diff --git a/frameworks/accesstoken/BUILD.gn b/frameworks/accesstoken/BUILD.gn index 3471db521a3fba1945752e34c4bd152bd158beaa..0b7eff140d07a4b2317e8e9ea90194e3e554671d 100644 --- a/frameworks/accesstoken/BUILD.gn +++ b/frameworks/accesstoken/BUILD.gn @@ -38,6 +38,7 @@ ohos_shared_library("accesstoken_communication_adapter_cxx") { "src/hap_policy_parcel.cpp", "src/hap_token_info_for_sync_parcel.cpp", "src/hap_token_info_parcel.cpp", + "src/native_token_info_for_sync_parcel.cpp", "src/native_token_info_parcel.cpp", "src/permission_def_parcel.cpp", "src/permission_list_state_parcel.cpp", diff --git a/frameworks/accesstoken/include/i_accesstoken_manager.h b/frameworks/accesstoken/include/i_accesstoken_manager.h index b9c78cbeac08374ebad7ef7351328ed911bc4274..46312f8d17a6daa96ffb84df853d9db8e323d494 100644 --- a/frameworks/accesstoken/include/i_accesstoken_manager.h +++ b/frameworks/accesstoken/include/i_accesstoken_manager.h @@ -25,6 +25,7 @@ #include "hap_token_info_for_sync_parcel.h" #include "hap_token_info_parcel.h" #include "iremote_broker.h" +#include "native_token_info_for_sync_parcel.h" #include "native_token_info_parcel.h" #include "permission_def_parcel.h" #include "permission_list_state_parcel.h" @@ -65,11 +66,11 @@ public: #ifdef TOKEN_SYNC_ENABLE virtual int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSyncParcel& hapSyncParcel) = 0; - virtual int GetAllNativeTokenInfo(std::vector& nativeTokenInfoRes) = 0; + virtual int GetAllNativeTokenInfo(std::vector& nativeTokenInfoRes) = 0; virtual int SetRemoteHapTokenInfo(const std::string& deviceID, HapTokenInfoForSyncParcel& hapSyncParcel) = 0; virtual int SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoParcel) = 0; + std::vector& nativeTokenInfoForSyncParcel) = 0; virtual int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) = 0; virtual AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID) = 0; virtual int DeleteRemoteDeviceTokens(const std::string& deviceID) = 0; diff --git a/frameworks/accesstoken/include/native_token_info_for_sync_parcel.h b/frameworks/accesstoken/include/native_token_info_for_sync_parcel.h new file mode 100644 index 0000000000000000000000000000000000000000..a4b6b397cf9d2f4c83d8291ae38f71b7829ad79d --- /dev/null +++ b/frameworks/accesstoken/include/native_token_info_for_sync_parcel.h @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef NATIVE_TOKEN_INFO_FOR_SYNC_PARCEL_H +#define NATIVE_TOKEN_INFO_FOR_SYNC_PARCEL_H + +#include "native_token_info.h" +#include "parcel.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +struct NativeTokenInfoForSyncParcel final : public Parcelable { + NativeTokenInfoForSyncParcel() = default; + + ~NativeTokenInfoForSyncParcel() override = default; + + bool Marshalling(Parcel &out) const override; + + static NativeTokenInfoForSyncParcel *Unmarshalling(Parcel &in); + + NativeTokenInfoForSync nativeTokenInfoForSyncParams; +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // NATIVE_TOKEN_INFO_FOR_SYNC_PARCEL_H + diff --git a/frameworks/accesstoken/src/native_token_info_for_sync_parcel.cpp b/frameworks/accesstoken/src/native_token_info_for_sync_parcel.cpp new file mode 100644 index 0000000000000000000000000000000000000000..655f7b12e8eba21d66009d8854fec966304f1f02 --- /dev/null +++ b/frameworks/accesstoken/src/native_token_info_for_sync_parcel.cpp @@ -0,0 +1,75 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "native_token_info_for_sync_parcel.h" +#include "native_token_info_parcel.h" +#include "permission_state_full_parcel.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +#define RETURN_IF_FALSE(expr) \ + if (!(expr)) { \ + return false; \ + } + +#define RELEASE_IF_FALSE(expr, obj) \ + if (!(expr)) { \ + delete (obj); \ + (obj) = nullptr; \ + return (obj); \ + } + +bool NativeTokenInfoForSyncParcel::Marshalling(Parcel& out) const +{ + NativeTokenInfoParcel baseInfoParcel; + baseInfoParcel.nativeTokenInfoParams = this->nativeTokenInfoForSyncParams.baseInfo; + out.WriteParcelable(&baseInfoParcel); + + const std::vector& permStateList = this->nativeTokenInfoForSyncParams.permStateList; + int32_t permStateListSize = static_cast(permStateList.size()); + RETURN_IF_FALSE(out.WriteInt32(permStateListSize)); + + for (int i = 0; i < permStateListSize; i++) { + PermissionStateFullParcel permStateParcel; + permStateParcel.permStatFull = permStateList[i]; + out.WriteParcelable(&permStateParcel); + } + + return true; +} + +NativeTokenInfoForSyncParcel* NativeTokenInfoForSyncParcel::Unmarshalling(Parcel& in) +{ + auto* nativeTokenInfoForSyncParcel = new (std::nothrow) NativeTokenInfoForSyncParcel(); + RELEASE_IF_FALSE(nativeTokenInfoForSyncParcel != nullptr, nativeTokenInfoForSyncParcel); + + sptr baseInfoParcel = in.ReadParcelable(); + RELEASE_IF_FALSE(baseInfoParcel != nullptr, nativeTokenInfoForSyncParcel); + nativeTokenInfoForSyncParcel->nativeTokenInfoForSyncParams.baseInfo = baseInfoParcel->nativeTokenInfoParams; + + int permStateListSize; + RELEASE_IF_FALSE(in.ReadInt32(permStateListSize), nativeTokenInfoForSyncParcel); + for (int i = 0; i < permStateListSize; i++) { + sptr permissionStateParcel = in.ReadParcelable(); + RELEASE_IF_FALSE(permissionStateParcel != nullptr, nativeTokenInfoForSyncParcel); + nativeTokenInfoForSyncParcel->nativeTokenInfoForSyncParams.permStateList.emplace_back( + permissionStateParcel->permStatFull); + } + return nativeTokenInfoForSyncParcel; +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h index 0c9740761b20df5dac28eff2e6f3c57e9d2daacc..4ee095db065c8d1b77936ced8368ce784136838c 100644 --- a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h +++ b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h @@ -59,10 +59,10 @@ public: #ifdef TOKEN_SYNC_ENABLE static int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSync& hapSync); - static int GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes); + static int GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes); static int SetRemoteHapTokenInfo(const std::string& deviceID, const HapTokenInfoForSync& hapSync); static int SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoList); + std::vector& nativeTokenInfoList); static int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID); static AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID); static int DeleteRemoteDeviceTokens(const std::string& deviceID); diff --git a/interfaces/innerkits/accesstoken/include/native_token_info.h b/interfaces/innerkits/accesstoken/include/native_token_info.h index d02ef226bc3fa7b9a42122b147dd127e2bb42604..6044318807a62bb8a025e1cc71e13bd78f2e1cd2 100644 --- a/interfaces/innerkits/accesstoken/include/native_token_info.h +++ b/interfaces/innerkits/accesstoken/include/native_token_info.h @@ -19,6 +19,7 @@ #include "access_token.h" #include #include +#include "permission_state_full.h" namespace OHOS { namespace Security { @@ -32,6 +33,12 @@ public: AccessTokenID tokenID; AccessTokenAttr tokenAttr; }; + +class NativeTokenInfoForSync final { +public: + NativeTokenInfo baseInfo; + std::vector permStateList; +}; } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp index 9a16bc7bbdce47941b0b33cdd1cb773702b41521..ef7621ad902a37c0d7e944d4db4b6878e83f5ea9 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp @@ -314,7 +314,7 @@ int AccessTokenKit::GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInf return AccessTokenManagerClient::GetInstance().GetHapTokenInfoFromRemote(tokenID, hapSync); } -int AccessTokenKit::GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes) +int AccessTokenKit::GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__); @@ -330,7 +330,7 @@ int AccessTokenKit::SetRemoteHapTokenInfo(const std::string& deviceID, } int AccessTokenKit::SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoList) + std::vector& nativeTokenInfoList) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, deviceID=%{public}s", __func__, deviceID.c_str()); return AccessTokenManagerClient::GetInstance() diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp index d8f78ff1c8c9a9f83fec63b65b7d0f7b17de3f30..855fe52ab15f09fdc46aedf262c267c57263fe54 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp @@ -20,6 +20,7 @@ #include "hap_token_info.h" #include "hap_token_info_for_sync_parcel.h" #include "iservice_registry.h" +#include "native_token_info_for_sync_parcel.h" #include "native_token_info.h" namespace OHOS { @@ -326,7 +327,7 @@ int AccessTokenManagerClient::GetHapTokenInfoFromRemote(AccessTokenID tokenID, H return res; } -int AccessTokenManagerClient::GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes) +int AccessTokenManagerClient::GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes) { ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__); auto proxy = GetProxy(); @@ -335,10 +336,10 @@ int AccessTokenManagerClient::GetAllNativeTokenInfo(std::vector return RET_FAILED; } - std::vector parcelList; + std::vector parcelList; int result = proxy->GetAllNativeTokenInfo(parcelList); for (auto nativeTokenParcel : parcelList) { - NativeTokenInfo native = nativeTokenParcel.nativeTokenInfoParams; + NativeTokenInfoForSync native = nativeTokenParcel.nativeTokenInfoForSyncParams; nativeTokenInfosRes.emplace_back(native); } @@ -362,7 +363,7 @@ int AccessTokenManagerClient::SetRemoteHapTokenInfo(const std::string& deviceID, } int AccessTokenManagerClient::SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoList) + std::vector& nativeTokenInfoList) { ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__); auto proxy = GetProxy(); @@ -370,14 +371,14 @@ int AccessTokenManagerClient::SetRemoteNativeTokenInfo(const std::string& device ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null"); return RET_FAILED; } - std::vector hapTokenInfoParcels; + std::vector nativeTokenInfoParcels; for (auto native : nativeTokenInfoList) { - NativeTokenInfoParcel nativeTokenInfoParcel; - nativeTokenInfoParcel.nativeTokenInfoParams = native; - hapTokenInfoParcels.emplace_back(nativeTokenInfoParcel); + NativeTokenInfoForSyncParcel nativeTokenInfoForSyncParcel; + nativeTokenInfoForSyncParcel.nativeTokenInfoForSyncParams = native; + nativeTokenInfoParcels.emplace_back(nativeTokenInfoForSyncParcel); } PermissionStateFullParcel permStateParcel; - int res = proxy->SetRemoteNativeTokenInfo(deviceID, hapTokenInfoParcels); + int res = proxy->SetRemoteNativeTokenInfo(deviceID, nativeTokenInfoParcels); return res; } diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h index e55311aeb3e49bad7959aeabb531f39e43b96d97..82e867de4d1b231a9675520fc0cefbde06a5b805 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h @@ -63,10 +63,10 @@ public: #ifdef TOKEN_SYNC_ENABLE int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSync& hapSync); - int GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes); + int GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes); int SetRemoteHapTokenInfo(const std::string& deviceID, const HapTokenInfoForSync& hapSync); int SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoList); + std::vector& nativeTokenInfoList); int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID); AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID); int DeleteRemoteDeviceTokens(const std::string& deviceID); diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp index 5ef80f692ce5e213ff942e0cc77ad7bd64de4290..8e891aef2c4c225334e3a638142165083a15d5b6 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp @@ -735,7 +735,7 @@ int AccessTokenManagerProxy::GetHapTokenInfoFromRemote(AccessTokenID tokenID, return result; } -int AccessTokenManagerProxy::GetAllNativeTokenInfo(std::vector& nativeTokenInfoRes) +int AccessTokenManagerProxy::GetAllNativeTokenInfo(std::vector& nativeTokenInfoRes) { MessageParcel data; data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); @@ -761,7 +761,7 @@ int AccessTokenManagerProxy::GetAllNativeTokenInfo(std::vector nativeResult = reply.ReadParcelable(); + sptr nativeResult = reply.ReadParcelable(); if (nativeResult != nullptr) { nativeTokenInfoRes.emplace_back(*nativeResult); } @@ -804,17 +804,17 @@ int AccessTokenManagerProxy::SetRemoteHapTokenInfo(const std::string& deviceID, } int AccessTokenManagerProxy::SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoParcel) + std::vector& nativeTokenInfoForSyncParcel) { MessageParcel data; data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); if (!data.WriteString(deviceID)) { return RET_FAILED; } - if (!data.WriteUint32(nativeTokenInfoParcel.size())) { + if (!data.WriteUint32(nativeTokenInfoForSyncParcel.size())) { return RET_FAILED; } - for (NativeTokenInfoParcel& parcel : nativeTokenInfoParcel) { + for (NativeTokenInfoForSyncParcel& parcel : nativeTokenInfoForSyncParcel) { if (!data.WriteParcelable(&parcel)) { return RET_FAILED; } diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h index 5e549ade6a422f37f9c5bf8a94e72c6fb846ea1e..9bfbf432f5c2b9ab28e31ab01d65f4dbbae29a84 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h @@ -26,6 +26,7 @@ #include "hap_token_info_for_sync_parcel.h" #include "i_accesstoken_manager.h" #include "iremote_proxy.h" +#include "native_token_info_for_sync_parcel.h" #include "native_token_info_parcel.h" #include "permission_def_parcel.h" #include "permission_list_state_parcel.h" @@ -63,10 +64,10 @@ public: #ifdef TOKEN_SYNC_ENABLE int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSyncParcel& hapSyncParcel) override; - int GetAllNativeTokenInfo(std::vector& nativeTokenInfoRes) override; + int GetAllNativeTokenInfo(std::vector& nativeTokenInfoRes) override; int SetRemoteHapTokenInfo(const std::string& deviceID, HapTokenInfoForSyncParcel& hapSyncParcel) override; int SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoParcel) override; + std::vector& nativeTokenInfoForSyncParcel) override; int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) override; AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID) override; int DeleteRemoteDeviceTokens(const std::string& deviceID) override; diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp index 7758db9863c3236827ec97a775f3677008a87713..c90034be90e929c56c5c10e4aa0e695af13626a2 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp @@ -2131,7 +2131,15 @@ HWTEST_F(AccessTokenKitTest, GetTokenTypeFlag001, TestSize.Level1) */ HWTEST_F(AccessTokenKitTest, GetTokenTypeFlag002, TestSize.Level1) { - uint64_t tokenId01 = GetAccessTokenId("GetTokenTypeFlag002", nullptr, 0, "system_core"); + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = 0, + .dcaps = nullptr, + .perms = nullptr, + .processName = "GetTokenTypeFlag002", + .aplStr = "system_core", + }; + uint64_t tokenId01 = GetAccessTokenId(&infoInstance); AccessTokenID tokenID = tokenId01 & 0xffffffff; ATokenTypeEnum ret = AccessTokenKit::GetTokenTypeFlag(tokenID); @@ -3208,7 +3216,7 @@ HWTEST_F(AccessTokenKitTest, GetAllNativeTokenInfo001, TestSize.Level1) { ACCESSTOKEN_LOG_INFO(LABEL, "GetAllNativeTokenInfo001 start."); - std::vector