From 412a01cb94c401617f85f0c916708a07b9e467b2 Mon Sep 17 00:00:00 2001
From: lsq <linshuqing2@huawei.com>
Date: Wed, 13 Apr 2022 19:31:30 +0800
Subject: [PATCH 1/3] Signed-off-by: lsq <linshuqing2@huawei.com> Change-Id:
 I99c39545ef56a391f7cdbc750dda5d379ade52ee

Change-Id: I20d4893b12a363eef17369122f17b3087c25a9e1
---
 frameworks/accesstoken/src/hap_info_parcel.cpp  |  2 ++
 .../accesstoken/src/hap_token_info_parcel.cpp   |  2 ++
 .../accesstoken/src/permission_def_parcel.cpp   |  2 ++
 frameworks/common/include/data_validator.h      |  1 +
 frameworks/common/src/data_validator.cpp        |  5 +++++
 .../accesstoken/include/access_token.h          |  9 ++++++++-
 .../accesstoken/include/hap_token_info.h        |  2 ++
 .../accesstoken/include/permission_def.h        |  1 +
 .../accesstoken/src/accesstoken_kit.cpp         |  2 +-
 .../accesstoken/napi/src/napi_atmanager.cpp     |  2 ++
 .../main/cpp/include/database/field_const.h     |  2 ++
 .../cpp/include/token/accesstoken_id_manager.h  |  5 +++--
 .../cpp/include/token/hap_token_info_inner.h    |  1 +
 .../main/cpp/src/database/data_translator.cpp   | 14 ++++++++------
 .../cpp/src/permission/permission_manager.cpp   |  1 +
 .../src/permission/permission_policy_set.cpp    |  1 +
 .../cpp/src/token/accesstoken_id_manager.cpp    | 17 ++++++++++++-----
 .../cpp/src/token/accesstoken_info_manager.cpp  | 17 ++++++++++++-----
 .../token/accesstoken_remote_token_manager.cpp  |  3 ++-
 .../main/cpp/src/token/hap_token_info_inner.cpp | 10 ++++++++++
 .../src/command/base_remote_command.cpp         |  4 ++++
 .../command/sync_remote_hap_token_command.cpp   |  1 +
 22 files changed, 83 insertions(+), 21 deletions(-)

diff --git a/frameworks/accesstoken/src/hap_info_parcel.cpp b/frameworks/accesstoken/src/hap_info_parcel.cpp
index f167dda0c..b7569ca1f 100644
--- a/frameworks/accesstoken/src/hap_info_parcel.cpp
+++ b/frameworks/accesstoken/src/hap_info_parcel.cpp
@@ -35,6 +35,7 @@ bool HapInfoParcel::Marshalling(Parcel& out) const
     RETURN_IF_FALSE(out.WriteInt32(this->hapInfoParameter.userID));
     RETURN_IF_FALSE(out.WriteString(this->hapInfoParameter.bundleName));
     RETURN_IF_FALSE(out.WriteInt32(this->hapInfoParameter.instIndex));
+    RETURN_IF_FALSE(out.WriteInt32(this->hapInfoParameter.dlpType));
     RETURN_IF_FALSE(out.WriteString(this->hapInfoParameter.appIDDesc));
     return true;
 }
@@ -46,6 +47,7 @@ HapInfoParcel* HapInfoParcel::Unmarshalling(Parcel& in)
     RELEASE_IF_FALSE(in.ReadInt32(hapInfoParcel->hapInfoParameter.userID), hapInfoParcel);
     hapInfoParcel->hapInfoParameter.bundleName = in.ReadString();
     RELEASE_IF_FALSE(in.ReadInt32(hapInfoParcel->hapInfoParameter.instIndex), hapInfoParcel);
+    RELEASE_IF_FALSE(in.ReadInt32(hapInfoParcel->hapInfoParameter.dlpType), hapInfoParcel);
     hapInfoParcel->hapInfoParameter.appIDDesc = in.ReadString();
 
     return hapInfoParcel;
diff --git a/frameworks/accesstoken/src/hap_token_info_parcel.cpp b/frameworks/accesstoken/src/hap_token_info_parcel.cpp
index 025d29a0a..3ff51d458 100644
--- a/frameworks/accesstoken/src/hap_token_info_parcel.cpp
+++ b/frameworks/accesstoken/src/hap_token_info_parcel.cpp
@@ -37,6 +37,7 @@ bool HapTokenInfoParcel::Marshalling(Parcel& out) const
     RETURN_IF_FALSE(out.WriteInt32(this->hapTokenInfoParams.userID));
     RETURN_IF_FALSE(out.WriteString(this->hapTokenInfoParams.bundleName));
     RETURN_IF_FALSE(out.WriteInt32(this->hapTokenInfoParams.instIndex));
+    RETURN_IF_FALSE(out.WriteInt32(this->hapTokenInfoParams.dlpType));
     RETURN_IF_FALSE(out.WriteString(this->hapTokenInfoParams.appID));
     RETURN_IF_FALSE(out.WriteString(this->hapTokenInfoParams.deviceID));
     RETURN_IF_FALSE(out.WriteUint32(this->hapTokenInfoParams.tokenID));
@@ -57,6 +58,7 @@ HapTokenInfoParcel* HapTokenInfoParcel::Unmarshalling(Parcel& in)
     RELEASE_IF_FALSE(in.ReadInt32(hapTokenInfoParcel->hapTokenInfoParams.userID), hapTokenInfoParcel);
     hapTokenInfoParcel->hapTokenInfoParams.bundleName = in.ReadString();
     RELEASE_IF_FALSE(in.ReadInt32(hapTokenInfoParcel->hapTokenInfoParams.instIndex), hapTokenInfoParcel);
+    RELEASE_IF_FALSE(in.ReadInt32(hapTokenInfoParcel->hapTokenInfoParams.dlpType), hapTokenInfoParcel);
     hapTokenInfoParcel->hapTokenInfoParams.appID = in.ReadString();
     hapTokenInfoParcel->hapTokenInfoParams.deviceID = in.ReadString();
     RELEASE_IF_FALSE(in.ReadUint32(hapTokenInfoParcel->hapTokenInfoParams.tokenID), hapTokenInfoParcel);
diff --git a/frameworks/accesstoken/src/permission_def_parcel.cpp b/frameworks/accesstoken/src/permission_def_parcel.cpp
index f87b17cfa..d26efba8d 100644
--- a/frameworks/accesstoken/src/permission_def_parcel.cpp
+++ b/frameworks/accesstoken/src/permission_def_parcel.cpp
@@ -37,6 +37,7 @@ bool PermissionDefParcel::Marshalling(Parcel& out) const
     RETURN_IF_FALSE(out.WriteString(this->permissionDef.permissionName));
     RETURN_IF_FALSE(out.WriteString(this->permissionDef.bundleName));
     RETURN_IF_FALSE(out.WriteInt32(this->permissionDef.grantMode));
+    RETURN_IF_FALSE(out.WriteInt32(this->permissionDef.isDlpAvailable));
     RETURN_IF_FALSE(out.WriteInt32(this->permissionDef.availableLevel));
     RETURN_IF_FALSE(out.WriteBool(this->permissionDef.provisionEnable));
     RETURN_IF_FALSE(out.WriteBool(this->permissionDef.distributedSceneEnable));
@@ -54,6 +55,7 @@ PermissionDefParcel* PermissionDefParcel::Unmarshalling(Parcel& in)
     permissionDefParcel->permissionDef.permissionName = in.ReadString();
     permissionDefParcel->permissionDef.bundleName = in.ReadString();
     RELEASE_IF_FALSE(in.ReadInt32(permissionDefParcel->permissionDef.grantMode), permissionDefParcel);
+    RELEASE_IF_FALSE(in.ReadInt32(permissionDefParcel->permissionDef.isDlpAvailable), permissionDefParcel);
 
