diff --git a/frameworks/accesstoken/src/hap_info_parcel.cpp b/frameworks/accesstoken/src/hap_info_parcel.cpp index f167dda0c58ab1d2d849bc94de551c2f184fe11a..b7569ca1fe918e169177d5a622ebb57976752f7b 100644 --- a/frameworks/accesstoken/src/hap_info_parcel.cpp +++ b/frameworks/accesstoken/src/hap_info_parcel.cpp @@ -35,6 +35,7 @@ bool HapInfoParcel::Marshalling(Parcel& out) const RETURN_IF_FALSE(out.WriteInt32(this->hapInfoParameter.userID)); RETURN_IF_FALSE(out.WriteString(this->hapInfoParameter.bundleName)); RETURN_IF_FALSE(out.WriteInt32(this->hapInfoParameter.instIndex)); + RETURN_IF_FALSE(out.WriteInt32(this->hapInfoParameter.dlpType)); RETURN_IF_FALSE(out.WriteString(this->hapInfoParameter.appIDDesc)); return true; } @@ -46,6 +47,7 @@ HapInfoParcel* HapInfoParcel::Unmarshalling(Parcel& in) RELEASE_IF_FALSE(in.ReadInt32(hapInfoParcel->hapInfoParameter.userID), hapInfoParcel); hapInfoParcel->hapInfoParameter.bundleName = in.ReadString(); RELEASE_IF_FALSE(in.ReadInt32(hapInfoParcel->hapInfoParameter.instIndex), hapInfoParcel); + RELEASE_IF_FALSE(in.ReadInt32(hapInfoParcel->hapInfoParameter.dlpType), hapInfoParcel); hapInfoParcel->hapInfoParameter.appIDDesc = in.ReadString(); return hapInfoParcel; diff --git a/frameworks/accesstoken/src/hap_token_info_parcel.cpp b/frameworks/accesstoken/src/hap_token_info_parcel.cpp index 025d29a0a78ece97c93f0c4aa2076c8c4431ee64..3ff51d4584a7bbd876abfb512b1af79d6a02799a 100644 --- a/frameworks/accesstoken/src/hap_token_info_parcel.cpp +++ b/frameworks/accesstoken/src/hap_token_info_parcel.cpp @@ -37,6 +37,7 @@ bool HapTokenInfoParcel::Marshalling(Parcel& out) const RETURN_IF_FALSE(out.WriteInt32(this->hapTokenInfoParams.userID)); RETURN_IF_FALSE(out.WriteString(this->hapTokenInfoParams.bundleName)); RETURN_IF_FALSE(out.WriteInt32(this->hapTokenInfoParams.instIndex)); + RETURN_IF_FALSE(out.WriteInt32(this->hapTokenInfoParams.dlpType)); RETURN_IF_FALSE(out.WriteString(this->hapTokenInfoParams.appID)); RETURN_IF_FALSE(out.WriteString(this->hapTokenInfoParams.deviceID)); RETURN_IF_FALSE(out.WriteUint32(this->hapTokenInfoParams.tokenID)); @@ -57,6 +58,7 @@ HapTokenInfoParcel* HapTokenInfoParcel::Unmarshalling(Parcel& in) RELEASE_IF_FALSE(in.ReadInt32(hapTokenInfoParcel->hapTokenInfoParams.userID), hapTokenInfoParcel); hapTokenInfoParcel->hapTokenInfoParams.bundleName = in.ReadString(); RELEASE_IF_FALSE(in.ReadInt32(hapTokenInfoParcel->hapTokenInfoParams.instIndex), hapTokenInfoParcel); + RELEASE_IF_FALSE(in.ReadInt32(hapTokenInfoParcel->hapTokenInfoParams.dlpType), hapTokenInfoParcel); hapTokenInfoParcel->hapTokenInfoParams.appID = in.ReadString(); hapTokenInfoParcel->hapTokenInfoParams.deviceID = in.ReadString(); RELEASE_IF_FALSE(in.ReadUint32(hapTokenInfoParcel->hapTokenInfoParams.tokenID), hapTokenInfoParcel); diff --git a/frameworks/common/include/data_validator.h b/frameworks/common/include/data_validator.h index db08ee9aaa3bc82fcce934229c632b3b2a04cf52..bea3c582a507a6ff1b77d669a0e34fcfa424df0f 100644 --- a/frameworks/common/include/data_validator.h +++ b/frameworks/common/include/data_validator.h @@ -46,6 +46,7 @@ public: static bool IsPermissionFlagValid(int flag); static bool IsDcapValid(const std::string& dcap); static bool IsTokenIDValid(AccessTokenID id); + static bool IsDlpTypeValid(int dlpType); private: const static int MAX_LENGTH = 256; diff --git a/frameworks/common/src/data_validator.cpp b/frameworks/common/src/data_validator.cpp index d6b0991f6d7d3ffe1422ca59fc9e26a11947826c..92bda34ee5ad11cbbcef602800c32962e8b243b8 100644 --- a/frameworks/common/src/data_validator.cpp +++ b/frameworks/common/src/data_validator.cpp @@ -86,6 +86,11 @@ bool DataValidator::IsTokenIDValid(AccessTokenID id) { return id != 0; } + +bool DataValidator::IsDlpTypeValid(int dlpType) +{ + return ((dlpType == DLP_COMMON) || (dlpType == DLP_READ) || (dlpType == DLP_FULL_CONTROL)); +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/include/access_token.h b/interfaces/innerkits/accesstoken/include/access_token.h index 886c3393867c7bdacc7637a03a288c5745ca5661..263fe166026d0d902fd0de20222006411c7f5e0f 100644 --- a/interfaces/innerkits/accesstoken/include/access_token.h +++ b/interfaces/innerkits/accesstoken/include/access_token.h @@ -33,7 +33,8 @@ enum AccessTokenKitRet { typedef struct { unsigned int tokenUniqueID : 20; - unsigned int res : 7; + unsigned int res : 6; + unsigned int dlpFlag : 1; unsigned int type : 2; unsigned int version : 3; } AccessTokenIDInner; @@ -81,6 +82,12 @@ typedef enum TypePermissionOper { DYNAMIC_OPER = 1, INVALID_OPER = 2, } PermissionOper; + +typedef enum DlpType { + DLP_COMMON = 0, + DLP_READ = 1, + DLP_FULL_CONTROL = 2, +} HapDlpType; } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/include/hap_token_info.h b/interfaces/innerkits/accesstoken/include/hap_token_info.h index f2fc23426fafd5925861245494720f287401ce6e..a483188435dc3fe793f2ddc4a658e477dabd14c3 100644 --- a/interfaces/innerkits/accesstoken/include/hap_token_info.h +++ b/interfaces/innerkits/accesstoken/include/hap_token_info.h @@ -30,6 +30,7 @@ public: int userID; std::string bundleName; int instIndex; + int dlpType; std::string appIDDesc; }; @@ -48,6 +49,7 @@ public: int userID; std::string bundleName; int instIndex; + int dlpType; std::string appID; std::string deviceID; AccessTokenID tokenID; diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp index 9a16bc7bbdce47941b0b33cdd1cb773702b41521..a58f08c8a0bd630c81a259c1cb512c9f494a5383 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp @@ -35,7 +35,7 @@ AccessTokenIDEx AccessTokenKit::AllocHapToken(const HapInfoParams& info, const H ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__); if ((!DataValidator::IsUserIdValid(info.userID)) || !DataValidator::IsAppIDDescValid(info.appIDDesc) || !DataValidator::IsBundleNameValid(info.bundleName) || !DataValidator::IsAplNumValid(policy.apl) || - !DataValidator::IsDomainValid(policy.domain)) { + !DataValidator::IsDomainValid(policy.domain) || !DataValidator::IsDlpTypeValid(info.dlpType)) { ACCESSTOKEN_LOG_ERROR(LABEL, "input param failed"); return res; } diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp index 7758db9863c3236827ec97a775f3677008a87713..8613c6169a657c1c25d647d7ce65af9d9e693402 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp @@ -1605,6 +1605,102 @@ HWTEST_F(AccessTokenKitTest, AllocHapToken017, TestSize.Level1) g_infoManagerTestPolicyPrams.permList[0].permissionName = backUpPermission; } +/** + * @tc.name: AllocHapToken018 + * @tc.desc: alloc a tokenId with vaild dlptype. + * @tc.type: FUNC + * @tc.require:AR000H4SAB + */ +HWTEST_F(AccessTokenKitTest, AllocHapToken018, TestSize.Level1) +{ + AccessTokenIDEx tokenIdEx = {0}; + HapPolicyParams infoManagerTestPolicyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain", + .permList = {}, + .permStateList = {} + }; + HapInfoParams infoManagerTestInfoParms1 = { + .bundleName = "dlp_test1", + .userID = 1, + .instIndex = 0, + .dlpType = DLP_COMMON, + .appIDDesc = "testtesttesttest" + }; + HapInfoParams infoManagerTestInfoParms2 = { + .bundleName = "dlp_test2", + .userID = 1, + .instIndex = 1, + .dlpType = DLP_READ, + .appIDDesc = "testtesttesttest" + }; + HapInfoParams infoManagerTestInfoParms3 = { + .bundleName = "dlp_test3", + .userID = 1, + .instIndex = 2, + .dlpType = DLP_FULL_CONTROL, + .appIDDesc = "testtesttesttest" + }; + HapTokenInfo hapTokenInfoRes; + + tokenIdEx= AccessTokenKit::AllocHapToken(infoManagerTestInfoParms1, infoManagerTestPolicyPrams); + ASSERT_NE(0, tokenIdEx.tokenIdExStruct.tokenID); + int ret = AccessTokenKit::GetHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID, hapTokenInfoRes); + ASSERT_EQ(ret, RET_SUCCESS); + ASSERT_EQ(hapTokenInfoRes.dlpType, DLP_COMMON); + ret = AccessTokenKit::DeleteToken(tokenIdEx.tokenIdExStruct.tokenID); + ASSERT_EQ(RET_SUCCESS, ret); + ret = AccessTokenKit::GetHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID, hapTokenInfoRes); + ASSERT_EQ(ret, RET_FAILED); + + tokenIdEx = AccessTokenKit::AllocHapToken(infoManagerTestInfoParms2, infoManagerTestPolicyPrams); + ASSERT_NE(0, tokenIdEx.tokenIdExStruct.tokenID); + ret = AccessTokenKit::GetHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID, hapTokenInfoRes); + ASSERT_EQ(ret, RET_SUCCESS); + ASSERT_EQ(hapTokenInfoRes.dlpType, DLP_READ); + ret = AccessTokenKit::DeleteToken(tokenIdEx.tokenIdExStruct.tokenID); + ASSERT_EQ(RET_SUCCESS, ret); + ret = AccessTokenKit::GetHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID, hapTokenInfoRes); + ASSERT_EQ(ret, RET_FAILED); + + tokenIdEx = AccessTokenKit::AllocHapToken(infoManagerTestInfoParms3, infoManagerTestPolicyPrams); + ASSERT_NE(0, tokenIdEx.tokenIdExStruct.tokenID); + ret = AccessTokenKit::GetHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID, hapTokenInfoRes); + ASSERT_EQ(ret, RET_SUCCESS); + ASSERT_EQ(hapTokenInfoRes.dlpType, DLP_FULL_CONTROL); + ret = AccessTokenKit::DeleteToken(tokenIdEx.tokenIdExStruct.tokenID); + ASSERT_EQ(RET_SUCCESS, ret); + ret = AccessTokenKit::GetHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID, hapTokenInfoRes); + ASSERT_EQ(ret, RET_FAILED); +} + +/** + * @tc.name: AllocHapToken019 + * @tc.desc: cannot alloc a tokenId with invaild dlptype. + * @tc.type: FUNC + * @tc.require:AR000H4SAB + */ +HWTEST_F(AccessTokenKitTest, AllocHapToken019, TestSize.Level1) +{ + AccessTokenIDEx tokenIdEx = {0}; + HapPolicyParams infoManagerTestPolicyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain", + .permList = {}, + .permStateList = {} + }; + HapInfoParams infoManagerTestInfoParms1 = { + .bundleName = "accesstoken_test", + .userID = 1, + .instIndex = 4, + .dlpType = INVALID_DLP_TYPE, + .appIDDesc = "testtesttesttest" + }; + + tokenIdEx = AccessTokenKit::AllocHapToken(infoManagerTestInfoParms1, infoManagerTestPolicyPrams); + ASSERT_EQ(0, tokenIdEx.tokenIdExStruct.tokenID); +} + /** * @tc.name: UpdateHapToken001 * @tc.desc: alloc a tokenId successfully, update it successfully and verify it. diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.h b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.h index 8464e5c8aa824d264eb8379f6cc325c3ec2f616c..3db3e42ac13f610ba6ad34e82c4cd7500d1a7a85 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.h +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.h @@ -36,6 +36,7 @@ static const int INVALID_PERMNAME_LEN = 260; static const int CYCLE_TIMES = 100; static const int THREAD_NUM = 3; static const int INVALID_DCAP_LEN = 1025; +static const int INVALID_DLP_TYPE = 4; class AccessTokenKitTest : public testing::Test { public: static void SetUpTestCase(); diff --git a/services/accesstokenmanager/main/cpp/include/database/field_const.h b/services/accesstokenmanager/main/cpp/include/database/field_const.h index 7e75ef13a76e59bcfa8c96057a336a4d8f8ad089..5d31e933b85ef0be802c6da48160cde8a5a7f550 100644 --- a/services/accesstokenmanager/main/cpp/include/database/field_const.h +++ b/services/accesstokenmanager/main/cpp/include/database/field_const.h @@ -25,6 +25,7 @@ const std::string FIELD_TOKEN_ID = "token_id"; const std::string FIELD_USER_ID = "user_id"; const std::string FIELD_BUNDLE_NAME = "bundle_name"; const std::string FIELD_INST_INDEX = "inst_index"; +const std::string FIELD_DLP_TYPE = "dlp_type"; const std::string FIELD_APP_ID = "app_id"; const std::string FIELD_DEVICE_ID = "device_id"; const std::string FIELD_APL = "apl"; diff --git a/services/accesstokenmanager/main/cpp/include/token/accesstoken_id_manager.h b/services/accesstokenmanager/main/cpp/include/token/accesstoken_id_manager.h index d3ba10be73a14c33bef96055d9015e6d6e8d1473..d19803abc6a132459ebc5746911f30b9ace3b38c 