nativeTokenInfosRes; + std::vector nativeTokenInfosRes; int ret = AccessTokenKit::GetAllNativeTokenInfo(nativeTokenInfosRes); ASSERT_EQ(ret, RET_SUCCESS); } @@ -3224,16 +3232,16 @@ HWTEST_F(AccessTokenKitTest, SetRemoteNativeTokenInfo001, TestSize.Level1) ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteNativeTokenInfo001 start."); std::string deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2"; - NativeTokenInfo native1 = { - .apl = APL_NORMAL, - .ver = 1, - .processName = "native_test1", - .dcap = {"SYSDCAP", "DMSDCAP"}, - .tokenID = 0x28000000, - .tokenAttr = 0 + NativeTokenInfoForSync native1 = { + .baseInfo.apl = APL_NORMAL, + .baseInfo.ver = 1, + .baseInfo.processName = "native_test1", + .baseInfo.dcap = {"SYSDCAP", "DMSDCAP"}, + .baseInfo.tokenID = 0x28000000, + .baseInfo.tokenAttr = 0 }; - std::vector nativeTokenInfoList; + std::vector nativeTokenInfoList; nativeTokenInfoList.emplace_back(native1); int ret = AccessTokenKit::SetRemoteNativeTokenInfo(deviceID, nativeTokenInfoList); @@ -3246,13 +3254,13 @@ HWTEST_F(AccessTokenKitTest, SetRemoteNativeTokenInfo001, TestSize.Level1) ret = AccessTokenKit::GetNativeTokenInfo(mapID, resultInfo); ASSERT_EQ(ret, RET_SUCCESS); - ASSERT_EQ(resultInfo.apl, native1.apl); - ASSERT_EQ(resultInfo.ver, native1.ver); - ASSERT_EQ(resultInfo.processName, native1.processName); + ASSERT_EQ(resultInfo.apl, native1.baseInfo.apl); + ASSERT_EQ(resultInfo.ver, native1.baseInfo.ver); + ASSERT_EQ(resultInfo.processName, native1.baseInfo.processName); ASSERT_EQ(resultInfo.dcap.size(), 2); ASSERT_EQ(resultInfo.dcap[0], "SYSDCAP"); ASSERT_EQ(resultInfo.dcap[1], "DMSDCAP"); ASSERT_EQ(resultInfo.tokenID, mapID); - ASSERT_EQ(resultInfo.tokenAttr, native1.tokenAttr); + ASSERT_EQ(resultInfo.tokenAttr, native1.baseInfo.tokenAttr); } #endif diff --git a/interfaces/innerkits/nativetoken/include/nativetoken.h b/interfaces/innerkits/nativetoken/include/nativetoken.h index d256589538076de295231ed900d9fa5403b88064..c353476f97fd60733f5521b17d3f3b24c5bbe372 100644 --- a/interfaces/innerkits/nativetoken/include/nativetoken.h +++ b/interfaces/innerkits/nativetoken/include/nativetoken.h @@ -41,6 +41,8 @@ extern "C" { #define MAX_JSON_FILE_LEN 102400 #define MAX_DCAPS_NUM 32 #define MAX_DCAP_LEN 1024 +#define MAX_PERM_NUM 64 +#define MAX_PERM_LEN 256 #define MAX_PARAMTER_LEN 128 #define SYSTEM_PROP_NATIVE_RECEPTOR "rw.nativetoken.receptor.startup" #define PATH_MAX_LEN 4096 @@ -51,6 +53,7 @@ extern "C" { #define ATRET_SUCCESS 0 #define DCAPS_KEY_NAME "dcaps" +#define PERMS_KEY_NAME "permissions" #define TOKENID_KEY_NAME "tokenId" #define TOKEN_ATTR_KEY_NAME "tokenAttr" #define APL_KEY_NAME "APL" @@ -81,11 +84,19 @@ typedef struct TokenList { NativeAtId tokenId; int32_t apl; char *dcaps[MAX_DCAPS_NUM]; + char *perms[MAX_PERM_NUM]; int dcapsNum; + int permsNum; char processName[MAX_PROCESS_NAME_LEN + 1]; struct TokenList *next; } NativeTokenList; +typedef struct StrArrayAttribute { + int32_t maxStrNum; + uint32_t maxStrLen; + const char *strKey; +} StrArrayAttr; + extern int32_t GetFileBuff(const char *cfg, char **retBuff); #ifdef __cplusplus } diff --git a/interfaces/innerkits/nativetoken/include/nativetoken_kit.h b/interfaces/innerkits/nativetoken/include/nativetoken_kit.h index 8975df42a4a57cf9808d10613f2e16ba7839c175..85f14596698abfde7981b6c7af5ec9c427bcc4e9 100644 --- a/interfaces/innerkits/nativetoken/include/nativetoken_kit.h +++ b/interfaces/innerkits/nativetoken/include/nativetoken_kit.h @@ -25,7 +25,16 @@ extern "C" { #endif -extern uint64_t GetAccessTokenId(const char *processname, const char **dcap, int32_t dacpNum, const char *aplStr); +typedef struct TokenInfoParams { + int dcapsNum; + int permsNum; + const char **dcaps; + const char **perms; + const char *processName; + const char *aplStr; +} NativeTokenInfoParams; + +extern uint64_t GetAccessTokenId(NativeTokenInfoParams *nativeProcInfo); #ifdef __cplusplus } diff --git a/interfaces/innerkits/nativetoken/src/nativetoken.c b/interfaces/innerkits/nativetoken/src/nativetoken.c index cbe4743bf54762ddb4d8b5ff8742c38a9bbcbae3..cc8e9610d485d30ff88099103a493951c16bf9c1 100644 --- a/interfaces/innerkits/nativetoken/src/nativetoken.c +++ b/interfaces/innerkits/nativetoken/src/nativetoken.c @@ -76,17 +76,17 @@ int32_t GetFileBuff(const char *cfg, char **retBuff) return ATRET_SUCCESS; } -static void FreeDcaps(char *dcaps[MAX_DCAPS_NUM], int32_t num) +static void FreeStrArray(char **arr, int32_t num) { for (int32_t i = 0; i <= num; i++) { - if (dcaps[i] != NULL) { - free(dcaps[i]); - dcaps[i] = NULL; + if (arr[i] != NULL) { + free(arr[i]); + arr[i] = NULL; } } } -static uint32_t GetprocessNameFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode) +static uint32_t GetProcessNameFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode) { cJSON *processNameJson = cJSON_GetObjectItem(cjsonItem, PROCESS_KEY_NAME); if (!cJSON_IsString(processNameJson) || (strlen(processNameJson->valuestring) > MAX_PROCESS_NAME_LEN)) { @@ -135,35 +135,35 @@ static uint32_t GetAplFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode) return ATRET_SUCCESS; } -static uint32_t GetDcapsInfoFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode) +static uint32_t GetInfoArrFromJson(cJSON *cjsonItem, char *strArr[], int *strNum, StrArrayAttr *attr) { - cJSON *dcapsJson = cJSON_GetObjectItem(cjsonItem, DCAPS_KEY_NAME); - int32_t dcapSize = cJSON_GetArraySize(dcapsJson); - - tokenNode->dcapsNum = dcapSize; - if (dcapSize > MAX_DCAPS_NUM) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:dcapSize = %d is invalid.", __func__, dcapSize); + cJSON *strArrJson = cJSON_GetObjectItem(cjsonItem, attr->strKey); + int32_t size = cJSON_GetArraySize(strArrJson); + if (size > attr->maxStrNum) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:size = %d is invalid.", __func__, size); return ATRET_FAILED; } - for (int32_t i = 0; i < dcapSize; i++) { - cJSON *dcapItem = cJSON_GetArrayItem(dcapsJson, i); - if (dcapItem == NULL || !cJSON_IsString(dcapItem) || dcapItem->valuestring == NULL) { + *strNum = size; + + for (int32_t i = 0; i < size; i++) { + cJSON *item = cJSON_GetArrayItem(strArrJson, i); + if ((item == NULL) || (!cJSON_IsString(item)) || (item->valuestring == NULL)) { ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_GetArrayItem failed.", __func__); return ATRET_FAILED; } - size_t length = strlen(dcapItem->valuestring); - if (length > MAX_DCAP_LEN) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:dcapItem is invalid.", __func__); + size_t length = strlen(item->valuestring); + if (length > attr->maxStrLen) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:item length %zu is invalid.", __func__, length); return ATRET_FAILED; } - tokenNode->dcaps[i] = (char *)malloc(sizeof(char) * (length + 1)); - if (tokenNode->dcaps[i] == NULL) { - FreeDcaps(tokenNode->dcaps, i - 1); + strArr[i] = (char *)malloc(sizeof(char) * (length + 1)); + if (strArr[i] == NULL) { + FreeStrArray(strArr, i - 1); ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:malloc invalid.", __func__); return ATRET_FAILED; } - if (strcpy_s(tokenNode->dcaps[i], length + 1, dcapItem->valuestring) != EOK) { - FreeDcaps(tokenNode->dcaps, i); + if (strcpy_s(strArr[i], length + 1, item->valuestring) != EOK) { + FreeStrArray(strArr, i); ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:strcpy_s failed.", __func__); return ATRET_FAILED; } @@ -173,17 +173,17 @@ static uint32_t GetDcapsInfoFromJson(cJSON *cjsonItem, NativeTokenList *tokenNod static int32_t GetTokenList(const cJSON *object) { - int32_t arraySize; - int32_t i; uint32_t ret; NativeTokenList *tmp = NULL; + StrArrayAttr attr; if (object == NULL) { ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:object is null.", __func__); return ATRET_FAILED; } - arraySize = cJSON_GetArraySize(object); - for (i = 0; i < arraySize; i++) { + int32_t arraySize = cJSON_GetArraySize(object); + + for (int32_t i = 0; i < arraySize; i++) { tmp = (NativeTokenList *)malloc(sizeof(NativeTokenList)); if (tmp == NULL) { ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:memory alloc failed.", __func__); @@ -195,12 +195,28 @@ static int32_t GetTokenList(const cJSON *object) ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_GetArrayItem failed.", __func__); return ATRET_FAILED; } - ret = GetprocessNameFromJson(cjsonItem, tmp); + ret = GetProcessNameFromJson(cjsonItem, tmp); ret |= GetTokenIdFromJson(cjsonItem, tmp); ret |= GetAplFromJson(cjsonItem, tmp); - ret |= GetDcapsInfoFromJson(cjsonItem, tmp); + + attr.maxStrLen = MAX_DCAP_LEN; + attr.maxStrNum = MAX_DCAPS_NUM; + attr.strKey = DCAPS_KEY_NAME; + ret |= GetInfoArrFromJson(cjsonItem, tmp->dcaps, &(tmp->dcapsNum), &attr); + if (ret != ATRET_SUCCESS) { + free(tmp); + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:GetInfoArrFromJson failed for dcaps.", __func__); + return ATRET_FAILED; + } + + attr.maxStrLen = MAX_PERM_LEN; + attr.maxStrNum = MAX_PERM_NUM; + attr.strKey = PERMS_KEY_NAME; + ret = GetInfoArrFromJson(cjsonItem, tmp->perms, &(tmp->permsNum), &attr); if (ret != ATRET_SUCCESS) { free(tmp); + FreeStrArray(tmp->dcaps, tmp->dcapsNum - 1); + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:GetInfoArrFromJson failed for perms.", __func__); return ATRET_FAILED; } @@ -395,24 +411,25 @@ static void WriteToFile(const cJSON *root) return; } -static int32_t AddDcapsArray(cJSON *object, const NativeTokenList *curr) +static int32_t AddStrArrayInfo(cJSON *object, char * const strArray[], int strNum, const char *strKey) { - cJSON *dcapsArr = cJSON_CreateArray(); - if (dcapsArr == NULL) { + cJSON *strJsonArr = cJSON_CreateArray(); + if (strJsonArr == NULL) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:CreateArray failed, strKey :%s.", __func__, strKey); return ATRET_FAILED; } - for (int32_t i = 0; i < curr->dcapsNum; i++) { - cJSON *item = cJSON_CreateString(curr->dcaps[i]); - if (item == NULL || !cJSON_AddItemToArray(dcapsArr, item)) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:tokenAttr cJSON_AddItemToArray failed.", __func__); + for (int32_t i = 0; i < strNum; i++) { + cJSON *item = cJSON_CreateString(strArray[i]); + if (item == NULL || !cJSON_AddItemToArray(strJsonArr, item)) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:AddItemToArray failed, strKey : %s.", __func__, strKey); cJSON_Delete(item); - cJSON_Delete(dcapsArr); + cJSON_Delete(strJsonArr); return ATRET_FAILED; } } - if (!cJSON_AddItemToObject(object, DCAPS_KEY_NAME, dcapsArr)) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:dcaps cJSON_AddItemToObject failed.", __func__); - cJSON_Delete(dcapsArr); + if (!cJSON_AddItemToObject(object, strKey, strJsonArr)) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:AddItemToObject failed, strKey : %s.", __func__, strKey); + cJSON_Delete(strJsonArr); return ATRET_FAILED; } return ATRET_SUCCESS; @@ -465,7 +482,13 @@ static cJSON *CreateNativeTokenJsonObject(const NativeTokenList *curr) cJSON_Delete(object); return NULL; } - int ret = AddDcapsArray(object, curr); + + int ret = AddStrArrayInfo(object, curr->dcaps, curr->dcapsNum, DCAPS_KEY_NAME); + if (ret != ATRET_SUCCESS) { + cJSON_Delete(object); + } + + ret = AddStrArrayInfo(object, curr->perms, curr->permsNum, PERMS_KEY_NAME); if (ret != ATRET_SUCCESS) { cJSON_Delete(object); } @@ -498,7 +521,6 @@ static void SaveTokenIdToCfg(const NativeTokenList *curr) cJSON *node = CreateNativeTokenJsonObject(curr); if (node == NULL) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:CreateNativeTokenJsonObject failed.", __func__); cJSON_Delete(record); return; } @@ -509,27 +531,41 @@ static void SaveTokenIdToCfg(const NativeTokenList *curr) return; } -static uint32_t CheckProcessInfo(const char *processname, const char **dcaps, - int32_t dcapNum, const char *aplStr, int32_t *aplRet) +static uint32_t CheckStrArray(const char **strArray, int32_t strNum, int maxNum, uint32_t maxInfoLen) { - if ((processname == NULL) || strlen(processname) > MAX_PROCESS_NAME_LEN || - strlen(processname) == 0) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:processname is invalid.", __func__); + if (((strArray == NULL) && (strNum != 0)) || + (strNum > maxNum) || (strNum < 0)) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:strArray is null or strNum is invalid.", __func__); return ATRET_FAILED; } + for (int32_t i = 0; i < strNum; i++) { + if ((strArray[i] == NULL) || (strlen(strArray[i]) > maxInfoLen) || (strlen(strArray[i]) == 0)) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:strArray[%d] length is invalid.", __func__, i); + return ATRET_FAILED; + } + } + return ATRET_SUCCESS; +} - if (((dcaps == NULL) && (dcapNum != 0)) || dcapNum > MAX_DCAPS_NUM || dcapNum < 0) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:dcaps is null or dcapNum is invalid.", __func__); +static uint32_t CheckProcessInfo(NativeTokenInfoParams *tokenInfo, int32_t *aplRet) +{ + if ((tokenInfo->processName == NULL) || strlen(tokenInfo->processName) > MAX_PROCESS_NAME_LEN || + strlen(tokenInfo->processName) == 0) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:processName is invalid.", __func__); return ATRET_FAILED; } - for (int32_t i = 0; i < dcapNum; i++) { - if ((dcaps[i] == NULL) || (strlen(dcaps[i]) > MAX_DCAP_LEN)) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:dcap length is invalid.", __func__); - return ATRET_FAILED; - } + int retDcap = CheckStrArray(tokenInfo->dcaps, tokenInfo->dcapsNum, MAX_DCAPS_NUM, MAX_DCAP_LEN); + if (retDcap != ATRET_SUCCESS) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:dcaps is invalid.", __func__); + return ATRET_FAILED; + } + int retPerm = CheckStrArray(tokenInfo->perms, tokenInfo->permsNum, MAX_PERM_NUM, MAX_PERM_LEN); + if (retPerm != ATRET_SUCCESS) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:perms is invalid.", __func__); + return ATRET_FAILED; } - int32_t apl = GetAplLevel(aplStr); + int32_t apl = GetAplLevel(tokenInfo->aplStr); if (apl == 0) { return ATRET_FAILED; } @@ -537,8 +573,21 @@ static uint32_t CheckProcessInfo(const char *processname, const char **dcaps, return ATRET_SUCCESS; } -static uint32_t AddNewTokenToListAndCfgFile(const char *processname, const char **dcapsIn, - int32_t dcapNumIn, int32_t aplIn, NativeAtId *tokenId) +static uint32_t CreateStrArray(int num, const char **strArr, char **strArrRes) +{ + for (int32_t i = 0; i < num; i++) { + strArrRes[i] = (char *)malloc(sizeof(char) * (strlen(strArr[i]) + 1)); + if (strArrRes[i] == NULL || + (strcpy_s(strArrRes[i], strlen(strArr[i]) + 1, strArr[i]) != EOK)) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:copy strArr[%d] failed.", __func__, i); + FreeStrArray(strArrRes, i); + return ATRET_FAILED; + } + } + return ATRET_SUCCESS; +} + +static uint32_t AddNewTokenToListAndFile(NativeTokenInfoParams *tokenInfo, int32_t aplIn, NativeAtId *tokenId) { NativeTokenList *tokenNode; NativeAtId id; @@ -555,23 +604,24 @@ static uint32_t AddNewTokenToListAndCfgFile(const char *processname, const char } tokenNode->tokenId = id; tokenNode->apl = aplIn; - if (strcpy_s(tokenNode->processName, MAX_PROCESS_NAME_LEN + 1, processname) != EOK) { + if (strcpy_s(tokenNode->processName, MAX_PROCESS_NAME_LEN + 1, tokenInfo->processName) != EOK) { ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:strcpy_s failed.", __func__); free(tokenNode); return ATRET_FAILED; } - tokenNode->dcapsNum = dcapNumIn; + tokenNode->dcapsNum = tokenInfo->dcapsNum; + tokenNode->permsNum = tokenInfo->permsNum; - for (int32_t i = 0; i < dcapNumIn; i++) { - tokenNode->dcaps[i] = (char *)malloc(sizeof(char) * (strlen(dcapsIn[i]) + 1)); - if (tokenNode->dcaps[i] == NULL || - (strcpy_s(tokenNode->dcaps[i], strlen(dcapsIn[i]) + 1, dcapsIn[i]) != EOK)) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:copy dcapsIn[%d] failed.", __func__, i); - FreeDcaps(tokenNode->dcaps, i); - free(tokenNode); - return ATRET_FAILED; - } + if (CreateStrArray(tokenInfo->dcapsNum, tokenInfo->dcaps, tokenNode->dcaps) != ATRET_SUCCESS) { + free(tokenNode); + return ATRET_FAILED; + } + if (CreateStrArray(tokenInfo->permsNum, tokenInfo->perms, tokenNode->perms) != ATRET_SUCCESS) { + FreeStrArray(tokenNode->dcaps, tokenInfo->dcapsNum - 1); + free(tokenNode); + return ATRET_FAILED; } + tokenNode->next = g_tokenListHead->next; g_tokenListHead->next = tokenNode; @@ -581,7 +631,7 @@ static uint32_t AddNewTokenToListAndCfgFile(const char *processname, const char return ATRET_SUCCESS; } -static int32_t CompareProcessInfo(NativeTokenList *tokenNode, const char **dcapsIn, int32_t dcapNumIn, int32_t aplIn) +static int32_t CompareTokenInfo(NativeTokenList *tokenNode, const char **dcapsIn, int32_t dcapNumIn, int32_t aplIn) { if (tokenNode->apl != aplIn) { return 1; @@ -597,61 +647,116 @@ static int32_t CompareProcessInfo(NativeTokenList *tokenNode, const char **dcaps return 0; } -static uint32_t UpdateTokenInfoInList(NativeTokenList *tokenNode, - const char **dcapsIn, int32_t dcapNumIn, int32_t aplIn) +static int32_t ComparePermsInfo(NativeTokenList *tokenNode, const char **permsIn, int32_t permsNumIn) { - tokenNode->apl = aplIn; - - for (int32_t i = 0; i < tokenNode->dcapsNum; i++) { - free(tokenNode->dcaps[i]); - tokenNode->dcaps[i] = NULL; + if (tokenNode->permsNum != permsNumIn) { + return 1; + } + for (int32_t i = 0; i < permsNumIn; i++) { + if (strcmp(tokenNode->perms[i], permsIn[i]) != 0) { + return 1; + } } + return 0; +} - tokenNode->dcapsNum = dcapNumIn; - for (int32_t i = 0; i < dcapNumIn; i++) { - int32_t len = strlen(dcapsIn[i]) + 1; - tokenNode->dcaps[i] = (char *)malloc(sizeof(char) * len); - if (tokenNode->dcaps[i] == NULL || (strcpy_s(tokenNode->dcaps[i], len, dcapsIn[i]) != EOK)) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:copy dcapsIn[%d] failed.", __func__, i); - FreeDcaps(tokenNode->dcaps, i); +static uint32_t UpdateStrArrayInList(char *strArr[], int *strNum, + const char **strArrNew, int strNumNew) +{ + for (int32_t i = 0; i < *strNum; i++) { + free(strArr[i]); + strArr[i] = NULL; + } + + *strNum = strNumNew; + for (int32_t i = 0; i < strNumNew; i++) { + int32_t len = strlen(strArrNew[i]) + 1; + strArr[i] = (char *)malloc(sizeof(char) * len); + if (strArr[i] == NULL || (strcpy_s(strArr[i], len, strArrNew[i]) != EOK)) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:copy strArr[%d] failed.", __func__, i); + FreeStrArray(strArr, i); return ATRET_FAILED; } } return ATRET_SUCCESS; } -static uint32_t UpdateItemcontent(const NativeTokenList *tokenNode, cJSON *record) +static uint32_t UpdateTokenInfoInList(NativeTokenList *tokenNode, NativeTokenInfoParams *tokenInfo) { - cJSON *itemApl = cJSON_CreateNumber(tokenNode->apl); - if (itemApl == NULL) { - return ATRET_FAILED; + tokenNode->apl = GetAplLevel(tokenInfo->aplStr); + + uint32_t ret = UpdateStrArrayInList(tokenNode->dcaps, &(tokenNode->dcapsNum), + tokenInfo->dcaps, tokenInfo->dcapsNum); + if (ret != ATRET_SUCCESS) { + return ret; } - if (!cJSON_ReplaceItemInObject(record, APL_KEY_NAME, itemApl)) { - cJSON_Delete(itemApl); - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:APL update failed.", __func__); - return ATRET_FAILED; + ret = UpdateStrArrayInList(tokenNode->perms, &(tokenNode->permsNum), + tokenInfo->perms, tokenInfo->permsNum); + if (ret != ATRET_SUCCESS) { + FreeStrArray(tokenNode->dcaps, tokenNode->dcapsNum); } + return ret; +} - cJSON *dcapsArr = cJSON_CreateArray(); - if (dcapsArr == NULL) { +static uint32_t UpdateStrArrayType(char * const strArr[], int strNum, const char *strKey, cJSON *record) +{ + cJSON *strArrJson = cJSON_CreateArray(); + if (strArrJson == NULL) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_CreateArray failed.", __func__); return ATRET_FAILED; } - for (int32_t i = 0; i < tokenNode->dcapsNum; i++) { - cJSON *item = cJSON_CreateString(tokenNode->dcaps[i]); + for (int32_t i = 0; i < strNum; i++) { + cJSON *item = cJSON_CreateString(strArr[i]); if (item == NULL) { ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_CreateString failed.", __func__); - cJSON_Delete(dcapsArr); + cJSON_Delete(strArrJson); return ATRET_FAILED; } - if (!cJSON_AddItemToArray(dcapsArr, item)) { + if (!cJSON_AddItemToArray(strArrJson, item)) { ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_AddItemToArray failed.", __func__); cJSON_Delete(item); + cJSON_Delete(strArrJson); return ATRET_FAILED; } } - if (!cJSON_ReplaceItemInObject(record, DCAPS_KEY_NAME, dcapsArr)) { + if (cJSON_GetObjectItem(record, strKey) != NULL) { + if (!cJSON_ReplaceItemInObject(record, strKey, strArrJson)) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_ReplaceItemInObject failed.", __func__); + cJSON_Delete(strArrJson); + return ATRET_FAILED; + } + } else { + if (!cJSON_AddItemToObject(record, strKey, strArrJson)) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_AddItemToObject failed.", __func__); + cJSON_Delete(strArrJson); + return ATRET_FAILED; + } + } + + return ATRET_SUCCESS; +} + +static uint32_t UpdateItemcontent(const NativeTokenList *tokenNode, cJSON *record) +{ + cJSON *itemApl = cJSON_CreateNumber(tokenNode->apl); + if (itemApl == NULL) { + return ATRET_FAILED; + } + if (!cJSON_ReplaceItemInObject(record, APL_KEY_NAME, itemApl)) { + cJSON_Delete(itemApl); + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:APL update failed.", __func__); + return ATRET_FAILED; + } + + uint32_t ret = UpdateStrArrayType(tokenNode->dcaps, tokenNode->dcapsNum, DCAPS_KEY_NAME, record); + if (ret != ATRET_SUCCESS) { ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:dcaps update failed.", __func__); - cJSON_Delete(dcapsArr); + return ATRET_FAILED; + } + + ret = UpdateStrArrayType(tokenNode->perms, tokenNode->permsNum, PERMS_KEY_NAME, record); + if (ret != ATRET_SUCCESS) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:perms update failed.", __func__); return ATRET_FAILED; } return ATRET_SUCCESS; @@ -679,7 +784,7 @@ static uint32_t UpdateGoalItemFromRecord(const NativeTokenList *tokenNode, cJSON return ATRET_FAILED; } -static uint32_t UpdateTokenInfoInCfgFile(NativeTokenList *tokenNode) +static uint32_t UpdateInfoInCfgFile(NativeTokenList *tokenNode) { cJSON *record = NULL; char *fileBuff = NULL; @@ -714,7 +819,7 @@ static uint32_t UpdateTokenInfoInCfgFile(NativeTokenList *tokenNode) return ATRET_SUCCESS; } -uint64_t GetAccessTokenId(const char *processname, const char **dcaps, int32_t dcapNum, const char *aplStr) +uint64_t GetAccessTokenId(NativeTokenInfoParams *tokenInfo) { NativeAtId tokenId = 0; uint64_t result = 0; @@ -725,14 +830,14 @@ uint64_t GetAccessTokenId(const char *processname, const char **dcaps, int32_t d return INVALID_TOKEN_ID; } - uint32_t ret = CheckProcessInfo(processname, dcaps, dcapNum, aplStr, &apl); + uint32_t ret = CheckProcessInfo(tokenInfo, &apl); if (ret != ATRET_SUCCESS) { return INVALID_TOKEN_ID; } NativeTokenList *tokenNode = g_tokenListHead->next; while (tokenNode != NULL) { - if (strcmp(tokenNode->processName, processname) == 0) { + if (strcmp(tokenNode->processName, tokenInfo->processName) == 0) { tokenId = tokenNode->tokenId; break; } @@ -740,12 +845,13 @@ uint64_t GetAccessTokenId(const char *processname, const char **dcaps, int32_t d } if (tokenNode == NULL) { - ret = AddNewTokenToListAndCfgFile(processname, dcaps, dcapNum, apl, &tokenId); + ret = AddNewTokenToListAndFile(tokenInfo, apl, &tokenId); } else { - int32_t needUpdate = CompareProcessInfo(tokenNode, dcaps, dcapNum, apl); - if (needUpdate != 0) { - ret = UpdateTokenInfoInList(tokenNode, dcaps, dcapNum, apl); - ret |= UpdateTokenInfoInCfgFile(tokenNode); + int32_t needTokenUpdate = CompareTokenInfo(tokenNode, tokenInfo->dcaps, tokenInfo->dcapsNum, apl); + int32_t needPermUpdate = ComparePermsInfo(tokenNode, tokenInfo->perms, tokenInfo->permsNum); + if ((needTokenUpdate != 0) || (needPermUpdate != 0)) { + ret = UpdateTokenInfoInList(tokenNode, tokenInfo); + ret |= UpdateInfoInCfgFile(tokenNode); } } if (ret != ATRET_SUCCESS) { diff --git a/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.cpp b/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.cpp index 44eb5cc82026b8a0cba97c77314b22dae4cea7ad..de2434dcd87db07d6f49d1cc4b599062a71f1e9b 100644 --- a/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.cpp +++ b/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.cpp @@ -48,13 +48,22 @@ void TokenLibKitTest::TearDown() int Start(const char *processName) { - const char *processname = processName; const char **dcaps = new const char *[2]; dcaps[0] = "AT_CAP"; dcaps[1] = "ST_CAP"; - int dcapNum = 2; uint64_t tokenId; - tokenId = GetAccessTokenId(processname, dcaps, dcapNum, "system_core"); + const char **perms = new const char *[2]; + perms[0] = "ohos.permission.test1"; + perms[1] = "ohos.permission.test2"; + NativeTokenInfoParams infoInstance = { + .dcapsNum = 2, + .permsNum = 2, + .dcaps = dcaps, + .perms = perms, + .processName = processName, + .aplStr = "system_core", + }; + tokenId = GetAccessTokenId(&infoInstance); delete[] dcaps; return tokenId; } @@ -72,26 +81,42 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId001, TestSize.Level1) dcaps[1] = "ST_CAP"; int dcapNum = 2; uint64_t tokenId; - tokenId = GetAccessTokenId("", dcaps, dcapNum, "system_core"); + const char **perms = new const char *[2]; + perms[0] = "ohos.permission.test1"; + perms[1] = "ohos.permission.test2"; + NativeTokenInfoParams infoInstance = { + .dcapsNum = dcapNum, + .permsNum = 2, + .dcaps = dcaps, + .perms = perms, + .aplStr = "system_core", + }; + infoInstance.processName = ""; + tokenId = GetAccessTokenId(&infoInstance); ASSERT_EQ(tokenId, 0); - tokenId = GetAccessTokenId(nullptr, dcaps, dcapNum, "system_core"); + infoInstance.processName = nullptr; + tokenId = GetAccessTokenId(&infoInstance); ASSERT_EQ(tokenId, 0); /* 257 is invalid processName length */ const std::string invalidProcName (257, 'x'); - tokenId = GetAccessTokenId(invalidProcName.c_str(), dcaps, dcapNum, "system_core"); + infoInstance.processName = invalidProcName.c_str(); + tokenId = GetAccessTokenId(&infoInstance); ASSERT_EQ(tokenId, 0); /* 255 is valid processName length */ const std::string validProcName01 (255, 'x'); - tokenId = GetAccessTokenId(validProcName01.c_str(), dcaps, dcapNum, "system_core"); + infoInstance.processName = validProcName01.c_str(); + tokenId = GetAccessTokenId(&infoInstance); ASSERT_NE(tokenId, 0); /* 256 is valid processName length */ const std::string validProcName02 (256, 'x'); - tokenId = GetAccessTokenId(validProcName02.c_str(), dcaps, dcapNum, "system_core"); + infoInstance.processName = validProcName02.c_str(); + tokenId = GetAccessTokenId(&infoInstance); ASSERT_NE(tokenId, 0); delete[] dcaps; + delete[] perms; } /** @@ -107,12 +132,22 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId002, TestSize.Level1) dcaps[1] = "ST_CAP"; int dcapNum = -1; uint64_t tokenId; - tokenId = GetAccessTokenId("GetAccessTokenId002", dcaps, dcapNum, "system_core"); + NativeTokenInfoParams infoInstance = { + .permsNum = 0, + .dcaps = dcaps, + .perms = nullptr, + .aplStr = "system_core", + }; + infoInstance.dcapsNum = dcapNum; + infoInstance.processName = "GetAccessTokenId002"; + tokenId = GetAccessTokenId(&infoInstance); ASSERT_EQ(tokenId, 0); /* 33 is invalid dcapNum */ dcapNum = 33; - tokenId = GetAccessTokenId("GetAccessTokenId002_00", dcaps, dcapNum, "system_core"); + infoInstance.dcapsNum = dcapNum; + infoInstance.processName = "GetAccessTokenId002_00"; + tokenId = GetAccessTokenId(&infoInstance); ASSERT_EQ(tokenId, 0); for (int32_t i = 0; i < 32; i++) { @@ -120,12 +155,16 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId002, TestSize.Level1) } /* 32 is valid dcapNum */ dcapNum = 32; - tokenId = GetAccessTokenId("GetAccessTokenId002_01", dcaps, dcapNum, "system_core"); + infoInstance.dcapsNum = dcapNum; + infoInstance.processName = "GetAccessTokenId002_01"; + tokenId = GetAccessTokenId(&infoInstance); ASSERT_NE(tokenId, 0); /* 31 is valid dcapNum */ dcapNum = 31; - tokenId = GetAccessTokenId("GetAccessTokenId002_02", dcaps, dcapNum, "system_core"); + infoInstance.dcapsNum = dcapNum; + infoInstance.processName = "GetAccessTokenId002_02"; + tokenId = GetAccessTokenId(&infoInstance); ASSERT_NE(tokenId, 0); delete[] dcaps; @@ -144,30 +183,51 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId003, TestSize.Level1) dcaps[1] = "ST_CAP"; int dcapNum = 2; uint64_t tokenId; - tokenId = GetAccessTokenId("GetAccessTokenId003", nullptr, dcapNum, "system_core"); + NativeTokenInfoParams infoInstance = { + .permsNum = 0, + .dcaps = dcaps, + .perms = nullptr, + .aplStr = "system_core", + }; + infoInstance.dcapsNum = dcapNum; + infoInstance.dcaps = nullptr; + infoInstance.processName = "GetAccessTokenId003"; + tokenId = GetAccessTokenId(&infoInstance); ASSERT_EQ(tokenId, 0); dcapNum = 0; - tokenId = GetAccessTokenId("GetAccessTokenId003_01", nullptr, dcapNum, "system_core"); + infoInstance.dcapsNum = dcapNum; + infoInstance.dcaps = nullptr; + infoInstance.processName = "GetAccessTokenId003_01"; + tokenId = GetAccessTokenId(&infoInstance); ASSERT_NE(tokenId, 0); dcapNum = 2; /* 1025 is invalid dcap length */ const std::string invalidDcap (1025, 'x'); dcaps[0] = invalidDcap.c_str(); - tokenId = GetAccessTokenId("GetAccessTokenId003_02", dcaps, dcapNum, "system_core"); + infoInstance.dcapsNum = dcapNum; + infoInstance.dcaps = dcaps; + infoInstance.processName = "GetAccessTokenId003_02"; + tokenId = GetAccessTokenId(&infoInstance); ASSERT_EQ(tokenId, 0); /* 1024 is valid dcap length */ const std::string validDcap01 (1024, 'x'); dcaps[0] = validDcap01.c_str(); - tokenId = GetAccessTokenId("GetAccessTokenId003_03", dcaps, dcapNum, "system_core"); + infoInstance.dcapsNum = dcapNum; + infoInstance.dcaps = dcaps; + infoInstance.processName = "GetAccessTokenId003_03"; + tokenId = GetAccessTokenId(&infoInstance); ASSERT_NE(tokenId, 0); /* 1023 is valid dcap length */ const std::string validDcap02 (1023, 'x'); dcaps[0] = validDcap02.c_str(); - tokenId = GetAccessTokenId("GetAccessTokenId003_04", dcaps, dcapNum, "system_core"); + infoInstance.dcapsNum = dcapNum; + infoInstance.dcaps = dcaps; + infoInstance.processName = "GetAccessTokenId003_04"; + tokenId = GetAccessTokenId(&infoInstance); ASSERT_NE(tokenId, 0); delete[] dcaps; @@ -186,10 +246,20 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId004, TestSize.Level1) dcaps[1] = "ST_CAP"; int dcapNum = 2; uint64_t tokenId; - tokenId = GetAccessTokenId("GetAccessTokenId003", dcaps, dcapNum, nullptr); + NativeTokenInfoParams infoInstance = { + .dcapsNum = dcapNum, + .permsNum = 0, + .dcaps = dcaps, + .perms = nullptr, + .processName = "GetAccessTokenId003", + }; + + infoInstance.aplStr = nullptr, + tokenId = GetAccessTokenId(&infoInstance); ASSERT_EQ(tokenId, 0); - tokenId = GetAccessTokenId("GetAccessTokenId003", dcaps, dcapNum, "system_invalid"); + infoInstance.aplStr = "system_invalid", + tokenId = GetAccessTokenId(&infoInstance); ASSERT_EQ(tokenId, 0); delete[] dcaps; @@ -233,11 +303,149 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId006, TestSize.Level1) /** * @tc.name: GetAccessTokenId007 - * @tc.desc: Get a batch of AccessTokenId. + * @tc.desc: cannot getAccessTokenId with invalid dcapNum. * @tc.type: FUNC * @tc.require:AR000GK6TD */ HWTEST_F(TokenLibKitTest, GetAccessTokenId007, TestSize.Level1) +{ + const char **perms = new const char *[MAX_PERM_NUM]; + perms[0] = "ohos.permission.test1"; + perms[1] = "ohos.permission.test2"; + int permsNum = -1; + uint64_t tokenId; + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .dcaps = nullptr, + .perms = perms, + .aplStr = "system_core", + }; + + infoInstance.permsNum = permsNum; + infoInstance.processName = "GetAccessTokenId007"; + tokenId = GetAccessTokenId(&infoInstance); + ASSERT_EQ(tokenId, 0); + + permsNum = MAX_PERM_NUM + 1; + infoInstance.permsNum = permsNum; + infoInstance.processName = "GetAccessTokenId007_00"; + tokenId = GetAccessTokenId(&infoInstance); + ASSERT_EQ(tokenId, 0); + + for (int32_t i = 0; i < MAX_PERM_NUM; i++) { + perms[i] = "ohos.permission.test"; + } + + permsNum = MAX_PERM_NUM; + infoInstance.permsNum = permsNum; + infoInstance.processName = "GetAccessTokenId007_01"; + tokenId = GetAccessTokenId(&infoInstance); + ASSERT_NE(tokenId, 0); + + permsNum = MAX_PERM_NUM - 1; + infoInstance.permsNum = permsNum; + infoInstance.processName = "GetAccessTokenId007_02"; + tokenId = GetAccessTokenId(&infoInstance); + ASSERT_NE(tokenId, 0); + + delete[] perms; +} + +/** + * @tc.name: GetAccessTokenId008 + * @tc.desc: Get AccessTokenId with new processName. + * @tc.type: FUNC + * @tc.require:AR000GK6TD + */ +HWTEST_F(TokenLibKitTest, GetAccessTokenId008, TestSize.Level1) +{ + const char **dcaps = new const char *[2]; + dcaps[0] = "AT_CAP"; + dcaps[1] = "ST_CAP"; + uint64_t tokenId; + const char **perms = new const char *[2]; + perms[0] = "ohos.permission.test1"; + perms[1] = "ohos.permission.test2"; + NativeTokenInfoParams infoInstance = { + .dcapsNum = 2, + .permsNum = 2, + .dcaps = dcaps, + .perms = perms, + .processName = "GetAccessTokenId008", + .aplStr = "system_core", + }; + tokenId = GetAccessTokenId(&infoInstance); + ASSERT_NE(tokenId, 0); +} + +/** + * @tc.name: GetAccessTokenId009 + * @tc.desc: cannot getAccessTokenId with invalid perms. + * @tc.type: FUNC + * @tc.require:AR000GK6TD + */ +HWTEST_F(TokenLibKitTest, GetAccessTokenId009, TestSize.Level1) +{ + const char **perms = new const char *[2]; + perms[0] = "AT_CAP"; + perms[1] = "ST_CAP"; + int permsNum = 2; + uint64_t tokenId; + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .dcaps = nullptr, + .aplStr = "system_core", + }; + + infoInstance.permsNum = permsNum; + infoInstance.perms = nullptr; + infoInstance.processName = "GetAccessTokenId009"; + tokenId = GetAccessTokenId(&infoInstance); + ASSERT_EQ(tokenId, 0); + + permsNum = 0; + infoInstance.permsNum = permsNum; + infoInstance.perms = nullptr; + infoInstance.processName = "GetAccessTokenId009_01"; + tokenId = GetAccessTokenId(&infoInstance); + ASSERT_NE(tokenId, 0); + + permsNum = 2; + /* 1025 is invalid dcap length */ + const std::string invalidDcap (MAX_PERM_LEN + 1, 'x'); + perms[0] = invalidDcap.c_str(); + infoInstance.permsNum = permsNum; + infoInstance.perms = perms; + infoInstance.processName = "GetAccessTokenId009_02"; + tokenId = GetAccessTokenId(&infoInstance); + ASSERT_EQ(tokenId, 0); + + const std::string validDcap01 (MAX_PERM_LEN, 'x'); + perms[0] = validDcap01.c_str(); + infoInstance.permsNum = permsNum; + infoInstance.perms = perms; + infoInstance.processName = "GetAccessTokenId009_03"; + tokenId = GetAccessTokenId(&infoInstance); + ASSERT_NE(tokenId, 0); + + const std::string validDcap02 (MAX_PERM_LEN - 1, 'x'); + perms[0] = validDcap02.c_str(); + infoInstance.permsNum = permsNum; + infoInstance.perms = perms; + infoInstance.processName = "GetAccessTokenId009_04"; + tokenId = GetAccessTokenId(&infoInstance); + ASSERT_NE(tokenId, 0); + + delete[] perms; +} + +/** + * @tc.name: GetAccessTokenId010 + * @tc.desc: Get a batch of AccessTokenId. + * @tc.type: FUNC + * @tc.require:AR000GK6TD + */ +HWTEST_F(TokenLibKitTest, GetAccessTokenId010, TestSize.Level1) { char processName[200][MAX_PROCESS_NAME_LEN]; /* enable 200 process before fondation is prepared */ @@ -259,12 +467,12 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId007, TestSize.Level1) } /** - * @tc.name: GetAccessTokenId008 + * @tc.name: GetAccessTokenId011 * @tc.desc: Get AccessTokenId and check the config file. * @tc.type: FUNC * @tc.require:AR000GK6TD */ -HWTEST_F(TokenLibKitTest, GetAccessTokenId008, TestSize.Level1) +HWTEST_F(TokenLibKitTest, GetAccessTokenId011, TestSize.Level1) { Start("process1"); Start("process2"); diff --git a/interfaces/innerkits/tokensync/src/token_sync_manager_client.cpp b/interfaces/innerkits/tokensync/src/token_sync_manager_client.cpp index 3cd5a9d56002d8cc5dda0025f4395d80f7563286..f11d38bfa4b0497bdf521479553854ecae0408d8 100644 --- a/interfaces/innerkits/tokensync/src/token_sync_manager_client.cpp +++ b/interfaces/innerkits/tokensync/src/token_sync_manager_client.cpp @@ -17,6 +17,7 @@ #include "accesstoken_log.h" #include "hap_token_info_for_sync_parcel.h" +#include "native_token_info_for_sync_parcel.h" #include "iservice_registry.h" namespace OHOS { diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h b/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h index 76cb640fb5d39a58f43419724c56fba0c7148186..59e31d77702eb7373bca8d794a228a1b3cfe3aeb 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h @@ -47,6 +47,8 @@ public: bool HasDefinition(const std::string& permissionName); + bool IsPermissionDefEmpty(); + private: PermissionDefinitionCache(); diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h index 64fa632f5e9262231b1b9cbdc8c049ecb3d1c253..68ad9751d722aae038b9f54819279dda2cc8da5a 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h @@ -38,6 +38,8 @@ public: void AddDefPermissions(std::shared_ptr tokenInfo, bool updateFlag); void RemoveDefPermissions(AccessTokenID tokenID); + int VerifyNativeAccessToken(AccessTokenID tokenID, const std::string& permissionName); + int VerifyHapAccessToken(AccessTokenID tokenID, const std::string& permissionName); int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName); int VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName); int GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult); diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h b/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h index 773153759d1ea2d7c9484153fb2900f5070feaa6..d8ec4cb97530790f5f0234e99ecc28c0834db400 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h @@ -48,6 +48,8 @@ public: int QueryPermissionFlag(const std::string& permissionName); void UpdatePermissionStatus(const std::string& permissionName, bool isGranted, int flag); void ToString(std::string& info); + bool IsPermissionReqValid(int32_t tokenApl, const std::string &permissionName); + void PermStateToString(int32_t tokenApl, std::string& info); void GetPermissionStateList(std::vector& stateList); private: diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h index 5ab88b09343ce49aadee6d45875a0dec6d264f52..cdb8501245ab8ee238064e1ab296354b3a060622 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h @@ -64,10 +64,10 @@ public: #ifdef TOKEN_SYNC_ENABLE int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSyncParcel& hapSyncParcel) override; - int GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes) override; + int GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes) override; int SetRemoteHapTokenInfo(const std::string& deviceID, HapTokenInfoForSyncParcel& hapSyncParcel) override; int SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoParcel) override; + std::vector& nativeTokenInfoForSyncParcel) override; int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) override; AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID) override; int DeleteRemoteDeviceTokens(const std::string& deviceID) override; diff --git a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h index aa8fa7d72a113564d0ce71cbe98a2b730c592cdc..0fbd982454f09b9c1ab790392768de50b970fc09 100644 --- a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h +++ b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h @@ -41,6 +41,7 @@ public: int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& InfoParcel); std::shared_ptr GetNativeTokenInfoInner(AccessTokenID id); int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfo& InfoParcel); + std::shared_ptr GetNativePermissionPolicySet(AccessTokenID id); std::shared_ptr GetHapPermissionPolicySet(AccessTokenID id); int RemoveHapTokenInfo(AccessTokenID id); int RemoveNativeTokenInfo(AccessTokenID id); @@ -58,10 +59,10 @@ public: int GetHapTokenSync(AccessTokenID tokenID, HapTokenInfoForSync& hapSync); int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSync& hapSync); - void GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes); + void GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes); int SetRemoteHapTokenInfo(const std::string& deviceID, HapTokenInfoForSync& hapSync); int SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoList); + std::vector& nativeTokenInfoList); int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID); AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID); int DeleteRemoteDeviceTokens(const std::string& deviceID); diff --git a/services/accesstokenmanager/main/cpp/include/token/native_token_info_inner.h b/services/accesstokenmanager/main/cpp/include/token/native_token_info_inner.h index 72f5b2e7cdd505328e2bd6456e6b5ee7d2e97a42..5b95fa62b4b576fe8e87518f0dd748156a32421d 100644 --- a/services/accesstokenmanager/main/cpp/include/token/native_token_info_inner.h +++ b/services/accesstokenmanager/main/cpp/include/token/native_token_info_inner.h @@ -21,6 +21,8 @@ #include "access_token.h" #include "generic_values.h" #include "native_token_info.h" +#include "permission_policy_set.h" +#include "permission_state_full.h" namespace OHOS { namespace Security { @@ -31,21 +33,27 @@ static const std::string JSON_VERSION = "version"; static const std::string JSON_TOKEN_ID = "tokenId"; static const std::string JSON_TOKEN_ATTR = "tokenAttr"; static const std::string JSON_DCAPS = "dcaps"; +static const std::string JSON_PERMS = "permissions"; static const int MAX_DCAPS_NUM = 32; +static const int MAX_REQ_PERM_NUM = 32; class NativeTokenInfoInner final { public: NativeTokenInfoInner(); - NativeTokenInfoInner(NativeTokenInfo& info); + NativeTokenInfoInner(NativeTokenInfo& info, + const std::vector &permStateList); virtual ~NativeTokenInfoInner(); int Init(AccessTokenID id, const std::string& processName, int apl, - const std::vector& dcap); - void StoreNativeInfo(std::vector& valueList) const; + const std::vector& dcap, + const std::vector &permStateList); + void StoreNativeInfo(std::vector& valueList, + std::vector& permStateValues) const; void TranslateToNativeTokenInfo(NativeTokenInfo& InfoParcel) const; void SetDcaps(const std::string& dcapStr); void ToString(std::string& info) const; - int RestoreNativeTokenInfo(AccessTokenID tokenId, const GenericValues& inGenericValues); + int RestoreNativeTokenInfo(AccessTokenID tokenId, const GenericValues& inGenericValues, + const std::vector& permStateRes); void Update(AccessTokenID tokenId, const std::string& processName, int apl, const std::vector& dcap); @@ -53,6 +61,7 @@ public: AccessTokenID GetTokenID() const; std::string GetProcessName() const; NativeTokenInfo GetNativeTokenInfo() const; + std::shared_ptr GetNativeInfoPermissionPolicySet() const; bool IsRemote() const; void SetRemote(bool isRemote); @@ -63,6 +72,7 @@ private: // true means sync from remote. bool isRemote_; NativeTokenInfo tokenInfoBasic_; + std::shared_ptr permPolicySet_; }; } // namespace AccessToken } // namespace Security diff --git a/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h b/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h index 9917e5e57f3058b532ed1bd248441018a6af6dfe..cc72c61ff398cc1a6d20518553eac85f904ca931 100644 --- a/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h +++ b/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h @@ -19,10 +19,13 @@ #include #include +#include "native_token_info_inner.h" + #include "access_token.h" #include "nlohmann/json.hpp" -#include "native_token_info_inner.h" #include "nocopyable.h" +#include "permission_policy_set.h" +#include "permission_state_full.h" namespace OHOS { namespace Security { @@ -45,7 +48,6 @@ private: int32_t ParserNativeRawData(const std::string& nativeRawData, std::vector>& tokenInfos); void from_json(const nlohmann::json& j, NativeTokenInfo& p); - bool ready_; }; } // namespace AccessToken diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp index 2f32086145d566e06455b1683ca4ae5e6ff4bbb1..942e280c7035279dbd54aeb77ed06c6afbf45e48 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp @@ -111,6 +111,12 @@ bool PermissionDefinitionCache::HasDefinition(const std::string& permissionName) Utils::UniqueReadGuard cacheGuard(this->cacheLock_); return permissionDefinitionMap_.count(permissionName) == 1; } + +bool PermissionDefinitionCache::IsPermissionDefEmpty() +{ + Utils::UniqueReadGuard cacheGuard(this->cacheLock_); + return permissionDefinitionMap_.empty(); +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index b46dac48f17b9b0f0859a76fabdbc9692a3617c2..326a1e1cc3a6541d2d8fb0f3b5794e4c125c4366 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -15,6 +15,7 @@ #include "permission_manager.h" #include "access_token.h" +#include "accesstoken_id_manager.h" #include "accesstoken_info_manager.h" #include "accesstoken_log.h" #include "permission_definition_cache.h" @@ -78,25 +79,20 @@ void PermissionManager::AddDefPermissions(std::shared_ptr tok void PermissionManager::RemoveDefPermissions(AccessTokenID tokenID) { - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: 0x%{public}x", __func__, tokenID); + ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: %{public}u", __func__, tokenID); std::shared_ptr tokenInfo = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenID); if (tokenInfo == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "invalid params(tokenID: 0x%{public}x)!", tokenID); + ACCESSTOKEN_LOG_ERROR(LABEL, "invalid params(tokenID: %{public}u)!", tokenID); return; } std::string bundleName = tokenInfo->GetBundleName(); PermissionDefinitionCache::GetInstance().DeleteByBundleName(bundleName); } -int PermissionManager::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) +int PermissionManager::VerifyHapAccessToken(AccessTokenID tokenID, const std::string& permissionName) { - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: 0x%{public}x, permissionName: %{public}s", __func__, - tokenID, permissionName.c_str()); - if (!PermissionValidator::IsPermissionNameValid(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "invalid params!"); - return PERMISSION_DENIED; - } + ACCESSTOKEN_LOG_INFO(LABEL, "called"); std::shared_ptr tokenInfoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenID); if (tokenInfoPtr == nullptr) { @@ -119,10 +115,57 @@ int PermissionManager::VerifyAccessToken(AccessTokenID tokenID, const std::strin return permPolicySet->VerifyPermissStatus(permissionName); } +int PermissionManager::VerifyNativeAccessToken(AccessTokenID tokenID, const std::string& permissionName) +{ + std::shared_ptr tokenInfoPtr = + AccessTokenInfoManager::GetInstance().GetNativeTokenInfoInner(tokenID); + if (tokenInfoPtr == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "can not find tokenInfo!"); + return PERMISSION_DENIED; + } + if (PermissionDefinitionCache::GetInstance().IsPermissionDefEmpty()) { + ACCESSTOKEN_LOG_INFO(LABEL, "permission definition set has not been installed!"); + return PERMISSION_GRANTED; + } + if (!tokenInfoPtr->IsRemote() && !PermissionDefinitionCache::GetInstance().HasDefinition(permissionName)) { + ACCESSTOKEN_LOG_ERROR( + LABEL, "no definition for permission: %{public}s!", permissionName.c_str()); + return PERMISSION_DENIED; + } + std::shared_ptr permPolicySet = + AccessTokenInfoManager::GetInstance().GetNativePermissionPolicySet(tokenID); + if (permPolicySet == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "invalid params!"); + return PERMISSION_DENIED; + } + + return permPolicySet->VerifyPermissStatus(permissionName); +} + +int PermissionManager::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: %{public}u, permissionName: %{public}s", __func__, + tokenID, permissionName.c_str()); + if (!PermissionValidator::IsPermissionNameValid(permissionName)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "invalid params!"); + return PERMISSION_DENIED; + } + + ATokenTypeEnum tokenType = AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(tokenID); + if (tokenType == TOKEN_NATIVE) { + return VerifyNativeAccessToken(tokenID, permissionName); + } + if (tokenType == TOKEN_HAP) { + return VerifyHapAccessToken(tokenID, permissionName); + } + ACCESSTOKEN_LOG_ERROR(LABEL, "invalid tokenType!"); + return PERMISSION_DENIED; +} + int PermissionManager::VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName) { ACCESSTOKEN_LOG_INFO(LABEL, - "%{public}s called, tokenID: 0x%{public}x, permissionName: %{public}s", __func__, + "%{public}s called, tokenID: %{public}u, permissionName: %{public}s", __func__, tokenID, permissionName.c_str()); PermissionDef permissionInfo; @@ -160,7 +203,7 @@ int PermissionManager::GetDefPermission(const std::string& permissionName, Permi int PermissionManager::GetDefPermissions(AccessTokenID tokenID, std::vector& permList) { - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: 0x%{public}x", __func__, tokenID); + ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: %{public}u", __func__, tokenID); std::shared_ptr permPolicySet = AccessTokenInfoManager::GetInstance().GetHapPermissionPolicySet(tokenID); if (permPolicySet == nullptr) { @@ -175,7 +218,7 @@ int PermissionManager::GetDefPermissions(AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) { - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: 0x%{public}x, isSystemGrant: %{public}d", + ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: %{public}u, isSystemGrant: %{public}d", __func__, tokenID, isSystemGrant); std::shared_ptr permPolicySet = AccessTokenInfoManager::GetInstance().GetHapPermissionPolicySet(tokenID); @@ -244,7 +287,7 @@ void PermissionManager::GetSelfPermissionState(std::vector int PermissionManager::GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName) { - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: 0x%{public}x, permissionName: %{public}s", + ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: %{public}u, permissionName: %{public}s", __func__, tokenID, permissionName.c_str()); if (!PermissionValidator::IsPermissionNameValid(permissionName)) { ACCESSTOKEN_LOG_ERROR(LABEL, "invalid params!"); @@ -292,7 +335,7 @@ void PermissionManager::UpdateTokenPermissionState( void PermissionManager::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag) { ACCESSTOKEN_LOG_INFO(LABEL, - "%{public}s called, tokenID: 0x%{public}x, permissionName: %{public}s, flag: %{public}d", + "%{public}s called, tokenID: %{public}u, permissionName: %{public}s, flag: %{public}d", __func__, tokenID, permissionName.c_str(), flag); if (!PermissionValidator::IsPermissionNameValid(permissionName)) { ACCESSTOKEN_LOG_ERROR(LABEL, "invalid params!"); @@ -313,7 +356,7 @@ void PermissionManager::GrantPermission(AccessTokenID tokenID, const std::string void PermissionManager::RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag) { ACCESSTOKEN_LOG_INFO(LABEL, - "%{public}s called, tokenID: 0x%{public}x, permissionName: %{public}s, flag: %{public}d", + "%{public}s called, tokenID: %{public}u, permissionName: %{public}s, flag: %{public}d", __func__, tokenID, permissionName.c_str(), flag); if (!PermissionValidator::IsPermissionNameValid(permissionName)) { ACCESSTOKEN_LOG_ERROR(LABEL, "invalid params!"); @@ -333,7 +376,7 @@ void PermissionManager::RevokePermission(AccessTokenID tokenID, const std::strin void PermissionManager::ClearUserGrantedPermissionState(AccessTokenID tokenID) { - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: 0x%{public}x", __func__, tokenID); + ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: %{public}u", __func__, tokenID); std::shared_ptr infoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenID); if (infoPtr == nullptr) { ACCESSTOKEN_LOG_ERROR(LABEL, "invalid params!"); diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp index 8f1bad23198877871138df38bd855589dd436e96..ce6ad9ea95db30e0298239b923994cd0f045104b 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp @@ -19,6 +19,7 @@ #include "data_storage.h" #include "data_translator.h" #include "field_const.h" +#include "permission_definition_cache.h" #include "permission_validator.h" namespace OHOS { @@ -324,6 +325,51 @@ void PermissionPolicySet::ToString(std::string& info) } info.append("\n ]\n"); } + +bool PermissionPolicySet::IsPermissionReqValid(int32_t tokenApl, const std::string &permissionName) +{ + PermissionDef permissionDef; + int ret = PermissionDefinitionCache::GetInstance().FindByPermissionName( + permissionName, permissionDef); + if (ret != RET_SUCCESS) { + return false; + } + if (tokenApl < permissionDef.availableLevel) { + return false; + } + return true; +} + +void PermissionPolicySet::PermStateToString(int32_t tokenApl, std::string& info) +{ + Utils::UniqueReadGuard infoGuard(this->permPolicySetLock_); + + std::vector invaildPermList = {}; + info.append(R"( "permStateList": [)"); + info.append("\n"); + for (auto iter = permStateList_.begin(); iter != permStateList_.end(); iter++) { + if (!IsPermissionReqValid(tokenApl, iter->permissionName)) { + invaildPermList.emplace_back(iter->permissionName); + continue; + } + PermStateFullToString(*iter, info); + if (iter != (permStateList_.end() - 1)) { + info.append(",\n"); + } + } + info.append("\n ]\n"); + + if (invaildPermList.size() == 0) { + return; + } + + info.append(R"( "invaildPermList": [)"); + info.append("\n"); + for (auto iter = invaildPermList.begin(); iter != invaildPermList.end(); iter++) { + info.append(R"( "permissionName": ")" + *iter + R"(")" + ",\n"); + } + info.append("\n ]\n"); +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index 2607d550ffca9c5723b74d7b99766773a599b634..b1ebfed38218f5a0cbe82b5629e5f6af9b3d8058 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -283,15 +283,15 @@ int AccessTokenManagerService::GetHapTokenInfoFromRemote(AccessTokenID tokenID, hapSyncParcel.hapTokenInfoForSyncParams); } -int AccessTokenManagerService::GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes) +int AccessTokenManagerService::GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__); - std::vector nativeVec; + std::vector nativeVec; AccessTokenInfoManager::GetInstance().GetAllNativeTokenInfo(nativeVec); for (auto& native : nativeVec) { - NativeTokenInfoParcel nativeParcel; - nativeParcel.nativeTokenInfoParams = native; + NativeTokenInfoForSyncParcel nativeParcel; + nativeParcel.nativeTokenInfoForSyncParams = native; nativeTokenInfosRes.emplace_back(nativeParcel); } @@ -308,14 +308,14 @@ int AccessTokenManagerService::SetRemoteHapTokenInfo(const std::string& deviceID } int AccessTokenManagerService::SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoParcel) + std::vector& nativeTokenInfoForSyncParcel) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, deviceID: %{public}s", __func__, deviceID.c_str()); - std::vector nativeList; + std::vector nativeList; - for (auto& nativeParcel : nativeTokenInfoParcel) { - nativeList.emplace_back(nativeParcel.nativeTokenInfoParams); + for (auto& nativeParcel : nativeTokenInfoForSyncParcel) { + nativeList.emplace_back(nativeParcel.nativeTokenInfoForSyncParams); } return AccessTokenInfoManager::GetInstance().SetRemoteNativeTokenInfo(deviceID, nativeList); diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp index 86b58819a17375549d2b61aafea6f8a7ce97a7dd..6452f84495f665350b7bc2aac6873b93d86b8ed6 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp @@ -344,7 +344,7 @@ void AccessTokenManagerStub::GetAllNativeTokenInfoInner(MessageParcel& data, Mes reply.WriteInt32(RET_FAILED); return; } - std::vector nativeTokenInfosRes; + std::vector nativeTokenInfosRes; int result = this->GetAllNativeTokenInfo(nativeTokenInfosRes); reply.WriteUint32(nativeTokenInfosRes.size()); for (auto native : nativeTokenInfosRes) { @@ -380,7 +380,7 @@ void AccessTokenManagerStub::SetRemoteNativeTokenInfoInner(MessageParcel& data, } std::string deviceID = data.ReadString(); - std::vector nativeTokenInfoParcel; + std::vector nativeParcelList; uint32_t size = data.ReadUint32(); if (size > MAX_NATIVE_TOKEN_INFO_SIZE) { ACCESSTOKEN_LOG_ERROR(LABEL, "size %{public}u is invalid", size); @@ -388,16 +388,16 @@ void AccessTokenManagerStub::SetRemoteNativeTokenInfoInner(MessageParcel& data, return; } for (uint32_t i = 0; i < size; i++) { - sptr nativeParcel = data.ReadParcelable(); + sptr nativeParcel = data.ReadParcelable(); if (nativeParcel == nullptr) { ACCESSTOKEN_LOG_ERROR(LABEL, "nativeParcel read faild"); reply.WriteInt32(RET_FAILED); return; } - nativeTokenInfoParcel.emplace_back(*nativeParcel); + nativeParcelList.emplace_back(*nativeParcel); } - int result = this->SetRemoteNativeTokenInfo(deviceID, nativeTokenInfoParcel); + int result = this->SetRemoteNativeTokenInfo(deviceID, nativeParcelList); reply.WriteInt32(result); } diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index 5c0235ccdbc83deea32c7519e416ce845bf61d4e..963fa85dfbb4e010ffe61bfb0870eed01451eab5 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -78,30 +78,30 @@ void AccessTokenInfoManager::InitHapTokenInfos() AccessTokenID tokenId = (AccessTokenID)tokenValue.GetInt(FIELD_TOKEN_ID); int ret = AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_HAP); if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}x add id failed.", tokenId); + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u add id failed.", tokenId); continue; } std::shared_ptr hap = std::make_shared(); if (hap == nullptr) { AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); - ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}x alloc failed.", tokenId); + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u alloc failed.", tokenId); continue; } ret = hap->RestoreHapTokenInfo(tokenId, tokenValue, permDefRes, permStateRes); if (ret != RET_SUCCESS) { AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); - ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}x restore failed.", tokenId); + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u restore failed.", tokenId); continue; } ret = AddHapTokenInfo(hap); if (ret != RET_SUCCESS) { AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); - ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}x add failed.", tokenId); + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u add failed.", tokenId); continue; } ACCESSTOKEN_LOG_INFO(LABEL, - " restore hap token 0x%{public}x bundle name %{public}s user %{public}d inst %{public}d ok!", + " restore hap token %{public}u bundle name %{public}s user %{public}d inst %{public}d ok!", tokenId, hap->GetBundleName().c_str(), hap->GetUserID(), hap->GetInstIndex()); } } @@ -109,36 +109,39 @@ void AccessTokenInfoManager::InitHapTokenInfos() void AccessTokenInfoManager::InitNativeTokenInfos() { std::vector nativeTokenResults; + std::vector permStateRes; + DataStorage::GetRealDataStorage().Find(DataStorage::ACCESSTOKEN_NATIVE_INFO, nativeTokenResults); + DataStorage::GetRealDataStorage().Find(DataStorage::ACCESSTOKEN_PERMISSION_STATE, permStateRes); for (GenericValues nativeTokenValue : nativeTokenResults) { AccessTokenID tokenId = (AccessTokenID)nativeTokenValue.GetInt(FIELD_TOKEN_ID); int ret = AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_NATIVE); if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}x add failed.", tokenId); + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u add failed.", tokenId); continue; } std::shared_ptr native = std::make_shared(); if (native == nullptr) { AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); - ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}x alloc failed.", tokenId); + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u alloc failed.", tokenId); continue; } - ret = native->RestoreNativeTokenInfo(tokenId, nativeTokenValue); + ret = native->RestoreNativeTokenInfo(tokenId, nativeTokenValue, permStateRes); if (ret != RET_SUCCESS) { AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); - ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}x restore failed.", tokenId); + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u restore failed.", tokenId); continue; } ret = AddNativeTokenInfo(native); if (ret != RET_SUCCESS) { AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); - ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}x