diff --git a/frameworks/accesstoken/BUILD.gn b/frameworks/accesstoken/BUILD.gn index 905cf97537af37433da66c892757cf3a9c615565..cc427a8a8cde764a614814239ffd2ac16a65baa2 100644 --- a/frameworks/accesstoken/BUILD.gn +++ b/frameworks/accesstoken/BUILD.gn @@ -64,4 +64,9 @@ ohos_shared_library("accesstoken_communication_adapter_cxx") { ] external_deps = [ "c_utils:utils" ] + + if (security_component_enhance_enable) { + sources += [ "src/sec_comp_enhance_data_parcel.cpp" ] + external_deps += [ "ipc:ipc_single" ] + } } diff --git a/frameworks/accesstoken/include/accesstoken_service_ipc_interface_code.h b/frameworks/accesstoken/include/accesstoken_service_ipc_interface_code.h index 9ef4d29ffb688ff9761111d39f4168972280e1c3..0bde69b9358b40c28bf37f4c623fd5066e79bb9f 100644 --- a/frameworks/accesstoken/include/accesstoken_service_ipc_interface_code.h +++ b/frameworks/accesstoken/include/accesstoken_service_ipc_interface_code.h @@ -77,6 +77,13 @@ enum class AccessTokenInterfaceCode { UNREGISTER_SELF_PERM_STATE_CHANGE_CALLBACK, VERIFY_ACCESSTOKEN_WITH_LIST = 0x0050, + +#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE + REGISTER_SEC_COMP_ENHANCE = 0x0100, + UPDATE_SEC_COMP_ENHANCE, + GET_SEC_COMP_ENHANCE, + GET_SPECIAL_SEC_COMP_ENHANCE, +#endif }; } // namespace AccessToken } // namespace Security diff --git a/frameworks/accesstoken/include/i_accesstoken_manager.h b/frameworks/accesstoken/include/i_accesstoken_manager.h index 5ec9285f4ed86c4eb07d6a51c6cab1321a587e64..67f6e9d15efd551141ad55cea5bd1c87e31dee76 100644 --- a/frameworks/accesstoken/include/i_accesstoken_manager.h +++ b/frameworks/accesstoken/include/i_accesstoken_manager.h @@ -36,6 +36,9 @@ #include "permission_list_state_parcel.h" #include "permission_status_parcel.h" #include "permission_state_change_scope_parcel.h" +#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE +#include "sec_comp_enhance_data_parcel.h" +#endif #include "system_ability_definition.h" namespace OHOS { @@ -116,6 +119,13 @@ public: virtual void DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& tokenInfo) = 0; virtual int32_t GetVersion(uint32_t& version) = 0; virtual void GetPermissionManagerInfo(PermissionGrantInfoParcel& infoParcel) = 0; +#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE + virtual int32_t RegisterSecCompEnhance(const SecCompEnhanceDataParcel& enhanceParcel) = 0; + virtual int32_t UpdateSecCompEnhance(int32_t pid, uint32_t seqNum) = 0; + virtual int32_t GetSecCompEnhance(int32_t pid, SecCompEnhanceDataParcel& enhanceParcel) = 0; + virtual int32_t GetSpecialSecCompEnhance(const std::string& bundleName, + std::vector& enhanceParcelList) = 0; +#endif }; } // namespace AccessToken } // namespace Security diff --git a/frameworks/privacy/include/sec_comp_enhance_data_parcel.h b/frameworks/accesstoken/include/sec_comp_enhance_data_parcel.h similarity index 100% rename from frameworks/privacy/include/sec_comp_enhance_data_parcel.h rename to frameworks/accesstoken/include/sec_comp_enhance_data_parcel.h diff --git a/frameworks/privacy/src/sec_comp_enhance_data_parcel.cpp b/frameworks/accesstoken/src/sec_comp_enhance_data_parcel.cpp similarity index 100% rename from frameworks/privacy/src/sec_comp_enhance_data_parcel.cpp rename to frameworks/accesstoken/src/sec_comp_enhance_data_parcel.cpp diff --git a/frameworks/privacy/BUILD.gn b/frameworks/privacy/BUILD.gn index b452f0cda89a9310f87a1c980fb21a5b32c4ff2b..6209524ec06086950b33d59820935fda93767c9c 100644 --- a/frameworks/privacy/BUILD.gn +++ b/frameworks/privacy/BUILD.gn @@ -50,9 +50,4 @@ ohos_shared_library("privacy_communication_adapter_cxx") { ] external_deps = [ "c_utils:utils" ] - - if (security_component_enhance_enable) { - sources += [ "src/sec_comp_enhance_data_parcel.cpp" ] - external_deps += [ "ipc:ipc_single" ] - } } diff --git a/frameworks/privacy/include/i_privacy_manager.h b/frameworks/privacy/include/i_privacy_manager.h index 6c8cf6a2af1d260f00c8834d0e497fe8fa670056..fc68b7c7c3a0d6bae4c8ed9adcfd005b88d94f3f 100644 --- a/frameworks/privacy/include/i_privacy_manager.h +++ b/frameworks/privacy/include/i_privacy_manager.h @@ -29,9 +29,6 @@ #include "permission_used_result_parcel.h" #include "permission_used_type_info_parcel.h" #include "privacy_param.h" -#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE -#include "sec_comp_enhance_data_parcel.h" -#endif /* SAID:3505 */ namespace OHOS { @@ -62,13 +59,6 @@ public: virtual bool IsAllowedUsingPermission(AccessTokenID tokenID, const std::string& permissionName, int32_t pid) = 0; virtual int32_t SetMutePolicy(uint32_t policyType, uint32_t callerType, bool isMute, AccessTokenID tokenID) = 0; virtual int32_t SetHapWithFGReminder(uint32_t tokenId, bool isAllowed) = 0; -#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE - virtual int32_t RegisterSecCompEnhance(const SecCompEnhanceDataParcel& enhanceParcel) = 0; - virtual int32_t UpdateSecCompEnhance(int32_t pid, uint32_t seqNum) = 0; - virtual int32_t GetSecCompEnhance(int32_t pid, SecCompEnhanceDataParcel& enhanceParcel) = 0; - virtual int32_t GetSpecialSecCompEnhance(const std::string& bundleName, - std::vector& enhanceParcelList) = 0; -#endif virtual int32_t GetPermissionUsedTypeInfos(const AccessTokenID tokenId, const std::string& permissionName, std::vector& resultsParcel) = 0; }; diff --git a/frameworks/privacy/include/privacy_service_ipc_interface_code.h b/frameworks/privacy/include/privacy_service_ipc_interface_code.h index db02228f2c991d1d1230a6700e5aaa9ed13c8898..30bf135483e91fbd46151902fb8ccd03338b06bf 100644 --- a/frameworks/privacy/include/privacy_service_ipc_interface_code.h +++ b/frameworks/privacy/include/privacy_service_ipc_interface_code.h @@ -31,12 +31,6 @@ enum class PrivacyInterfaceCode { REGISTER_PERM_ACTIVE_STATUS_CHANGE_CALLBACK, UNREGISTER_PERM_ACTIVE_STATUS_CHANGE_CALLBACK, IS_ALLOWED_USING_PERMISSION, -#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE - REGISTER_SEC_COMP_ENHANCE, - UPDATE_SEC_COMP_ENHANCE, - GET_SEC_COMP_ENHANCE, - GET_SPECIAL_SEC_COMP_ENHANCE, -#endif GET_PERMISSION_USED_TYPE_INFOS, SET_MUTE_POLICY, SET_HAP_WITH_FOREGROUND_REMINDER, diff --git a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h index 32bf54fbf262e57fbb6fe11a2aeb099b70b64bc2..9c5dd5b0955cf17e70a337b646df9aa4407518ec 100644 --- a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h +++ b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h @@ -54,6 +54,9 @@ #include "permission_state_change_info.h" #include "permission_state_full.h" #include "perm_state_change_callback_customize.h" +#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE +#include "sec_comp_enhance_data.h" +#endif #ifdef TOKEN_SYNC_ENABLE #include "token_sync_kit_interface.h" #endif // TOKEN_SYNC_ENABLE @@ -502,6 +505,37 @@ public: * @return tokenId */ static uint64_t GetRenderTokenID(uint64_t tokenId); + +#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE + /** + * @brief Register security component enhance data when security component service did not start + * @param enhance enhance data + * @return error code, see privacy_error.h + */ + static int32_t RegisterSecCompEnhance(const SecCompEnhanceData& enhance); + /** + * @brief update security component enhance data + * @param pid process id + * @param seqNum sequence number + * @return error code, see privacy_error.h + */ + static int32_t UpdateSecCompEnhance(int32_t pid, uint32_t seqNum); + /** + * @brief get security component enhance data + * @param pid process id + * @param enhance enhance data + * @return error code, see privacy_error.h + */ + static int32_t GetSecCompEnhance(int32_t pid, SecCompEnhanceData& enhance); + /** + * @brief get special security component enhance data + * @param bundleName bundle name + * @param enhanceList enhance data + * @return error code, see privacy_error.h + */ + static int32_t GetSpecialSecCompEnhance(const std::string& bundleName, + std::vector& enhanceList); +#endif }; } // namespace AccessToken } // namespace Security diff --git a/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map b/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map index 69b329fffcf42472699562974f9b223a429da8fb..e98ac1ab8feb8dae47bac1178918e92c036761f0 100644 --- a/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map +++ b/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map @@ -84,6 +84,10 @@ "OHOS::Security::AccessToken::AccessTokenKit::RequestAppPermOnSetting(unsigned int)"; OHOS::Security::AccessToken::AccessTokenKit::IsSystemAppByFullTokenID*; OHOS::Security::AccessToken::AccessTokenKit::GetRenderTokenID*; + "OHOS::Security::AccessToken::AccessTokenKit::RegisterSecCompEnhance(OHOS::Security::AccessToken::SecCompEnhanceData const&)"; + "OHOS::Security::AccessToken::AccessTokenKit::UpdateSecCompEnhance(int, unsigned