From dfce3075bbc1456d80020f9a813d31fb0fc151f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=8F=B2=E6=99=93=E6=99=93?= Date: Thu, 17 Jul 2025 11:33:02 +0800 Subject: [PATCH 1/3] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E6=9D=83=E9=99=90?= =?UTF-8?q?=E6=A0=A1=E9=AA=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 史晓晓 --- .../hichain/hichain_auth_connector.cpp | 4 +- .../permission/standard/permission_manager.h | 3 + .../standard/permission_manager.cpp | 63 +++++++------------ .../UTTest_permission_manager.cpp | 4 +- test/unittest/BUILD.gn | 4 ++ test/unittest/UTTest_dm_import_auth_code.cpp | 2 +- .../UTTest_ipc_cmd_parser_service.cpp | 6 +- test/unittest/UTTest_mini_tools_kit.cpp | 29 ++++++++- 8 files changed, 64 insertions(+), 51 deletions(-) diff --git a/services/implementation/src/dependency/hichain/hichain_auth_connector.cpp b/services/implementation/src/dependency/hichain/hichain_auth_connector.cpp index 6f0f8a763..b1f2fd031 100644 --- a/services/implementation/src/dependency/hichain/hichain_auth_connector.cpp +++ b/services/implementation/src/dependency/hichain/hichain_auth_connector.cpp @@ -503,8 +503,8 @@ int32_t HiChainAuthConnector::GetCredential(std::string &localUdid, int32_t osAc int32_t HiChainAuthConnector::ImportCredential(int32_t osAccountId, int32_t peerOsAccountId, std::string deviceId, std::string publicKey) { - LOGI("start, deviceId: %{public}s, peerOsAccountId: %{public}d", - GetAnonyString(deviceId).c_str(), peerOsAccountId); + LOGI("start, deviceId: %{public}s, peerOsAccountId: %{public}s", + GetAnonyString(deviceId).c_str(), GetAnonyInt32(peerOsAccountId).c_str()); JsonObject jsonObj; jsonObj["osAccountId"] = osAccountId; jsonObj["peerOsAccountId"] = peerOsAccountId; diff --git a/services/service/include/permission/standard/permission_manager.h b/services/service/include/permission/standard/permission_manager.h index ca52cd987..4b6d14c0d 100644 --- a/services/service/include/permission/standard/permission_manager.h +++ b/services/service/include/permission/standard/permission_manager.h @@ -39,6 +39,9 @@ public: bool CheckProcessNameValidModifyLocalDeviceName(const std::string &processName); bool CheckProcessNameValidModifyRemoteDeviceName(const std::string &processName); bool CheckProcessNameValidPutDeviceProfileInfoList(const std::string &processName); + +private: + bool VerifyAccessTokenByPermissionName(const std::string& permissionName); }; } // namespace DistributedHardware } // namespace OHOS diff --git a/services/service/src/permission/standard/permission_manager.cpp b/services/service/src/permission/standard/permission_manager.cpp index 2934aa391..581d35975 100644 --- a/services/service/src/permission/standard/permission_manager.cpp +++ b/services/service/src/permission/standard/permission_manager.cpp @@ -97,56 +97,17 @@ constexpr int32_t PUT_DEVICE_PROFILE_INFO_LIST_WHITE_LIST_NUM = std::size(PUT_DE bool PermissionManager::CheckPermission(void) { - AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); - if (tokenCaller == 0) { - LOGE("CheckPermission GetCallingTokenID error."); - return false; - } - ATokenTypeEnum tokenTypeFlag = AccessTokenKit::GetTokenTypeFlag(tokenCaller); - if (tokenTypeFlag == ATokenTypeEnum::TOKEN_HAP || tokenTypeFlag == ATokenTypeEnum::TOKEN_NATIVE) { - if (AccessTokenKit::VerifyAccessToken(tokenCaller, DM_SERVICE_ACCESS_PERMISSION) != - PermissionState::PERMISSION_GRANTED) { - LOGE("DM service access is denied, please apply for corresponding permissions"); - return