From 24a0c5b6b90300a1ed7282f521fc75ddbebb8544 Mon Sep 17 00:00:00 2001 From: l00520400 Date: Fri, 11 Mar 2022 16:41:50 +0800 Subject: [PATCH 1/3] =?UTF-8?q?=E6=96=B0=E5=A2=9E=E6=8E=A5=E5=8F=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: l00520400 Change-Id: I941d3c0f80679e2f80b22f805b607c262965626a Signed-off-by: l00520400 --- frameworks/accesstoken/BUILD.gn | 1 + .../include/i_accesstoken_manager.h | 4 + .../include/permission_list_state_parcel.h | 39 +++++ .../src/permission_list_state_parcel.cpp | 52 +++++++ .../accesstoken/include/access_token.h | 7 + .../accesstoken/include/accesstoken_kit.h | 2 + .../include/permission_list_state.h | 33 ++++ .../accesstoken/src/accesstoken_kit.cpp | 9 ++ .../src/accesstoken_manager_client.cpp | 36 +++++ .../src/accesstoken_manager_client.h | 1 + .../src/accesstoken_manager_proxy.cpp | 50 ++++++ .../src/accesstoken_manager_proxy.h | 3 + .../unittest/src/accesstoken_kit_test.cpp | 144 +++++++++++++++++- .../include/permission/permission_manager.h | 3 + .../service/accesstoken_manager_service.h | 2 + .../service/accesstoken_manager_stub.h | 1 + .../cpp/src/permission/permission_manager.cpp | 33 ++++ .../service/accesstoken_manager_service.cpp | 26 ++++ .../src/service/accesstoken_manager_stub.cpp | 24 +++ 19 files changed, 465 insertions(+), 5 deletions(-) create mode 100644 frameworks/accesstoken/include/permission_list_state_parcel.h create mode 100644 frameworks/accesstoken/src/permission_list_state_parcel.cpp create mode 100644 interfaces/innerkits/accesstoken/include/permission_list_state.h diff --git a/frameworks/accesstoken/BUILD.gn b/frameworks/accesstoken/BUILD.gn index 6c3e6db17..3471db521 100644 --- a/frameworks/accesstoken/BUILD.gn +++ b/frameworks/accesstoken/BUILD.gn @@ -40,6 +40,7 @@ ohos_shared_library("accesstoken_communication_adapter_cxx") { "src/hap_token_info_parcel.cpp", "src/native_token_info_parcel.cpp", "src/permission_def_parcel.cpp", + "src/permission_list_state_parcel.cpp", "src/permission_state_full_parcel.cpp", ] diff --git a/frameworks/accesstoken/include/i_accesstoken_manager.h b/frameworks/accesstoken/include/i_accesstoken_manager.h index f620e2f56..4eba3f731 100644 --- a/frameworks/accesstoken/include/i_accesstoken_manager.h +++ b/frameworks/accesstoken/include/i_accesstoken_manager.h @@ -27,6 +27,7 @@ #include "iremote_broker.h" #include "native_token_info_parcel.h" #include "permission_def_parcel.h" +#include "permission_list_state_parcel.h" #include "permission_state_full_parcel.h" namespace OHOS { @@ -45,6 +46,8 @@ public: virtual int GetReqPermissions( AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) = 0; virtual int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName) = 0; + virtual PermissionOper GetPermissionsState( + AccessTokenID tokenID, std::vector& permListParcel) = 0; virtual int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag) = 0; virtual int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag) = 0; virtual int ClearUserGrantedPermissionState(AccessTokenID tokenID) = 0; @@ -101,6 +104,7 @@ public: GET_NATIVE_REMOTE_TOKEN = 0xff2f, DUMP_TOKENINFO = 0xff30, + GET_PERMISSION_OPER_STATE = 0xff31, }; }; } // namespace AccessToken diff --git a/frameworks/accesstoken/include/permission_list_state_parcel.h b/frameworks/accesstoken/include/permission_list_state_parcel.h new file mode 100644 index 000000000..c2c180fae --- /dev/null +++ b/frameworks/accesstoken/include/permission_list_state_parcel.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef INTERFACES_INNER_KITS_PERMISSION_PERMISSION_LIST_STATE_PARCEL_H +#define INTERFACES_INNER_KITS_PERMISSION_PERMISSION_LIST_STATE_PARCEL_H + +#include "permission_list_state.h" +#include "parcel.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +struct PermissionListStateParcel final : public Parcelable { + PermissionListStateParcel() = default; + + ~PermissionListStateParcel() override = default; + + bool Marshalling(Parcel &out) const override; + + static PermissionListStateParcel *Unmarshalling(Parcel &in); + + PermissionListState permsState; +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // INTERFACES_INNER_KITS_PERMISSION_PERMISSION_LIST_STATE_PARCEL_H diff --git a/frameworks/accesstoken/src/permission_list_state_parcel.cpp b/frameworks/accesstoken/src/permission_list_state_parcel.cpp new file mode 100644 index 000000000..55d4c25c2 --- /dev/null +++ b/frameworks/accesstoken/src/permission_list_state_parcel.cpp @@ -0,0 +1,52 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "permission_list_state_parcel.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +#define RETURN_IF_FALSE(expr) \ + if (!(expr)) { \ + return false; \ + } + +#define RELEASE_IF_FALSE(expr, obj) \ + if (!(expr)) { \ + delete (obj); \ + (obj) = nullptr; \ + return (obj); \ + } + +bool PermissionListStateParcel::Marshalling(Parcel& out) const +{ + RETURN_IF_FALSE(out.WriteString(this->permsState.permissionName)); + RETURN_IF_FALSE(out.WriteInt32(this->permsState.state)); + return true; +} + +PermissionListStateParcel* PermissionListStateParcel::Unmarshalling(Parcel& in) +{ + auto* permissionStateParcel = new (std::nothrow) PermissionListStateParcel(); + RELEASE_IF_FALSE(permissionStateParcel != nullptr, permissionStateParcel); + + RELEASE_IF_FALSE(in.ReadString(permissionStateParcel->permsState.permissionName), permissionStateParcel); + RELEASE_IF_FALSE(in.ReadInt32(permissionStateParcel->permsState.state), permissionStateParcel); + + return permissionStateParcel; +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/include/access_token.h b/interfaces/innerkits/accesstoken/include/access_token.h index 44130adea..f4f9b492b 100644 --- a/interfaces/innerkits/accesstoken/include/access_token.h +++ b/interfaces/innerkits/accesstoken/include/access_token.h @@ -72,6 +72,13 @@ typedef enum TypePermissionFlag { PERMISSION_USER_FIXED = 1 << 1, PERMISSION_SYSTEM_FIXED = 1 << 2, } PermissionFlag; + +typedef enum TypePermissionOper { + DYNAMIC_OPER = -1, + PASS_OPER = 0, + SETTING_OPER = 1, + INVALID_OPER = 2, +} PermissionOper; } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h index 9f6243cd2..a8a0442f1 100644 --- a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h +++ b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h @@ -23,6 +23,7 @@ #include "hap_token_info.h" #include "native_token_info.h" #include "permission_def.h" +#include "permission_list_state.h" #include "permission_state_full.h" namespace OHOS { @@ -51,6 +52,7 @@ public: static int GetReqPermissions( AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant); static int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName); + static PermissionOper GetPermissionsState(AccessTokenID tokenID, std::vector& permList); static int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag); static int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag); static int ClearUserGrantedPermissionState(AccessTokenID tokenID); diff --git a/interfaces/innerkits/accesstoken/include/permission_list_state.h b/interfaces/innerkits/accesstoken/include/permission_list_state.h new file mode 100644 index 000000000..d093504b5 --- /dev/null +++ b/interfaces/innerkits/accesstoken/include/permission_list_state.h @@ -0,0 +1,33 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef INTERFACES_INNER_KITS_ACCESSTOKEN_PERMISSION_LIST_STATE_H +#define INTERFACES_INNER_KITS_ACCESSTOKEN_PERMISSION_LIST_STATE_H + +#include +#include + +namespace OHOS { +namespace Security { +namespace AccessToken { +class PermissionListState final { +public: + std::string permissionName; + int state; +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // INTERFACES_INNER_KITS_ACCESSTOKEN_PERMISSION_LIST_STATE_H diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp index f8ba04b10..123443185 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp @@ -146,6 +146,15 @@ int AccessTokenKit::GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfo& n return AccessTokenManagerClient::GetInstance().GetNativeTokenInfo(tokenID, nativeTokenInfoRes); } +PermissionOper AccessTokenKit::GetPermissionsState(AccessTokenID tokenID, std::vector& permList) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "tokenID=%{public}d", tokenID); + if (tokenID == 0) { + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID is invalid"); + return INVALID_OPER; + } + return AccessTokenManagerClient::GetInstance().GetPermissionsState(tokenID, permList); +} int AccessTokenKit::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__); diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp index 9d419a67a..2ee717155 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp @@ -126,6 +126,42 @@ int AccessTokenManagerClient::GetPermissionFlag(AccessTokenID tokenID, const std return proxy->GetPermissionFlag(tokenID, permissionName); } +PermissionOper AccessTokenManagerClient::GetPermissionsState( + AccessTokenID tokenID, std::vector& permList) +{ + ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__); + auto proxy = GetProxy(); + if (proxy == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null."); + return INVALID_OPER; + } + + size_t len = permList.size(); + if (len == 0) { + ACCESSTOKEN_LOG_ERROR(LABEL, "len is zero."); + return INVALID_OPER; + } + + std::vector parcelList; + + for (auto perm : permList) { + PermissionListStateParcel permParcel; + permParcel.permsState = perm; + parcelList.emplace_back(permParcel); + } + + PermissionOper result = proxy->GetPermissionsState(tokenID, parcelList); + + if (len != parcelList.size()) { + return INVALID_OPER; + } + for (uint32_t i = 0; i < len; i++) { + PermissionListState perm = parcelList[i].permsState; + permList[i].state = perm.state; + } + return result; +} + int AccessTokenManagerClient::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag) { ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__); diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h index 74df766ed..1015106fb 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h @@ -47,6 +47,7 @@ public: int GetReqPermissions( AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant); int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName); + PermissionOper GetPermissionsState(AccessTokenID tokenID, std::vector& permList); int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag); int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag); int ClearUserGrantedPermissionState(AccessTokenID tokenID); diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp index 218f1da47..5e31f21bc 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp @@ -241,6 +241,56 @@ int AccessTokenManagerProxy::GetPermissionFlag(AccessTokenID tokenID, const std: return result; } +PermissionOper AccessTokenManagerProxy::GetPermissionsState( + AccessTokenID tokenID, std::vector& permListParcel) +{ + MessageParcel data; + data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + if (!data.WriteUint32(tokenID)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID"); + return INVALID_OPER; + } + if (!data.WriteUint32(permListParcel.size())) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write permListParcel size"); + return INVALID_OPER; + } + for (auto permission : permListParcel) { + if (!data.WriteParcelable(&permission)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write permListParcel"); + return INVALID_OPER; + } + } + + MessageParcel reply; + MessageOption option(MessageOption::TF_SYNC); + sptr remote = Remote(); + if (remote == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "remote service null."); + return INVALID_OPER; + } + int32_t requestResult = remote->SendRequest( + static_cast(IAccessTokenManager::InterfaceCode::GET_PERMISSION_OPER_STATE), data, reply, option); + if (requestResult != NO_ERROR) { + ACCESSTOKEN_LOG_ERROR(LABEL, "request fail, result: %{public}d", requestResult); + return INVALID_OPER; + } + + int32_t size = reply.ReadInt32(); + if (size != permListParcel.size()) { + return INVALID_OPER; + } + for (int i = 0; i < size; i++) { + sptr permissionReq = reply.ReadParcelable(); + if (permissionReq != nullptr) { + permListParcel[i].permsState.state = permissionReq->permsState.state; + } + } + + PermissionOper result = static_cast(reply.ReadInt32()); + ACCESSTOKEN_LOG_DEBUG(LABEL, "result from server data = %{public}d", result); + return result; +} + int AccessTokenManagerProxy::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag) { MessageParcel data; diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h index 5463e216b..454287848 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h @@ -28,6 +28,7 @@ #include "iremote_proxy.h" #include "native_token_info_parcel.h" #include "permission_def_parcel.h" +#include "permission_list_state_parcel.h" #include "permission_state_full_parcel.h" namespace OHOS { @@ -47,6 +48,8 @@ public: int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName) override; int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag) override; int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag) override; + PermissionOper GetPermissionsState( + AccessTokenID tokenID, std::vector& permList) override; int ClearUserGrantedPermissionState(AccessTokenID tokenID) override; int GetTokenType(AccessTokenID tokenID) override; int CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap) override; diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp index 34e30ce68..ad6833d24 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp @@ -157,8 +157,46 @@ void AccessTokenKitTest::SetUp() .provisionEnable = false, .distributedSceneEnable = false }; + PermissionDef testPermDef1 = { + .permissionName = "ohos.permission.testPermDef1", + .bundleName = TEST_BUNDLE_NAME, + .grantMode = GrantMode::USER_GRANT, + .availableLevel = APL_NORMAL, + .provisionEnable = false, + .distributedSceneEnable = false + }; + + PermissionDef testPermDef2 = { + .permissionName = "ohos.permission.testPermDef2", + .bundleName = TEST_BUNDLE_NAME, + .grantMode = GrantMode::USER_GRANT, + .availableLevel = APL_NORMAL, + .provisionEnable = false, + .distributedSceneEnable = false + }; + + PermissionDef testPermDef3 = { + .permissionName = "ohos.permission.testPermDef3", + .bundleName = TEST_BUNDLE_NAME, + .grantMode = GrantMode::USER_GRANT, + .availableLevel = APL_NORMAL, + .provisionEnable = false, + .distributedSceneEnable = false + }; + PermissionDef testPermDef4 = { + .permissionName = "ohos.permission.testPermDef4", + .bundleName = TEST_BUNDLE_NAME, + .grantMode = GrantMode::USER_GRANT, + .availableLevel = APL_NORMAL, + .provisionEnable = false, + .distributedSceneEnable = false + }; policy.permList.emplace_back(permissionDefAlpha); policy.permList.emplace_back(permissionDefBeta); + policy.permList.emplace_back(testPermDef1); + policy.permList.emplace_back(testPermDef2); + policy.permList.emplace_back(testPermDef3); + policy.permList.emplace_back(testPermDef4); PermissionStateFull permStatAlpha = { .permissionName = TEST_PERMISSION_NAME_ALPHA, @@ -174,11 +212,47 @@ void AccessTokenKitTest::SetUp() .grantStatus = {PermissionState::PERMISSION_GRANTED}, .grantFlags = {PermissionFlag::PERMISSION_USER_SET} }; + PermissionStateFull permTestState1 = { + .grantFlags = {0}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .isGeneral = true, + .permissionName = "ohos.permission.testPermDef1", + .resDeviceID = {"local"} + }; + + PermissionStateFull permTestState2 = { + .grantFlags = {1}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .isGeneral = true, + .permissionName = "ohos.permission.testPermDef2", + .resDeviceID = {"local"} + }; + + PermissionStateFull permTestState3 = { + .grantFlags = {2}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .isGeneral = true, + .permissionName = "ohos.permission.testPermDef3", + .resDeviceID = {"local"} + }; + + PermissionStateFull permTestState4 = { + .grantFlags = {1}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .isGeneral = true, + .permissionName = "ohos.permission.testPermDef4", + .resDeviceID = {"local"} + }; + policy.permStateList.emplace_back(permStatAlpha); policy.permStateList.emplace_back(permStatBeta); policy.permStateList.emplace_back(g_grantPermissionReq); policy.permStateList.emplace_back(g_revokePermissionReq); - + policy.permStateList.emplace_back(permTestState1); + policy.permStateList.emplace_back(permTestState1); + policy.permStateList.emplace_back(permTestState2); + policy.permStateList.emplace_back(permTestState3); + policy.permStateList.emplace_back(permTestState4); AccessTokenKit::AllocHapToken(info, policy); AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, g_infoManagerTestInfoParms.bundleName, @@ -285,7 +359,7 @@ HWTEST_F(AccessTokenKitTest, GetDefPermissions001, TestSize.Level1) std::vector permDefList; int ret = AccessTokenKit::GetDefPermissions(tokenID, permDefList); ASSERT_EQ(RET_SUCCESS, ret); - ASSERT_EQ(2, permDefList.size()); + ASSERT_EQ(6, permDefList.size()); } /** @@ -350,7 +424,7 @@ HWTEST_F(AccessTokenKitTest, GetDefPermissions004, TestSize.Level0) std::vector permDefList; ret = AccessTokenKit::GetDefPermissions(tokenID, permDefList); ASSERT_EQ(RET_SUCCESS, ret); - ASSERT_EQ(2, permDefList.size()); + ASSERT_EQ(6, permDefList.size()); } } @@ -367,7 +441,7 @@ HWTEST_F(AccessTokenKitTest, GetReqPermissions001, TestSize.Level1) std::vector permStatList; int ret = AccessTokenKit::GetReqPermissions(tokenID, permStatList, false); ASSERT_EQ(RET_SUCCESS, ret); - ASSERT_EQ(1, permStatList.size()); + ASSERT_EQ(5, permStatList.size()); ASSERT_EQ(TEST_PERMISSION_NAME_ALPHA, permStatList[0].permissionName); ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA); @@ -466,7 +540,7 @@ HWTEST_F(AccessTokenKitTest, GetReqPermissions005, TestSize.Level0) std::vector permStatList; ret = AccessTokenKit::GetReqPermissions(tokenID, permStatList, false); ASSERT_EQ(RET_SUCCESS, ret); - ASSERT_EQ(1, permStatList.size()); + ASSERT_EQ(5, permStatList.size()); ASSERT_EQ(TEST_PERMISSION_NAME_ALPHA, permStatList[0].permissionName); } } @@ -3098,4 +3172,64 @@ HWTEST_F(AccessTokenKitTest, SetRemoteNativeTokenInfo001, TestSize.Level1) ASSERT_EQ(resultInfo.dcap[1], "DMSDCAP"); ASSERT_EQ(resultInfo.tokenID, mapID); ASSERT_EQ(resultInfo.tokenAttr, native1.tokenAttr); +} + +/** + * @tc.name: GetPermissionsState001 + * @tc.desc: get permission list state + * @tc.type: FUNC + * @tc.require:AR000GK6T6 + */ +HWTEST_F(AccessTokenKitTest, GetPermissionsState001, TestSize.Level1) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + PermissionListState perm1 = { + .permissionName = "ohos.permission.testPermDef1", + .state = -1, + }; + PermissionListState perm2 = { + .permissionName = "ohos.permission.testPermDef2", + .state = -1, + }; + PermissionListState perm3 = { + .permissionName = "ohos.permission.testPermDef3", + .state = -1, + }; + PermissionListState perm4 = { + .permissionName = "ohos.permission.testPermDef4", + .state = -1, + }; + + std::vector permsList1; + permsList1.emplace_back(perm1); + permsList1.emplace_back(perm2); + permsList1.emplace_back(perm3); + permsList1.emplace_back(perm4); + + PermissionOper ret = AccessTokenKit::GetPermissionsState(tokenID, permsList1); + ASSERT_EQ(DYNAMIC_OPER, ret); + ASSERT_EQ(4, permsList1.size()); + ASSERT_EQ(1, permsList1[0].state); + ASSERT_EQ(1, permsList1[1].state); + ASSERT_EQ(0, permsList1[2].state); + ASSERT_EQ(0, permsList1[3].state); + ASSERT_EQ("ohos.permission.testPermDef1", permsList1[0].permissionName); + ASSERT_EQ("ohos.permission.testPermDef2", permsList1[1].permissionName); + ASSERT_EQ("ohos.permission.testPermDef3", permsList1[2].permissionName); + ASSERT_EQ("ohos.permission.testPermDef4", permsList1[3].permissionName); + + PermissionListState perm5 = { + .permissionName = "ohos.permission.testPermDef5", + .state = -1, + }; + permsList1.emplace_back(perm5); + ret = AccessTokenKit::GetPermissionsState(tokenID, permsList1); + ASSERT_EQ(INVALID_OPER, ret); + + std::vector permsList2; + permsList2.emplace_back(perm3); + permsList2.emplace_back(perm4); + ret = AccessTokenKit::GetPermissionsState(tokenID, permsList2); + ASSERT_EQ(PASS_OPER, ret); } \ No newline at end of file diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h index cdc088127..119f9ba22 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h @@ -22,6 +22,7 @@ #include "access_token.h" #include "hap_token_info_inner.h" #include "permission_def.h" +#include "permission_list_state.h" #include "permission_state_full.h" #include "rwlock.h" @@ -47,6 +48,8 @@ public: void GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag); void RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag); void ClearUserGrantedPermissionState(AccessTokenID tokenID); + int NeedDynamicPop(std::vector permsList, + PermissionListState &permState, bool &res); private: PermissionManager(); void UpdateTokenPermissionState( diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h index 589b641e4..3ac58c361 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h @@ -46,6 +46,8 @@ public: int GetDefPermissions(AccessTokenID tokenID, std::vector& permList) override; int GetReqPermissions( AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) override; + PermissionOper GetPermissionsState( + AccessTokenID tokenID, std::vector& reqPermList) override; int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName) override; int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag) override; int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag) override; diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h index e38295800..866702bd5 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h @@ -39,6 +39,7 @@ private: void GetDefPermissionInner(MessageParcel& data, MessageParcel& reply); void GetDefPermissionsInner(MessageParcel& data, MessageParcel& reply); void GetReqPermissionsInner(MessageParcel& data, MessageParcel& reply); + void GetPermissionsStateInner(MessageParcel& data, MessageParcel& reply); void GetPermissionFlagInner(MessageParcel& data, MessageParcel& reply); void GrantPermissionInner(MessageParcel& data, MessageParcel& reply); void RevokePermissionInner(MessageParcel& data, MessageParcel& reply); diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index 4f352d8b3..296ee92d9 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -195,6 +195,39 @@ int PermissionManager::GetReqPermissions( return RET_SUCCESS; } +int PermissionManager::NeedDynamicPop(std::vector permsList, + PermissionListState &permState, bool &res) +{ + bool foundGoal = false; + int32_t goalGrantStatus; + int32_t goalGrantFlags; + for (auto& perm : permsList) { + if (perm.permissionName == permState.permissionName) { + foundGoal = true; + goalGrantStatus = perm.grantStatus[0]; + goalGrantFlags = perm.grantFlags[0]; + break; + } + } + if (foundGoal == false) { + ACCESSTOKEN_LOG_ERROR(LABEL, + "can not find permission: %{public}s!", permState.permissionName.c_str()); + return RET_FAILED; + } + + if (goalGrantStatus == PERMISSION_DENIED) { + if ((goalGrantFlags == DEFAULT_PERMISSION_FLAGS) || + (goalGrantFlags == PERMISSION_USER_SET)) { + permState.state = 1; + res = true; + return RET_SUCCESS; + } + } + ACCESSTOKEN_LOG_INFO(LABEL, "do not need dynamic pop"); + permState.state = 0; + return RET_SUCCESS; +} + int PermissionManager::GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: 0x%{public}x, permissionName: %{public}s", diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index 997da72d3..aa7ea1b86 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -23,6 +23,7 @@ #include "hap_token_info_inner.h" #include "native_token_info_inner.h" #include "native_token_receptor.h" +#include "permission_list_state.h" #include "permission_manager.h" namespace OHOS { @@ -129,6 +130,31 @@ int AccessTokenManagerService::GetReqPermissions( return ret; } +PermissionOper AccessTokenManagerService::GetPermissionsState( + AccessTokenID tokenID, std::vector& reqPermList) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, id: 0x%{public}x", __func__, tokenID); + bool needRes = false; + std::vector permsList; + int ret = PermissionManager::GetInstance().GetReqPermissions(tokenID, permsList, false); + if (ret != RET_SUCCESS) { + return INVALID_OPER; + } + + int32_t size = reqPermList.size(); + ACCESSTOKEN_LOG_INFO(LABEL, "reqPermList size: 0x%{public}x", size); + for (int32_t i = 0; i < size; i++) { + ret = PermissionManager::GetInstance().NeedDynamicPop(permsList, reqPermList[i].permsState, needRes); + if (ret != RET_SUCCESS) { + return INVALID_OPER; + } + } + if (needRes) { + return DYNAMIC_OPER; + } + return PASS_OPER; +} + int AccessTokenManagerService::GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName) { ACCESSTOKEN_LOG_INFO(LABEL, diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp index fe3f37809..db1cc29df 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp @@ -114,6 +114,28 @@ void AccessTokenManagerStub::GetReqPermissionsInner(MessageParcel& data, Message reply.WriteInt32(result); } +void AccessTokenManagerStub::GetPermissionsStateInner(MessageParcel& data, MessageParcel& reply) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "called"); + std::vector permList; + AccessTokenID tokenID = data.ReadUint32(); + uint32_t size = data.ReadUint32(); + for (uint32_t i = 0; i < size; i++) { + sptr permissionParcel = data.ReadParcelable(); + if (permissionParcel != nullptr) { + permList.emplace_back(*permissionParcel); + } + } + + PermissionOper result = this->GetPermissionsState(tokenID, permList); + + reply.WriteUint32(permList.size()); + for (auto perm : permList) { + reply.WriteParcelable(&perm); + } + reply.WriteInt32(result); +} + void AccessTokenManagerStub::GetPermissionFlagInner(MessageParcel& data, MessageParcel& reply) { unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID(); @@ -462,6 +484,8 @@ AccessTokenManagerStub::AccessTokenManagerStub() &AccessTokenManagerStub::GetRemoteNativeTokenIDInner; requestFuncMap_[static_cast(IAccessTokenManager::InterfaceCode::DUMP_TOKENINFO)] = &AccessTokenManagerStub::DumpTokenInfoInner; + requestFuncMap_[static_cast(IAccessTokenManager::InterfaceCode::GET_PERMISSION_OPER_STATE)] = + &AccessTokenManagerStub::GetPermissionsStateInner; } AccessTokenManagerStub::~AccessTokenManagerStub() -- Gitee From ad5bd8d3ca3453834a0a96412b409542df9fce70 Mon Sep 17 00:00:00 2001 From: l00520400 Date: Sat, 12 Mar 2022 21:01:09 +0800 Subject: [PATCH 2/3] =?UTF-8?q?