     int level;
     RELEASE_IF_FALSE(in.ReadInt32(level), permissionDefParcel);
diff --git a/frameworks/common/include/data_validator.h b/frameworks/common/include/data_validator.h
index db08ee9aa..bea3c582a 100644
--- a/frameworks/common/include/data_validator.h
+++ b/frameworks/common/include/data_validator.h
@@ -46,6 +46,7 @@ public:
     static bool IsPermissionFlagValid(int flag);
     static bool IsDcapValid(const std::string& dcap);
     static bool IsTokenIDValid(AccessTokenID id);
+    static bool IsDlpTypeValid(int dlpType);
 
 private:
     const static int MAX_LENGTH = 256;
diff --git a/frameworks/common/src/data_validator.cpp b/frameworks/common/src/data_validator.cpp
index d6b0991f6..f10b015b0 100644
--- a/frameworks/common/src/data_validator.cpp
+++ b/frameworks/common/src/data_validator.cpp
@@ -86,6 +86,11 @@ bool DataValidator::IsTokenIDValid(AccessTokenID id)
 {
     return id != 0;
 }
+
+bool DataValidator::IsDlpTypeValid(int dlpType)
+{
+    return ((dlpType == DLP_COMMON) || (dlpType == DPL_READ) || (dlpType == DLP_FULL_CONTROL));
+}
 } // namespace AccessToken
 } // namespace Security
 } // namespace OHOS
diff --git a/interfaces/innerkits/accesstoken/include/access_token.h b/interfaces/innerkits/accesstoken/include/access_token.h
index 886c33938..9f6cdfb00 100644
--- a/interfaces/innerkits/accesstoken/include/access_token.h
+++ b/interfaces/innerkits/accesstoken/include/access_token.h
@@ -33,7 +33,8 @@ enum AccessTokenKitRet {
 
 typedef struct {
     unsigned int tokenUniqueID : 20;
-    unsigned int res : 7;
+    unsigned int dlpFlag : 1;
+    unsigned int res : 6;
     unsigned int type : 2;
     unsigned int version : 3;
 } AccessTokenIDInner;
@@ -81,6 +82,12 @@ typedef enum TypePermissionOper {
     DYNAMIC_OPER = 1,
     INVALID_OPER = 2,
 } PermissionOper;
+
+typedef enum DlpType {
+    DLP_COMMON = 0,
+    DPL_READ = 1,
+    DLP_FULL_CONTROL = 2,
+} HapDlpType;
 } // namespace AccessToken
 } // namespace Security
 } // namespace OHOS
diff --git a/interfaces/innerkits/accesstoken/include/hap_token_info.h b/interfaces/innerkits/accesstoken/include/hap_token_info.h
index f2fc23426..a48318843 100644
--- a/interfaces/innerkits/accesstoken/include/hap_token_info.h
+++ b/interfaces/innerkits/accesstoken/include/hap_token_info.h
@@ -30,6 +30,7 @@ public:
     int userID;
     std::string bundleName;
     int instIndex;
+    int dlpType;
     std::string appIDDesc;
 };
 
@@ -48,6 +49,7 @@ public:
     int userID;
     std::string bundleName;
     int instIndex;
+    int dlpType;
     std::string appID;
     std::string deviceID;
     AccessTokenID tokenID;
diff --git a/interfaces/innerkits/accesstoken/include/permission_def.h b/interfaces/innerkits/accesstoken/include/permission_def.h
index 39352b4e5..7b7f0883f 100644
--- a/interfaces/innerkits/accesstoken/include/permission_def.h
+++ b/interfaces/innerkits/accesstoken/include/permission_def.h
@@ -28,6 +28,7 @@ public:
     std::string permissionName;
     std::string bundleName;
     int grantMode;
+    int isDlpAvailable;
     TypeATokenAplEnum availableLevel;
     bool provisionEnable;
     bool distributedSceneEnable;
diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp
index 9a16bc7bb..a58f08c8a 100644
--- a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp
+++ b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp
@@ -35,7 +35,7 @@ AccessTokenIDEx AccessTokenKit::AllocHapToken(const HapInfoParams& info, const H
     ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__);
     if ((!DataValidator::IsUserIdValid(info.userID)) || !DataValidator::IsAppIDDescValid(info.appIDDesc) ||
         !DataValidator::IsBundleNameValid(info.bundleName) || !DataValidator::IsAplNumValid(policy.apl) ||
-        !DataValidator::IsDomainValid(policy.domain)) {
+        !DataValidator::IsDomainValid(policy.domain) || !DataValidator::IsDlpTypeValid(info.dlpType)) {
         ACCESSTOKEN_LOG_ERROR(LABEL, "input param failed");
         return res;
     }
diff --git a/interfaces/kits/accesstoken/napi/src/napi_atmanager.cpp b/interfaces/kits/accesstoken/napi/src/napi_atmanager.cpp
index ae1700371..fa87d8737 100644
--- a/interfaces/kits/accesstoken/napi/src/napi_atmanager.cpp
+++ b/interfaces/kits/accesstoken/napi/src/napi_atmanager.cpp
@@ -262,6 +262,7 @@ void NapiAtManager::GrantUserGrantedPermissionExcute(napi_env env, void *data)
 
     // struct init, can not use = { 0 } or memset otherwise program crashdump
     permissionDef.grantMode = 0;
+    permissionDef.isDlpAvailable = 0;
     permissionDef.availableLevel = APL_NORMAL;
     permissionDef.provisionEnable = false;
     permissionDef.distributedSceneEnable = false;
@@ -386,6 +387,7 @@ void NapiAtManager::RevokeUserGrantedPermissionExcute(napi_env env, void *data)
 
     // struct init, can not use = { 0 } or memset otherwise program crashdump
     permissionDef.grantMode = 0;
+    permissionDef.isDlpAvailable = 0;
     permissionDef.availableLevel = APL_NORMAL;
     permissionDef.provisionEnable = false;
     permissionDef.distributedSceneEnable = false;
diff --git a/services/accesstokenmanager/main/cpp/include/database/field_const.h b/services/accesstokenmanager/main/cpp/include/database/field_const.h
index 7e75ef13a..aec1e310e 100644
--- a/services/accesstokenmanager/main/cpp/include/database/field_const.h
+++ b/services/accesstokenmanager/main/cpp/include/database/field_const.h
@@ -25,6 +25,7 @@ const std::string FIELD_TOKEN_ID = "token_id";
 const std::string FIELD_USER_ID = "user_id";
 const std::string FIELD_BUNDLE_NAME = "bundle_name";
 const std::string FIELD_INST_INDEX = "inst_index";
+const std::string FIELD_DLP_TYPE = "dlp_type";
 const std::string FIELD_APP_ID = "app_id";
 const std::string FIELD_DEVICE_ID = "device_id";
 const std::string FIELD_APL = "apl";
@@ -34,6 +35,7 @@ const std::string FIELD_PROCESS_NAME = "process_name";
 const std::string FIELD_DCAP = "dcap";
 const std::string FIELD_PERMISSION_NAME = "permission_name";
 const std::string FIELD_GRANT_MODE = "grant_mode";
+const std::string FIELD_DLP_AVAILABLE = "dlp_available";
 const std::string FIELD_AVAILABLE_LEVEL = "available_level";
 const std::string FIELD_PROVISION_ENABLE = "provision_enable";
 const std::string FIELD_DISTRIBUTED_SCENE_ENABLE = "distributed_scene_enable";
diff --git a/services/accesstokenmanager/main/cpp/include/token/accesstoken_id_manager.h b/services/accesstokenmanager/main/cpp/include/token/accesstoken_id_manager.h
index d3ba10be7..d19803abc 100644
--- a/services/accesstokenmanager/main/cpp/include/token/accesstoken_id_manager.h
+++ b/services/accesstokenmanager/main/cpp/include/token/accesstoken_id_manager.h
@@ -35,16 +35,17 @@ public:
     virtual ~AccessTokenIDManager() = default;
 
     int AddTokenId(AccessTokenID id, ATokenTypeEnum type);
-    AccessTokenID CreateAndRegisterTokenId(ATokenTypeEnum type);
+    AccessTokenID CreateAndRegisterTokenId(ATokenTypeEnum type, int dlpType);
     int RegisterTokenId(AccessTokenID id, ATokenTypeEnum type);
     void ReleaseTokenId(AccessTokenID id);
     ATokenTypeEnum GetTokenIdType(AccessTokenID id);
+    int GetTokenIdDlpFlag(AccessTokenID id);
     static ATokenTypeEnum GetTokenIdTypeEnum(AccessTokenID id);
 
 private:
     AccessTokenIDManager() = default;
     DISALLOW_COPY_AND_MOVE(AccessTokenIDManager);
-    AccessTokenID CreateTokenId(ATokenTypeEnum type) const;
+    AccessTokenID CreateTokenId(ATokenTypeEnum type, int dlpType) const;
 