false; - } - } - return true; + return VerifyAccessTokenByPermissionName(DM_SERVICE_ACCESS_PERMISSION); } bool PermissionManager::CheckNewPermission(void) { - AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); - if (tokenCaller == 0) { - LOGE("CheckNewPermission GetCallingTokenID error."); - return false; - } - ATokenTypeEnum tokenTypeFlag = AccessTokenKit::GetTokenTypeFlag(tokenCaller); - if (tokenTypeFlag == ATokenTypeEnum::TOKEN_HAP || tokenTypeFlag == ATokenTypeEnum::TOKEN_NATIVE) { - if (AccessTokenKit::VerifyAccessToken(tokenCaller, DM_SERVICE_ACCESS_NEWPERMISSION) != - PermissionState::PERMISSION_GRANTED) { - LOGE("DM service access is denied, please apply for corresponding new permissions"); - return false; - } - } - return true; + return VerifyAccessTokenByPermissionName(DM_SERVICE_ACCESS_NEWPERMISSION); } bool PermissionManager::CheckMonitorPermission(void) { - AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); - if (tokenCaller == 0) { - LOGE("CheckMonitorPermission GetCallingTokenID error."); - return false; - } - ATokenTypeEnum tokenTypeFlag = AccessTokenKit::GetTokenTypeFlag(tokenCaller); - if (tokenTypeFlag == ATokenTypeEnum::TOKEN_NATIVE) { - if (AccessTokenKit::VerifyAccessToken(tokenCaller, DM_MONITOR_DEVICE_NETWORK_STATE_PERMISSION) != - PermissionState::PERMISSION_GRANTED) { - LOGE("DM service access is denied, please apply for corresponding permissions."); - return false; - } - } - return true; + return VerifyAccessTokenByPermissionName(DM_MONITOR_DEVICE_NETWORK_STATE_PERMISSION); } int32_t PermissionManager::GetCallerProcessName(std::string &processName) @@ -333,5 +294,23 @@ bool PermissionManager::CheckProcessNameValidPutDeviceProfileInfoList(const std: } return false; } + +bool PermissionManager::VerifyAccessTokenByPermissionName(const std::string& permissionName) +{ + AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); + if (tokenCaller == 0) { + LOGE("GetCallingTokenID error."); + return false; + } + ATokenTypeEnum tokenTypeFlag = AccessTokenKit::GetTokenTypeFlag(tokenCaller); + if (tokenTypeFlag == ATokenTypeEnum::TOKEN_HAP || tokenTypeFlag == ATokenTypeEnum::TOKEN_NATIVE) { + if (AccessTokenKit::VerifyAccessToken(tokenCaller, permissionName) == + PermissionState::PERMISSION_GRANTED) { + return true; + } + } + LOGE("DM service access is denied, please apply for corresponding permissions"); + return false; +} } // namespace DistributedHardware } // namespace OHOS diff --git a/test/commonunittest/UTTest_permission_manager.cpp b/test/commonunittest/UTTest_permission_manager.cpp index 3d1e18fad..1cb44f5f9 100644 --- a/test/commonunittest/UTTest_permission_manager.cpp +++ b/test/commonunittest/UTTest_permission_manager.cpp @@ -91,7 +91,7 @@ HWTEST_F(PermissionManagerTest, CheckPermission_001, testing::ext::TestSize.Leve EXPECT_CALL(*ipcSkeletonMock_, GetCallingTokenID()).WillOnce(Return(10)); EXPECT_CALL(*accessTokenKitMock_, GetTokenTypeFlag(_)).WillOnce(Return(ATokenTypeEnum::TOKEN_TYPE_BUTT)); ret = PermissionManager::GetInstance().CheckPermission(); - ASSERT_TRUE(ret); + ASSERT_FALSE(ret); EXPECT_CALL(*ipcSkeletonMock_, GetCallingTokenID()).WillOnce(Return(10)); EXPECT_CALL(*accessTokenKitMock_, GetTokenTypeFlag(_)).WillOnce(Return(ATokenTypeEnum::TOKEN_HAP)); @@ -169,7 +169,7 @@ HWTEST_F(PermissionManagerTest, CheckMonitorPermission_001, testing::ext::TestSi EXPECT_CALL(*ipcSkeletonMock_, GetCallingTokenID()).WillOnce(Return(1001)); EXPECT_CALL(*accessTokenKitMock_, GetTokenTypeFlag(_)).WillOnce(Return(ATokenTypeEnum::TOKEN_TYPE_BUTT)); ret = PermissionManager::GetInstance().CheckMonitorPermission(); - ASSERT_TRUE(ret); + ASSERT_FALSE(ret); EXPECT_CALL(*ipcSkeletonMock_, GetCallingTokenID()).WillOnce(Return(1001)); EXPECT_CALL(*accessTokenKitMock_, GetTokenTypeFlag(_)).WillOnce(Return(ATokenTypeEnum::TOKEN_NATIVE)); diff --git a/test/unittest/BUILD.gn b/test/unittest/BUILD.gn index 03fde27c6..b405c21c9 100644 --- a/test/unittest/BUILD.gn +++ b/test/unittest/BUILD.gn @@ -2089,9 +2089,13 @@ ohos_unittest("UTTest_mini_tools_kit") { deps = [ ":device_manager_test_common" ] external_deps = [ + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken", + "access_token:libtoken_setproc", "ffrt:libffrt", "googletest:gmock", "googletest:gmock_main", + "selinux_adapter:librestorecon", ] } diff --git a/test/unittest/UTTest_dm_import_auth_code.cpp b/test/unittest/UTTest_dm_import_auth_code.cpp index b0f46a1d8..c7ad2bb7c 100644 --- a/test/unittest/UTTest_dm_import_auth_code.cpp +++ b/test/unittest/UTTest_dm_import_auth_code.cpp @@ -44,7 +44,7 @@ void DMImportAuthCodeTest::SetUp() .dcaps = NULL, .perms = perms, .acls = NULL, - .processName = "com.huawei.msdp.hmringgenerator", + .processName = "CollaborationFwk", .aplStr = "system_core", }; tokenId = GetAccessTokenId(&infoInstance); diff --git a/test/unittest/UTTest_ipc_cmd_parser_service.cpp b/test/unittest/UTTest_ipc_cmd_parser_service.cpp index bdc61c11e..719df2374 100644 --- a/test/unittest/UTTest_ipc_cmd_parser_service.cpp +++ b/test/unittest/UTTest_ipc_cmd_parser_service.cpp @@ -1069,7 +1069,7 @@ HWTEST_F(IpcCmdParserServiceTest, OnIpcCmdFunc_042, testing::ext::TestSize.Level if (ptr) { ret = ptr(data, reply); } - ASSERT_EQ(ret, ERR_DM_INPUT_PARA_INVALID); + ASSERT_EQ(ret, ERR_DM_NO_PERMISSION); } HWTEST_F(IpcCmdParserServiceTest, OnIpcCmdFunc_043, testing::ext::TestSize.Level0) @@ -1169,7 +1169,7 @@ HWTEST_F(IpcCmdParserServiceTest, OnIpcCmdFunc_048, testing::ext::TestSize.Level if (ptr) { ret = ptr(data, reply); } - ASSERT_EQ(ret, DM_OK); + ASSERT_EQ(ret, ERR_DM_NO_PERMISSION); } HWTEST_F(IpcCmdParserServiceTest, OnIpcCmdFunc_049, testing::ext::TestSize.Level0) @@ -1184,7 +1184,7 @@ HWTEST_F(IpcCmdParserServiceTest, OnIpcCmdFunc_049, testing::ext::TestSize.Level if (ptr) { ret = ptr(data, reply); } - ASSERT_EQ(ret, DM_OK); + ASSERT_EQ(ret, ERR_DM_NO_PERMISSION); } HWTEST_F(IpcCmdParserServiceTest, OnIpcCmdFunc_050, testing::ext::TestSize.Level0) diff --git a/test/unittest/UTTest_mini_tools_kit.cpp b/test/unittest/UTTest_mini_tools_kit.cpp index 0254139d2..bcb21104e 100644 --- a/test/unittest/UTTest_mini_tools_kit.cpp +++ b/test/unittest/UTTest_mini_tools_kit.cpp @@ -14,7 +14,11 @@ */ #include "UTTest_mini_tools_kit.h" +#include "accesstoken_kit.h" #include "dm_constants.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" + namespace OHOS { namespace DistributedHardware { @@ -24,7 +28,30 @@ namespace { const std::string TEST_SERVICE_NAME = "test_service_name"; } // namespace void MiniToolsKitTest::SetUp() -{} +{ + const int32_t permsNum = 3; + const int32_t indexZero = 0; + const int32_t indexOne = 1; + const int32_t indexTwo = 2; + uint64_t tokenId; + const char *perms[permsNum]; + perms[indexZero] = "ohos.permission.ACCESS_SERVICE_DM"; + perms[indexOne] = "ohos.permission.DISTRIBUTED_DATASYNC"; + perms[indexTwo] = "ohos.permission.MONITOR_DEVICE_NETWORK_STATE"; + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = permsNum, + .aclsNum = 0, + .dcaps = NULL, + .perms = perms, + .acls = NULL, + .processName = "dsoftbus_service", + .aplStr = "system_core", + }; + tokenId = GetAccessTokenId(&infoInstance); + SetSelfTokenID(tokenId); + OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo(); +} void MiniToolsKitTest::TearDown() {} -- Gitee From e9b9fd2c73e3c54f10bc6283eb2ad724777aa0d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=8F=B2=E6=99=93=E6=99=93?