=E6=A3=80=E8=A7=86=E6=84=8F=E8=A7=81?= =?UTF-8?q?=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: l00520400 Change-Id: I1a7d8ef1b41fb05d902b75af81cd4433b71779bd Signed-off-by: l00520400 --- .../include/i_accesstoken_manager.h | 4 +- .../accesstoken/include/access_token.h | 4 +- .../accesstoken/include/accesstoken_kit.h | 2 +- .../accesstoken/src/accesstoken_kit.cpp | 11 +- .../src/accesstoken_manager_client.cpp | 10 +- .../src/accesstoken_manager_client.h | 2 +- .../src/accesstoken_manager_proxy.cpp | 25 ++-- .../src/accesstoken_manager_proxy.h | 3 +- .../innerkits/accesstoken/test/BUILD.gn | 2 + .../unittest/src/accesstoken_kit_test.cpp | 126 +++++++++--------- .../include/permission/permission_manager.h | 4 +- .../service/accesstoken_manager_service.h | 4 +- .../service/accesstoken_manager_stub.h | 2 +- .../cpp/src/permission/permission_manager.cpp | 26 ++-- .../service/accesstoken_manager_service.cpp | 18 ++- .../src/service/accesstoken_manager_stub.cpp | 11 +- .../cpp/src/token/accesstoken_id_manager.cpp | 3 +- 17 files changed, 136 insertions(+), 121 deletions(-) diff --git a/frameworks/accesstoken/include/i_accesstoken_manager.h b/frameworks/accesstoken/include/i_accesstoken_manager.h index 4eba3f731..c110dbf23 100644 --- a/frameworks/accesstoken/include/i_accesstoken_manager.h +++ b/frameworks/accesstoken/include/i_accesstoken_manager.h @@ -46,8 +46,8 @@ public: virtual int GetReqPermissions( AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) = 0; virtual int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName) = 0; - virtual PermissionOper GetPermissionsState( - AccessTokenID tokenID, std::vector& permListParcel) = 0; + virtual PermissionOper GetSelfPermissionsState( + std::vector& permListParcel) = 0; virtual int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag) = 0; virtual int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag) = 0; virtual int ClearUserGrantedPermissionState(AccessTokenID tokenID) = 0; diff --git a/interfaces/innerkits/accesstoken/include/access_token.h b/interfaces/innerkits/accesstoken/include/access_token.h index f4f9b492b..ed5b4b8a6 100644 --- a/interfaces/innerkits/accesstoken/include/access_token.h +++ b/interfaces/innerkits/accesstoken/include/access_token.h @@ -74,9 +74,9 @@ typedef enum TypePermissionFlag { } PermissionFlag; typedef enum TypePermissionOper { - DYNAMIC_OPER = -1, + SETTING_OPER = -1, PASS_OPER = 0, - SETTING_OPER = 1, + DYNAMIC_OPER = 1, INVALID_OPER = 2, } PermissionOper; } // namespace AccessToken diff --git a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h index a8a0442f1..c6c5baa6c 100644 --- a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h +++ b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h @@ -52,7 +52,7 @@ public: static int GetReqPermissions( AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant); static int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName); - static PermissionOper GetPermissionsState(AccessTokenID tokenID, std::vector& permList); + static PermissionOper GetSelfPermissionsState(std::vector& permList); static int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag); static int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag); static int ClearUserGrantedPermissionState(AccessTokenID tokenID); diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp index 123443185..b5a6b43f4 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp @@ -146,15 +146,12 @@ int AccessTokenKit::GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfo& n return AccessTokenManagerClient::GetInstance().GetNativeTokenInfo(tokenID, nativeTokenInfoRes); } -PermissionOper AccessTokenKit::GetPermissionsState(AccessTokenID tokenID, std::vector& permList) +PermissionOper AccessTokenKit::GetSelfPermissionsState(std::vector& permList) { - ACCESSTOKEN_LOG_INFO(LABEL, "tokenID=%{public}d", tokenID); - if (tokenID == 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID is invalid"); - return INVALID_OPER; - } - return AccessTokenManagerClient::GetInstance().GetPermissionsState(tokenID, permList); + ACCESSTOKEN_LOG_INFO(LABEL, "called."); + return AccessTokenManagerClient::GetInstance().GetSelfPermissionsState(permList); } + int AccessTokenKit::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__); diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp index 2ee717155..96af39c6a 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp @@ -126,8 +126,8 @@ int AccessTokenManagerClient::GetPermissionFlag(AccessTokenID tokenID, const std return proxy->GetPermissionFlag(tokenID, permissionName); } -PermissionOper AccessTokenManagerClient::GetPermissionsState( - AccessTokenID tokenID, std::vector& permList) +PermissionOper AccessTokenManagerClient::GetSelfPermissionsState( + std::vector& permList) { ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__); auto proxy = GetProxy(); @@ -138,8 +138,8 @@ PermissionOper AccessTokenManagerClient::GetPermissionsState( size_t len = permList.size(); if (len == 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "len is zero."); - return INVALID_OPER; + ACCESSTOKEN_LOG_DEBUG(LABEL, "len is zero."); + return PASS_OPER; } std::vector parcelList; @@ -150,7 +150,7 @@ PermissionOper AccessTokenManagerClient::GetPermissionsState( parcelList.emplace_back(permParcel); } - PermissionOper result = proxy->GetPermissionsState(tokenID, parcelList); + PermissionOper result = proxy->GetSelfPermissionsState(parcelList); if (len != parcelList.size()) { return INVALID_OPER; diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h index 1015106fb..6f97162f9 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h @@ -47,7 +47,7 @@ public: int GetReqPermissions( AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant); int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName); - PermissionOper GetPermissionsState(AccessTokenID tokenID, std::vector& permList); + PermissionOper GetSelfPermissionsState(std::vector& permList); int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag); int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag); int ClearUserGrantedPermissionState(AccessTokenID tokenID); diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp index 5e31f21bc..09f2988a5 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp @@ -241,22 +241,18 @@ int AccessTokenManagerProxy::GetPermissionFlag(AccessTokenID tokenID, const std: return result; } -PermissionOper AccessTokenManagerProxy::GetPermissionsState( - AccessTokenID tokenID, std::vector& permListParcel) +PermissionOper AccessTokenManagerProxy::GetSelfPermissionsState( + std::vector& permListParcel) { MessageParcel data; data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); - if (!data.WriteUint32(tokenID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID"); - return INVALID_OPER; - } if (!data.WriteUint32(permListParcel.size())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write permListParcel size"); + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write permListParcel size."); return INVALID_OPER; } for (auto permission : permListParcel) { if (!data.WriteParcelable(&permission)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write permListParcel"); + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write permListParcel."); return INVALID_OPER; } } @@ -271,22 +267,27 @@ PermissionOper AccessTokenManagerProxy::GetPermissionsState( int32_t requestResult = remote->SendRequest( static_cast(IAccessTokenManager::InterfaceCode::GET_PERMISSION_OPER_STATE), data, reply, option); if (requestResult != NO_ERROR) { - ACCESSTOKEN_LOG_ERROR(LABEL, "request fail, result: %{public}d", requestResult); + ACCESSTOKEN_LOG_ERROR(LABEL, "request fail, result: %{public}d.", requestResult); return INVALID_OPER; } - int32_t size = reply.ReadInt32(); + PermissionOper result = static_cast(reply.ReadInt32()); + if (result == INVALID_OPER) { + ACCESSTOKEN_LOG_ERROR(LABEL, "result from server is invalid!"); + return result; + } + size_t size = reply.ReadUint32(); if (size != permListParcel.size()) { + ACCESSTOKEN_LOG_ERROR(LABEL, "permListParcel size from server is invalid!"); return INVALID_OPER; } - for (int i = 0; i < size; i++) { + for (uint32_t i = 0; i < size; i++) { sptr permissionReq = reply.ReadParcelable(); if (permissionReq != nullptr) { permListParcel[i].permsState.state = permissionReq->permsState.state; } } - PermissionOper result = static_cast(reply.ReadInt32()); ACCESSTOKEN_LOG_DEBUG(LABEL, "result from server data = %{public}d", result); return result; } diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h index 454287848..2772b3da6 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h @@ -48,8 +48,7 @@ public: int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName) override; int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag) override; int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag) override; - PermissionOper GetPermissionsState( - AccessTokenID tokenID, std::vector& permList) override; + PermissionOper GetSelfPermissionsState(std::vector& permList) override; int ClearUserGrantedPermissionState(AccessTokenID tokenID) override; int GetTokenType(AccessTokenID tokenID) override; int CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap) override; diff --git a/interfaces/innerkits/accesstoken/test/BUILD.gn b/interfaces/innerkits/accesstoken/test/BUILD.gn index a4782cc90..55d2f912a 100644 --- a/interfaces/innerkits/accesstoken/test/BUILD.gn +++ b/interfaces/innerkits/accesstoken/test/BUILD.gn @@ -23,6 +23,7 @@ ohos_unittest("libaccesstoken_sdk_test") { "//third_party/googletest/include", "//base/security/access_token/interfaces/innerkits/accesstoken/include", "//base/security/access_token/interfaces/innerkits/nativetoken/include", + "//base/security/access_token/interfaces/innerkits/token_setproc/include", "//base/security/access_token/frameworks/common/include", ] @@ -33,6 +34,7 @@ ohos_unittest("libaccesstoken_sdk_test") { deps = [ "//base/security/access_token/interfaces/innerkits/accesstoken:libaccesstoken_sdk", "//base/security/access_token/interfaces/innerkits/nativetoken:libnativetoken", + "//base/security/access_token/interfaces/innerkits/token_setproc:libtoken_setproc", "//utils/native/base:utils", ] diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp index ad6833d24..caff4c1c6 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp @@ -19,6 +19,7 @@ #include "accesstoken_kit.h" #include "nativetoken_kit.h" #include "accesstoken_log.h" +#include "token_setproc.h" using namespace testing::ext; using namespace OHOS::Security::AccessToken; @@ -2135,6 +2136,71 @@ HWTEST_F(AccessTokenKitTest, GetTokenTypeFlag002, TestSize.Level1) ASSERT_EQ(ret, TOKEN_NATIVE); } +/** + * @tc.name: GetSelfPermissionsState001 + * @tc.desc: get permission list state + * @tc.type: FUNC + * @tc.require:AR000GK6T6 + */ +HWTEST_F(AccessTokenKitTest, GetSelfPermissionsState001, TestSize.Level1) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + ASSERT_EQ(0, SetSelfTokenID(tokenID)); + + PermissionListState perm1 = { + .permissionName = "ohos.permission.testPermDef1", + .state = -1, + }; + PermissionListState perm2 = { + .permissionName = "ohos.permission.testPermDef2", + .state = -1, + }; + PermissionListState perm3 = { + .permissionName = "ohos.permission.testPermDef3", + .state = -1, + }; + PermissionListState perm4 = { + .permissionName = "ohos.permission.testPermDef4", + .state = -1, + }; + + std::vector permsList1; + permsList1.emplace_back(perm1); + permsList1.emplace_back(perm2); + permsList1.emplace_back(perm3); + permsList1.emplace_back(perm4); + + PermissionOper ret = AccessTokenKit::GetSelfPermissionsState(permsList1); + ASSERT_EQ(DYNAMIC_OPER, ret); + ASSERT_EQ(4, permsList1.size()); + ASSERT_EQ(DYNAMIC_OPER, permsList1[0].state); + ASSERT_EQ(DYNAMIC_OPER, permsList1[1].state); + ASSERT_EQ(SETTING_OPER, permsList1[2].state); + ASSERT_EQ(PASS_OPER, permsList1[3].state); + ASSERT_EQ("ohos.permission.testPermDef1", permsList1[0].permissionName); + ASSERT_EQ("ohos.permission.testPermDef2", permsList1[1].permissionName); + ASSERT_EQ("ohos.permission.testPermDef3", permsList1[2].permissionName); + ASSERT_EQ("ohos.permission.testPermDef4", permsList1[3].permissionName); + + PermissionListState perm5 = { + .permissionName = "ohos.permission.testPermDef5", + .state = -1, + }; + permsList1.emplace_back(perm5); + ret = AccessTokenKit::GetSelfPermissionsState(permsList1); + ASSERT_EQ(DYNAMIC_OPER, permsList1[0].state); + ASSERT_EQ(DYNAMIC_OPER, ret); + + std::vector permsList2; + permsList2.emplace_back(perm3); + permsList2.emplace_back(perm4); + ret = AccessTokenKit::GetSelfPermissionsState(permsList2); + ASSERT_EQ(SETTING_OPER, permsList2[0].state); + ASSERT_EQ(PASS_OPER, permsList2[1].state); + ASSERT_EQ(PASS_OPER, ret); +} + /** * @tc.name: GetTokenTypeFlag003 * @tc.desc: Get token type with hap tokenID. @@ -3172,64 +3238,4 @@ HWTEST_F(AccessTokenKitTest, SetRemoteNativeTokenInfo001, TestSize.Level1) ASSERT_EQ(resultInfo.dcap[1], "DMSDCAP"); ASSERT_EQ(resultInfo.tokenID, mapID); ASSERT_EQ(resultInfo.tokenAttr, native1.tokenAttr); -} - -/** - * @tc.name: GetPermissionsState001 - * @tc.desc: get permission list state - * @tc.type: FUNC - * @tc.require:AR000GK6T6 - */ -HWTEST_F(AccessTokenKitTest, GetPermissionsState001, TestSize.Level1) -{ - AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); - ASSERT_NE(0, tokenID); - PermissionListState perm1 = { - .permissionName = "ohos.permission.testPermDef1", - .state = -1, - }; - PermissionListState perm2 = { - .permissionName = "ohos.permission.testPermDef2", - .state = -1, - }; - PermissionListState perm3 = { - .permissionName = "ohos.permission.testPermDef3", - .state = -1, - }; - PermissionListState perm4 = { - .permissionName = "ohos.permission.testPermDef4", - .state = -1, - }; - - std::vector permsList1; - permsList1.emplace_back(perm1); - permsList1.emplace_back(perm2); - permsList1.emplace_back(perm3); - permsList1.emplace_back(perm4); - - PermissionOper ret = AccessTokenKit::GetPermissionsState(tokenID, permsList1); - ASSERT_EQ(DYNAMIC_OPER, ret); - ASSERT_EQ(4, permsList1.size()); - ASSERT_EQ(1, permsList1[0].state); - ASSERT_EQ(1, permsList1[1].state); - ASSERT_EQ(0, permsList1[2].state); - ASSERT_EQ(0, permsList1[3].state); - ASSERT_EQ("ohos.permission.testPermDef1", permsList1[0].permissionName); - ASSERT_EQ("ohos.permission.testPermDef2", permsList1[1].permissionName); - ASSERT_EQ("ohos.permission.testPermDef3", permsList1[2].permissionName); - ASSERT_EQ("ohos.permission.testPermDef4", permsList1[3].permissionName); - - PermissionListState perm5 = { - .permissionName = "ohos.permission.testPermDef5", - .state = -1, - }; - permsList1.emplace_back(perm5); - ret = AccessTokenKit::GetPermissionsState(tokenID, permsList1); - ASSERT_EQ(INVALID_OPER, ret); - - std::vector permsList2; - permsList2.emplace_back(perm3); - permsList2.emplace_back(perm4); - ret = AccessTokenKit::GetPermissionsState(tokenID, permsList2); - ASSERT_EQ(PASS_OPER, ret); } \ No newline at end of file diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h index 119f9ba22..64fa632f5 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h @@ -48,8 +48,8 @@ public: void GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag); void RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag); void ClearUserGrantedPermissionState(AccessTokenID tokenID); - int NeedDynamicPop(std::vector permsList, - PermissionListState &permState, bool &res); + void GetSelfPermissionState( + std::vector permsList, PermissionListState &permState); private: PermissionManager(); void UpdateTokenPermissionState( diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h index 3ac58c361..e60c10ada 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h @@ -46,8 +46,8 @@ public: int GetDefPermissions(AccessTokenID tokenID, std::vector& permList) override; int GetReqPermissions( AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) override; - PermissionOper GetPermissionsState( - AccessTokenID tokenID, std::vector& reqPermList) override; + PermissionOper GetSelfPermissionsState( + std::vector& reqPermList) override; int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName) override; int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag) override; int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag) override; diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h index 866702bd5..ff49c9c83 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h @@ -39,7 +39,7 @@ private: void GetDefPermissionInner(MessageParcel& data, MessageParcel& reply); void GetDefPermissionsInner(MessageParcel& data, MessageParcel& reply); void GetReqPermissionsInner(MessageParcel& data, MessageParcel& reply); - void GetPermissionsStateInner(MessageParcel& data, MessageParcel& reply); + void GetSelfPermissionsStateInner(MessageParcel& data, MessageParcel& reply); void GetPermissionFlagInner(MessageParcel& data, MessageParcel& reply); void GrantPermissionInner(MessageParcel& data, MessageParcel& reply); void RevokePermissionInner(MessageParcel& data, MessageParcel& reply); diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index 296ee92d9..d4b38e196 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -195,8 +195,8 @@ int PermissionManager::GetReqPermissions( return RET_SUCCESS; } -int PermissionManager::NeedDynamicPop(std::vector permsList, - PermissionListState &permState, bool &res) +void PermissionManager::GetSelfPermissionState(std::vector permsList, + PermissionListState &permState) { bool foundGoal = false; int32_t goalGrantStatus; @@ -210,22 +210,26 @@ int PermissionManager::NeedDynamicPop(std::vector permsList } } if (foundGoal == false) { - ACCESSTOKEN_LOG_ERROR(LABEL, - "can not find permission: %{public}s!", permState.permissionName.c_str()); - return RET_FAILED; + ACCESSTOKEN_LOG_WARN(LABEL, + "can not find permission: %{public}s define!", permState.permissionName.c_str()); + permState.state = DYNAMIC_OPER; + return; } if (goalGrantStatus == PERMISSION_DENIED) { if ((goalGrantFlags == DEFAULT_PERMISSION_FLAGS) || (goalGrantFlags == PERMISSION_USER_SET)) { - permState.state = 1; - res = true; - return RET_SUCCESS; + permState.state = DYNAMIC_OPER; + return; + } + if (goalGrantFlags == PERMISSION_USER_FIXED) { + permState.state = SETTING_OPER; + return; } } - ACCESSTOKEN_LOG_INFO(LABEL, "do not need dynamic pop"); - permState.state = 0; - return RET_SUCCESS; + + permState.state = PASS_OPER; + return; } int PermissionManager::GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName) diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index aa7ea1b86..087dac7af 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -21,6 +21,7 @@ #include "accesstoken_log.h" #include "hap_token_info.h" #include "hap_token_info_inner.h" +#include "ipc_skeleton.h" #include "native_token_info_inner.h" #include "native_token_receptor.h" #include "permission_list_state.h" @@ -130,13 +131,15 @@ int AccessTokenManagerService::GetReqPermissions( return ret; } -PermissionOper AccessTokenManagerService::GetPermissionsState( - AccessTokenID tokenID, std::vector& reqPermList) +PermissionOper AccessTokenManagerService::GetSelfPermissionsState( + std::vector& reqPermList) { - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, id: 0x%{public}x", __func__, tokenID); + AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID(); + ACCESSTOKEN_LOG_INFO(LABEL, "callingTokenID: %{public}d", callingTokenID); + bool needRes = false; std::vector permsList; - int ret = PermissionManager::GetInstance().GetReqPermissions(tokenID, permsList, false); + int ret = PermissionManager::GetInstance().GetReqPermissions(callingTokenID, permsList, false); if (ret != RET_SUCCESS) { return INVALID_OPER; } @@ -144,9 +147,10 @@ PermissionOper AccessTokenManagerService::GetPermissionsState( int32_t size = reqPermList.size(); ACCESSTOKEN_LOG_INFO(LABEL, "reqPermList size: 0x%{public}x", size); for (int32_t i = 0; i < size; i++) { - ret = PermissionManager::GetInstance().NeedDynamicPop(permsList, reqPermList[i].permsState, needRes); - if (ret != RET_SUCCESS) { - return INVALID_OPER; + PermissionManager::GetInstance().GetSelfPermissionState( + permsList, reqPermList[i].permsState); + if (reqPermList[i].permsState.state == DYNAMIC_OPER) { + needRes = true; } } if (needRes) { diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp index db1cc29df..6b0067a5e 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp @@ -114,11 +114,11 @@ void AccessTokenManagerStub::GetReqPermissionsInner(MessageParcel& data, Message reply.WriteInt32(result); } -void AccessTokenManagerStub::GetPermissionsStateInner(MessageParcel& data, MessageParcel& reply) +void AccessTokenManagerStub::GetSelfPermissionsStateInner(MessageParcel& data, MessageParcel& reply) { ACCESSTOKEN_LOG_INFO(LABEL, "called"); + std::vector permList; - AccessTokenID tokenID = data.ReadUint32(); uint32_t size = data.ReadUint32(); for (uint32_t i = 0; i < size; i++) { sptr permissionParcel = data.ReadParcelable(); @@ -127,13 +127,14 @@ void AccessTokenManagerStub::GetPermissionsStateInner(MessageParcel& data, Messa } } - PermissionOper result = this->GetPermissionsState(tokenID, permList); + PermissionOper result = this->GetSelfPermissionsState(permList); + + reply.WriteInt32(result); reply.WriteUint32(permList.size()); for (auto perm : permList) { reply.WriteParcelable(&perm); } - reply.WriteInt32(result); } void AccessTokenManagerStub::GetPermissionFlagInner(MessageParcel& data, MessageParcel& reply) @@ -485,7 +486,7 @@ AccessTokenManagerStub::AccessTokenManagerStub() requestFuncMap_[static_cast(IAccessTokenManager::InterfaceCode::DUMP_TOKENINFO)] = &AccessTokenManagerStub::DumpTokenInfoInner; requestFuncMap_[static_cast(IAccessTokenManager::InterfaceCode::GET_PERMISSION_OPER_STATE)] = - &AccessTokenManagerStub::GetPermissionsStateInner; + &AccessTokenManagerStub::GetSelfPermissionsStateInner; } AccessTokenManagerStub::~AccessTokenManagerStub() diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp index aacac1416..19d7f2722 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp @@ -93,10 +93,11 @@ AccessTokenID AccessTokenIDManager::CreateAndRegisterTokenId(ATokenTypeEnum type int ret = RegisterTokenId(tokenId, type); if (ret == RET_SUCCESS) { break; - } else if (i == MAX_CREATE_TOKEN_ID_RETRY - 1) { + } else if (i < MAX_CREATE_TOKEN_ID_RETRY - 1) { ACCESSTOKEN_LOG_INFO(LABEL, "reigster tokenId failed, maybe repeat, retry"); } else { ACCESSTOKEN_LOG_WARN(LABEL, "reigster tokenId finally failed"); + tokenId = 0; } } return tokenId; -- Gitee From 78fac8e50687eb28278841b06ea8f5a2579a95b6 Mon Sep 17 00:00:00 2001 From: l00520400 Date: Mon, 14 Mar 2022 22:20:10 +0800 Subject: [PATCH 3/3] Signed-off-by: l00520400 Change-Id: I1fb6d522c7a16f6d080092ff18eb5015ddcea7bc Signed-off-by: l00520400 Change-Id: I85385515f6c807e185db86cab46c95e50dcb9d1e --- .../innerkits/accesstoken/src/accesstoken_manager_client.cpp | 3 +-- .../main/cpp/src/service/accesstoken_manager_stub.cpp | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp index 96af39c6a..3667eb718 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp @@ -129,7 +129,7 @@ int AccessTokenManagerClient::GetPermissionFlag(AccessTokenID tokenID, const std PermissionOper AccessTokenManagerClient::GetSelfPermissionsState( std::vector& permList) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__); + ACCESSTOKEN_LOG_DEBUG(LABEL, "permList.size() : %{public}d.", permList.size()); auto proxy = GetProxy(); if (proxy == nullptr) { ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null."); @@ -149,7 +149,6 @@ PermissionOper AccessTokenManagerClient::GetSelfPermissionsState( permParcel.permsState = perm; parcelList.emplace_back(permParcel); } - PermissionOper result = proxy->GetSelfPermissionsState(parcelList); if (len != parcelList.size()) { diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp index 6b0067a5e..c46b9b29e 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp @@ -116,10 +116,9 @@ void AccessTokenManagerStub::GetReqPermissionsInner(MessageParcel& data, Message void AccessTokenManagerStub::GetSelfPermissionsStateInner(MessageParcel& data, MessageParcel& reply) { - ACCESSTOKEN_LOG_INFO(LABEL, "called"); - std::vector permList; uint32_t size = data.ReadUint32(); + ACCESSTOKEN_LOG_INFO(LABEL, "permList size read from client data is %{public}d.", size); for (uint32_t i = 0; i < size; i++) { sptr permissionParcel = data.ReadParcelable(); if (permissionParcel != nullptr) { -- Gitee