From cdf67982dbfc0c52e9787df557dfd285d81ac6ca Mon Sep 17 00:00:00 2001 From: lsq Date: Fri, 15 Apr 2022 11:49:33 +0800 Subject: [PATCH 1/2] native token permission Signed-off-by: lsq Change-Id: I369c499eae253a83e23a90f09dd383b04abf25ea --- frameworks/accesstoken/BUILD.gn | 1 + .../include/i_accesstoken_manager.h | 5 +- .../native_token_info_for_sync_parcel.h | 40 +++ .../src/native_token_info_for_sync_parcel.cpp | 75 +++++ .../accesstoken/include/accesstoken_kit.h | 4 +- .../accesstoken/include/native_token_info.h | 7 + .../accesstoken/src/accesstoken_kit.cpp | 4 +- .../src/accesstoken_manager_client.cpp | 19 +- .../src/accesstoken_manager_client.h | 4 +- .../src/accesstoken_manager_proxy.cpp | 10 +- .../src/accesstoken_manager_proxy.h | 5 +- .../unittest/src/accesstoken_kit_test.cpp | 36 +- .../nativetoken/include/nativetoken.h | 11 + .../nativetoken/include/nativetoken_kit.h | 11 +- .../innerkits/nativetoken/src/nativetoken.c | 307 ++++++++++++------ .../unittest/src/nativetoken_kit_test.cpp | 252 ++++++++++++-- .../src/token_sync_manager_client.cpp | 1 + .../include/permission/permission_manager.h | 2 + .../permission/permission_policy_set.h | 1 + .../service/accesstoken_manager_service.h | 4 +- .../include/token/accesstoken_info_manager.h | 5 +- .../include/token/native_token_info_inner.h | 18 +- .../cpp/include/token/native_token_receptor.h | 6 +- .../cpp/src/permission/permission_manager.cpp | 54 ++- .../src/permission/permission_policy_set.cpp | 33 ++ .../service/accesstoken_manager_service.cpp | 16 +- .../src/service/accesstoken_manager_stub.cpp | 10 +- .../src/token/accesstoken_info_manager.cpp | 169 ++++++---- .../cpp/src/token/native_token_info_inner.cpp | 48 ++- .../cpp/src/token/native_token_receptor.cpp | 31 +- services/accesstokenmanager/test/BUILD.gn | 1 + .../cpp/src/native_token_receptor_test.cpp | 119 +++++-- .../include/command/base_remote_command.h | 4 +- .../sync_remote_native_token_command.h | 2 +- .../src/command/base_remote_command.cpp | 38 ++- .../sync_remote_native_token_command.cpp | 2 +- .../src/service/token_sync_manager_stub.cpp | 1 + 37 files changed, 1038 insertions(+), 318 deletions(-) create mode 100644 frameworks/accesstoken/include/native_token_info_for_sync_parcel.h create mode 100644 frameworks/accesstoken/src/native_token_info_for_sync_parcel.cpp diff --git a/frameworks/accesstoken/BUILD.gn b/frameworks/accesstoken/BUILD.gn index 3471db521..0b7eff140 100644 --- a/frameworks/accesstoken/BUILD.gn +++ b/frameworks/accesstoken/BUILD.gn @@ -38,6 +38,7 @@ ohos_shared_library("accesstoken_communication_adapter_cxx") { "src/hap_policy_parcel.cpp", "src/hap_token_info_for_sync_parcel.cpp", "src/hap_token_info_parcel.cpp", + "src/native_token_info_for_sync_parcel.cpp", "src/native_token_info_parcel.cpp", "src/permission_def_parcel.cpp", "src/permission_list_state_parcel.cpp", diff --git a/frameworks/accesstoken/include/i_accesstoken_manager.h b/frameworks/accesstoken/include/i_accesstoken_manager.h index b9c78cbea..46312f8d1 100644 --- a/frameworks/accesstoken/include/i_accesstoken_manager.h +++ b/frameworks/accesstoken/include/i_accesstoken_manager.h @@ -25,6 +25,7 @@ #include "hap_token_info_for_sync_parcel.h" #include "hap_token_info_parcel.h" #include "iremote_broker.h" +#include "native_token_info_for_sync_parcel.h" #include "native_token_info_parcel.h" #include "permission_def_parcel.h" #include "permission_list_state_parcel.h" @@ -65,11 +66,11 @@ public: #ifdef TOKEN_SYNC_ENABLE virtual int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSyncParcel& hapSyncParcel) = 0; - virtual int GetAllNativeTokenInfo(std::vector& nativeTokenInfoRes) = 0; + virtual int GetAllNativeTokenInfo(std::vector& nativeTokenInfoRes) = 0; virtual int SetRemoteHapTokenInfo(const std::string& deviceID, HapTokenInfoForSyncParcel& hapSyncParcel) = 0; virtual int SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoParcel) = 0; + std::vector& nativeTokenInfoForSyncParcel) = 0; virtual int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) = 0; virtual AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID) = 0; virtual int DeleteRemoteDeviceTokens(const std::string& deviceID) = 0; diff --git a/frameworks/accesstoken/include/native_token_info_for_sync_parcel.h b/frameworks/accesstoken/include/native_token_info_for_sync_parcel.h new file mode 100644 index 000000000..a4b6b397c --- /dev/null +++ b/frameworks/accesstoken/include/native_token_info_for_sync_parcel.h @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef NATIVE_TOKEN_INFO_FOR_SYNC_PARCEL_H +#define NATIVE_TOKEN_INFO_FOR_SYNC_PARCEL_H + +#include "native_token_info.h" +#include "parcel.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +struct NativeTokenInfoForSyncParcel final : public Parcelable { + NativeTokenInfoForSyncParcel() = default; + + ~NativeTokenInfoForSyncParcel() override = default; + + bool Marshalling(Parcel &out) const override; + + static NativeTokenInfoForSyncParcel *Unmarshalling(Parcel &in); + + NativeTokenInfoForSync nativeTokenInfoForSyncParams; +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // NATIVE_TOKEN_INFO_FOR_SYNC_PARCEL_H + diff --git a/frameworks/accesstoken/src/native_token_info_for_sync_parcel.cpp b/frameworks/accesstoken/src/native_token_info_for_sync_parcel.cpp new file mode 100644 index 000000000..655f7b12e --- /dev/null +++ b/frameworks/accesstoken/src/native_token_info_for_sync_parcel.cpp @@ -0,0 +1,75 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "native_token_info_for_sync_parcel.h" +#include "native_token_info_parcel.h" +#include "permission_state_full_parcel.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +#define RETURN_IF_FALSE(expr) \ + if (!(expr)) { \ + return false; \ + } + +#define RELEASE_IF_FALSE(expr, obj) \ + if (!(expr)) { \ + delete (obj); \ + (obj) = nullptr; \ + return (obj); \ + } + +bool NativeTokenInfoForSyncParcel::Marshalling(Parcel& out) const +{ + NativeTokenInfoParcel baseInfoParcel; + baseInfoParcel.nativeTokenInfoParams = this->nativeTokenInfoForSyncParams.baseInfo; + out.WriteParcelable(&baseInfoParcel); + + const std::vector& permStateList = this->nativeTokenInfoForSyncParams.permStateList; + int32_t permStateListSize = static_cast(permStateList.size()); + RETURN_IF_FALSE(out.WriteInt32(permStateListSize)); + + for (int i = 0; i < permStateListSize; i++) { + PermissionStateFullParcel permStateParcel; + permStateParcel.permStatFull = permStateList[i]; + out.WriteParcelable(&permStateParcel); + } + + return true; +} + +NativeTokenInfoForSyncParcel* NativeTokenInfoForSyncParcel::Unmarshalling(Parcel& in) +{ + auto* nativeTokenInfoForSyncParcel = new (std::nothrow) NativeTokenInfoForSyncParcel(); + RELEASE_IF_FALSE(nativeTokenInfoForSyncParcel != nullptr, nativeTokenInfoForSyncParcel); + + sptr baseInfoParcel = in.ReadParcelable(); + RELEASE_IF_FALSE(baseInfoParcel != nullptr, nativeTokenInfoForSyncParcel); + nativeTokenInfoForSyncParcel->nativeTokenInfoForSyncParams.baseInfo = baseInfoParcel->nativeTokenInfoParams; + + int permStateListSize; + RELEASE_IF_FALSE(in.ReadInt32(permStateListSize), nativeTokenInfoForSyncParcel); + for (int i = 0; i < permStateListSize; i++) { + sptr permissionStateParcel = in.ReadParcelable(); + RELEASE_IF_FALSE(permissionStateParcel != nullptr, nativeTokenInfoForSyncParcel); + nativeTokenInfoForSyncParcel->nativeTokenInfoForSyncParams.permStateList.emplace_back( + permissionStateParcel->permStatFull); + } + return nativeTokenInfoForSyncParcel; +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h index 0c9740761..4ee095db0 100644 --- a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h +++ b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h @@ -59,10 +59,10 @@ public: #ifdef TOKEN_SYNC_ENABLE static int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSync& hapSync); - static int GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes); + static int GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes); static int SetRemoteHapTokenInfo(const std::string& deviceID, const HapTokenInfoForSync& hapSync); static int SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoList); + std::vector& nativeTokenInfoList); static int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID); static AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID); static int DeleteRemoteDeviceTokens(const std::string& deviceID); diff --git a/interfaces/innerkits/accesstoken/include/native_token_info.h b/interfaces/innerkits/accesstoken/include/native_token_info.h index d02ef226b..604431880 100644 --- a/interfaces/innerkits/accesstoken/include/native_token_info.h +++ b/interfaces/innerkits/accesstoken/include/native_token_info.h @@ -19,6 +19,7 @@ #include "access_token.h" #include #include +#include "permission_state_full.h" namespace OHOS { namespace Security { @@ -32,6 +33,12 @@ public: AccessTokenID tokenID; AccessTokenAttr tokenAttr; }; + +class NativeTokenInfoForSync final { +public: + NativeTokenInfo baseInfo; + std::vector permStateList; +}; } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp index 9a16bc7bb..ef7621ad9 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp @@ -314,7 +314,7 @@ int AccessTokenKit::GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInf return AccessTokenManagerClient::GetInstance().GetHapTokenInfoFromRemote(tokenID, hapSync); } -int AccessTokenKit::GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes) +int AccessTokenKit::GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__); @@ -330,7 +330,7 @@ int AccessTokenKit::SetRemoteHapTokenInfo(const std::string& deviceID, } int AccessTokenKit::SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoList) + std::vector& nativeTokenInfoList) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, deviceID=%{public}s", __func__, deviceID.c_str()); return AccessTokenManagerClient::GetInstance() diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp index d8f78ff1c..855fe52ab 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp @@ -20,6 +20,7 @@ #include "hap_token_info.h" #include "hap_token_info_for_sync_parcel.h" #include "iservice_registry.h" +#include "native_token_info_for_sync_parcel.h" #include "native_token_info.h" namespace OHOS { @@ -326,7 +327,7 @@ int AccessTokenManagerClient::GetHapTokenInfoFromRemote(AccessTokenID tokenID, H return res; } -int AccessTokenManagerClient::GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes) +int AccessTokenManagerClient::GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes) { ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__); auto proxy = GetProxy(); @@ -335,10 +336,10 @@ int AccessTokenManagerClient::GetAllNativeTokenInfo(std::vector return RET_FAILED; } - std::vector parcelList; + std::vector parcelList; int result = proxy->GetAllNativeTokenInfo(parcelList); for (auto nativeTokenParcel : parcelList) { - NativeTokenInfo native = nativeTokenParcel.nativeTokenInfoParams; + NativeTokenInfoForSync native = nativeTokenParcel.nativeTokenInfoForSyncParams; nativeTokenInfosRes.emplace_back(native); } @@ -362,7 +363,7 @@ int AccessTokenManagerClient::SetRemoteHapTokenInfo(const std::string& deviceID, } int AccessTokenManagerClient::SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoList) + std::vector& nativeTokenInfoList) { ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__); auto proxy = GetProxy(); @@ -370,14 +371,14 @@ int AccessTokenManagerClient::SetRemoteNativeTokenInfo(const std::string& device ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null"); return RET_FAILED; } - std::vector hapTokenInfoParcels; + std::vector nativeTokenInfoParcels; for (auto native : nativeTokenInfoList) { - NativeTokenInfoParcel nativeTokenInfoParcel; - nativeTokenInfoParcel.nativeTokenInfoParams = native; - hapTokenInfoParcels.emplace_back(nativeTokenInfoParcel); + NativeTokenInfoForSyncParcel nativeTokenInfoForSyncParcel; + nativeTokenInfoForSyncParcel.nativeTokenInfoForSyncParams = native; + nativeTokenInfoParcels.emplace_back(nativeTokenInfoForSyncParcel); } PermissionStateFullParcel permStateParcel; - int res = proxy->SetRemoteNativeTokenInfo(deviceID, hapTokenInfoParcels); + int res = proxy->SetRemoteNativeTokenInfo(deviceID, nativeTokenInfoParcels); return res; } diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h index e55311aeb..82e867de4 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h @@ -63,10 +63,10 @@ public: #ifdef TOKEN_SYNC_ENABLE int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSync& hapSync); - int GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes); + int GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes); int SetRemoteHapTokenInfo(const std::string& deviceID, const HapTokenInfoForSync& hapSync); int SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoList); + std::vector& nativeTokenInfoList); int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID); AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID); int DeleteRemoteDeviceTokens(const std::string& deviceID); diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp index 5ef80f692..8e891aef2 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp @@ -735,7 +735,7 @@ int AccessTokenManagerProxy::GetHapTokenInfoFromRemote(AccessTokenID tokenID, return result; } -int AccessTokenManagerProxy::GetAllNativeTokenInfo(std::vector& nativeTokenInfoRes) +int AccessTokenManagerProxy::GetAllNativeTokenInfo(std::vector& nativeTokenInfoRes) { MessageParcel data; data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); @@ -761,7 +761,7 @@ int AccessTokenManagerProxy::GetAllNativeTokenInfo(std::vector nativeResult = reply.ReadParcelable(); + sptr nativeResult = reply.ReadParcelable(); if (nativeResult != nullptr) { nativeTokenInfoRes.emplace_back(*nativeResult); } @@ -804,17 +804,17 @@ int AccessTokenManagerProxy::SetRemoteHapTokenInfo(const std::string& deviceID, } int AccessTokenManagerProxy::SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoParcel) + std::vector& nativeTokenInfoForSyncParcel) { MessageParcel data; data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); if (!data.WriteString(deviceID)) { return RET_FAILED; } - if (!data.WriteUint32(nativeTokenInfoParcel.size())) { + if (!data.WriteUint32(nativeTokenInfoForSyncParcel.size())) { return RET_FAILED; } - for (NativeTokenInfoParcel& parcel : nativeTokenInfoParcel) { + for (NativeTokenInfoForSyncParcel& parcel : nativeTokenInfoForSyncParcel) { if (!data.WriteParcelable(&parcel)) { return RET_FAILED; } diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h index 5e549ade6..9bfbf432f 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h @@ -26,6 +26,7 @@ #include "hap_token_info_for_sync_parcel.h" #include "i_accesstoken_manager.h" #include "iremote_proxy.h" +#include "native_token_info_for_sync_parcel.h" #include "native_token_info_parcel.h" #include "permission_def_parcel.h" #include "permission_list_state_parcel.h" @@ -63,10 +64,10 @@ public: #ifdef TOKEN_SYNC_ENABLE int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSyncParcel& hapSyncParcel) override; - int GetAllNativeTokenInfo(std::vector& nativeTokenInfoRes) override; + int GetAllNativeTokenInfo(std::vector& nativeTokenInfoRes) override; int SetRemoteHapTokenInfo(const std::string& deviceID, HapTokenInfoForSyncParcel& hapSyncParcel) override; int SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoParcel) override; + std::vector& nativeTokenInfoForSyncParcel) override; int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) override; AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID) override; int DeleteRemoteDeviceTokens(const std::string& deviceID) override; diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp index 7758db986..2d24a35d5 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp @@ -2131,7 +2131,15 @@ HWTEST_F(AccessTokenKitTest, GetTokenTypeFlag001, TestSize.Level1) */ HWTEST_F(AccessTokenKitTest, GetTokenTypeFlag002, TestSize.Level1) { - uint64_t tokenId01 = GetAccessTokenId("GetTokenTypeFlag002", nullptr, 0, "system_core"); + NativeInfo infoInstance = { + .dcapsNum = 0, + .permNum = 0, + .dcaps = nullptr, + .perm = nullptr, + .processname = "GetTokenTypeFlag002", + .aplStr = "system_core", + }; + uint64_t tokenId01 = GetAccessTokenId(&infoInstance); AccessTokenID tokenID = tokenId01 & 0xffffffff; ATokenTypeEnum ret = AccessTokenKit::GetTokenTypeFlag(tokenID); @@ -3208,7 +3216,7 @@ HWTEST_F(AccessTokenKitTest, GetAllNativeTokenInfo001, TestSize.Level1) { ACCESSTOKEN_LOG_INFO(LABEL, "GetAllNativeTokenInfo001 start."); - std::vector nativeTokenInfosRes; + std::vector nativeTokenInfosRes; int ret = AccessTokenKit::GetAllNativeTokenInfo(nativeTokenInfosRes); ASSERT_EQ(ret, RET_SUCCESS); } @@ -3224,16 +3232,16 @@ HWTEST_F(AccessTokenKitTest, SetRemoteNativeTokenInfo001, TestSize.Level1) ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteNativeTokenInfo001 start."); std::string deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2"; - NativeTokenInfo native1 = { - .apl = APL_NORMAL, - .ver = 1, - .processName = "native_test1", - .dcap = {"SYSDCAP", "DMSDCAP"}, - .tokenID = 0x28000000, - .tokenAttr = 0 + NativeTokenInfoForSync native1 = { + .baseInfo.apl = APL_NORMAL, + .baseInfo.ver = 1, + .baseInfo.processName = "native_test1", + .baseInfo.dcap = {"SYSDCAP", "DMSDCAP"}, + .baseInfo.tokenID = 0x28000000, + .baseInfo.tokenAttr = 0 }; - std::vector nativeTokenInfoList; + std::vector nativeTokenInfoList; nativeTokenInfoList.emplace_back(native1); int ret = AccessTokenKit::SetRemoteNativeTokenInfo(deviceID, nativeTokenInfoList); @@ -3246,13 +3254,13 @@ HWTEST_F(AccessTokenKitTest, SetRemoteNativeTokenInfo001, TestSize.Level1) ret = AccessTokenKit::GetNativeTokenInfo(mapID, resultInfo); ASSERT_EQ(ret, RET_SUCCESS); - ASSERT_EQ(resultInfo.apl, native1.apl); - ASSERT_EQ(resultInfo.ver, native1.ver); - ASSERT_EQ(resultInfo.processName, native1.processName); + ASSERT_EQ(resultInfo.apl, native1.baseInfo.apl); + ASSERT_EQ(resultInfo.ver, native1.baseInfo.ver); + ASSERT_EQ(resultInfo.processName, native1.baseInfo.processName); ASSERT_EQ(resultInfo.dcap.size(), 2); ASSERT_EQ(resultInfo.dcap[0], "SYSDCAP"); ASSERT_EQ(resultInfo.dcap[1], "DMSDCAP"); ASSERT_EQ(resultInfo.tokenID, mapID); - ASSERT_EQ(resultInfo.tokenAttr, native1.tokenAttr); + ASSERT_EQ(resultInfo.tokenAttr, native1.baseInfo.tokenAttr); } #endif diff --git a/interfaces/innerkits/nativetoken/include/nativetoken.h b/interfaces/innerkits/nativetoken/include/nativetoken.h index d25658953..23c610628 100644 --- a/interfaces/innerkits/nativetoken/include/nativetoken.h +++ b/interfaces/innerkits/nativetoken/include/nativetoken.h @@ -41,6 +41,8 @@ extern "C" { #define MAX_JSON_FILE_LEN 102400 #define MAX_DCAPS_NUM 32 #define MAX_DCAP_LEN 1024 +#define MAX_PERM_NUM 32 +#define MAX_PERM_LEN 128 #define MAX_PARAMTER_LEN 128 #define SYSTEM_PROP_NATIVE_RECEPTOR "rw.nativetoken.receptor.startup" #define PATH_MAX_LEN 4096 @@ -51,6 +53,7 @@ extern "C" { #define ATRET_SUCCESS 0 #define DCAPS_KEY_NAME "dcaps" +#define PERMS_KEY_NAME "permissions" #define TOKENID_KEY_NAME "tokenId" #define TOKEN_ATTR_KEY_NAME "tokenAttr" #define APL_KEY_NAME "APL" @@ -81,11 +84,19 @@ typedef struct TokenList { NativeAtId tokenId; int32_t apl; char *dcaps[MAX_DCAPS_NUM]; + char *perm[MAX_PERM_NUM]; int dcapsNum; + int permNum; char processName[MAX_PROCESS_NAME_LEN + 1]; struct TokenList *next; } NativeTokenList; +typedef struct StrArrayAttribute { + int maxStrNum; + int maxStrLen; + const char *strKey; +} StrArrayAttr; + extern int32_t GetFileBuff(const char *cfg, char **retBuff); #ifdef __cplusplus } diff --git a/interfaces/innerkits/nativetoken/include/nativetoken_kit.h b/interfaces/innerkits/nativetoken/include/nativetoken_kit.h index 8975df42a..9d15a8e9c 100644 --- a/interfaces/innerkits/nativetoken/include/nativetoken_kit.h +++ b/interfaces/innerkits/nativetoken/include/nativetoken_kit.h @@ -25,7 +25,16 @@ extern "C" { #endif -extern uint64_t GetAccessTokenId(const char *processname, const char **dcap, int32_t dacpNum, const char *aplStr); +typedef struct NativeProcInfo { + int dcapsNum; + int permNum; + const char **dcaps; + const char **perm; + const char *processname; + const char *aplStr; +} NativeInfo; + +extern uint64_t GetAccessTokenId(NativeInfo *nativeProcInfo); #ifdef __cplusplus } diff --git a/interfaces/innerkits/nativetoken/src/nativetoken.c b/interfaces/innerkits/nativetoken/src/nativetoken.c index cbe4743bf..e90ccacaa 100644 --- a/interfaces/innerkits/nativetoken/src/nativetoken.c +++ b/interfaces/innerkits/nativetoken/src/nativetoken.c @@ -76,12 +76,12 @@ int32_t GetFileBuff(const char *cfg, char **retBuff) return ATRET_SUCCESS; } -static void FreeDcaps(char *dcaps[MAX_DCAPS_NUM], int32_t num) +static void FreeStrArray(char **arr, int32_t num) { for (int32_t i = 0; i <= num; i++) { - if (dcaps[i] != NULL) { - free(dcaps[i]); - dcaps[i] = NULL; + if (arr[i] != NULL) { + free(arr[i]); + arr[i] = NULL; } } } @@ -135,35 +135,35 @@ static uint32_t GetAplFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode) return ATRET_SUCCESS; } -static uint32_t GetDcapsInfoFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode) +static uint32_t GetInfoArrFromJson(cJSON *cjsonItem, char *strArr[], int *strNum, StrArrayAttr *attr) { - cJSON *dcapsJson = cJSON_GetObjectItem(cjsonItem, DCAPS_KEY_NAME); - int32_t dcapSize = cJSON_GetArraySize(dcapsJson); + cJSON *strArrJson = cJSON_GetObjectItem(cjsonItem, attr->strKey); + int32_t size = cJSON_GetArraySize(strArrJson); - tokenNode->dcapsNum = dcapSize; - if (dcapSize > MAX_DCAPS_NUM) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:dcapSize = %d is invalid.", __func__, dcapSize); + *strNum = size; + if (size > attr->maxStrNum) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:size = %d is invalid.", __func__, size); return ATRET_FAILED; } - for (int32_t i = 0; i < dcapSize; i++) { - cJSON *dcapItem = cJSON_GetArrayItem(dcapsJson, i); - if (dcapItem == NULL || !cJSON_IsString(dcapItem) || dcapItem->valuestring == NULL) { + for (int32_t i = 0; i < size; i++) { + cJSON *item = cJSON_GetArrayItem(strArrJson, i); + if (item == NULL || !cJSON_IsString(item) || item->valuestring == NULL) { ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_GetArrayItem failed.", __func__); return ATRET_FAILED; } - size_t length = strlen(dcapItem->valuestring); - if (length > MAX_DCAP_LEN) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:dcapItem is invalid.", __func__); + size_t length = strlen(item->valuestring); + if (length > attr->maxStrLen) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:item is invalid.", __func__); return ATRET_FAILED; } - tokenNode->dcaps[i] = (char *)malloc(sizeof(char) * (length + 1)); - if (tokenNode->dcaps[i] == NULL) { - FreeDcaps(tokenNode->dcaps, i - 1); + strArr[i] = (char *)malloc(sizeof(char) * (length + 1)); + if (strArr[i] == NULL) { + FreeStrArray(strArr, i - 1); ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:malloc invalid.", __func__); return ATRET_FAILED; } - if (strcpy_s(tokenNode->dcaps[i], length + 1, dcapItem->valuestring) != EOK) { - FreeDcaps(tokenNode->dcaps, i); + if (strcpy_s(strArr[i], length + 1, item->valuestring) != EOK) { + FreeStrArray(strArr, i); ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:strcpy_s failed.", __func__); return ATRET_FAILED; } @@ -173,17 +173,17 @@ static uint32_t GetDcapsInfoFromJson(cJSON *cjsonItem, NativeTokenList *tokenNod static int32_t GetTokenList(const cJSON *object) { - int32_t arraySize; - int32_t i; uint32_t ret; NativeTokenList *tmp = NULL; + StrArrayAttr attr; if (object == NULL) { ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:object is null.", __func__); return ATRET_FAILED; } - arraySize = cJSON_GetArraySize(object); - for (i = 0; i < arraySize; i++) { + int32_t arraySize = cJSON_GetArraySize(object); + + for (int32_t i = 0; i < arraySize; i++) { tmp = (NativeTokenList *)malloc(sizeof(NativeTokenList)); if (tmp == NULL) { ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:memory alloc failed.", __func__); @@ -198,9 +198,23 @@ static int32_t GetTokenList(const cJSON *object) ret = GetprocessNameFromJson(cjsonItem, tmp); ret |= GetTokenIdFromJson(cjsonItem, tmp); ret |= GetAplFromJson(cjsonItem, tmp); - ret |= GetDcapsInfoFromJson(cjsonItem, tmp); + + attr.maxStrLen = MAX_DCAP_LEN; + attr.maxStrNum = MAX_DCAPS_NUM; + attr.strKey = DCAPS_KEY_NAME; + ret |= GetInfoArrFromJson(cjsonItem, tmp->dcaps, &(tmp->dcapsNum), &attr); + if (ret != ATRET_SUCCESS) { + free(tmp); + return ATRET_FAILED; + } + + attr.maxStrLen = MAX_PERM_LEN; + attr.maxStrNum = MAX_PERM_NUM; + attr.strKey = PERMS_KEY_NAME; + ret = GetInfoArrFromJson(cjsonItem, tmp->perm, &(tmp->permNum), &attr); if (ret != ATRET_SUCCESS) { free(tmp); + FreeStrArray(tmp->dcaps, tmp->dcapsNum - 1); return ATRET_FAILED; } @@ -395,24 +409,24 @@ static void WriteToFile(const cJSON *root) return; } -static int32_t AddDcapsArray(cJSON *object, const NativeTokenList *curr) +static int32_t AddStrArrayInfo(cJSON *object, char * const strArray[], int strNum, const char *strKey) { - cJSON *dcapsArr = cJSON_CreateArray(); - if (dcapsArr == NULL) { + cJSON *strJsonArr = cJSON_CreateArray(); + if (strJsonArr == NULL) { return ATRET_FAILED; } - for (int32_t i = 0; i < curr->dcapsNum; i++) { - cJSON *item = cJSON_CreateString(curr->dcaps[i]); - if (item == NULL || !cJSON_AddItemToArray(dcapsArr, item)) { + for (int32_t i = 0; i < strNum; i++) { + cJSON *item = cJSON_CreateString(strArray[i]); + if (item == NULL || !cJSON_AddItemToArray(strJsonArr, item)) { ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:tokenAttr cJSON_AddItemToArray failed.", __func__); cJSON_Delete(item); - cJSON_Delete(dcapsArr); + cJSON_Delete(strJsonArr); return ATRET_FAILED; } } - if (!cJSON_AddItemToObject(object, DCAPS_KEY_NAME, dcapsArr)) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:dcaps cJSON_AddItemToObject failed.", __func__); - cJSON_Delete(dcapsArr); + if (!cJSON_AddItemToObject(object, strKey, strJsonArr)) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:strArr cJSON_AddItemToObject failed.", __func__); + cJSON_Delete(strJsonArr); return ATRET_FAILED; } return ATRET_SUCCESS; @@ -465,7 +479,13 @@ static cJSON *CreateNativeTokenJsonObject(const NativeTokenList *curr) cJSON_Delete(object); return NULL; } - int ret = AddDcapsArray(object, curr); + + int ret = AddStrArrayInfo(object, curr->dcaps, curr->dcapsNum, DCAPS_KEY_NAME); + if (ret != ATRET_SUCCESS) { + cJSON_Delete(object); + } + + ret = AddStrArrayInfo(object, curr->perm, curr->permNum, PERMS_KEY_NAME); if (ret != ATRET_SUCCESS) { cJSON_Delete(object); } @@ -509,27 +529,36 @@ static void SaveTokenIdToCfg(const NativeTokenList *curr) return; } -static uint32_t CheckProcessInfo(const char *processname, const char **dcaps, - int32_t dcapNum, const char *aplStr, int32_t *aplRet) +static uint32_t CheckStrPara(const char **info, int32_t infoNum, int maxNum, int maxInfoLen) { - if ((processname == NULL) || strlen(processname) > MAX_PROCESS_NAME_LEN || - strlen(processname) == 0) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:processname is invalid.", __func__); + if (((info == NULL) && (infoNum != 0)) || + (infoNum > maxNum) || (infoNum < 0)) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:info is null or infoNum is invalid.", __func__); return ATRET_FAILED; } + for (int32_t i = 0; i < infoNum; i++) { + if ((info[i] == NULL) || (strlen(info[i]) > maxInfoLen)) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:info[%d] length is invalid.", __func__, i); + return ATRET_FAILED; + } + } + return ATRET_SUCCESS; +} - if (((dcaps == NULL) && (dcapNum != 0)) || dcapNum > MAX_DCAPS_NUM || dcapNum < 0) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:dcaps is null or dcapNum is invalid.", __func__); +static uint32_t CheckProcessInfo(NativeInfo *procInfo, int32_t *aplRet) +{ + if ((procInfo->processname == NULL) || strlen(procInfo->processname) > MAX_PROCESS_NAME_LEN || + strlen(procInfo->processname) == 0) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:processname is invalid.", __func__); return ATRET_FAILED; } - for (int32_t i = 0; i < dcapNum; i++) { - if ((dcaps[i] == NULL) || (strlen(dcaps[i]) > MAX_DCAP_LEN)) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:dcap length is invalid.", __func__); - return ATRET_FAILED; - } + int retDcap = CheckStrPara(procInfo->dcaps, procInfo->dcapsNum, MAX_DCAPS_NUM, MAX_DCAP_LEN); + int retPerm = CheckStrPara(procInfo->perm, procInfo->permNum, MAX_PERM_NUM, MAX_PERM_LEN); + if ((retDcap == ATRET_FAILED) || (retPerm == ATRET_FAILED)) { + return ATRET_FAILED; } - int32_t apl = GetAplLevel(aplStr); + int32_t apl = GetAplLevel(procInfo->aplStr); if (apl == 0) { return ATRET_FAILED; } @@ -537,8 +566,21 @@ static uint32_t CheckProcessInfo(const char *processname, const char **dcaps, return ATRET_SUCCESS; } -static uint32_t AddNewTokenToListAndCfgFile(const char *processname, const char **dcapsIn, - int32_t dcapNumIn, int32_t aplIn, NativeAtId *tokenId) +static uint32_t CreateStrArray(int num, const char **str, char **nodeStr) +{ + for (int32_t i = 0; i < num; i++) { + nodeStr[i] = (char *)malloc(sizeof(char) * (strlen(str[i]) + 1)); + if (nodeStr[i] == NULL || + (strcpy_s(nodeStr[i], strlen(str[i]) + 1, str[i]) != EOK)) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:copy str[%d] failed.", __func__, i); + FreeStrArray(nodeStr, i); + return ATRET_FAILED; + } + } + return ATRET_SUCCESS; +} + +static uint32_t AddNewTokenToListAndFile(NativeInfo *procInfo, int32_t aplIn, NativeAtId *tokenId) { NativeTokenList *tokenNode; NativeAtId id; @@ -555,23 +597,24 @@ static uint32_t AddNewTokenToListAndCfgFile(const char *processname, const char } tokenNode->tokenId = id; tokenNode->apl = aplIn; - if (strcpy_s(tokenNode->processName, MAX_PROCESS_NAME_LEN + 1, processname) != EOK) { + if (strcpy_s(tokenNode->processName, MAX_PROCESS_NAME_LEN + 1, procInfo->processname) != EOK) { ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:strcpy_s failed.", __func__); free(tokenNode); return ATRET_FAILED; } - tokenNode->dcapsNum = dcapNumIn; + tokenNode->dcapsNum = procInfo->dcapsNum; + tokenNode->permNum = procInfo->permNum; - for (int32_t i = 0; i < dcapNumIn; i++) { - tokenNode->dcaps[i] = (char *)malloc(sizeof(char) * (strlen(dcapsIn[i]) + 1)); - if (tokenNode->dcaps[i] == NULL || - (strcpy_s(tokenNode->dcaps[i], strlen(dcapsIn[i]) + 1, dcapsIn[i]) != EOK)) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:copy dcapsIn[%d] failed.", __func__, i); - FreeDcaps(tokenNode->dcaps, i); - free(tokenNode); - return ATRET_FAILED; - } + if (CreateStrArray(procInfo->dcapsNum, procInfo->dcaps, tokenNode->dcaps) != ATRET_SUCCESS) { + free(tokenNode); + return ATRET_FAILED; + } + if (CreateStrArray(procInfo->permNum, procInfo->perm, tokenNode->perm) != ATRET_SUCCESS) { + FreeStrArray(tokenNode->dcaps, procInfo->dcapsNum - 1); + free(tokenNode); + return ATRET_FAILED; } + tokenNode->next = g_tokenListHead->next; g_tokenListHead->next = tokenNode; @@ -581,7 +624,7 @@ static uint32_t AddNewTokenToListAndCfgFile(const char *processname, const char return ATRET_SUCCESS; } -static int32_t CompareProcessInfo(NativeTokenList *tokenNode, const char **dcapsIn, int32_t dcapNumIn, int32_t aplIn) +static int32_t CompareTokenInfo(NativeTokenList *tokenNode, const char **dcapsIn, int32_t dcapNumIn, int32_t aplIn) { if (tokenNode->apl != aplIn) { return 1; @@ -597,61 +640,118 @@ static int32_t CompareProcessInfo(NativeTokenList *tokenNode, const char **dcaps return 0; } -static uint32_t UpdateTokenInfoInList(NativeTokenList *tokenNode, - const char **dcapsIn, int32_t dcapNumIn, int32_t aplIn) +static int32_t ComparePermInfo(NativeTokenList *tokenNode, const char **permIn, int32_t permNumIn) { - tokenNode->apl = aplIn; - - for (int32_t i = 0; i < tokenNode->dcapsNum; i++) { - free(tokenNode->dcaps[i]); - tokenNode->dcaps[i] = NULL; + if (tokenNode->permNum != permNumIn) { + return 1; + } + for (int32_t i = 0; i < permNumIn; i++) { + if (strcmp(tokenNode->perm[i], permIn[i]) != 0) { + return 1; + } } + return 0; +} - tokenNode->dcapsNum = dcapNumIn; - for (int32_t i = 0; i < dcapNumIn; i++) { - int32_t len = strlen(dcapsIn[i]) + 1; - tokenNode->dcaps[i] = (char *)malloc(sizeof(char) * len); - if (tokenNode->dcaps[i] == NULL || (strcpy_s(tokenNode->dcaps[i], len, dcapsIn[i]) != EOK)) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:copy dcapsIn[%d] failed.", __func__, i); - FreeDcaps(tokenNode->dcaps, i); +static uint32_t UpdateStrArrayInList(char *strArr[], int *strNum, + const char **strArrNew, int strNumNew) +{ + for (int32_t i = 0; i < *strNum; i++) { + free(strArr[i]); + strArr[i] = NULL; + } + + *strNum = strNumNew; + for (int32_t i = 0; i < strNumNew; i++) { + int32_t len = strlen(strArrNew[i]) + 1; + strArr[i] = (char *)malloc(sizeof(char) * len); + if (strArr[i] == NULL || (strcpy_s(strArr[i], len, strArrNew[i]) != EOK)) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:copy strArr[%d] failed.", __func__, i); + FreeStrArray(strArr, i); return ATRET_FAILED; } } return ATRET_SUCCESS; } -static uint32_t UpdateItemcontent(const NativeTokenList *tokenNode, cJSON *record) +static uint32_t UpdateTokenInfoInList(NativeTokenList *tokenNode, NativeInfo *procInfo) { - cJSON *itemApl = cJSON_CreateNumber(tokenNode->apl); - if (itemApl == NULL) { - return ATRET_FAILED; + tokenNode->apl = GetAplLevel(procInfo->aplStr); + + uint32_t ret = UpdateStrArrayInList(tokenNode->dcaps, &(tokenNode->dcapsNum), + procInfo->dcaps, procInfo->dcapsNum); + if (ret != ATRET_SUCCESS) { + return ret; } - if (!cJSON_ReplaceItemInObject(record, APL_KEY_NAME, itemApl)) { - cJSON_Delete(itemApl); - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:APL update failed.", __func__); - return ATRET_FAILED; + ret = UpdateStrArrayInList(tokenNode->perm, &(tokenNode->permNum), + procInfo->perm, procInfo->permNum); + if (ret != ATRET_SUCCESS) { + FreeStrArray(tokenNode->dcaps, tokenNode->dcapsNum); } + return ret; +} - cJSON *dcapsArr = cJSON_CreateArray(); - if (dcapsArr == NULL) { +static uint32_t UpdateStrArrayType(char * const strArr[], int strNum, const char *strKey, cJSON *record) +{ + cJSON *strArrJson = cJSON_CreateArray(); + if (strArrJson == NULL) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_CreateArray failed.", __func__); return ATRET_FAILED; } - for (int32_t i = 0; i < tokenNode->dcapsNum; i++) { - cJSON *item = cJSON_CreateString(tokenNode->dcaps[i]); + for (int32_t i = 0; i < strNum; i++) { + cJSON *item = cJSON_CreateString(strArr[i]); if (item == NULL) { ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_CreateString failed.", __func__); - cJSON_Delete(dcapsArr); + cJSON_Delete(strArrJson); return ATRET_FAILED; } - if (!cJSON_AddItemToArray(dcapsArr, item)) { + if (!cJSON_AddItemToArray(strArrJson, item)) { ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_AddItemToArray failed.", __func__); cJSON_Delete(item); + cJSON_Delete(strArrJson); + return ATRET_FAILED; + } + } + if (cJSON_GetObjectItem(record, strKey) != NULL) { + if (!cJSON_ReplaceItemInObject(record, strKey, strArrJson)) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_ReplaceItemInObject failed.", __func__); + cJSON_Delete(strArrJson); + return ATRET_FAILED; + } + } else { + if (!cJSON_AddItemToObject(record, strKey, strArrJson)) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_ReplaceItemInObject failed.", __func__); + cJSON_Delete(strArrJson); return ATRET_FAILED; } } - if (!cJSON_ReplaceItemInObject(record, DCAPS_KEY_NAME, dcapsArr)) { + + return ATRET_SUCCESS; +} + +static uint32_t UpdateItemcontent(const NativeTokenList *tokenNode, cJSON *record) +{ + cJSON *itemApl = cJSON_CreateNumber(tokenNode->apl); + if (itemApl == NULL) { + return ATRET_FAILED; + } + if (!cJSON_ReplaceItemInObject(record, APL_KEY_NAME, itemApl)) { + cJSON_Delete(itemApl); + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:APL update failed.", __func__); + return ATRET_FAILED; + } + + uint32_t ret = UpdateStrArrayType(tokenNode->dcaps, tokenNode->dcapsNum, DCAPS_KEY_NAME, record); + if (ret != ATRET_SUCCESS) { ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:dcaps update failed.", __func__); - cJSON_Delete(dcapsArr); + return ATRET_FAILED; + } + + ret = UpdateStrArrayType(tokenNode->perm, tokenNode->permNum, PERMS_KEY_NAME, record); + if (ret != ATRET_SUCCESS) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:GetInfoArrFromJson process %s \n tmp->permNum : %d.", + __func__, tokenNode->processName, tokenNode->permNum); + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:perm update failed.", __func__); return ATRET_FAILED; } return ATRET_SUCCESS; @@ -679,7 +779,7 @@ static uint32_t UpdateGoalItemFromRecord(const NativeTokenList *tokenNode, cJSON return ATRET_FAILED; } -static uint32_t UpdateTokenInfoInCfgFile(NativeTokenList *tokenNode) +static uint32_t UpdateInfoInCfgFile(NativeTokenList *tokenNode) { cJSON *record = NULL; char *fileBuff = NULL; @@ -714,7 +814,7 @@ static uint32_t UpdateTokenInfoInCfgFile(NativeTokenList *tokenNode) return ATRET_SUCCESS; } -uint64_t GetAccessTokenId(const char *processname, const char **dcaps, int32_t dcapNum, const char *aplStr) +uint64_t GetAccessTokenId(NativeInfo *procInfo) { NativeAtId tokenId = 0; uint64_t result = 0; @@ -725,14 +825,14 @@ uint64_t GetAccessTokenId(const char *processname, const char **dcaps, int32_t d return INVALID_TOKEN_ID; } - uint32_t ret = CheckProcessInfo(processname, dcaps, dcapNum, aplStr, &apl); + uint32_t ret = CheckProcessInfo(procInfo, &apl); if (ret != ATRET_SUCCESS) { return INVALID_TOKEN_ID; } NativeTokenList *tokenNode = g_tokenListHead->next; while (tokenNode != NULL) { - if (strcmp(tokenNode->processName, processname) == 0) { + if (strcmp(tokenNode->processName, procInfo->processname) == 0) { tokenId = tokenNode->tokenId; break; } @@ -740,12 +840,13 @@ uint64_t GetAccessTokenId(const char *processname, const char **dcaps, int32_t d } if (tokenNode == NULL) { - ret = AddNewTokenToListAndCfgFile(processname, dcaps, dcapNum, apl, &tokenId); + ret = AddNewTokenToListAndFile(procInfo, apl, &tokenId); } else { - int32_t needUpdate = CompareProcessInfo(tokenNode, dcaps, dcapNum, apl); - if (needUpdate != 0) { - ret = UpdateTokenInfoInList(tokenNode, dcaps, dcapNum, apl); - ret |= UpdateTokenInfoInCfgFile(tokenNode); + int32_t needTokenUpdate = CompareTokenInfo(tokenNode, procInfo->dcaps, procInfo->dcapsNum, apl); + int32_t needPermUpdate = ComparePermInfo(tokenNode, procInfo->perm, procInfo->permNum); + if ((needTokenUpdate != 0) || (needPermUpdate != 0)) { + ret = UpdateTokenInfoInList(tokenNode, procInfo); + ret |= UpdateInfoInCfgFile(tokenNode); } } if (ret != ATRET_SUCCESS) { diff --git a/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.cpp b/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.cpp index 44eb5cc82..03b1b32f2 100644 --- a/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.cpp +++ b/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.cpp @@ -48,13 +48,22 @@ void TokenLibKitTest::TearDown() int Start(const char *processName) { - const char *processname = processName; const char **dcaps = new const char *[2]; dcaps[0] = "AT_CAP"; dcaps[1] = "ST_CAP"; - int dcapNum = 2; uint64_t tokenId; - tokenId = GetAccessTokenId(processname, dcaps, dcapNum, "system_core"); + const char **perms = new const char *[2]; + perms[0] = "ohos.permission.test1"; + perms[1] = "ohos.permission.test2"; + NativeInfo infoInstance = { + .dcapsNum = 2, + .permNum = 2, + .dcaps = dcaps, + .perm = perms, + .processname = processName, + .aplStr = "system_core", + }; + tokenId = GetAccessTokenId(&infoInstance); delete[] dcaps; return tokenId; } @@ -72,26 +81,42 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId001, TestSize.Level1) dcaps[1] = "ST_CAP"; int dcapNum = 2; uint64_t tokenId; - tokenId = GetAccessTokenId("", dcaps, dcapNum, "system_core"); + const char **perms = new const char *[2]; + perms[0] = "ohos.permission.test1"; + perms[1] = "ohos.permission.test2"; + NativeInfo infoInstance = { + .dcapsNum = dcapNum, + .permNum = 2, + .dcaps = dcaps, + .perm = perms, + .aplStr = "system_core", + }; + infoInstance.processname = ""; + tokenId = GetAccessTokenId(&infoInstance); ASSERT_EQ(tokenId, 0); - tokenId = GetAccessTokenId(nullptr, dcaps, dcapNum, "system_core"); + infoInstance.processname = nullptr; + tokenId = GetAccessTokenId(&infoInstance); ASSERT_EQ(tokenId, 0); /* 257 is invalid processName length */ const std::string invalidProcName (257, 'x'); - tokenId = GetAccessTokenId(invalidProcName.c_str(), dcaps, dcapNum, "system_core"); + infoInstance.processname = invalidProcName.c_str(); + tokenId = GetAccessTokenId(&infoInstance); ASSERT_EQ(tokenId, 0); /* 255 is valid processName length */ const std::string validProcName01 (255, 'x'); - tokenId = GetAccessTokenId(validProcName01.c_str(), dcaps, dcapNum, "system_core"); + infoInstance.processname = validProcName01.c_str(); + tokenId = GetAccessTokenId(&infoInstance); ASSERT_NE(tokenId, 0); /* 256 is valid processName length */ const std::string validProcName02 (256, 'x'); - tokenId = GetAccessTokenId(validProcName02.c_str(), dcaps, dcapNum, "system_core"); + infoInstance.processname = validProcName02.c_str(); + tokenId = GetAccessTokenId(&infoInstance); ASSERT_NE(tokenId, 0); delete[] dcaps; + delete[] perms; } /** @@ -107,12 +132,22 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId002, TestSize.Level1) dcaps[1] = "ST_CAP"; int dcapNum = -1; uint64_t tokenId; - tokenId = GetAccessTokenId("GetAccessTokenId002", dcaps, dcapNum, "system_core"); + NativeInfo infoInstance = { + .permNum = 0, + .dcaps = dcaps, + .perm = nullptr, + .aplStr = "system_core", + }; + infoInstance.dcapsNum = dcapNum; + infoInstance.processname = "GetAccessTokenId002"; + tokenId = GetAccessTokenId(&infoInstance); ASSERT_EQ(tokenId, 0); /* 33 is invalid dcapNum */ dcapNum = 33; - tokenId = GetAccessTokenId("GetAccessTokenId002_00", dcaps, dcapNum, "system_core"); + infoInstance.dcapsNum = dcapNum; + infoInstance.processname = "GetAccessTokenId002_00"; + tokenId = GetAccessTokenId(&infoInstance); ASSERT_EQ(tokenId, 0); for (int32_t i = 0; i < 32; i++) { @@ -120,12 +155,16 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId002, TestSize.Level1) } /* 32 is valid dcapNum */ dcapNum = 32; - tokenId = GetAccessTokenId("GetAccessTokenId002_01", dcaps, dcapNum, "system_core"); + infoInstance.dcapsNum = dcapNum; + infoInstance.processname = "GetAccessTokenId002_01"; + tokenId = GetAccessTokenId(&infoInstance); ASSERT_NE(tokenId, 0); /* 31 is valid dcapNum */ dcapNum = 31; - tokenId = GetAccessTokenId("GetAccessTokenId002_02", dcaps, dcapNum, "system_core"); + infoInstance.dcapsNum = dcapNum; + infoInstance.processname = "GetAccessTokenId002_02"; + tokenId = GetAccessTokenId(&infoInstance); ASSERT_NE(tokenId, 0); delete[] dcaps; @@ -144,30 +183,51 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId003, TestSize.Level1) dcaps[1] = "ST_CAP"; int dcapNum = 2; uint64_t tokenId; - tokenId = GetAccessTokenId("GetAccessTokenId003", nullptr, dcapNum, "system_core"); + NativeInfo infoInstance = { + .permNum = 0, + .dcaps = dcaps, + .perm = nullptr, + .aplStr = "system_core", + }; + infoInstance.dcapsNum = dcapNum; + infoInstance.dcaps = nullptr; + infoInstance.processname = "GetAccessTokenId003"; + tokenId = GetAccessTokenId(&infoInstance); ASSERT_EQ(tokenId, 0); dcapNum = 0; - tokenId = GetAccessTokenId("GetAccessTokenId003_01", nullptr, dcapNum, "system_core"); + infoInstance.dcapsNum = dcapNum; + infoInstance.dcaps = nullptr; + infoInstance.processname = "GetAccessTokenId003_01"; + tokenId = GetAccessTokenId(&infoInstance); ASSERT_NE(tokenId, 0); dcapNum = 2; /* 1025 is invalid dcap length */ const std::string invalidDcap (1025, 'x'); dcaps[0] = invalidDcap.c_str(); - tokenId = GetAccessTokenId("GetAccessTokenId003_02", dcaps, dcapNum, "system_core"); + infoInstance.dcapsNum = dcapNum; + infoInstance.dcaps = dcaps; + infoInstance.processname = "GetAccessTokenId003_02"; + tokenId = GetAccessTokenId(&infoInstance); ASSERT_EQ(tokenId, 0); /* 1024 is valid dcap length */ const std::string validDcap01 (1024, 'x'); dcaps[0] = validDcap01.c_str(); - tokenId = GetAccessTokenId("GetAccessTokenId003_03", dcaps, dcapNum, "system_core"); + infoInstance.dcapsNum = dcapNum; + infoInstance.dcaps = dcaps; + infoInstance.processname = "GetAccessTokenId003_03"; + tokenId = GetAccessTokenId(&infoInstance); ASSERT_NE(tokenId, 0); /* 1023 is valid dcap length */ const std::string validDcap02 (1023, 'x'); dcaps[0] = validDcap02.c_str(); - tokenId = GetAccessTokenId("GetAccessTokenId003_04", dcaps, dcapNum, "system_core"); + infoInstance.dcapsNum = dcapNum; + infoInstance.dcaps = dcaps; + infoInstance.processname = "GetAccessTokenId003_04"; + tokenId = GetAccessTokenId(&infoInstance); ASSERT_NE(tokenId, 0); delete[] dcaps; @@ -186,10 +246,20 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId004, TestSize.Level1) dcaps[1] = "ST_CAP"; int dcapNum = 2; uint64_t tokenId; - tokenId = GetAccessTokenId("GetAccessTokenId003", dcaps, dcapNum, nullptr); + NativeInfo infoInstance = { + .dcapsNum = dcapNum, + .permNum = 0, + .dcaps = dcaps, + .perm = nullptr, + .processname = "GetAccessTokenId003", + }; + + infoInstance.aplStr = nullptr, + tokenId = GetAccessTokenId(&infoInstance); ASSERT_EQ(tokenId, 0); - tokenId = GetAccessTokenId("GetAccessTokenId003", dcaps, dcapNum, "system_invalid"); + infoInstance.aplStr = "system_invalid", + tokenId = GetAccessTokenId(&infoInstance); ASSERT_EQ(tokenId, 0); delete[] dcaps; @@ -233,11 +303,149 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId006, TestSize.Level1) /** * @tc.name: GetAccessTokenId007 - * @tc.desc: Get a batch of AccessTokenId. + * @tc.desc: cannot getAccessTokenId with invalid dcapNum. * @tc.type: FUNC * @tc.require:AR000GK6TD */ HWTEST_F(TokenLibKitTest, GetAccessTokenId007, TestSize.Level1) +{ + const char **perms = new const char *[MAX_PERM_NUM]; + perms[0] = "ohos.permission.test1"; + perms[1] = "ohos.permission.test2"; + int permNum = -1; + uint64_t tokenId; + NativeInfo infoInstance = { + .dcapsNum = 0, + .dcaps = nullptr, + .perm = perms, + .aplStr = "system_core", + }; + + infoInstance.permNum = permNum; + infoInstance.processname = "GetAccessTokenId007"; + tokenId = GetAccessTokenId(&infoInstance); + ASSERT_EQ(tokenId, 0); + + permNum = MAX_PERM_NUM + 1; + infoInstance.permNum = permNum; + infoInstance.processname = "GetAccessTokenId007_00"; + tokenId = GetAccessTokenId(&infoInstance); + ASSERT_EQ(tokenId, 0); + + for (int32_t i = 0; i < MAX_PERM_NUM; i++) { + perms[i] = "ohos.permission.test"; + } + + permNum = MAX_PERM_NUM; + infoInstance.permNum = permNum; + infoInstance.processname = "GetAccessTokenId007_01"; + tokenId = GetAccessTokenId(&infoInstance); + ASSERT_NE(tokenId, 0); + + permNum = MAX_PERM_NUM - 1; + infoInstance.permNum = permNum; + infoInstance.processname = "GetAccessTokenId007_02"; + tokenId = GetAccessTokenId(&infoInstance); + ASSERT_NE(tokenId, 0); + + delete[] perms; +} + +/** + * @tc.name: GetAccessTokenId008 + * @tc.desc: Get AccessTokenId with new processName. + * @tc.type: FUNC + * @tc.require:AR000GK6TD + */ +HWTEST_F(TokenLibKitTest, GetAccessTokenId008, TestSize.Level1) +{ + const char **dcaps = new const char *[2]; + dcaps[0] = "AT_CAP"; + dcaps[1] = "ST_CAP"; + uint64_t tokenId; + const char **perms = new const char *[2]; + perms[0] = "ohos.permission.test1"; + perms[1] = "ohos.permission.test2"; + NativeInfo infoInstance = { + .dcapsNum = 2, + .permNum = 2, + .dcaps = dcaps, + .perm = perms, + .processname = "GetAccessTokenId008", + .aplStr = "system_core", + }; + tokenId = GetAccessTokenId(&infoInstance); + ASSERT_NE(tokenId, 0); +} + +/** + * @tc.name: GetAccessTokenId009 + * @tc.desc: cannot getAccessTokenId with invalid perms. + * @tc.type: FUNC + * @tc.require:AR000GK6TD + */ +HWTEST_F(TokenLibKitTest, GetAccessTokenId009, TestSize.Level1) +{ + const char **perm = new const char *[2]; + perm[0] = "AT_CAP"; + perm[1] = "ST_CAP"; + int permNum = 2; + uint64_t tokenId; + NativeInfo infoInstance = { + .dcapsNum = 0, + .dcaps = nullptr, + .aplStr = "system_core", + }; + + infoInstance.permNum = permNum; + infoInstance.perm = nullptr; + infoInstance.processname = "GetAccessTokenId009"; + tokenId = GetAccessTokenId(&infoInstance); + ASSERT_EQ(tokenId, 0); + + permNum = 0; + infoInstance.permNum = permNum; + infoInstance.perm = nullptr; + infoInstance.processname = "GetAccessTokenId009_01"; + tokenId = GetAccessTokenId(&infoInstance); + ASSERT_NE(tokenId, 0); + + permNum = 2; + /* 1025 is invalid dcap length */ + const std::string invalidDcap (MAX_PERM_LEN + 1, 'x'); + perm[0] = invalidDcap.c_str(); + infoInstance.permNum = permNum; + infoInstance.perm = perm; + infoInstance.processname = "GetAccessTokenId009_02"; + tokenId = GetAccessTokenId(&infoInstance); + ASSERT_EQ(tokenId, 0); + + const std::string validDcap01 (MAX_PERM_LEN, 'x'); + perm[0] = validDcap01.c_str(); + infoInstance.permNum = permNum; + infoInstance.perm = perm; + infoInstance.processname = "GetAccessTokenId009_03"; + tokenId = GetAccessTokenId(&infoInstance); + ASSERT_NE(tokenId, 0); + + const std::string validDcap02 (MAX_PERM_LEN - 1, 'x'); + perm[0] = validDcap02.c_str(); + infoInstance.permNum = permNum; + infoInstance.perm = perm; + infoInstance.processname = "GetAccessTokenId009_04"; + tokenId = GetAccessTokenId(&infoInstance); + ASSERT_NE(tokenId, 0); + + delete[] perm; +} + +/** + * @tc.name: GetAccessTokenId010 + * @tc.desc: Get a batch of AccessTokenId. + * @tc.type: FUNC + * @tc.require:AR000GK6TD + */ +HWTEST_F(TokenLibKitTest, GetAccessTokenId010, TestSize.Level1) { char processName[200][MAX_PROCESS_NAME_LEN]; /* enable 200 process before fondation is prepared */ @@ -259,12 +467,12 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId007, TestSize.Level1) } /** - * @tc.name: GetAccessTokenId008 + * @tc.name: GetAccessTokenId011 * @tc.desc: Get AccessTokenId and check the config file. * @tc.type: FUNC * @tc.require:AR000GK6TD */ -HWTEST_F(TokenLibKitTest, GetAccessTokenId008, TestSize.Level1) +HWTEST_F(TokenLibKitTest, GetAccessTokenId011, TestSize.Level1) { Start("process1"); Start("process2"); diff --git a/interfaces/innerkits/tokensync/src/token_sync_manager_client.cpp b/interfaces/innerkits/tokensync/src/token_sync_manager_client.cpp index 3cd5a9d56..f11d38bfa 100644 --- a/interfaces/innerkits/tokensync/src/token_sync_manager_client.cpp +++ b/interfaces/innerkits/tokensync/src/token_sync_manager_client.cpp @@ -17,6 +17,7 @@ #include "accesstoken_log.h" #include "hap_token_info_for_sync_parcel.h" +#include "native_token_info_for_sync_parcel.h" #include "iservice_registry.h" namespace OHOS { diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h index 64fa632f5..68ad9751d 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h @@ -38,6 +38,8 @@ public: void AddDefPermissions(std::shared_ptr tokenInfo, bool updateFlag); void RemoveDefPermissions(AccessTokenID tokenID); + int VerifyNativeAccessToken(AccessTokenID tokenID, const std::string& permissionName); + int VerifyHapAccessToken(AccessTokenID tokenID, const std::string& permissionName); int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName); int VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName); int GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult); diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h b/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h index 773153759..20b653aad 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h @@ -48,6 +48,7 @@ public: int QueryPermissionFlag(const std::string& permissionName); void UpdatePermissionStatus(const std::string& permissionName, bool isGranted, int flag); void ToString(std::string& info); + void PermStateToString(std::string& info); void GetPermissionStateList(std::vector& stateList); private: diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h index 5ab88b093..cdb850124 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h @@ -64,10 +64,10 @@ public: #ifdef TOKEN_SYNC_ENABLE int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSyncParcel& hapSyncParcel) override; - int GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes) override; + int GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes) override; int SetRemoteHapTokenInfo(const std::string& deviceID, HapTokenInfoForSyncParcel& hapSyncParcel) override; int SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoParcel) override; + std::vector& nativeTokenInfoForSyncParcel) override; int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) override; AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID) override; int DeleteRemoteDeviceTokens(const std::string& deviceID) override; diff --git a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h index aa8fa7d72..0fbd98245 100644 --- a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h +++ b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h @@ -41,6 +41,7 @@ public: int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& InfoParcel); std::shared_ptr GetNativeTokenInfoInner(AccessTokenID id); int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfo& InfoParcel); + std::shared_ptr GetNativePermissionPolicySet(AccessTokenID id); std::shared_ptr GetHapPermissionPolicySet(AccessTokenID id); int RemoveHapTokenInfo(AccessTokenID id); int RemoveNativeTokenInfo(AccessTokenID id); @@ -58,10 +59,10 @@ public: int GetHapTokenSync(AccessTokenID tokenID, HapTokenInfoForSync& hapSync); int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSync& hapSync); - void GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes); + void GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes); int SetRemoteHapTokenInfo(const std::string& deviceID, HapTokenInfoForSync& hapSync); int SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoList); + std::vector& nativeTokenInfoList); int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID); AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID); int DeleteRemoteDeviceTokens(const std::string& deviceID); diff --git a/services/accesstokenmanager/main/cpp/include/token/native_token_info_inner.h b/services/accesstokenmanager/main/cpp/include/token/native_token_info_inner.h index 72f5b2e7c..5b95fa62b 100644 --- a/services/accesstokenmanager/main/cpp/include/token/native_token_info_inner.h +++ b/services/accesstokenmanager/main/cpp/include/token/native_token_info_inner.h @@ -21,6 +21,8 @@ #include "access_token.h" #include "generic_values.h" #include "native_token_info.h" +#include "permission_policy_set.h" +#include "permission_state_full.h" namespace OHOS { namespace Security { @@ -31,21 +33,27 @@ static const std::string JSON_VERSION = "version"; static const std::string JSON_TOKEN_ID = "tokenId"; static const std::string JSON_TOKEN_ATTR = "tokenAttr"; static const std::string JSON_DCAPS = "dcaps"; +static const std::string JSON_PERMS = "permissions"; static const int MAX_DCAPS_NUM = 32; +static const int MAX_REQ_PERM_NUM = 32; class NativeTokenInfoInner final { public: NativeTokenInfoInner(); - NativeTokenInfoInner(NativeTokenInfo& info); + NativeTokenInfoInner(NativeTokenInfo& info, + const std::vector &permStateList); virtual ~NativeTokenInfoInner(); int Init(AccessTokenID id, const std::string& processName, int apl, - const std::vector& dcap); - void StoreNativeInfo(std::vector& valueList) const; + const std::vector& dcap, + const std::vector &permStateList); + void StoreNativeInfo(std::vector& valueList, + std::vector& permStateValues) const; void TranslateToNativeTokenInfo(NativeTokenInfo& InfoParcel) const; void SetDcaps(const std::string& dcapStr); void ToString(std::string& info) const; - int RestoreNativeTokenInfo(AccessTokenID tokenId, const GenericValues& inGenericValues); + int RestoreNativeTokenInfo(AccessTokenID tokenId, const GenericValues& inGenericValues, + const std::vector& permStateRes); void Update(AccessTokenID tokenId, const std::string& processName, int apl, const std::vector& dcap); @@ -53,6 +61,7 @@ public: AccessTokenID GetTokenID() const; std::string GetProcessName() const; NativeTokenInfo GetNativeTokenInfo() const; + std::shared_ptr GetNativeInfoPermissionPolicySet() const; bool IsRemote() const; void SetRemote(bool isRemote); @@ -63,6 +72,7 @@ private: // true means sync from remote. bool isRemote_; NativeTokenInfo tokenInfoBasic_; + std::shared_ptr permPolicySet_; }; } // namespace AccessToken } // namespace Security diff --git a/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h b/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h index 9917e5e57..cc72c61ff 100644 --- a/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h +++ b/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h @@ -19,10 +19,13 @@ #include #include +#include "native_token_info_inner.h" + #include "access_token.h" #include "nlohmann/json.hpp" -#include "native_token_info_inner.h" #include "nocopyable.h" +#include "permission_policy_set.h" +#include "permission_state_full.h" namespace OHOS { namespace Security { @@ -45,7 +48,6 @@ private: int32_t ParserNativeRawData(const std::string& nativeRawData, std::vector>& tokenInfos); void from_json(const nlohmann::json& j, NativeTokenInfo& p); - bool ready_; }; } // namespace AccessToken diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index b46dac48f..e3eeb9e15 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -15,6 +15,7 @@ #include "permission_manager.h" #include "access_token.h" +#include "accesstoken_id_manager.h" #include "accesstoken_info_manager.h" #include "accesstoken_log.h" #include "permission_definition_cache.h" @@ -89,14 +90,9 @@ void PermissionManager::RemoveDefPermissions(AccessTokenID tokenID) PermissionDefinitionCache::GetInstance().DeleteByBundleName(bundleName); } -int PermissionManager::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) +int PermissionManager::VerifyHapAccessToken(AccessTokenID tokenID, const std::string& permissionName) { - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: 0x%{public}x, permissionName: %{public}s", __func__, - tokenID, permissionName.c_str()); - if (!PermissionValidator::IsPermissionNameValid(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "invalid params!"); - return PERMISSION_DENIED; - } + ACCESSTOKEN_LOG_INFO(LABEL, "called"); std::shared_ptr tokenInfoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenID); if (tokenInfoPtr == nullptr) { @@ -119,6 +115,50 @@ int PermissionManager::VerifyAccessToken(AccessTokenID tokenID, const std::strin return permPolicySet->VerifyPermissStatus(permissionName); } +int PermissionManager::VerifyNativeAccessToken(AccessTokenID tokenID, const std::string& permissionName) +{ + std::shared_ptr tokenInfoPtr = + AccessTokenInfoManager::GetInstance().GetNativeTokenInfoInner(tokenID); + if (tokenInfoPtr == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "can not find tokenInfo!"); + return PERMISSION_DENIED; + } + + if (!tokenInfoPtr->IsRemote() && !PermissionDefinitionCache::GetInstance().HasDefinition(permissionName)) { + ACCESSTOKEN_LOG_ERROR( + LABEL, "no definition for permission: %{public}s!", permissionName.c_str()); + return PERMISSION_DENIED; + } + std::shared_ptr permPolicySet = + AccessTokenInfoManager::GetInstance().GetNativePermissionPolicySet(tokenID); + if (permPolicySet == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "invalid params!"); + return PERMISSION_DENIED; + } + + return permPolicySet->VerifyPermissStatus(permissionName); +} + +int PermissionManager::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: 0x%{public}x, permissionName: %{public}s", __func__, + tokenID, permissionName.c_str()); + if (!PermissionValidator::IsPermissionNameValid(permissionName)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "invalid params!"); + return PERMISSION_DENIED; + } + + ATokenTypeEnum tokenType = AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(tokenID); + if (tokenType == TOKEN_NATIVE) { + return VerifyNativeAccessToken(tokenID, permissionName); + } + if (tokenType == TOKEN_HAP) { + return VerifyHapAccessToken(tokenID, permissionName); + } + ACCESSTOKEN_LOG_ERROR(LABEL, "invalid tokenType!"); + return PERMISSION_DENIED; +} + int PermissionManager::VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName) { ACCESSTOKEN_LOG_INFO(LABEL, diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp index 8f1bad231..b2b8793a0 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp @@ -19,6 +19,7 @@ #include "data_storage.h" #include "data_translator.h" #include "field_const.h" +#include "permission_definition_cache.h" #include "permission_validator.h" namespace OHOS { @@ -324,6 +325,38 @@ void PermissionPolicySet::ToString(std::string& info) } info.append("\n ]\n"); } + +void PermissionPolicySet::PermStateToString(std::string& info) +{ + Utils::UniqueReadGuard infoGuard(this->permPolicySetLock_); + + std::vector invaildPermList = {}; + info.append(R"( "permStateList": [)"); + info.append("\n"); + for (auto iter = permStateList_.begin(); iter != permStateList_.end(); iter++) { + if (!PermissionDefinitionCache::GetInstance().HasDefinition(iter->permissionName)) { + invaildPermList.emplace_back(iter->permissionName); + continue; + } + PermStateFullToString(*iter, info); + if (iter != (permStateList_.end() - 