add failed.", tokenId); + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u add failed.", tokenId); continue; } ACCESSTOKEN_LOG_INFO(LABEL, - "restore native token 0x%{public}x process name %{public}s ok!", + "restore native token %{public}u process name %{public}s ok!", tokenId, native->GetProcessName().c_str()); } } @@ -168,14 +171,14 @@ int AccessTokenInfoManager::AddHapTokenInfo(const std::shared_ptr infoGuard(this->hapTokenInfoLock_); if (hapTokenInfoMap_.count(id) > 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "token %{public}x info has exist.", id); + ACCESSTOKEN_LOG_ERROR(LABEL, "token %{public}u info has exist.", id); return RET_FAILED; } if (!info->IsRemote()) { std::string HapUniqueKey = GetHapUniqueStr(info); if (hapTokenIdMap_.count(HapUniqueKey) > 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "token %{public}x Unique info has exist.", id); + ACCESSTOKEN_LOG_ERROR(LABEL, "token %{public}u Unique info has exist.", id); return RET_FAILED; } hapTokenIdMap_[HapUniqueKey] = id; @@ -200,17 +203,19 @@ int AccessTokenInfoManager::AddNativeTokenInfo(const std::shared_ptr infoGuard(this->nativeTokenInfoLock_); if (nativeTokenInfoMap_.count(id) > 0) { ACCESSTOKEN_LOG_ERROR( - LABEL, "token %{public}x has exist.", id); + LABEL, "token %{public}u has exist.", id); return RET_FAILED; } if (!info->IsRemote()) { if (nativeTokenIdMap_.count(processName) > 0) { ACCESSTOKEN_LOG_ERROR( - LABEL, "token %{public}x process name %{public}s has exist.", id, processName.c_str()); + LABEL, "token %{public}u process name %{public}s has exist.", id, processName.c_str()); return RET_FAILED; } nativeTokenIdMap_[processName] = id; } + + ACCESSTOKEN_LOG_INFO(LABEL, "token info is added %{public}u.", id); nativeTokenInfoMap_[id] = info; return RET_SUCCESS; @@ -221,7 +226,7 @@ std::shared_ptr AccessTokenInfoManager::GetHapTokenInfoInner( Utils::UniqueReadGuard infoGuard(this->hapTokenInfoLock_); if (hapTokenInfoMap_.count(id) == 0) { ACCESSTOKEN_LOG_ERROR( - LABEL, "token %{public}x is invalid.", id); + LABEL, "token %{public}u is invalid.", id); return nullptr; } return hapTokenInfoMap_[id]; @@ -232,7 +237,7 @@ int AccessTokenInfoManager::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& std::shared_ptr infoPtr = GetHapTokenInfoInner(tokenID); if (infoPtr == nullptr) { ACCESSTOKEN_LOG_ERROR( - LABEL, "token %{public}x is invalid.", tokenID); + LABEL, "token %{public}u is invalid.", tokenID); return RET_FAILED; } infoPtr->TranslateToHapTokenInfo(InfoParcel); @@ -244,7 +249,7 @@ std::shared_ptr AccessTokenInfoManager::GetHapPermissionPol std::shared_ptr infoPtr = GetHapTokenInfoInner(id); if (infoPtr == nullptr) { ACCESSTOKEN_LOG_ERROR( - LABEL, "token %{public}x is invalid.", id); + LABEL, "token %{public}u is invalid.", id); return nullptr; } return infoPtr->GetHapInfoPermissionPolicySet(); @@ -255,7 +260,7 @@ std::shared_ptr AccessTokenInfoManager::GetNativeTokenInfo Utils::UniqueReadGuard infoGuard(this->nativeTokenInfoLock_); if (nativeTokenInfoMap_.count(id) == 0) { ACCESSTOKEN_LOG_ERROR( - LABEL, "token %{public}x is invalid.", id); + LABEL, "token %{public}u is invalid.", id); return nullptr; } return nativeTokenInfoMap_[id]; @@ -266,7 +271,7 @@ int AccessTokenInfoManager::GetNativeTokenInfo(AccessTokenID tokenID, NativeToke std::shared_ptr infoPtr = GetNativeTokenInfoInner(tokenID); if (infoPtr == nullptr) { ACCESSTOKEN_LOG_ERROR( - LABEL, "token %{public}x is invalid.", tokenID); + LABEL, "token %{public}u is invalid.", tokenID); return RET_FAILED; } @@ -274,12 +279,23 @@ int AccessTokenInfoManager::GetNativeTokenInfo(AccessTokenID tokenID, NativeToke return RET_SUCCESS; } +std::shared_ptr AccessTokenInfoManager::GetNativePermissionPolicySet(AccessTokenID id) +{ + std::shared_ptr infoPtr = GetNativeTokenInfoInner(id); + if (infoPtr == nullptr) { + ACCESSTOKEN_LOG_ERROR( + LABEL, "token %{public}u is invalid.", id); + return nullptr; + } + return infoPtr->GetNativeInfoPermissionPolicySet(); +} + int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id) { ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdType(id); if (type != TOKEN_HAP) { ACCESSTOKEN_LOG_ERROR( - LABEL, "token %{public}x is not hap.", id); + LABEL, "token %{public}u is not hap.", id); return RET_FAILED; } @@ -288,17 +304,17 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id) { Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); if (hapTokenInfoMap_.count(id) == 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "hap token %{public}x no exist.", id); + ACCESSTOKEN_LOG_ERROR(LABEL, "hap token %{public}u no exist.", id); return RET_FAILED; } const std::shared_ptr info = hapTokenInfoMap_[id]; if (info == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "hap token %{public}x is null.", id); + ACCESSTOKEN_LOG_ERROR(LABEL, "hap token %{public}u is null.", id); return RET_FAILED; } if (info->IsRemote()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "remote hap token %{public}x can not delete.", id); + ACCESSTOKEN_LOG_ERROR(LABEL, "remote hap token %{public}u can not delete.", id); return RET_FAILED; } std::string HapUniqueKey = GetHapUniqueStr(info); @@ -309,7 +325,7 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id) } AccessTokenIDManager::GetInstance().ReleaseTokenId(id); - ACCESSTOKEN_LOG_INFO(LABEL, "remove hap token 0x%{public}x ok!", id); + ACCESSTOKEN_LOG_INFO(LABEL, "remove hap token %{public}u ok!", id); RefreshTokenInfoIfNeeded(); #ifdef TOKEN_SYNC_ENABLE TokenModifyNotifier::GetInstance().NotifyTokenDelete(id); @@ -323,7 +339,7 @@ int AccessTokenInfoManager::RemoveNativeTokenInfo(AccessTokenID id) ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdType(id); if (type != TOKEN_NATIVE) { ACCESSTOKEN_LOG_ERROR( - LABEL, "token %{public}x is not hap.", id); + LABEL, "token %{public}u is not hap.", id); return RET_FAILED; } @@ -331,13 +347,13 @@ int AccessTokenInfoManager::RemoveNativeTokenInfo(AccessTokenID id) { Utils::UniqueWriteGuard infoGuard(this->nativeTokenInfoLock_); if (nativeTokenInfoMap_.count(id) == 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "native token %{public}x is null.", id); + ACCESSTOKEN_LOG_ERROR(LABEL, "native token %{public}u is null.", id); return RET_FAILED; } std::shared_ptr info = nativeTokenInfoMap_[id]; if (info->IsRemote()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "remote native token %{public}x can not delete.", id); + ACCESSTOKEN_LOG_ERROR(LABEL, "remote native token %{public}u can not delete.", id); return RET_FAILED; } std::string processName = nativeTokenInfoMap_[id]->GetProcessName(); @@ -347,7 +363,7 @@ int AccessTokenInfoManager::RemoveNativeTokenInfo(AccessTokenID id) nativeTokenInfoMap_.erase(id); } AccessTokenIDManager::GetInstance().ReleaseTokenId(id); - ACCESSTOKEN_LOG_INFO(LABEL, "remove native token 0x%{public}x ok!", id); + ACCESSTOKEN_LOG_INFO(LABEL, "remove native token %{public}u ok!", id); if (!isRemote) { RefreshTokenInfoIfNeeded(); } @@ -383,7 +399,7 @@ int AccessTokenInfoManager::CreateHapTokenInfo( return RET_FAILED; } ACCESSTOKEN_LOG_INFO(LABEL, - "create hap token 0x%{public}x bundle name %{public}s user %{public}d inst %{public}d ok!", + "create hap token %{public}u bundle name %{public}s user %{public}d inst %{public}d ok!", tokenId, tokenInfo->GetBundleName().c_str(), tokenInfo->GetUserID(), tokenInfo->GetInstIndex()); tokenIdEx.tokenIdExStruct.tokenID = tokenId; @@ -397,7 +413,7 @@ int AccessTokenInfoManager::CheckNativeDCap(AccessTokenID tokenID, const std::st std::shared_ptr infoPtr = GetNativeTokenInfoInner(tokenID); if (infoPtr == nullptr) { ACCESSTOKEN_LOG_ERROR( - LABEL, "token %{public}x is invalid.", tokenID); + LABEL, "token %{public}u is invalid.", tokenID); return RET_FAILED; } @@ -469,7 +485,7 @@ void AccessTokenInfoManager::ProcessNativeTokenInfos( bool isUpdated = TryUpdateExistNativeToken(infoPtr); if (!isUpdated) { ACCESSTOKEN_LOG_INFO(LABEL, - "token 0x%{public}x process name %{public}s is new, add to manager!", + "token %{public}u process name %{public}s is new, add to manager!", infoPtr->GetTokenID(), infoPtr->GetProcessName().c_str()); AccessTokenID id = infoPtr->GetTokenID(); int ret = AccessTokenIDManager::GetInstance().RegisterTokenId(id, TOKEN_NATIVE); @@ -481,7 +497,7 @@ void AccessTokenInfoManager::ProcessNativeTokenInfos( if (ret != RET_SUCCESS) { AccessTokenIDManager::GetInstance().ReleaseTokenId(id); ACCESSTOKEN_LOG_ERROR(LABEL, - "token 0x%{public}x process name %{public}s add to manager failed!", + "token %{public}u process name %{public}s add to manager failed!", infoPtr->GetTokenID(), infoPtr->GetProcessName().c_str()); } } @@ -493,17 +509,17 @@ int AccessTokenInfoManager::UpdateHapToken(AccessTokenID tokenID, const std::string& appIDDesc, const HapPolicyParams& policy) { if (!DataValidator::IsAppIDDescValid(appIDDesc)) { - ACCESSTOKEN_LOG_INFO(LABEL, "token 0x%{public}x parm format error!", tokenID); + ACCESSTOKEN_LOG_INFO(LABEL, "token %{public}u parm format error!", tokenID); return RET_FAILED; } std::shared_ptr infoPtr = GetHapTokenInfoInner(tokenID); if (infoPtr == nullptr) { - ACCESSTOKEN_LOG_INFO(LABEL, "token 0x%{public}x is null, can not update!", tokenID); + ACCESSTOKEN_LOG_INFO(LABEL, "token %{public}u is null, can not update!", tokenID); return RET_FAILED; } if (infoPtr->IsRemote()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "remote hap token 0x%{public}x can not update!", tokenID); + ACCESSTOKEN_LOG_ERROR(LABEL, "remote hap token %{public}u can not update!", tokenID); return RET_FAILED; } @@ -511,7 +527,7 @@ int AccessTokenInfoManager::UpdateHapToken(AccessTokenID tokenID, Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); infoPtr->Update(appIDDesc, policy); ACCESSTOKEN_LOG_INFO(LABEL, - "token 0x%{public}x bundle name %{public}s user %{public}d inst %{public}d update ok!", + "token %{public}u bundle name %{public}s user %{public}d inst %{public}d update ok!", tokenID, infoPtr->GetBundleName().c_str(), infoPtr->GetUserID(), infoPtr->GetInstIndex()); } @@ -529,14 +545,14 @@ int AccessTokenInfoManager::GetHapTokenSync(AccessTokenID tokenID, HapTokenInfoF std::shared_ptr infoPtr = GetHapTokenInfoInner(tokenID); if (infoPtr == nullptr || infoPtr->IsRemote()) { ACCESSTOKEN_LOG_ERROR( - LABEL, "token %{public}x is invalid.", tokenID); + LABEL, "token %{public}u is invalid.", tokenID); return RET_FAILED; } hapSync.baseInfo = infoPtr->GetHapInfoBasic(); std::shared_ptr permSetPtr = infoPtr->GetHapInfoPermissionPolicySet(); if (permSetPtr == nullptr) { ACCESSTOKEN_LOG_ERROR( - LABEL, "token %{public}x permSet is invalid.", tokenID); + LABEL, "token %{public}u permSet is invalid.", tokenID); return RET_FAILED; } permSetPtr->GetPermissionStateList(hapSync.permStateList); @@ -551,7 +567,8 @@ int AccessTokenInfoManager::GetHapTokenInfoFromRemote(AccessTokenID tokenID, return ret; } -void AccessTokenInfoManager::GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes) +void AccessTokenInfoManager::GetAllNativeTokenInfo( + std::vector& nativeTokenInfosRes) { Utils::UniqueReadGuard infoGuard(this->nativeTokenInfoLock_); for (auto nativeTokenInner : nativeTokenInfoMap_) { @@ -560,8 +577,18 @@ void AccessTokenInfoManager::GetAllNativeTokenInfo(std::vector& || nativeTokenInnerPtr->GetDcap().size() <= 0) { continue; } - NativeTokenInfo token; - nativeTokenInnerPtr->TranslateToNativeTokenInfo(token); + NativeTokenInfoForSync token; + nativeTokenInnerPtr->TranslateToNativeTokenInfo(token.baseInfo); + + std::shared_ptr permSetPtr = + nativeTokenInnerPtr->GetNativeInfoPermissionPolicySet(); + if (permSetPtr == nullptr) { + ACCESSTOKEN_LOG_ERROR( + LABEL, "token %{public}u permSet is invalid.", token.baseInfo.tokenID); + return; + } + permSetPtr->GetPermissionStateList(token.permStateList); + nativeTokenInfosRes.emplace_back(token); } return; @@ -571,7 +598,7 @@ int AccessTokenInfoManager::UpdateRemoteHapTokenInfo(AccessTokenID mapID, HapTok { std::shared_ptr infoPtr = GetHapTokenInfoInner(mapID); if (infoPtr == nullptr || !infoPtr->IsRemote()) { - ACCESSTOKEN_LOG_INFO(LABEL, "token 0x%{public}x is null or not remote, can not update!", mapID); + ACCESSTOKEN_LOG_INFO(LABEL, "token %{public}u is null or not remote, can not update!", mapID); return RET_FAILED; } @@ -624,7 +651,7 @@ int AccessTokenInfoManager::SetRemoteHapTokenInfo(const std::string& deviceID, H AccessTokenID remoteID = hapSync.baseInfo.tokenID; AccessTokenID mapID = AccessTokenRemoteTokenManager::GetInstance().GetDeviceMappingTokenID(deviceID, remoteID); if (mapID != 0) { - ACCESSTOKEN_LOG_INFO(LABEL, "device %{public}s token %{public}x update exist remote hap token %{public}x.", + ACCESSTOKEN_LOG_INFO(LABEL, "device %{public}s token %{public}u update exist remote hap token %{public}u.", deviceID.c_str(), remoteID, mapID); // update remote token mapping id hapSync.baseInfo.tokenID = mapID; @@ -635,7 +662,7 @@ int AccessTokenInfoManager::SetRemoteHapTokenInfo(const std::string& deviceID, H mapID = AccessTokenRemoteTokenManager::GetInstance().MapRemoteDeviceTokenToLocal(deviceID, remoteID); if (mapID == 0) { ACCESSTOKEN_LOG_ERROR( - LABEL, "device %{public}s token %{public}x map failed.", deviceID.c_str(), remoteID); + LABEL, "device %{public}s token %{public}u map failed.", deviceID.c_str(), remoteID); return RET_FAILED; } @@ -645,38 +672,41 @@ int AccessTokenInfoManager::SetRemoteHapTokenInfo(const std::string& deviceID, H if (CreateRemoteHapTokenInfo(mapID, hapSync) == RET_FAILED) { AccessTokenRemoteTokenManager::GetInstance().RemoveDeviceMappingTokenID(deviceID, mapID); - ACCESSTOKEN_LOG_INFO(LABEL, "device %{public}s token %{public}x map to local token %{public}x failed.", + ACCESSTOKEN_LOG_INFO(LABEL, "device %{public}s token %{public}u map to local token %{public}u failed.", deviceID.c_str(), remoteID, mapID); return RET_FAILED; } - ACCESSTOKEN_LOG_INFO(LABEL, "device %{public}s token %{public}x map to local token %{public}x success.", + ACCESSTOKEN_LOG_INFO(LABEL, "device %{public}s token %{public}u map to local token %{public}u success.", deviceID.c_str(), remoteID, mapID); return RET_SUCCESS; } int AccessTokenInfoManager::SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoList) + std::vector& nativeTokenInfoList) { if (!DataValidator::IsDeviceIdValid(deviceID)) { ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s parms invalid", deviceID.c_str()); return RET_FAILED; } - for (NativeTokenInfo& nativeToken : nativeTokenInfoList) { - if (!DataValidator::IsAplNumValid(nativeToken.apl) || nativeToken.ver != DEFAULT_TOKEN_VERSION - || !DataValidator::IsProcessNameValid(nativeToken.processName) || nativeToken.dcap.size() <= 0 - || AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(nativeToken.tokenID) != TOKEN_NATIVE) { + for (NativeTokenInfoForSync& nativeToken : nativeTokenInfoList) { + if (!DataValidator::IsAplNumValid(nativeToken.baseInfo.apl) || + nativeToken.baseInfo.ver != DEFAULT_TOKEN_VERSION || + !DataValidator::IsProcessNameValid(nativeToken.baseInfo.processName) || + nativeToken.baseInfo.dcap.size() <= 