     OHOS::Utils::RWLock tokenIdLock_;
     std::set<AccessTokenID> tokenIdSet_;
diff --git a/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h b/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h
index c28b41298..3108dd982 100644
--- a/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h
+++ b/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h
@@ -49,6 +49,7 @@ public:
     std::shared_ptr<PermissionPolicySet> GetHapInfoPermissionPolicySet() const;
     HapTokenInfo GetHapInfoBasic() const;
     int GetUserID() const;
+    int GetDlpType() const;
     std::string GetBundleName() const;
     int GetInstIndex() const;
     AccessTokenID GetTokenID() const;
diff --git a/services/accesstokenmanager/main/cpp/src/database/data_translator.cpp b/services/accesstokenmanager/main/cpp/src/database/data_translator.cpp
index 7d45f5280..4976071a5 100644
--- a/services/accesstokenmanager/main/cpp/src/database/data_translator.cpp
+++ b/services/accesstokenmanager/main/cpp/src/database/data_translator.cpp
@@ -34,6 +34,7 @@ int DataTranslator::TranslationIntoGenericValues(const PermissionDef& inPermissi
     outGenericValues.Put(FIELD_PERMISSION_NAME, inPermissionDef.permissionName);
     outGenericValues.Put(FIELD_BUNDLE_NAME, inPermissionDef.bundleName);
     outGenericValues.Put(FIELD_GRANT_MODE, inPermissionDef.grantMode);
+    outGenericValues.Put(FIELD_DLP_AVAILABLE, inPermissionDef.isDlpAvailable);
     outGenericValues.Put(FIELD_AVAILABLE_LEVEL, inPermissionDef.availableLevel);
     outGenericValues.Put(FIELD_PROVISION_ENABLE, inPermissionDef.provisionEnable ? 1 : 0);
     outGenericValues.Put(FIELD_DISTRIBUTED_SCENE_ENABLE, inPermissionDef.distributedSceneEnable ? 1 : 0);
@@ -49,9 +50,10 @@ int DataTranslator::TranslationIntoPermissionDef(const GenericValues& inGenericV
     outPermissionDef.permissionName = inGenericValues.GetString(FIELD_PERMISSION_NAME);
     outPermissionDef.bundleName = inGenericValues.GetString(FIELD_BUNDLE_NAME);
     outPermissionDef.grantMode = inGenericValues.GetInt(FIELD_GRANT_MODE);
+    outPermissionDef.isDlpAvailable = (inGenericValues.GetInt(FIELD_DLP_AVAILABLE));
     int aplNum = inGenericValues.GetInt(FIELD_AVAILABLE_LEVEL);
     if (!DataValidator::IsAplNumValid(aplNum)) {
-        ACCESSTOKEN_LOG_WARN(LABEL, "Apl is wrong.");
+        ACCESSTOKEN_LOG_ERROR(LABEL, "Apl is wrong.");
         return RET_FAILED;
     }
     outPermissionDef.availableLevel = (ATokenAplEnum)aplNum;
@@ -69,7 +71,7 @@ int DataTranslator::TranslationIntoGenericValues(const PermissionStateFull& inPe
 {
     if (grantIndex >= inPermissionState.resDeviceID.size() || grantIndex >= inPermissionState.grantStatus.size() ||
         grantIndex >= inPermissionState.grantFlags.size()) {
-        ACCESSTOKEN_LOG_WARN(LABEL, "perm status grant size is wrong");
+        ACCESSTOKEN_LOG_ERROR(LABEL, "perm status grant size is wrong");
         return RET_FAILED;
     }
     outGenericValues.Put(FIELD_PERMISSION_NAME, inPermissionState.permissionName);
@@ -86,27 +88,27 @@ int DataTranslator::TranslationIntoPermissionStateFull(const GenericValues& inGe
     outPermissionState.isGeneral = ((inGenericValues.GetInt(FIELD_GRANT_IS_GENERAL) == 1) ? true : false);
     outPermissionState.permissionName = inGenericValues.GetString(FIELD_PERMISSION_NAME);
     if (!DataValidator::IsPermissionNameValid(outPermissionState.permissionName)) {
-        ACCESSTOKEN_LOG_WARN(LABEL, "permission name is wrong");
+        ACCESSTOKEN_LOG_ERROR(LABEL, "permission name is wrong");
         return RET_FAILED;
     }
 
     std::string devID = inGenericValues.GetString(FIELD_DEVICE_ID);
     if (!DataValidator::IsDeviceIdValid(devID)) {
-        ACCESSTOKEN_LOG_WARN(LABEL, "devID is wrong");
+        ACCESSTOKEN_LOG_ERROR(LABEL, "devID is wrong");
         return RET_FAILED;
     }
     outPermissionState.resDeviceID.push_back(devID);
 
     int grantStatus = (PermissionState)inGenericValues.GetInt(FIELD_GRANT_STATE);
     if (!PermissionValidator::IsGrantStatusValid(grantStatus)) {
-        ACCESSTOKEN_LOG_WARN(LABEL, "grantStatus is wrong");
+        ACCESSTOKEN_LOG_ERROR(LABEL, "grantStatus is wrong");
         return RET_FAILED;
     }
     outPermissionState.grantStatus.push_back(grantStatus);
 
     int grantFlag = (PermissionState)inGenericValues.GetInt(FIELD_GRANT_FLAG);
     if (!PermissionValidator::IsPermissionFlagValid(grantFlag)) {
-        ACCESSTOKEN_LOG_WARN(LABEL, "grantFlag is wrong");
+        ACCESSTOKEN_LOG_ERROR(LABEL, "grantFlag is wrong");
         return RET_FAILED;
     }
     outPermissionState.grantFlags.push_back(grantFlag);
diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp
index b46dac48f..7a6c6c65f 100644
--- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp
+++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp
@@ -367,6 +367,7 @@ std::string PermissionManager::TransferPermissionDefToString(const PermissionDef
     infos.append(R"({"permissionName": ")" + inPermissionDef.permissionName + R"(")");
     infos.append(R"(, "bundleName": ")" + inPermissionDef.bundleName + R"(")");
     infos.append(R"(, "grantMode": )" + std::to_string(inPermissionDef.grantMode));
+    infos.append(R"(, "dlpAvailable": )" + std::to_string(inPermissionDef.isDlpAvailable));
     infos.append(R"(, "availableLevel": )" + std::to_string(inPermissionDef.availableLevel));
     infos.append(R"(, "provisionEnable": )" + std::to_string(inPermissionDef.provisionEnable));
     infos.append(R"(, "distributedSceneEnable": )" + std::to_string(inPermissionDef.distributedSceneEnable));
diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp
index 8f1bad231..fd352a34b 100644
--- a/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp
+++ b/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp
@@ -252,6 +252,7 @@ void PermissionPolicySet::PermDefToString(const PermissionDef& def, std::string&
     info.append(R"(      "permissionName": ")" + def.permissionName + R"(")" + ",\n");
     info.append(R"(      "bundleName": ")" + def.bundleName + R"(")" + ",\n");
     info.append(R"(      "grantMode": )" + std::to_string(def.grantMode) + ",\n");
+    info.append(R"(      "dlpAvailable": )" + std::to_string(def.isDlpAvailable) + ",\n");
     info.append(R"(      "availableLevel": )" + std::to_string(def.availableLevel) + ",\n");
     info.append(R"(      "provisionEnable": )" + std::to_string(def.provisionEnable) + ",\n");
     info.append(R"(      "distributedSceneEnable": )" + std::to_string(def.distributedSceneEnable) + ",\n");
diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp
index e96fdccf3..46b5643a3 100644
--- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp
+++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp
@@ -31,6 +31,12 @@ ATokenTypeEnum AccessTokenIDManager::GetTokenIdTypeEnum(AccessTokenID id)
     return (ATokenTypeEnum)idInner->type;
 }
 
