diff --git a/frameworks/accesstoken/src/native_token_info_for_sync_parcel.cpp b/frameworks/accesstoken/src/native_token_info_for_sync_parcel.cpp index 655f7b12e8eba21d66009d8854fec966304f1f02..ad64e63eb60ba3e143748683763f5943fa924209 100644 --- a/frameworks/accesstoken/src/native_token_info_for_sync_parcel.cpp +++ b/frameworks/accesstoken/src/native_token_info_for_sync_parcel.cpp @@ -36,7 +36,7 @@ bool NativeTokenInfoForSyncParcel::Marshalling(Parcel& out) const { NativeTokenInfoParcel baseInfoParcel; baseInfoParcel.nativeTokenInfoParams = this->nativeTokenInfoForSyncParams.baseInfo; - out.WriteParcelable(&baseInfoParcel); + RETURN_IF_FALSE(out.WriteParcelable(&baseInfoParcel)); const std::vector& permStateList = this->nativeTokenInfoForSyncParams.permStateList; int32_t permStateListSize = static_cast(permStateList.size()); @@ -45,7 +45,7 @@ bool NativeTokenInfoForSyncParcel::Marshalling(Parcel& out) const for (int i = 0; i < permStateListSize; i++) { PermissionStateFullParcel permStateParcel; permStateParcel.permStatFull = permStateList[i]; - out.WriteParcelable(&permStateParcel); + RETURN_IF_FALSE(out.WriteParcelable(&permStateParcel)); } return true; diff --git a/frameworks/accesstoken/src/native_token_info_parcel.cpp b/frameworks/accesstoken/src/native_token_info_parcel.cpp index bccd54204526ccf665a0adbdd6425c70aacd0660..0919a8a961458de6cb485c47633534b5b5e3a6aa 100644 --- a/frameworks/accesstoken/src/native_token_info_parcel.cpp +++ b/frameworks/accesstoken/src/native_token_info_parcel.cpp @@ -41,13 +41,23 @@ bool NativeTokenInfoParcel::Marshalling(Parcel& out) const if ((this->nativeTokenInfoParams.dcap).size() > INT32_MAX) { return false; } - int dcapSize = static_cast((this->nativeTokenInfoParams.dcap).size()); + int32_t dcapSize = static_cast((this->nativeTokenInfoParams.dcap).size()); RETURN_IF_FALSE(out.WriteInt32(dcapSize)); for (auto dcapItem : this->nativeTokenInfoParams.dcap) { RETURN_IF_FALSE(out.WriteString(dcapItem)); } + if ((this->nativeTokenInfoParams.nativeAcls).size() > INT32_MAX) { + return false; + } + int32_t nativeAclSize = static_cast((this->nativeTokenInfoParams.nativeAcls).size()); + RETURN_IF_FALSE(out.WriteInt32(nativeAclSize)); + + for (auto item : this->nativeTokenInfoParams.nativeAcls) { + RETURN_IF_FALSE(out.WriteString(item)); + } + return true; } @@ -67,14 +77,23 @@ NativeTokenInfoParcel* NativeTokenInfoParcel::Unmarshalling(Parcel& in) RELEASE_IF_FALSE(in.ReadUint32(nativeTokenInfoParcel->nativeTokenInfoParams.tokenID), nativeTokenInfoParcel); RELEASE_IF_FALSE(in.ReadUint32(nativeTokenInfoParcel->nativeTokenInfoParams.tokenAttr), nativeTokenInfoParcel); - int dcapSize; + int32_t dcapSize; RELEASE_IF_FALSE(in.ReadInt32(dcapSize), nativeTokenInfoParcel); - for (int i = 0; i < dcapSize; i++) { + for (int32_t i = 0; i < dcapSize; i++) { std::string dcapsItem; RELEASE_IF_FALSE(in.ReadString(dcapsItem), nativeTokenInfoParcel); nativeTokenInfoParcel->nativeTokenInfoParams.dcap.emplace_back(dcapsItem); } + + int32_t nativeAclSize; + RELEASE_IF_FALSE(in.ReadInt32(nativeAclSize), nativeTokenInfoParcel); + + for (int32_t i = 0; i < nativeAclSize; i++) { + std::string item; + RELEASE_IF_FALSE(in.ReadString(item), nativeTokenInfoParcel); + nativeTokenInfoParcel->nativeTokenInfoParams.nativeAcls.emplace_back(item); + } return nativeTokenInfoParcel; } } // namespace AccessToken diff --git a/interfaces/innerkits/accesstoken/include/native_token_info.h b/interfaces/innerkits/accesstoken/include/native_token_info.h index 6044318807a62bb8a025e1cc71e13bd78f2e1cd2..62811db993cdf3312dac3ebb05118899d21d160a 100644 --- a/interfaces/innerkits/accesstoken/include/native_token_info.h +++ b/interfaces/innerkits/accesstoken/include/native_token_info.h @@ -32,6 +32,7 @@ public: std::vector dcap; AccessTokenID tokenID; AccessTokenAttr tokenAttr; + std::vector nativeAcls; }; class NativeTokenInfoForSync final { diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp index 5fb6c9b376497013cf6ade65c2d538642053bef4..a21f00a82ef8bdf7367d8d919165736071c1a1b6 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp @@ -2230,8 +2230,10 @@ HWTEST_F(AccessTokenKitTest, GetTokenTypeFlag002, TestSize.Level1) NativeTokenInfoParams infoInstance = { .dcapsNum = 0, .permsNum = 0, + .aclsNum = 0, .dcaps = nullptr, .perms = nullptr, + .acls = nullptr, .processName = "GetTokenTypeFlag002", .aplStr = "system_core", }; @@ -3334,7 +3336,8 @@ HWTEST_F(AccessTokenKitTest, SetRemoteNativeTokenInfo001, TestSize.Level1) .baseInfo.processName = "native_test1", .baseInfo.dcap = {"SYSDCAP", "DMSDCAP"}, .baseInfo.tokenID = 0x28000000, - .baseInfo.tokenAttr = 0 + .baseInfo.tokenAttr = 0, + .baseInfo.nativeAcls = {"ohos.permission.DISTRIBUTED_DATASYNC"}, }; std::vector nativeTokenInfoList; @@ -3356,6 +3359,8 @@ HWTEST_F(AccessTokenKitTest, SetRemoteNativeTokenInfo001, TestSize.Level1) ASSERT_EQ(resultInfo.dcap.size(), 2); ASSERT_EQ(resultInfo.dcap[0], "SYSDCAP"); ASSERT_EQ(resultInfo.dcap[1], "DMSDCAP"); + ASSERT_EQ(resultInfo.nativeAcls.size(), 1); + ASSERT_EQ(resultInfo.nativeAcls[0], "ohos.permission.DISTRIBUTED_DATASYNC"); ASSERT_EQ(resultInfo.tokenID, mapID); ASSERT_EQ(resultInfo.tokenAttr, native1.baseInfo.tokenAttr); } diff --git a/interfaces/innerkits/nativetoken/BUILD.gn b/interfaces/innerkits/nativetoken/BUILD.gn index 5ef3d0a76e324f2cdd8b2fc57c85c0b575aae56e..7fe115760dd048f5fa4137eaf602a0fabdde98d9 100644 --- a/interfaces/innerkits/nativetoken/BUILD.gn +++ b/interfaces/innerkits/nativetoken/BUILD.gn @@ -34,7 +34,10 @@ ohos_static_library("libnativetoken") { "//third_party/bounds_checking_function/include", ] - sources = [ "src/nativetoken.c" ] + sources = [ + "src/nativetoken.c", + "src/nativetoken_json_oper.c", + ] deps = [ "//third_party/bounds_checking_function:libsec_static", diff --git a/interfaces/innerkits/nativetoken/include/nativetoken.h b/interfaces/innerkits/nativetoken/include/nativetoken.h index c353476f97fd60733f5521b17d3f3b24c5bbe372..dc71d3888e53901c094f0b34747fc38c60d15294 100644 --- a/interfaces/innerkits/nativetoken/include/nativetoken.h +++ b/interfaces/innerkits/nativetoken/include/nativetoken.h @@ -54,6 +54,7 @@ extern "C" { #define DCAPS_KEY_NAME "dcaps" #define PERMS_KEY_NAME "permissions" +#define ACLS_KEY_NAME "nativeAcls" #define TOKENID_KEY_NAME "tokenId" #define TOKEN_ATTR_KEY_NAME "tokenAttr" #define APL_KEY_NAME "APL" @@ -85,8 +86,10 @@ typedef struct TokenList { int32_t apl; char *dcaps[MAX_DCAPS_NUM]; char *perms[MAX_PERM_NUM]; - int dcapsNum; - int permsNum; + char *acls[MAX_PERM_NUM]; + int32_t dcapsNum; + int32_t permsNum; + int32_t aclsNum; char processName[MAX_PROCESS_NAME_LEN + 1]; struct TokenList *next; } NativeTokenList; diff --git a/interfaces/innerkits/nativetoken/include/nativetoken_json_oper.h b/interfaces/innerkits/nativetoken/include/nativetoken_json_oper.h new file mode 100644 index 0000000000000000000000000000000000000000..ef2146922ea412a2fd80a72118c696b5a430c645 --- /dev/null +++ b/interfaces/innerkits/nativetoken/include/nativetoken_json_oper.h @@ -0,0 +1,44 @@ +/* + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include + +#include "cJSON.h" +#include "securec.h" +#include "nativetoken.h" +#include "nativetoken_log.h" + +#ifndef NATIVETOKEN_JSON_OPER_H +#define NATIVETOKEN_JSON_OPER_H + +#ifdef __cplusplus +extern "C" { +#endif + +extern void FreeStrArray(char **arr, int32_t num); +extern uint32_t GetProcessNameFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode); +extern uint32_t GetTokenIdFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode); +extern uint32_t GetAplFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode); +extern uint32_t GetInfoArrFromJson(cJSON *cjsonItem, char *strArr[], int32_t *strNum, StrArrayAttr *attr); +extern cJSON *CreateNativeTokenJsonObject(const NativeTokenList *curr); +extern uint32_t UpdateGoalItemFromRecord(const NativeTokenList *tokenNode, cJSON *record); + +#ifdef __cplusplus +} +#endif + +#endif // NATIVETOKEN_JSON_OPER_H \ No newline at end of file diff --git a/interfaces/innerkits/nativetoken/include/nativetoken_kit.h b/interfaces/innerkits/nativetoken/include/nativetoken_kit.h index 85f14596698abfde7981b6c7af5ec9c427bcc4e9..2bd352626d072f08bcde61e466aefb21a8137f61 100644 --- a/interfaces/innerkits/nativetoken/include/nativetoken_kit.h +++ b/interfaces/innerkits/nativetoken/include/nativetoken_kit.h @@ -26,10 +26,12 @@ extern "C" { #endif typedef struct TokenInfoParams { - int dcapsNum; - int permsNum; + int32_t dcapsNum; + int32_t permsNum; + int32_t aclsNum; const char **dcaps; const char **perms; + const char **acls; const char *processName; const char *aplStr; } NativeTokenInfoParams; diff --git a/interfaces/innerkits/nativetoken/include/nativetoken_log.h b/interfaces/innerkits/nativetoken/include/nativetoken_log.h index b161c996de611d88cfd3c9846661a019c83eb10f..677c784d9b3d9456be9f18fc7925ef4213a96adf 100644 --- a/interfaces/innerkits/nativetoken/include/nativetoken_log.h +++ b/interfaces/innerkits/nativetoken/include/nativetoken_log.h @@ -20,11 +20,11 @@ #include "hilog/log.h" -#define ACCESSTOKEN_LOG_DEBUG(fmt, ...) HILOG_DEBUG(LOG_CORE, fmt, ##__VA_ARGS__) -#define ACCESSTOKEN_LOG_INFO(fmt, ...) HILOG_INFO(LOG_CORE, fmt, ##__VA_ARGS__) -#define ACCESSTOKEN_LOG_WARN(fmt, ...) HILOG_WARN(LOG_CORE, fmt, ##__VA_ARGS__) -#define ACCESSTOKEN_LOG_ERROR(fmt, ...) ACCESSTOKEN_LOG_ERROR(LOG_CORE, fmt, ##__VA_ARGS__) -#define ACCESSTOKEN_LOG_FATAL(fmt, ...) HILOG_FATAL(LOG_CORE, fmt, ##__VA_ARGS__) +#define AT_LOG_DEBUG(fmt, ...) HILOG_DEBUG(LOG_CORE, fmt, ##__VA_ARGS__) +#define AT_LOG_INFO(fmt, ...) HILOG_INFO(LOG_CORE, fmt, ##__VA_ARGS__) +#define AT_LOG_WARN(fmt, ...) HILOG_WARN(LOG_CORE, fmt, ##__VA_ARGS__) +#define AT_LOG_ERROR(fmt, ...) HILOG_ERROR(LOG_CORE, fmt, ##__VA_ARGS__) +#define AT_LOG_FATAL(fmt, ...) HILOG_FATAL(LOG_CORE, fmt, ##__VA_ARGS__) /* define LOG_TAG as "security_*" at your submodule, * means your submodule name such as "security_dac" */ #undef LOG_TAG @@ -38,11 +38,11 @@ /* define LOG_TAG as "security_*" at your submodule, * means your submodule name such as "security_dac" */ #define LOG_TAG "accssToken_" -#define ACCESSTOKEN_LOG_DEBUG(fmt, ...) printf("[%s] debug: " fmt "\n", LOG_TAG, ##__VA_ARGS__) -#define ACCESSTOKEN_LOG_INFO(fmt, ...) printf("[%s] info: " fmt "\n", LOG_TAG, ##__VA_ARGS__) -#define ACCESSTOKEN_LOG_WARN(fmt, ...) printf("[%s] warn: " fmt "\n", LOG_TAG, ##__VA_ARGS__) -#define ACCESSTOKEN_LOG_ERROR(fmt, ...) printf("[%s] error: " fmt "\n", LOG_TAG, ##__VA_ARGS__) -#define ACCESSTOKEN_LOG_FATAL(fmt, ...) printf("[%s] fatal: " fmt "\n", LOG_TAG, ##__VA_ARGS__) +#define AT_LOG_DEBUG(fmt, ...) printf("[%s] debug: " fmt "\n", LOG_TAG, ##__VA_ARGS__) +#define AT_LOG_INFO(fmt, ...) printf("[%s] info: " fmt "\n", LOG_TAG, ##__VA_ARGS__) +#define AT_LOG_WARN(fmt, ...) printf("[%s] warn: " fmt "\n", LOG_TAG, ##__VA_ARGS__) +#define AT_LOG_ERROR(fmt, ...) printf("[%s] error: " fmt "\n", LOG_TAG, ##__VA_ARGS__) +#define AT_LOG_FATAL(fmt, ...) printf("[%s] fatal: " fmt "\n", LOG_TAG, ##__VA_ARGS__) #endif // HILOG_ENABLE diff --git a/interfaces/innerkits/nativetoken/src/nativetoken.c b/interfaces/innerkits/nativetoken/src/nativetoken.c index cc8e9610d485d30ff88099103a493951c16bf9c1..6d70d2a8853507ca4ba439c4f2a6550530d48fc7 100644 --- a/interfaces/innerkits/nativetoken/src/nativetoken.c +++ b/interfaces/innerkits/nativetoken/src/nativetoken.c @@ -13,6 +13,7 @@ * limitations under the License. */ #include "nativetoken.h" +#include "nativetoken_json_oper.h" #include "nativetoken_kit.h" NativeTokenList *g_tokenListHead; @@ -29,12 +30,12 @@ int32_t GetFileBuff(const char *cfg, char **retBuff) *retBuff = NULL; return ATRET_SUCCESS; } - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:invalid filePath.", __func__); + AT_LOG_ERROR("[ATLIB-%s]:invalid filePath.", __func__); return ATRET_FAILED; } if (stat(filePath, &fileStat) != 0) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:stat file failed.", __func__); + AT_LOG_ERROR("[ATLIB-%s]:stat file failed.", __func__); return ATRET_FAILED; } @@ -44,7 +45,7 @@ int32_t GetFileBuff(const char *cfg, char **retBuff) } if (fileStat.st_size > MAX_JSON_FILE_LEN) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:stat file size is invalid.", __func__); + AT_LOG_ERROR("[ATLIB-%s]:stat file size is invalid.", __func__); return ATRET_FAILED; } @@ -52,19 +53,19 @@ int32_t GetFileBuff(const char *cfg, char **retBuff) FILE *cfgFd = fopen(filePath, "r"); if (cfgFd == NULL) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:fopen file failed.", __func__); + AT_LOG_ERROR("[ATLIB-%s]:fopen file failed.", __func__); return ATRET_FAILED; } char *buff = (char *)malloc((size_t)(fileSize + 1)); if (buff == NULL) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:memory alloc failed.", __func__); + AT_LOG_ERROR("[ATLIB-%s]:memory alloc failed.", __func__); fclose(cfgFd); return ATRET_FAILED; } if (fread(buff, fileSize, 1, cfgFd) != 1) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:fread failed.", __func__); + AT_LOG_ERROR("[ATLIB-%s]:fread failed.", __func__); free(buff); buff = NULL; fclose(cfgFd); @@ -76,109 +77,54 @@ int32_t GetFileBuff(const char *cfg, char **retBuff) return ATRET_SUCCESS; } -static void FreeStrArray(char **arr, int32_t num) +static void StrAttrSet(StrArrayAttr *attr, uint32_t maxStrLen, int32_t maxStrNum, const char *strKey) { - for (int32_t i = 0; i <= num; i++) { - if (arr[i] != NULL) { - free(arr[i]); - arr[i] = NULL; - } - } + attr->maxStrLen = maxStrLen; + attr->maxStrNum = maxStrLen; + attr->strKey = strKey; } -static uint32_t GetProcessNameFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode) +static int32_t GetNativeTokenFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode) { - cJSON *processNameJson = cJSON_GetObjectItem(cjsonItem, PROCESS_KEY_NAME); - if (!cJSON_IsString(processNameJson) || (strlen(processNameJson->valuestring) > MAX_PROCESS_NAME_LEN)) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:processNameJson is invalid.", __func__); - return ATRET_FAILED; - } - - if (strcpy_s(tokenNode->processName, MAX_PROCESS_NAME_LEN + 1, processNameJson->valuestring) != EOK) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:strcpy_s failed.", __func__); - return ATRET_FAILED; - } - return ATRET_SUCCESS; -} + uint32_t ret; + StrArrayAttr attr; -static uint32_t GetTokenIdFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode) -{ - cJSON *tokenIdJson = cJSON_GetObjectItem(cjsonItem, TOKENID_KEY_NAME); - if ((!cJSON_IsNumber(tokenIdJson)) || (cJSON_GetNumberValue(tokenIdJson) <= 0)) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:tokenIdJson is invalid.", __func__); - return ATRET_FAILED; - } + ret = GetProcessNameFromJson(cjsonItem, tokenNode); + ret |= GetTokenIdFromJson(cjsonItem, tokenNode); + ret |= GetAplFromJson(cjsonItem, tokenNode); - AtInnerInfo *atIdInfo = (AtInnerInfo *)&(tokenIdJson->valueint); - if (atIdInfo->type != TOKEN_NATIVE_TYPE) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:tokenId type is invalid.", __func__); + StrAttrSet(&attr, MAX_DCAP_LEN, MAX_DCAPS_NUM, DCAPS_KEY_NAME); + ret |= GetInfoArrFromJson(cjsonItem, tokenNode->dcaps, &(tokenNode->dcapsNum), &attr); + if (ret != ATRET_SUCCESS) { + AT_LOG_ERROR("[ATLIB-%s]:GetInfoArrFromJson failed for dcaps.", __func__); return ATRET_FAILED; } - tokenNode->tokenId = (NativeAtId)tokenIdJson->valueint; - return ATRET_SUCCESS; -} - -static uint32_t GetAplFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode) -{ - cJSON *aplJson = cJSON_GetObjectItem(cjsonItem, APL_KEY_NAME); - if (!cJSON_IsNumber(aplJson)) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:aplJson is invalid.", __func__); - return ATRET_FAILED; - } - int apl = cJSON_GetNumberValue(aplJson); - if (apl <= 0 || apl > SYSTEM_CORE) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:apl = %d in file is invalid.", __func__, apl); + StrAttrSet(&attr, MAX_PERM_LEN, MAX_PERM_NUM, PERMS_KEY_NAME); + ret = GetInfoArrFromJson(cjsonItem, tokenNode->perms, &(tokenNode->permsNum), &attr); + if (ret != ATRET_SUCCESS) { + FreeStrArray(tokenNode->dcaps, tokenNode->dcapsNum - 1); + AT_LOG_ERROR("[ATLIB-%s]:GetInfoArrFromJson failed for perms.", __func__); return ATRET_FAILED; } - tokenNode->apl = aplJson->valueint; - return ATRET_SUCCESS; -} -static uint32_t GetInfoArrFromJson(cJSON *cjsonItem, char *strArr[], int *strNum, StrArrayAttr *attr) -{ - cJSON *strArrJson = cJSON_GetObjectItem(cjsonItem, attr->strKey); - int32_t size = cJSON_GetArraySize(strArrJson); - if (size > attr->maxStrNum) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:size = %d is invalid.", __func__, size); + StrAttrSet(&attr, MAX_PERM_LEN, MAX_PERM_NUM, ACLS_KEY_NAME); + ret = GetInfoArrFromJson(cjsonItem, tokenNode->acls, &(tokenNode->aclsNum), &attr); + if (ret != ATRET_SUCCESS) { + FreeStrArray(tokenNode->dcaps, tokenNode->dcapsNum - 1); + FreeStrArray(tokenNode->perms, tokenNode->permsNum - 1); + AT_LOG_ERROR("[ATLIB-%s]:GetInfoArrFromJson failed for acls.", __func__); return ATRET_FAILED; } - *strNum = size; - - for (int32_t i = 0; i < size; i++) { - cJSON *item = cJSON_GetArrayItem(strArrJson, i); - if ((item == NULL) || (!cJSON_IsString(item)) || (item->valuestring == NULL)) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_GetArrayItem failed.", __func__); - return ATRET_FAILED; - } - size_t length = strlen(item->valuestring); - if (length > attr->maxStrLen) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:item length %zu is invalid.", __func__, length); - return ATRET_FAILED; - } - strArr[i] = (char *)malloc(sizeof(char) * (length + 1)); - if (strArr[i] == NULL) { - FreeStrArray(strArr, i - 1); - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:malloc invalid.", __func__); - return ATRET_FAILED; - } - if (strcpy_s(strArr[i], length + 1, item->valuestring) != EOK) { - FreeStrArray(strArr, i); - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:strcpy_s failed.", __func__); - return ATRET_FAILED; - } - } return ATRET_SUCCESS; } static int32_t GetTokenList(const cJSON *object) { - uint32_t ret; NativeTokenList *tmp = NULL; - StrArrayAttr attr; if (object == NULL) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:object is null.", __func__); + AT_LOG_ERROR("[ATLIB-%s]:object is null.", __func__); return ATRET_FAILED; } int32_t arraySize = cJSON_GetArraySize(object); @@ -186,37 +132,17 @@ static int32_t GetTokenList(const cJSON *object) for (int32_t i = 0; i < arraySize; i++) { tmp = (NativeTokenList *)malloc(sizeof(NativeTokenList)); if (tmp == NULL) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:memory alloc failed.", __func__); + AT_LOG_ERROR("[ATLIB-%s]:memory alloc failed.", __func__); return ATRET_FAILED; } cJSON *cjsonItem = cJSON_GetArrayItem(object, i); if (cjsonItem == NULL) { free(tmp); - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_GetArrayItem failed.", __func__); + AT_LOG_ERROR("[ATLIB-%s]:cJSON_GetArrayItem failed.", __func__); return ATRET_FAILED; } - ret = GetProcessNameFromJson(cjsonItem, tmp); - ret |= GetTokenIdFromJson(cjsonItem, tmp); - ret |= GetAplFromJson(cjsonItem, tmp); - - attr.maxStrLen = MAX_DCAP_LEN; - attr.maxStrNum = MAX_DCAPS_NUM; - attr.strKey = DCAPS_KEY_NAME; - ret |= GetInfoArrFromJson(cjsonItem, tmp->dcaps, &(tmp->dcapsNum), &attr); - if (ret != ATRET_SUCCESS) { + if (GetNativeTokenFromJson(cjsonItem, tmp) != ATRET_SUCCESS) { free(tmp); - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:GetInfoArrFromJson failed for dcaps.", __func__); - return ATRET_FAILED; - } - - attr.maxStrLen = MAX_PERM_LEN; - attr.maxStrNum = MAX_PERM_NUM; - attr.strKey = PERMS_KEY_NAME; - ret = GetInfoArrFromJson(cjsonItem, tmp->perms, &(tmp->permsNum), &attr); - if (ret != ATRET_SUCCESS) { - free(tmp); - FreeStrArray(tmp->dcaps, tmp->dcapsNum - 1); - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:GetInfoArrFromJson failed for perms.", __func__); return ATRET_FAILED; } @@ -253,7 +179,7 @@ static int32_t CreateCfgFile(void) { int32_t fd = open(TOKEN_ID_CFG_FILE_PATH, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP); if (fd < 0) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:open failed.", __func__); + AT_LOG_ERROR("[ATLIB-%s]:open failed.", __func__); return ATRET_FAILED; } close(fd); @@ -261,12 +187,12 @@ static int32_t CreateCfgFile(void) struct stat buf; if (stat(TOKEN_ID_CFG_DIR_PATH, &buf) != 0) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:stat folder path is invalid %d.", - __func__, errno); + AT_LOG_ERROR("[ATLIB-%s]:stat folder path is invalid %d.", + __func__, errno); return ATRET_FAILED; } if (chown(TOKEN_ID_CFG_FILE_PATH, buf.st_uid, buf.st_gid) != 0) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:chown failed, errno is %d.", __func__, errno); + AT_LOG_ERROR("[ATLIB-%s]:chown failed, errno is %d.", __func__, errno); return ATRET_FAILED; } @@ -277,7 +203,7 @@ static int32_t AtlibInit(void) { g_tokenListHead = (NativeTokenList *)malloc(sizeof(NativeTokenList)); if (g_tokenListHead == NULL) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:g_tokenListHead memory alloc failed.", __func__); + AT_LOG_ERROR("[ATLIB-%s]:g_tokenListHead memory alloc failed.", __func__); return ATRET_FAILED; } g_tokenListHead->next = NULL; @@ -299,11 +225,11 @@ static int32_t AtlibInit(void) return ATRET_SUCCESS; } -static int GetRandomTokenId(uint32_t *randNum) +static int32_t GetRandomTokenId(uint32_t *randNum) { uint32_t random; - int len; - int fd = open("/dev/urandom", O_RDONLY); + int32_t len; + int32_t fd = open("/dev/urandom", O_RDONLY); if (fd < 0) { return ATRET_FAILED; } @@ -311,7 +237,7 @@ static int GetRandomTokenId(uint32_t *randNum) (void)close(fd); if (len != sizeof(random)) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:read failed.", __func__); + AT_LOG_ERROR("[ATLIB-%s]:read failed.", __func__); return ATRET_FAILED; } *randNum = random; @@ -350,7 +276,7 @@ static NativeAtId CreateNativeTokenId(void) retry--; } if (retry == 0) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:retry times is 0.", __func__); + AT_LOG_ERROR("[ATLIB-%s]:retry times is 0.", __func__); return INVALID_TOKEN_ID; } @@ -375,7 +301,7 @@ static int32_t GetAplLevel(const char *aplStr) if (strcmp(aplStr, "normal") == 0) { return NORMAL; } - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:aplStr is invalid.", __func__); + AT_LOG_ERROR("[ATLIB-%s]:aplStr is invalid.", __func__); return 0; } @@ -387,7 +313,7 @@ static void WriteToFile(const cJSON *root) char *jsonStr = NULL; jsonStr = cJSON_PrintUnformatted(root); if (jsonStr == NULL) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_PrintUnformatted failed.", __func__); + AT_LOG_ERROR("[ATLIB-%s]:cJSON_PrintUnformatted failed.", __func__); return; } @@ -395,14 +321,14 @@ static void WriteToFile(const cJSON *root) int32_t fd = open(TOKEN_ID_CFG_FILE_PATH, O_RDWR | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP); if (fd < 0) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:open failed.", __func__); + AT_LOG_ERROR("[ATLIB-%s]:open failed.", __func__); break; } strLen = strlen(jsonStr); writtenLen = write(fd, (void *)jsonStr, (size_t)strLen); close(fd); if (writtenLen != strLen) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:write failed, writtenLen is %d.", __func__, writtenLen); + AT_LOG_ERROR("[ATLIB-%s]:write failed, writtenLen is %d.", __func__, writtenLen); break; } } while (0); @@ -411,90 +337,6 @@ static void WriteToFile(const cJSON *root) return; } -static int32_t AddStrArrayInfo(cJSON *object, char * const strArray[], int strNum, const char *strKey) -{ - cJSON *strJsonArr = cJSON_CreateArray(); - if (strJsonArr == NULL) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:CreateArray failed, strKey :%s.", __func__, strKey); - return ATRET_FAILED; - } - for (int32_t i = 0; i < strNum; i++) { - cJSON *item = cJSON_CreateString(strArray[i]); - if (item == NULL || !cJSON_AddItemToArray(strJsonArr, item)) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:AddItemToArray failed, strKey : %s.", __func__, strKey); - cJSON_Delete(item); - cJSON_Delete(strJsonArr); - return ATRET_FAILED; - } - } - if (!cJSON_AddItemToObject(object, strKey, strJsonArr)) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:AddItemToObject failed, strKey : %s.", __func__, strKey); - cJSON_Delete(strJsonArr); - return ATRET_FAILED; - } - return ATRET_SUCCESS; -} - -static cJSON *CreateNativeTokenJsonObject(const NativeTokenList *curr) -{ - cJSON *object = cJSON_CreateObject(); - if (object == NULL) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_CreateObject failed.", __func__); - return NULL; - } - - cJSON *item = cJSON_CreateString(curr->processName); - if (item == NULL || !cJSON_AddItemToObject(object, PROCESS_KEY_NAME, item)) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:processName cJSON_AddItemToObject failed.", __func__); - cJSON_Delete(item); - cJSON_Delete(object); - return NULL; - } - - item = cJSON_CreateNumber(curr->apl); - if (item == NULL || !cJSON_AddItemToObject(object, APL_KEY_NAME, item)) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:APL cJSON_AddItemToObject failed.", __func__); - cJSON_Delete(item); - cJSON_Delete(object); - return NULL; - } - - item = cJSON_CreateNumber(DEFAULT_AT_VERSION); - if (item == NULL || !cJSON_AddItemToObject(object, VERSION_KEY_NAME, item)) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:version cJSON_AddItemToObject failed.", __func__); - cJSON_Delete(item); - cJSON_Delete(object); - return NULL; - } - - item = cJSON_CreateNumber(curr->tokenId); - if (item == NULL || !cJSON_AddItemToObject(object, TOKENID_KEY_NAME, item)) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:tokenId cJSON_AddItemToObject failed.", __func__); - cJSON_Delete(item); - cJSON_Delete(object); - return NULL; - } - - item = cJSON_CreateNumber(0); - if (item == NULL || !cJSON_AddItemToObject(object, TOKEN_ATTR_KEY_NAME, item)) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:tokenAttr cJSON_AddItemToObject failed.", __func__); - cJSON_Delete(item); - cJSON_Delete(object); - return NULL; - } - - int ret = AddStrArrayInfo(object, curr->dcaps, curr->dcapsNum, DCAPS_KEY_NAME); - if (ret != ATRET_SUCCESS) { - cJSON_Delete(object); - } - - ret = AddStrArrayInfo(object, curr->perms, curr->permsNum, PERMS_KEY_NAME); - if (ret != ATRET_SUCCESS) { - cJSON_Delete(object); - } - return object; -} - static void SaveTokenIdToCfg(const NativeTokenList *curr) { char *fileBuff = NULL; @@ -515,7 +357,7 @@ static void SaveTokenIdToCfg(const NativeTokenList *curr) } if (record == NULL) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:get record failed.", __func__); + AT_LOG_ERROR("[ATLIB-%s]:get record failed.", __func__); return; } @@ -531,16 +373,16 @@ static void SaveTokenIdToCfg(const NativeTokenList *curr) return; } -static uint32_t CheckStrArray(const char **strArray, int32_t strNum, int maxNum, uint32_t maxInfoLen) +static uint32_t CheckStrArray(const char **strArray, int32_t strNum, int32_t maxNum, uint32_t maxInfoLen) { if (((strArray == NULL) && (strNum != 0)) || (strNum > maxNum) || (strNum < 0)) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:strArray is null or strNum is invalid.", __func__); + AT_LOG_ERROR("[ATLIB-%s]:strArray is null or strNum is invalid.", __func__); return ATRET_FAILED; } for (int32_t i = 0; i < strNum; i++) { if ((strArray[i] == NULL) || (strlen(strArray[i]) > maxInfoLen) || (strlen(strArray[i]) == 0)) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:strArray[%d] length is invalid.", __func__, i); + AT_LOG_ERROR("[ATLIB-%s]:strArray[%d] length is invalid.", __func__, i); return ATRET_FAILED; } } @@ -551,20 +393,30 @@ static uint32_t CheckProcessInfo(NativeTokenInfoParams *tokenInfo, int32_t *aplR { if ((tokenInfo->processName == NULL) || strlen(tokenInfo->processName) > MAX_PROCESS_NAME_LEN || strlen(tokenInfo->processName) == 0) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:processName is invalid.", __func__); + AT_LOG_ERROR("[ATLIB-%s]:processName is invalid.", __func__); return ATRET_FAILED; } - int retDcap = CheckStrArray(tokenInfo->dcaps, tokenInfo->dcapsNum, MAX_DCAPS_NUM, MAX_DCAP_LEN); + uint32_t retDcap = CheckStrArray(tokenInfo->dcaps, tokenInfo->dcapsNum, MAX_DCAPS_NUM, MAX_DCAP_LEN); if (retDcap != ATRET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:dcaps is invalid.", __func__); + AT_LOG_ERROR("[ATLIB-%s]:dcaps is invalid.", __func__); return ATRET_FAILED; } - int retPerm = CheckStrArray(tokenInfo->perms, tokenInfo->permsNum, MAX_PERM_NUM, MAX_PERM_LEN); + uint32_t retPerm = CheckStrArray(tokenInfo->perms, tokenInfo->permsNum, MAX_PERM_NUM, MAX_PERM_LEN); if (retPerm != ATRET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:perms is invalid.", __func__); + AT_LOG_ERROR("[ATLIB-%s]:perms is invalid.", __func__); + return ATRET_FAILED; + } + + uint32_t retAcl = CheckStrArray(tokenInfo->acls, tokenInfo->aclsNum, MAX_PERM_NUM, MAX_PERM_LEN); + if (retAcl != ATRET_SUCCESS) { + AT_LOG_ERROR("[ATLIB-%s]:acls is invalid.", __func__); return ATRET_FAILED; } + if (tokenInfo->aclsNum > tokenInfo->permsNum) { + AT_LOG_ERROR("[ATLIB-%s]:aclsNum is invalid.", __func__); + return ATRET_FAILED; + } int32_t apl = GetAplLevel(tokenInfo->aplStr); if (apl == 0) { return ATRET_FAILED; @@ -573,13 +425,13 @@ static uint32_t CheckProcessInfo(NativeTokenInfoParams *tokenInfo, int32_t *aplR return ATRET_SUCCESS; } -static uint32_t CreateStrArray(int num, const char **strArr, char **strArrRes) +static uint32_t CreateStrArray(int32_t num, const char **strArr, char **strArrRes) { for (int32_t i = 0; i < num; i++) { strArrRes[i] = (char *)malloc(sizeof(char) * (strlen(strArr[i]) + 1)); if (strArrRes[i] == NULL || (strcpy_s(strArrRes[i], strlen(strArr[i]) + 1, strArr[i]) != EOK)) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:copy strArr[%d] failed.", __func__, i); + AT_LOG_ERROR("[ATLIB-%s]:copy strArr[%d] failed.", __func__, i); FreeStrArray(strArrRes, i); return ATRET_FAILED; } @@ -587,7 +439,8 @@ static uint32_t CreateStrArray(int num, const char **strArr, char **strArrRes) return ATRET_SUCCESS; } -static uint32_t AddNewTokenToListAndFile(NativeTokenInfoParams *tokenInfo, int32_t aplIn, NativeAtId *tokenId) +static uint32_t AddNewTokenToListAndFile(const NativeTokenInfoParams *tokenInfo, + int32_t aplIn, NativeAtId *tokenId) { NativeTokenList *tokenNode; NativeAtId id; @@ -599,18 +452,19 @@ static uint32_t AddNewTokenToListAndFile(NativeTokenInfoParams *tokenInfo, int32 tokenNode = (NativeTokenList *)malloc(sizeof(NativeTokenList)); if (tokenNode == NULL) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:memory alloc failed.", __func__); + AT_LOG_ERROR("[ATLIB-%s]:memory alloc failed.", __func__); return ATRET_FAILED; } tokenNode->tokenId = id; tokenNode->apl = aplIn; if (strcpy_s(tokenNode->processName, MAX_PROCESS_NAME_LEN + 1, tokenInfo->processName) != EOK) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:strcpy_s failed.", __func__); + AT_LOG_ERROR("[ATLIB-%s]:strcpy_s failed.", __func__); free(tokenNode); return ATRET_FAILED; } tokenNode->dcapsNum = tokenInfo->dcapsNum; tokenNode->permsNum = tokenInfo->permsNum; + tokenNode->aclsNum = tokenInfo->aclsNum; if (CreateStrArray(tokenInfo->dcapsNum, tokenInfo->dcaps, tokenNode->dcaps) != ATRET_SUCCESS) { free(tokenNode); @@ -621,6 +475,12 @@ static uint32_t AddNewTokenToListAndFile(NativeTokenInfoParams *tokenInfo, int32 free(tokenNode); return ATRET_FAILED; } + if (CreateStrArray(tokenInfo->aclsNum, tokenInfo->acls, tokenNode->acls) != ATRET_SUCCESS) { + FreeStrArray(tokenNode->dcaps, tokenInfo->dcapsNum - 1); + FreeStrArray(tokenNode->perms, tokenInfo->permsNum - 1); + free(tokenNode); + return ATRET_FAILED; + } tokenNode->next = g_tokenListHead->next; g_tokenListHead->next = tokenNode; @@ -631,7 +491,8 @@ static uint32_t AddNewTokenToListAndFile(NativeTokenInfoParams *tokenInfo, int32 return ATRET_SUCCESS; } -static int32_t CompareTokenInfo(NativeTokenList *tokenNode, const char **dcapsIn, int32_t dcapNumIn, int32_t aplIn) +static int32_t CompareTokenInfo(const NativeTokenList *tokenNode, + const char **dcapsIn, int32_t dcapNumIn, int32_t aplIn) { if (tokenNode->apl != aplIn) { return 1; @@ -647,7 +508,8 @@ static int32_t CompareTokenInfo(NativeTokenList *tokenNode, const char **dcapsIn return 0; } -static int32_t ComparePermsInfo(NativeTokenList *tokenNode, const char **permsIn, int32_t permsNumIn) +static int32_t ComparePermsInfo(const NativeTokenList *tokenNode, + const char **permsIn, int32_t permsNumIn) { if (tokenNode->permsNum != permsNumIn) { return 1; @@ -660,8 +522,8 @@ static int32_t ComparePermsInfo(NativeTokenList *tokenNode, const char **permsIn return 0; } -static uint32_t UpdateStrArrayInList(char *strArr[], int *strNum, - const char **strArrNew, int strNumNew) +static uint32_t UpdateStrArrayInList(char *strArr[], int32_t *strNum, + const char **strArrNew, int32_t strNumNew) { for (int32_t i = 0; i < *strNum; i++) { free(strArr[i]); @@ -670,10 +532,10 @@ static uint32_t UpdateStrArrayInList(char *strArr[], int *strNum, *strNum = strNumNew; for (int32_t i = 0; i < strNumNew; i++) { - int32_t len = strlen(strArrNew[i]) + 1; + size_t len = strlen(strArrNew[i]) + 1; strArr[i] = (char *)malloc(sizeof(char) * len); if (strArr[i] == NULL || (strcpy_s(strArr[i], len, strArrNew[i]) != EOK)) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:copy strArr[%d] failed.", __func__, i); + AT_LOG_ERROR("[ATLIB-%s]:copy strArr[%d] failed.", __func__, i); FreeStrArray(strArr, i); return ATRET_FAILED; } @@ -681,7 +543,8 @@ static uint32_t UpdateStrArrayInList(char *strArr[], int *strNum, return ATRET_SUCCESS; } -static uint32_t UpdateTokenInfoInList(NativeTokenList *tokenNode, NativeTokenInfoParams *tokenInfo) +static uint32_t UpdateTokenInfoInList(NativeTokenList *tokenNode, + const NativeTokenInfoParams *tokenInfo) { tokenNode->apl = GetAplLevel(tokenInfo->aplStr); @@ -693,98 +556,18 @@ static uint32_t UpdateTokenInfoInList(NativeTokenList *tokenNode, NativeTokenInf ret = UpdateStrArrayInList(tokenNode->perms, &(tokenNode->permsNum), tokenInfo->perms, tokenInfo->permsNum); if (ret != ATRET_SUCCESS) { - FreeStrArray(tokenNode->dcaps, tokenNode->dcapsNum); + FreeStrArray(tokenNode->dcaps, tokenNode->dcapsNum - 1); } - return ret; -} - -static uint32_t UpdateStrArrayType(char * const strArr[], int strNum, const char *strKey, cJSON *record) -{ - cJSON *strArrJson = cJSON_CreateArray(); - if (strArrJson == NULL) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_CreateArray failed.", __func__); - return ATRET_FAILED; - } - for (int32_t i = 0; i < strNum; i++) { - cJSON *item = cJSON_CreateString(strArr[i]); - if (item == NULL) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_CreateString failed.", __func__); - cJSON_Delete(strArrJson); - return ATRET_FAILED; - } - if (!cJSON_AddItemToArray(strArrJson, item)) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_AddItemToArray failed.", __func__); - cJSON_Delete(item); - cJSON_Delete(strArrJson); - return ATRET_FAILED; - } - } - if (cJSON_GetObjectItem(record, strKey) != NULL) { - if (!cJSON_ReplaceItemInObject(record, strKey, strArrJson)) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_ReplaceItemInObject failed.", __func__); - cJSON_Delete(strArrJson); - return ATRET_FAILED; - } - } else { - if (!cJSON_AddItemToObject(record, strKey, strArrJson)) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_AddItemToObject failed.", __func__); - cJSON_Delete(strArrJson); - return ATRET_FAILED; - } - } - - return ATRET_SUCCESS; -} - -static uint32_t UpdateItemcontent(const NativeTokenList *tokenNode, cJSON *record) -{ - cJSON *itemApl = cJSON_CreateNumber(tokenNode->apl); - if (itemApl == NULL) { - return ATRET_FAILED; - } - if (!cJSON_ReplaceItemInObject(record, APL_KEY_NAME, itemApl)) { - cJSON_Delete(itemApl); - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:APL update failed.", __func__); - return ATRET_FAILED; - } - - uint32_t ret = UpdateStrArrayType(tokenNode->dcaps, tokenNode->dcapsNum, DCAPS_KEY_NAME, record); + ret = UpdateStrArrayInList(tokenNode->acls, &(tokenNode->aclsNum), + tokenInfo->acls, tokenInfo->aclsNum); if (ret != ATRET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:dcaps update failed.", __func__); - return ATRET_FAILED; + FreeStrArray(tokenNode->dcaps, tokenNode->dcapsNum - 1); + FreeStrArray(tokenNode->perms, tokenNode->permsNum - 1); } - - ret = UpdateStrArrayType(tokenNode->perms, tokenNode->permsNum, PERMS_KEY_NAME, record); - if (ret != ATRET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:perms update failed.", __func__); - return ATRET_FAILED; - } - return ATRET_SUCCESS; -} - -static uint32_t UpdateGoalItemFromRecord(const NativeTokenList *tokenNode, cJSON *record) -{ - int32_t arraySize = cJSON_GetArraySize(record); - for (int32_t i = 0; i < arraySize; i++) { - cJSON *cjsonItem = cJSON_GetArrayItem(record, i); - if (cjsonItem == NULL) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_GetArrayItem failed.", __func__); - return ATRET_FAILED; - } - cJSON *processNameJson = cJSON_GetObjectItem(cjsonItem, PROCESS_KEY_NAME); - if (processNameJson == NULL) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:processNameJson is null.", __func__); - return ATRET_FAILED; - } - if (strcmp(processNameJson->valuestring, tokenNode->processName) == 0) { - return UpdateItemcontent(tokenNode, cjsonItem); - } - } - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cannot find process in config file.", __func__); - return ATRET_FAILED; + return ret; } -static uint32_t UpdateInfoInCfgFile(NativeTokenList *tokenNode) +static uint32_t UpdateInfoInCfgFile(const NativeTokenList *tokenNode) { cJSON *record = NULL; char *fileBuff = NULL; @@ -803,13 +586,13 @@ static uint32_t UpdateInfoInCfgFile(NativeTokenList *tokenNode) } if (record == NULL) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:get record failed.", __func__); + AT_LOG_ERROR("[ATLIB-%s]:get record failed.", __func__); return ATRET_FAILED; } ret = UpdateGoalItemFromRecord(tokenNode, record); if (ret != ATRET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:UpdateGoalItemFromRecord failed.", __func__); + AT_LOG_ERROR("[ATLIB-%s]:UpdateGoalItemFromRecord failed.", __func__); cJSON_Delete(record); return ATRET_FAILED; } @@ -829,7 +612,6 @@ uint64_t GetAccessTokenId(NativeTokenInfoParams *tokenInfo) if ((g_isNativeTokenInited == 0) && (AtlibInit() != ATRET_SUCCESS)) { return INVALID_TOKEN_ID; } - uint32_t ret = CheckProcessInfo(tokenInfo, &apl); if (ret != ATRET_SUCCESS) { return INVALID_TOKEN_ID; @@ -861,4 +643,4 @@ uint64_t GetAccessTokenId(NativeTokenInfoParams *tokenInfo) atPoint->tokenId = tokenId; atPoint->tokenAttr = 0; return result; -} \ No newline at end of file +} diff --git a/interfaces/innerkits/nativetoken/src/nativetoken_json_oper.c b/interfaces/innerkits/nativetoken/src/nativetoken_json_oper.c new file mode 100644 index 0000000000000000000000000000000000000000..7921b36cea88008651fa5a11f3d7f25ea0021c61 --- /dev/null +++ b/interfaces/innerkits/nativetoken/src/nativetoken_json_oper.c @@ -0,0 +1,292 @@ +/* + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "nativetoken_json_oper.h" + +void FreeStrArray(char **arr, int32_t num) +{ + for (int32_t i = 0; i <= num; i++) { + if (arr[i] != NULL) { + free(arr[i]); + arr[i] = NULL; + } + } +} + +uint32_t GetProcessNameFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode) +{ + cJSON *processNameJson = cJSON_GetObjectItem(cjsonItem, PROCESS_KEY_NAME); + if (!cJSON_IsString(processNameJson) || (strlen(processNameJson->valuestring) > MAX_PROCESS_NAME_LEN)) { + AT_LOG_ERROR("[ATLIB-%s]:processNameJson is invalid.", __func__); + return ATRET_FAILED; + } + + if (strcpy_s(tokenNode->processName, MAX_PROCESS_NAME_LEN + 1, processNameJson->valuestring) != EOK) { + AT_LOG_ERROR("[ATLIB-%s]:strcpy_s failed.", __func__); + return ATRET_FAILED; + } + return ATRET_SUCCESS; +} + +uint32_t GetTokenIdFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode) +{ + cJSON *tokenIdJson = cJSON_GetObjectItem(cjsonItem, TOKENID_KEY_NAME); + if ((!cJSON_IsNumber(tokenIdJson)) || (cJSON_GetNumberValue(tokenIdJson) <= 0)) { + AT_LOG_ERROR("[ATLIB-%s]:tokenIdJson is invalid.", __func__); + return ATRET_FAILED; + } + + AtInnerInfo *atIdInfo = (AtInnerInfo *)&(tokenIdJson->valueint); + if (atIdInfo->type != TOKEN_NATIVE_TYPE) { + AT_LOG_ERROR("[ATLIB-%s]:tokenId type is invalid.", __func__); + return ATRET_FAILED; + } + + tokenNode->tokenId = (NativeAtId)tokenIdJson->valueint; + return ATRET_SUCCESS; +} + +uint32_t GetAplFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode) +{ + cJSON *aplJson = cJSON_GetObjectItem(cjsonItem, APL_KEY_NAME); + if (!cJSON_IsNumber(aplJson)) { + AT_LOG_ERROR("[ATLIB-%s]:aplJson is invalid.", __func__); + return ATRET_FAILED; + } + int32_t apl = cJSON_GetNumberValue(aplJson); + if (apl <= 0 || apl > SYSTEM_CORE) { + AT_LOG_ERROR("[ATLIB-%s]:apl = %d in file is invalid.", __func__, apl); + return ATRET_FAILED; + } + tokenNode->apl = aplJson->valueint; + return ATRET_SUCCESS; +} + +uint32_t GetInfoArrFromJson(cJSON *cjsonItem, char *strArr[], int32_t *strNum, StrArrayAttr *attr) +{ + cJSON *strArrJson = cJSON_GetObjectItem(cjsonItem, attr->strKey); + int32_t size = cJSON_GetArraySize(strArrJson); + if (size > attr->maxStrNum) { + AT_LOG_ERROR("[ATLIB-%s]:size = %d is invalid.", __func__, size); + return ATRET_FAILED; + } + *strNum = size; + + for (int32_t i = 0; i < size; i++) { + cJSON *item = cJSON_GetArrayItem(strArrJson, i); + if ((item == NULL) || (!cJSON_IsString(item)) || (item->valuestring == NULL)) { + AT_LOG_ERROR("[ATLIB-%s]:cJSON_GetArrayItem failed.", __func__); + return ATRET_FAILED; + } + size_t length = strlen(item->valuestring); + if (length > attr->maxStrLen) { + AT_LOG_ERROR("[ATLIB-%s]:item length %zu is invalid.", __func__, length); + return ATRET_FAILED; + } + strArr[i] = (char *)malloc(sizeof(char) * (length + 1)); + if (strArr[i] == NULL) { + FreeStrArray(strArr, i - 1); + AT_LOG_ERROR("[ATLIB-%s]:malloc invalid.", __func__); + return ATRET_FAILED; + } + if (strcpy_s(strArr[i], length + 1, item->valuestring) != EOK) { + FreeStrArray(strArr, i); + AT_LOG_ERROR("[ATLIB-%s]:strcpy_s failed.", __func__); + return ATRET_FAILED; + } + } + return ATRET_SUCCESS; +} + +static int32_t AddStrArrayInfo(cJSON *object, char* const strArray[], int32_t strNum, const char *strKey) +{ + cJSON *strJsonArr = cJSON_CreateArray(); + if (strJsonArr == NULL) { + AT_LOG_ERROR("[ATLIB-%s]:CreateArray failed, strKey :%s.", __func__, strKey); + return ATRET_FAILED; + } + for (int32_t i = 0; i < strNum; i++) { + cJSON *item = cJSON_CreateString(strArray[i]); + if (item == NULL || !cJSON_AddItemToArray(strJsonArr, item)) { + AT_LOG_ERROR("[ATLIB-%s]:AddItemToArray failed, strKey : %s.", __func__, strKey); + cJSON_Delete(item); + cJSON_Delete(strJsonArr); + return ATRET_FAILED; + } + } + if (!cJSON_AddItemToObject(object, strKey, strJsonArr)) { + AT_LOG_ERROR("[ATLIB-%s]:AddItemToObject failed, strKey : %s.", __func__, strKey); + cJSON_Delete(strJsonArr); + return ATRET_FAILED; + } + return ATRET_SUCCESS; +} + +int32_t SetNativeTokenJsonObject(const NativeTokenList *curr, cJSON *object) +{ + cJSON *item = cJSON_CreateString(curr->processName); + if (item == NULL || !cJSON_AddItemToObject(object, PROCESS_KEY_NAME, item)) { + AT_LOG_ERROR("[ATLIB-%s]:processName cJSON_AddItemToObject failed.", __func__); + cJSON_Delete(item); + return ATRET_FAILED; + } + + item = cJSON_CreateNumber(curr->apl); + if (item == NULL || !cJSON_AddItemToObject(object, APL_KEY_NAME, item)) { + AT_LOG_ERROR("[ATLIB-%s]:APL cJSON_AddItemToObject failed.", __func__); + cJSON_Delete(item); + return ATRET_FAILED; + } + + item = cJSON_CreateNumber(DEFAULT_AT_VERSION); + if (item == NULL || !cJSON_AddItemToObject(object, VERSION_KEY_NAME, item)) { + AT_LOG_ERROR("[ATLIB-%s]:version cJSON_AddItemToObject failed.", __func__); + cJSON_Delete(item); + return ATRET_FAILED; + } + + item = cJSON_CreateNumber(curr->tokenId); + if (item == NULL || !cJSON_AddItemToObject(object, TOKENID_KEY_NAME, item)) { + AT_LOG_ERROR("[ATLIB-%s]:tokenId cJSON_AddItemToObject failed.", __func__); + cJSON_Delete(item); + return ATRET_FAILED; + } + + item = cJSON_CreateNumber(0); + if (item == NULL || !cJSON_AddItemToObject(object, TOKEN_ATTR_KEY_NAME, item)) { + AT_LOG_ERROR("[ATLIB-%s]:tokenAttr cJSON_AddItemToObject failed.", __func__); + cJSON_Delete(item); + return ATRET_FAILED; + } + + int32_t ret = AddStrArrayInfo(object, curr->dcaps, curr->dcapsNum, DCAPS_KEY_NAME); + if (ret != ATRET_SUCCESS) { + return ret; + } + + ret = AddStrArrayInfo(object, curr->perms, curr->permsNum, PERMS_KEY_NAME); + if (ret != ATRET_SUCCESS) { + return ret; + } + + ret = AddStrArrayInfo(object, curr->acls, curr->aclsNum, ACLS_KEY_NAME); + return ret; +} + +cJSON *CreateNativeTokenJsonObject(const NativeTokenList *curr) +{ + cJSON *object = cJSON_CreateObject(); + if (object == NULL) { + AT_LOG_ERROR("[ATLIB-%s]:cJSON_CreateObject failed.", __func__); + return NULL; + } + if (SetNativeTokenJsonObject(curr, object) != ATRET_SUCCESS) { + cJSON_Delete(object); + return NULL; + } + + return object; +} + +static uint32_t UpdateStrArrayType(char* const strArr[], int32_t strNum, const char *strKey, cJSON *record) +{ + cJSON *strArrJson = cJSON_CreateArray(); + if (strArrJson == NULL) { + AT_LOG_ERROR("[ATLIB-%s]:cJSON_CreateArray failed.", __func__); + return ATRET_FAILED; + } + for (int32_t i = 0; i < strNum; i++) { + cJSON *item = cJSON_CreateString(strArr[i]); + if (item == NULL) { + AT_LOG_ERROR("[ATLIB-%s]:cJSON_CreateString failed.", __func__); + cJSON_Delete(strArrJson); + return ATRET_FAILED; + } + if (!cJSON_AddItemToArray(strArrJson, item)) { + AT_LOG_ERROR("[ATLIB-%s]:cJSON_AddItemToArray failed.", __func__); + cJSON_Delete(item); + cJSON_Delete(strArrJson); + return ATRET_FAILED; + } + } + if (cJSON_GetObjectItem(record, strKey) != NULL) { + if (!cJSON_ReplaceItemInObject(record, strKey, strArrJson)) { + AT_LOG_ERROR("[ATLIB-%s]:cJSON_ReplaceItemInObject failed.", __func__); + cJSON_Delete(strArrJson); + return ATRET_FAILED; + } + } else { + if (!cJSON_AddItemToObject(record, strKey, strArrJson)) { + AT_LOG_ERROR("[ATLIB-%s]:cJSON_AddItemToObject failed.", __func__); + cJSON_Delete(strArrJson); + return ATRET_FAILED; + } + } + + return ATRET_SUCCESS; +} + +static uint32_t UpdateItemcontent(const NativeTokenList *tokenNode, cJSON *record) +{ + cJSON *itemApl = cJSON_CreateNumber(tokenNode->apl); + if (itemApl == NULL) { + return ATRET_FAILED; + } + if (!cJSON_ReplaceItemInObject(record, APL_KEY_NAME, itemApl)) { + cJSON_Delete(itemApl); + AT_LOG_ERROR("[ATLIB-%s]:APL update failed.", __func__); + return ATRET_FAILED; + } + + uint32_t ret = UpdateStrArrayType(tokenNode->dcaps, tokenNode->dcapsNum, DCAPS_KEY_NAME, record); + if (ret != ATRET_SUCCESS) { + AT_LOG_ERROR("[ATLIB-%s]:dcaps update failed.", __func__); + return ATRET_FAILED; + } + + ret = UpdateStrArrayType(tokenNode->perms, tokenNode->permsNum, PERMS_KEY_NAME, record); + if (ret != ATRET_SUCCESS) { + AT_LOG_ERROR("[ATLIB-%s]:perms update failed.", __func__); + return ATRET_FAILED; + } + + ret = UpdateStrArrayType(tokenNode->acls, tokenNode->aclsNum, ACLS_KEY_NAME, record); + if (ret != ATRET_SUCCESS) { + AT_LOG_ERROR("[ATLIB-%s]:acls update failed.", __func__); + return ATRET_FAILED; + } + return ATRET_SUCCESS; +} + +uint32_t UpdateGoalItemFromRecord(const NativeTokenList *tokenNode, cJSON *record) +{ + int32_t arraySize = cJSON_GetArraySize(record); + for (int32_t i = 0; i < arraySize; i++) { + cJSON *cjsonItem = cJSON_GetArrayItem(record, i); + if (cjsonItem == NULL) { + AT_LOG_ERROR("[ATLIB-%s]:cJSON_GetArrayItem failed.", __func__); + return ATRET_FAILED; + } + cJSON *processNameJson = cJSON_GetObjectItem(cjsonItem, PROCESS_KEY_NAME); + if (processNameJson == NULL) { + AT_LOG_ERROR("[ATLIB-%s]:processNameJson is null.", __func__); + return ATRET_FAILED; + } + if (strcmp(processNameJson->valuestring, tokenNode->processName) == 0) { + return UpdateItemcontent(tokenNode, cjsonItem); + } + } + AT_LOG_ERROR("[ATLIB-%s]:cannot find process in config file.", __func__); + return ATRET_FAILED; +} diff --git a/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.cpp b/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.cpp index de2434dcd87db07d6f49d1cc4b599062a71f1e9b..225bac7eb4f5d097519501d2fa6c41ce525432d4 100644 --- a/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.cpp +++ b/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.cpp @@ -46,7 +46,7 @@ void TokenLibKitTest::TearDown() } } -int Start(const char *processName) +int32_t Start(const char *processName) { const char **dcaps = new const char *[2]; dcaps[0] = "AT_CAP"; @@ -55,16 +55,21 @@ int Start(const char *processName) const char **perms = new const char *[2]; perms[0] = "ohos.permission.test1"; perms[1] = "ohos.permission.test2"; + const char **acls = new const char *[1]; + acls[0] = "ohos.permission.test1"; NativeTokenInfoParams infoInstance = { .dcapsNum = 2, .permsNum = 2, + .aclsNum = 1, .dcaps = dcaps, .perms = perms, + .acls = acls, .processName = processName, .aplStr = "system_core", }; tokenId = GetAccessTokenId(&infoInstance); delete[] dcaps; + delete[] perms; return tokenId; } @@ -79,7 +84,7 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId001, TestSize.Level1) const