0 || + AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(nativeToken.baseInfo.tokenID) != TOKEN_NATIVE) { ACCESSTOKEN_LOG_ERROR( - LABEL, "device %{public}s token %{public}x is invalid.", deviceID.c_str(), nativeToken.tokenID); + LABEL, "device %{public}s token %{public}u is invalid.", + deviceID.c_str(), nativeToken.baseInfo.tokenID); continue; } - AccessTokenID remoteID = nativeToken.tokenID; + AccessTokenID remoteID = nativeToken.baseInfo.tokenID; AccessTokenID mapID = AccessTokenRemoteTokenManager::GetInstance().GetDeviceMappingTokenID(deviceID, remoteID); if (mapID != 0) { ACCESSTOKEN_LOG_ERROR( - LABEL, "device %{public}s token %{public}x has maped, no need update it.", - deviceID.c_str(), nativeToken.tokenID); + LABEL, "device %{public}s token %{public}u has maped, no need update it.", + deviceID.c_str(), nativeToken.baseInfo.tokenID); continue; } @@ -684,18 +714,19 @@ int AccessTokenInfoManager::SetRemoteNativeTokenInfo(const std::string& deviceID if (mapID == 0) { AccessTokenRemoteTokenManager::GetInstance().RemoveDeviceMappingTokenID(deviceID, mapID); ACCESSTOKEN_LOG_ERROR( - LABEL, "device %{public}s token %{public}x map failed.", + LABEL, "device %{public}s token %{public}u map failed.", deviceID.c_str(), remoteID); continue; } - nativeToken.tokenID = mapID; - ACCESSTOKEN_LOG_INFO(LABEL, "device %{public}s token %{public}x map to local token %{public}x.", + nativeToken.baseInfo.tokenID = mapID; + ACCESSTOKEN_LOG_INFO(LABEL, "device %{public}s token %{public}u map to local token %{public}u.", deviceID.c_str(), remoteID, mapID); - std::shared_ptr nativePtr = std::make_shared(nativeToken); + std::shared_ptr nativePtr = + std::make_shared(nativeToken.baseInfo, nativeToken.permStateList); if (nativePtr == nullptr) { AccessTokenRemoteTokenManager::GetInstance().RemoveDeviceMappingTokenID(deviceID, mapID); - ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s tokenId 0x%{public}x alloc local token failed.", + ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s tokenId %{public}u alloc local token failed.", deviceID.c_str(), remoteID); continue; } @@ -703,11 +734,11 @@ int AccessTokenInfoManager::SetRemoteNativeTokenInfo(const std::string& deviceID int ret = AddNativeTokenInfo(nativePtr); if (ret != RET_SUCCESS) { AccessTokenRemoteTokenManager::GetInstance().RemoveDeviceMappingTokenID(deviceID, mapID); - ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s tokenId 0x%{public}x add local token failed.", + ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s tokenId %{public}u add local token failed.", deviceID.c_str(), remoteID); continue; } - ACCESSTOKEN_LOG_INFO(LABEL, "device %{public}s token %{public}x map token %{public}x add success.", + ACCESSTOKEN_LOG_INFO(LABEL, "device %{public}s token %{public}u map token %{public}u add success.", deviceID.c_str(), remoteID, mapID); } @@ -722,7 +753,7 @@ int AccessTokenInfoManager::DeleteRemoteToken(const std::string& deviceID, Acces } AccessTokenID mapID = AccessTokenRemoteTokenManager::GetInstance().GetDeviceMappingTokenID(deviceID, tokenID); if (mapID == 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s tokenId 0x%{public}x is not mapped", + ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s tokenId %{public}u is not mapped", deviceID.c_str(), tokenID); return RET_FAILED; } @@ -731,7 +762,7 @@ int AccessTokenInfoManager::DeleteRemoteToken(const std::string& deviceID, Acces if (type == TOKEN_HAP) { Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); if (hapTokenInfoMap_.count(mapID) == 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "hap token %{public}x no exist.", mapID); + ACCESSTOKEN_LOG_ERROR(LABEL, "hap token %{public}u no exist.", mapID); return RET_FAILED; } hapTokenInfoMap_.erase(mapID); @@ -739,12 +770,12 @@ int AccessTokenInfoManager::DeleteRemoteToken(const std::string& deviceID, Acces Utils::UniqueWriteGuard infoGuard(this->nativeTokenInfoLock_); if (nativeTokenInfoMap_.count(mapID) == 0) { ACCESSTOKEN_LOG_ERROR( - LABEL, "native token %{public}x is null.", mapID); + LABEL, "native token %{public}u is null.", mapID); return RET_FAILED; } nativeTokenInfoMap_.erase(mapID); } else { - ACCESSTOKEN_LOG_ERROR(LABEL, "mapping tokenId 0x%{public}x type is unknown", mapID); + ACCESSTOKEN_LOG_ERROR(LABEL, "mapping tokenId %{public}u type is unknown", mapID); } return AccessTokenRemoteTokenManager::GetInstance().RemoveDeviceMappingTokenID(deviceID, tokenID); @@ -792,7 +823,7 @@ AccessTokenID AccessTokenInfoManager::AllocLocalTokenID(const std::string& remot } int ret = TokenSyncKit::GetRemoteHapTokenInfo(remoteDeviceID, remoteTokenID); if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s token %{public}x sync failed", + ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s token %{public}u sync failed", remoteDeviceID.c_str(), remoteTokenID); return 0; } @@ -833,7 +864,7 @@ void AccessTokenInfoManager::StoreAllTokenInfo() Utils::UniqueReadGuard infoGuard(this->nativeTokenInfoLock_); for (auto iter = nativeTokenInfoMap_.begin(); iter != nativeTokenInfoMap_.end(); iter++) { if (iter->second != nullptr) { - iter->second->StoreNativeInfo(nativeTokenValues); + iter->second->StoreNativeInfo(nativeTokenValues, permStateValues); } } } diff --git a/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp b/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp index 0f85b2e7bbff6070a102e421f06a7bfd9602c79e..4a41f2f57c5a475272a92538f891955e637f524e 100644 --- a/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp @@ -37,35 +37,44 @@ NativeTokenInfoInner::NativeTokenInfoInner() : isRemote_(false) tokenInfoBasic_.apl = APL_NORMAL; } -NativeTokenInfoInner::NativeTokenInfoInner(NativeTokenInfo& native) : isRemote_(false) +NativeTokenInfoInner::NativeTokenInfoInner(NativeTokenInfo& native, + const std::vector& permStateList) : isRemote_(false) { tokenInfoBasic_ = native; + std::vector permDefList = {}; + permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(native.tokenID, + permDefList, permStateList); } NativeTokenInfoInner::~NativeTokenInfoInner() { ACCESSTOKEN_LOG_DEBUG(LABEL, - "tokenID: 0x%{public}x destruction", tokenInfoBasic_.tokenID); + "tokenID: %{public}u destruction", tokenInfoBasic_.tokenID); } int NativeTokenInfoInner::Init(AccessTokenID id, const std::string& processName, - int apl, const std::vector& dcap) + int apl, const std::vector& dcap, + const std::vector &permStateList) { tokenInfoBasic_.tokenID = id; if (!DataValidator::IsProcessNameValid(processName)) { ACCESSTOKEN_LOG_ERROR(LABEL, - "tokenID: 0x%{public}x process name is null", tokenInfoBasic_.tokenID); + "tokenID: %{public}u process name is null", tokenInfoBasic_.tokenID); return RET_FAILED; } tokenInfoBasic_.processName = processName; if (!DataValidator::IsAplNumValid(apl)) { ACCESSTOKEN_LOG_ERROR(LABEL, - "tokenID: 0x%{public}x init failed, apl %{public}d is invalid", + "tokenID: %{public}u init failed, apl %{public}d is invalid", tokenInfoBasic_.tokenID, apl); return RET_FAILED; } tokenInfoBasic_.apl = (ATokenAplEnum)apl; tokenInfoBasic_.dcap = dcap; + + std::vector permDefList = {}; + permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(id, + permDefList, permStateList); return RET_SUCCESS; } @@ -93,19 +102,20 @@ int NativeTokenInfoInner::TranslationIntoGenericValues(GenericValues& outGeneric return RET_SUCCESS; } -int NativeTokenInfoInner::RestoreNativeTokenInfo(AccessTokenID tokenId, const GenericValues& inGenericValues) +int NativeTokenInfoInner::RestoreNativeTokenInfo(AccessTokenID tokenId, const GenericValues& inGenericValues, + const std::vector& permStateRes) { tokenInfoBasic_.tokenID = tokenId; tokenInfoBasic_.processName = inGenericValues.GetString(FIELD_PROCESS_NAME); if (!DataValidator::IsProcessNameValid(tokenInfoBasic_.processName)) { ACCESSTOKEN_LOG_ERROR(LABEL, - "tokenID: 0x%{public}x process name is null", tokenInfoBasic_.tokenID); + "tokenID: %{public}u process name is null", tokenInfoBasic_.tokenID); return RET_FAILED; } int aplNum = inGenericValues.GetInt(FIELD_APL); if (!DataValidator::IsAplNumValid(aplNum)) { ACCESSTOKEN_LOG_ERROR(LABEL, - "tokenID: 0x%{public}x apl is error, value %{public}d", + "tokenID: %{public}u apl is error, value %{public}d", tokenInfoBasic_.tokenID, aplNum); return RET_FAILED; } @@ -113,13 +123,17 @@ int NativeTokenInfoInner::RestoreNativeTokenInfo(AccessTokenID tokenId, const Ge tokenInfoBasic_.ver = (char)inGenericValues.GetInt(FIELD_TOKEN_VERSION); if (tokenInfoBasic_.ver != DEFAULT_TOKEN_VERSION) { ACCESSTOKEN_LOG_ERROR(LABEL, - "tokenID: 0x%{public}x version is error, version %{public}d", + "tokenID: %{public}u version is error, version %{public}d", tokenInfoBasic_.tokenID, tokenInfoBasic_.ver); return RET_FAILED; } SetDcaps(inGenericValues.GetString(FIELD_DCAP)); tokenInfoBasic_.tokenAttr = (uint32_t)inGenericValues.GetInt(FIELD_TOKEN_ATTR); + + std::vector permDefRes = {}; + permPolicySet_ = PermissionPolicySet::RestorePermissionPolicy(tokenId, + permDefRes, permStateRes); return RET_SUCCESS; } @@ -133,7 +147,8 @@ void NativeTokenInfoInner::TranslateToNativeTokenInfo(NativeTokenInfo& InfoParce InfoParcel.tokenAttr = tokenInfoBasic_.tokenAttr; } -void NativeTokenInfoInner::StoreNativeInfo(std::vector& valueList) const +void NativeTokenInfoInner::StoreNativeInfo(std::vector& valueList, + std::vector& permStateValues) const { if (isRemote_) { return; @@ -141,6 +156,11 @@ void NativeTokenInfoInner::StoreNativeInfo(std::vector& valueList GenericValues genericValues; TranslationIntoGenericValues(genericValues); valueList.emplace_back(genericValues); + + if (permPolicySet_ != nullptr) { + std::vector permDefValues; + permPolicySet_->StorePermissionPolicySet(permDefValues, permStateValues); + } } AccessTokenID NativeTokenInfoInner::GetTokenID() const @@ -158,6 +178,11 @@ std::string NativeTokenInfoInner::GetProcessName() const return tokenInfoBasic_.processName; } +std::shared_ptr NativeTokenInfoInner::GetNativeInfoPermissionPolicySet() const +{ + return permPolicySet_; +} + bool NativeTokenInfoInner::IsRemote() const { return isRemote_; @@ -193,6 +218,9 @@ void NativeTokenInfoInner::ToString(std::string& info) const info.append(R"( "apl": )" + std::to_string(tokenInfoBasic_.apl) + ",\n"); info.append(R"( "dcap": ")" + DcapToString(tokenInfoBasic_.dcap) + R"(")" + ",\n"); info.append(R"( "isRemote": )" + std::to_string(isRemote_? 1 : 0) + ",\n"); + if (permPolicySet_ != nullptr) { + permPolicySet_->PermStateToString(tokenInfoBasic_.apl, info); + } info.append("}"); } } // namespace AccessToken diff --git a/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp b/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp index 7fef139d900a5b72fcce88d3e508050c38f809a1..995b7a1d6ca7e57c276381b21062f9520b63a78c 100644 --- a/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp @@ -32,6 +32,29 @@ namespace { static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "NativeTokenReceptor"}; } +int32_t NativeReqPermsGet( + const nlohmann::json& j, std::vector &permStateList) +{ + std::vector permReqList; + if (j.find(JSON_PERMS) == j.end()) { + return RET_FAILED; + } + permReqList = j.at(JSON_PERMS).get>(); + if (permReqList.size() > MAX_REQ_PERM_NUM) { + return RET_FAILED; + } + for (auto permReq : permReqList) { + PermissionStateFull permState; + permState.permissionName = permReq; + permState.isGeneral = 1; + permState.resDeviceID.push_back(""); + permState.grantStatus.push_back(PERMISSION_GRANTED); + permState.grantFlags.push_back(PERMISSION_SYSTEM_FIXED); + permStateList.push_back(permState); + } + return RET_SUCCESS; +} + // nlohmann json need the function named from_json to parse NativeTokenInfo void from_json(const nlohmann::json& j, std::shared_ptr& p) { @@ -89,7 +112,13 @@ void from_json(const nlohmann::json& j, std::shared_ptr& p } else { return; } - p = std::make_shared(native); + + std::vector permStateList; + if (NativeReqPermsGet(j, permStateList) != RET_SUCCESS) { + return; + } + + p = std::make_shared(native, permStateList); } int32_t NativeTokenReceptor::ParserNativeRawData(const std::string& nativeRawData, diff --git a/services/accesstokenmanager/test/BUILD.gn b/services/accesstokenmanager/test/BUILD.gn index ae4871cf07186c2cdccecdcdc4e6e1d579917b48..7e60e72247b6369bec65a50173aa045599c66215 100644 --- a/services/accesstokenmanager/test/BUILD.gn +++ b/services/accesstokenmanager/test/BUILD.gn @@ -43,6 +43,7 @@ ohos_unittest("libaccesstoken_manager_service_standard_test") { deps = [ "//base/security/access_token/frameworks/accesstoken:accesstoken_communication_adapter_cxx", "//base/security/access_token/frameworks/common:accesstoken_common_cxx", + "//base/security/access_token/interfaces/innerkits/accesstoken:libaccesstoken_sdk", "//base/security/access_token/interfaces/innerkits/nativetoken:libnativetoken", "//base/security/access_token/services/accesstokenmanager/:accesstoken_manager_service", "//third_party/googletest:gtest_main", diff --git a/services/accesstokenmanager/test/unittest/cpp/src/native_token_receptor_test.cpp b/services/accesstokenmanager/test/unittest/cpp/src/native_token_receptor_test.cpp index 28218f8f6cc6bb345cd6f125286ab58b5c5b1306..33c9c5d8f86f5ce1258ab1714bf099ff1bef0ed6 100644 --- a/services/accesstokenmanager/test/unittest/cpp/src/native_token_receptor_test.cpp +++ b/services/accesstokenmanager/test/unittest/cpp/src/native_token_receptor_test.cpp @@ -26,9 +26,11 @@ #include #include "accesstoken_info_manager.h" +#include "accesstoken_kit.h" #include "permission_manager.h" #include "data_storage.h" #include "field_const.h" +#include "permission_state_full.h" #define private public #include "nativetoken_kit.h" #include "native_token_receptor.h" @@ -72,9 +74,9 @@ HWTEST_F(NativeTokenReceptorTest, ParserNativeRawData001, TestSize.Level1) ACCESSTOKEN_LOG_INFO(LABEL, "test ParserNativeRawData001!"); std::string testStr = R"([)"\ R"({"processName":"process6","APL":3,"version":1,"tokenId":685266937,"tokenAttr":0,)"\ - R"("dcaps":["AT_CAP","ST_CAP"]},)"\ + R"("dcaps":["AT_CAP","ST_CAP"], "permissions":[]},)"\ R"({"processName":"process5","APL":3,"version":1,"tokenId":678065606,"tokenAttr":0,)"\ - R"("dcaps":["AT_CAP","ST_CAP"]}])"; + R"("dcaps":["AT_CAP","ST_CAP"], "permissions":[]}])"; NativeTokenReceptor& receptor = NativeTokenReceptor::GetInstance(); std::vector> tokenInfos; @@ -174,7 +176,8 @@ HWTEST_F(NativeTokenReceptorTest, from_json001, TestSize.Level1) {"version", 1}, {"tokenId", 685266937}, {"tokenAttr", 0}, - {"dcaps", {"AT_CAP", "ST_CAP"}}}; + {"dcaps", {"AT_CAP", "ST_CAP"}}, + {"permissions", {"ohos.permission.PLACE_CALL"}}}; std::shared_ptr p; from_json(j, p); ASSERT_NE((p == nullptr), true); @@ -265,7 +268,9 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos001, TestSize.Level1) .tokenAttr = 0, .dcap = {"AT_CAP", "ST_CAP"} }; - std::shared_ptr nativeToken = std::make_shared(info); + + std::vector permStateList = {}; + std::shared_ptr nativeToken = std::make_shared(info, permStateList); tokenInfos.emplace_back(nativeToken); AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); NativeTokenInfo findInfo; @@ -284,6 +289,8 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos001, TestSize.Level1) // get sql data std::vector nativeTokenResults; DataStorage::GetRealDataStorage().Find(DataStorage::ACCESSTOKEN_NATIVE_INFO, nativeTokenResults); + std::vector permStateRes; + DataStorage::GetRealDataStorage().Find(DataStorage::ACCESSTOKEN_PERMISSION_STATE, permStateRes); for (GenericValues nativeTokenValue : nativeTokenResults) { AccessTokenID tokenId = (AccessTokenID)nativeTokenValue.GetInt(FIELD_TOKEN_ID); if (tokenId != info.tokenID) { @@ -292,7 +299,7 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos001, TestSize.Level1) GTEST_LOG_(INFO) <<"apl " << nativeTokenValue.GetInt(FIELD_APL); std::shared_ptr native = std::make_shared(); ASSERT_NE(native, nullptr); - ret = native->RestoreNativeTokenInfo(tokenId, nativeTokenValue); + ret = native->RestoreNativeTokenInfo(tokenId, nativeTokenValue, permStateRes); ASSERT_EQ(ret, RET_SUCCESS); ASSERT_EQ(native->GetTokenID(), info.tokenID); ASSERT_EQ(native->GetProcessName(), info.processName); @@ -332,10 +339,47 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos002, TestSize.Level1) .dcap = {"AT_CAP", "ST_CAP"} }; - std::shared_ptr nativeToken1 = std::make_shared(info1); + PermissionStateFull infoManagerTestState1 = { + .grantFlags = {0}, + .grantStatus = {0}, + .isGeneral = true, + .permissionName = "ohos.permission.ACCELEROMETER", + .resDeviceID = {"local"} + }; + + PermissionStateFull infoManagerTestState2 = { + .permissionName = "ohos.permission.MANAGE_USER_IDM", + .isGeneral = true, + .grantFlags = {0, 2}, + .grantStatus = {0, 0}, + .resDeviceID = {"device 1", "device 2"} + }; + + PermissionStateFull infoManagerTestState3 = { + .permissionName = "ohos.permission.USER_TEAT", + .isGeneral = true, + .grantFlags = {0, 2}, + .grantStatus = {0, 0}, + .resDeviceID = {"device 1", "device 2"} + }; + + std::vector permStateList = { + infoManagerTestState1, infoManagerTestState2, infoManagerTestState3}; + std::shared_ptr nativeToken1 = std::make_shared(info1, permStateList); + + std::shared_ptr permPolicySet = + nativeToken1->GetNativeInfoPermissionPolicySet(); + GTEST_LOG_(INFO) <<"permPolicySet: " << permPolicySet; + + std::vector permList; + permPolicySet->GetPermissionStateFulls(permList); + for (auto& perm : permList) { + GTEST_LOG_(INFO) <<"perm.permissionName: " << perm.permissionName; + } + tokenInfos.emplace_back(nativeToken1); - std::shared_ptr nativeToken2 = std::make_shared(info2); + std::shared_ptr nativeToken2 = std::make_shared(info2, permStateList); tokenInfos.emplace_back(nativeToken2); AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); @@ -350,6 +394,13 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos002, TestSize.Level1) ASSERT_EQ(findInfo.tokenAttr, info1.tokenAttr); ASSERT_EQ(findInfo.dcap, info1.dcap); + ret = PermissionManager::GetInstance().VerifyAccessToken(info1.tokenID, "ohos.permission.MANAGE_USER_IDM"); + ASSERT_EQ(ret, PERMISSION_GRANTED); + ret = PermissionManager::GetInstance().VerifyAccessToken(info1.tokenID, "ohos.permission.ACCELEROMETER"); + ASSERT_EQ(ret, PERMISSION_GRANTED); + ret = PermissionManager::GetInstance().VerifyAccessToken(info1.tokenID, "ohos.permission.DISCOVER_BLUETOOTH"); + ASSERT_EQ(ret, PERMISSION_DENIED); + ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(info2.tokenID, findInfo); ASSERT_EQ(ret, RET_SUCCESS); ASSERT_EQ(findInfo.apl, info2.apl); @@ -362,6 +413,11 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos002, TestSize.Level1) ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info1.tokenID); ASSERT_EQ(ret, RET_SUCCESS); + ret = PermissionManager::GetInstance().VerifyAccessToken(info2.tokenID, "ohos.permission.MANAGE_USER_IDM"); + ASSERT_EQ(ret, PERMISSION_GRANTED); + ret = PermissionManager::GetInstance().VerifyAccessToken(info2.tokenID, "ohos.permission.ACCELEROMETER"); + ASSERT_EQ(ret, PERMISSION_GRANTED); + ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info2.tokenID); ASSERT_EQ(ret, RET_SUCCESS); } @@ -411,11 +467,11 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos004, TestSize.Level1) .tokenAttr = 0, .dcap = {"AT_CAP", "ST_CAP"} }; - - std::shared_ptr nativeToken3 = std::make_shared(info3); + std::vector permStateList = {}; + std::shared_ptr nativeToken3 = std::make_shared(info3, permStateList); tokenInfos.emplace_back(nativeToken3); - std::shared_ptr nativeToken4 = std::make_shared(info4); + std::shared_ptr nativeToken4 = std::make_shared(info4, permStateList); tokenInfos.emplace_back(nativeToken4); AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); @@ -462,11 +518,11 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos005, TestSize.Level1) .tokenAttr = 0, .dcap = {"AT_CAP", "ST_CAP"} }; - - std::shared_ptr nativeToken5 = std::make_shared(info5); + std::vector permStateList = {}; + std::shared_ptr nativeToken5 = std::make_shared(info5, permStateList); tokenInfos.emplace_back(nativeToken5); - std::shared_ptr nativeToken6 = std::make_shared(info6); + std::shared_ptr nativeToken6 = std::make_shared(info6, permStateList); tokenInfos.emplace_back(nativeToken6); AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); @@ -516,11 +572,11 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos006, TestSize.Level1) .tokenAttr = 0, .dcap = {"AT_CAP"} }; - - std::shared_ptr nativeToken7 = std::make_shared(info7); + std::vector permStateList = {}; + std::shared_ptr nativeToken7 = std::make_shared(info7, permStateList); tokenInfos.emplace_back(nativeToken7); - std::shared_ptr nativeToken8 = std::make_shared(info8); + std::shared_ptr nativeToken8 = std::make_shared(info8, permStateList); tokenInfos.emplace_back(nativeToken8); AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); @@ -553,19 +609,25 @@ HWTEST_F(NativeTokenReceptorTest, init001, TestSize.Level1) const char *dcaps[1]; dcaps[0] = "AT_CAP_01"; int dcapNum = 1; - char processName[32]; - (void)strcpy_s(processName, sizeof(processName), "native_token_test7"); - char apl[32]; - (void)strcpy_s(apl, sizeof(apl), "system_core"); - - uint64_t tokenId = ::GetAccessTokenId(processName, dcaps, dcapNum, apl); + const char *perms[2]; + perms[0] = "ohos.permission.test1"; + perms[1] = "ohos.permission.test2"; + NativeTokenInfoParams infoInstance = { + .dcapsNum = dcapNum, + .permsNum = 2, + .dcaps = dcaps, + .perms = perms, + .processName = "native_token_test7", + .aplStr = "system_core", + }; + uint64_t tokenId = ::GetAccessTokenId(&infoInstance); ASSERT_NE(tokenId, 0); NativeTokenReceptor::GetInstance().Init(); NativeTokenInfo findInfo; int ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(tokenId, findInfo); ASSERT_EQ(ret, RET_SUCCESS); - ASSERT_EQ(findInfo.processName, processName); + ASSERT_EQ(findInfo.processName, infoInstance.processName); ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(tokenId); ASSERT_EQ(ret, RET_SUCCESS); @@ -592,11 +654,25 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos007, TestSize.Level1) char apl1[32]; (void)strcpy_s(apl1, sizeof(apl1), "normal"); - uint64_t tokenIdApl3 = ::GetAccessTokenId("ProcessNativeTokenInfos007_003", dcaps, dcapNum, apl3); + NativeTokenInfoParams infoInstance = { + .dcapsNum = dcapNum, + .permsNum = 0, + .dcaps = dcaps, + .perms = nullptr, + }; + infoInstance.aplStr = apl3; + infoInstance.processName = "ProcessNativeTokenInfos007_003"; + uint64_t tokenIdApl3 = ::GetAccessTokenId(&infoInstance); ASSERT_NE(tokenIdApl3, 0); - uint64_t tokenIdApl2 = ::GetAccessTokenId("ProcessNativeTokenInfos007_002", dcaps, dcapNum, apl2); + + infoInstance.aplStr = apl2; + infoInstance.processName = "ProcessNativeTokenInfos007_002"; + uint64_t tokenIdApl2 = ::GetAccessTokenId(&infoInstance); ASSERT_NE(tokenIdApl2, 0); - uint64_t tokenIdApl1 = ::GetAccessTokenId("ProcessNativeTokenInfos007_001", dcaps, dcapNum, apl1); + + infoInstance.aplStr = apl1; + infoInstance.processName = "ProcessNativeTokenInfos007_001"; + uint64_t tokenIdApl1 = ::GetAccessTokenId(&infoInstance); ASSERT_NE(tokenIdApl1, 0); NativeTokenReceptor& receptor = NativeTokenReceptor::GetInstance(); diff --git a/services/tokensyncmanager/include/command/base_remote_command.h b/services/tokensyncmanager/include/command/base_remote_command.h index 2289251c243297abc9e56e770693a5fed981d1d2..f8d17a79b451d07a762f2fd402ad2a64e5a4b117 100644 --- a/services/tokensyncmanager/include/command/base_remote_command.h +++ b/services/tokensyncmanager/include/command/base_remote_command.h @@ -57,8 +57,8 @@ public: nlohmann::json ToHapTokenInfosJson(const HapTokenInfoForSync &tokenInfo); void FromHapTokenInfoJson(const nlohmann::json& hapTokenJson, HapTokenInfoForSync& hapTokenInfo); - nlohmann::json ToNativeTokenInfoJson(const NativeTokenInfo& tokenInfo); - void FromNativeTokenInfoJson(const nlohmann::json& nativeTokenJson, NativeTokenInfo& nativeTokenInfo); + nlohmann::json ToNativeTokenInfoJson(const NativeTokenInfoForSync& tokenInfo); + void FromNativeTokenInfoJson(const nlohmann::json& nativeTokenJson, NativeTokenInfoForSync& nativeTokenInfo); RemoteProtocol remoteProtocol_; }; } // namespace AccessToken diff --git a/services/tokensyncmanager/include/command/sync_remote_native_token_command.h b/services/tokensyncmanager/include/command/sync_remote_native_token_command.h index e398d780427dc00b1b39bed652478f15a6ef7433..c39002a14924eff94d5aba440eced36abb6e3d3d 100644 --- a/services/tokensyncmanager/include/command/sync_remote_native_token_command.h +++ b/services/tokensyncmanager/include/command/sync_remote_native_token_command.h @@ -47,7 +47,7 @@ private: * The command name. Should be equal to class name. */ const std::string COMMAND_NAME = "SyncRemoteNativeTokenCommand"; - std::vector nativeTokenInfo_; + std::vector nativeTokenInfo_; }; } // namespace AccessToken } // namespace Security diff --git a/services/tokensyncmanager/src/command/base_remote_command.cpp b/services/tokensyncmanager/src/command/base_remote_command.cpp index a46afd7ec999fa7892303475c041a8d2e642ee51..5bbbbac83fed2efecb917f62ab071eb5141e94d3 100644 --- a/services/tokensyncmanager/src/command/base_remote_command.cpp +++ b/services/tokensyncmanager/src/command/base_remote_command.cpp @@ -78,16 +78,24 @@ nlohmann::json BaseRemoteCommand::ToRemoteProtocolJson() return j; } -nlohmann::json BaseRemoteCommand::ToNativeTokenInfoJson(const NativeTokenInfo& tokenInfo) +nlohmann::json BaseRemoteCommand::ToNativeTokenInfoJson(const NativeTokenInfoForSync& tokenInfo) { - nlohmann::json DcapsJson = nlohmann::json(tokenInfo.dcap); + nlohmann::json permStatesJson; + for (auto& permState : tokenInfo.permStateList) { + nlohmann::json permStateJson; + ToPermStateJson(permStateJson, permState); + permStatesJson.emplace_back(permStateJson); + } + + nlohmann::json DcapsJson = nlohmann::json(tokenInfo.baseInfo.dcap); nlohmann::json nativeTokenJson = nlohmann::json { - {"processName", tokenInfo.processName}, - {"apl", tokenInfo.apl}, - {"version", tokenInfo.ver}, - {"tokenId", tokenInfo.tokenID}, - {"tokenAttr", tokenInfo.tokenAttr}, + {"processName", tokenInfo.baseInfo.processName}, + {"apl", tokenInfo.baseInfo.apl}, + {"version", tokenInfo.baseInfo.ver}, + {"tokenId", tokenInfo.baseInfo.tokenID}, + {"tokenAttr", tokenInfo.baseInfo.tokenAttr}, {"dcaps", DcapsJson}, + {"permState", permStatesJson}, }; return nativeTokenJson; } @@ -230,30 +238,32 @@ void BaseRemoteCommand::FromHapTokenInfoJson(const nlohmann::json& hapTokenJson, } void BaseRemoteCommand::FromNativeTokenInfoJson(const nlohmann::json& nativeTokenJson, - NativeTokenInfo& nativeTokenInfo) + NativeTokenInfoForSync& nativeTokenInfo) { if (nativeTokenJson.find("processName") != nativeTokenJson.end() && nativeTokenJson.at("processName").is_string()) { - nativeTokenInfo.processName = nativeTokenJson.at("processName").get(); + nativeTokenInfo.baseInfo.processName = nativeTokenJson.at("processName").get(); } if (nativeTokenJson.find("apl") != nativeTokenJson.end() && nativeTokenJson.at("apl").is_number()) { int apl = nativeTokenJson.at("apl").get(); if (DataValidator::IsAplNumValid(apl)) { - nativeTokenInfo.apl = (ATokenAplEnum)apl; + nativeTokenInfo.baseInfo.apl = (ATokenAplEnum)apl; } } if (nativeTokenJson.find("version") != nativeTokenJson.end() && nativeTokenJson.at("version").is_number()) { - nativeTokenInfo.ver = (unsigned)nativeTokenJson.at("version").get(); + nativeTokenInfo.baseInfo.ver = (unsigned)nativeTokenJson.at("version").get(); } if (nativeTokenJson.find("tokenId") != nativeTokenJson.end() && nativeTokenJson.at("tokenId").is_number()) { - nativeTokenInfo.tokenID = (unsigned)nativeTokenJson.at("tokenId").get(); + nativeTokenInfo.baseInfo.tokenID = (unsigned)nativeTokenJson.at("tokenId").get(); } if (nativeTokenJson.find("tokenAttr") != nativeTokenJson.end() && nativeTokenJson.at("tokenAttr").is_number()) { - nativeTokenInfo.tokenAttr = (unsigned)nativeTokenJson.at("tokenAttr").get(); + nativeTokenInfo.baseInfo.tokenAttr = (unsigned)nativeTokenJson.at("tokenAttr").get(); } if (nativeTokenJson.find("dcaps") != nativeTokenJson.end() && nativeTokenJson.at("dcaps").is_array() && nativeTokenJson.at("dcaps").size() > 0 && (nativeTokenJson.at("dcaps"))[0].is_string()) { - nativeTokenInfo.dcap = nativeTokenJson.at("dcaps").get>(); + nativeTokenInfo.baseInfo.dcap = nativeTokenJson.at("dcaps").get>(); } + + FromPermStateListJson(nativeTokenJson, nativeTokenInfo.permStateList); } } // namespace AccessToken } // namespace Security diff --git a/services/tokensyncmanager/src/command/sync_remote_native_token_command.cpp b/services/tokensyncmanager/src/command/sync_remote_native_token_command.cpp index 4f45e64230800e879ac1288c7f9a7c4399936b13..6484d3527f29f9d33bb5347b1bfa8e631c93242f 100644 --- a/services/tokensyncmanager/src/command/sync_remote_native_token_command.cpp +++ b/services/tokensyncmanager/src/command/sync_remote_native_token_command.cpp @@ -47,7 +47,7 @@ SyncRemoteNativeTokenCommand::SyncRemoteNativeTokenCommand(const std::string &js if (jsonObject.find("NativeTokenInfos") != jsonObject.end() && jsonObject.at("NativeTokenInfos").is_array()) { nlohmann::json nativeTokenListJson = jsonObject.at("NativeTokenInfos"); for (auto& tokenJson : nativeTokenListJson) { - NativeTokenInfo token; + NativeTokenInfoForSync token; BaseRemoteCommand::FromNativeTokenInfoJson(tokenJson, token); nativeTokenInfo_.emplace_back(token); } diff --git a/services/tokensyncmanager/src/service/token_sync_manager_stub.cpp b/services/tokensyncmanager/src/service/token_sync_manager_stub.cpp index cefdf158f489ea3ec44c124e3a3ddc0b7265700c..c1e2cd5a776b1772add5dfc3a1aedd7fa0a14bec 100644 --- a/services/tokensyncmanager/src/service/token_sync_manager_stub.cpp +++ b/services/tokensyncmanager/src/service/token_sync_manager_stub.cpp @@ -17,6 +17,7 @@ #include "accesstoken_log.h" #include "hap_token_info_for_sync_parcel.h" +#include "native_token_info_for_sync_parcel.h" #include "ipc_skeleton.h" #include "string_ex.h"