1)) { + info.append(",\n"); + } + } + info.append("\n ]\n"); + + if (invaildPermList.size() == 0) { + return; + } + + info.append(R"( "invaildPermList": [)"); + info.append("\n"); + for (auto iter = invaildPermList.begin(); iter != invaildPermList.end(); iter++) { + info.append(R"( "permissionName": ")" + *iter + R"(")" + ",\n"); + } + info.append("\n ]\n"); +} + } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index 2607d550f..b1ebfed38 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -283,15 +283,15 @@ int AccessTokenManagerService::GetHapTokenInfoFromRemote(AccessTokenID tokenID, hapSyncParcel.hapTokenInfoForSyncParams); } -int AccessTokenManagerService::GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes) +int AccessTokenManagerService::GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__); - std::vector nativeVec; + std::vector nativeVec; AccessTokenInfoManager::GetInstance().GetAllNativeTokenInfo(nativeVec); for (auto& native : nativeVec) { - NativeTokenInfoParcel nativeParcel; - nativeParcel.nativeTokenInfoParams = native; + NativeTokenInfoForSyncParcel nativeParcel; + nativeParcel.nativeTokenInfoForSyncParams = native; nativeTokenInfosRes.emplace_back(nativeParcel); } @@ -308,14 +308,14 @@ int AccessTokenManagerService::SetRemoteHapTokenInfo(const std::string& deviceID } int AccessTokenManagerService::SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoParcel) + std::vector& nativeTokenInfoForSyncParcel) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, deviceID: %{public}s", __func__, deviceID.c_str()); - std::vector nativeList; + std::vector nativeList; - for (auto& nativeParcel : nativeTokenInfoParcel) { - nativeList.emplace_back(nativeParcel.nativeTokenInfoParams); + for (auto& nativeParcel : nativeTokenInfoForSyncParcel) { + nativeList.emplace_back(nativeParcel.nativeTokenInfoForSyncParams); } return AccessTokenInfoManager::GetInstance().SetRemoteNativeTokenInfo(deviceID, nativeList); diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp index 86b58819a..6452f8449 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp @@ -344,7 +344,7 @@ void AccessTokenManagerStub::GetAllNativeTokenInfoInner(MessageParcel& data, Mes reply.WriteInt32(RET_FAILED); return; } - std::vector nativeTokenInfosRes; + std::vector nativeTokenInfosRes; int result = this->GetAllNativeTokenInfo(nativeTokenInfosRes); reply.WriteUint32(nativeTokenInfosRes.size()); for (auto native : nativeTokenInfosRes) { @@ -380,7 +380,7 @@ void AccessTokenManagerStub::SetRemoteNativeTokenInfoInner(MessageParcel& data, } std::string deviceID = data.ReadString(); - std::vector nativeTokenInfoParcel; + std::vector nativeParcelList; uint32_t size = data.ReadUint32(); if (size > MAX_NATIVE_TOKEN_INFO_SIZE) { ACCESSTOKEN_LOG_ERROR(LABEL, "size %{public}u is invalid", size); @@ -388,16 +388,16 @@ void AccessTokenManagerStub::SetRemoteNativeTokenInfoInner(MessageParcel& data, return; } for (uint32_t i = 0; i < size; i++) { - sptr nativeParcel = data.ReadParcelable(); + sptr nativeParcel = data.ReadParcelable(); if (nativeParcel == nullptr) { ACCESSTOKEN_LOG_ERROR(LABEL, "nativeParcel read faild"); reply.WriteInt32(RET_FAILED); return; } - nativeTokenInfoParcel.emplace_back(*nativeParcel); + nativeParcelList.emplace_back(*nativeParcel); } - int result = this->SetRemoteNativeTokenInfo(deviceID, nativeTokenInfoParcel); + int result = this->SetRemoteNativeTokenInfo(deviceID, nativeParcelList); reply.WriteInt32(result); } diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index 5c0235ccd..97fdf5ddb 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -78,30 +78,30 @@ void AccessTokenInfoManager::InitHapTokenInfos() AccessTokenID tokenId = (AccessTokenID)tokenValue.GetInt(FIELD_TOKEN_ID); int ret = AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_HAP); if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}x add id failed.", tokenId); + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}u add id failed.", tokenId); continue; } std::shared_ptr hap = std::make_shared(); if (hap == nullptr) { AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); - ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}x alloc failed.", tokenId); + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}u alloc failed.", tokenId); continue; } ret = hap->RestoreHapTokenInfo(tokenId, tokenValue, permDefRes, permStateRes); if (ret != RET_SUCCESS) { AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); - ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}x restore failed.", tokenId); + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}u restore failed.", tokenId); continue; } ret = AddHapTokenInfo(hap); if (ret != RET_SUCCESS) { AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); - ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}x add failed.", tokenId); + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}u add failed.", tokenId); continue; } ACCESSTOKEN_LOG_INFO(LABEL, - " restore hap token 0x%{public}x bundle name %{public}s user %{public}d inst %{public}d ok!", + " restore hap token 0x%{public}u bundle name %{public}s user %{public}d inst %{public}d ok!", tokenId, hap->GetBundleName().c_str(), hap->GetUserID(), hap->GetInstIndex()); } } @@ -109,36 +109,39 @@ void AccessTokenInfoManager::InitHapTokenInfos() void AccessTokenInfoManager::InitNativeTokenInfos() { std::vector nativeTokenResults; + std::vector permStateRes; + DataStorage::GetRealDataStorage().Find(DataStorage::ACCESSTOKEN_NATIVE_INFO, nativeTokenResults); + DataStorage::GetRealDataStorage().Find(DataStorage::ACCESSTOKEN_PERMISSION_STATE, permStateRes); for (GenericValues nativeTokenValue : nativeTokenResults) { AccessTokenID tokenId = (AccessTokenID)nativeTokenValue.GetInt(FIELD_TOKEN_ID); int ret = AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_NATIVE); if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}x add failed.", tokenId); + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}u add failed.", tokenId); continue; } std::shared_ptr native = std::make_shared(); if (native == nullptr) { AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); - ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}x alloc failed.", tokenId); + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}u alloc failed.", tokenId); continue; } - ret = native->RestoreNativeTokenInfo(tokenId, nativeTokenValue); + ret = native->RestoreNativeTokenInfo(tokenId, nativeTokenValue, permStateRes); if (ret != RET_SUCCESS) { AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); - ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}x restore failed.", tokenId); + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}u restore failed.", tokenId); continue; } ret = AddNativeTokenInfo(native); if (ret != RET_SUCCESS) { AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); - ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}x add failed.", tokenId); + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}u add failed.", tokenId); continue; } ACCESSTOKEN_LOG_INFO(LABEL, - "restore native token 0x%{public}x process name %{public}s ok!", + "restore native token 0x%{public}u process name %{public}s ok!", tokenId, native->GetProcessName().c_str()); } } @@ -168,14 +171,14 @@ int AccessTokenInfoManager::AddHapTokenInfo(const std::shared_ptr infoGuard(this->hapTokenInfoLock_); if (hapTokenInfoMap_.count(id) > 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "token %{public}x info has exist.", id); + ACCESSTOKEN_LOG_ERROR(LABEL, "token %{public}u info has exist.", id); return RET_FAILED; } if (!info->IsRemote()) { std::string HapUniqueKey = GetHapUniqueStr(info); if (hapTokenIdMap_.count(HapUniqueKey) > 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "token %{public}x Unique info has exist.", id); + ACCESSTOKEN_LOG_ERROR(LABEL, "token %{public}u Unique info has exist.", id); return RET_FAILED; } hapTokenIdMap_[HapUniqueKey] = id; @@ -200,17 +203,19 @@ int AccessTokenInfoManager::AddNativeTokenInfo(const std::shared_ptr infoGuard(this->nativeTokenInfoLock_); if (nativeTokenInfoMap_.count(id) > 0) { ACCESSTOKEN_LOG_ERROR( - LABEL, "token %{public}x has exist.", id); + LABEL, "token %{public}u has exist.", id); return RET_FAILED; } if (!info->IsRemote()) { if (nativeTokenIdMap_.count(processName) > 0) { ACCESSTOKEN_LOG_ERROR( - LABEL, "token %{public}x process name %{public}s has exist.", id, processName.c_str()); + LABEL, "token %{public}u process name %{public}s has exist.", id, processName.c_str()); return RET_FAILED; } nativeTokenIdMap_[processName] = id; } + + ACCESSTOKEN_LOG_INFO(LABEL, "token info is added %{public}u.", id); nativeTokenInfoMap_[id] = info; return RET_SUCCESS; @@ -221,7 +226,7 @@ std::shared_ptr AccessTokenInfoManager::GetHapTokenInfoInner( Utils::UniqueReadGuard infoGuard(this->hapTokenInfoLock_); if (hapTokenInfoMap_.count(id) == 0) { ACCESSTOKEN_LOG_ERROR( - LABEL, "token %{public}x is invalid.", id); + LABEL, "token %{public}u is invalid.", id); return nullptr; } return hapTokenInfoMap_[id]; @@ -232,7 +237,7 @@ int AccessTokenInfoManager::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& std::shared_ptr infoPtr = GetHapTokenInfoInner(tokenID); if (infoPtr == nullptr) { ACCESSTOKEN_LOG_ERROR( - LABEL, "token %{public}x is invalid.", tokenID); + LABEL, "token %{public}u is invalid.", tokenID); return RET_FAILED; } infoPtr->TranslateToHapTokenInfo(InfoParcel); @@ -244,7 +249,7 @@ std::shared_ptr AccessTokenInfoManager::GetHapPermissionPol std::shared_ptr infoPtr = GetHapTokenInfoInner(id); if (infoPtr == nullptr) { ACCESSTOKEN_LOG_ERROR( - LABEL, "token %{public}x is invalid.", id); + LABEL, "token %{public}u is invalid.", id); return nullptr; } return infoPtr->GetHapInfoPermissionPolicySet(); @@ -255,7 +260,7 @@ std::shared_ptr AccessTokenInfoManager::GetNativeTokenInfo Utils::UniqueReadGuard infoGuard(this->nativeTokenInfoLock_); if (nativeTokenInfoMap_.count(id) == 0) { ACCESSTOKEN_LOG_ERROR( - LABEL, "token %{public}x is invalid.", id); + LABEL, "token %{public}u is invalid.", id); return nullptr; } return nativeTokenInfoMap_[id]; @@ -266,7 +271,7 @@ int AccessTokenInfoManager::GetNativeTokenInfo(AccessTokenID tokenID, NativeToke std::shared_ptr infoPtr = GetNativeTokenInfoInner(tokenID); if (infoPtr == nullptr) { ACCESSTOKEN_LOG_ERROR( - LABEL, "token %{public}x is invalid.", tokenID); + LABEL, "token %{public}u is invalid.", tokenID); return RET_FAILED; } @@ -274,12 +279,23 @@ int AccessTokenInfoManager::GetNativeTokenInfo(AccessTokenID tokenID, NativeToke return RET_SUCCESS; } +std::shared_ptr AccessTokenInfoManager::GetNativePermissionPolicySet(AccessTokenID id) +{ + std::shared_ptr infoPtr = GetNativeTokenInfoInner(id); + if (infoPtr == nullptr) { + ACCESSTOKEN_LOG_ERROR( + LABEL, "token %{public}u is invalid.", id); + return nullptr; + } + return infoPtr->GetNativeInfoPermissionPolicySet(); +} + int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id) { ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdType(id); if (type != TOKEN_HAP) { ACCESSTOKEN_LOG_ERROR( - LABEL, "token %{public}x is not hap.", id); + LABEL, "token %{public}u is not hap.", id); return RET_FAILED; } @@ -288,17 +304,17 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id) { Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); if (hapTokenInfoMap_.count(id) == 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "hap token %{public}x no exist.", id); + ACCESSTOKEN_LOG_ERROR(LABEL, "hap token %{public}u no exist.", id); return RET_FAILED; } const std::shared_ptr info = hapTokenInfoMap_[id]; if (info == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "hap token %{public}x is null.", id); + ACCESSTOKEN_LOG_ERROR(LABEL, "hap token %{public}u is null.", id); return RET_FAILED; } if (info->IsRemote()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "remote hap token %{public}x can not delete.", id); + ACCESSTOKEN_LOG_ERROR(LABEL, "remote hap token %{public}u can not delete.", id); return RET_FAILED; } std::string HapUniqueKey = GetHapUniqueStr(info); @@ -309,7 +325,7 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id) } AccessTokenIDManager::GetInstance().ReleaseTokenId(id); - ACCESSTOKEN_LOG_INFO(LABEL, "remove hap token 0x%{public}x ok!", id); + ACCESSTOKEN_LOG_INFO(LABEL, "remove hap token 0x%{public}u ok!", id); RefreshTokenInfoIfNeeded(); #ifdef TOKEN_SYNC_ENABLE TokenModifyNotifier::GetInstance().NotifyTokenDelete(id); @@ -323,7 +339,7 @@ int AccessTokenInfoManager::RemoveNativeTokenInfo(AccessTokenID id) ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdType(id); if (type != TOKEN_NATIVE) { ACCESSTOKEN_LOG_ERROR( - LABEL, "token %{public}x is not hap.", id); + LABEL, "token %{public}u is not hap.", id); return RET_FAILED; } @@ -331,13 +347,13 @@ int AccessTokenInfoManager::RemoveNativeTokenInfo(AccessTokenID id) { Utils::UniqueWriteGuard infoGuard(this->nativeTokenInfoLock_); if (nativeTokenInfoMap_.count(id) == 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "native token %{public}x is null.", id); + ACCESSTOKEN_LOG_ERROR(LABEL, "native token %{public}u is null.", id); return RET_FAILED; } std::shared_ptr info = nativeTokenInfoMap_[id]; if (info->IsRemote()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "remote native token %{public}x can not delete.", id); + ACCESSTOKEN_LOG_ERROR(LABEL, "remote native token %{public}u can not delete.", id); return RET_FAILED; } std::string processName = nativeTokenInfoMap_[id]->GetProcessName(); @@ -347,7 +363,7 @@ int AccessTokenInfoManager::RemoveNativeTokenInfo(AccessTokenID id) nativeTokenInfoMap_.erase(id); } AccessTokenIDManager::GetInstance().ReleaseTokenId(id); - ACCESSTOKEN_LOG_INFO(LABEL, "remove native token 0x%{public}x ok!", id); + ACCESSTOKEN_LOG_INFO(LABEL, "remove native token 0x%{public}u ok!", id); if (!isRemote) { RefreshTokenInfoIfNeeded(); } @@ -383,7 +399,7 @@ int AccessTokenInfoManager::CreateHapTokenInfo( return RET_FAILED; } ACCESSTOKEN_LOG_INFO(LABEL, - "create hap token 0x%{public}x bundle name %{public}s user %{public}d inst %{public}d ok!", + "create hap token 0x%{public}u bundle name %{public}s user %{public}d inst %{public}d ok!", tokenId, tokenInfo->GetBundleName().c_str(), tokenInfo->GetUserID(), tokenInfo->GetInstIndex()); tokenIdEx.tokenIdExStruct.tokenID = tokenId; @@ -397,7 +413,7 @@ int AccessTokenInfoManager::CheckNativeDCap(AccessTokenID tokenID, const std::st std::shared_ptr infoPtr = GetNativeTokenInfoInner(tokenID); if (infoPtr == nullptr) { ACCESSTOKEN_LOG_ERROR( - LABEL, "token %{public}x is invalid.", tokenID); + LABEL, "token %{public}u is invalid.", tokenID); return RET_FAILED; } @@ -469,7 +485,7 @@ void AccessTokenInfoManager::ProcessNativeTokenInfos( bool isUpdated = TryUpdateExistNativeToken(infoPtr); if (!isUpdated) { ACCESSTOKEN_LOG_INFO(LABEL, - "token 0x%{public}x process name %{public}s is new, add to manager!", + "token 0x%{public}u process name %{public}s is new, add to manager!", infoPtr->GetTokenID(), infoPtr->GetProcessName().c_str()); AccessTokenID id = infoPtr->GetTokenID(); int ret = AccessTokenIDManager::GetInstance().RegisterTokenId(id, TOKEN_NATIVE); @@ -481,7 +497,7 @@ void AccessTokenInfoManager::ProcessNativeTokenInfos( if (ret != RET_SUCCESS) { AccessTokenIDManager::GetInstance().ReleaseTokenId(id); ACCESSTOKEN_LOG_ERROR(LABEL, - "token 0x%{public}x process name %{public}s add to manager failed!", + "token 0x%{public}u process name %{public}s add to manager failed!", infoPtr->GetTokenID(), infoPtr->GetProcessName().c_str()); } } @@ -493,17 +509,17 @@ int AccessTokenInfoManager::UpdateHapToken(AccessTokenID tokenID, const std::string& appIDDesc, const HapPolicyParams& policy) { if (!DataValidator::IsAppIDDescValid(appIDDesc)) { - ACCESSTOKEN_LOG_INFO(LABEL, "token 0x%{public}x parm format error!", tokenID); + ACCESSTOKEN_LOG_INFO(LABEL, "token 0x%{public}u parm format error!", tokenID); return RET_FAILED; } std::shared_ptr infoPtr = GetHapTokenInfoInner(tokenID); if (infoPtr == nullptr) { - ACCESSTOKEN_LOG_INFO(LABEL, "token 0x%{public}x is null, can not update!", tokenID); + ACCESSTOKEN_LOG_INFO(LABEL, "token 0x%{public}u is null, can not update!", tokenID); return RET_FAILED; } if (infoPtr->IsRemote()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "remote hap token 0x%{public}x can not update!", tokenID); + ACCESSTOKEN_LOG_ERROR(LABEL, "remote hap token 0x%{public}u can not update!", tokenID); return RET_FAILED; } @@ -511,7 +527,7 @@ int AccessTokenInfoManager::UpdateHapToken(AccessTokenID tokenID, Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); infoPtr->Update(appIDDesc, policy); ACCESSTOKEN_LOG_INFO(LABEL, - "token 0x%{public}x bundle name %{public}s user %{public}d inst %{public}d update ok!", + "token 0x%{public}u bundle name %{public}s user %{public}d inst %{public}d update ok!", tokenID, infoPtr->GetBundleName().c_str(), infoPtr->GetUserID(), infoPtr->GetInstIndex()); } @@ -529,14 +545,14 @@ int AccessTokenInfoManager::GetHapTokenSync(AccessTokenID tokenID, HapTokenInfoF std::shared_ptr infoPtr = GetHapTokenInfoInner(tokenID); if (infoPtr == nullptr || infoPtr->IsRemote()) { ACCESSTOKEN_LOG_ERROR( - LABEL, "token %{public}x is invalid.", tokenID); + LABEL, "token %{public}u is invalid.", tokenID); return RET_FAILED; } hapSync.baseInfo = infoPtr->GetHapInfoBasic(); std::shared_ptr permSetPtr = infoPtr->GetHapInfoPermissionPolicySet(); if (permSetPtr == nullptr) { ACCESSTOKEN_LOG_ERROR( - LABEL, "token %{public}x permSet is invalid.", tokenID); + LABEL, "token %{public}u permSet is invalid.", tokenID); return RET_FAILED; } permSetPtr->GetPermissionStateList(hapSync.permStateList); @@ -551,7 +567,8 @@ int AccessTokenInfoManager::GetHapTokenInfoFromRemote(AccessTokenID tokenID, return ret; } -void AccessTokenInfoManager::GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes) +void AccessTokenInfoManager::GetAllNativeTokenInfo( + std::vector& nativeTokenInfosRes) { Utils::UniqueReadGuard infoGuard(this->nativeTokenInfoLock_); for (auto nativeTokenInner : nativeTokenInfoMap_) { @@ -560,8 +577,18 @@ void AccessTokenInfoManager::GetAllNativeTokenInfo(std::vector& || nativeTokenInnerPtr->GetDcap().size() <= 0) { continue; } - NativeTokenInfo token; - nativeTokenInnerPtr->TranslateToNativeTokenInfo(token); + NativeTokenInfoForSync token; + nativeTokenInnerPtr->TranslateToNativeTokenInfo(token.baseInfo); + + std::shared_ptr permSetPtr = + nativeTokenInnerPtr->GetNativeInfoPermissionPolicySet(); + if (permSetPtr == nullptr) { + ACCESSTOKEN_LOG_ERROR( + LABEL, "token %{public}u permSet is invalid.", token.baseInfo.tokenID); + return; + } + permSetPtr->GetPermissionStateList(token.permStateList); + nativeTokenInfosRes.emplace_back(token); } return; @@ -571,7 +598,7 @@ int AccessTokenInfoManager::UpdateRemoteHapTokenInfo(AccessTokenID mapID, HapTok { std::shared_ptr infoPtr = GetHapTokenInfoInner(mapID); if (infoPtr == nullptr || !infoPtr->IsRemote()) { - ACCESSTOKEN_LOG_INFO(LABEL, "token 0x%{public}x is null or not remote, can not update!", mapID); + ACCESSTOKEN_LOG_INFO(LABEL, "token 0x%{public}u is null or not remote, can not update!", mapID); return RET_FAILED; } @@ -624,7 +651,7 @@ int AccessTokenInfoManager::SetRemoteHapTokenInfo(const std::string& deviceID, H AccessTokenID remoteID = hapSync.baseInfo.tokenID; AccessTokenID mapID = AccessTokenRemoteTokenManager::GetInstance().GetDeviceMappingTokenID(deviceID, remoteID); if (mapID != 0) { - ACCESSTOKEN_LOG_INFO(LABEL, "device %{public}s token %{public}x update exist remote hap token %{public}x.", + ACCESSTOKEN_LOG_INFO(LABEL, "device %{public}s token %{public}u update exist remote hap token %{public}u.", deviceID.c_str(), remoteID, mapID); // update remote token mapping id hapSync.baseInfo.tokenID = mapID; @@ -635,7 +662,7 @@ int AccessTokenInfoManager::SetRemoteHapTokenInfo(const std::string& deviceID, H mapID = AccessTokenRemoteTokenManager::GetInstance().MapRemoteDeviceTokenToLocal(deviceID, remoteID); if (mapID == 0) { ACCESSTOKEN_LOG_ERROR( - LABEL, "device %{public}s token %{public}x map failed.", deviceID.c_str(), remoteID); + LABEL, "device %{public}s token %{public}u map failed.", deviceID.c_str(), remoteID); return RET_FAILED; } @@ -645,38 +672,41 @@ int AccessTokenInfoManager::SetRemoteHapTokenInfo(const std::string& deviceID, H if (CreateRemoteHapTokenInfo(mapID, hapSync) == RET_FAILED) { AccessTokenRemoteTokenManager::GetInstance().RemoveDeviceMappingTokenID(deviceID, mapID); - ACCESSTOKEN_LOG_INFO(LABEL, "device %{public}s token %{public}x map to local token %{public}x failed.", + ACCESSTOKEN_LOG_INFO(LABEL, "device %{public}s token %{public}u map to local token %{public}u failed.", deviceID.c_str(), remoteID, mapID); return RET_FAILED; } - ACCESSTOKEN_LOG_INFO(LABEL, "device %{public}s token %{public}x map to local token %{public}x success.", + ACCESSTOKEN_LOG_INFO(LABEL, "device %{public}s token %{public}u map to local token %{public}u success.", deviceID.c_str(), remoteID, mapID); return RET_SUCCESS; } int AccessTokenInfoManager::SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoList) + std::vector& nativeTokenInfoList) { if (!DataValidator::IsDeviceIdValid(deviceID)) { ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s parms invalid", deviceID.c_str()); return RET_FAILED; } - for (NativeTokenInfo& nativeToken : nativeTokenInfoList) { - if (!DataValidator::IsAplNumValid(nativeToken.apl) || nativeToken.ver != DEFAULT_TOKEN_VERSION - || !DataValidator::IsProcessNameValid(nativeToken.processName) || nativeToken.dcap.size() <= 0 - || AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(nativeToken.tokenID) != TOKEN_NATIVE) { + for (NativeTokenInfoForSync& nativeToken : nativeTokenInfoList) { + if (!DataValidator::IsAplNumValid(nativeToken.baseInfo.apl) || + nativeToken.baseInfo.ver != DEFAULT_TOKEN_VERSION || + !DataValidator::IsProcessNameValid(nativeToken.baseInfo.processName) || + nativeToken.baseInfo.dcap.size() <= 0 || + AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(nativeToken.baseInfo.tokenID) != TOKEN_NATIVE) { ACCESSTOKEN_LOG_ERROR( - LABEL, "device %{public}s token %{public}x is invalid.", deviceID.c_str(), nativeToken.tokenID); + LABEL, "device %{public}s token %{public}u is invalid.", + deviceID.c_str(), nativeToken.baseInfo.tokenID); continue; } - AccessTokenID remoteID = nativeToken.tokenID; + AccessTokenID remoteID = nativeToken.baseInfo.tokenID; AccessTokenID mapID = AccessTokenRemoteTokenManager::GetInstance().GetDeviceMappingTokenID(deviceID, remoteID); if (mapID != 0) { ACCESSTOKEN_LOG_ERROR( - LABEL, "device %{public}s token %{public}x has maped, no need update it.", - deviceID.c_str(), nativeToken.tokenID); + LABEL, "device %{public}s token %{public}u has maped, no need update it.", + deviceID.c_str(), nativeToken.baseInfo.tokenID); continue; } @@ -684,18 +714,19 @@ int AccessTokenInfoManager::SetRemoteNativeTokenInfo(const std::string& deviceID if (mapID == 0) { AccessTokenRemoteTokenManager::GetInstance().RemoveDeviceMappingTokenID(deviceID, mapID); ACCESSTOKEN_LOG_ERROR( - LABEL, "device %{public}s token %{public}x map failed.", + LABEL, "device %{public}s token %{public}u map failed.", deviceID.c_str(), remoteID); continue; } - nativeToken.tokenID = mapID; - ACCESSTOKEN_LOG_INFO(LABEL, "device %{public}s token %{public}x map to local token %{public}x.", + nativeToken.baseInfo.tokenID = mapID; + ACCESSTOKEN_LOG_INFO(LABEL, "device %{public}s token %{public}u map to local token %{public}u.", deviceID.c_str(), remoteID, mapID); - std::shared_ptr nativePtr = std::make_shared(nativeToken); + std::shared_ptr nativePtr = + std::make_shared(nativeToken.baseInfo, nativeToken.permStateList); if (nativePtr == nullptr) { AccessTokenRemoteTokenManager::GetInstance().RemoveDeviceMappingTokenID(deviceID, mapID); - ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s tokenId 0x%{public}x alloc local token failed.", + ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s tokenId 0x%{public}u alloc local token failed.", deviceID.c_str(), remoteID); continue; } @@ -703,11 +734,11 @@ int AccessTokenInfoManager::SetRemoteNativeTokenInfo(const std::string& deviceID int ret = AddNativeTokenInfo(nativePtr); if (ret != RET_SUCCESS) { AccessTokenRemoteTokenManager::GetInstance().RemoveDeviceMappingTokenID(deviceID, mapID); - ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s tokenId 0x%{public}x add local token failed.", + ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s tokenId 0x%{public}u add local token failed.", deviceID.c_str(), remoteID); continue; } - ACCESSTOKEN_LOG_INFO(LABEL, "device %{public}s token %{public}x map token %{public}x add success.", + ACCESSTOKEN_LOG_INFO(LABEL, "device %{public}s token %{public}u map token %{public}u add success.", deviceID.c_str(), remoteID, mapID); } @@ -722,7 +753,7 @@ int AccessTokenInfoManager::DeleteRemoteToken(const std::string& deviceID, Acces } AccessTokenID mapID = AccessTokenRemoteTokenManager::GetInstance().GetDeviceMappingTokenID(deviceID, tokenID); if (mapID == 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s tokenId 0x%{public}x is not mapped", + ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s tokenId 0x%{public}u is not mapped", deviceID.c_str(), tokenID); return RET_FAILED; } @@ -731,7 +762,7 @@ int AccessTokenInfoManager::DeleteRemoteToken(const std::string& deviceID, Acces if (type == TOKEN_HAP) { Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); if (hapTokenInfoMap_.count(mapID) == 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "hap token %{public}x no exist.", mapID); + ACCESSTOKEN_LOG_ERROR(LABEL, "hap token %{public}u no exist.", mapID); return RET_FAILED; } hapTokenInfoMap_.erase(mapID); @@ -739,12 +770,12 @@ int AccessTokenInfoManager::DeleteRemoteToken(const std::string& deviceID, Acces Utils::UniqueWriteGuard infoGuard(this->nativeTokenInfoLock_); if (nativeTokenInfoMap_.count(mapID) == 0) { ACCESSTOKEN_LOG_ERROR( - LABEL, "native token %{public}x is null.", mapID); + LABEL, "native token %{public}u is null.", mapID); return RET_FAILED; } nativeTokenInfoMap_.erase(mapID); } else { - ACCESSTOKEN_LOG_ERROR(LABEL, "mapping tokenId 0x%{public}x type is unknown", mapID); + ACCESSTOKEN_LOG_ERROR(LABEL, "mapping tokenId 0x%{public}u type is unknown", mapID); } return AccessTokenRemoteTokenManager::GetInstance().RemoveDeviceMappingTokenID(deviceID, tokenID); @@ -792,7 +823,7 @@ AccessTokenID AccessTokenInfoManager::AllocLocalTokenID(const std::string& remot } int ret = TokenSyncKit::GetRemoteHapTokenInfo(remoteDeviceID, remoteTokenID); if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s token %{public}x sync failed", + ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s token %{public}u sync failed", remoteDeviceID.c_str(), remoteTokenID); return 0; } @@ -833,7 +864,7 @@ void AccessTokenInfoManager::StoreAllTokenInfo() Utils::UniqueReadGuard infoGuard(this->nativeTokenInfoLock_); for (auto iter = nativeTokenInfoMap_.begin(); iter != nativeTokenInfoMap_.end(); iter++) { if (iter->second != nullptr) { - iter->second->StoreNativeInfo(nativeTokenValues); + iter->second->StoreNativeInfo(nativeTokenValues, permStateValues); } } } diff --git a/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp b/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp index 0f85b2e7b..e1588ec9b 100644 --- a/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp @@ -37,35 +37,44 @@ NativeTokenInfoInner::NativeTokenInfoInner() : isRemote_(false) tokenInfoBasic_.apl = APL_NORMAL; } -NativeTokenInfoInner::NativeTokenInfoInner(NativeTokenInfo& native) : isRemote_(false) +NativeTokenInfoInner::NativeTokenInfoInner(NativeTokenInfo& native, + const std::vector& permStateList) : isRemote_(false) { tokenInfoBasic_ = native; + std::vector permDefList = {}; + permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(native.tokenID, + permDefList, permStateList); } NativeTokenInfoInner::~NativeTokenInfoInner() { ACCESSTOKEN_LOG_DEBUG(LABEL, - "tokenID: 0x%{public}x destruction", tokenInfoBasic_.tokenID); + "tokenID: %{public}u destruction", tokenInfoBasic_.tokenID); } int NativeTokenInfoInner::Init(AccessTokenID id, const std::string& processName, - int apl, const std::vector& dcap) + int apl, const std::vector& dcap, + const std::vector &permStateList) { tokenInfoBasic_.tokenID = id; if (!DataValidator::IsProcessNameValid(processName)) { ACCESSTOKEN_LOG_ERROR(LABEL, - "tokenID: 0x%{public}x process name is null", tokenInfoBasic_.tokenID); + "tokenID: %{public}u process name is null", tokenInfoBasic_.tokenID); return RET_FAILED; } tokenInfoBasic_.processName = processName; if (!DataValidator::IsAplNumValid(apl)) { ACCESSTOKEN_LOG_ERROR(LABEL, - "tokenID: 0x%{public}x init failed, apl %{public}d is invalid", + "tokenID: %{public}u init failed, apl %{public}d is invalid", tokenInfoBasic_.tokenID, apl); return RET_FAILED; } tokenInfoBasic_.apl = (ATokenAplEnum)apl; tokenInfoBasic_.dcap = dcap; + + std::vector permDefList = {}; + permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(id, + permDefList, permStateList); return RET_SUCCESS; } @@ -93,19 +102,20 @@ int NativeTokenInfoInner::TranslationIntoGenericValues(GenericValues& outGeneric return RET_SUCCESS; } -int NativeTokenInfoInner::RestoreNativeTokenInfo(AccessTokenID tokenId, const GenericValues& inGenericValues) +int NativeTokenInfoInner::RestoreNativeTokenInfo(AccessTokenID tokenId, const GenericValues& inGenericValues, + const std::vector& permStateRes) { tokenInfoBasic_.tokenID = tokenId; tokenInfoBasic_.processName = inGenericValues.GetString(FIELD_PROCESS_NAME); if (!DataValidator::IsProcessNameValid(tokenInfoBasic_.processName)) { ACCESSTOKEN_LOG_ERROR(LABEL, - "tokenID: 0x%{public}x process name is null", tokenInfoBasic_.tokenID); + "tokenID: %{public}u process name is null", tokenInfoBasic_.tokenID); return RET_FAILED; } int aplNum = inGenericValues.GetInt(FIELD_APL); if (!DataValidator::IsAplNumValid(aplNum)) { ACCESSTOKEN_LOG_ERROR(LABEL, - "tokenID: 0x%{public}x apl is error, value %{public}d", + "tokenID: %{public}u apl is error, value %{public}d", tokenInfoBasic_.tokenID, aplNum); return RET_FAILED; } @@ -113,13 +123,17 @@ int NativeTokenInfoInner::RestoreNativeTokenInfo(AccessTokenID tokenId, const Ge tokenInfoBasic_.ver = (char)inGenericValues.GetInt(FIELD_TOKEN_VERSION); if (tokenInfoBasic_.ver != DEFAULT_TOKEN_VERSION) { ACCESSTOKEN_LOG_ERROR(LABEL, - "tokenID: 0x%{public}x version is error, version %{public}d", + "tokenID: %{public}u version is error, version %{public}d", tokenInfoBasic_.tokenID, tokenInfoBasic_.ver); return RET_FAILED; } SetDcaps(inGenericValues.GetString(FIELD_DCAP)); tokenInfoBasic_.tokenAttr = (uint32_t)inGenericValues.GetInt(FIELD_TOKEN_ATTR); + + std::vector permDefRes = {}; + permPolicySet_ = PermissionPolicySet::RestorePermissionPolicy(tokenId, + permDefRes, permStateRes); return RET_SUCCESS; } @@ -133,7 +147,8 @@ void NativeTokenInfoInner::TranslateToNativeTokenInfo(NativeTokenInfo& InfoParce InfoParcel.tokenAttr = tokenInfoBasic_.tokenAttr; } -void NativeTokenInfoInner::StoreNativeInfo(std::vector& valueList) const +void NativeTokenInfoInner::StoreNativeInfo(std::vector& valueList, + std::vector& permStateValues) const { if (isRemote_) { return; @@ -141,6 +156,11 @@ void NativeTokenInfoInner::StoreNativeInfo(std::vector& valueList GenericValues genericValues; TranslationIntoGenericValues(genericValues); valueList.emplace_back(genericValues); + + if (permPolicySet_ != nullptr) { + std::vector permDefValues; + permPolicySet_->StorePermissionPolicySet(permDefValues, permStateValues); + } } AccessTokenID NativeTokenInfoInner::GetTokenID() const @@ -158,6 +178,11 @@ std::string NativeTokenInfoInner::GetProcessName() const return tokenInfoBasic_.processName; } +std::shared_ptr NativeTokenInfoInner::GetNativeInfoPermissionPolicySet() const +{ + return permPolicySet_; +} + bool NativeTokenInfoInner::IsRemote() const { return isRemote_; @@ -193,6 +218,9 @@ void NativeTokenInfoInner::ToString(std::string& info) const info.append(R"( "apl": )" + std::to_string(tokenInfoBasic_.apl) + ",\n"); info.append(R"( "dcap": ")" + DcapToString(tokenInfoBasic_.dcap) + R"(")" + ",\n"); info.append(R"( "isRemote": )" + std::to_string(isRemote_? 1 : 0) + ",\n"); + if (permPolicySet_ != nullptr) { + permPolicySet_->PermStateToString(info); + } info.append("}"); } } // namespace AccessToken diff --git a/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp b/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp index 7fef139d9..995b7a1d6 100644 --- a/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp @@ -32,6 +32,29 @@ namespace { static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "NativeTokenReceptor"}; } +int32_t NativeReqPermsGet( + const nlohmann::json& j, std::vector &permStateList) +{ + std::vector permReqList; + if (j.find(JSON_PERMS) == j.end()) { + return RET_FAILED; + } + permReqList = j.at(JSON_PERMS).get>(); + if (permReqList.size() > MAX_REQ_PERM_NUM) { + return RET_FAILED; + } + for (auto permReq : permReqList) { + PermissionStateFull permState; + permState.permissionName = permReq; + permState.isGeneral = 1; + permState.resDeviceID.push_back(""); + permState.grantStatus.push_back(PERMISSION_GRANTED); + permState.grantFlags.push_back(PERMISSION_SYSTEM_FIXED); + permStateList.push_back(permState); + } + return RET_SUCCESS; +} + // nlohmann json need the function named from_json to parse NativeTokenInfo void from_json(const nlohmann::json& j, std::shared_ptr& p) { @@ -89,7 +112,13 @@ void from_json(const nlohmann::json& j, std::shared_ptr& p } else { return; } - p = std::make_shared(native); + + std::vector permStateList; + if (NativeReqPermsGet(j, permStateList) != RET_SUCCESS) { + return; + } + + p = std::make_shared(native, permStateList); } int32_t NativeTokenReceptor::ParserNativeRawData(const std::string& nativeRawData, diff --git a/services/accesstokenmanager/test/BUILD.gn b/services/accesstokenmanager/test/BUILD.gn index ae4871cf0..7e60e7224 100644 --- a/services/accesstokenmanager/test/BUILD.gn +++ b/services/accesstokenmanager/test/BUILD.gn @@ -43,6 +43,7 @@ ohos_unittest("libaccesstoken_manager_service_standard_test") { deps = [ "//base/security/access_token/frameworks/accesstoken:accesstoken_communication_adapter_cxx", "//base/security/access_token/frameworks/common:accesstoken_common_cxx", + "//base/security/access_token/interfaces/innerkits/accesstoken:libaccesstoken_sdk", "//base/security/access_token/interfaces/innerkits/nativetoken:libnativetoken", "//base/security/access_token/services/accesstokenmanager/:accesstoken_manager_service", "//third_party/googletest:gtest_main", diff --git a/services/accesstokenmanager/test/unittest/cpp/src/native_token_receptor_test.cpp b/services/accesstokenmanager/test/unittest/cpp/src/native_token_receptor_test.cpp index 28218f8f6..7485d16bd 100644 --- a/services/accesstokenmanager/test/unittest/cpp/src/native_token_receptor_test.cpp +++ b/services/accesstokenmanager/test/unittest/cpp/src/native_token_receptor_test.cpp @@ -26,9 +26,11 @@ #include #include "accesstoken_info_manager.h" +#include "accesstoken_kit.h" #include "permission_manager.h" #include "data_storage.h" #include "field_const.h" +#include "permission_state_full.h" #define private public #include "nativetoken_kit.h" #include "native_token_receptor.h" @@ -72,9 +74,9 @@ HWTEST_F(NativeTokenReceptorTest, ParserNativeRawData001, TestSize.Level1) ACCESSTOKEN_LOG_INFO(LABEL, "test ParserNativeRawData001!"); std::string testStr = R"([)"\ R"({"processName":"process6","APL":3,"version":1,"tokenId":685266937,"tokenAttr":0,)"\ - R"("dcaps":["AT_CAP","ST_CAP"]},)"\ + R"("dcaps":["AT_CAP","ST_CAP"], "permissions":[]},)"\ R"({"processName":"process5","APL":3,"version":1,"tokenId":678065606,"tokenAttr":0,)"\ - R"("dcaps":["AT_CAP","ST_CAP"]}])"; + R"("dcaps":["AT_CAP","ST_CAP"], "permissions":[]}])"; NativeTokenReceptor& receptor = NativeTokenReceptor::GetInstance(); std::vector> tokenInfos; @@ -174,7 +176,8 @@ HWTEST_F(NativeTokenReceptorTest, from_json001, TestSize.Level1) {"version", 1}, {"tokenId", 685266937}, {"tokenAttr", 0}, - {"dcaps", {"AT_CAP", "ST_CAP"}}}; + {"dcaps", {"AT_CAP", "ST_CAP"}}, + {"permissions", {"ohos.permission.PLACE_CALL"}}}; std::shared_ptr p; from_json(j, p); ASSERT_NE((p == nullptr), true); @@ -265,7 +268,9 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos001, TestSize.Level1) .tokenAttr = 0, .dcap = {"AT_CAP", "ST_CAP"} }; - std::shared_ptr nativeToken = std::make_shared(info); + + std::vector permStateList = {}; + std::shared_ptr nativeToken = std::make_shared(info, permStateList); tokenInfos.emplace_back(nativeToken); AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); NativeTokenInfo findInfo; @@ -284,6 +289,8 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos001, TestSize.Level1) // get sql data std::vector nativeTokenResults; DataStorage::GetRealDataStorage().Find(DataStorage::ACCESSTOKEN_NATIVE_INFO, nativeTokenResults); + std::vector permStateRes; + DataStorage::GetRealDataStorage().Find(DataStorage::ACCESSTOKEN_PERMISSION_STATE, permStateRes); for (GenericValues nativeTokenValue : nativeTokenResults) { AccessTokenID tokenId = (AccessTokenID)nativeTokenValue.GetInt(FIELD_TOKEN_ID); if (tokenId != info.tokenID) { @@ -292,7 +299,7 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos001, TestSize.Level1) GTEST_LOG_(INFO) <<"apl " << nativeTokenValue.GetInt(FIELD_APL); std::shared_ptr native = std::make_shared(); ASSERT_NE(native, nullptr); - ret = native->RestoreNativeTokenInfo(tokenId, nativeTokenValue); + ret = native->RestoreNativeTokenInfo(tokenId, nativeTokenValue, permStateRes); ASSERT_EQ(ret, RET_SUCCESS); ASSERT_EQ(native->GetTokenID(), info.tokenID); ASSERT_EQ(native->GetProcessName(), info.processName); @@ -332,10 +339,38 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos002, TestSize.Level1) .dcap = {"AT_CAP", "ST_CAP"} }; - std::shared_ptr nativeToken1 = std::make_shared(info1); + PermissionStateFull infoManagerTestState1 = { + .grantFlags = {0}, + .grantStatus = {0}, + .isGeneral = true, + .permissionName = "ohos.permission.ACCESS_PIN_AUTH", + .resDeviceID = {"local"} +}; + + PermissionStateFull infoManagerTestState2 = { + .permissionName = "ohos.permission.MANAGE_USER_IDM", + .isGeneral = true, + .grantFlags = {0, 2}, + .grantStatus = {0, 0}, + .resDeviceID = {"device 1", "device 2"} +}; + + std::vector permStateList = {infoManagerTestState1, infoManagerTestState2}; + std::shared_ptr nativeToken1 = std::make_shared(info1, permStateList); + + std::shared_ptr permPolicySet = + nativeToken1->GetNativeInfoPermissionPolicySet(); + GTEST_LOG_(INFO) <<"permPolicySet: " << permPolicySet; + + std::vector permList; + permPolicySet->GetPermissionStateFulls(permList); + for (auto& perm : permList) { + GTEST_LOG_(INFO) <<"perm.permissionName: " << perm.permissionName; + } + tokenInfos.emplace_back(nativeToken1); - std::shared_ptr nativeToken2 = std::make_shared(info2); + std::shared_ptr nativeToken2 = std::make_shared(info2, permStateList); tokenInfos.emplace_back(nativeToken2); AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); @@ -350,6 +385,13 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos002, TestSize.Level1) ASSERT_EQ(findInfo.tokenAttr, info1.tokenAttr); ASSERT_EQ(findInfo.dcap, info1.dcap); + ret = PermissionManager::GetInstance().VerifyAccessToken(info1.tokenID, "ohos.permission.MANAGE_USER_IDM"); + ASSERT_EQ(ret, PERMISSION_GRANTED); + ret = PermissionManager::GetInstance().VerifyAccessToken(info1.tokenID, "ohos.permission.ACCESS_PIN_AUTH"); + ASSERT_EQ(ret, PERMISSION_GRANTED); + ret = PermissionManager::GetInstance().VerifyAccessToken(info1.tokenID, "ohos.permission.DISCOVER_BLUETOOTH"); + ASSERT_EQ(ret, PERMISSION_DENIED); + ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(info2.tokenID, findInfo); ASSERT_EQ(ret, RET_SUCCESS); ASSERT_EQ(findInfo.apl, info2.apl); @@ -362,6 +404,11 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos002, TestSize.Level1) ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info1.tokenID); ASSERT_EQ(ret, RET_SUCCESS); + ret = PermissionManager::GetInstance().VerifyAccessToken(info2.tokenID, "ohos.permission.MANAGE_USER_IDM"); + ASSERT_EQ(ret, PERMISSION_GRANTED); + ret = PermissionManager::GetInstance().VerifyAccessToken(info2.tokenID, "ohos.permission.ACCESS_PIN_AUTH"); + ASSERT_EQ(ret, PERMISSION_GRANTED); + ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info2.tokenID); ASSERT_EQ(ret, RET_SUCCESS); } @@ -411,11 +458,11 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos004, TestSize.Level1) .tokenAttr = 0, .dcap = {"AT_CAP", "ST_CAP"} }; - - std::shared_ptr nativeToken3 = std::make_shared(info3); + std::vector permStateList = {}; + std::shared_ptr nativeToken3 = std::make_shared(info3, permStateList); tokenInfos.emplace_back(nativeToken3); - std::shared_ptr nativeToken4 = std::make_shared(info4); + std::shared_ptr nativeToken4 = std::make_shared(info4, permStateList); tokenInfos.emplace_back(nativeToken4); AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); @@ -462,11 +509,11 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos005, TestSize.Level1) .tokenAttr = 0, .dcap = {"AT_CAP", "ST_CAP"} }; - - std::shared_ptr nativeToken5 = std::make_shared(info5); + std::vector permStateList = {}; + std::shared_ptr nativeToken5 = std::make_shared(info5, permStateList); tokenInfos.emplace_back(nativeToken5); - std::shared_ptr nativeToken6 = std::make_shared(info6); + std::shared_ptr nativeToken6 = std::make_shared(info6, permStateList); tokenInfos.emplace_back(nativeToken6); AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); @@ -516,11 +563,11 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos006, TestSize.Level1) .tokenAttr = 0, .dcap = {"AT_CAP"} }; - - std::shared_ptr nativeToken7 = std::make_shared(info7); + std::vector permStateList = {}; + std::shared_ptr nativeToken7 = std::make_shared(info7, permStateList); tokenInfos.emplace_back(nativeToken7); - std::shared_ptr nativeToken8 = std::make_shared(info8); + std::shared_ptr nativeToken8 = std::make_shared(info8, permStateList); tokenInfos.emplace_back(nativeToken8); AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); @@ -553,19 +600,25 @@ HWTEST_F(NativeTokenReceptorTest, init001, TestSize.Level1) const char *dcaps[1]; dcaps[0] = "AT_CAP_01"; int dcapNum = 1; - char processName[32]; - (void)strcpy_s(processName, sizeof(processName), "native_token_test7"); - char apl[32]; - (void)strcpy_s(apl, sizeof(apl), "system_core"); - - uint64_t tokenId = ::GetAccessTokenId(processName, dcaps, dcapNum, apl); + const char *perms[2]; + perms[0] = "ohos.permission.test1"; + perms[1] = "ohos.permission.test2"; + NativeInfo infoInstance = { + .dcapsNum = dcapNum, + .permNum = 2, + .dcaps = dcaps, + .perm = perms, + .processname = "native_token_test7", + .aplStr = "system_core", + }; + uint64_t tokenId = ::GetAccessTokenId(&infoInstance); ASSERT_NE(tokenId, 0); NativeTokenReceptor::GetInstance().Init(); NativeTokenInfo findInfo; int ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(tokenId, findInfo); ASSERT_EQ(ret, RET_SUCCESS); - ASSERT_EQ(findInfo.processName, processName); + ASSERT_EQ(findInfo.processName, infoInstance.processname); ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(tokenId); ASSERT_EQ(ret, RET_SUCCESS); @@ -592,11 +645,25 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos007, TestSize.Level1) char apl1[32]; (void)strcpy_s(apl1, sizeof(apl1), "normal"); - uint64_t tokenIdApl3 = ::GetAccessTokenId("ProcessNativeTokenInfos007_003", dcaps, dcapNum, apl3); + NativeInfo infoInstance = { + .dcapsNum = dcapNum, + .permNum = 0, + .dcaps = dcaps, + .perm = nullptr, + }; + infoInstance.aplStr = apl3; + infoInstance.processname = "ProcessNativeTokenInfos007_003"; + uint64_t tokenIdApl3 = ::GetAccessTokenId(&infoInstance); ASSERT_NE(tokenIdApl3, 0); - uint64_t tokenIdApl2 = ::GetAccessTokenId("ProcessNativeTokenInfos007_002", dcaps, dcapNum, apl2); + + infoInstance.aplStr = apl2; + infoInstance.processname = "ProcessNativeTokenInfos007_002"; + uint64_t tokenIdApl2 = ::GetAccessTokenId(&infoInstance); ASSERT_NE(tokenIdApl2, 0); - uint64_t tokenIdApl1 = ::GetAccessTokenId("ProcessNativeTokenInfos007_001", dcaps, dcapNum, apl1); + + infoInstance.aplStr = apl1; + infoInstance.processname = "ProcessNativeTokenInfos007_001"; + uint64_t tokenIdApl1 = ::GetAccessTokenId(&infoInstance); ASSERT_NE(tokenIdApl1, 0); NativeTokenReceptor& receptor = NativeTokenReceptor::GetInstance(); diff --git a/services/tokensyncmanager/include/command/base_remote_command.h b/services/tokensyncmanager/include/command/base_remote_command.h index 2289251c2..f8d17a79b 100644 --- a/services/tokensyncmanager/include/command/base_remote_command.h +++ b/services/tokensyncmanager/include/command/base_remote_command.h @@ -57,8 +57,8 @@ public: nlohmann::json ToHapTokenInfosJson(const HapTokenInfoForSync &tokenInfo); void FromHapTokenInfoJson(const nlohmann::json& hapTokenJson, HapTokenInfoForSync& hapTokenInfo); - nlohmann::json ToNativeTokenInfoJson(const NativeTokenInfo& tokenInfo); - void FromNativeTokenInfoJson(const nlohmann::json& nativeTokenJson, NativeTokenInfo& nativeTokenInfo); + nlohmann::json ToNativeTokenInfoJson(const NativeTokenInfoForSync& tokenInfo); + void FromNativeTokenInfoJson(const nlohmann::json& nativeTokenJson, NativeTokenInfoForSync& nativeTokenInfo); RemoteProtocol remoteProtocol_; }; } // namespace AccessToken diff --git a/services/tokensyncmanager/include/command/sync_remote_native_token_command.h b/services/tokensyncmanager/include/command/sync_remote_native_token_command.h index e398d7804..c39002a14 100644 --- a/services/tokensyncmanager/include/command/sync_remote_native_token_command.h +++ b/services/tokensyncmanager/include/command/sync_remote_native_token_command.h @@ -47,7 +47,7 @@ private: * The command name. Should be equal to class name. */ const std::string COMMAND_NAME = "SyncRemoteNativeTokenCommand"; - std::vector nativeTokenInfo_; + std::vector nativeTokenInfo_; }; } // namespace AccessToken } // namespace Security diff --git a/services/tokensyncmanager/src/command/base_remote_command.cpp b/services/tokensyncmanager/src/command/base_remote_command.cpp index a46afd7ec..5bbbbac83 100644 --- a/services/tokensyncmanager/src/command/base_remote_command.cpp +++ b/services/tokensyncmanager/src/command/base_remote_command.cpp @@ -78,16 +78,24 @@ nlohmann::json BaseRemoteCommand::ToRemoteProtocolJson() return j; } -nlohmann::json BaseRemoteCommand::ToNativeTokenInfoJson(const NativeTokenInfo& tokenInfo) +nlohmann::json BaseRemoteCommand::ToNativeTokenInfoJson(const NativeTokenInfoForSync& tokenInfo) { - nlohmann::json DcapsJson = nlohmann::json(tokenInfo.dcap); + nlohmann::json permStatesJson; + for (auto& permState : tokenInfo.permStateList) { + nlohmann::json permStateJson; + ToPermStateJson(permStateJson, permState); + permStatesJson.emplace_back(permStateJson); + } + + nlohmann::json DcapsJson = nlohmann::json(tokenInfo.baseInfo.dcap); nlohmann::json nativeTokenJson = nlohmann::json { - {"processName", tokenInfo.processName}, - {"apl", tokenInfo.apl}, - {"version", tokenInfo.ver}, - {"tokenId", tokenInfo.tokenID}, - {"tokenAttr", tokenInfo.tokenAttr}, + {"processName", tokenInfo.baseInfo.processName}, + {"apl", tokenInfo.baseInfo.apl}, + {"version", tokenInfo.baseInfo.ver}, + {"tokenId", tokenInfo.baseInfo.tokenID}, + {"tokenAttr", tokenInfo.baseInfo.tokenAttr}, {"dcaps", DcapsJson}, + {"permState", permStatesJson}, }; return nativeTokenJson; } @@ -230,30 +238,32 @@ void BaseRemoteCommand::FromHapTokenInfoJson(const nlohmann::json& hapTokenJson, } void BaseRemoteCommand::FromNativeTokenInfoJson(const nlohmann::json& nativeTokenJson, - NativeTokenInfo& nativeTokenInfo) + NativeTokenInfoForSync& nativeTokenInfo) { if (nativeTokenJson.find("processName") != nativeTokenJson.end() && nativeTokenJson.at("processName").is_string()) { - nativeTokenInfo.processName = nativeTokenJson.at("processName").get(); + nativeTokenInfo.baseInfo.processName = nativeTokenJson.at("processName").get(); } if (nativeTokenJson.find("apl") != nativeTokenJson.end() && nativeTokenJson.at("apl").is_number()) { int apl = nativeTokenJson.at("apl").get(); if (DataValidator::IsAplNumValid(apl)) { - nativeTokenInfo.apl = (ATokenAplEnum)apl; + nativeTokenInfo.baseInfo.apl = (ATokenAplEnum)apl; } } if (nativeTokenJson.find("version") != nativeTokenJson.end() && nativeTokenJson.at("version").is_number()) { - nativeTokenInfo.ver = (unsigned)nativeTokenJson.at("version").get(); + nativeTokenInfo.baseInfo.ver = (unsigned)nativeTokenJson.at("version").get(); } if (nativeTokenJson.find("tokenId") != nativeTokenJson.end() && nativeTokenJson.at("tokenId").is_number()) { - nativeTokenInfo.tokenID = (unsigned)nativeTokenJson.at("tokenId").get(); + nativeTokenInfo.baseInfo.tokenID = (unsigned)nativeTokenJson.at("tokenId").get(); } if (nativeTokenJson.find("tokenAttr") != nativeTokenJson.end() && nativeTokenJson.at("tokenAttr").is_number()) { - nativeTokenInfo.tokenAttr = (unsigned)nativeTokenJson.at("tokenAttr").get(); + nativeTokenInfo.baseInfo.tokenAttr = (unsigned)nativeTokenJson.at("tokenAttr").get(); } if (nativeTokenJson.find("dcaps") != nativeTokenJson.end() && nativeTokenJson.at("dcaps").is_array() && nativeTokenJson.at("dcaps").size() > 0 && (nativeTokenJson.at("dcaps"))[0].is_string()) { - nativeTokenInfo.dcap = nativeTokenJson.at("dcaps").get>(); + nativeTokenInfo.baseInfo.dcap = nativeTokenJson.at("dcaps").get>(); } + + FromPermStateListJson(nativeTokenJson, nativeTokenInfo.permStateList); } } // namespace AccessToken } // namespace Security diff --git a/services/tokensyncmanager/src/command/sync_remote_native_token_command.cpp b/services/tokensyncmanager/src/command/sync_remote_native_token_command.cpp index 4f45e6423..6484d3527 100644 --- a/services/tokensyncmanager/src/command/sync_remote_native_token_command.cpp +++ b/services/tokensyncmanager/src/command/sync_remote_native_token_command.cpp @@ -47,7 +47,7 @@ SyncRemoteNativeTokenCommand::SyncRemoteNativeTokenCommand(const std::string &js if (jsonObject.find("NativeTokenInfos") != jsonObject.end() && jsonObject.at("NativeTokenInfos").is_array()) { nlohmann::json nativeTokenListJson = jsonObject.at("NativeTokenInfos"); for (auto& tokenJson : nativeTokenListJson) { - NativeTokenInfo token; + NativeTokenInfoForSync token; BaseRemoteCommand::FromNativeTokenInfoJson(tokenJson, token); nativeTokenInfo_.emplace_back(token); } diff --git a/services/tokensyncmanager/src/service/token_sync_manager_stub.cpp b/services/tokensyncmanager/src/service/token_sync_manager_stub.cpp index cefdf158f..c1e2cd5a7 100644 --- a/services/tokensyncmanager/src/service/token_sync_manager_stub.cpp +++ b/services/tokensyncmanager/src/service/token_sync_manager_stub.cpp @@ -17,6 +17,7 @@ #include "accesstoken_log.h" #include "hap_token_info_for_sync_parcel.h" +#include "native_token_info_for_sync_parcel.h" #include "ipc_skeleton.h" #include "string_ex.h" -- Gitee From 4946db311547138644a9fffb01712325f8c7eed3 Mon Sep 17 00:00:00 2001 From: lsq Date: Tue, 26 Apr 2022 11:20:47 +0800 Subject: [PATCH 2/2] =?UTF-8?q?=E6=A3=80=E8=A7=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: lsq Change-Id: I650d9db553af16731e225658fbf500f539b32faa --- .../unittest/src/accesstoken_kit_test.cpp | 8 +- .../nativetoken/include/nativetoken.h | 12 +- .../nativetoken/include/nativetoken_kit.h | 12 +- .../innerkits/nativetoken/src/nativetoken.c | 125 ++++++++------- .../unittest/src/nativetoken_kit_test.cpp | 150 +++++++++--------- .../permission/permission_definition_cache.h | 2 + .../permission/permission_policy_set.h | 3 +- .../permission_definition_cache.cpp | 6 + .../cpp/src/permission/permission_manager.cpp | 25 +-- .../src/permission/permission_policy_set.cpp | 19 ++- .../src/token/accesstoken_info_manager.cpp | 48 +++--- .../cpp/src/token/native_token_info_inner.cpp | 2 +- .../cpp/src/native_token_receptor_test.cpp | 63 ++++---- 13 files changed, 257 insertions(+), 218 deletions(-) diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp index 2d24a35d5..c90034be9 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp @@ -2131,12 +2131,12 @@ HWTEST_F(AccessTokenKitTest, GetTokenTypeFlag001, TestSize.Level1) */ HWTEST_F(AccessTokenKitTest, GetTokenTypeFlag002, TestSize.Level1) { - NativeInfo infoInstance = { + NativeTokenInfoParams infoInstance = { .dcapsNum = 0, - .permNum = 0, + .permsNum = 0, .dcaps = nullptr, - .perm = nullptr, - .processname = "GetTokenTypeFlag002", + .perms = nullptr, + .processName = "GetTokenTypeFlag002", .aplStr = "system_core", }; uint64_t tokenId01 = GetAccessTokenId(&infoInstance); diff --git a/interfaces/innerkits/nativetoken/include/nativetoken.h b/interfaces/innerkits/nativetoken/include/nativetoken.h index 23c610628..c353476f9 100644 --- a/interfaces/innerkits/nativetoken/include/nativetoken.h +++ b/interfaces/innerkits/nativetoken/include/nativetoken.h @@ -41,8 +41,8 @@ extern "C" { #define MAX_JSON_FILE_LEN 102400 #define MAX_DCAPS_NUM 32 #define MAX_DCAP_LEN 1024 -#define MAX_PERM_NUM 32 -#define MAX_PERM_LEN 128 +#define MAX_PERM_NUM 64 +#define MAX_PERM_LEN 256 #define MAX_PARAMTER_LEN 128 #define SYSTEM_PROP_NATIVE_RECEPTOR "rw.nativetoken.receptor.startup" #define PATH_MAX_LEN 4096 @@ -84,16 +84,16 @@ typedef struct TokenList { NativeAtId tokenId; int32_t apl; char *dcaps[MAX_DCAPS_NUM]; - char *perm[MAX_PERM_NUM]; + char *perms[MAX_PERM_NUM]; int dcapsNum; - int permNum; + int permsNum; char processName[MAX_PROCESS_NAME_LEN + 1]; struct TokenList *next; } NativeTokenList; typedef struct StrArrayAttribute { - int maxStrNum; - int maxStrLen; + int32_t maxStrNum; + uint32_t maxStrLen; const char *strKey; } StrArrayAttr; diff --git a/interfaces/innerkits/nativetoken/include/nativetoken_kit.h b/interfaces/innerkits/nativetoken/include/nativetoken_kit.h index 9d15a8e9c..85f145966 100644 --- a/interfaces/innerkits/nativetoken/include/nativetoken_kit.h +++ b/interfaces/innerkits/nativetoken/include/nativetoken_kit.h @@ -25,16 +25,16 @@ extern "C" { #endif -typedef struct NativeProcInfo { +typedef struct TokenInfoParams { int dcapsNum; - int permNum; + int permsNum; const char **dcaps; - const char **perm; - const char *processname; + const char **perms; + const char *processName; const char *aplStr; -} NativeInfo; +} NativeTokenInfoParams; -extern uint64_t GetAccessTokenId(NativeInfo *nativeProcInfo); +extern uint64_t GetAccessTokenId(NativeTokenInfoParams *nativeProcInfo); #ifdef __cplusplus } diff --git a/interfaces/innerkits/nativetoken/src/nativetoken.c b/interfaces/innerkits/nativetoken/src/nativetoken.c index e90ccacaa..cc8e9610d 100644 --- a/interfaces/innerkits/nativetoken/src/nativetoken.c +++ b/interfaces/innerkits/nativetoken/src/nativetoken.c @@ -86,7 +86,7 @@ static void FreeStrArray(char **arr, int32_t num) } } -static uint32_t GetprocessNameFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode) +static uint32_t GetProcessNameFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode) { cJSON *processNameJson = cJSON_GetObjectItem(cjsonItem, PROCESS_KEY_NAME); if (!cJSON_IsString(processNameJson) || (strlen(processNameJson->valuestring) > MAX_PROCESS_NAME_LEN)) { @@ -139,21 +139,21 @@ static uint32_t GetInfoArrFromJson(cJSON *cjsonItem, char *strArr[], int *strNum { cJSON *strArrJson = cJSON_GetObjectItem(cjsonItem, attr->strKey); int32_t size = cJSON_GetArraySize(strArrJson); - - *strNum = size; if (size > attr->maxStrNum) { ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:size = %d is invalid.", __func__, size); return ATRET_FAILED; } + *strNum = size; + for (int32_t i = 0; i < size; i++) { cJSON *item = cJSON_GetArrayItem(strArrJson, i); - if (item == NULL || !cJSON_IsString(item) || item->valuestring == NULL) { + if ((item == NULL) || (!cJSON_IsString(item)) || (item->valuestring == NULL)) { ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_GetArrayItem failed.", __func__); return ATRET_FAILED; } size_t length = strlen(item->valuestring); if (length > attr->maxStrLen) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:item is invalid.", __func__); + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:item length %zu is invalid.", __func__, length); return ATRET_FAILED; } strArr[i] = (char *)malloc(sizeof(char) * (length + 1)); @@ -195,7 +195,7 @@ static int32_t GetTokenList(const cJSON *object) ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_GetArrayItem failed.", __func__); return ATRET_FAILED; } - ret = GetprocessNameFromJson(cjsonItem, tmp); + ret = GetProcessNameFromJson(cjsonItem, tmp); ret |= GetTokenIdFromJson(cjsonItem, tmp); ret |= GetAplFromJson(cjsonItem, tmp); @@ -205,16 +205,18 @@ static int32_t GetTokenList(const cJSON *object) ret |= GetInfoArrFromJson(cjsonItem, tmp->dcaps, &(tmp->dcapsNum), &attr); if (ret != ATRET_SUCCESS) { free(tmp); + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:GetInfoArrFromJson failed for dcaps.", __func__); return ATRET_FAILED; } attr.maxStrLen = MAX_PERM_LEN; attr.maxStrNum = MAX_PERM_NUM; attr.strKey = PERMS_KEY_NAME; - ret = GetInfoArrFromJson(cjsonItem, tmp->perm, &(tmp->permNum), &attr); + ret = GetInfoArrFromJson(cjsonItem, tmp->perms, &(tmp->permsNum), &attr); if (ret != ATRET_SUCCESS) { free(tmp); FreeStrArray(tmp->dcaps, tmp->dcapsNum - 1); + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:GetInfoArrFromJson failed for perms.", __func__); return ATRET_FAILED; } @@ -413,19 +415,20 @@ static int32_t AddStrArrayInfo(cJSON *object, char * const strArray[], int strNu { cJSON *strJsonArr = cJSON_CreateArray(); if (strJsonArr == NULL) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:CreateArray failed, strKey :%s.", __func__, strKey); return ATRET_FAILED; } for (int32_t i = 0; i < strNum; i++) { cJSON *item = cJSON_CreateString(strArray[i]); if (item == NULL || !cJSON_AddItemToArray(strJsonArr, item)) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:tokenAttr cJSON_AddItemToArray failed.", __func__); + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:AddItemToArray failed, strKey : %s.", __func__, strKey); cJSON_Delete(item); cJSON_Delete(strJsonArr); return ATRET_FAILED; } } if (!cJSON_AddItemToObject(object, strKey, strJsonArr)) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:strArr cJSON_AddItemToObject failed.", __func__); + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:AddItemToObject failed, strKey : %s.", __func__, strKey); cJSON_Delete(strJsonArr); return ATRET_FAILED; } @@ -485,7 +488,7 @@ static cJSON *CreateNativeTokenJsonObject(const NativeTokenList *curr) cJSON_Delete(object); } - ret = AddStrArrayInfo(object, curr->perm, curr->permNum, PERMS_KEY_NAME); + ret = AddStrArrayInfo(object, curr->perms, curr->permsNum, PERMS_KEY_NAME); if (ret != ATRET_SUCCESS) { cJSON_Delete(object); } @@ -518,7 +521,6 @@ static void SaveTokenIdToCfg(const NativeTokenList *curr) cJSON *node = CreateNativeTokenJsonObject(curr); if (node == NULL) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:CreateNativeTokenJsonObject failed.", __func__); cJSON_Delete(record); return; } @@ -529,36 +531,41 @@ static void SaveTokenIdToCfg(const NativeTokenList *curr) return; } -static uint32_t CheckStrPara(const char **info, int32_t infoNum, int maxNum, int maxInfoLen) +static uint32_t CheckStrArray(const char **strArray, int32_t strNum, int maxNum, uint32_t maxInfoLen) { - if (((info == NULL) && (infoNum != 0)) || - (infoNum > maxNum) || (infoNum < 0)) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:info is null or infoNum is invalid.", __func__); + if (((strArray == NULL) && (strNum != 0)) || + (strNum > maxNum) || (strNum < 0)) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:strArray is null or strNum is invalid.", __func__); return ATRET_FAILED; } - for (int32_t i = 0; i < infoNum; i++) { - if ((info[i] == NULL) || (strlen(info[i]) > maxInfoLen)) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:info[%d] length is invalid.", __func__, i); + for (int32_t i = 0; i < strNum; i++) { + if ((strArray[i] == NULL) || (strlen(strArray[i]) > maxInfoLen) || (strlen(strArray[i]) == 0)) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:strArray[%d] length is invalid.", __func__, i); return ATRET_FAILED; } } return ATRET_SUCCESS; } -static uint32_t CheckProcessInfo(NativeInfo *procInfo, int32_t *aplRet) +static uint32_t CheckProcessInfo(NativeTokenInfoParams *tokenInfo, int32_t *aplRet) { - if ((procInfo->processname == NULL) || strlen(procInfo->processname) > MAX_PROCESS_NAME_LEN || - strlen(procInfo->processname) == 0) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:processname is invalid.", __func__); + if ((tokenInfo->processName == NULL) || strlen(tokenInfo->processName) > MAX_PROCESS_NAME_LEN || + strlen(tokenInfo->processName) == 0) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:processName is invalid.", __func__); return ATRET_FAILED; } - int retDcap = CheckStrPara(procInfo->dcaps, procInfo->dcapsNum, MAX_DCAPS_NUM, MAX_DCAP_LEN); - int retPerm = CheckStrPara(procInfo->perm, procInfo->permNum, MAX_PERM_NUM, MAX_PERM_LEN); - if ((retDcap == ATRET_FAILED) || (retPerm == ATRET_FAILED)) { + int retDcap = CheckStrArray(tokenInfo->dcaps, tokenInfo->dcapsNum, MAX_DCAPS_NUM, MAX_DCAP_LEN); + if (retDcap != ATRET_SUCCESS) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:dcaps is invalid.", __func__); + return