+int AccessTokenIDManager::GetTokenIdDlpFlag(AccessTokenID id)
+{
+    AccessTokenIDInner *idInner = reinterpret_cast<AccessTokenIDInner *>(&id);
+    return idInner->dlpFlag;
+}
+
 ATokenTypeEnum AccessTokenIDManager::GetTokenIdType(AccessTokenID id)
 {
     {
@@ -62,7 +68,7 @@ int AccessTokenIDManager::RegisterTokenId(AccessTokenID id, ATokenTypeEnum type)
     return RET_SUCCESS;
 }
 
-AccessTokenID AccessTokenIDManager::CreateTokenId(ATokenTypeEnum type) const
+AccessTokenID AccessTokenIDManager::CreateTokenId(ATokenTypeEnum type, int dlpType) const
 {
     unsigned int rand = GetRandomUint32();
     if (rand == 0) {
@@ -74,19 +80,20 @@ AccessTokenID AccessTokenIDManager::CreateTokenId(ATokenTypeEnum type) const
     innerId.version = DEFAULT_TOKEN_VERSION;
     innerId.type = type;
     innerId.res = 0;
+    innerId.dlpFlag = (dlpType == 0) ? 0 : 1;
     innerId.tokenUniqueID = rand & TOKEN_RANDOM_MASK;
     AccessTokenID tokenId = *(AccessTokenID *)&innerId;
     return tokenId;
 }
 
-AccessTokenID AccessTokenIDManager::CreateAndRegisterTokenId(ATokenTypeEnum type)
+AccessTokenID AccessTokenIDManager::CreateAndRegisterTokenId(ATokenTypeEnum type, int dlpType)
 {
     AccessTokenID tokenId = 0;
     // random maybe repeat, retry twice.
     for (int i = 0; i < MAX_CREATE_TOKEN_ID_RETRY; i++) {
-        tokenId = CreateTokenId(type);
+        tokenId = CreateTokenId(type, dlpType);
         if (tokenId == 0) {
-            ACCESSTOKEN_LOG_WARN(LABEL, "create tokenId failed");
+            ACCESSTOKEN_LOG_ERROR(LABEL, "create tokenId failed");
             return 0;
         }
 
@@ -96,7 +103,7 @@ AccessTokenID AccessTokenIDManager::CreateAndRegisterTokenId(ATokenTypeEnum type
         } else if (i < MAX_CREATE_TOKEN_ID_RETRY - 1) {
             ACCESSTOKEN_LOG_INFO(LABEL, "reigster tokenId failed, maybe repeat, retry");
         } else {
-            ACCESSTOKEN_LOG_WARN(LABEL, "reigster tokenId finally failed");
+            ACCESSTOKEN_LOG_ERROR(LABEL, "reigster tokenId finally failed");
             tokenId = 0;
         }
     }
diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp
index 5c0235ccd..a4fab377c 100644
--- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp
+++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp
@@ -76,15 +76,20 @@ void AccessTokenInfoManager::InitHapTokenInfos()
 
     for (GenericValues& tokenValue : hapTokenRes) {
         AccessTokenID tokenId = (AccessTokenID)tokenValue.GetInt(FIELD_TOKEN_ID);
+        int32_t dlpFlag = AccessTokenIDManager::GetInstance().GetTokenIdDlpFlag(tokenId);
+        if (dlpFlag != DLP_COMMON) {
+            ACCESSTOKEN_LOG_WARN(LABEL, "tokenId %{public}u is not a common hap.", tokenId);
+            continue;
+        }
         int ret = AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_HAP);
         if (ret != RET_SUCCESS) {
-            ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}x add id failed.", tokenId);
+            ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u add id failed.", tokenId);
             continue;
         }
         std::shared_ptr<HapTokenInfoInner> hap = std::make_shared<HapTokenInfoInner>();
         if (hap == nullptr) {
             AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId);
-            ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}x alloc failed.", tokenId);
+            ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u alloc failed.", tokenId);
             continue;
         }
         ret = hap->RestoreHapTokenInfo(tokenId, tokenValue, permDefRes, permStateRes);
@@ -358,12 +363,13 @@ int AccessTokenInfoManager::CreateHapTokenInfo(
     const HapInfoParams& info, const HapPolicyParams& policy, AccessTokenIDEx& tokenIdEx)
 {
     if (!DataValidator::IsUserIdValid(info.userID) || !DataValidator::IsBundleNameValid(info.bundleName)
-        || !DataValidator::IsAppIDDescValid(info.appIDDesc) || !DataValidator::IsDomainValid(policy.domain)) {
+        || !DataValidator::IsAppIDDescValid(info.appIDDesc) || !DataValidator::IsDomainValid(policy.domain) ||
+        (!DataValidator::IsDlpTypeValid(info.dlpType))) {
         ACCESSTOKEN_LOG_ERROR(LABEL, "hap token param failed");
         return RET_FAILED;
     }
 
-    AccessTokenID tokenId = AccessTokenIDManager::GetInstance().CreateAndRegisterTokenId(TOKEN_HAP);
+    AccessTokenID tokenId = AccessTokenIDManager::GetInstance().CreateAndRegisterTokenId(TOKEN_HAP, info.dlpType);
     if (tokenId == 0) {
         ACCESSTOKEN_LOG_INFO(LABEL, "token Id create failed");
         return RET_FAILED;
@@ -378,7 +384,7 @@ int AccessTokenInfoManager::CreateHapTokenInfo(
 
     int ret = AddHapTokenInfo(tokenInfo);
     if (ret != RET_SUCCESS) {
-        ACCESSTOKEN_LOG_WARN(LABEL, "%{public}s add token info failed", info.bundleName.c_str());
+        ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s add token info failed", info.bundleName.c_str());
         AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId);
         return RET_FAILED;
     }
@@ -615,6 +621,7 @@ int AccessTokenInfoManager::SetRemoteHapTokenInfo(const std::string& deviceID, H
         || !DataValidator::IsTokenIDValid(hapSync.baseInfo.tokenID)
         || !DataValidator::IsAppIDDescValid(hapSync.baseInfo.appID)
         || !DataValidator::IsDeviceIdValid(hapSync.baseInfo.deviceID)
+        || !DataValidator::IsDlpTypeValid(hapSync.baseInfo.dlpType)
         || hapSync.baseInfo.ver != DEFAULT_TOKEN_VERSION
         || AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(hapSync.baseInfo.tokenID) != TOKEN_HAP) {
         ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s parms invalid", deviceID.c_str());
diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_remote_token_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_remote_token_manager.cpp
index 6310b3f34..bc0955314 100644
--- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_remote_token_manager.cpp
+++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_remote_token_manager.cpp
@@ -53,6 +53,7 @@ AccessTokenID AccessTokenRemoteTokenManager::MapRemoteDeviceTokenToLocal(const s
             LABEL, "token %{public}x type is invalid.", remoteID);
         return 0;
     }
+    int dlpType = AccessTokenIDManager::GetInstance().GetTokenIdDlpFlag(remoteID);
 
     AccessTokenID mapID = 0;
     Utils::UniqueWriteGuard<Utils::RWLock> infoGuard(this->remoteDeviceLock_);
@@ -74,7 +75,7 @@ AccessTokenID AccessTokenRemoteTokenManager::MapRemoteDeviceTokenToLocal(const s
         mapPtr = &remoteDeviceMap_[deviceID].MappingTokenIDPairMap_;
     }
 