int)"; + "OHOS::Security::AccessToken::AccessTokenKit::GetSecCompEnhance(int, OHOS::Security::AccessToken::SecCompEnhanceData&)"; + "OHOS::Security::AccessToken::AccessTokenKit::GetSpecialSecCompEnhance(std::__h::basic_string, std::__h::allocator> const&, std::__h::vector>&)"; ""; ""; }; diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp index 870e2565397bfb1163d773f875a3ee4835abcba4..a5951bf1659cd70e1029a2ab11e48424014fcb61 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp @@ -727,6 +727,29 @@ uint64_t AccessTokenKit::GetRenderTokenID(uint64_t tokenId) id = *reinterpret_cast(idInner); return static_cast(id); } + +#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE +int32_t AccessTokenKit::RegisterSecCompEnhance(const SecCompEnhanceData& enhance) +{ + return AccessTokenManagerClient::GetInstance().RegisterSecCompEnhance(enhance); +} + +int32_t AccessTokenKit::UpdateSecCompEnhance(int32_t pid, uint32_t seqNum) +{ + return AccessTokenManagerClient::GetInstance().UpdateSecCompEnhance(pid, seqNum); +} + +int32_t AccessTokenKit::GetSecCompEnhance(int32_t pid, SecCompEnhanceData& enhance) +{ + return AccessTokenManagerClient::GetInstance().GetSecCompEnhance(pid, enhance); +} + +int32_t AccessTokenKit::GetSpecialSecCompEnhance(const std::string& bundleName, + std::vector& enhanceList) +{ + return AccessTokenManagerClient::GetInstance().GetSpecialSecCompEnhance(bundleName, enhanceList); +} +#endif } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp index a8e0ce1f1b182e716da2bdb193dbd706ae83870c..e950fc9be3fea340cd6c0672b1e3bf47116a5c65 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp @@ -15,6 +15,7 @@ #include "accesstoken_manager_client.h" +#include "accesstoken_callbacks.h" #include "accesstoken_log.h" #include "access_token_error.h" #include "accesstoken_manager_proxy.h" @@ -24,7 +25,9 @@ #include "iservice_registry.h" #include "parameter.h" #include "permission_grant_info_parcel.h" -#include "accesstoken_callbacks.h" +#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE +#include "sec_comp_enhance_data_parcel.h" +#endif namespace OHOS { namespace Security { @@ -806,6 +809,65 @@ int32_t AccessTokenManagerClient::UpdateUserPolicy(const std::vector& return proxy->UpdateUserPolicy(userList); } +#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE +int32_t AccessTokenManagerClient::RegisterSecCompEnhance(const SecCompEnhanceData& enhance) +{ + auto proxy = GetProxy(); + if (proxy == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); + return AccessTokenError::ERR_PARAM_INVALID; + } + SecCompEnhanceDataParcel registerParcel; + registerParcel.enhanceData = enhance; + return proxy->RegisterSecCompEnhance(registerParcel); +} + +int32_t AccessTokenManagerClient::UpdateSecCompEnhance(int32_t pid, uint32_t seqNum) +{ + auto proxy = GetProxy(); + if (proxy == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); + return AccessTokenError::ERR_PARAM_INVALID; + } + return proxy->UpdateSecCompEnhance(pid, seqNum); +} + +int32_t AccessTokenManagerClient::GetSecCompEnhance(int32_t pid, SecCompEnhanceData& enhance) +{ + auto proxy = GetProxy(); + if (proxy == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); + return AccessTokenError::ERR_PARAM_INVALID; + } + SecCompEnhanceDataParcel parcel; + int32_t res = proxy->GetSecCompEnhance(pid, parcel); + if (res != RET_SUCCESS) { + return res; + } + enhance = parcel.enhanceData; + return RET_SUCCESS; +} + +int32_t AccessTokenManagerClient::GetSpecialSecCompEnhance(const std::string& bundleName, + std::vector& enhanceList) +{ + auto proxy = GetProxy(); + if (proxy == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); + return AccessTokenError::ERR_PARAM_INVALID; + } + std::vector parcelList; + int32_t res = proxy->GetSpecialSecCompEnhance(bundleName, parcelList); + if (res != RET_SUCCESS) { + return res; + } + + std::transform(parcelList.begin(), parcelList.end(), std::back_inserter(enhanceList), + [](SecCompEnhanceDataParcel pair) { return pair.enhanceData; }); + return RET_SUCCESS; +} +#endif + void AccessTokenManagerClient::ReleaseProxy() { if (proxy_ != nullptr && serviceDeathObserver_ != nullptr) { diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h index c185a95f6f33a1fa0087c19d85f1ccbb7edc032f..d58428931e70605845c3c3cb14bed8a1b8e19d7e 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h @@ -108,6 +108,13 @@ public: int32_t InitUserPolicy(const std::vector& userList, const std::vector& permList); int32_t UpdateUserPolicy(const std::vector& userList); int32_t ClearUserPolicy(); +#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE + int32_t RegisterSecCompEnhance(const SecCompEnhanceData& enhance); + int32_t UpdateSecCompEnhance(int32_t pid, uint32_t seqNum); + int32_t GetSecCompEnhance(int32_t pid, SecCompEnhanceData& enhance); + int32_t GetSpecialSecCompEnhance(const std::string& bundleName, + std::vector& enhanceList); +#endif private: AccessTokenManagerClient(); diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp index e2ed43ae2aeb49a8fc93f8ea44b6645311ad9220..5d51a03efbed8e043ea3b352f97e9c670a560395 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp @@ -28,6 +28,9 @@ namespace { static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "ATMProxy"}; static const int MAX_PERMISSION_SIZE = 1000; static const int32_t MAX_USER_POLICY_SIZE = 1024; +#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE +static const int MAX_SEC_COMP_ENHANCE_SIZE = 1000; +#endif } AccessTokenManagerProxy::AccessTokenManagerProxy(const sptr& impl) @@ -38,10 +41,15 @@ AccessTokenManagerProxy::~AccessTokenManagerProxy() {} bool AccessTokenManagerProxy::SendRequest( - AccessTokenInterfaceCode code, MessageParcel& data, MessageParcel& reply) + AccessTokenInterfaceCode code, MessageParcel& data, MessageParcel& reply, bool asyncMode) { - MessageOption option(MessageOption::TF_SYNC); - + int flag = 0; + if (asyncMode) { + flag = static_cast(MessageOption::TF_ASYNC); + } else { + flag = static_cast(MessageOption::TF_SYNC); + } + MessageOption option(flag); sptr remote = Remote(); if (remote == nullptr) { ACCESSTOKEN_LOG_ERROR(LABEL, "Code: %{public}d remote service null.", code); @@ -1513,6 +1521,124 @@ int32_t AccessTokenManagerProxy::UpdateUserPolicy(const std::vector& ACCESSTOKEN_LOG_INFO(LABEL, "Result from server data = %{public}d", result); return result; } + +#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE +int32_t AccessTokenManagerProxy::RegisterSecCompEnhance(const SecCompEnhanceDataParcel& enhance) +{ + MessageParcel data; + MessageParcel reply; + if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write WriteInterfaceToken."); + return ERR_WRITE_PARCEL_FAILED; + } + + if (!data.WriteParcelable(&enhance)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write parcel."); + return ERR_WRITE_PARCEL_FAILED; + } + + if (!SendRequest(AccessTokenInterfaceCode::REGISTER_SEC_COMP_ENHANCE, data, reply, true)) { + return ERR_SERVICE_ABNORMAL; + } + + int32_t result = reply.ReadInt32(); + ACCESSTOKEN_LOG_INFO(LABEL, "Result from server data = %{public}d", result); + return result; +} + +int32_t AccessTokenManagerProxy::UpdateSecCompEnhance(int32_t pid, uint32_t seqNum) +{ + MessageParcel data; + MessageParcel reply; + if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write GetDescriptor."); + return ERR_WRITE_PARCEL_FAILED; + } + if (!data.WriteInt32(pid)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write pid=%{public}d.", pid); + return ERR_WRITE_PARCEL_FAILED; + } + if (!data.WriteUint32(seqNum)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write seqNum=%{public}u.", seqNum); + return ERR_WRITE_PARCEL_FAILED; + } + if (!SendRequest(AccessTokenInterfaceCode::UPDATE_SEC_COMP_ENHANCE, data, reply)) { + return ERR_SERVICE_ABNORMAL; + } + + int32_t result = reply.ReadInt32(); + ACCESSTOKEN_LOG_INFO(LABEL, "Result=%{public}d", result); + return result; +} + +int32_t AccessTokenManagerProxy::GetSecCompEnhance(int32_t pid, SecCompEnhanceDataParcel& enhanceParcel) +{ + MessageParcel data; + MessageParcel reply; + if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write WriteInterfaceToken."); + return ERR_WRITE_PARCEL_FAILED; + } + if (!data.WriteInt32(pid)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteInt32(%{public}d)", pid); + return ERR_WRITE_PARCEL_FAILED; + } + if (!SendRequest(AccessTokenInterfaceCode::GET_SEC_COMP_ENHANCE, data, reply)) { + return ERR_SERVICE_ABNORMAL; + } + + int32_t result = reply.ReadInt32(); + ACCESSTOKEN_LOG_INFO(LABEL, "Result from server data = %{public}d", result); + if (result != RET_SUCCESS) { + return result; + } + + sptr parcel = reply.ReadParcelable(); + if (parcel != nullptr) { + enhanceParcel = *parcel; + } + return result; +} + +int32_t AccessTokenManagerProxy::GetSpecialSecCompEnhance(const std::string& bundleName, + std::vector& enhanceParcelList) +{ + MessageParcel data; + MessageParcel reply; + if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write WriteInterfaceToken."); + return ERR_WRITE_PARCEL_FAILED; + } + + if (!data.WriteString(bundleName)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write string."); + return ERR_WRITE_PARCEL_FAILED; + } + + if (!SendRequest(AccessTokenInterfaceCode::GET_SPECIAL_SEC_COMP_ENHANCE, data, reply)) { + return ERR_SERVICE_ABNORMAL; + } + + int32_t result = reply.ReadInt32(); + ACCESSTOKEN_LOG_INFO(LABEL, "Result from server data = %{public}d", result); + if (result != RET_SUCCESS) { + return result; + } + + uint32_t size = reply.ReadUint32(); + if (size > MAX_SEC_COMP_ENHANCE_SIZE) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Size = %{public}d get from request is invalid", size); + return ERR_OVERSIZE; + } + for (uint32_t i = 0; i < size; i++) { + sptr parcel = reply.ReadParcelable(); + if (parcel != nullptr) { + enhanceParcelList.emplace_back(*parcel); + } + } + return result; +} +#endif } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h index 3c79708d665cd1db76e130d7ff83d24502eb6025..fdf4ee14a3f68db45bb1f886e3385d23836d509c 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h @@ -108,9 +108,16 @@ public: void DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& dumpInfo) override; int32_t GetVersion(uint32_t& version) override; void GetPermissionManagerInfo(PermissionGrantInfoParcel& infoParcel) override; +#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE + int32_t RegisterSecCompEnhance(const SecCompEnhanceDataParcel& enhance) override; + int32_t UpdateSecCompEnhance(int32_t pid, uint32_t seqNum) override; + int32_t GetSecCompEnhance(int32_t pid, SecCompEnhanceDataParcel& enhanceParcel) override; + int32_t GetSpecialSecCompEnhance(const std::string& bundleName, + std::vector& enhanceParcelList) override; +#endif private: - bool SendRequest(AccessTokenInterfaceCode code, MessageParcel& data, MessageParcel& reply); + bool SendRequest(AccessTokenInterfaceCode code, MessageParcel& data, MessageParcel& reply, bool asyncMode = false); static inline BrokerDelegator delegator_; }; } // namespace AccessToken diff --git a/interfaces/innerkits/accesstoken/test/BUILD.gn b/interfaces/innerkits/accesstoken/test/BUILD.gn index 00fe551fb1afe8de7366a12ae846bf706e55d4a5..c3c02213e05313e65479ae18c2fc3656bbb02ae8 100644 --- a/interfaces/innerkits/accesstoken/test/BUILD.gn +++ b/interfaces/innerkits/accesstoken/test/BUILD.gn @@ -176,6 +176,10 @@ ohos_unittest("accesstoken_mock_test") { if (token_sync_enable == true) { cflags_cc += [ "-DTOKEN_SYNC_ENABLE" ] } + + if (security_component_enhance_enable == true) { + cflags_cc += [ "-DSECURITY_COMPONENT_ENHANCE_ENABLE" ] + } } group("unittest") { diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_extension_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_extension_test.cpp index ad175c4ca94c37d9aef6bc0828602eb460b903ee..549b0ca58b3b89da3d356d400671508feaf71cd9 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_extension_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_extension_test.cpp @@ -3049,6 +3049,53 @@ HWTEST_F(AccessTokenKitExtensionTest, GetPermissionManagerInfo001, TestSize.Leve ASSERT_EQ(false, info.grantBundleName.empty()); } +#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE +/** + * @tc.name: RegisterSecCompEnhance001 + * @tc.desc: PrivacyKit:: function test register enhance data + * @tc.type: FUNC + * @tc.require: issueI7MXZ + */ +HWTEST_F(PrivacyKitTest, RegisterSecCompEnhance001, TestSize.Level1) +{ + SetSelfTokenID(g_tokenIdA); + SecCompEnhanceData data; + data.callback = nullptr; + data.challenge = 0; + data.seqNum = 0; + EXPECT_EQ(PrivacyError::ERR_WRITE_PARCEL_FAILED, PrivacyKit::RegisterSecCompEnhance(data)); + + // StateChangeCallback is not the real callback of SecCompEnhance, but it does not effect the final result. + auto callbackPtr = std::make_shared(); + data.callback = new (std::nothrow) StateChangeCallback(callbackPtr); + EXPECT_EQ(RET_SUCCESS, PrivacyKit::RegisterSecCompEnhance(data)); + + AccessTokenID secCompId = AccessTokenKit::GetNativeTokenId("security_component_service"); + EXPECT_EQ(0, SetSelfTokenID(secCompId)); + SecCompEnhanceData data1; + EXPECT_EQ(RET_SUCCESS, PrivacyKit::GetSecCompEnhance(getpid(), data1)); + EXPECT_NE(RET_SUCCESS, PrivacyKit::GetSecCompEnhance(0, data1)); + EXPECT_EQ(RET_SUCCESS, PrivacyKit::UpdateSecCompEnhance(getpid(), 1)); + EXPECT_NE(RET_SUCCESS, PrivacyKit::UpdateSecCompEnhance(0, 1)); +} + +/** + * @tc.name: GetSpecialSecCompEnhance001 + * @tc.desc: PrivacyKit:: function test Get Special enhance + * @tc.type: FUNC + * @tc.require: issueI7MXZ + */ +HWTEST_F(PrivacyKitTest, GetSpecialSecCompEnhance001, TestSize.Level1) +{ + AccessTokenID secCompId = AccessTokenKit::GetNativeTokenId("security_component_service"); + EXPECT_EQ(0, SetSelfTokenID(secCompId)); + + std::vector res; + ASSERT_EQ(RET_SUCCESS, PrivacyKit::GetSpecialSecCompEnhance("", res)); + ASSERT_EQ(static_cast(res.size()), 0); + ASSERT_EQ(RET_SUCCESS, PrivacyKit::GetSpecialSecCompEnhance(g_infoParmsA.bundleName, res)); +} +#endif } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/interfaces/innerkits/privacy/BUILD.gn b/interfaces/innerkits/privacy/BUILD.gn index 1b1c41ad0a5461d716ed2cd5b95eca43b8e9a2c3..a037ed863178f1660a7b60cc183c18de9cb08d7c 100644 --- a/interfaces/innerkits/privacy/BUILD.gn +++ b/interfaces/innerkits/privacy/BUILD.gn @@ -83,10 +83,6 @@ if (is_standard_system) { "-DDEBUG_API_PERFORMANCE", ] - if (security_component_enhance_enable == true) { - cflags_cc += [ "-DSECURITY_COMPONENT_ENHANCE_ENABLE" ] - } - if (build_variant == "user") { cflags_cc += [ "-DATM_BUILD_VARIANT_USER_ENABLE" ] } diff --git a/interfaces/innerkits/privacy/include/privacy_kit.h b/interfaces/innerkits/privacy/include/privacy_kit.h index 0cd8b415280e7273eea68785143fd898c96eb76d..e2bbc7821a2802df6b531d273a72c5698c2d7a82 100644 --- a/interfaces/innerkits/privacy/include/privacy_kit.h +++ b/interfaces/innerkits/privacy/include/privacy_kit.h @@ -45,9 +45,6 @@ #include "permission_used_type_info.h" #include "perm_active_status_customized_cbk.h" #include "privacy_param.h" -#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE -#include "sec_comp_enhance_data.h" -#endif #include "state_customized_cbk.h" namespace OHOS { @@ -157,36 +154,6 @@ public: */ static bool IsAllowedUsingPermission(AccessTokenID tokenID, const std::string& permissionName, int32_t pid = -1); -#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE - /** - * @brief Register security component enhance data when security component service did not start - * @param enhance enhance data - * @return error code, see privacy_error.h - */ - static int32_t RegisterSecCompEnhance(const SecCompEnhanceData& enhance); - /** - * @brief update security component enhance data - * @param pid process id - * @param seqNum sequence number - * @return error code, see privacy_error.h - */ - static int32_t UpdateSecCompEnhance(int32_t pid, uint32_t seqNum); - /** - * @brief get security component enhance data - * @param pid process id - * @param enhance enhance data - * @return error code, see privacy_error.h - */ - static int32_t GetSecCompEnhance(int32_t pid, SecCompEnhanceData& enhance); - /** - * @brief get special security component enhance data - * @param bundleName bundle name - * @param enhanceList enhance data - * @return error code, see privacy_error.h - */ - static int32_t GetSpecialSecCompEnhance(const std::string& bundleName, - std::vector& enhanceList); -#endif /** * @brief query permission used type. * @param tokenId token id, if 0 return all tokenIds diff --git a/interfaces/innerkits/privacy/libprivacy_sdk.map b/interfaces/innerkits/privacy/libprivacy_sdk.map index f99cde5012102c72776d2bf4941971fcdc5f1b54..96392941a92eed3c2d35f3951670a05a64f6ab68 100644 --- a/interfaces/innerkits/privacy/libprivacy_sdk.map +++ b/interfaces/innerkits/privacy/libprivacy_sdk.map @@ -31,10 +31,6 @@ "OHOS::Security::AccessToken::PrivacyKit::StartUsingPermission(unsigned int, std::__h::basic_string, std::__h::allocator> const&, std::__h::shared_ptr const&, int, OHOS::Security::AccessToken::PermissionUsedTypeValue)"; "OHOS::Security::AccessToken::PrivacyKit::GetPermissionUsedRecords(OHOS::Security::AccessToken::PermissionUsedRequest const&, OHOS::sptr const&)"; "OHOS::Security::AccessToken::PrivacyKit::IsAllowedUsingPermission(unsigned int, std::__h::basic_string, std::__h::allocator> const&, int)"; - "OHOS::Security::AccessToken::PrivacyKit::RegisterSecCompEnhance(OHOS::Security::AccessToken::SecCompEnhanceData const&)"; - "OHOS::Security::AccessToken::PrivacyKit::UpdateSecCompEnhance(int, unsigned int)"; - "OHOS::Security::AccessToken::PrivacyKit::GetSecCompEnhance(int, OHOS::Security::AccessToken::SecCompEnhanceData&)"; - "OHOS::Security::AccessToken::PrivacyKit::GetSpecialSecCompEnhance(std::__h::basic_string, std::__h::allocator> const&, std::__h::vector>&)"; "OHOS::Security::AccessToken::StateCustomizedCbk::~StateCustomizedCbk()"; "OHOS::Security::AccessToken::OnPermissionUsedRecordCallbackStub::OnRemoteRequest(unsigned