ATRET_FAILED; + } + int retPerm = CheckStrArray(tokenInfo->perms, tokenInfo->permsNum, MAX_PERM_NUM, MAX_PERM_LEN); + if (retPerm != ATRET_SUCCESS) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:perms is invalid.", __func__); return ATRET_FAILED; } - int32_t apl = GetAplLevel(procInfo->aplStr); + int32_t apl = GetAplLevel(tokenInfo->aplStr); if (apl == 0) { return ATRET_FAILED; } @@ -566,21 +573,21 @@ static uint32_t CheckProcessInfo(NativeInfo *procInfo, int32_t *aplRet) return ATRET_SUCCESS; } -static uint32_t CreateStrArray(int num, const char **str, char **nodeStr) +static uint32_t CreateStrArray(int num, const char **strArr, char **strArrRes) { for (int32_t i = 0; i < num; i++) { - nodeStr[i] = (char *)malloc(sizeof(char) * (strlen(str[i]) + 1)); - if (nodeStr[i] == NULL || - (strcpy_s(nodeStr[i], strlen(str[i]) + 1, str[i]) != EOK)) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:copy str[%d] failed.", __func__, i); - FreeStrArray(nodeStr, i); + strArrRes[i] = (char *)malloc(sizeof(char) * (strlen(strArr[i]) + 1)); + if (strArrRes[i] == NULL || + (strcpy_s(strArrRes[i], strlen(strArr[i]) + 1, strArr[i]) != EOK)) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:copy strArr[%d] failed.", __func__, i); + FreeStrArray(strArrRes, i); return ATRET_FAILED; } } return ATRET_SUCCESS; } -static uint32_t AddNewTokenToListAndFile(NativeInfo *procInfo, int32_t aplIn, NativeAtId *tokenId) +static uint32_t AddNewTokenToListAndFile(NativeTokenInfoParams *tokenInfo, int32_t aplIn, NativeAtId *tokenId) { NativeTokenList *tokenNode; NativeAtId id; @@ -597,20 +604,20 @@ static uint32_t AddNewTokenToListAndFile(NativeInfo *procInfo, int32_t aplIn, Na } tokenNode->tokenId = id; tokenNode->apl = aplIn; - if (strcpy_s(tokenNode->processName, MAX_PROCESS_NAME_LEN + 1, procInfo->processname) != EOK) { + if (strcpy_s(tokenNode->processName, MAX_PROCESS_NAME_LEN + 1, tokenInfo->processName) != EOK) { ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:strcpy_s failed.", __func__); free(tokenNode); return ATRET_FAILED; } - tokenNode->dcapsNum = procInfo->dcapsNum; - tokenNode->permNum = procInfo->permNum; + tokenNode->dcapsNum = tokenInfo->dcapsNum; + tokenNode->permsNum = tokenInfo->permsNum; - if (CreateStrArray(procInfo->dcapsNum, procInfo->dcaps, tokenNode->dcaps) != ATRET_SUCCESS) { + if (CreateStrArray(tokenInfo->dcapsNum, tokenInfo->dcaps, tokenNode->dcaps) != ATRET_SUCCESS) { free(tokenNode); return ATRET_FAILED; } - if (CreateStrArray(procInfo->permNum, procInfo->perm, tokenNode->perm) != ATRET_SUCCESS) { - FreeStrArray(tokenNode->dcaps, procInfo->dcapsNum - 1); + if (CreateStrArray(tokenInfo->permsNum, tokenInfo->perms, tokenNode->perms) != ATRET_SUCCESS) { + FreeStrArray(tokenNode->dcaps, tokenInfo->dcapsNum - 1); free(tokenNode); return ATRET_FAILED; } @@ -640,13 +647,13 @@ static int32_t CompareTokenInfo(NativeTokenList *tokenNode, const char **dcapsIn return 0; } -static int32_t ComparePermInfo(NativeTokenList *tokenNode, const char **permIn, int32_t permNumIn) +static int32_t ComparePermsInfo(NativeTokenList *tokenNode, const char **permsIn, int32_t permsNumIn) { - if (tokenNode->permNum != permNumIn) { + if (tokenNode->permsNum != permsNumIn) { return 1; } - for (int32_t i = 0; i < permNumIn; i++) { - if (strcmp(tokenNode->perm[i], permIn[i]) != 0) { + for (int32_t i = 0; i < permsNumIn; i++) { + if (strcmp(tokenNode->perms[i], permsIn[i]) != 0) { return 1; } } @@ -674,17 +681,17 @@ static uint32_t UpdateStrArrayInList(char *strArr[], int *strNum, return ATRET_SUCCESS; } -static uint32_t UpdateTokenInfoInList(NativeTokenList *tokenNode, NativeInfo *procInfo) +static uint32_t UpdateTokenInfoInList(NativeTokenList *tokenNode, NativeTokenInfoParams *tokenInfo) { - tokenNode->apl = GetAplLevel(procInfo->aplStr); + tokenNode->apl = GetAplLevel(tokenInfo->aplStr); uint32_t ret = UpdateStrArrayInList(tokenNode->dcaps, &(tokenNode->dcapsNum), - procInfo->dcaps, procInfo->dcapsNum); + tokenInfo->dcaps, tokenInfo->dcapsNum); if (ret != ATRET_SUCCESS) { return ret; } - ret = UpdateStrArrayInList(tokenNode->perm, &(tokenNode->permNum), - procInfo->perm, procInfo->permNum); + ret = UpdateStrArrayInList(tokenNode->perms, &(tokenNode->permsNum), + tokenInfo->perms, tokenInfo->permsNum); if (ret != ATRET_SUCCESS) { FreeStrArray(tokenNode->dcaps, tokenNode->dcapsNum); } @@ -720,7 +727,7 @@ static uint32_t UpdateStrArrayType(char * const strArr[], int strNum, const char } } else { if (!cJSON_AddItemToObject(record, strKey, strArrJson)) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_ReplaceItemInObject failed.", __func__); + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_AddItemToObject failed.", __func__); cJSON_Delete(strArrJson); return ATRET_FAILED; } @@ -747,11 +754,9 @@ static uint32_t UpdateItemcontent(const NativeTokenList *tokenNode, cJSON *recor return ATRET_FAILED; } - ret = UpdateStrArrayType(tokenNode->perm, tokenNode->permNum, PERMS_KEY_NAME, record); + ret = UpdateStrArrayType(tokenNode->perms, tokenNode->permsNum, PERMS_KEY_NAME, record); if (ret != ATRET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:GetInfoArrFromJson process %s \n tmp->permNum : %d.", - __func__, tokenNode->processName, tokenNode->permNum); - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:perm update failed.", __func__); + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:perms update failed.", __func__); return ATRET_FAILED; } return ATRET_SUCCESS; @@ -814,7 +819,7 @@ static uint32_t UpdateInfoInCfgFile(NativeTokenList *tokenNode) return ATRET_SUCCESS; } -uint64_t GetAccessTokenId(NativeInfo *procInfo) +uint64_t GetAccessTokenId(NativeTokenInfoParams *tokenInfo) { NativeAtId tokenId = 0; uint64_t result = 0; @@ -825,14 +830,14 @@ uint64_t GetAccessTokenId(NativeInfo *procInfo) return INVALID_TOKEN_ID; } - uint32_t ret = CheckProcessInfo(procInfo, &apl); + uint32_t ret = CheckProcessInfo(tokenInfo, &apl); if (ret != ATRET_SUCCESS) { return INVALID_TOKEN_ID; } NativeTokenList *tokenNode = g_tokenListHead->next; while (tokenNode != NULL) { - if (strcmp(tokenNode->processName, procInfo->processname) == 0) { + if (strcmp(tokenNode->processName, tokenInfo->processName) == 0) { tokenId = tokenNode->tokenId; break; } @@ -840,12 +845,12 @@ uint64_t GetAccessTokenId(NativeInfo *procInfo) } if (tokenNode == NULL) { - ret = AddNewTokenToListAndFile(procInfo, apl, &tokenId); + ret = AddNewTokenToListAndFile(tokenInfo, apl, &tokenId); } else { - int32_t needTokenUpdate = CompareTokenInfo(tokenNode, procInfo->dcaps, procInfo->dcapsNum, apl); - int32_t needPermUpdate = ComparePermInfo(tokenNode, procInfo->perm, procInfo->permNum); + int32_t needTokenUpdate = CompareTokenInfo(tokenNode, tokenInfo->dcaps, tokenInfo->dcapsNum, apl); + int32_t needPermUpdate = ComparePermsInfo(tokenNode, tokenInfo->perms, tokenInfo->permsNum); if ((needTokenUpdate != 0) || (needPermUpdate != 0)) { - ret = UpdateTokenInfoInList(tokenNode, procInfo); + ret = UpdateTokenInfoInList(tokenNode, tokenInfo); ret |= UpdateInfoInCfgFile(tokenNode); } } diff --git a/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.cpp b/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.cpp index 03b1b32f2..de2434dcd 100644 --- a/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.cpp +++ b/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.cpp @@ -55,12 +55,12 @@ int Start(const char *processName) const char **perms = new const char *[2]; perms[0] = "ohos.permission.test1"; perms[1] = "ohos.permission.test2"; - NativeInfo infoInstance = { + NativeTokenInfoParams infoInstance = { .dcapsNum = 2, - .permNum = 2, + .permsNum = 2, .dcaps = dcaps, - .perm = perms, - .processname = processName, + .perms = perms, + .processName = processName, .aplStr = "system_core", }; tokenId = GetAccessTokenId(&infoInstance); @@ -84,35 +84,35 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId001, TestSize.Level1) const char **perms = new const char *[2]; perms[0] = "ohos.permission.test1"; perms[1] = "ohos.permission.test2"; - NativeInfo infoInstance = { + NativeTokenInfoParams infoInstance = { .dcapsNum = dcapNum, - .permNum = 2, + .permsNum = 2, .dcaps = dcaps, - .perm = perms, + .perms = perms, .aplStr = "system_core", }; - infoInstance.processname = ""; + infoInstance.processName = ""; tokenId = GetAccessTokenId(&infoInstance); ASSERT_EQ(tokenId, 0); - infoInstance.processname = nullptr; + infoInstance.processName = nullptr; tokenId = GetAccessTokenId(&infoInstance); ASSERT_EQ(tokenId, 0); /* 257 is invalid processName length */ const std::string invalidProcName (257, 'x'); - infoInstance.processname = invalidProcName.c_str(); + infoInstance.processName = invalidProcName.c_str(); tokenId = GetAccessTokenId(&infoInstance); ASSERT_EQ(tokenId, 0); /* 255 is valid processName length */ const std::string validProcName01 (255, 'x'); - infoInstance.processname = validProcName01.c_str(); + infoInstance.processName = validProcName01.c_str(); tokenId = GetAccessTokenId(&infoInstance); ASSERT_NE(tokenId, 0); /* 256 is valid processName length */ const std::string validProcName02 (256, 'x'); - infoInstance.processname = validProcName02.c_str(); + infoInstance.processName = validProcName02.c_str(); tokenId = GetAccessTokenId(&infoInstance); ASSERT_NE(tokenId, 0); delete[] dcaps; @@ -132,21 +132,21 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId002, TestSize.Level1) dcaps[1] = "ST_CAP"; int dcapNum = -1; uint64_t tokenId; - NativeInfo infoInstance = { - .permNum = 0, + NativeTokenInfoParams infoInstance = { + .permsNum = 0, .dcaps = dcaps, - .perm = nullptr, + .perms = nullptr, .aplStr = "system_core", }; infoInstance.dcapsNum = dcapNum; - infoInstance.processname = "GetAccessTokenId002"; + infoInstance.processName = "GetAccessTokenId002"; tokenId = GetAccessTokenId(&infoInstance); ASSERT_EQ(tokenId, 0); /* 33 is invalid dcapNum */ dcapNum = 33; infoInstance.dcapsNum = dcapNum; - infoInstance.processname = "GetAccessTokenId002_00"; + infoInstance.processName = "GetAccessTokenId002_00"; tokenId = GetAccessTokenId(&infoInstance); ASSERT_EQ(tokenId, 0); @@ -156,14 +156,14 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId002, TestSize.Level1) /* 32 is valid dcapNum */ dcapNum = 32; infoInstance.dcapsNum = dcapNum; - infoInstance.processname = "GetAccessTokenId002_01"; + infoInstance.processName = "GetAccessTokenId002_01"; tokenId = GetAccessTokenId(&infoInstance); ASSERT_NE(tokenId, 0); /* 31 is valid dcapNum */ dcapNum = 31; infoInstance.dcapsNum = dcapNum; - infoInstance.processname = "GetAccessTokenId002_02"; + infoInstance.processName = "GetAccessTokenId002_02"; tokenId = GetAccessTokenId(&infoInstance); ASSERT_NE(tokenId, 0); @@ -183,22 +183,22 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId003, TestSize.Level1) dcaps[1] = "ST_CAP"; int dcapNum = 2; uint64_t tokenId; - NativeInfo infoInstance = { - .permNum = 0, + NativeTokenInfoParams infoInstance = { + .permsNum = 0, .dcaps = dcaps, - .perm = nullptr, + .perms = nullptr, .aplStr = "system_core", }; infoInstance.dcapsNum = dcapNum; infoInstance.dcaps = nullptr; - infoInstance.processname = "GetAccessTokenId003"; + infoInstance.processName = "GetAccessTokenId003"; tokenId = GetAccessTokenId(&infoInstance); ASSERT_EQ(tokenId, 0); dcapNum = 0; infoInstance.dcapsNum = dcapNum; infoInstance.dcaps = nullptr; - infoInstance.processname = "GetAccessTokenId003_01"; + infoInstance.processName = "GetAccessTokenId003_01"; tokenId = GetAccessTokenId(&infoInstance); ASSERT_NE(tokenId, 0); @@ -208,7 +208,7 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId003, TestSize.Level1) dcaps[0] = invalidDcap.c_str(); infoInstance.dcapsNum = dcapNum; infoInstance.dcaps = dcaps; - infoInstance.processname = "GetAccessTokenId003_02"; + infoInstance.processName = "GetAccessTokenId003_02"; tokenId = GetAccessTokenId(&infoInstance); ASSERT_EQ(tokenId, 0); @@ -217,7 +217,7 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId003, TestSize.Level1) dcaps[0] = validDcap01.c_str(); infoInstance.dcapsNum = dcapNum; infoInstance.dcaps = dcaps; - infoInstance.processname = "GetAccessTokenId003_03"; + infoInstance.processName = "GetAccessTokenId003_03"; tokenId = GetAccessTokenId(&infoInstance); ASSERT_NE(tokenId, 0); @@ -226,7 +226,7 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId003, TestSize.Level1) dcaps[0] = validDcap02.c_str(); infoInstance.dcapsNum = dcapNum; infoInstance.dcaps = dcaps; - infoInstance.processname = "GetAccessTokenId003_04"; + infoInstance.processName = "GetAccessTokenId003_04"; tokenId = GetAccessTokenId(&infoInstance); ASSERT_NE(tokenId, 0); @@ -246,12 +246,12 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId004, TestSize.Level1) dcaps[1] = "ST_CAP"; int dcapNum = 2; uint64_t tokenId; - NativeInfo infoInstance = { + NativeTokenInfoParams infoInstance = { .dcapsNum = dcapNum, - .permNum = 0, + .permsNum = 0, .dcaps = dcaps, - .perm = nullptr, - .processname = "GetAccessTokenId003", + .perms = nullptr, + .processName = "GetAccessTokenId003", }; infoInstance.aplStr = nullptr, @@ -312,23 +312,23 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId007, TestSize.Level1) const char **perms = new const char *[MAX_PERM_NUM]; perms[0] = "ohos.permission.test1"; perms[1] = "ohos.permission.test2"; - int permNum = -1; + int permsNum = -1; uint64_t tokenId; - NativeInfo infoInstance = { + NativeTokenInfoParams infoInstance = { .dcapsNum = 0, .dcaps = nullptr, - .perm = perms, + .perms = perms, .aplStr = "system_core", }; - infoInstance.permNum = permNum; - infoInstance.processname = "GetAccessTokenId007"; + infoInstance.permsNum = permsNum; + infoInstance.processName = "GetAccessTokenId007"; tokenId = GetAccessTokenId(&infoInstance); ASSERT_EQ(tokenId, 0); - permNum = MAX_PERM_NUM + 1; - infoInstance.permNum = permNum; - infoInstance.processname = "GetAccessTokenId007_00"; + permsNum = MAX_PERM_NUM + 1; + infoInstance.permsNum = permsNum; + infoInstance.processName = "GetAccessTokenId007_00"; tokenId = GetAccessTokenId(&infoInstance); ASSERT_EQ(tokenId, 0); @@ -336,15 +336,15 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId007, TestSize.Level1) perms[i] = "ohos.permission.test"; } - permNum = MAX_PERM_NUM; - infoInstance.permNum = permNum; - infoInstance.processname = "GetAccessTokenId007_01"; + permsNum = MAX_PERM_NUM; + infoInstance.permsNum = permsNum; + infoInstance.processName = "GetAccessTokenId007_01"; tokenId = GetAccessTokenId(&infoInstance); ASSERT_NE(tokenId, 0); - permNum = MAX_PERM_NUM - 1; - infoInstance.permNum = permNum; - infoInstance.processname = "GetAccessTokenId007_02"; + permsNum = MAX_PERM_NUM - 1; + infoInstance.permsNum = permsNum; + infoInstance.processName = "GetAccessTokenId007_02"; tokenId = GetAccessTokenId(&infoInstance); ASSERT_NE(tokenId, 0); @@ -366,12 +366,12 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId008, TestSize.Level1) const char **perms = new const char *[2]; perms[0] = "ohos.permission.test1"; perms[1] = "ohos.permission.test2"; - NativeInfo infoInstance = { + NativeTokenInfoParams infoInstance = { .dcapsNum = 2, - .permNum = 2, + .permsNum = 2, .dcaps = dcaps, - .perm = perms, - .processname = "GetAccessTokenId008", + .perms = perms, + .processName = "GetAccessTokenId008", .aplStr = "system_core", }; tokenId = GetAccessTokenId(&infoInstance); @@ -386,57 +386,57 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId008, TestSize.Level1) */ HWTEST_F(TokenLibKitTest, GetAccessTokenId009, TestSize.Level1) { - const char **perm = new const char *[2]; - perm[0] = "AT_CAP"; - perm[1] = "ST_CAP"; - int permNum = 2; + const char **perms = new const char *[2]; + perms[0] = "AT_CAP"; + perms[1] = "ST_CAP"; + int permsNum = 2; uint64_t tokenId; - NativeInfo infoInstance = { + NativeTokenInfoParams infoInstance = { .dcapsNum = 0, .dcaps = nullptr, .aplStr = "system_core", }; - infoInstance.permNum = permNum; - infoInstance.perm = nullptr; - infoInstance.processname = "GetAccessTokenId009"; + infoInstance.permsNum = permsNum; + infoInstance.perms = nullptr; + infoInstance.processName = "GetAccessTokenId009"; tokenId = GetAccessTokenId(&infoInstance); ASSERT_EQ(tokenId, 0); - permNum = 0; - infoInstance.permNum = permNum; - infoInstance.perm = nullptr; - infoInstance.processname = "GetAccessTokenId009_01"; + permsNum = 0; + infoInstance.permsNum = permsNum; + infoInstance.perms = nullptr; + infoInstance.processName = "GetAccessTokenId009_01"; tokenId = GetAccessTokenId(&infoInstance); ASSERT_NE(tokenId, 0); - permNum = 2; + permsNum = 2; /* 1025 is invalid dcap length */ const std::string invalidDcap (MAX_PERM_LEN + 1, 'x'); - perm[0] = invalidDcap.c_str(); - infoInstance.permNum = permNum; - infoInstance.perm = perm; - infoInstance.processname = "GetAccessTokenId009_02"; + perms[0] = invalidDcap.c_str(); + infoInstance.permsNum = permsNum; + infoInstance.perms = perms; + infoInstance.processName = "GetAccessTokenId009_02"; tokenId = GetAccessTokenId(&infoInstance); ASSERT_EQ(tokenId, 0); const std::string validDcap01 (MAX_PERM_LEN, 'x'); - perm[0] = validDcap01.c_str(); - infoInstance.permNum = permNum; - infoInstance.perm = perm; - infoInstance.processname = "GetAccessTokenId009_03"; + perms[0] = validDcap01.c_str(); + infoInstance.permsNum = permsNum; + infoInstance.perms = perms; + infoInstance.processName = "GetAccessTokenId009_03"; tokenId = GetAccessTokenId(&infoInstance); ASSERT_NE(tokenId, 0); const std::string validDcap02 (MAX_PERM_LEN - 1, 'x'); - perm[0] = validDcap02.c_str(); - infoInstance.permNum = permNum; - infoInstance.perm = perm; - infoInstance.processname = "GetAccessTokenId009_04"; + perms[0] = validDcap02.c_str(); + infoInstance.permsNum = permsNum; + infoInstance.perms = perms; + infoInstance.processName = "GetAccessTokenId009_04"; tokenId = GetAccessTokenId(&infoInstance); ASSERT_NE(tokenId, 0); - delete[] perm; + delete[] perms; } /** diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h b/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h index 76cb640fb..59e31d777 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h @@ -47,6 +47,8 @@ public: bool HasDefinition(const std::string& permissionName); + bool IsPermissionDefEmpty(); + private: PermissionDefinitionCache(); diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h b/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h index 20b653aad..d8ec4cb97 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h @@ -48,7 +48,8 @@ public: int QueryPermissionFlag(const std::string& permissionName); void UpdatePermissionStatus(const std::string& permissionName, bool isGranted, int flag); void ToString(std::string& info); - void PermStateToString(std::string& info); + bool IsPermissionReqValid(int32_t tokenApl, const std::string &permissionName); + void PermStateToString(int32_t tokenApl, std::string& info); void GetPermissionStateList(std::vector& stateList); private: diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp index 2f3208614..942e280c7 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp @@ -111,6 +111,12 @@ bool PermissionDefinitionCache::HasDefinition(const std::string& permissionName) Utils::UniqueReadGuard cacheGuard(this->cacheLock_); return permissionDefinitionMap_.count(permissionName) == 1; } + +bool PermissionDefinitionCache::IsPermissionDefEmpty() +{ + Utils::UniqueReadGuard cacheGuard(this->cacheLock_); + return permissionDefinitionMap_.empty(); +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index e3eeb9e15..326a1e1cc 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -79,11 +79,11 @@ void PermissionManager::AddDefPermissions(std::shared_ptr tok void PermissionManager::RemoveDefPermissions(AccessTokenID tokenID) { - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: 0x%{public}x", __func__, tokenID); + ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: %{public}u", __func__, tokenID); std::shared_ptr tokenInfo = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenID); if (tokenInfo == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "invalid params(tokenID: 0x%{public}x)!", tokenID); + ACCESSTOKEN_LOG_ERROR(LABEL, "invalid params(tokenID: %{public}u)!", tokenID); return; } std::string bundleName = tokenInfo->GetBundleName(); @@ -123,7 +123,10 @@ int PermissionManager::VerifyNativeAccessToken(AccessTokenID tokenID, const std: ACCESSTOKEN_LOG_ERROR(LABEL, "can not find tokenInfo!"); return PERMISSION_DENIED; } - + if (PermissionDefinitionCache::GetInstance().IsPermissionDefEmpty()) { + ACCESSTOKEN_LOG_INFO(LABEL, "permission