ -334,7 +337,8 @@ HWTEST_F(BundleInstallCheckerTest, BundleInstallCheckerTest_0011, TestSize.Level installParam.installInternaltestingBundlePermissionStatus = PermissionStatus::HAVE_PERMISSION_STATUS; BundleInstallChecker bundleInstallChecker; - bool isValid = bundleInstallChecker.VaildInstallPermission(installParam, hapVerifyRes); + Security::AccessToken::AccessTokenID callerToken = 0; + bool isValid = bundleInstallChecker.VaildInstallPermission(installParam.isCallByShell, hapVerifyRes, callerToken); EXPECT_TRUE(isValid); } @@ -359,7 +363,8 @@ HWTEST_F(BundleInstallCheckerTest, BundleInstallCheckerTest_0012, TestSize.Level installParam.installInternaltestingBundlePermissionStatus = PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS; BundleInstallChecker bundleInstallChecker; - bool isValid = bundleInstallChecker.VaildInstallPermission(installParam, hapVerifyRes); + Security::AccessToken::AccessTokenID callerToken = 0; + bool isValid = bundleInstallChecker.VaildInstallPermission(installParam.isCallByShell, hapVerifyRes, callerToken); EXPECT_FALSE(isValid); } @@ -430,7 +435,8 @@ HWTEST_F(BundleInstallCheckerTest, BundleInstallCheckerTest_0015, TestSize.Level auto ret = bundleInstallChecker.VaildInstallPermissionForShare(checkParam, hapVerifyRes); EXPECT_EQ(ret, false); - auto ret2 = bundleInstallChecker.CheckInstallPermission(checkParam, hapVerifyRes); + Security::AccessToken::AccessTokenID callerToken = 0; + auto ret2 = bundleInstallChecker.CheckInstallPermission(checkParam, hapVerifyRes, callerToken); EXPECT_EQ(ret2, ERR_APPEXECFWK_INSTALL_PERMISSION_DENIED); }