int, OHOS::MessageParcel&, OHOS::MessageParcel&, OHOS::MessageOption&)"; "OHOS::Security::AccessToken::PrivacyManagerClient::GetInstance()"; diff --git a/interfaces/innerkits/privacy/src/privacy_kit.cpp b/interfaces/innerkits/privacy/src/privacy_kit.cpp index e4bdf39cb94dfef5749bbc16c8390382d39c0213..e93d01c4061fedbc20c41b7f8bd00f1958af68fe 100644 --- a/interfaces/innerkits/privacy/src/privacy_kit.cpp +++ b/interfaces/innerkits/privacy/src/privacy_kit.cpp @@ -207,30 +207,6 @@ bool PrivacyKit::IsAllowedUsingPermission(AccessTokenID tokenID, const std::stri return PrivacyManagerClient::GetInstance().IsAllowedUsingPermission(tokenID, permissionName, pid); } -#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE -int32_t PrivacyKit::RegisterSecCompEnhance(const SecCompEnhanceData& enhance) -{ - return PrivacyManagerClient::GetInstance().RegisterSecCompEnhance(enhance); -} - -int32_t PrivacyKit::UpdateSecCompEnhance(int32_t pid, uint32_t seqNum) -{ - return PrivacyManagerClient::GetInstance().UpdateSecCompEnhance(pid, seqNum); -} - -int32_t PrivacyKit::GetSecCompEnhance(int32_t pid, SecCompEnhanceData& enhance) -{ - return PrivacyManagerClient::GetInstance().GetSecCompEnhance(pid, enhance); -} - -int32_t PrivacyKit::GetSpecialSecCompEnhance(const std::string& bundleName, - std::vector& enhanceList) -{ - return PrivacyManagerClient::GetInstance(). - GetSpecialSecCompEnhance(bundleName, enhanceList); -} -#endif - int32_t PrivacyKit::GetPermissionUsedTypeInfos(const AccessTokenID tokenId, const std::string& permissionName, std::vector& results) { diff --git a/interfaces/innerkits/privacy/src/privacy_manager_client.cpp b/interfaces/innerkits/privacy/src/privacy_manager_client.cpp index b87c2da80f4c98d8077b9f3c29dfb140b936adac..b8d2aa2b6eab1c4aeb4ea332b9df255aa44d4724 100644 --- a/interfaces/innerkits/privacy/src/privacy_manager_client.cpp +++ b/interfaces/innerkits/privacy/src/privacy_manager_client.cpp @@ -19,9 +19,6 @@ #include "iservice_registry.h" #include "privacy_error.h" #include "privacy_manager_proxy.h" -#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE -#include "sec_comp_enhance_data_parcel.h" -#endif namespace OHOS { namespace Security { @@ -325,65 +322,6 @@ bool PrivacyManagerClient::IsAllowedUsingPermission(AccessTokenID tokenID, const return proxy->IsAllowedUsingPermission(tokenID, permissionName, pid); } -#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE -int32_t PrivacyManagerClient::RegisterSecCompEnhance(const SecCompEnhanceData& enhance) -{ - auto proxy = GetProxy(); - if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); - return PrivacyError::ERR_PARAM_INVALID; - } - SecCompEnhanceDataParcel registerParcel; - registerParcel.enhanceData = enhance; - return proxy->RegisterSecCompEnhance(registerParcel); -} - -int32_t PrivacyManagerClient::UpdateSecCompEnhance(int32_t pid, uint32_t seqNum) -{ - auto proxy = GetProxy(); - if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); - return PrivacyError::ERR_PARAM_INVALID; - } - return proxy->UpdateSecCompEnhance(pid, seqNum); -} - -int32_t PrivacyManagerClient::GetSecCompEnhance(int32_t pid, SecCompEnhanceData& enhance) -{ - auto proxy = GetProxy(); - if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); - return PrivacyError::ERR_PARAM_INVALID; - } - SecCompEnhanceDataParcel parcel; - int32_t res = proxy->GetSecCompEnhance(pid, parcel); - if (res != RET_SUCCESS) { - return res; - } - enhance = parcel.enhanceData; - return RET_SUCCESS; -} - -int32_t PrivacyManagerClient::GetSpecialSecCompEnhance(const std::string& bundleName, - std::vector& enhanceList) -{ - auto proxy = GetProxy(); - if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); - return PrivacyError::ERR_PARAM_INVALID; - } - std::vector parcelList; - int32_t res = proxy->GetSpecialSecCompEnhance(bundleName, parcelList); - if (res != RET_SUCCESS) { - return res; - } - - std::transform(parcelList.begin(), parcelList.end(), std::back_inserter(enhanceList), - [](SecCompEnhanceDataParcel pair) { return pair.enhanceData; }); - return RET_SUCCESS; -} -#endif - int32_t PrivacyManagerClient::GetPermissionUsedTypeInfos(const AccessTokenID tokenId, const std::string& permissionName, std::vector& results) { diff --git a/interfaces/innerkits/privacy/src/privacy_manager_client.h b/interfaces/innerkits/privacy/src/privacy_manager_client.h index 9003ec57c5e2ca50a815b9bc2d014196a222477a..984d5a4056722e478ccc535fdbaf8f9b13320de3 100644 --- a/interfaces/innerkits/privacy/src/privacy_manager_client.h +++ b/interfaces/innerkits/privacy/src/privacy_manager_client.h @@ -59,13 +59,6 @@ public: sptr& callbackWrap); bool IsAllowedUsingPermission(AccessTokenID tokenID, const std::string& permissionName, int32_t pid); void OnRemoteDiedHandle(); -#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE - int32_t RegisterSecCompEnhance(const SecCompEnhanceData& enhance); - int32_t UpdateSecCompEnhance(int32_t pid, uint32_t seqNum); - int32_t GetSecCompEnhance(int32_t pid, SecCompEnhanceData& enhance); - int32_t GetSpecialSecCompEnhance(const std::string& bundleName, - std::vector& enhanceList); -#endif int32_t GetPermissionUsedTypeInfos(const AccessTokenID tokenId, const std::string& permissionName, std::vector& results); int32_t SetMutePolicy(uint32_t policyType, uint32_t callerType, bool isMute, AccessTokenID tokenID); diff --git a/interfaces/innerkits/privacy/src/privacy_manager_proxy.cpp b/interfaces/innerkits/privacy/src/privacy_manager_proxy.cpp index 0bba4230ea72aa8b8618b3718c31cf2133c6ea2f..06c7c3397b68b221e47696c50915323bad51647b 100644 --- a/interfaces/innerkits/privacy/src/privacy_manager_proxy.cpp +++ b/interfaces/innerkits/privacy/src/privacy_manager_proxy.cpp @@ -26,9 +26,6 @@ static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { LOG_CORE, SECURITY_DOMAIN_PRIVACY, "PrivacyManagerProxy" }; -#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE -static const int MAX_SEC_COMP_ENHANCE_SIZE = 1000; -#endif // if change this, copy value in privacy_kit_test.cpp should change together static const uint32_t MAX_PERMISSION_USED_TYPE_SIZE = 2000; } @@ -365,124 +362,6 @@ bool PrivacyManagerProxy::IsAllowedUsingPermission(AccessTokenID tokenID, const return result; } -#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE -int32_t PrivacyManagerProxy::RegisterSecCompEnhance(const SecCompEnhanceDataParcel& enhance) -{ - MessageParcel data; - MessageParcel reply; - if (!data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write WriteInterfaceToken."); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - - if (!data.WriteParcelable(&enhance)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write parcel."); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - - if (!SendRequest(PrivacyInterfaceCode::REGISTER_SEC_COMP_ENHANCE, data, reply, true)) { - return PrivacyError::ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server data = %{public}d", result); - return result; -} - -int32_t PrivacyManagerProxy::UpdateSecCompEnhance(int32_t pid, uint32_t seqNum) -{ - MessageParcel data; - MessageParcel reply; - if (!data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write GetDescriptor."); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteInt32(pid)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write pid=%{public}d.", pid); - return false; - } - if (!data.WriteUint32(seqNum)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write seqNum=%{public}u.", seqNum); - return false; - } - if (!SendRequest(PrivacyInterfaceCode::UPDATE_SEC_COMP_ENHANCE, data, reply)) { - return PrivacyError::ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Result=%{public}d", result); - return result; -} - -int32_t PrivacyManagerProxy::GetSecCompEnhance(int32_t pid, SecCompEnhanceDataParcel& enhanceParcel) -{ - MessageParcel data; - MessageParcel reply; - if (!data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write WriteInterfaceToken."); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteInt32(pid)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteInt32(%{public}d)", pid); - return false; - } - if (!SendRequest(PrivacyInterfaceCode::GET_SEC_COMP_ENHANCE, data, reply)) { - return PrivacyError::ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server data = %{public}d", result); - if (result != RET_SUCCESS) { - return result; - } - - sptr parcel = reply.ReadParcelable(); - if (parcel != nullptr) { - enhanceParcel = *parcel; - } - return result; -} - -int32_t PrivacyManagerProxy::GetSpecialSecCompEnhance(const std::string& bundleName, - std::vector& enhanceParcelList) -{ - MessageParcel data; - MessageParcel reply; - if (!data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write WriteInterfaceToken."); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - - if (!data.WriteString(bundleName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write string."); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - - if (!SendRequest(PrivacyInterfaceCode::GET_SPECIAL_SEC_COMP_ENHANCE, data, reply)) { - return PrivacyError::ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server data = %{public}d", result); - if (result != RET_SUCCESS) { - return result; - } - - uint32_t size = reply.ReadUint32(); - if (size > MAX_SEC_COMP_ENHANCE_SIZE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Size = %{public}d get from request is invalid", size); - return PrivacyError::ERR_OVERSIZE; - } - for (uint32_t i = 0; i < size; i++) { - sptr parcel = reply.ReadParcelable(); - if (parcel != nullptr) { - enhanceParcelList.emplace_back(*parcel); - } - } - return result; -} -#endif - int32_t PrivacyManagerProxy::GetPermissionUsedTypeInfos(const AccessTokenID tokenId, const std::string& permissionName, std::vector& resultsParcel) { diff --git a/interfaces/innerkits/privacy/src/privacy_manager_proxy.h b/interfaces/innerkits/privacy/src/privacy_manager_proxy.h index c9da62420386a43fd1c6b77b4d9ce9f4be069d15..d0f7ac7ae9840103436b31993077abd7e48c3ffe 100644 --- a/interfaces/innerkits/privacy/src/privacy_manager_proxy.h +++ b/interfaces/innerkits/privacy/src/privacy_manager_proxy.h @@ -46,13 +46,6 @@ public: std::vector& permList, const sptr& callback) override; int32_t UnRegisterPermActiveStatusCallback(const sptr& callback) override; bool IsAllowedUsingPermission(AccessTokenID tokenID, const std::string& permissionName, int32_t pid) override; -#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE - int32_t RegisterSecCompEnhance(const SecCompEnhanceDataParcel& enhance) override; - int32_t UpdateSecCompEnhance(int32_t pid, uint32_t seqNum) override; - int32_t GetSecCompEnhance(int32_t pid, SecCompEnhanceDataParcel& enhanceParcel) override; - int32_t GetSpecialSecCompEnhance(const std::string& bundleName, - std::vector& enhanceParcelList) override; -#endif int32_t GetPermissionUsedTypeInfos(const AccessTokenID tokenId, const std::string& permissionName, std::vector& resultsParcel) override; int32_t SetMutePolicy(uint32_t policyType, uint32_t callerType, bool isMute, AccessTokenID tokenID) override; diff --git a/interfaces/innerkits/privacy/test/BUILD.gn b/interfaces/innerkits/privacy/test/BUILD.gn index ff0d199b01dc3973a881a2c1f7107b192132631f..6ac447745d54ae13e5436a4cec3738d0cb3fbf62 100644 --- a/interfaces/innerkits/privacy/test/BUILD.gn +++ b/interfaces/innerkits/privacy/test/BUILD.gn @@ -45,10 +45,6 @@ ohos_unittest("libprivacy_sdk_test") { cflags_cc = [ "-DHILOG_ENABLE" ] - if (security_component_enhance_enable == true) { - cflags_cc += [ "-DSECURITY_COMPONENT_ENHANCE_ENABLE" ] - } - configs = [ "${access_token_path}/config:coverage_flags" ] deps = [ diff --git a/interfaces/innerkits/privacy/test/unittest/src/privacy_kit_test.cpp b/interfaces/innerkits/privacy/test/unittest/src/privacy_kit_test.cpp index da8f1e9fa968f57a7ce76303b0cf22b2b7647de9..666929361a87f13d9ea8de9ba9b3f29ee360b53d 100644 --- a/interfaces/innerkits/privacy/test/unittest/src/privacy_kit_test.cpp +++ b/interfaces/innerkits/privacy/test/unittest/src/privacy_kit_test.cpp @@ -1928,6 +1928,54 @@ HWTEST_F(PrivacyKitTest, StateChangeNotify001, TestSize.Level1) callback->StateChangeNotify(tokenId, isShowing); // customizedCallback_ is null } +#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE +/** + * @tc.name: RegisterSecCompEnhance001 + * @tc.desc: PrivacyKit:: function test register enhance data + * @tc.type: FUNC + * @tc.require: issueI7MXZ + */ +HWTEST_F(PrivacyKitTest, RegisterSecCompEnhance001, TestSize.Level1) +{ + SetSelfTokenID(g_tokenIdA); + SecCompEnhanceData data; + data.callback = nullptr; + data.challenge = 0; + data.seqNum = 0; + EXPECT_EQ(PrivacyError::ERR_WRITE_PARCEL_FAILED, PrivacyKit::RegisterSecCompEnhance(data)); + + // StateChangeCallback is not the real callback of SecCompEnhance, but it does not effect the final result. + auto callbackPtr = std::make_shared(); + data.callback = new (std::nothrow) StateChangeCallback(callbackPtr); + EXPECT_EQ(RET_SUCCESS, PrivacyKit::RegisterSecCompEnhance(data)); + + AccessTokenID secCompId = AccessTokenKit::GetNativeTokenId("security_component_service"); + EXPECT_EQ(0, SetSelfTokenID(secCompId)); + SecCompEnhanceData data1; + EXPECT_EQ(RET_SUCCESS, PrivacyKit::GetSecCompEnhance(getpid(), data1)); + EXPECT_NE(RET_SUCCESS, PrivacyKit::GetSecCompEnhance(0, data1)); + EXPECT_EQ(RET_SUCCESS, PrivacyKit::UpdateSecCompEnhance(getpid(), 1)); + EXPECT_NE(RET_SUCCESS, PrivacyKit::UpdateSecCompEnhance(0, 1)); +} + +/** + * @tc.name: GetSpecialSecCompEnhance001 + * @tc.desc: PrivacyKit:: function test Get Special enhance + * @tc.type: FUNC + * @tc.require: issueI7MXZ + */ +HWTEST_F(PrivacyKitTest, GetSpecialSecCompEnhance001, TestSize.Level1) +{ + AccessTokenID secCompId = AccessTokenKit::GetNativeTokenId("security_component_service"); + EXPECT_EQ(0, SetSelfTokenID(secCompId)); + + std::vector res; + ASSERT_EQ(RET_SUCCESS, PrivacyKit::GetSpecialSecCompEnhance("", res)); + ASSERT_EQ(static_cast(res.size()), 0); + ASSERT_EQ(RET_SUCCESS, PrivacyKit::GetSpecialSecCompEnhance(g_infoParmsA.bundleName, res)); +} +#endif + /** * @tc.name: InitProxy001 * @tc.desc: PrivacyManagerClient::InitProxy function test diff --git a/services/accesstokenmanager/BUILD.gn b/services/accesstokenmanager/BUILD.gn index b4336aa5d406861a2c9f1c1f2d7b1262cbb974c4..f79caf84ad3cc7604c49ca6a16d47b7456d871ea 100644 --- a/services/accesstokenmanager/BUILD.gn +++ b/services/accesstokenmanager/BUILD.gn @@ -203,5 +203,10 @@ if (is_standard_system) { "${access_token_path}/services/common/background_task_manager/src/continuous_task_change_callback.cpp", ] } + if (security_component_enhance_enable == true) { + cflags_cc += [ "-DSECURITY_COMPONENT_ENHANCE_ENABLE" ] + include_dirs += [ "main/cpp/include/seccomp" ] + sources += [ "main/cpp/src/seccomp/sec_comp_enhance_agent.cpp" ] + } } } diff --git a/services/privacymanager/include/seccomp/privacy_sec_comp_enhance_agent.h b/services/accesstokenmanager/main/cpp/include/seccomp/sec_comp_enhance_agent.h similarity index 59% rename from services/privacymanager/include/seccomp/privacy_sec_comp_enhance_agent.h rename to services/accesstokenmanager/main/cpp/include/seccomp/sec_comp_enhance_agent.h index 76896f7b09a8dd590c4f2bf27466a5be76a0683b..631a15b2ec0b297bcfb5c05934d56e8eca94aac2 100644 --- a/services/privacymanager/include/seccomp/privacy_sec_comp_enhance_agent.h +++ b/services/accesstokenmanager/main/cpp/include/seccomp/sec_comp_enhance_agent.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2024 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -12,8 +12,8 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -#ifndef PERMISSION_SEC_COMP_ENHANCE_AGENT_H -#define PERMISSION_SEC_COMP_ENHANCE_AGENT_H +#ifndef SEC_COMP_ENHANCE_AGENT_H +#define SEC_COMP_ENHANCE_AGENT_H #include #include @@ -25,28 +25,29 @@ namespace OHOS { namespace Security { namespace AccessToken { -class PrivacyAppUsingSecCompStateObserver : public ApplicationStateObserverStub { +class AppUsingSecCompStateObserver : public ApplicationStateObserverStub { public: - PrivacyAppUsingSecCompStateObserver() = default; - ~PrivacyAppUsingSecCompStateObserver() = default; + AppUsingSecCompStateObserver() = default; + ~AppUsingSecCompStateObserver() = default; void OnProcessDied(const ProcessData &processData) override; - DISALLOW_COPY_AND_MOVE(PrivacyAppUsingSecCompStateObserver); + void OnAppCacheStateChanged(const AppStateData &appStateData) override; + DISALLOW_COPY_AND_MOVE(AppUsingSecCompStateObserver); }; -class PrivacySecCompAppManagerDeathCallback : public AppManagerDeathCallback { +class SecCompAppManagerDeathCallback : public AppManagerDeathCallback { public: - PrivacySecCompAppManagerDeathCallback() = default; - ~PrivacySecCompAppManagerDeathCallback() = default; + SecCompAppManagerDeathCallback() = default; + ~SecCompAppManagerDeathCallback() = default; void NotifyAppManagerDeath() override; - DISALLOW_COPY_AND_MOVE(PrivacySecCompAppManagerDeathCallback); + DISALLOW_COPY_AND_MOVE(SecCompAppManagerDeathCallback); }; -class PrivacySecCompEnhanceAgent final { +class SecCompEnhanceAgent final { public: - static PrivacySecCompEnhanceAgent& GetInstance(); - virtual ~PrivacySecCompEnhanceAgent(); + static SecCompEnhanceAgent& GetInstance(); + virtual ~SecCompEnhanceAgent(); int32_t RegisterSecCompEnhance(const SecCompEnhanceData& enhanceData); int32_t UpdateSecCompEnhance(int32_t pid, uint32_t seqNum); @@ -57,17 +58,17 @@ public: void OnAppMgrRemoteDiedHandle(); private: - PrivacySecCompEnhanceAgent(); + SecCompEnhanceAgent(); void InitAppObserver(); - DISALLOW_COPY_AND_MOVE(PrivacySecCompEnhanceAgent); + DISALLOW_COPY_AND_MOVE(SecCompEnhanceAgent); private: - sptr observer_ = nullptr; - std::shared_ptr appManagerDeathCallback_ = nullptr; + sptr observer_ = nullptr; + std::shared_ptr appManagerDeathCallback_ = nullptr; std::mutex secCompEnhanceMutex_; std::vector