= Date: Fri, 18 Jul 2025 10:12:44 +0800 Subject: [PATCH 2/3] =?UTF-8?q?=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 史晓晓 --- .../permission/standard/permission_manager.cpp | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/services/service/src/permission/standard/permission_manager.cpp b/services/service/src/permission/standard/permission_manager.cpp index 581d35975..33836f1ab 100644 --- a/services/service/src/permission/standard/permission_manager.cpp +++ b/services/service/src/permission/standard/permission_manager.cpp @@ -107,7 +107,20 @@ bool PermissionManager::CheckNewPermission(void) bool PermissionManager::CheckMonitorPermission(void) { - return VerifyAccessTokenByPermissionName(DM_MONITOR_DEVICE_NETWORK_STATE_PERMISSION); + AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); + if (tokenCaller == 0) { + LOGE("CheckMonitorPermission GetCallingTokenID error."); + return false; + } + ATokenTypeEnum tokenTypeFlag = AccessTokenKit::GetTokenTypeFlag(tokenCaller); + if (tokenTypeFlag == ATokenTypeEnum::TOKEN_NATIVE) { + if (AccessTokenKit::VerifyAccessToken(tokenCaller, DM_MONITOR_DEVICE_NETWORK_STATE_PERMISSION) != + PermissionState::PERMISSION_GRANTED) { + LOGE("DM service access is denied, please apply for corresponding permissions."); + return false; + } + } + return true; } int32_t PermissionManager::GetCallerProcessName(std::string &processName) @@ -304,8 +317,7 @@ bool PermissionManager::VerifyAccessTokenByPermissionName(const std::string& per } ATokenTypeEnum tokenTypeFlag = AccessTokenKit::GetTokenTypeFlag(tokenCaller); if (tokenTypeFlag == ATokenTypeEnum::TOKEN_HAP || tokenTypeFlag == ATokenTypeEnum::TOKEN_NATIVE) { - if (AccessTokenKit::VerifyAccessToken(tokenCaller, permissionName) == - PermissionState::PERMISSION_GRANTED) { + if (AccessTokenKit::VerifyAccessToken(tokenCaller, permissionName) == PermissionState::PERMISSION_GRANTED) { return true; } } -- Gitee From 6cea3979f3bd66067a8db69b246e267b40939b39 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=8F=B2=E6=99=93=E6=99=93?= Date: Fri, 18 Jul 2025 10:16:44 +0800 Subject: [PATCH 3/3] =?UTF-8?q?=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 史晓晓 --- test/commonunittest/UTTest_permission_manager.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/commonunittest/UTTest_permission_manager.cpp b/test/commonunittest/UTTest_permission_manager.cpp index 1cb44f5f9..1ddd7830f 100644 --- a/test/commonunittest/UTTest_permission_manager.cpp +++ b/test/commonunittest/UTTest_permission_manager.cpp @@ -169,7 +169,7 @@ HWTEST_F(PermissionManagerTest, CheckMonitorPermission_001, testing::ext::TestSi EXPECT_CALL(*ipcSkeletonMock_, GetCallingTokenID()).WillOnce(Return(1001)); EXPECT_CALL(*accessTokenKitMock_, GetTokenTypeFlag(_)).WillOnce(Return(ATokenTypeEnum::TOKEN_TYPE_BUTT)); ret = PermissionManager::GetInstance().CheckMonitorPermission(); - ASSERT_FALSE(ret); + ASSERT_TRUE(ret); EXPECT_CALL(*ipcSkeletonMock_, GetCallingTokenID()).WillOnce(Return(1001)); EXPECT_CALL(*accessTokenKitMock_, GetTokenTypeFlag(_)).WillOnce(Return(ATokenTypeEnum::TOKEN_NATIVE)); -- Gitee