diff --git a/README_zh.md b/README_zh.md index 23be5b3aff107affb9e6cb468b095a4b833101ab..f26ac25409b6a425c3577d3700f1ce61bbc2a800 100644 --- a/README_zh.md +++ b/README_zh.md @@ -49,7 +49,7 @@ ATM模块主要提供如下功能: | AccessTokenID GetHapTokenID(int userID, const std::string& bundleName, int instIndex); | 查询指定应用的tokenId | | int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& hapTokenInfoRes); | 查询指定tokenID对应的hap包的tokenInfo信息 | | int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfo& nativeTokenInfoRes); | 查询指定tokenID对应的native的tokenInfo信息 | -| int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName); | 检查指定tokenID是否具有指定权限 | +| PermissionState VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName); | 检查指定tokenID是否具有指定权限 | | int GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult); | 查询指定权限的权限定义信息 | | int GetDefPermissions(AccessTokenID tokenID, std::vector& permList); | 查询指定tokenID对应的hap包的权限定义集合 | | int GetReqPermissions(AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant); | 查询指定tokenID对应的hap包申请的权限状态集合 | diff --git a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h index 9f6243cd28d79589546e508c249dfad6bd1dd7f4..8c3357932be9b332be8fa7f366078356416f3199 100644 --- a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h +++ b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h @@ -42,9 +42,9 @@ public: static AccessTokenID GetHapTokenID(int userID, const std::string& bundleName, int instIndex); static int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& hapTokenInfoRes); static int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfo& nativeTokenInfoRes); - static int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName); - static int VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName); - static int VerifyAccessToken( + static PermissionState VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName); + static PermissionState VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName); + static PermissionState VerifyAccessToken( AccessTokenID callerTokenID, AccessTokenID firstTokenID, const std::string& permissionName); static int GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult); static int GetDefPermissions(AccessTokenID tokenID, std::vector& permList); diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp index 9a660715964ce4d89057bfda99a1db177330345f..a6e6d7ee6ab49f05f3a890c6b74beb3dfaf93978 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp @@ -139,7 +139,7 @@ int AccessTokenKit::GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfo& n return AccessTokenManagerClient::GetInstance().GetNativeTokenInfo(tokenID, nativeTokenInfoRes); } -int AccessTokenKit::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) +PermissionState AccessTokenKit::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__); if (tokenID == 0) { @@ -154,10 +154,10 @@ int AccessTokenKit::VerifyAccessToken(AccessTokenID tokenID, const std::string& return AccessTokenManagerClient::GetInstance().VerifyAccessToken(tokenID, permissionName); } -int AccessTokenKit::VerifyAccessToken( +PermissionState AccessTokenKit::VerifyAccessToken( AccessTokenID callerTokenID, AccessTokenID firstTokenID, const std::string& permissionName) { - int ret = AccessTokenKit::VerifyAccessToken(callerTokenID, permissionName); + PermissionState ret = AccessTokenKit::VerifyAccessToken(callerTokenID, permissionName); if (ret != PERMISSION_GRANTED) { return ret; } @@ -167,7 +167,7 @@ int AccessTokenKit::VerifyAccessToken( return AccessTokenKit::VerifyAccessToken(firstTokenID, permissionName); } -int AccessTokenKit::VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName) +PermissionState AccessTokenKit::VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__); if (tokenID == 0) { diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp index 51e2d60b51881871a7da75d177b11a6394147e3b..90d2402c4f4e4fec1a24aa9d3a30b926d7905faf 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp @@ -43,7 +43,7 @@ AccessTokenManagerClient::AccessTokenManagerClient() AccessTokenManagerClient::~AccessTokenManagerClient() {} -int AccessTokenManagerClient::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) +PermissionState AccessTokenManagerClient::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) { ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__); auto proxy = GetProxy(); @@ -51,10 +51,10 @@ int AccessTokenManagerClient::VerifyAccessToken(AccessTokenID tokenID, const std ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null"); return PERMISSION_DENIED; } - return proxy->VerifyAccessToken(tokenID, permissionName); + return