-    mapID = AccessTokenIDManager::GetInstance().CreateAndRegisterTokenId(tokeType);
+    mapID = AccessTokenIDManager::GetInstance().CreateAndRegisterTokenId(tokeType, dlpType);
     if (mapID == 0) {
         ACCESSTOKEN_LOG_ERROR(
             LABEL, "device %{public}s token %{public}x map local Token failed.",
diff --git a/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp b/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp
index 254d10b3d..102565af1 100644
--- a/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp
+++ b/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp
@@ -35,6 +35,7 @@ HapTokenInfoInner::HapTokenInfoInner() : isRemote_(false)
     tokenInfoBasic_.tokenAttr = 0;
     tokenInfoBasic_.userID = 0;
     tokenInfoBasic_.instIndex = 0;
+    tokenInfoBasic_.dlpType = 0;
     tokenInfoBasic_.apl = APL_NORMAL;
 }
 
@@ -47,6 +48,7 @@ HapTokenInfoInner::HapTokenInfoInner(AccessTokenID id,
     tokenInfoBasic_.tokenAttr = 0;
     tokenInfoBasic_.bundleName = info.bundleName;
     tokenInfoBasic_.instIndex = info.instIndex;
+    tokenInfoBasic_.dlpType = info.dlpType;
     tokenInfoBasic_.appID = info.appIDDesc;
     tokenInfoBasic_.deviceID = "0";
     tokenInfoBasic_.apl = policy.apl;
@@ -92,6 +94,7 @@ void HapTokenInfoInner::TranslationIntoGenericValues(GenericValues& outGenericVa
     outGenericValues.Put(FIELD_USER_ID, tokenInfoBasic_.userID);
     outGenericValues.Put(FIELD_BUNDLE_NAME, tokenInfoBasic_.bundleName);
     outGenericValues.Put(FIELD_INST_INDEX, tokenInfoBasic_.instIndex);
+    outGenericValues.Put(FIELD_DLP_TYPE, tokenInfoBasic_.dlpType);
     outGenericValues.Put(FIELD_APP_ID, tokenInfoBasic_.appID);
     outGenericValues.Put(FIELD_DEVICE_ID, tokenInfoBasic_.deviceID);
     outGenericValues.Put(FIELD_APL, tokenInfoBasic_.apl);
@@ -110,6 +113,7 @@ int HapTokenInfoInner::RestoreHapTokenBasicInfo(const GenericValues& inGenericVa
     }
 
     tokenInfoBasic_.instIndex = inGenericValues.GetInt(FIELD_INST_INDEX);
+    tokenInfoBasic_.dlpType = inGenericValues.GetInt(FIELD_DLP_TYPE);
     tokenInfoBasic_.appID = inGenericValues.GetString(FIELD_APP_ID);
     if (!DataValidator::IsAppIDDescValid(tokenInfoBasic_.appID)) {
         ACCESSTOKEN_LOG_ERROR(LABEL,
@@ -189,6 +193,11 @@ int HapTokenInfoInner::GetUserID() const
     return tokenInfoBasic_.userID;
 }
 
+int HapTokenInfoInner::GetDlpType() const
+{
+    return tokenInfoBasic_.dlpType;
+}
+
 std::string HapTokenInfoInner::GetBundleName() const
 {
     return tokenInfoBasic_.bundleName;
@@ -239,6 +248,7 @@ void HapTokenInfoInner::ToString(std::string& info) const
     info.append(R"(  "userId": )" + std::to_string(tokenInfoBasic_.userID) + ",\n");
     info.append(R"(  "bundleName": ")" + tokenInfoBasic_.bundleName + R"(")" + ",\n");
     info.append(R"(  "instIndex": )" + std::to_string(tokenInfoBasic_.instIndex) + ",\n");
+    info.append(R"(  "dlpType": )" + std::to_string(tokenInfoBasic_.dlpType) + ",\n");
     info.append(R"(  "appID": ")" + tokenInfoBasic_.appID + R"(")" + ",\n");
     info.append(R"(  "deviceID": ")" + tokenInfoBasic_.deviceID + R"(")" + ",\n");
     info.append(R"(  "apl": )" + std::to_string(tokenInfoBasic_.apl) + ",\n");
diff --git a/services/tokensyncmanager/src/command/base_remote_command.cpp b/services/tokensyncmanager/src/command/base_remote_command.cpp
index a46afd7ec..541d0efb8 100644
--- a/services/tokensyncmanager/src/command/base_remote_command.cpp
+++ b/services/tokensyncmanager/src/command/base_remote_command.cpp
@@ -130,6 +130,7 @@ nlohmann::json BaseRemoteCommand::ToHapTokenInfosJson(const HapTokenInfoForSync&
         {"userID", tokenInfo.baseInfo.userID},
         {"bundleName", tokenInfo.baseInfo.bundleName},
         {"instIndex", tokenInfo.baseInfo.instIndex},
+        {"dlpType", tokenInfo.baseInfo.dlpType},
         {"appID", tokenInfo.baseInfo.appID},
         {"deviceID", tokenInfo.baseInfo.deviceID},
         {"apl", tokenInfo.baseInfo.apl},
@@ -159,6 +160,9 @@ void BaseRemoteCommand::FromHapTokenBasicInfoJson(const nlohmann::json& hapToken
     if (hapTokenJson.find("instIndex") != hapTokenJson.end() && hapTokenJson.at("instIndex").is_number()) {
         hapTokenJson.at("instIndex").get_to(hapTokenBasicInfo.instIndex);
     }
+    if (hapTokenJson.find("dlpType") != hapTokenJson.end() && hapTokenJson.at("dlpType").is_number()) {
+        hapTokenJson.at("dlpType").get_to(hapTokenBasicInfo.dlpType);
+    }
     if (hapTokenJson.find("appID") != hapTokenJson.end() && hapTokenJson.at("appID").is_string()) {
         hapTokenJson.at("appID").get_to(hapTokenBasicInfo.appID);
     }
diff --git a/services/tokensyncmanager/src/command/sync_remote_hap_token_command.cpp b/services/tokensyncmanager/src/command/sync_remote_hap_token_command.cpp
index b0f4a50ad..cb5d801a5 100644
--- a/services/tokensyncmanager/src/command/sync_remote_hap_token_command.cpp
+++ b/services/tokensyncmanager/src/command/sync_remote_hap_token_command.cpp
@@ -41,6 +41,7 @@ SyncRemoteHapTokenCommand::SyncRemoteHapTokenCommand(
     hapTokenInfo_.baseInfo.bundleName = "";
     hapTokenInfo_.baseInfo.deviceID = "";
     hapTokenInfo_.baseInfo.instIndex = 0;
+    hapTokenInfo_.baseInfo.dlpType = 0;
     hapTokenInfo_.baseInfo.tokenAttr = 0;
     hapTokenInfo_.baseInfo.tokenID = 0;
     hapTokenInfo_.baseInfo.userID = 0;
-- 
Gitee


From e941bdea77b29cb7a5d16a2139b1c757545f85dc Mon Sep 17 00:00:00 2001
From: lsq <linshuqing2@huawei.com>
Date: Tue, 19 Apr 2022 20:41:10 +0800
Subject: [PATCH 2/3] =?UTF-8?q?=E5=8E=BB=E9=99=A4=E6=9D=83=E9=99=90?=
 =?UTF-8?q?=E5=AE=9A=E4=B9=89=E4=B8=AD=E7=9A=84dlp?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: lsq <linshuqing2@huawei.com>
Change-Id: I8e0ccf8879c41c67fe1001aa1f355a3df5ad6eb5
---
 frameworks/accesstoken/src/permission_def_parcel.cpp            | 2 --
 interfaces/innerkits/accesstoken/include/permission_def.h       | 1 -
 interfaces/kits/accesstoken/napi/src/napi_atmanager.cpp         | 2 --
 .../accesstokenmanager/main/cpp/include/database/field_const.h  | 1 -
 .../main/cpp/src/database/data_translator.cpp                   | 2 --
 .../main/cpp/src/permission/permission_manager.cpp              | 1 -
 .../main/cpp/src/permission/permission_policy_set.cpp           | 1 -
 7 files changed, 10 deletions(-)