definition set has not been installed!"); + return PERMISSION_GRANTED; + } if (!tokenInfoPtr->IsRemote() && !PermissionDefinitionCache::GetInstance().HasDefinition(permissionName)) { ACCESSTOKEN_LOG_ERROR( LABEL, "no definition for permission: %{public}s!", permissionName.c_str()); @@ -141,7 +144,7 @@ int PermissionManager::VerifyNativeAccessToken(AccessTokenID tokenID, const std: int PermissionManager::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) { - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: 0x%{public}x, permissionName: %{public}s", __func__, + ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: %{public}u, permissionName: %{public}s", __func__, tokenID, permissionName.c_str()); if (!PermissionValidator::IsPermissionNameValid(permissionName)) { ACCESSTOKEN_LOG_ERROR(LABEL, "invalid params!"); @@ -162,7 +165,7 @@ int PermissionManager::VerifyAccessToken(AccessTokenID tokenID, const std::strin int PermissionManager::VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName) { ACCESSTOKEN_LOG_INFO(LABEL, - "%{public}s called, tokenID: 0x%{public}x, permissionName: %{public}s", __func__, + "%{public}s called, tokenID: %{public}u, permissionName: %{public}s", __func__, tokenID, permissionName.c_str()); PermissionDef permissionInfo; @@ -200,7 +203,7 @@ int PermissionManager::GetDefPermission(const std::string& permissionName, Permi int PermissionManager::GetDefPermissions(AccessTokenID tokenID, std::vector& permList) { - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: 0x%{public}x", __func__, tokenID); + ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: %{public}u", __func__, tokenID); std::shared_ptr permPolicySet = AccessTokenInfoManager::GetInstance().GetHapPermissionPolicySet(tokenID); if (permPolicySet == nullptr) { @@ -215,7 +218,7 @@ int PermissionManager::GetDefPermissions(AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) { - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: 0x%{public}x, isSystemGrant: %{public}d", + ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: %{public}u, isSystemGrant: %{public}d", __func__, tokenID, isSystemGrant); std::shared_ptr permPolicySet = AccessTokenInfoManager::GetInstance().GetHapPermissionPolicySet(tokenID); @@ -284,7 +287,7 @@ void PermissionManager::GetSelfPermissionState(std::vector int PermissionManager::GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName) { - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: 0x%{public}x, permissionName: %{public}s", + ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: %{public}u, permissionName: %{public}s", __func__, tokenID, permissionName.c_str()); if (!PermissionValidator::IsPermissionNameValid(permissionName)) { ACCESSTOKEN_LOG_ERROR(LABEL, "invalid params!"); @@ -332,7 +335,7 @@ void PermissionManager::UpdateTokenPermissionState( void PermissionManager::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag) { ACCESSTOKEN_LOG_INFO(LABEL, - "%{public}s called, tokenID: 0x%{public}x, permissionName: %{public}s, flag: %{public}d", + "%{public}s called, tokenID: %{public}u, permissionName: %{public}s, flag: %{public}d", __func__, tokenID, permissionName.c_str(), flag); if (!PermissionValidator::IsPermissionNameValid(permissionName)) { ACCESSTOKEN_LOG_ERROR(LABEL, "invalid params!"); @@ -353,7 +356,7 @@ void PermissionManager::GrantPermission(AccessTokenID tokenID, const std::string void PermissionManager::RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag) { ACCESSTOKEN_LOG_INFO(LABEL, - "%{public}s called, tokenID: 0x%{public}x, permissionName: %{public}s, flag: %{public}d", + "%{public}s called, tokenID: %{public}u, permissionName: %{public}s, flag: %{public}d", __func__, tokenID, permissionName.c_str(), flag); if (!PermissionValidator::IsPermissionNameValid(permissionName)) { ACCESSTOKEN_LOG_ERROR(LABEL, "invalid params!"); @@ -373,7 +376,7 @@ void PermissionManager::RevokePermission(AccessTokenID tokenID, const std::strin void PermissionManager::ClearUserGrantedPermissionState(AccessTokenID tokenID) { - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: 0x%{public}x", __func__, tokenID); + ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: %{public}u", __func__, tokenID); std::shared_ptr infoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenID); if (infoPtr == nullptr) { ACCESSTOKEN_LOG_ERROR(LABEL, "invalid params!"); diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp index b2b8793a0..ce6ad9ea9 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp @@ -326,7 +326,21 @@ void PermissionPolicySet::ToString(std::string& info) info.append("\n ]\n"); } -void PermissionPolicySet::PermStateToString(std::string& info) +bool PermissionPolicySet::IsPermissionReqValid(int32_t tokenApl, const std::string &permissionName) +{ + PermissionDef permissionDef; + int ret = PermissionDefinitionCache::GetInstance().FindByPermissionName( + permissionName, permissionDef); + if (ret != RET_SUCCESS) { + return false; + } + if (tokenApl < permissionDef.availableLevel) { + return false; + } + return true; +} + +void PermissionPolicySet::PermStateToString(int32_t tokenApl, std::string& info) { Utils::UniqueReadGuard infoGuard(this->permPolicySetLock_); @@ -334,7 +348,7 @@ void PermissionPolicySet::PermStateToString(std::string& info) info.append(R"( "permStateList": [)"); info.append("\n"); for (auto iter = permStateList_.begin(); iter != permStateList_.end(); iter++) { - if (!PermissionDefinitionCache::GetInstance().HasDefinition(iter->permissionName)) { + if (!IsPermissionReqValid(tokenApl, iter->permissionName)) { invaildPermList.emplace_back(iter->permissionName); continue; } @@ -356,7 +370,6 @@ void PermissionPolicySet::PermStateToString(std::string& info) } info.append("\n ]\n"); } - } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index 97fdf5ddb..963fa85df 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -78,30 +78,30 @@ void AccessTokenInfoManager::InitHapTokenInfos() AccessTokenID tokenId = (AccessTokenID)tokenValue.GetInt(FIELD_TOKEN_ID); int ret = AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_HAP); if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}u add id failed.", tokenId); + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u add id failed.", tokenId); continue; } std::shared_ptr hap = std::make_shared(); if (hap == nullptr) { AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); - ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}u alloc failed.", tokenId); + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u alloc failed.", tokenId); continue; } ret = hap->RestoreHapTokenInfo(tokenId, tokenValue, permDefRes, permStateRes); if (ret != RET_SUCCESS) { AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); - ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}u restore failed.", tokenId); + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u restore failed.", tokenId); continue; } ret = AddHapTokenInfo(hap); if (ret != RET_SUCCESS) { AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); - ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}u add failed.", tokenId); + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u add failed.", tokenId); continue; } ACCESSTOKEN_LOG_INFO(LABEL, - " restore hap token 0x%{public}u bundle name %{public}s user %{public}d inst %{public}d ok!", + " restore hap token %{public}u bundle name %{public}s user %{public}d inst %{public}d ok!", tokenId, hap->GetBundleName().c_str(), hap->GetUserID(), hap->GetInstIndex()); } } @@ -117,31 +117,31 @@ void AccessTokenInfoManager::InitNativeTokenInfos() AccessTokenID tokenId = (AccessTokenID)nativeTokenValue.GetInt(FIELD_TOKEN_ID); int ret = AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_NATIVE); if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}u add failed.", tokenId); + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u add failed.", tokenId); continue; } std::shared_ptr native = std::make_shared(); if (native == nullptr) { AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); - ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}u alloc failed.", tokenId); + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u alloc failed.", tokenId); continue; } ret = native->RestoreNativeTokenInfo(tokenId, nativeTokenValue, permStateRes); if (ret != RET_SUCCESS) { AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); - ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}u restore failed.", tokenId); + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u restore failed.", tokenId); continue; } ret = AddNativeTokenInfo(native); if (ret != RET_SUCCESS) { AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); - ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}u add failed.", tokenId); + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u add failed.", tokenId); continue; } ACCESSTOKEN_LOG_INFO(LABEL, - "restore native token 0x%{public}u process name %{public}s ok!", + "restore native token %{public}u process name %{public}s ok!", tokenId, native->GetProcessName().c_str()); } } @@ -325,7 +325,7 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id) } AccessTokenIDManager::GetInstance().ReleaseTokenId(id); - ACCESSTOKEN_LOG_INFO(LABEL, "remove hap token 0x%{public}u ok!", id); + ACCESSTOKEN_LOG_INFO(LABEL, "remove hap token %{public}u ok!", id); RefreshTokenInfoIfNeeded(); #ifdef TOKEN_SYNC_ENABLE TokenModifyNotifier::GetInstance().NotifyTokenDelete(id); @@ -363,7 +363,7 @@ int AccessTokenInfoManager::RemoveNativeTokenInfo(AccessTokenID id) nativeTokenInfoMap_.erase(id); } AccessTokenIDManager::GetInstance().ReleaseTokenId(id); - ACCESSTOKEN_LOG_INFO(LABEL, "remove native token 0x%{public}u ok!", id); + ACCESSTOKEN_LOG_INFO(LABEL, "remove native token %{public}u ok!", id); if (!isRemote) { RefreshTokenInfoIfNeeded(); } @@ -399,7 +399,7 @@ int AccessTokenInfoManager::CreateHapTokenInfo( return RET_FAILED; } ACCESSTOKEN_LOG_INFO(LABEL, - "create hap token 0x%{public}u bundle name %{public}s user %{public}d inst %{public}d ok!", + "create hap token %{public}u bundle name %{public}s user %{public}d inst %{public}d ok!", tokenId, tokenInfo->GetBundleName().c_str(), tokenInfo->GetUserID(), tokenInfo->GetInstIndex()); tokenIdEx.tokenIdExStruct.tokenID = tokenId; @@ -485,7 +485,7 @@ void AccessTokenInfoManager::ProcessNativeTokenInfos( bool isUpdated = TryUpdateExistNativeToken(infoPtr); if (!isUpdated) { ACCESSTOKEN_LOG_INFO(LABEL, - "token 0x%{public}u process name %{public}s is new, add to manager!", + "token %{public}u process name %{public}s is new, add to manager!", infoPtr->GetTokenID(), infoPtr->GetProcessName().c_str()); AccessTokenID id = infoPtr->GetTokenID(); int ret = AccessTokenIDManager::GetInstance().RegisterTokenId(id, TOKEN_NATIVE); @@ -497,7 +497,7 @@ void AccessTokenInfoManager::ProcessNativeTokenInfos( if (ret != RET_SUCCESS) { AccessTokenIDManager::GetInstance().ReleaseTokenId(id); ACCESSTOKEN_LOG_ERROR(LABEL, - "token 0x%{public}u process name %{public}s add to manager failed!", + "token %{public}u process name %{public}s add to manager failed!", infoPtr->GetTokenID(), infoPtr->GetProcessName().c_str()); } } @@ -509,17 +509,17 @@ int AccessTokenInfoManager::UpdateHapToken(AccessTokenID tokenID, const std::string& appIDDesc, const HapPolicyParams& policy) { if (!DataValidator::IsAppIDDescValid(appIDDesc)) { - ACCESSTOKEN_LOG_INFO(LABEL, "token 0x%{public}u parm format error!", tokenID); + ACCESSTOKEN_LOG_INFO(LABEL, "token %{public}u parm format error!", tokenID); return RET_FAILED; } std::shared_ptr infoPtr = GetHapTokenInfoInner(tokenID); if (infoPtr == nullptr) { - ACCESSTOKEN_LOG_INFO(LABEL, "token 0x%{public}u is null, can not update!", tokenID); + ACCESSTOKEN_LOG_INFO(LABEL, "token %{public}u is null, can not update!", tokenID); return RET_FAILED; } if (infoPtr->IsRemote()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "remote hap token 0x%{public}u can not update!", tokenID); + ACCESSTOKEN_LOG_ERROR(LABEL, "remote hap token %{public}u can not update!", tokenID); return RET_FAILED; } @@ -527,7 +527,7 @@ int AccessTokenInfoManager::UpdateHapToken(AccessTokenID tokenID, Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); infoPtr->Update(appIDDesc, policy); ACCESSTOKEN_LOG_INFO(LABEL, - "token 0x%{public}u bundle name %{public}s user %{public}d inst %{public}d update ok!", + "token %{public}u bundle name %{public}s user %{public}d inst %{public}d update ok!", tokenID, infoPtr->GetBundleName().c_str(), infoPtr->GetUserID(), infoPtr->GetInstIndex()); } @@ -598,7 +598,7 @@ int AccessTokenInfoManager::UpdateRemoteHapTokenInfo(AccessTokenID mapID, HapTok { std::shared_ptr infoPtr = GetHapTokenInfoInner(mapID); if (infoPtr == nullptr || !infoPtr->IsRemote()) { - ACCESSTOKEN_LOG_INFO(LABEL, "token 0x%{public}u is null or not remote, can not update!", mapID); + ACCESSTOKEN_LOG_INFO(LABEL, "token %{public}u is null or not remote, can not update!", mapID); return RET_FAILED; } @@ -726,7 +726,7 @@ int AccessTokenInfoManager::SetRemoteNativeTokenInfo(const std::string& deviceID std::make_shared(nativeToken.baseInfo, nativeToken.permStateList); if (nativePtr == nullptr) { AccessTokenRemoteTokenManager::GetInstance().RemoveDeviceMappingTokenID(deviceID, mapID); - ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s tokenId 0x%{public}u alloc local token failed.", + ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s tokenId %{public}u alloc local token failed.", deviceID.c_str(), remoteID); continue; } @@ -734,7 +734,7 @@ int AccessTokenInfoManager::SetRemoteNativeTokenInfo(const std::string& deviceID int ret = AddNativeTokenInfo(nativePtr); if (ret != RET_SUCCESS) { AccessTokenRemoteTokenManager::GetInstance().RemoveDeviceMappingTokenID(deviceID, mapID); - ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s tokenId 0x%{public}u add local token failed.", + ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s tokenId %{public}u add local token failed.", deviceID.c_str(), remoteID); continue; } @@ -753,7 +753,7 @@ int AccessTokenInfoManager::DeleteRemoteToken(const std::string& deviceID, Acces } AccessTokenID mapID = AccessTokenRemoteTokenManager::GetInstance().GetDeviceMappingTokenID(deviceID, tokenID); if (mapID == 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s tokenId 0x%{public}u is not mapped", + ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s tokenId %{public}u is not mapped", deviceID.c_str(), tokenID); return RET_FAILED; } @@ -775,7 +775,7 @@ int AccessTokenInfoManager::DeleteRemoteToken(const std::string& deviceID, Acces } nativeTokenInfoMap_.erase(mapID); } else { - ACCESSTOKEN_LOG_ERROR(LABEL, "mapping tokenId 0x%{public}u type is unknown", mapID); + ACCESSTOKEN_LOG_ERROR(LABEL, "mapping tokenId %{public}u type is unknown", mapID); } return AccessTokenRemoteTokenManager::GetInstance().RemoveDeviceMappingTokenID(deviceID, tokenID); diff --git a/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp b/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp index e1588ec9b..4a41f2f57 100644 --- a/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp @@ -219,7 +219,7 @@ void NativeTokenInfoInner::ToString(std::string& info) const info.append(R"( "dcap": ")" + DcapToString(tokenInfoBasic_.dcap) + R"(")" + ",\n"); info.append(R"( "isRemote": )" + std::to_string(isRemote_? 1 : 0) + ",\n"); if (permPolicySet_ != nullptr) { - permPolicySet_->PermStateToString(info); + permPolicySet_->PermStateToString(tokenInfoBasic_.apl, info); } info.append("}"); } diff --git a/services/accesstokenmanager/test/unittest/cpp/src/native_token_receptor_test.cpp b/services/accesstokenmanager/test/unittest/cpp/src/native_token_receptor_test.cpp index 7485d16bd..33c9c5d8f 100644 --- a/services/accesstokenmanager/test/unittest/cpp/src/native_token_receptor_test.cpp +++ b/services/accesstokenmanager/test/unittest/cpp/src/native_token_receptor_test.cpp @@ -340,22 +340,31 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos002, TestSize.Level1) }; PermissionStateFull infoManagerTestState1 = { - .grantFlags = {0}, - .grantStatus = {0}, - .isGeneral = true, - .permissionName = "ohos.permission.ACCESS_PIN_AUTH", - .resDeviceID = {"local"} -}; + .grantFlags = {0}, + .grantStatus = {0}, + .isGeneral = true, + .permissionName = "ohos.permission.ACCELEROMETER", + .resDeviceID = {"local"} + }; PermissionStateFull infoManagerTestState2 = { - .permissionName = "ohos.permission.MANAGE_USER_IDM", - .isGeneral = true, - .grantFlags = {0, 2}, - .grantStatus = {0, 0}, - .resDeviceID = {"device 1", "device 2"} -}; - - std::vector permStateList = {infoManagerTestState1, infoManagerTestState2}; + .permissionName = "ohos.permission.MANAGE_USER_IDM", + .isGeneral = true, + .grantFlags = {0, 2}, + .grantStatus = {0, 0}, + .resDeviceID = {"device 1", "device 2"} + }; + + PermissionStateFull infoManagerTestState3 = { + .permissionName = "ohos.permission.USER_TEAT", + .isGeneral = true, + .grantFlags = {0, 2}, + .grantStatus = {0, 0}, + .resDeviceID = {"device 1", "device 2"} + }; + + std::vector permStateList = { + infoManagerTestState1, infoManagerTestState2, infoManagerTestState3}; std::shared_ptr nativeToken1 = std::make_shared(info1, permStateList); std::shared_ptr permPolicySet = @@ -387,7 +396,7 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos002, TestSize.Level1) ret = PermissionManager::GetInstance().VerifyAccessToken(info1.tokenID, "ohos.permission.MANAGE_USER_IDM"); ASSERT_EQ(ret, PERMISSION_GRANTED); - ret = PermissionManager::GetInstance().VerifyAccessToken(info1.tokenID, "ohos.permission.ACCESS_PIN_AUTH"); + ret = PermissionManager::GetInstance().VerifyAccessToken(info1.tokenID, "ohos.permission.ACCELEROMETER"); ASSERT_EQ(ret, PERMISSION_GRANTED); ret = PermissionManager::GetInstance().VerifyAccessToken(info1.tokenID, "ohos.permission.DISCOVER_BLUETOOTH"); ASSERT_EQ(ret, PERMISSION_DENIED); @@ -406,7 +415,7 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos002, TestSize.Level1) ret = PermissionManager::GetInstance().VerifyAccessToken(info2.tokenID, "ohos.permission.MANAGE_USER_IDM"); ASSERT_EQ(ret, PERMISSION_GRANTED); - ret = PermissionManager::GetInstance().VerifyAccessToken(info2.tokenID, "ohos.permission.ACCESS_PIN_AUTH"); + ret = PermissionManager::GetInstance().VerifyAccessToken(info2.tokenID, "ohos.permission.ACCELEROMETER"); ASSERT_EQ(ret, PERMISSION_GRANTED); ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info2.tokenID); @@ -603,12 +612,12 @@ HWTEST_F(NativeTokenReceptorTest, init001, TestSize.Level1) const char *perms[2]; perms[0] = "ohos.permission.test1"; perms[1] = "ohos.permission.test2"; - NativeInfo infoInstance = { + NativeTokenInfoParams infoInstance = { .dcapsNum = dcapNum, - .permNum = 2, + .permsNum = 2, .dcaps = dcaps, - .perm = perms, - .processname = "native_token_test7", + .perms = perms, + .processName = "native_token_test7", .aplStr = "system_core", }; uint64_t tokenId = ::GetAccessTokenId(&infoInstance); @@ -618,7 +627,7 @@ HWTEST_F(NativeTokenReceptorTest, init001, TestSize.Level1) NativeTokenInfo findInfo; int ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(tokenId, findInfo); ASSERT_EQ(ret, RET_SUCCESS); - ASSERT_EQ(findInfo.processName, infoInstance.processname); + ASSERT_EQ(findInfo.processName, infoInstance.processName); ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(tokenId); ASSERT_EQ(ret, RET_SUCCESS); @@ -645,24 +654,24 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos007, TestSize.Level1) char apl1[32]; (void)strcpy_s(apl1, sizeof(apl1), "normal"); - NativeInfo infoInstance = { + NativeTokenInfoParams infoInstance = { .dcapsNum = dcapNum, - .permNum = 0, + .permsNum = 0, .dcaps = dcaps, - .perm = nullptr, + .perms = nullptr, }; infoInstance.aplStr = apl3; - infoInstance.processname = "ProcessNativeTokenInfos007_003"; + infoInstance.processName = "ProcessNativeTokenInfos007_003"; uint64_t tokenIdApl3 = ::GetAccessTokenId(&infoInstance); ASSERT_NE(tokenIdApl3, 0); infoInstance.aplStr = apl2; - infoInstance.processname = "ProcessNativeTokenInfos007_002"; + infoInstance.processName = "ProcessNativeTokenInfos007_002"; uint64_t tokenIdApl2 = ::GetAccessTokenId(&infoInstance); ASSERT_NE(tokenIdApl2, 0); infoInstance.aplStr = apl1; - infoInstance.processname = "ProcessNativeTokenInfos007_001"; + infoInstance.processName = "ProcessNativeTokenInfos007_001"; uint64_t tokenIdApl1 = ::GetAccessTokenId(&infoInstance); ASSERT_NE(tokenIdApl1, 0); -- Gitee