char **dcaps = new const char *[2]; dcaps[0] = "AT_CAP"; dcaps[1] = "ST_CAP"; - int dcapNum = 2; + int32_t dcapNum = 2; uint64_t tokenId; const char **perms = new const char *[2]; perms[0] = "ohos.permission.test1"; @@ -87,8 +92,10 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId001, TestSize.Level1) NativeTokenInfoParams infoInstance = { .dcapsNum = dcapNum, .permsNum = 2, + .aclsNum = 0, .dcaps = dcaps, .perms = perms, + .acls = nullptr, .aplStr = "system_core", }; infoInstance.processName = ""; @@ -130,10 +137,11 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId002, TestSize.Level1) const char **dcaps = new const char *[32]; dcaps[0] = "AT_CAP"; dcaps[1] = "ST_CAP"; - int dcapNum = -1; + int32_t dcapNum = -1; uint64_t tokenId; NativeTokenInfoParams infoInstance = { .permsNum = 0, + .aclsNum = 0, .dcaps = dcaps, .perms = nullptr, .aplStr = "system_core", @@ -181,10 +189,11 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId003, TestSize.Level1) const char **dcaps = new const char *[2]; dcaps[0] = "AT_CAP"; dcaps[1] = "ST_CAP"; - int dcapNum = 2; + int32_t dcapNum = 2; uint64_t tokenId; NativeTokenInfoParams infoInstance = { .permsNum = 0, + .aclsNum = 0, .dcaps = dcaps, .perms = nullptr, .aplStr = "system_core", @@ -244,11 +253,12 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId004, TestSize.Level1) const char **dcaps = new const char *[2]; dcaps[0] = "AT_CAP"; dcaps[1] = "ST_CAP"; - int dcapNum = 2; + int32_t dcapNum = 2; uint64_t tokenId; NativeTokenInfoParams infoInstance = { .dcapsNum = dcapNum, .permsNum = 0, + .aclsNum = 0, .dcaps = dcaps, .perms = nullptr, .processName = "GetAccessTokenId003", @@ -294,7 +304,7 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId006, TestSize.Level1) ASSERT_NE(tokenID, 0); char *fileBuff = nullptr; - int ret = GetFileBuff(TOKEN_ID_CFG_FILE_PATH, &fileBuff); + int32_t ret = GetFileBuff(TOKEN_ID_CFG_FILE_PATH, &fileBuff); ASSERT_EQ(ret, ATRET_SUCCESS); string s = "GetAccessTokenId006"; char *pos = strstr(fileBuff, s.c_str()); @@ -312,10 +322,11 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId007, TestSize.Level1) const char **perms = new const char *[MAX_PERM_NUM]; perms[0] = "ohos.permission.test1"; perms[1] = "ohos.permission.test2"; - int permsNum = -1; + int32_t permsNum = -1; uint64_t tokenId; NativeTokenInfoParams infoInstance = { .dcapsNum = 0, + .aclsNum = 0, .dcaps = nullptr, .perms = perms, .aplStr = "system_core", @@ -363,19 +374,28 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId008, TestSize.Level1) dcaps[0] = "AT_CAP"; dcaps[1] = "ST_CAP"; uint64_t tokenId; + const char **acls = new const char *[2]; + acls[0] = "ohos.permission.test1"; + acls[1] = "ohos.permission.test2"; const char **perms = new const char *[2]; perms[0] = "ohos.permission.test1"; perms[1] = "ohos.permission.test2"; NativeTokenInfoParams infoInstance = { .dcapsNum = 2, .permsNum = 2, + .aclsNum = 2, .dcaps = dcaps, .perms = perms, + .acls = acls, .processName = "GetAccessTokenId008", .aplStr = "system_core", }; tokenId = GetAccessTokenId(&infoInstance); ASSERT_NE(tokenId, 0); + + delete[] perms; + delete[] dcaps; + delete[] acls; } /** @@ -389,7 +409,7 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId009, TestSize.Level1) const char **perms = new const char *[2]; perms[0] = "AT_CAP"; perms[1] = "ST_CAP"; - int permsNum = 2; + int32_t permsNum = 2; uint64_t tokenId; NativeTokenInfoParams infoInstance = { .dcapsNum = 0, @@ -451,13 +471,13 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId010, TestSize.Level1) /* enable 200 process before fondation is prepared */ for (int32_t i = 0; i < 200; i++) { processName[i][0] = '\0'; - int ret = sprintf_s(processName[i], MAX_PROCESS_NAME_LEN, "processName_%d", i); + int32_t ret = sprintf_s(processName[i], MAX_PROCESS_NAME_LEN, "processName_%d", i); ASSERT_NE(ret, 0); uint64_t tokenId = Start(processName[i]); ASSERT_NE(tokenId, 0); } char *fileBuff = nullptr; - int ret = GetFileBuff(TOKEN_ID_CFG_FILE_PATH, &fileBuff); + int32_t ret = GetFileBuff(TOKEN_ID_CFG_FILE_PATH, &fileBuff); ASSERT_EQ(ret, 0); for (int32_t i = 0; i < 200; i++) { char *pos = strstr(fileBuff, processName[i]); @@ -492,7 +512,7 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId011, TestSize.Level1) Start("process19"); char *fileBuff = nullptr; - int ret = GetFileBuff(TOKEN_ID_CFG_FILE_PATH, &fileBuff); + int32_t ret = GetFileBuff(TOKEN_ID_CFG_FILE_PATH, &fileBuff); ASSERT_EQ(ret, 0); char *pos = strstr(fileBuff, "process1"); ASSERT_NE(pos, nullptr); @@ -514,3 +534,201 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId011, TestSize.Level1) ASSERT_NE(pos, nullptr); free(fileBuff); } + +/** + * @tc.name: GetAccessTokenId012 + * @tc.desc: Get AccessTokenId with valid acls. + * @tc.type: FUNC + * @tc.require:AR000H09K6 + */ +HWTEST_F(TokenLibKitTest, GetAccessTokenId012, TestSize.Level1) +{ + const char **dcaps = new const char *[2]; + dcaps[0] = "AT_CAP"; + dcaps[1] = "ST_CAP"; + uint64_t tokenId; + const char **acls = new const char *[2]; + acls[0] = "ohos.permission.test1"; + acls[1] = "ohos.permission.test2"; + + NativeTokenInfoParams infoInstance = { + .dcapsNum = 2, + .permsNum = 0, + .aclsNum = 2, + .dcaps = dcaps, + .perms = nullptr, + .acls = acls, + .processName = "GetAccessTokenId008", + .aplStr = "system_core", + }; + tokenId = GetAccessTokenId(&infoInstance); + ASSERT_EQ(tokenId, 0); + + infoInstance.acls = nullptr; + infoInstance.aclsNum = 0; + + delete[] dcaps; + delete[] acls; +} + +/** + * @tc.name: GetAccessTokenId013 + * @tc.desc: cannot getAccessTokenId with invalid acls. + * @tc.type: FUNC + * @tc.require:AR000H09K6 + */ +HWTEST_F(TokenLibKitTest, GetAccessTokenId013, TestSize.Level1) +{ + const char **acls = new const char *[2]; + acls[0] = "AT_CAP"; + acls[1] = "ST_CAP"; + int32_t aclsNum = 2; + uint64_t tokenId; + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = 2, + .dcaps = nullptr, + .perms = acls, + .aplStr = "system_core", + }; + + infoInstance.aclsNum = aclsNum; + infoInstance.acls = nullptr; + infoInstance.processName = "GetAccessTokenId013"; + tokenId = GetAccessTokenId(&infoInstance); + ASSERT_EQ(tokenId, 0); + + aclsNum = 0; + infoInstance.aclsNum = aclsNum; + infoInstance.acls = nullptr; + infoInstance.processName = "GetAccessTokenId013_01"; + tokenId = GetAccessTokenId(&infoInstance); + ASSERT_NE(tokenId, 0); + + aclsNum = 1; + const std::string invalidAcl (MAX_PERM_LEN + 1, 'x'); + acls[0] = invalidAcl.c_str(); + infoInstance.aclsNum = aclsNum; + infoInstance.acls = acls; + infoInstance.processName = "GetAccessTokenId013_02"; + tokenId = GetAccessTokenId(&infoInstance); + ASSERT_EQ(tokenId, 0); + + const std::string validcAcl01 (MAX_PERM_LEN, 'x'); + acls[0] = validcAcl01.c_str(); + infoInstance.aclsNum = aclsNum; + infoInstance.acls = acls; + infoInstance.processName = "GetAccessTokenId013_03"; + tokenId = GetAccessTokenId(&infoInstance); + ASSERT_NE(tokenId, 0); + + const std::string validcAcl02 (MAX_PERM_LEN - 1, 'x'); + acls[0] = validcAcl02.c_str(); + infoInstance.aclsNum = aclsNum; + infoInstance.acls = acls; + infoInstance.processName = "GetAccessTokenId013_04"; + tokenId = GetAccessTokenId(&infoInstance); + ASSERT_NE(tokenId, 0); + + delete[] acls; +} + +/** + * @tc.name: GetAccessTokenId014 + * @tc.desc: getAccessTokenId success with perms and acls. + * @tc.type: FUNC + * @tc.require:AR000H09K7 + */ +HWTEST_F(TokenLibKitTest, GetAccessTokenId014, TestSize.Level0) +{ + uint64_t tokenId; + const char **acls = new const char *[1]; + acls[0] = "ohos.permission.PERMISSION_USED_STATS"; + const char **perms = new const char *[3]; + perms[0] = "ohos.permission.PERMISSION_USED_STATS"; // system_core + perms[1] = "ohos.permission.PLACE_CALL"; // system_basic + perms[2] = "ohos.permission.unknown"; // invalid + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = 3, + .dcaps = nullptr, + .perms = perms, + .aplStr = "system_basic", + }; + + infoInstance.acls = nullptr; + infoInstance.aclsNum = 0; + infoInstance.processName = "GetAccessTokenId014_01"; + tokenId = GetAccessTokenId(&infoInstance); + ASSERT_NE(tokenId, 0); + + infoInstance.acls = acls; + infoInstance.aclsNum = 1; + infoInstance.processName = "GetAccessTokenId014_02"; + tokenId = GetAccessTokenId(&infoInstance); + ASSERT_NE(tokenId, 0); + + delete[] perms; + delete[] acls; +} + +/** + * @tc.name: GetAccessTokenId015 + * @tc.desc: cannot getAccessTokenId with invalid aclsNum. + * @tc.type: FUNC + * @tc.require:AR000H09K6 + */ +HWTEST_F(TokenLibKitTest, GetAccessTokenId015, TestSize.Level1) +{ + const char **perms = new const char *[MAX_PERM_NUM]; + perms[0] = "ohos.permission.test1"; + perms[1] = "ohos.permission.test2"; + int32_t permsNum = 2; + uint64_t tokenId; + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .dcaps = nullptr, + .perms = perms, + .acls = perms, + .aplStr = "system_core", + }; + + infoInstance.permsNum = permsNum; + infoInstance.aclsNum = -1; + infoInstance.processName = "GetAccessTokenId015"; + tokenId = GetAccessTokenId(&infoInstance); + ASSERT_EQ(tokenId, 0); + + infoInstance.permsNum = MAX_PERM_NUM; + infoInstance.aclsNum = MAX_PERM_NUM + 1; + infoInstance.processName = "GetAccessTokenId015_00"; + tokenId = GetAccessTokenId(&infoInstance); + ASSERT_EQ(tokenId, 0); + + for (int32_t i = 0; i < MAX_PERM_NUM; i++) { + perms[i] = "ohos.permission.test"; + } + + permsNum = MAX_PERM_NUM; + infoInstance.permsNum = permsNum; + infoInstance.aclsNum = permsNum; + infoInstance.processName = "GetAccessTokenId015_01"; + tokenId = GetAccessTokenId(&infoInstance); + ASSERT_NE(tokenId, 0); + + permsNum = MAX_PERM_NUM - 1; + infoInstance.permsNum = permsNum; + infoInstance.aclsNum = permsNum; + infoInstance.processName = "GetAccessTokenId015_02"; + tokenId = GetAccessTokenId(&infoInstance); + ASSERT_NE(tokenId, 0); + + permsNum = MAX_PERM_NUM - 