From 3197d9d9a42534f7fcb5fe814f3d9d7c51ab7bc3 Mon Sep 17 00:00:00 2001 From: bigtea Date: Tue, 5 Nov 2024 21:21:57 +0800 Subject: [PATCH] Add ClearHapInfoCache Signed-off-by: bigtea --- .../accesstoken_service_ipc_interface_code.h | 1 + .../include/i_accesstoken_manager.h | 1 + .../accesstoken/include/accesstoken_kit.h | 6 +++++ .../accesstoken/libaccesstoken_sdk.map | 1 + .../accesstoken/src/accesstoken_kit.cpp | 6 +++++ .../src/accesstoken_manager_client.cpp | 10 +++++++ .../src/accesstoken_manager_client.h | 1 + .../src/accesstoken_manager_proxy.cpp | 26 +++++++++++++++++++ .../src/accesstoken_manager_proxy.h | 1 + .../unittest/src/accesstoken_deny_test.cpp | 13 ++++++++++ .../unittest/src/accesstoken_kit_test.cpp | 19 ++++++++++++++ .../service/accesstoken_manager_service.h | 1 + .../service/accesstoken_manager_stub.h | 1 + .../include/token/accesstoken_info_manager.h | 1 + .../service/accesstoken_manager_service.cpp | 5 ++++ .../src/service/accesstoken_manager_stub.cpp | 12 +++++++++ .../src/token/accesstoken_info_manager.cpp | 11 ++++++++ 17 files changed, 116 insertions(+) diff --git a/frameworks/accesstoken/include/accesstoken_service_ipc_interface_code.h b/frameworks/accesstoken/include/accesstoken_service_ipc_interface_code.h index 3f15f41fd..e7dd248a9 100644 --- a/frameworks/accesstoken/include/accesstoken_service_ipc_interface_code.h +++ b/frameworks/accesstoken/include/accesstoken_service_ipc_interface_code.h @@ -71,6 +71,7 @@ enum class AccessTokenInterfaceCode { UPDATE_USER_POLICY, CLEAR_USER_POLICY, GET_HAP_TOKENINFO_EXT, + CLEAR_HAP_INFO_CACHE, }; } // namespace AccessToken } // namespace Security diff --git a/frameworks/accesstoken/include/i_accesstoken_manager.h b/frameworks/accesstoken/include/i_accesstoken_manager.h index 0a49f90f3..c4240e089 100644 --- a/frameworks/accesstoken/include/i_accesstoken_manager.h +++ b/frameworks/accesstoken/include/i_accesstoken_manager.h @@ -105,6 +105,7 @@ public: const std::vector& userList, const std::vector& permList) = 0; virtual int32_t UpdateUserPolicy(const std::vector& userList) = 0; virtual int32_t ClearUserPolicy() = 0; + virtual int32_t ClearHapInfoCache() = 0; virtual void DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& tokenInfo) = 0; virtual int32_t GetVersion(uint32_t& version) = 0; virtual void GetPermissionManagerInfo(PermissionGrantInfoParcel& infoParcel) = 0; diff --git a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h index 0442d19bf..8f1630928 100644 --- a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h +++ b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h @@ -429,6 +429,12 @@ public: * @return error code, see access_token_error.h */ static int32_t ClearUserPolicy(); + + /** + * @brief Clear hap info cache + * @return error code, see access_token_error.h + */ + static int32_t ClearHapInfoCache(); }; } // namespace AccessToken } // namespace Security diff --git a/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map b/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map index 7f35bfed9..e4e2ff7cf 100644 --- a/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map +++ b/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map @@ -74,6 +74,7 @@ "OHOS::Security::AccessToken::TokenSyncKitInterface::~TokenSyncKitInterface()"; "OHOS::Security::AccessToken::AccessTokenKit::GrantPermissionForSpecifiedTime(unsigned int, std::__h::basic_string, std::__h::allocator> const&, unsigned int)"; "OHOS::Security::AccessToken::AccessTokenKit::GetHapTokenInfoExtension(unsigned int, OHOS::Security::AccessToken::HapTokenInfoExt&)"; + "OHOS::Security::AccessToken::AccessTokenKit::ClearHapInfoCache()"; ""; ""; }; diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp index 7feb24573..3e145c911 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp @@ -596,6 +596,12 @@ int32_t AccessTokenKit::ClearUserPolicy() ACCESSTOKEN_LOG_INFO(LABEL, "Enter."); return AccessTokenManagerClient::GetInstance().ClearUserPolicy(); } + +int32_t AccessTokenKit::ClearHapInfoCache() +{ + ACCESSTOKEN_LOG_INFO(LABEL, "Enter."); + return AccessTokenManagerClient::GetInstance().ClearHapInfoCache(); +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp index 