static_cast(proxy->VerifyAccessToken(tokenID, permissionName)); } -int AccessTokenManagerClient::VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName) +PermissionState AccessTokenManagerClient::VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName) { ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__); auto proxy = GetProxy(); @@ -62,7 +62,7 @@ int AccessTokenManagerClient::VerifyNativeToken(AccessTokenID tokenID, const std ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null"); return PERMISSION_DENIED; } - return proxy->VerifyNativeToken(tokenID, permissionName); + return static_cast(proxy->VerifyNativeToken(tokenID, permissionName)); } int AccessTokenManagerClient::GetDefPermission( diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h index 74df766ed959bff3d915bbaeb9b84371cf345685..68ccc4d2da71e5ce4203741e91b861b0b2120e62 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h @@ -40,8 +40,8 @@ public: virtual ~AccessTokenManagerClient(); - int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName); - int VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName); + PermissionState VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName); + PermissionState VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName); int GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult); int GetDefPermissions(AccessTokenID tokenID, std::vector& permList); int GetReqPermissions( diff --git a/interfaces/kits/accesstoken/napi/include/napi_atmanager.h b/interfaces/kits/accesstoken/napi/include/napi_atmanager.h index 850a702fc686fd192aa4b033ca84952340c9f618..333521c88e3e439a075706a4344f2d7e11e9dfe2 100644 --- a/interfaces/kits/accesstoken/napi/include/napi_atmanager.h +++ b/interfaces/kits/accesstoken/napi/include/napi_atmanager.h @@ -20,6 +20,7 @@ #include #include +#include "accesstoken_kit.h" #include "napi/native_api.h" #include "napi/native_node_api.h" @@ -75,6 +76,7 @@ private: static void RevokeUserGrantedPermissionComplete(napi_env env, napi_status status, void *data); static void GetPermissionFlagsExcute(napi_env env, void *data); static void GetPermissionFlagsComplete(napi_env env, napi_status status, void *data); + static void SetNamedProperty(napi_env env, napi_value dstObj, const int32_t objValue, const char *propName); }; } // namespace AccessToken } // namespace Security diff --git a/interfaces/kits/accesstoken/napi/src/napi_atmanager.cpp b/interfaces/kits/accesstoken/napi/src/napi_atmanager.cpp index 608b3df63b035f29062906871cc8e133942de30d..2b724d6a37c86287517761627818813b6e7e36ca 100644 --- a/interfaces/kits/accesstoken/napi/src/napi_atmanager.cpp +++ b/interfaces/kits/accesstoken/napi/src/napi_atmanager.cpp @@ -19,7 +19,6 @@ #include #include -#include "accesstoken_kit.h" #include "accesstoken_log.h" #include "napi/native_api.h" #include "napi/native_node_api.h" @@ -33,6 +32,13 @@ static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { }; } // namespace +void NapiAtManager::SetNamedProperty(napi_env env, napi_value dstObj, const int32_t objValue, const char *propName) +{ + napi_value prop = nullptr; + napi_create_int32(env, objValue, &prop); + napi_set_named_property(env, dstObj, propName, prop); +} + napi_value NapiAtManager::Init(napi_env env, napi_value exports) { ACCESSTOKEN_LOG_DEBUG(LABEL, "enter init."); @@ -56,6 +62,17 @@ napi_value NapiAtManager::Init(napi_env env, napi_value exports) NAPI_CALL(env, napi_create_reference(env, cons, 1, &atManagerRef_)); NAPI_CALL(env, napi_set_named_property(env, exports, ATMANAGER_CLASS_NAME.c_str(), cons)); + napi_value GrantStatus = nullptr; + napi_create_object(env, &GrantStatus); + + SetNamedProperty(env, GrantStatus, PERMISSION_DENIED, "PERMISSION_DENIED"); + SetNamedProperty(env, GrantStatus, PERMISSION_GRANTED, "PERMISSION_GRANTED"); + + napi_property_descriptor exportFuncs[] = { + DECLARE_NAPI_PROPERTY("GrantStatus", GrantStatus), + }; + napi_define_properties(env, exports, sizeof(exportFuncs) / sizeof(*exportFuncs), exportFuncs); + return exports; } @@ -118,7 +135,7 @@ void NapiAtManager::ParseInputVerifyPermissionOrGetFlag(const napi_env env, cons VALUE_BUFFER_SIZE, &(asyncContext.pNameLen)); // get permissionName } else { ACCESSTOKEN_LOG_ERROR(LABEL, "Type matching failed"); - asyncContext.result = -1; + asyncContext.status = ASYN_THREAD_EXEC_FAIL; } } @@ -176,7 +193,7 @@ napi_value NapiAtManager::VerifyAccessToken(napi_env env, napi_callback_info inf } ParseInputVerifyPermissionOrGetFlag(env, info, *asyncContext); - if (asyncContext->result == -1) { + if (asyncContext->status == ASYN_THREAD_EXEC_FAIL) { delete asyncContext; return nullptr; }