1; + infoInstance.permsNum = permsNum; + infoInstance.aclsNum = permsNum + 1; + infoInstance.processName = "GetAccessTokenId015_03"; + tokenId = GetAccessTokenId(&infoInstance); + ASSERT_EQ(tokenId, 0); + + delete[] perms; +} diff --git a/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.h b/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.h index 59b315af49024cbb91f9cccdbf7fb956fcc1b130..c63ffcc617b6e3eb38f2a6f9d758bb7e29975de3 100644 --- a/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.h +++ b/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.h @@ -20,9 +20,9 @@ namespace OHOS { namespace Security { -static const int BUFF_LEN = 102400; -static const int DELAY_ONE_SECONDS = 5; -static const int DELAY_FIVE_SECONDS = 10; +static const int32_t BUFF_LEN = 102400; +static const int32_t DELAY_ONE_SECONDS = 5; +static const int32_t DELAY_FIVE_SECONDS = 10; class TokenLibKitTest : public testing::Test { public: static void SetUpTestCase(); diff --git a/services/accesstokenmanager/main/cpp/include/database/field_const.h b/services/accesstokenmanager/main/cpp/include/database/field_const.h index 5d31e933b85ef0be802c6da48160cde8a5a7f550..880a0b7c34594743e1ee0cf51e8bcd319990d19e 100644 --- a/services/accesstokenmanager/main/cpp/include/database/field_const.h +++ b/services/accesstokenmanager/main/cpp/include/database/field_const.h @@ -33,6 +33,7 @@ const std::string FIELD_TOKEN_VERSION = "token_version"; const std::string FIELD_TOKEN_ATTR = "token_attr"; const std::string FIELD_PROCESS_NAME = "process_name"; const std::string FIELD_DCAP = "dcap"; +const std::string FIELD_NATIVE_ACLS = "native_acls"; const std::string FIELD_PERMISSION_NAME = "permission_name"; const std::string FIELD_GRANT_MODE = "grant_mode"; const std::string FIELD_AVAILABLE_LEVEL = "available_level"; diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h b/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h index d8ec4cb97530790f5f0234e99ecc28c0834db400..1db448e10bdad2343559591962a11c3a553ac3d7 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h @@ -48,8 +48,9 @@ public: int QueryPermissionFlag(const std::string& permissionName); void UpdatePermissionStatus(const std::string& permissionName, bool isGranted, int flag); void ToString(std::string& info); - bool IsPermissionReqValid(int32_t tokenApl, const std::string &permissionName); - void PermStateToString(int32_t tokenApl, std::string& info); + bool IsPermissionReqValid(int32_t tokenApl, const std::string& permissionName, + const std::vector& nativeAcls); + void PermStateToString(int32_t tokenApl, const std::vector& nativeAcls, std::string& info); void GetPermissionStateList(std::vector& stateList); private: diff --git a/services/accesstokenmanager/main/cpp/include/token/native_token_info_inner.h b/services/accesstokenmanager/main/cpp/include/token/native_token_info_inner.h index 5b95fa62b4b576fe8e87518f0dd748156a32421d..6894140b09a32e861f7d1e10facfe006cd6599de 100644 --- a/services/accesstokenmanager/main/cpp/include/token/native_token_info_inner.h +++ b/services/accesstokenmanager/main/cpp/include/token/native_token_info_inner.h @@ -34,6 +34,7 @@ static const std::string JSON_TOKEN_ID = "tokenId"; static const std::string JSON_TOKEN_ATTR = "tokenAttr"; static const std::string JSON_DCAPS = "dcaps"; static const std::string JSON_PERMS = "permissions"; +static const std::string JSON_ACLS = "nativeAcls"; static const int MAX_DCAPS_NUM = 32; static const int MAX_REQ_PERM_NUM = 32; @@ -41,23 +42,27 @@ class NativeTokenInfoInner final { public: NativeTokenInfoInner(); NativeTokenInfoInner(NativeTokenInfo& info, - const std::vector &permStateList); + const std::vector& permStateList); virtual ~NativeTokenInfoInner(); int Init(AccessTokenID id, const std::string& processName, int apl, const std::vector& dcap, - const std::vector &permStateList); + const std::vector& nativeAcls, + const std::vector& permStateList); void StoreNativeInfo(std::vector& valueList, std::vector& permStateValues) const; void TranslateToNativeTokenInfo(NativeTokenInfo& InfoParcel) const; void SetDcaps(const std::string& dcapStr); + void SetNativeAcls(const std::string& AclsStr); void ToString(std::string& info) const; int RestoreNativeTokenInfo(AccessTokenID tokenId, const GenericValues& inGenericValues, const std::vector& permStateRes); void Update(AccessTokenID tokenId, const std::string& processName, - int apl, const std::vector& dcap); + int apl, const std::vector& dcap, + const std::vector& nativeAcls); std::vector GetDcap() const; + std::vector GetNativeAcls() const; AccessTokenID GetTokenID() const; std::string GetProcessName() const; NativeTokenInfo GetNativeTokenInfo() const; @@ -68,6 +73,7 @@ public: private: int TranslationIntoGenericValues(GenericValues& outGenericValues) const; std::string DcapToString(const std::vector& dcap) const; + std::string NativeAclsToString(const std::vector& nativeAcls) const; // true means sync from remote. bool isRemote_; diff --git a/services/accesstokenmanager/main/cpp/src/database/sqlite_storage.cpp b/services/accesstokenmanager/main/cpp/src/database/sqlite_storage.cpp index 9640c97768d7487cf52030766da4c5149cd6189f..5b35c186cb7eca2f4e4ea1a8594b21b8334cd9f9 100644 --- a/services/accesstokenmanager/main/cpp/src/database/sqlite_storage.cpp +++ b/services/accesstokenmanager/main/cpp/src/database/sqlite_storage.cpp @@ -66,7 +66,7 @@ SqliteStorage::SqliteStorage() : SqliteHelper(DATABASE_NAME, DATABASE_PATH, DATA NativeTokenInfoTable.tableColumnNames_ = { FIELD_TOKEN_ID, FIELD_PROCESS_NAME, FIELD_TOKEN_VERSION, FIELD_TOKEN_ATTR, - FIELD_DCAP, FIELD_APL + FIELD_DCAP, FIELD_NATIVE_ACLS, FIELD_APL }; SqliteTable permissionDefTable; @@ -317,6 +317,7 @@ int SqliteStorage::CreateNativeTokenInfoTable() const .append(FIELD_TOKEN_VERSION + " integer not null,") .append(FIELD_TOKEN_ATTR + " integer not null,") .append(FIELD_DCAP + " text not null,") + .append(FIELD_NATIVE_ACLS + " text not null,") .append(FIELD_APL + " integer not null,") .append("primary key(" + FIELD_TOKEN_ID) .append("))"); diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index 326a1e1cc3a6541d2d8fb0f3b5794e4c125c4366..d41a88b6863949ccd732aa63c300f95d44502405 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -123,9 +123,16 @@ int PermissionManager::VerifyNativeAccessToken(AccessTokenID tokenID, const std: ACCESSTOKEN_LOG_ERROR(LABEL, "can not find tokenInfo!"); return PERMISSION_DENIED; } + + NativeTokenInfo info; + tokenInfoPtr->TranslateToNativeTokenInfo(info); if (PermissionDefinitionCache::GetInstance().IsPermissionDefEmpty()) { ACCESSTOKEN_LOG_INFO(LABEL, "permission definition set has not been installed!"); - return PERMISSION_GRANTED; + if (info.apl >= APL_SYSTEM_BASIC) { + return PERMISSION_GRANTED; + } + ACCESSTOKEN_LOG_INFO(LABEL, "native process apl is %{public}d!", info.apl); + return PERMISSION_DENIED; } if (!tokenInfoPtr->IsRemote() && !PermissionDefinitionCache::GetInstance().HasDefinition(permissionName)) { ACCESSTOKEN_LOG_ERROR( diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp index ce6ad9ea95db30e0298239b923994cd0f045104b..471ed5f2688377484e2653b83815a68effee2a6b 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp @@ -326,7 +326,8 @@ void PermissionPolicySet::ToString(std::string& info) info.append("\n ]\n"); } -bool PermissionPolicySet::IsPermissionReqValid(int32_t tokenApl, const std::string &permissionName) +bool PermissionPolicySet::IsPermissionReqValid(int32_t tokenApl, const std::string& permissionName, + const std::vector& nativeAcls) { PermissionDef permissionDef; int ret = PermissionDefinitionCache::GetInstance().FindByPermissionName( @@ -334,22 +335,28 @@ bool PermissionPolicySet::IsPermissionReqValid(int32_t tokenApl, const std::stri if (ret != RET_SUCCESS) { return false; } - if (tokenApl < permissionDef.availableLevel) { - return false; + if (tokenApl >= permissionDef.availableLevel) { + return true; + } + + auto iter = std::find(nativeAcls.begin(), nativeAcls.end(), permissionName); + if (iter != nativeAcls.end()) { + return true; } - return true; + return false; } -void PermissionPolicySet::PermStateToString(int32_t tokenApl, std::string& info) +void PermissionPolicySet::PermStateToString(int32_t tokenApl, + const std::vector& nativeAcls, std::string& info) { Utils::UniqueReadGuard infoGuard(this->permPolicySetLock_); - std::vector invaildPermList = {}; + std::vector invalidPermList = {}; info.append(R"( "permStateList": [)"); info.append("\n"); for (auto iter = permStateList_.begin(); iter != permStateList_.end(); iter++) { - if (!IsPermissionReqValid(tokenApl, iter->permissionName)) { - invaildPermList.emplace_back(iter->permissionName); + if (!IsPermissionReqValid(tokenApl, iter->permissionName, nativeAcls)) { + invalidPermList.emplace_back(iter->permissionName); continue; } PermStateFullToString(*iter, info); @@ -359,13 +366,13 @@ void PermissionPolicySet::PermStateToString(int32_t tokenApl, std::string& info) } info.append("\n ]\n"); - if (invaildPermList.size() == 0) { + if (invalidPermList.size() == 0) { return; } - info.append(R"( "invaildPermList": [)"); + info.append(R"( "invalidPermList": [)"); info.append("\n"); - for (auto iter = invaildPermList.begin(); iter != invaildPermList.end(); iter++) { + for (auto iter = invalidPermList.begin(); iter != invalidPermList.end(); iter++) { info.append(R"( "permissionName": ")" + *iter + R"(")" + ",\n"); } info.append("\n ]\n"); diff --git a/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp b/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp index 4a41f2f57c5a475272a92538f891955e637f524e..012433693a999db399197d70c0c89dd312be8970 100644 --- a/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp @@ -54,7 +54,8 @@ NativeTokenInfoInner::~NativeTokenInfoInner() int NativeTokenInfoInner::Init(AccessTokenID id, const std::string& processName, int apl, const std::vector& dcap, - const