diff --git a/frameworks/accesstoken/src/permission_def_parcel.cpp b/frameworks/accesstoken/src/permission_def_parcel.cpp
index d26efba8d..f87b17cfa 100644
--- a/frameworks/accesstoken/src/permission_def_parcel.cpp
+++ b/frameworks/accesstoken/src/permission_def_parcel.cpp
@@ -37,7 +37,6 @@ bool PermissionDefParcel::Marshalling(Parcel& out) const
     RETURN_IF_FALSE(out.WriteString(this->permissionDef.permissionName));
     RETURN_IF_FALSE(out.WriteString(this->permissionDef.bundleName));
     RETURN_IF_FALSE(out.WriteInt32(this->permissionDef.grantMode));
-    RETURN_IF_FALSE(out.WriteInt32(this->permissionDef.isDlpAvailable));
     RETURN_IF_FALSE(out.WriteInt32(this->permissionDef.availableLevel));
     RETURN_IF_FALSE(out.WriteBool(this->permissionDef.provisionEnable));
     RETURN_IF_FALSE(out.WriteBool(this->permissionDef.distributedSceneEnable));
@@ -55,7 +54,6 @@ PermissionDefParcel* PermissionDefParcel::Unmarshalling(Parcel& in)
     permissionDefParcel->permissionDef.permissionName = in.ReadString();
     permissionDefParcel->permissionDef.bundleName = in.ReadString();
     RELEASE_IF_FALSE(in.ReadInt32(permissionDefParcel->permissionDef.grantMode), permissionDefParcel);
-    RELEASE_IF_FALSE(in.ReadInt32(permissionDefParcel->permissionDef.isDlpAvailable), permissionDefParcel);
 
     int level;
     RELEASE_IF_FALSE(in.ReadInt32(level), permissionDefParcel);
diff --git a/interfaces/innerkits/accesstoken/include/permission_def.h b/interfaces/innerkits/accesstoken/include/permission_def.h
index 7b7f0883f..39352b4e5 100644
--- a/interfaces/innerkits/accesstoken/include/permission_def.h
+++ b/interfaces/innerkits/accesstoken/include/permission_def.h
@@ -28,7 +28,6 @@ public:
     std::string permissionName;
     std::string bundleName;
     int grantMode;
-    int isDlpAvailable;
     TypeATokenAplEnum availableLevel;
     bool provisionEnable;
     bool distributedSceneEnable;
diff --git a/interfaces/kits/accesstoken/napi/src/napi_atmanager.cpp b/interfaces/kits/accesstoken/napi/src/napi_atmanager.cpp
index fa87d8737..ae1700371 100644
--- a/interfaces/kits/accesstoken/napi/src/napi_atmanager.cpp
+++ b/interfaces/kits/accesstoken/napi/src/napi_atmanager.cpp
@@ -262,7 +262,6 @@ void NapiAtManager::GrantUserGrantedPermissionExcute(napi_env env, void *data)
 
     // struct init, can not use = { 0 } or memset otherwise program crashdump
     permissionDef.grantMode = 0;
-    permissionDef.isDlpAvailable = 0;
     permissionDef.availableLevel = APL_NORMAL;
     permissionDef.provisionEnable = false;
     permissionDef.distributedSceneEnable = false;
@@ -387,7 +386,6 @@ void NapiAtManager::RevokeUserGrantedPermissionExcute(napi_env env, void *data)
 
     // struct init, can not use = { 0 } or memset otherwise program crashdump
     permissionDef.grantMode = 0;
-    permissionDef.isDlpAvailable = 0;
     permissionDef.availableLevel = APL_NORMAL;
     permissionDef.provisionEnable = false;
     permissionDef.distributedSceneEnable = false;
diff --git a/services/accesstokenmanager/main/cpp/include/database/field_const.h b/services/accesstokenmanager/main/cpp/include/database/field_const.h
index aec1e310e..5d31e933b 100644
--- a/services/accesstokenmanager/main/cpp/include/database/field_const.h
+++ b/services/accesstokenmanager/main/cpp/include/database/field_const.h
@@ -35,7 +35,6 @@ const std::string FIELD_PROCESS_NAME = "process_name";
 const std::string FIELD_DCAP = "dcap";
 const std::string FIELD_PERMISSION_NAME = "permission_name";
 const std::string FIELD_GRANT_MODE = "grant_mode";
-const std::string FIELD_DLP_AVAILABLE = "dlp_available";
 const std::string FIELD_AVAILABLE_LEVEL = "available_level";
 const std::string FIELD_PROVISION_ENABLE = "provision_enable";
 const std::string FIELD_DISTRIBUTED_SCENE_ENABLE = "distributed_scene_enable";
diff --git a/services/accesstokenmanager/main/cpp/src/database/data_translator.cpp b/services/accesstokenmanager/main/cpp/src/database/data_translator.cpp
index 4976071a5..5dc08b762 100644
--- a/services/accesstokenmanager/main/cpp/src/database/data_translator.cpp
+++ b/services/accesstokenmanager/main/cpp/src/database/data_translator.cpp
@@ -34,7 +34,6 @@ int DataTranslator::TranslationIntoGenericValues(const PermissionDef& inPermissi
     outGenericValues.Put(FIELD_PERMISSION_NAME, inPermissionDef.permissionName);
     outGenericValues.Put(FIELD_BUNDLE_NAME, inPermissionDef.bundleName);
     outGenericValues.Put(FIELD_GRANT_MODE, inPermissionDef.grantMode);
-    outGenericValues.Put(FIELD_DLP_AVAILABLE, inPermissionDef.isDlpAvailable);
     outGenericValues.Put(FIELD_AVAILABLE_LEVEL, inPermissionDef.availableLevel);
     outGenericValues.Put(FIELD_PROVISION_ENABLE, inPermissionDef.provisionEnable ? 1 : 0);
     outGenericValues.Put(FIELD_DISTRIBUTED_SCENE_ENABLE, inPermissionDef.distributedSceneEnable ? 1 : 0);
@@ -50,7 +49,6 @@ int DataTranslator::TranslationIntoPermissionDef(const GenericValues& inGenericV
     outPermissionDef.permissionName = inGenericValues.GetString(FIELD_PERMISSION_NAME);
     outPermissionDef.bundleName = inGenericValues.GetString(FIELD_BUNDLE_NAME);
     outPermissionDef.grantMode = inGenericValues.GetInt(FIELD_GRANT_MODE);
-    outPermissionDef.isDlpAvailable = (inGenericValues.GetInt(FIELD_DLP_AVAILABLE));
     int aplNum = inGenericValues.GetInt(FIELD_AVAILABLE_LEVEL);
     if (!DataValidator::IsAplNumValid(aplNum)) {
         ACCESSTOKEN_LOG_ERROR(LABEL, "Apl is wrong.");
diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp
index 7a6c6c65f..b46dac48f 100644
--- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp
+++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp
@@ -367,7 +367,6 @@ std::string PermissionManager::TransferPermissionDefToString(const PermissionDef
     infos.append(R"({"permissionName": ")" + inPermissionDef.permissionName + R"(")");
     infos.append(R"(, "bundleName": ")" + inPermissionDef.bundleName + R"(")");
     infos.append(R"(, "grantMode": )" + std::to_string(inPermissionDef.grantMode));
-    infos.append(R"(, "dlpAvailable": )" + std::to_string(inPermissionDef.isDlpAvailable));
     infos.append(R"(, "availableLevel": )" + std::to_string(inPermissionDef.availableLevel));
     infos.append(R"(, "provisionEnable": )" + std::to_string(inPermissionDef.provisionEnable));
     infos.append(R"(, "distributedSceneEnable": )" + std::to_string(inPermissionDef.distributedSceneEnable));
diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp
index fd352a34b..8f1bad231 100644
--- a/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp
+++ b/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp
@@ -252,7 +252,6 @@ void PermissionPolicySet::PermDefToString(const PermissionDef& def, std::string&
     info.append(R"(      "permissionName": ")" + def.permissionName + R"(")" + ",\n");
     info.append(R"(      "bundleName": ")" + def.bundleName + R"(")" + ",\n");
     info.append(R"(      "grantMode": )" + std::to_string(def.grantMode) + ",\n");
-    info.append(R"(      "dlpAvailable": )" + std::to_string(def.isDlpAvailable) + ",\n");
     info.append(R"(      "availableLevel": )" + std::to_string(def.availableLevel) + ",\n");
     info.append(R"(      "provisionEnable": )" + std::to_string(def.provisionEnable) + ",\n");
     info.append(R"(      "distributedSceneEnable": )" + std::to_string(def.distributedSceneEnable) + ",\n");
-- 
Gitee