100644 --- a/services/accesstokenmanager/main/cpp/include/token/accesstoken_id_manager.h +++ b/services/accesstokenmanager/main/cpp/include/token/accesstoken_id_manager.h @@ -35,16 +35,17 @@ public: virtual ~AccessTokenIDManager() = default; int AddTokenId(AccessTokenID id, ATokenTypeEnum type); - AccessTokenID CreateAndRegisterTokenId(ATokenTypeEnum type); + AccessTokenID CreateAndRegisterTokenId(ATokenTypeEnum type, int dlpType); int RegisterTokenId(AccessTokenID id, ATokenTypeEnum type); void ReleaseTokenId(AccessTokenID id); ATokenTypeEnum GetTokenIdType(AccessTokenID id); + int GetTokenIdDlpFlag(AccessTokenID id); static ATokenTypeEnum GetTokenIdTypeEnum(AccessTokenID id); private: AccessTokenIDManager() = default; DISALLOW_COPY_AND_MOVE(AccessTokenIDManager); - AccessTokenID CreateTokenId(ATokenTypeEnum type) const; + AccessTokenID CreateTokenId(ATokenTypeEnum type, int dlpType) const; OHOS::Utils::RWLock tokenIdLock_; std::set tokenIdSet_; diff --git a/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h b/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h index c28b41298f9844068300b0e43d3559e17f740d09..3108dd9821d351ba008671bb32006a743cdbec76 100644 --- a/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h +++ b/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h @@ -49,6 +49,7 @@ public: std::shared_ptr GetHapInfoPermissionPolicySet() const; HapTokenInfo GetHapInfoBasic() const; int GetUserID() const; + int GetDlpType() const; std::string GetBundleName() const; int GetInstIndex() const; AccessTokenID GetTokenID() const; diff --git a/services/accesstokenmanager/main/cpp/src/database/data_translator.cpp b/services/accesstokenmanager/main/cpp/src/database/data_translator.cpp index 7d45f5280ab5152a2c38a02f714b2705463a0c45..5dc08b762780c4f8c713bff8536531a99372073b 100644 --- a/services/accesstokenmanager/main/cpp/src/database/data_translator.cpp +++ b/services/accesstokenmanager/main/cpp/src/database/data_translator.cpp @@ -51,7 +51,7 @@ int DataTranslator::TranslationIntoPermissionDef(const GenericValues& inGenericV outPermissionDef.grantMode = inGenericValues.GetInt(FIELD_GRANT_MODE); int aplNum = inGenericValues.GetInt(FIELD_AVAILABLE_LEVEL); if (!DataValidator::IsAplNumValid(aplNum)) { - ACCESSTOKEN_LOG_WARN(LABEL, "Apl is wrong."); + ACCESSTOKEN_LOG_ERROR(LABEL, "Apl is wrong."); return RET_FAILED; } outPermissionDef.availableLevel = (ATokenAplEnum)aplNum; @@ -69,7 +69,7 @@ int DataTranslator::TranslationIntoGenericValues(const PermissionStateFull& inPe { if (grantIndex >= inPermissionState.resDeviceID.size() || grantIndex >= inPermissionState.grantStatus.size() || grantIndex >= inPermissionState.grantFlags.size()) { - ACCESSTOKEN_LOG_WARN(LABEL, "perm status grant size is wrong"); + ACCESSTOKEN_LOG_ERROR(LABEL, "perm status grant size is wrong"); return RET_FAILED; } outGenericValues.Put(FIELD_PERMISSION_NAME, inPermissionState.permissionName); @@ -86,27 +86,27 @@ int DataTranslator::TranslationIntoPermissionStateFull(const GenericValues& inGe outPermissionState.isGeneral = ((inGenericValues.GetInt(FIELD_GRANT_IS_GENERAL) == 1) ? true : false); outPermissionState.permissionName = inGenericValues.GetString(FIELD_PERMISSION_NAME); if (!DataValidator::IsPermissionNameValid(outPermissionState.permissionName)) { - ACCESSTOKEN_LOG_WARN(LABEL, "permission name is wrong"); + ACCESSTOKEN_LOG_ERROR(LABEL, "permission name is wrong"); return RET_FAILED; } std::string devID = inGenericValues.GetString(FIELD_DEVICE_ID); if (!DataValidator::IsDeviceIdValid(devID)) { - ACCESSTOKEN_LOG_WARN(LABEL, "devID is wrong"); + ACCESSTOKEN_LOG_ERROR(LABEL, "devID is wrong"); return RET_FAILED; } outPermissionState.resDeviceID.push_back(devID); int grantStatus = (PermissionState)inGenericValues.GetInt(FIELD_GRANT_STATE); if (!PermissionValidator::IsGrantStatusValid(grantStatus)) { - ACCESSTOKEN_LOG_WARN(LABEL, "grantStatus