std::vector &permStateList) + const std::vector& nativeAcls, + const std::vector& permStateList) { tokenInfoBasic_.tokenID = id; if (!DataValidator::IsProcessNameValid(processName)) { @@ -71,6 +72,7 @@ int NativeTokenInfoInner::Init(AccessTokenID id, const std::string& processName, } tokenInfoBasic_.apl = (ATokenAplEnum)apl; tokenInfoBasic_.dcap = dcap; + tokenInfoBasic_.nativeAcls = nativeAcls; std::vector permDefList = {}; permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(id, @@ -90,6 +92,18 @@ std::string NativeTokenInfoInner::DcapToString(const std::vector& d return dcapStr; } +std::string NativeTokenInfoInner::NativeAclsToString(const std::vector& nativeAcls) const +{ + std::string nativeAclsStr; + for (auto iter = nativeAcls.begin(); iter != nativeAcls.end(); iter++) { + nativeAclsStr.append(*iter); + if (iter != (nativeAcls.end() - 1)) { + nativeAclsStr.append(","); + } + } + return nativeAclsStr; +} + int NativeTokenInfoInner::TranslationIntoGenericValues(GenericValues& outGenericValues) const { outGenericValues.Put(FIELD_TOKEN_ID, tokenInfoBasic_.tokenID); @@ -97,6 +111,7 @@ int NativeTokenInfoInner::TranslationIntoGenericValues(GenericValues& outGeneric outGenericValues.Put(FIELD_APL, tokenInfoBasic_.apl); outGenericValues.Put(FIELD_TOKEN_VERSION, tokenInfoBasic_.ver); outGenericValues.Put(FIELD_DCAP, DcapToString(tokenInfoBasic_.dcap)); + outGenericValues.Put(FIELD_NATIVE_ACLS, NativeAclsToString(tokenInfoBasic_.nativeAcls)); outGenericValues.Put(FIELD_TOKEN_ATTR, tokenInfoBasic_.tokenAttr); return RET_SUCCESS; @@ -129,6 +144,7 @@ int NativeTokenInfoInner::RestoreNativeTokenInfo(AccessTokenID tokenId, const Ge } SetDcaps(inGenericValues.GetString(FIELD_DCAP)); + SetNativeAcls(inGenericValues.GetString(FIELD_NATIVE_ACLS)); tokenInfoBasic_.tokenAttr = (uint32_t)inGenericValues.GetInt(FIELD_TOKEN_ATTR); std::vector permDefRes = {}; @@ -143,6 +159,7 @@ void NativeTokenInfoInner::TranslateToNativeTokenInfo(NativeTokenInfo& InfoParce InfoParcel.ver = tokenInfoBasic_.ver; InfoParcel.processName = tokenInfoBasic_.processName; InfoParcel.dcap = tokenInfoBasic_.dcap; + InfoParcel.nativeAcls = tokenInfoBasic_.nativeAcls; InfoParcel.tokenID = tokenInfoBasic_.tokenID; InfoParcel.tokenAttr = tokenInfoBasic_.tokenAttr; } @@ -173,6 +190,11 @@ std::vector NativeTokenInfoInner::GetDcap() const return tokenInfoBasic_.dcap; } +std::vector NativeTokenInfoInner::GetNativeAcls() const +{ + return tokenInfoBasic_.nativeAcls; +} + std::string NativeTokenInfoInner::GetProcessName() const { return tokenInfoBasic_.processName; @@ -207,6 +229,20 @@ void NativeTokenInfoInner::SetDcaps(const std::string& dcapStr) } } +void NativeTokenInfoInner::SetNativeAcls(const std::string& AclsStr) +{ + std::string::size_type start = 0; + while (true) { + std::string::size_type offset = AclsStr.find(',', start); + if (offset == std::string::npos) { + tokenInfoBasic_.nativeAcls.push_back(AclsStr.substr(start)); + break; + } + tokenInfoBasic_.nativeAcls.push_back(AclsStr.substr(start, offset)); + start = offset + 1; + } +} + void NativeTokenInfoInner::ToString(std::string& info) const { info.append(R"({)"); @@ -217,9 +253,10 @@ void NativeTokenInfoInner::ToString(std::string& info) const info.append(R"( "processName": ")" + tokenInfoBasic_.processName + R"(")" + ",\n"); info.append(R"( "apl": )" + std::to_string(tokenInfoBasic_.apl) + ",\n"); info.append(R"( "dcap": ")" + DcapToString(tokenInfoBasic_.dcap) + R"(")" + ",\n"); + info.append(R"( "nativeAcls": ")" + NativeAclsToString(tokenInfoBasic_.nativeAcls) + R"(")" + ",\n"); info.append(R"( "isRemote": )" + std::to_string(isRemote_? 1 : 0) + ",\n"); if (permPolicySet_ != nullptr) { - permPolicySet_->PermStateToString(tokenInfoBasic_.apl, info); + permPolicySet_->PermStateToString(tokenInfoBasic_.apl, tokenInfoBasic_.nativeAcls, info); } info.append("}"); } diff --git a/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp b/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp index 995b7a1d6ca7e57c276381b21062f9520b63a78c..8c7d5f9b371c4a98746b43209c9fed2da6f71a5e 100644 --- a/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp @@ -33,7 +33,7 @@ static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ } int32_t NativeReqPermsGet( - const nlohmann::json& j, std::vector &permStateList) + const nlohmann::json& j, std::vector& permStateList) { std::vector permReqList; if (j.find(JSON_PERMS) == j.end()) { @@ -46,7 +46,7 @@ int32_t NativeReqPermsGet( for (auto permReq : permReqList) { PermissionStateFull permState; permState.permissionName = permReq; - permState.isGeneral = 1; + permState.isGeneral = true; permState.resDeviceID.push_back(""); permState.grantStatus.push_back(PERMISSION_GRANTED); permState.grantFlags.push_back(PERMISSION_SYSTEM_FIXED); @@ -113,6 +113,15 @@ void from_json(const nlohmann::json& j, std::shared_ptr& p return; } + if (j.find(JSON_ACLS) != j.end()) { + native.nativeAcls = j.at(JSON_ACLS).get>(); + if (native.nativeAcls.size() > MAX_REQ_PERM_NUM) { + return; + } + } else { + return; + } + std::vector permStateList; if (NativeReqPermsGet(j, permStateList) != RET_SUCCESS) { return; diff --git a/services/accesstokenmanager/test/unittest/cpp/src/native_token_receptor_test.cpp b/services/accesstokenmanager/test/unittest/cpp/src/native_token_receptor_test.cpp index 33c9c5d8f86f5ce1258ab1714bf099ff1bef0ed6..ee755451415d198c26b0b6787900b2f2ff6557b8 100644 --- a/services/accesstokenmanager/test/unittest/cpp/src/native_token_receptor_test.cpp +++ b/services/accesstokenmanager/test/unittest/cpp/src/native_token_receptor_test.cpp @@ -74,9 +74,9 @@ HWTEST_F(NativeTokenReceptorTest, ParserNativeRawData001, TestSize.Level1) ACCESSTOKEN_LOG_INFO(LABEL, "test ParserNativeRawData001!"); std::string testStr = R"([)"\ R"({"processName":"process6","APL":3,"version":1,"tokenId":685266937,"tokenAttr":0,)"\ - R"("dcaps":["AT_CAP","ST_CAP"], "permissions":[]},)"\ + R"("dcaps":["AT_CAP","ST_CAP"], "permissions":[], "nativeAcls":[]},)"\ R"({"processName":"process5","APL":3,"version":1,"tokenId":678065606,"tokenAttr":0,)"\ - R"("dcaps":["AT_CAP","ST_CAP"], "permissions":[]}])"; + R"("dcaps":["AT_CAP","ST_CAP"], "permissions":[], "nativeAcls":[]}])"; NativeTokenReceptor& receptor = NativeTokenReceptor::GetInstance(); std::vector> tokenInfos; @@ -177,7 +177,8 @@ HWTEST_F(NativeTokenReceptorTest, from_json001, TestSize.Level1) {"tokenId", 685266937}, {"tokenAttr", 0}, {"dcaps", {"AT_CAP", "ST_CAP"}}, - {"permissions", {"ohos.permission.PLACE_CALL"}}}; + {"permissions", {"ohos.permission.PLACE_CALL"}}, + {"nativeAcls", {"ohos.permission.PLACE_CALL"}}}; std::shared_ptr p; from_json(j, p); ASSERT_NE((p == nullptr), true); @@ -331,7 +332,7 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos002, TestSize.Level1) }; NativeTokenInfo info2 = { - .apl = APL_NORMAL, + .apl = APL_SYSTEM_BASIC, .ver = 1, .processName = "native_token_test2", .tokenID = 0x28100002, @@ -615,8 +616,10 @@ HWTEST_F(NativeTokenReceptorTest, init001, TestSize.Level1) NativeTokenInfoParams infoInstance = { .dcapsNum = dcapNum, .permsNum = 2, + .aclsNum = 0, .dcaps = dcaps, .perms = perms, + .acls = nullptr, .processName = "native_token_test7", .aplStr = "system_core", }; @@ -657,8 +660,10 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos007, TestSize.Level1) NativeTokenInfoParams infoInstance = { .dcapsNum = dcapNum, .permsNum = 0, + .aclsNum = 0, .dcaps = dcaps, .perms = nullptr, + .acls = nullptr, }; infoInstance.aplStr = apl3; infoInstance.processName = "ProcessNativeTokenInfos007_003"; diff --git a/services/tokensyncmanager/src/command/base_remote_command.cpp b/services/tokensyncmanager/src/command/base_remote_command.cpp index feb6a50c1ff9b13d3f9f69f1859b74da65812f05..fd66d89c01d67dd521b2cfb01bf21052ff40bafa 100644 --- a/services/tokensyncmanager/src/command/base_remote_command.cpp +++ b/services/tokensyncmanager/src/command/base_remote_command.cpp @@ -88,6 +88,7 @@ nlohmann::json BaseRemoteCommand::ToNativeTokenInfoJson(const NativeTokenInfoFor } nlohmann::json DcapsJson = nlohmann::json(tokenInfo.baseInfo.dcap); + nlohmann::json NativeAclsJson = nlohmann::json(tokenInfo.baseInfo.nativeAcls); nlohmann::json nativeTokenJson = nlohmann::json { {"processName", tokenInfo.baseInfo.processName}, {"apl", tokenInfo.baseInfo.apl}, @@ -95,6 +96,7 @@ nlohmann::json BaseRemoteCommand::ToNativeTokenInfoJson(const NativeTokenInfoFor {"tokenId", tokenInfo.baseInfo.tokenID}, {"tokenAttr", tokenInfo.baseInfo.tokenAttr}, {"dcaps", DcapsJson}, + {"nativeAcls", NativeAclsJson}, {"permState", permStatesJson}, }; return nativeTokenJson; @@ -266,6 +268,10 @@ void BaseRemoteCommand::FromNativeTokenInfoJson(const nlohmann::json& nativeToke && nativeTokenJson.at("dcaps").size() > 0 && (nativeTokenJson.at("dcaps"))[0].is_string()) { nativeTokenInfo.baseInfo.dcap = nativeTokenJson.at("dcaps").get>(); } + if (nativeTokenJson.find("nativeAcls") != nativeTokenJson.end() && nativeTokenJson.at("nativeAcls").is_array() + && nativeTokenJson.at("nativeAcls").size() > 0 && (nativeTokenJson.at("nativeAcls"))[0].is_string()) { + nativeTokenInfo.baseInfo.nativeAcls = nativeTokenJson.at("nativeAcls").get>(); + } FromPermStateListJson(nativeTokenJson, nativeTokenInfo.permStateList); } diff --git a/services/tokensyncmanager/src/service/token_sync_manager_stub.cpp b/services/tokensyncmanager/src/service/token_sync_manager_stub.cpp index c1e2cd5a776b1772add5dfc3a1aedd7fa0a14bec..5d15d5e29c31c70326fccd8f73b89b0e992f90a5 100644 --- a/services/tokensyncmanager/src/service/token_sync_manager_stub.cpp +++ b/services/tokensyncmanager/src/service/token_sync_manager_stub.cpp @@ -17,8 +17,8 @@ #include "accesstoken_log.h" #include "hap_token_info_for_sync_parcel.h" -#include "native_token_info_for_sync_parcel.h" #include "ipc_skeleton.h" +#include "native_token_info_for_sync_parcel.h" #include "string_ex.h" namespace OHOS {