From 125e9f0fcc6b0c8ac0858e301fbd4c9b665dfdf5 Mon Sep 17 00:00:00 2001
From: lsq <linshuqing2@huawei.com>
Date: Tue, 19 Apr 2022 20:46:58 +0800
Subject: [PATCH 3/3] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E5=AE=8F=E5=90=8D?=
 =?UTF-8?q?=E5=AD=97?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: lsq <linshuqing2@huawei.com>
Change-Id: If64db720e08b2ae7a9ba9639e1868d196e252672
---
 frameworks/common/src/data_validator.cpp      |  2 +-
 .../accesstoken/include/access_token.h        |  4 +-
 .../unittest/src/accesstoken_kit_test.cpp     | 96 +++++++++++++++++++
 .../test/unittest/src/accesstoken_kit_test.h  |  1 +
 .../main/cpp/src/database/sqlite_storage.cpp  |  3 +-
 .../src/token/accesstoken_info_manager.cpp    |  5 -
 .../token_sync_service_test.cpp               |  7 +-
 7 files changed, 106 insertions(+), 12 deletions(-)

diff --git a/frameworks/common/src/data_validator.cpp b/frameworks/common/src/data_validator.cpp
index f10b015b0..92bda34ee 100644
--- a/frameworks/common/src/data_validator.cpp
+++ b/frameworks/common/src/data_validator.cpp
@@ -89,7 +89,7 @@ bool DataValidator::IsTokenIDValid(AccessTokenID id)
 
 bool DataValidator::IsDlpTypeValid(int dlpType)
 {
-    return ((dlpType == DLP_COMMON) || (dlpType == DPL_READ) || (dlpType == DLP_FULL_CONTROL));
+    return ((dlpType == DLP_COMMON) || (dlpType == DLP_READ) || (dlpType == DLP_FULL_CONTROL));
 }
 } // namespace AccessToken
 } // namespace Security
diff --git a/interfaces/innerkits/accesstoken/include/access_token.h b/interfaces/innerkits/accesstoken/include/access_token.h
index 9f6cdfb00..263fe1660 100644
--- a/interfaces/innerkits/accesstoken/include/access_token.h
+++ b/interfaces/innerkits/accesstoken/include/access_token.h
@@ -33,8 +33,8 @@ enum AccessTokenKitRet {
 
 typedef struct {
     unsigned int tokenUniqueID : 20;
-    unsigned int dlpFlag : 1;
     unsigned int res : 6;
+    unsigned int dlpFlag : 1;
     unsigned int type : 2;
     unsigned int version : 3;
 } AccessTokenIDInner;
@@ -85,7 +85,7 @@ typedef enum TypePermissionOper {
 
 typedef enum DlpType {
     DLP_COMMON = 0,
-    DPL_READ = 1,
+    DLP_READ = 1,
     DLP_FULL_CONTROL = 2,
 } HapDlpType;
 } // namespace AccessToken
diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp
index 7758db986..8613c6169 100644
--- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp
+++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp
@@ -1605,6 +1605,102 @@ HWTEST_F(AccessTokenKitTest, AllocHapToken017, TestSize.Level1)
     g_infoManagerTestPolicyPrams.permList[0].permissionName = backUpPermission;
 }
 
+/**
+ * @tc.name: AllocHapToken018
+ * @tc.desc: alloc a tokenId with vaild dlptype.
+ * @tc.type: FUNC
+ * @tc.require:AR000H4SAB
+ */
+HWTEST_F(AccessTokenKitTest, AllocHapToken018, TestSize.Level1)
+{
+    AccessTokenIDEx tokenIdEx = {0};
+    HapPolicyParams infoManagerTestPolicyPrams = {
+        .apl = APL_NORMAL,
+        .domain = "test.domain",
+        .permList = {},
+        .permStateList = {}
+    };
+    HapInfoParams infoManagerTestInfoParms1 = {
+        .bundleName = "dlp_test1",
+        .userID = 1,
+        .instIndex = 0,
+        .dlpType = DLP_COMMON,
+        .appIDDesc = "testtesttesttest"
+    };
+    HapInfoParams infoManagerTestInfoParms2 = {
+        .bundleName = "dlp_test2",
+        .userID = 1,
+        .instIndex = 1,
+        .dlpType = DLP_READ,
+        .appIDDesc = "testtesttesttest"
+    };
+    HapInfoParams infoManagerTestInfoParms3 = {
+        .bundleName = "dlp_test3",
+        .userID = 1,
+        .instIndex = 2,
+        .dlpType = DLP_FULL_CONTROL,
+        .appIDDesc = "testtesttesttest"
+    };
+    HapTokenInfo hapTokenInfoRes;
+
+    tokenIdEx= AccessTokenKit::AllocHapToken(infoManagerTestInfoParms1, infoManagerTestPolicyPrams);
+    ASSERT_NE(0, tokenIdEx.tokenIdExStruct.tokenID);
+    int ret = AccessTokenKit::GetHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID, hapTokenInfoRes);
+    ASSERT_EQ(ret, RET_SUCCESS);
+    ASSERT_EQ(hapTokenInfoRes.dlpType, DLP_COMMON);
+    ret = AccessTokenKit::DeleteToken(tokenIdEx.tokenIdExStruct.tokenID);
+    ASSERT_EQ(RET_SUCCESS, ret);
+    ret = AccessTokenKit::GetHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID, hapTokenInfoRes);
+    ASSERT_EQ(ret, RET_FAILED);
+
+    tokenIdEx = AccessTokenKit::AllocHapToken(infoManagerTestInfoParms2, infoManagerTestPolicyPrams);
+    ASSERT_NE(0, tokenIdEx.tokenIdExStruct.tokenID);
+    ret = AccessTokenKit::GetHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID, hapTokenInfoRes);
+    ASSERT_EQ(ret, RET_SUCCESS);
+    ASSERT_EQ(hapTokenInfoRes.dlpType, DLP_READ);
+    ret = AccessTokenKit::DeleteToken(tokenIdEx.tokenIdExStruct.tokenID);
+    ASSERT_EQ(RET_SUCCESS, ret);
+    ret = AccessTokenKit::GetHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID, hapTokenInfoRes);
+    ASSERT_EQ(ret, RET_FAILED);
+
+    tokenIdEx = AccessTokenKit::AllocHapToken(infoManagerTestInfoParms3, infoManagerTestPolicyPrams);
+    ASSERT_NE(0, tokenIdEx.tokenIdExStruct.tokenID);
+    ret = AccessTokenKit::GetHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID, hapTokenInfoRes);
+    ASSERT_EQ(ret, RET_SUCCESS);
+    ASSERT_EQ(hapTokenInfoRes.dlpType, DLP_FULL_CONTROL);
+    ret = AccessTokenKit::DeleteToken(tokenIdEx.tokenIdExStruct.tokenID);
+    ASSERT_EQ(RET_SUCCESS, ret);
+    ret = AccessTokenKit::GetHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID, hapTokenInfoRes);
+    ASSERT_EQ(ret, RET_FAILED);
+}
+
+/**
+ * @tc.name: AllocHapToken019
+ * @tc.desc: cannot alloc a tokenId with invaild dlptype.
+ * @tc.type: FUNC
+ * @tc.require:AR000H4SAB
+ */
+HWTEST_F(AccessTokenKitTest, AllocHapToken019, TestSize.Level1)
+{
+    AccessTokenIDEx tokenIdEx = {0};
+    HapPolicyParams infoManagerTestPolicyPrams = {
+        .apl = APL_NORMAL,
+        .domain = "test.domain",
+        .permList = {},
+        .permStateList = {}
+    };
+    HapInfoParams infoManagerTestInfoParms1 = {
+        .bundleName = "accesstoken_test",
+        .userID = 1,
+        .instIndex = 4,
+        .dlpType = INVALID_DLP_TYPE,
+        .appIDDesc = "testtesttesttest"
+    };
+
+    tokenIdEx = AccessTokenKit::AllocHapToken(infoManagerTestInfoParms1, infoManagerTestPolicyPrams);
+    ASSERT_EQ(0, tokenIdEx.tokenIdExStruct.tokenID);
+}
+
 /**
  * @tc.name: UpdateHapToken001
  * @tc.desc: alloc a tokenId successfully, update it successfully and verify it.
diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.h b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.h
index 8464e5c8a..3db3e42ac 100644
--- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.h
+++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.h
@@ -36,6 +36,7 @@ static const int INVALID_PERMNAME_LEN = 260;
 static const int CYCLE_TIMES = 100;
 static const int THREAD_NUM = 3;
 static const int INVALID_DCAP_LEN = 1025;
+static const int INVALID_DLP_TYPE = 4;
 class AccessTokenKitTest : public testing::Test {
 public:
     static void SetUpTestCase();
diff --git a/services/accesstokenmanager/main/cpp/src/database/sqlite_storage.cpp b/services/accesstokenmanager/main/cpp/src/database/sqlite_storage.cpp
index 6ed9497a0..9640c9776 100644
--- a/services/accesstokenmanager/main/cpp/src/database/sqlite_storage.cpp
+++ b/services/accesstokenmanager/main/cpp/src/database/sqlite_storage.cpp
@@ -55,7 +55,7 @@ SqliteStorage::SqliteStorage() : SqliteHelper(DATABASE_NAME, DATABASE_PATH, DATA
     hapTokenInfoTable.tableName_ = HAP_TOKEN_INFO_TABLE;
     hapTokenInfoTable.tableColumnNames_ = {
         FIELD_TOKEN_ID, FIELD_USER_ID,
-        FIELD_BUNDLE_NAME, FIELD_INST_INDEX,
+        FIELD_BUNDLE_NAME, FIELD_INST_INDEX, FIELD_DLP_TYPE,
         FIELD_APP_ID, FIELD_DEVICE_ID,
         FIELD_APL, FIELD_TOKEN_VERSION,
         FIELD_TOKEN_ATTR
@@ -293,6 +293,7 @@ int SqliteStorage::CreateHapTokenInfoTable() const
         .append(FIELD_USER_ID + " integer not null,")
         .append(FIELD_BUNDLE_NAME + " text not null,")
         .append(FIELD_INST_INDEX + " integer not null,")
+        .append(FIELD_DLP_TYPE + " integer not null,")
         .append(FIELD_APP_ID + " text not null,")
         .append(FIELD_DEVICE_ID + " text not null,")
         .append(FIELD_APL + " integer not null,")
diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp
index a4fab377c..d907f4a25 100644
--- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp
+++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp
@@ -76,11 +76,6 @@ void AccessTokenInfoManager::InitHapTokenInfos()
 