is wrong"); + ACCESSTOKEN_LOG_ERROR(LABEL, "grantStatus is wrong"); return RET_FAILED; } outPermissionState.grantStatus.push_back(grantStatus); int grantFlag = (PermissionState)inGenericValues.GetInt(FIELD_GRANT_FLAG); if (!PermissionValidator::IsPermissionFlagValid(grantFlag)) { - ACCESSTOKEN_LOG_WARN(LABEL, "grantFlag is wrong"); + ACCESSTOKEN_LOG_ERROR(LABEL, "grantFlag is wrong"); return RET_FAILED; } outPermissionState.grantFlags.push_back(grantFlag); diff --git a/services/accesstokenmanager/main/cpp/src/database/sqlite_storage.cpp b/services/accesstokenmanager/main/cpp/src/database/sqlite_storage.cpp index 6ed9497a01868bf4e87ebd048c7afc2682968ad3..9640c97768d7487cf52030766da4c5149cd6189f 100644 --- a/services/accesstokenmanager/main/cpp/src/database/sqlite_storage.cpp +++ b/services/accesstokenmanager/main/cpp/src/database/sqlite_storage.cpp @@ -55,7 +55,7 @@ SqliteStorage::SqliteStorage() : SqliteHelper(DATABASE_NAME, DATABASE_PATH, DATA hapTokenInfoTable.tableName_ = HAP_TOKEN_INFO_TABLE; hapTokenInfoTable.tableColumnNames_ = { FIELD_TOKEN_ID, FIELD_USER_ID, - FIELD_BUNDLE_NAME, FIELD_INST_INDEX, + FIELD_BUNDLE_NAME, FIELD_INST_INDEX, FIELD_DLP_TYPE, FIELD_APP_ID, FIELD_DEVICE_ID, FIELD_APL, FIELD_TOKEN_VERSION, FIELD_TOKEN_ATTR @@ -293,6 +293,7 @@ int SqliteStorage::CreateHapTokenInfoTable() const .append(FIELD_USER_ID + " integer not null,") .append(FIELD_BUNDLE_NAME + " text not null,") .append(FIELD_INST_INDEX + " integer not null,") + .append(FIELD_DLP_TYPE + " integer not null,") .append(FIELD_APP_ID + " text not null,") .append(FIELD_DEVICE_ID + " text not null,") .append(FIELD_APL + " integer not null,") diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp index e96fdccf3dabb0af446180f6fb439eaacb048e0a..46b5643a3a9a437caffc914d81ce19c8d5ce4e4d 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp @@ -31,6 +31,12 @@ ATokenTypeEnum AccessTokenIDManager::GetTokenIdTypeEnum(AccessTokenID id) return (ATokenTypeEnum)idInner->type; } +int AccessTokenIDManager::GetTokenIdDlpFlag(AccessTokenID id) +{ + AccessTokenIDInner *idInner = reinterpret_cast(&id); + return idInner->dlpFlag; +} + ATokenTypeEnum AccessTokenIDManager::GetTokenIdType(AccessTokenID id) { { @@ -62,7 +68,7 @@ int AccessTokenIDManager::RegisterTokenId(AccessTokenID id, ATokenTypeEnum type) return RET_SUCCESS; } -AccessTokenID AccessTokenIDManager::CreateTokenId(ATokenTypeEnum type) const +AccessTokenID AccessTokenIDManager::CreateTokenId(ATokenTypeEnum type, int dlpType) const { unsigned int rand = GetRandomUint32(); if (rand == 0) { @@ -74,19 +80,20 @@ AccessTokenID AccessTokenIDManager::CreateTokenId(ATokenTypeEnum type) const innerId.version = DEFAULT_TOKEN_VERSION; innerId.type = type; innerId.res = 0; + innerId.dlpFlag = (dlpType == 0) ? 0 : 1; innerId.tokenUniqueID = rand & TOKEN_RANDOM_MASK; AccessTokenID tokenId = *(AccessTokenID *)&innerId; return tokenId; } -AccessTokenID AccessTokenIDManager::CreateAndRegisterTokenId(ATokenTypeEnum type) +AccessTokenID AccessTokenIDManager::CreateAndRegisterTokenId(ATokenTypeEnum type, int dlpType) { AccessTokenID tokenId = 0; // random maybe repeat, retry twice. for (int i = 0; i < MAX_CREATE_TOKEN_ID_RETRY; i++) { - tokenId = CreateTokenId(type); + tokenId = CreateTokenId(type, dlpType); if (tokenId == 0) { - ACCESSTOKEN_LOG_WARN(LABEL, "create tokenId failed"); + ACCESSTOKEN_LOG_ERROR(LABEL, "create tokenId failed"); return 0; } @@ -96,7 +103,7 @@ AccessTokenID AccessTokenIDManager::CreateAndRegisterTokenId(ATokenTypeEnum type } else if (i < MAX_CREATE_TOKEN_ID_RETRY - 1) { ACCESSTOKEN_LOG_INFO(LABEL, "reigster tokenId failed, maybe repeat, retry"); } else { - ACCESSTOKEN_LOG_WARN(LABEL, "reigster tokenId finally failed"); + ACCESSTOKEN_LOG_ERROR(LABEL, "reigster tokenId finally failed"); tokenId = 0; } } diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index 5c0235ccdbc83deea32c7519e416ce845bf61d4e..d907f4a25b53a447bb30fb21019a3dda270beaa1 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -78,13 +78,13 @@ void AccessTokenInfoManager::InitHapTokenInfos() AccessTokenID tokenId = (AccessTokenID)tokenValue.GetInt(FIELD_TOKEN_ID); int ret = AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_HAP); if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}x add id failed.", tokenId); + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u add id failed.", tokenId); continue; } std::shared_ptr hap = std::make_shared(); if (hap == nullptr) { AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); - ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}x alloc failed.", tokenId); + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u alloc failed.", tokenId); continue; } ret = hap->RestoreHapTokenInfo(tokenId, tokenValue, permDefRes, permStateRes); @@ -358,12 +358,13 @@ int AccessTokenInfoManager::CreateHapTokenInfo( const HapInfoParams& info, const HapPolicyParams& policy, AccessTokenIDEx& tokenIdEx) { if (!DataValidator::IsUserIdValid(info.userID) || !DataValidator::IsBundleNameValid(info.bundleName) - || !DataValidator::IsAppIDDescValid(info.appIDDesc) || !DataValidator::IsDomainValid(policy.domain)) { + || !DataValidator::IsAppIDDescValid(info.appIDDesc) || !DataValidator::IsDomainValid(policy.domain) || + (!DataValidator::IsDlpTypeValid(info.dlpType))) { ACCESSTOKEN_LOG_ERROR(LABEL, "hap token param failed"); return RET_FAILED; } - AccessTokenID tokenId = AccessTokenIDManager::GetInstance().CreateAndRegisterTokenId(TOKEN_HAP); + AccessTokenID tokenId = AccessTokenIDManager::GetInstance().CreateAndRegisterTokenId(TOKEN_HAP, info.dlpType); if (tokenId == 0) { ACCESSTOKEN_LOG_INFO(LABEL, "token Id create failed"); return RET_FAILED; @@ -378,7 +379,7 @@ int AccessTokenInfoManager::CreateHapTokenInfo( int ret = AddHapTokenInfo(tokenInfo); if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_WARN(LABEL, "%{public}s add token info failed", info.bundleName.c_str()); + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s add token info failed", info.bundleName.c_str()); AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); return RET_FAILED; } @@ -615,6 +616,7 @@ int AccessTokenInfoManager::SetRemoteHapTokenInfo(const std::string& deviceID, H || !DataValidator::IsTokenIDValid(hapSync.baseInfo.tokenID) || !DataValidator::IsAppIDDescValid(hapSync.baseInfo.appID) || !DataValidator::IsDeviceIdValid(hapSync.baseInfo.deviceID) + || !DataValidator::IsDlpTypeValid(hapSync.baseInfo.dlpType) || hapSync.baseInfo.ver != DEFAULT_TOKEN_VERSION || AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(hapSync.baseInfo.tokenID) != TOKEN_HAP) { ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s parms invalid", deviceID.c_str()); diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_remote_token_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_remote_token_manager.cpp index 6310b3f3449b3f5e2b96ef3d17b0ec0d918806f3..bc09553149c64e1611197f7df64c1dd80cd1346e 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_remote_token_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_remote_token_manager.cpp @@ -53,6 +53,7 @@ AccessTokenID AccessTokenRemoteTokenManager::MapRemoteDeviceTokenToLocal(const s LABEL, "token %{public}x type is invalid.", remoteID); return 0; } + int dlpType = AccessTokenIDManager::GetInstance().GetTokenIdDlpFlag(remoteID); AccessTokenID mapID = 0; Utils::UniqueWriteGuard infoGuard(this->remoteDeviceLock_); @@ -74,7 +75,7 @@ AccessTokenID AccessTokenRemoteTokenManager::MapRemoteDeviceTokenToLocal(const s mapPtr = &remoteDeviceMap_[deviceID].MappingTokenIDPairMap_; } - mapID = AccessTokenIDManager::GetInstance().CreateAndRegisterTokenId(tokeType); + mapID = AccessTokenIDManager::GetInstance().CreateAndRegisterTokenId(tokeType, dlpType); if (mapID == 0) { ACCESSTOKEN_LOG_ERROR( LABEL, "device %{public}s token %{public}x map local Token failed.", diff --git a/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp b/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp index 254d10b3d921177498e0c31a7b192dedfe156124..102565af1132c690419f0d8ec5cf8da9e5756ebf 100644 --- a/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp @@ -35,6 +35,7 @@ HapTokenInfoInner::HapTokenInfoInner() : isRemote_(false) tokenInfoBasic_.tokenAttr = 0; tokenInfoBasic_.userID = 0; tokenInfoBasic_.instIndex = 0; + tokenInfoBasic_.dlpType = 0; tokenInfoBasic_.apl = APL_NORMAL; } @@ -47,6 +48,7 @@ HapTokenInfoInner::HapTokenInfoInner(AccessTokenID id, tokenInfoBasic_.tokenAttr = 0; tokenInfoBasic_.bundleName = info.bundleName; tokenInfoBasic_.instIndex = info.instIndex; + tokenInfoBasic_.dlpType = info.dlpType; tokenInfoBasic_.appID = info.appIDDesc; tokenInfoBasic_.deviceID = "0"; tokenInfoBasic_.apl = policy.apl; @@ -92,6 +94,7 @@ void HapTokenInfoInner::TranslationIntoGenericValues(GenericValues& outGenericVa outGenericValues.Put(FIELD_USER_ID, tokenInfoBasic_.userID); outGenericValues.Put(FIELD_BUNDLE_NAME, tokenInfoBasic_.bundleName); outGenericValues.Put(FIELD_INST_INDEX, tokenInfoBasic_.instIndex); + outGenericValues.Put(FIELD_DLP_TYPE, tokenInfoBasic_.dlpType); outGenericValues.Put(FIELD_APP_ID, tokenInfoBasic_.appID); outGenericValues.Put(FIELD_DEVICE_ID, tokenInfoBasic_.deviceID); outGenericValues.Put(FIELD_APL, tokenInfoBasic_.apl); @@ -110,6 +113,7 @@ int HapTokenInfoInner::RestoreHapTokenBasicInfo(const GenericValues& inGenericVa } tokenInfoBasic_.instIndex = inGenericValues.GetInt(FIELD_INST_INDEX); + tokenInfoBasic_.dlpType = inGenericValues.GetInt(FIELD_DLP_TYPE); tokenInfoBasic_.appID = inGenericValues.GetString(FIELD_APP_ID); if (!DataValidator::IsAppIDDescValid(tokenInfoBasic_.appID)) { ACCESSTOKEN_LOG_ERROR(LABEL, @@ -189,6 +193,11 @@ int HapTokenInfoInner::GetUserID() const return tokenInfoBasic_.userID; } +int HapTokenInfoInner::GetDlpType() const +{ + return tokenInfoBasic_.dlpType; +} + std::string HapTokenInfoInner::GetBundleName() const { return tokenInfoBasic_.bundleName; @@ -239,6 +248,7 @@ void HapTokenInfoInner::ToString(std::string& info) const info.append(R"( "userId": )" + std::to_string(tokenInfoBasic_.userID) + ",\n"); info.append(R"( "bundleName": ")" + tokenInfoBasic_.bundleName + R"(")" + ",\n"); info.append(R"( "instIndex": )" + std::to_string(tokenInfoBasic_.instIndex) + ",\n"); + info.append(R"( "dlpType": )" + std::to_string(tokenInfoBasic_.dlpType) + ",\n"); info.append(R"( "appID": ")" + tokenInfoBasic_.appID + R"(")" + ",\n"); info.append(R"( "deviceID": ")" + tokenInfoBasic_.deviceID + R"(")" + ",\n"); info.append(R"( "apl": )" + std::to_string(tokenInfoBasic_.apl) + ",\n"); diff --git a/services/tokensyncmanager/src/command/base_remote_command.cpp b/services/tokensyncmanager/src/command/base_remote_command.cpp index a46afd7ec999fa7892303475c041a8d2e642ee51..541d0efb80925ba3699857c862716c3a98a9bf12 100644 --- a/services/tokensyncmanager/src/command/base_remote_command.cpp +++ b/services/tokensyncmanager/src/command/base_remote_command.cpp @@ -130,6 +130,7 @@ nlohmann::json BaseRemoteCommand::ToHapTokenInfosJson(const HapTokenInfoForSync& {"userID", tokenInfo.baseInfo.userID}, {"bundleName", tokenInfo.baseInfo.bundleName}, {"instIndex", tokenInfo.baseInfo.instIndex}, + {"dlpType", tokenInfo.baseInfo.dlpType}, {"appID", tokenInfo.baseInfo.appID}, {"deviceID", tokenInfo.baseInfo.deviceID}, {"apl", tokenInfo.baseInfo.apl}, @@ -159,6 +160,9 @@ void BaseRemoteCommand::FromHapTokenBasicInfoJson(const nlohmann::json& hapToken if (hapTokenJson.find("instIndex") != hapTokenJson.end() && hapTokenJson.at("instIndex").is_number()) { hapTokenJson.at("instIndex").get_to(hapTokenBasicInfo.instIndex); } + if (hapTokenJson.find("dlpType") != hapTokenJson.end() && hapTokenJson.at("dlpType").is_number()) { + hapTokenJson.at("dlpType").get_to(hapTokenBasicInfo.dlpType); + } if (hapTokenJson.find("appID") != hapTokenJson.end() && hapTokenJson.at("appID").is_string()) { hapTokenJson.at("appID").get_to(hapTokenBasicInfo.appID); } diff --git a/services/tokensyncmanager/src/command/sync_remote_hap_token_command.cpp b/services/tokensyncmanager/src/command/sync_remote_hap_token_command.cpp index b0f4a50ad2463f2f86680f6a84d44b61dc2af2b9..cb5d801a551072820297166e4e7c9d6394e18010 100644 --- a/services/tokensyncmanager/src/command/sync_remote_hap_token_command.cpp +++ b/services/tokensyncmanager/src/command/sync_remote_hap_token_command.cpp @@ -41,6 +41,7 @@ SyncRemoteHapTokenCommand::SyncRemoteHapTokenCommand( hapTokenInfo_.baseInfo.bundleName = ""; hapTokenInfo_.baseInfo.deviceID = ""; hapTokenInfo_.baseInfo.instIndex = 0; + hapTokenInfo_.baseInfo.dlpType = 0; hapTokenInfo_.baseInfo.tokenAttr = 0; hapTokenInfo_.baseInfo.tokenID = 0; hapTokenInfo_.baseInfo.userID = 0; diff --git a/services/tokensyncmanager/test/unittest/token_sync_service/token_sync_service_test.cpp b/services/tokensyncmanager/test/unittest/token_sync_service/token_sync_service_test.cpp index 391402cb80cf327d069363f9a2f943c36457e722..a5aee02f9beba7898522237f33ddcedf6a99a396 100644 --- a/services/tokensyncmanager/test/unittest/token_sync_service/token_sync_service_test.cpp +++ b/services/tokensyncmanager/test/unittest/token_sync_service/token_sync_service_test.cpp @@ -117,7 +117,8 @@ HWTEST_F(TokenSyncServiceTest, GetRemoteHapTokenInfo001, TestSize.Level1) g_jsonAfter = "\",\"jsonPayload\":\"{\\\"HapTokenInfo\\\":{\\\"apl\\\":1,\\\"appID\\\":" "\\\"test\\\",\\\"bundleName\\\":\\\"mock_token_sync\\\",\\\"deviceID\\\":" - "\\\"111111\\\",\\\"instIndex\\\":0,\\\"permState\\\":null,\\\"tokenAttr\\\":0,\\\"tokenID\\\":537919488," + "\\\"111111\\\",\\\"instIndex\\\":0,\\\"dlpType\\\":0,\\\"permState\\\":" + "null,\\\"tokenAttr\\\":0,\\\"tokenID\\\":537919488," "\\\"userID\\\":0,\\\"version\\\":1},\\\"commandName\\\":\\\"SyncRemoteHapTokenCommand\\\"," "\\\"dstDeviceId\\\":\\\"deviceid-1\\\",\\\"dstDeviceLevel\\\":\\\"\\\",\\\"message\\\":\\\"success\\\"," "\\\"requestTokenId\\\":537919488,\\\"requestVersion\\\":2,\\\"responseDeviceId\\\":\\\"deviceid-1:udid-001\\\"" @@ -716,7 +717,7 @@ HWTEST_F(TokenSyncServiceTest, UpdateRemoteHapTokenCommand001, TestSize.Level1) std::string recvJson = "{\"commandName\":\"UpdateRemoteHapTokenCommand\",\"id\":\"ec23cd2d-\",\"jsonPayload\":" "\"{\\\"HapTokenInfos\\\":{\\\"apl\\\":1,\\\"appID\\\":\\\"testtesttesttest\\\"," - "\\\"bundleName\\\":\\\"accesstoken_test\\\",\\\"deviceID\\\":\\\"0\\\",\\\"instIndex\\\":0," + "\\\"bundleName\\\":\\\"accesstoken_test\\\",\\\"deviceID\\\":\\\"0\\\",\\\"instIndex\\\":0,\\\"dlpType\\\":0," "\\\"permState\\\":[{\\\"grantConfig\\\":[{\\\"grantFlags\\\":2,\\\"grantStatus\\\":0," "\\\"resDeviceID\\\":\\\"local\\\"}],\\\"isGeneral\\\":true," "\\\"permissionName\\\":\\\"ohos.permission.CAMERA\\\"},{\\\"grantConfig\\\":[{\\\"grantFlags\\\":1," @@ -745,7 +746,7 @@ HWTEST_F(TokenSyncServiceTest, UpdateRemoteHapTokenCommand001, TestSize.Level1) recvJson = "{\"commandName\":\"UpdateRemoteHapTokenCommand\",\"id\":\"ec23cd2d-\",\"jsonPayload\":" "\"{\\\"HapTokenInfos\\\":{\\\"apl\\\":2,\\\"appID\\\":\\\"testtesttesttest\\\"," - "\\\"bundleName\\\":\\\"accesstoken_test\\\",\\\"deviceID\\\":\\\"0\\\",\\\"instIndex\\\":0," + "\\\"bundleName\\\":\\\"accesstoken_test\\\",\\\"deviceID\\\":\\\"0\\\",\\\"instIndex\\\":0,\\\"dlpType\\\":0," "\\\"permState\\\":[{\\\"grantConfig\\\":[{\\\"grantFlags\\\":2,\\\"grantStatus\\\":0," "\\\"resDeviceID\\\":\\\"local\\\"}],\\\"isGeneral\\\":true," "\\\"permissionName\\\":\\\"ohos.permission.CAMERA\\\"},{\\\"grantConfig\\\":[{\\\"grantFlags\\\":1,"