3c25dce2c..dd91130ec 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp @@ -744,6 +744,16 @@ int32_t AccessTokenManagerClient::ClearUserPolicy() return proxy->ClearUserPolicy(); } +int32_t AccessTokenManagerClient::ClearHapInfoCache() +{ + auto proxy = GetProxy(); + if (proxy == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + return AccessTokenError::ERR_SERVICE_ABNORMAL; + } + return proxy->ClearHapInfoCache(); +} + int32_t AccessTokenManagerClient::UpdateUserPolicy(const std::vector& userList) { auto proxy = GetProxy(); diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h index 61ceeb353..177968406 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h @@ -102,6 +102,7 @@ public: int32_t InitUserPolicy(const std::vector& userList, const std::vector& permList); int32_t UpdateUserPolicy(const std::vector& userList); int32_t ClearUserPolicy(); + int32_t ClearHapInfoCache(); private: AccessTokenManagerClient(); diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp index b7685d1c8..3632bcf76 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp @@ -1295,6 +1295,32 @@ int32_t AccessTokenManagerProxy::ClearUserPolicy() return result; } +int32_t AccessTokenManagerProxy::ClearHapInfoCache() +{ + MessageParcel data; + if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { + ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + return ERR_WRITE_PARCEL_FAILED; + } + + MessageParcel reply; + MessageOption option(MessageOption::TF_ASYNC); + sptr remote = Remote(); + if (remote == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, + "Code: %{public}d remote service null.", AccessTokenInterfaceCode::CLEAR_HAP_INFO_CACHE); + return false; + } + int32_t requestResult = remote->SendRequest( + static_cast(AccessTokenInterfaceCode::CLEAR_HAP_INFO_CACHE), data, reply, option); + if (requestResult != NO_ERROR) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Code: %{public}d request fail, result: %{public}d", + AccessTokenInterfaceCode::CLEAR_HAP_INFO_CACHE, requestResult); + return ERR_SERVICE_ABNORMAL; + } + return RET_SUCCESS; +} + int32_t AccessTokenManagerProxy::UpdateUserPolicy(const std::vector& userList) { MessageParcel data; diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h index 88131f667..b20f8ff70 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h @@ -86,6 +86,7 @@ public: int32_t InitUserPolicy(const std::vector& userList, const std::vector& permList) override; int32_t UpdateUserPolicy(const std::vector& userList) override; int32_t ClearUserPolicy() override; + int32_t ClearHapInfoCache() override; #ifdef TOKEN_SYNC_ENABLE int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSyncParcel& hapSyncParcel) override; diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_deny_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_deny_test.cpp index 5d2505b7b..71e935fb6 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_deny_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_deny_test.cpp @@ -536,6 +536,19 @@ HWTEST_F(AccessTokenDenyTest, GrantPermissionForSpecifiedTime001, TestSize.Level ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, permission, onceTime)); } + +/** + * @tc.name: ClearHapInfoCache001 + * @tc.desc: ClearHapInfoCache with no permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenDenyTest, ClearHapInfoCache001, TestSize.Level1) +{ + // async ipc function, equal to success + int32_t ret = AccessTokenKit::ClearHapInfoCache(); + ASSERT_EQ(ret, RET_SUCCESS); +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp index e6c4d9d20..5399aab07 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp @@ -3281,6 +3281,25 @@ HWTEST_F(AccessTokenKitTest, GetHapTokenInfoExt001, TestSize.Level1) ret = AccessTokenKit::GetHapTokenInfoExtension(INVALID_TOKENID, hapTokenInfoExt); ASSERT_EQ(ret, AccessTokenError::ERR_PARAM_INVALID); } + +/** + * @tc.name: ClearHapInfoCacheTest001 + * @tc.desc: ClearHapInfoCacheTest001. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenKitTest, ClearHapInfoCacheTest001, TestSize.Level1) +{ + setuid(0); + const char **perms = new const char *[1]; + perms[INDEX_ZERO] = "ohos.permission.MANAGE_HAP_TOKENID"; + uint64_t tokenID = GetNativeTokenTest("TestCase", perms, 1); + EXPECT_EQ(0, SetSelfTokenID(tokenID)); + delete[] perms; + + int32_t ret = AccessTokenKit::ClearHapInfoCache(); + EXPECT_EQ(ret, 0); +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h index f22482af6..87622661f 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h @@ -100,6 +100,7 @@ public: int32_t InitUserPolicy(const std::vector& userList, const std::vector& permList) override; int32_t UpdateUserPolicy(const std::vector& userList) override; int32_t ClearUserPolicy() override; + int32_t ClearHapInfoCache() override; void DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& dumpInfo) override; int32_t GetVersion(uint32_t& version) override; int Dump(int fd, const std::vector& args) override; diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h index 45b6ef695..2de735d84 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h @@ -85,6 +85,7 @@ private: void InitUserPolicyInner(MessageParcel& data, MessageParcel& reply); void UpdateUserPolicyInner(MessageParcel& data, MessageParcel& reply); void ClearUserPolicyInner(MessageParcel& data, MessageParcel& reply); + void ClearHapInfoCacheInner(MessageParcel& data, MessageParcel& reply); bool IsPrivilegedCalling() const; bool IsAccessTokenCalling(); diff --git a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h index 2f84ac32c..8f877f5db 100644 --- a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h +++ b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h @@ -72,6 +72,7 @@ public: int32_t InitUserPolicy(const std::vector& userList, const std::vector& permList); int32_t UpdateUserPolicy(const std::vector& userList); int32_t ClearUserPolicy(); + int32_t ClearHapInfoCache(); bool GetPermDialogCap(AccessTokenID tokenID); void DumpToken(); int32_t GetCurDumpTaskNum(); diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index 98a9edb2e..488d794bd 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -551,6 +551,11 @@ int32_t AccessTokenManagerService::ClearUserPolicy() return AccessTokenInfoManager::GetInstance().ClearUserPolicy(); } +int32_t AccessTokenManagerService::ClearHapInfoCache() +{ + return AccessTokenInfoManager::GetInstance().ClearHapInfoCache(); +} + int AccessTokenManagerService::Dump(int fd, const std::vector& args) { if (fd < 0) { diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp index 70a235a1b..3123abb2b 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp @@ -935,6 +935,16 @@ void AccessTokenManagerStub::ClearUserPolicyInner(MessageParcel& data, MessagePa IF_FALSE_PRINT_LOG(LABEL, reply.WriteInt32(res), "WriteInt32 failed."); } +void AccessTokenManagerStub::ClearHapInfoCacheInner(MessageParcel& data, MessageParcel& reply) +{ + uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); + if (VerifyAccessToken(callingToken, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingToken); + return; + } + this->ClearHapInfoCache(); +} + bool AccessTokenManagerStub::IsPrivilegedCalling() const { // shell process is root in debug mode. @@ -1029,6 +1039,8 @@ void AccessTokenManagerStub::SetLocalTokenOpFuncInMap() &AccessTokenManagerStub::UpdateUserPolicyInner; requestFuncMap_[static_cast(AccessTokenInterfaceCode::CLEAR_USER_POLICY)] = &AccessTokenManagerStub::ClearUserPolicyInner; + requestFuncMap_[static_cast(AccessTokenInterfaceCode::CLEAR_HAP_INFO_CACHE)] = + &AccessTokenManagerStub::ClearHapInfoCacheInner; requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_HAP_TOKENINFO_EXT)] = &AccessTokenManagerStub::GetHapTokenInfoExtensionInner; } diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index e93769542..df2e6e2bc 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -1561,6 +1561,17 @@ int32_t AccessTokenInfoManager::ClearUserPolicy() return ret; } +int32_t AccessTokenInfoManager::ClearHapInfoCache() +{ + ACCESSTOKEN_LOG_INFO(LABEL, "Start clear hap info cache."); + Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); + for (auto iter = hapTokenIdMap_.begin(); iter != hapTokenIdMap_.end();) { + hapTokenInfoMap_.erase(iter->second); + iter = hapTokenIdMap_.erase(iter); + } + return RET_SUCCESS; +} + bool AccessTokenInfoManager::GetPermDialogCap(AccessTokenID tokenID) { if (tokenID == INVALID_TOKENID) { -- Gitee