From ef0cc5ec8d6ff90e2793a5e536f50684bbf280e4 Mon Sep 17 00:00:00 2001
From: fangJinliang1 <fangjinliang1@huawei.com>
Date: Tue, 26 Jul 2022 22:43:54 +0800
Subject: [PATCH] DLP modify

Signed-off-by: fangJinliang1 <fangjinliang1@huawei.com>
Change-Id: I41aa1ee01411ab24601fec4260160b7cd2ed9e65
Signed-off-by: fangJinliang1 <fangjinliang1@huawei.com>
---
 .../core/common/include/ans_inner_errors.h    |  1 +
 services/ans/include/access_token_helper.h    |  1 +
 services/ans/src/access_token_helper.cpp      | 13 +++++++++
 .../ans/src/advanced_notification_service.cpp |  7 +++++
 .../advanced_notification_service_test.cpp    | 27 +++++++++++++++++++
 services/ans/test/unittest/ans_ut_constant.h  |  1 +
 .../mock/mock_access_token_helper.cpp         |  5 ++++
 .../mock/mock_access_token_helper.cpp         |  5 ++++
 8 files changed, 60 insertions(+)

diff --git a/frameworks/core/common/include/ans_inner_errors.h b/frameworks/core/common/include/ans_inner_errors.h
index c4f88bcc4..3fd34d197 100644
--- a/frameworks/core/common/include/ans_inner_errors.h
+++ b/frameworks/core/common/include/ans_inner_errors.h
@@ -76,6 +76,7 @@ enum ErrorCode : uint32_t {
     ERR_ANS_GET_ACTIVE_USER_FAILED,
     ERR_ANS_SUBSCRIBER_IS_DELETING,
     ERR_ANS_PREFERENCES_NOTIFICATION_SLOT_ENABLED,
+    ERR_ANS_DLP_HAP,
 };
 }  // namespace Notification
 }  // namespace OHOS
diff --git a/services/ans/include/access_token_helper.h b/services/ans/include/access_token_helper.h
index 965ca236a..1f6dbebe3 100644
--- a/services/ans/include/access_token_helper.h
+++ b/services/ans/include/access_token_helper.h
@@ -35,6 +35,7 @@ public:
         const Security::AccessToken::AccessTokenID &tokenCaller, const std::string &permission);
     static bool VerifyNativeToken(const Security::AccessToken::AccessTokenID &callerToken);
     static bool IsSystemHap();
+    static bool IsDlpHap(const Security::AccessToken::AccessTokenID &callerToken);
 };
 }  // namespace Notification
 }  // namespace OHOS
diff --git a/services/ans/src/access_token_helper.cpp b/services/ans/src/access_token_helper.cpp
index f11006b65..881c810d9 100644
--- a/services/ans/src/access_token_helper.cpp
+++ b/services/ans/src/access_token_helper.cpp
@@ -55,5 +55,18 @@ bool AccessTokenHelper::IsSystemHap()
     }
     return false;
 }
+
+bool AccessTokenHelper::IsDlpHap(const AccessTokenID &callerToken)
+{
+    ATokenTypeEnum type = AccessTokenKit::GetTokenTypeFlag(callerToken);
+    if (type == ATokenTypeEnum::TOKEN_HAP) {
+        HapTokenInfo info;
+        AccessTokenKit::GetHapTokenInfo(callerToken, info);
+        if (info.dlpType == DlpType::DLP_READ || info.dlpType == DlpType::DLP_FULL_CONTROL) {
+            return true;
+        }
+    }
+    return false;
+}
 }  // namespace Notification
 }  // namespace OHOS
\ No newline at end of file
diff --git a/services/ans/src/advanced_notification_service.cpp b/services/ans/src/advanced_notification_service.cpp
index 40060eaaf..1d39e77fa 100644
--- a/services/ans/src/advanced_notification_service.cpp
+++ b/services/ans/src/advanced_notification_service.cpp
@@ -509,6 +509,13 @@ ErrCode AdvancedNotificationService::Publish(const std::string &label, const spt
             break;
         }
 