     for (GenericValues& tokenValue : hapTokenRes) {
         AccessTokenID tokenId = (AccessTokenID)tokenValue.GetInt(FIELD_TOKEN_ID);
-        int32_t dlpFlag = AccessTokenIDManager::GetInstance().GetTokenIdDlpFlag(tokenId);
-        if (dlpFlag != DLP_COMMON) {
-            ACCESSTOKEN_LOG_WARN(LABEL, "tokenId %{public}u is not a common hap.", tokenId);
-            continue;
-        }
         int ret = AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_HAP);
         if (ret != RET_SUCCESS) {
             ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u add id failed.", tokenId);
diff --git a/services/tokensyncmanager/test/unittest/token_sync_service/token_sync_service_test.cpp b/services/tokensyncmanager/test/unittest/token_sync_service/token_sync_service_test.cpp
index 391402cb8..a5aee02f9 100644
--- a/services/tokensyncmanager/test/unittest/token_sync_service/token_sync_service_test.cpp
+++ b/services/tokensyncmanager/test/unittest/token_sync_service/token_sync_service_test.cpp
@@ -117,7 +117,8 @@ HWTEST_F(TokenSyncServiceTest, GetRemoteHapTokenInfo001, TestSize.Level1)
     g_jsonAfter =
         "\",\"jsonPayload\":\"{\\\"HapTokenInfo\\\":{\\\"apl\\\":1,\\\"appID\\\":"
         "\\\"test\\\",\\\"bundleName\\\":\\\"mock_token_sync\\\",\\\"deviceID\\\":"
-        "\\\"111111\\\",\\\"instIndex\\\":0,\\\"permState\\\":null,\\\"tokenAttr\\\":0,\\\"tokenID\\\":537919488,"
+        "\\\"111111\\\",\\\"instIndex\\\":0,\\\"dlpType\\\":0,\\\"permState\\\":"
+        "null,\\\"tokenAttr\\\":0,\\\"tokenID\\\":537919488,"
         "\\\"userID\\\":0,\\\"version\\\":1},\\\"commandName\\\":\\\"SyncRemoteHapTokenCommand\\\","
         "\\\"dstDeviceId\\\":\\\"deviceid-1\\\",\\\"dstDeviceLevel\\\":\\\"\\\",\\\"message\\\":\\\"success\\\","
         "\\\"requestTokenId\\\":537919488,\\\"requestVersion\\\":2,\\\"responseDeviceId\\\":\\\"deviceid-1:udid-001\\\""
@@ -716,7 +717,7 @@ HWTEST_F(TokenSyncServiceTest, UpdateRemoteHapTokenCommand001, TestSize.Level1)
     std::string recvJson =
         "{\"commandName\":\"UpdateRemoteHapTokenCommand\",\"id\":\"ec23cd2d-\",\"jsonPayload\":"
         "\"{\\\"HapTokenInfos\\\":{\\\"apl\\\":1,\\\"appID\\\":\\\"testtesttesttest\\\","
-        "\\\"bundleName\\\":\\\"accesstoken_test\\\",\\\"deviceID\\\":\\\"0\\\",\\\"instIndex\\\":0,"
+        "\\\"bundleName\\\":\\\"accesstoken_test\\\",\\\"deviceID\\\":\\\"0\\\",\\\"instIndex\\\":0,\\\"dlpType\\\":0,"
         "\\\"permState\\\":[{\\\"grantConfig\\\":[{\\\"grantFlags\\\":2,\\\"grantStatus\\\":0,"
         "\\\"resDeviceID\\\":\\\"local\\\"}],\\\"isGeneral\\\":true,"
         "\\\"permissionName\\\":\\\"ohos.permission.CAMERA\\\"},{\\\"grantConfig\\\":[{\\\"grantFlags\\\":1,"
@@ -745,7 +746,7 @@ HWTEST_F(TokenSyncServiceTest, UpdateRemoteHapTokenCommand001, TestSize.Level1)
     recvJson =
         "{\"commandName\":\"UpdateRemoteHapTokenCommand\",\"id\":\"ec23cd2d-\",\"jsonPayload\":"
         "\"{\\\"HapTokenInfos\\\":{\\\"apl\\\":2,\\\"appID\\\":\\\"testtesttesttest\\\","
-        "\\\"bundleName\\\":\\\"accesstoken_test\\\",\\\"deviceID\\\":\\\"0\\\",\\\"instIndex\\\":0,"
+        "\\\"bundleName\\\":\\\"accesstoken_test\\\",\\\"deviceID\\\":\\\"0\\\",\\\"instIndex\\\":0,\\\"dlpType\\\":0,"
         "\\\"permState\\\":[{\\\"grantConfig\\\":[{\\\"grantFlags\\\":2,\\\"grantStatus\\\":0,"
         "\\\"resDeviceID\\\":\\\"local\\\"}],\\\"isGeneral\\\":true,"
         "\\\"permissionName\\\":\\\"ohos.permission.CAMERA\\\"},{\\\"grantConfig\\\":[{\\\"grantFlags\\\":1,"
-- 
Gitee