+        Security::AccessToken::AccessTokenID callerToken = IPCSkeleton::GetCallingTokenID();
+        if (AccessTokenHelper::IsDlpHap(callerToken)) {
+            result = ERR_ANS_DLP_HAP;
+            ANS_LOGE("DLP hap not allowed to send notifications");
+            break;
+        }
+
         sptr<NotificationBundleOption> bundleOption;
         result = PrepareNotificationInfo(request, bundleOption);
         if (result != ERR_OK) {
diff --git a/services/ans/test/unittest/advanced_notification_service_test.cpp b/services/ans/test/unittest/advanced_notification_service_test.cpp
index b724d6573..638b7aba6 100644
--- a/services/ans/test/unittest/advanced_notification_service_test.cpp
+++ b/services/ans/test/unittest/advanced_notification_service_test.cpp
@@ -1766,5 +1766,32 @@ HWTEST_F(AdvancedNotificationServiceTest, AdvancedNotificationServiceTest_12300,
     req->SetCreatorUid(1);
     EXPECT_EQ(advancedNotificationService_->Publish(label, req), 0);
 }
+
+/*
+ * @tc.name: AdvancedNotificationServiceTest_12400
+ * @tc.desc: DLP App publish notification failed.
+ * @tc.type: FUNC
+ */
+HWTEST_F(AdvancedNotificationServiceTest, AdvancedNotificationServiceTest_12400, Function | SmallTest | Level1)
+{
+    IPCSkeleton::SetCallingTokenID(DLP_NATIVE_TOKEN);
+    sptr<NotificationRequest> req = new (std::nothrow) NotificationRequest(1);
+    EXPECT_NE(req, nullptr);
+    req->SetSlotType(NotificationConstant::SlotType::OTHER);
+    req->SetLabel("req's label");
+    std::string label = "publish's label";
+    std::shared_ptr<NotificationNormalContent> normalContent = std::make_shared<NotificationNormalContent>();
+    EXPECT_NE(normalContent, nullptr);
+    normalContent->SetText("normalContent's text");
+    normalContent->SetTitle("normalContent's title");
+    std::shared_ptr<NotificationContent> content = std::make_shared<NotificationContent>(normalContent);
+    EXPECT_NE(content, nullptr);
+    req->SetContent(content);
+    EXPECT_EQ(advancedNotificationService_->Publish(label, req), ERR_ANS_DLP_HAP);
+    SleepForFC();
+
+    IPCSkeleton::SetCallingTokenID(NATIVE_TOKEN);
+    EXPECT_EQ(advancedNotificationService_->Publish(label, req), ERR_OK);
+}
 }  // namespace Notification
 }  // namespace OHOS
\ No newline at end of file
diff --git a/services/ans/test/unittest/ans_ut_constant.h b/services/ans/test/unittest/ans_ut_constant.h
index 55f5f9d7c..2e8a9b906 100644
--- a/services/ans/test/unittest/ans_ut_constant.h
+++ b/services/ans/test/unittest/ans_ut_constant.h
@@ -22,6 +22,7 @@ namespace OHOS {
 namespace Notification {
 constexpr uint32_t NATIVE_TOKEN = 0;
 constexpr uint32_t NON_NATIVE_TOKEN = 1;
+constexpr uint32_t DLP_NATIVE_TOKEN = 2;
 constexpr int32_t SYSTEM_APP_UID = 100;
 constexpr int32_t NON_SYSTEM_APP_UID = 1000;
 constexpr int32_t NON_BUNDLE_NAME_UID = 2000;
diff --git a/services/ans/test/unittest/mock/mock_access_token_helper.cpp b/services/ans/test/unittest/mock/mock_access_token_helper.cpp
index 903342e7a..bd46ec578 100644
--- a/services/ans/test/unittest/mock/mock_access_token_helper.cpp
+++ b/services/ans/test/unittest/mock/mock_access_token_helper.cpp
@@ -38,5 +38,10 @@ bool AccessTokenHelper::IsSystemHap()
     }
     return false;
 }
+
+bool AccessTokenHelper::IsDlpHap(const Security::AccessToken::AccessTokenID &callerToken)
+{
+    return callerToken == DLP_NATIVE_TOKEN;
+}
 }  // namespace Notification
 }  // namespace OHOS
\ No newline at end of file
diff --git a/services/test/moduletest/mock/mock_access_token_helper.cpp b/services/test/moduletest/mock/mock_access_token_helper.cpp
index 3cbeab21c..99162858e 100644
--- a/services/test/moduletest/mock/mock_access_token_helper.cpp
+++ b/services/test/moduletest/mock/mock_access_token_helper.cpp
@@ -32,5 +32,10 @@ bool AccessTokenHelper::IsSystemHap()
 {
     return true;
 }
+
+bool AccessTokenHelper::IsDlpHap(const Security::AccessToken::AccessTokenID &callerToken)
+{
+    return false;
+}
 }  // namespace Notification
 }  // namespace OHOS
\ No newline at end of file
-- 
Gitee