secCompEnhanceData_; }; } // namespace AccessToken } // namespace Security } // namespace OHOS -#endif // PERMISSION_SEC_COMP_ENHANCE_AGENT_H +#endif // SEC_COMP_ENHANCE_AGENT_H diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h index a808b9cec9ed762e2c8d53ff2c254a1cf00fab08..e6c66a622199ffdbcf69dcf79993662af8efd616 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h @@ -111,6 +111,13 @@ public: void DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& dumpInfo) override; int32_t GetVersion(uint32_t& version) override; int Dump(int fd, const std::vector& args) override; +#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE + int32_t RegisterSecCompEnhance(const SecCompEnhanceDataParcel& enhanceParcel) override; + int32_t UpdateSecCompEnhance(int32_t pid, uint32_t seqNum) override; + int32_t GetSecCompEnhance(int32_t pid, SecCompEnhanceDataParcel& enhanceParcel) override; + int32_t GetSpecialSecCompEnhance(const std::string& bundleName, + std::vector& enhanceParcelList) override; +#endif private: void GetValidConfigFilePathList(std::vector& pathList); diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h index 7a1783b86b4ebaf486b731b0006ab22672e72abe..81e76614fbf54fdb099aea12a99bc16d77a94812 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h @@ -83,6 +83,7 @@ private: #endif void SetPermissionOpFuncInMap(); void SetLocalTokenOpFuncInMap(); + void SetSecCompOpFuncInMap(); void DumpTokenInfoInner(MessageParcel& data, MessageParcel& reply); void GetVersionInner(MessageParcel& data, MessageParcel& reply); void SetPermDialogCapInner(MessageParcel& data, MessageParcel& reply); @@ -90,6 +91,13 @@ private: void InitUserPolicyInner(MessageParcel& data, MessageParcel& reply); void UpdateUserPolicyInner(MessageParcel& data, MessageParcel& reply); void ClearUserPolicyInner(MessageParcel& data, MessageParcel& reply); +#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE + void RegisterSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply); + void UpdateSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply); + void GetSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply); + void GetSpecialSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply); + bool IsSecCompServiceCalling(); +#endif bool IsPrivilegedCalling() const; bool IsAccessTokenCalling(); @@ -102,6 +110,9 @@ private: static const int32_t ACCESSTOKEN_UID = 3020; AccessTokenID tokenSyncId_ = 0; +#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE + AccessTokenID secCompTokenId_ = 0; +#endif using RequestFuncType = void (AccessTokenManagerStub::*)(MessageParcel &data, MessageParcel &reply); std::map requestFuncMap_; diff --git a/services/privacymanager/src/seccomp/privacy_sec_comp_enhance_agent.cpp b/services/accesstokenmanager/main/cpp/src/seccomp/sec_comp_enhance_agent.cpp similarity index 89% rename from services/privacymanager/src/seccomp/privacy_sec_comp_enhance_agent.cpp rename to services/accesstokenmanager/main/cpp/src/seccomp/sec_comp_enhance_agent.cpp index 28cce6b592f5b476c2ba7aa9f4001595e1613b8f..d63b336613ccddb974eef063a1f77d9635ea37ef 100644 --- a/services/privacymanager/src/seccomp/privacy_sec_comp_enhance_agent.cpp +++ b/services/accesstokenmanager/main/cpp/src/seccomp/sec_comp_enhance_agent.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2024 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -12,14 +12,15 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -#include "privacy_sec_comp_enhance_agent.h" +#include "sec_comp_enhance_agent.h" #include "access_token.h" +#include "access_token_error.h" #include "accesstoken_kit.h" #include "accesstoken_log.h" +#include "accesstoken_info_manager.h" #include "app_manager_access_client.h" #include "ipc_skeleton.h" -#include "privacy_error.h" #include "securec.h" namespace OHOS { @@ -74,17 +75,17 @@ void PrivacySecCompEnhanceAgent::InitAppObserver() return; } if (appManagerDeathCallback_ == nullptr) { - appManagerDeathCallback_ = std::make_shared(); + appManagerDeathCallback_ = std::make_shared(); AppManagerAccessClient::GetInstance().RegisterDeathCallback(appManagerDeathCallback_); } } -PrivacySecCompEnhanceAgent::PrivacySecCompEnhanceAgent() +SecCompEnhanceAgent::SecCompEnhanceAgent() { InitAppObserver(); } -PrivacySecCompEnhanceAgent::~PrivacySecCompEnhanceAgent() +SecCompEnhanceAgent::~SecCompEnhanceAgent() { if (observer_ != nullptr) { AppManagerAccessClient::GetInstance().UnregisterApplicationStateObserver(observer_); @@ -92,7 +93,7 @@ PrivacySecCompEnhanceAgent::~PrivacySecCompEnhanceAgent() } } -void PrivacySecCompEnhanceAgent::OnAppMgrRemoteDiedHandle() +void SecCompEnhanceAgent::OnAppMgrRemoteDiedHandle() { ACCESSTOKEN_LOG_INFO(LABEL, "OnAppMgrRemoteDiedHandle."); std::lock_guard lock(secCompEnhanceMutex_); @@ -100,7 +101,7 @@ void PrivacySecCompEnhanceAgent::OnAppMgrRemoteDiedHandle() observer_ = nullptr; } -void PrivacySecCompEnhanceAgent::RemoveSecCompEnhance(int pid) +void SecCompEnhanceAgent::RemoveSecCompEnhance(int pid) { std::lock_guard lock(secCompEnhanceMutex_); for (auto iter = secCompEnhanceData_.begin(); iter != secCompEnhanceData_.end(); ++iter) { @@ -114,7 +115,7 @@ void PrivacySecCompEnhanceAgent::RemoveSecCompEnhance(int pid) return; } -int32_t PrivacySecCompEnhanceAgent::RegisterSecCompEnhance(const SecCompEnhanceData& enhanceData) +int32_t SecCompEnhanceAgent::RegisterSecCompEnhance(const SecCompEnhanceData& enhanceData) { std::lock_guard lock(secCompEnhanceMutex_); InitAppObserver(); @@ -122,7 +123,7 @@ int32_t PrivacySecCompEnhanceAgent::RegisterSecCompEnhance(const SecCompEnhanceD if (std::any_of(secCompEnhanceData_.begin(), secCompEnhanceData_.end(), [pid](const auto& e) { return e.pid == pid; })) { ACCESSTOKEN_LOG_ERROR(LABEL, "Register sec comp enhance exist, pid %{public}d.", pid); - return PrivacyError::ERR_CALLBACK_ALREADY_EXIST; + return ERR_CALLBACK_ALREADY_EXIST; } SecCompEnhanceData enhance; enhance.callback = enhanceData.callback; @@ -161,7 +162,7 @@ int32_t PrivacySecCompEnhanceAgent::UpdateSecCompEnhance(int32_t pid, uint32_t s return ERR_PARAM_INVALID; } -int32_t PrivacySecCompEnhanceAgent::GetSecCompEnhance(int32_t pid, SecCompEnhanceData& enhanceData) +int32_t SecCompEnhanceAgent::GetSecCompEnhance(int32_t pid, SecCompEnhanceData& enhanceData) { std::lock_guard lock(secCompEnhanceMutex_); InitAppObserver(); diff --git a/services/accesstokenmanager/main/cpp/src/seccomp/sec_comp_enhance_agent.cpp.orig b/services/accesstokenmanager/main/cpp/src/seccomp/sec_comp_enhance_agent.cpp.orig new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/services/accesstokenmanager/main/cpp/src/seccomp/sec_comp_enhance_agent.cpp.rej b/services/accesstokenmanager/main/cpp/src/seccomp/sec_comp_enhance_agent.cpp.rej new file mode 100644 index 0000000000000000000000000000000000000000..f657ff3e5987ba59393356a24f94c25560850e76 --- /dev/null +++ b/services/accesstokenmanager/main/cpp/src/seccomp/sec_comp_enhance_agent.cpp.rej @@ -0,0 +1,103 @@ +--- services/privacymanager/src/seccomp/privacy_sec_comp_enhance_agent.cpp ++++ services/accesstokenmanager/main/cpp/src/seccomp/sec_comp_enhance_agent.cpp +@@ -28,42 +29,50 @@ namespace Security { + namespace AccessToken { + namespace { + static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { +- LOG_CORE, SECURITY_DOMAIN_PRIVACY, "PrivacySecCompEnhanceAgent" ++ LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "SecCompEnhanceAgent" + }; + std::recursive_mutex g_instanceMutex; + } +-void PrivacyAppUsingSecCompStateObserver::OnProcessDied(const ProcessData &processData) ++void AppUsingSecCompStateObserver::OnProcessDied(const ProcessData &processData) + { + ACCESSTOKEN_LOG_INFO(LABEL, "OnProcessDied pid %{public}d", processData.pid); +- PrivacySecCompEnhanceAgent::GetInstance().RemoveSecCompEnhance(processData.pid); ++ SecCompEnhanceAgent::GetInstance().RemoveSecCompEnhance(processData.pid); + } + +-void PrivacySecCompAppManagerDeathCallback::NotifyAppManagerDeath() ++void AppUsingSecCompStateObserver::OnAppCacheStateChanged(const AppStateData &appStateData) ++{ ++ uint32_t tokenID = appStateData.accessTokenId; ++ ACCESSTOKEN_LOG_INFO(LABEL, "OnAppCacheStateChanged, id(%{public}u), id(%{public}d), state(%{public}d).", ++ appStateData.accessTokenId, appStateData.pid, appStateData.state); ++ SecCompEnhanceAgent::GetInstance().RemoveSecCompEnhance(appStateData.pid); ++} ++ ++void SecCompAppManagerDeathCallback::NotifyAppManagerDeath() + { + ACCESSTOKEN_LOG_INFO(LABEL, "AppManagerDeath called"); + +- PrivacySecCompEnhanceAgent::GetInstance().OnAppMgrRemoteDiedHandle(); ++ SecCompEnhanceAgent::GetInstance().OnAppMgrRemoteDiedHandle(); + } + +-PrivacySecCompEnhanceAgent& PrivacySecCompEnhanceAgent::GetInstance() ++SecCompEnhanceAgent& SecCompEnhanceAgent::GetInstance() + { +- static PrivacySecCompEnhanceAgent* instance = nullptr; ++ static SecCompEnhanceAgent* instance = nullptr; + if (instance == nullptr) { + std::lock_guard lock(g_instanceMutex); + if (instance == nullptr) { +- PrivacySecCompEnhanceAgent* tmp = new PrivacySecCompEnhanceAgent(); ++ SecCompEnhanceAgent* tmp = new SecCompEnhanceAgent(); + instance = std::move(tmp); + } + } + return *instance; + } + +-void PrivacySecCompEnhanceAgent::InitAppObserver() ++void SecCompEnhanceAgent::InitAppObserver() + { + if (observer_ != nullptr) { + return; + } +- observer_ = new (std::nothrow) PrivacyAppUsingSecCompStateObserver(); ++ observer_ = new (std::nothrow) AppUsingSecCompStateObserver(); + if (observer_ == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "New observer failed."); + return; +@@ -132,15 +141,15 @@ int32_t PrivacySecCompEnhanceAgent::RegisterSecCompEnhance(const SecCompEnhanceD + enhance.sessionId = enhanceData.sessionId; + enhance.seqNum = enhanceData.seqNum; + if (memcpy_s(enhance.key, AES_KEY_STORAGE_LEN, enhanceData.key, AES_KEY_STORAGE_LEN) != EOK) { +- return PrivacyError::ERR_CALLBACK_ALREADY_EXIST; ++ return ERR_CALLBACK_ALREADY_EXIST; + } + secCompEnhanceData_.emplace_back(enhance); +- ACCESSTOKEN_LOG_INFO(LABEL, "Register sec comp enhance success, pid %{public}d, total %{public}u.", +- pid, static_cast(secCompEnhanceData_.size())); ++ ACCESSTOKEN_LOG_INFO(LABEL, "Register sec comp enhance success, id %{public}u, pid %{public}d, total %{public}u.", ++ enhance.token, pid, static_cast(secCompEnhanceData_.size())); + return RET_SUCCESS; + } + +-int32_t PrivacySecCompEnhanceAgent::UpdateSecCompEnhance(int32_t pid, uint32_t seqNum) ++int32_t SecCompEnhanceAgent::UpdateSecCompEnhance(int32_t pid, uint32_t seqNum) + { + std::lock_guard lock(secCompEnhanceMutex_); + InitAppObserver(); +@@ -168,14 +177,16 @@ int32_t PrivacySecCompEnhanceAgent::GetSecCompEnhance(int32_t pid, SecCompEnhanc + return ERR_PARAM_INVALID; + } + +-int32_t PrivacySecCompEnhanceAgent::GetSpecialSecCompEnhance(const std::string& bundleName, ++int32_t SecCompEnhanceAgent::GetSpecialSecCompEnhance(const std::string& bundleName, + std::vector& enhanceList) + { + std::lock_guard lock(secCompEnhanceMutex_); + for (auto iter = secCompEnhanceData_.begin(); iter != secCompEnhanceData_.end(); iter++) { + HapTokenInfo info; +- if (AccessTokenKit::GetHapTokenInfo(iter->token, info) == AccessTokenKitRet::RET_SUCCESS) { +- if (bundleName == info.bundleName) { ++ std::shared_ptr infoPtr = ++ AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(iter->token); ++ if (infoPtr != nullptr) { ++ if (bundleName == infoPtr->GetBundleName()) { + enhanceList.emplace_back(*iter); + } + } diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index 94c1899ac0c75bf4970a394c51aa1aa65a8023ab..58ff8ff758239e1bfdc80dcd6391ed6a3ceed2b4 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -41,6 +41,9 @@ #include "parameter.h" #include "permission_list_state.h" #include "permission_manager.h" +#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE +#include "sec_comp_enhance_agent.h" +#endif #include "short_grant_manager.h" #include "string_ex.h" #include "system_ability_definition.h" @@ -605,6 +608,44 @@ int32_t AccessTokenManagerService::ClearUserPolicy() return AccessTokenInfoManager::GetInstance().ClearUserPolicy(); } +#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE +int32_t AccessTokenManagerService::RegisterSecCompEnhance(const SecCompEnhanceDataParcel& enhanceParcel) +{ + return SecCompEnhanceAgent::GetInstance().RegisterSecCompEnhance(enhanceParcel.enhanceData); +} + +int32_t AccessTokenManagerService::UpdateSecCompEnhance(int32_t pid, uint32_t seqNum) +{ + return SecCompEnhanceAgent::GetInstance().UpdateSecCompEnhance(pid, seqNum); +} + +int32_t AccessTokenManagerService::GetSecCompEnhance(int32_t pid, SecCompEnhanceDataParcel& enhanceParcel) +{ + SecCompEnhanceData enhanceData; + int32_t res = SecCompEnhanceAgent::GetInstance().GetSecCompEnhance(pid, enhanceData); + if (res != RET_SUCCESS) { + ACCESSTOKEN_LOG_WARN(LABEL, "Pid: %{public}d get enhance failed ", pid); + return res; + } + + enhanceParcel.enhanceData = enhanceData; + return RET_SUCCESS; +} + +int32_t AccessTokenManagerService::GetSpecialSecCompEnhance(const std::string& bundleName, + std::vector& enhanceParcelList) +{ + std::vector enhanceList; + SecCompEnhanceAgent::GetInstance().GetSpecialSecCompEnhance(bundleName, enhanceList); + for (const auto& enhance : enhanceList) { + SecCompEnhanceDataParcel parcel; + parcel.enhanceData = enhance; + enhanceParcelList.emplace_back(parcel); + } + return RET_SUCCESS; +} +#endif + int AccessTokenManagerService::Dump(int fd, const std::vector& args) { if (fd < 0) { diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp index f01619f39fee59a9ebc41bc13eee1a060ca4943c..e937637e2c87eda382fdcb85926c2a06b325f040 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp @@ -1060,6 +1060,78 @@ void AccessTokenManagerStub::ClearUserPolicyInner(MessageParcel& data, MessagePa IF_FALSE_PRINT_LOG(LABEL, reply.WriteInt32(res), "WriteInt32 failed."); } +#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE +void AccessTokenManagerStub::RegisterSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply) +{ + sptr requestParcel = data.ReadParcelable(); + if (requestParcel == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable faild"); + reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED); + return; + } + reply.WriteInt32(this->RegisterSecCompEnhance(*requestParcel)); +} + +void AccessTokenManagerStub::UpdateSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply) +{ + if (!IsSecCompServiceCalling()) { + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); + return; + } + + int32_t pid = data.ReadInt32(); + uint32_t seqNum = data.ReadUint32(); + reply.WriteInt32(this->UpdateSecCompEnhance(pid, seqNum)); +} + +void AccessTokenManagerStub::GetSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply) +{ + if (!IsSecCompServiceCalling()) { + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); + return; + } + + int32_t pid = data.ReadInt32(); + SecCompEnhanceDataParcel parcel; + int32_t result = this->GetSecCompEnhance(pid, parcel); + reply.WriteInt32(result); + if (result != RET_SUCCESS) { + return; + } + + reply.WriteParcelable(&parcel); +} + +void AccessTokenManagerStub::GetSpecialSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply) +{ + if (!IsSecCompServiceCalling()) { + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); + return; + } + + std::string bundleName = data.ReadString(); + std::vector parcelList; + int32_t result = this->GetSpecialSecCompEnhance(bundleName, parcelList); + reply.WriteInt32(result); + if (result != RET_SUCCESS) { + return; + } + reply.WriteUint32(parcelList.size()); + for (const auto& parcel : parcelList) { + reply.WriteParcelable(&parcel); + } +} + +bool AccessTokenManagerStub::IsSecCompServiceCalling() +{ + uint32_t tokenCaller = IPCSkeleton::GetCallingTokenID(); + if (secCompTokenId_ == 0) { + secCompTokenId_ = this->GetNativeTokenId("security_component_service"); + } + return tokenCaller == secCompTokenId_; +} +#endif + bool AccessTokenManagerStub::IsPrivilegedCalling() const { // shell process is root in debug mode. @@ -1212,6 +1284,20 @@ void AccessTokenManagerStub::SetPermissionOpFuncInMap() &AccessTokenManagerStub::RequestAppPermOnSettingInner; } +void AccessTokenManagerStub::SetSecCompOpFuncInMap() +{ +#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE + requestFuncMap_[static_cast(AccessTokenInterfaceCode::REGISTER_SEC_COMP_ENHANCE)] = + &AccessTokenManagerStub::RegisterSecCompEnhanceInner; + requestFuncMap_[static_cast(AccessTokenInterfaceCode::UPDATE_SEC_COMP_ENHANCE)] = + &AccessTokenManagerStub::UpdateSecCompEnhanceInner; + requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_SEC_COMP_ENHANCE)] = + &AccessTokenManagerStub::GetSecCompEnhanceInner; + requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_SPECIAL_SEC_COMP_ENHANCE)] = + &AccessTokenManagerStub::GetSpecialSecCompEnhanceInner; +#endif +} + AccessTokenManagerStub::AccessTokenManagerStub() { SetPermissionOpFuncInMap(); @@ -1219,6 +1305,7 @@ AccessTokenManagerStub::AccessTokenManagerStub() #ifdef TOKEN_SYNC_ENABLE SetTokenSyncFuncInMap(); #endif + SetSecCompOpFuncInMap(); } AccessTokenManagerStub::~AccessTokenManagerStub() diff --git a/services/privacymanager/BUILD.gn b/services/privacymanager/BUILD.gn index 92c48374a9486a510333186c231c5ee60f140d50..0cd0130a76b88465138d91557db6b6b85b9484a1 100644 --- a/services/privacymanager/BUILD.gn +++ b/services/privacymanager/BUILD.gn @@ -149,12 +149,6 @@ if (is_standard_system && ability_base_enable == true) { sources += [ "src/common/privacy_common_event_subscriber.cpp" ] } - if (security_component_enhance_enable == true) { - cflags_cc += [ "-DSECURITY_COMPONENT_ENHANCE_ENABLE" ] - include_dirs += [ "include/seccomp" ] - sources += [ "src/seccomp/privacy_sec_comp_enhance_agent.cpp" ] - } - if (window_manager_enable && access_token_camera_float_window_enable) { cflags_cc += [ "-DCAMERA_FLOAT_WINDOW_ENABLE" ] include_dirs += diff --git a/services/privacymanager/include/service/privacy_manager_service.h b/services/privacymanager/include/service/privacy_manager_service.h index 08a785cf79b3feeb759cd99bf46a0dbc0c3cd9e9..d22284642b17f22711333ffc8f55e5fb8e07001c 100644 --- a/services/privacymanager/include/service/privacy_manager_service.h +++ b/services/privacymanager/include/service/privacy_manager_service.h @@ -56,13 +56,6 @@ public: int32_t RegisterPermActiveStatusCallback( std::vector& permList, const sptr& callback) override; int32_t UnRegisterPermActiveStatusCallback(const sptr& callback) override; -#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE - int32_t RegisterSecCompEnhance(const SecCompEnhanceDataParcel& enhanceParcel) override; - int32_t UpdateSecCompEnhance(int32_t pid, uint32_t seqNum) override; - int32_t GetSecCompEnhance(int32_t pid, SecCompEnhanceDataParcel& enhanceParcel) override; - int32_t GetSpecialSecCompEnhance(const std::string& bundleName, - std::vector& enhanceParcelList) override; -#endif bool IsAllowedUsingPermission(AccessTokenID tokenId, const std::string& permissionName, int32_t pid) override; int32_t GetPermissionUsedTypeInfos(const AccessTokenID tokenId, const std::string& permissionName, std::vector& resultsParcel) override; diff --git a/services/privacymanager/include/service/privacy_manager_stub.h b/services/privacymanager/include/service/privacy_manager_stub.h index a79b423c7270a4911afabe0c34fa873a06f2c606..207e179b5c2db667afec2d6a147e86741ee11dda 100644 --- a/services/privacymanager/include/service/privacy_manager_stub.h +++ b/services/privacymanager/include/service/privacy_manager_stub.h @@ -45,13 +45,6 @@ private: void RegisterPermActiveStatusCallbackInner(MessageParcel& data, MessageParcel& reply); void UnRegisterPermActiveStatusCallbackInner(MessageParcel& data, MessageParcel& reply); void IsAllowedUsingPermissionInner(MessageParcel& data, MessageParcel& reply); -#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE - void RegisterSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply); - void UpdateSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply); - void GetSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply); - void GetSpecialSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply); - bool IsSecCompServiceCalling(); -#endif void GetPermissionUsedTypeInfosInner(MessageParcel& data, MessageParcel& reply); void SetMutePolicyInner(MessageParcel& data, MessageParcel& reply); void SetHapWithFGReminderInner(MessageParcel& data, MessageParcel& reply); @@ -60,9 +53,6 @@ private: bool IsSystemAppCalling() const; bool VerifyPermission(const std::string& permission) const; static const int32_t ACCESSTOKEN_UID = 3020; -#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE - AccessTokenID secCompTokenId_ = 0; -#endif void SetPrivacyFuncInMap(); #ifndef ATM_BUILD_VARIANT_USER_ENABLE static const int32_t ROOT_UID = 0; diff --git a/services/privacymanager/src/service/privacy_manager_service.cpp b/services/privacymanager/src/service/privacy_manager_service.cpp index db8673840d07f20c4ac6398ae0277d40547d2f72..38b025fa7b65ed4b4a0230d4453836f6e48bdd0c 100644 --- a/services/privacymanager/src/service/privacy_manager_service.cpp +++ b/services/privacymanager/src/service/privacy_manager_service.cpp @@ -30,9 +30,6 @@ #include "ipc_skeleton.h" #include "permission_record_manager.h" #include "privacy_manager_proxy_death_param.h" -#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE -#include "privacy_sec_comp_enhance_agent.h" -#endif #include "system_ability_definition.h" #include "string_ex.h" @@ -231,45 +228,6 @@ int32_t PrivacyManagerService::RegisterPermActiveStatusCallback( IPCSkeleton::GetCallingTokenID(), permList, callback); } -#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE -int32_t PrivacyManagerService::RegisterSecCompEnhance(const SecCompEnhanceDataParcel& enhanceParcel) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "Pid: %{public}d", enhanceParcel.enhanceData.pid); - return PrivacySecCompEnhanceAgent::GetInstance().RegisterSecCompEnhance(enhanceParcel.enhanceData); -} - -int32_t PrivacyManagerService::UpdateSecCompEnhance(int32_t pid, uint32_t seqNum) -{ - return PrivacySecCompEnhanceAgent::GetInstance().UpdateSecCompEnhance(pid, seqNum); -} - -int32_t PrivacyManagerService::GetSecCompEnhance(int32_t pid, SecCompEnhanceDataParcel& enhanceParcel) -{ - SecCompEnhanceData enhanceData; - int32_t res = PrivacySecCompEnhanceAgent::GetInstance().GetSecCompEnhance(pid, enhanceData); - if (res != RET_SUCCESS) { - ACCESSTOKEN_LOG_WARN(LABEL, "Pid: %{public}d get enhance failed ", pid); - return res; - } - - enhanceParcel.enhanceData = enhanceData; - return RET_SUCCESS; -} - -int32_t PrivacyManagerService::GetSpecialSecCompEnhance(const std::string& bundleName, - std::vector& enhanceParcelList) -{ - std::vector enhanceList; - PrivacySecCompEnhanceAgent::GetInstance().GetSpecialSecCompEnhance(bundleName, enhanceList); - for (const auto& enhance : enhanceList) { - SecCompEnhanceDataParcel parcel; - parcel.enhanceData = enhance; - enhanceParcelList.emplace_back(parcel); - } - return RET_SUCCESS; -} -#endif - int32_t PrivacyManagerService::ResponseDumpCommand(int32_t fd, const std::vector& args) { if (args.size() < 2) { // 2 :need two args 0:command 1:tokenId diff --git a/services/privacymanager/src/service/privacy_manager_stub.cpp b/services/privacymanager/src/service/privacy_manager_stub.cpp index 8e9f973dcaf94b6c72f5bd02d27066f5a83b4b6d..4ce881db30a53d46ae52634ed5d6190f00a35b15 100644 --- a/services/privacymanager/src/service/privacy_manager_stub.cpp +++ b/services/privacymanager/src/service/privacy_manager_stub.cpp @@ -33,6 +33,11 @@ static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { LOG_CORE, SECURITY_DOMAIN_PRIVACY, "PrivacyManagerStub" }; static const uint32_t PERM_LIST_SIZE_MAX = 1024; +#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE +#ifdef HICOLLIE_ENABLE +static constexpr uint32_t TIMEOUT = 6; // 6s +#endif // HICOLLIE_ENABLE +#endif // SECURITY_COMPONENT_ENHANCE_ENABLE constexpr const char* PERMISSION_USED_STATS = "ohos.permission.PERMISSION_USED_STATS"; constexpr const char* SET_FOREGROUND_HAP_REMINDER = "ohos.permission.SET_FOREGROUND_HAP_REMINDER"; constexpr const char* SET_MUTE_POLICY = "ohos.permission.SET_MUTE_POLICY"; @@ -456,6 +461,93 @@ bool PrivacyManagerStub::IsSecCompServiceCalling() } #endif +#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE +void PrivacyManagerStub::RegisterSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply) +{ +#ifdef HICOLLIE_ENABLE + std::string name = "PrivacyTimer"; + int timerId = HiviewDFX::XCollie::GetInstance().SetTimer(name, TIMEOUT, nullptr, nullptr, + HiviewDFX::XCOLLIE_FLAG_LOG); +#endif // HICOLLIE_ENABLE + + sptr requestParcel = data.ReadParcelable(); + if (requestParcel == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable faild"); + reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); + +#ifdef HICOLLIE_ENABLE + HiviewDFX::XCollie::GetInstance().CancelTimer(timerId); +#endif // HICOLLIE_ENABLE + + return; + } + reply.WriteInt32(this->RegisterSecCompEnhance(*requestParcel)); + +#ifdef HICOLLIE_ENABLE + HiviewDFX::XCollie::GetInstance().CancelTimer(timerId); +#endif // HICOLLIE_ENABLE +} + +void PrivacyManagerStub::UpdateSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply) +{ + if (!IsSecCompServiceCalling()) { + reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED); + return; + } + + int32_t pid = data.ReadInt32(); + uint32_t seqNum = data.ReadUint32(); + reply.WriteInt32(this->UpdateSecCompEnhance(pid, seqNum)); +} + +void PrivacyManagerStub::GetSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply) +{ + if (!IsSecCompServiceCalling()) { + reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED); + return; + } + + int32_t pid = data.ReadInt32(); + SecCompEnhanceDataParcel parcel; + int32_t result = this->GetSecCompEnhance(pid, parcel); + reply.WriteInt32(result); + if (result != RET_SUCCESS) { + return; + } + + reply.WriteParcelable(&parcel); +} + +void PrivacyManagerStub::GetSpecialSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply) +{ + if (!IsSecCompServiceCalling()) { + reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED); + return; + } + + std::string bundleName = data.ReadString(); + std::vector parcelList; + int32_t result = this->GetSpecialSecCompEnhance(bundleName, parcelList); + reply.WriteInt32(result); + if (result != RET_SUCCESS) { + return; + } + reply.WriteUint32(parcelList.size()); + for (const auto& parcel : parcelList) { + reply.WriteParcelable(&parcel); + } +} + +bool PrivacyManagerStub::IsSecCompServiceCalling() +{ + uint32_t tokenCaller = IPCSkeleton::GetCallingTokenID(); + if (secCompTokenId_ == 0) { + secCompTokenId_ = AccessTokenKit::GetNativeTokenId("security_component_service"); + } + return tokenCaller == secCompTokenId_; +} +#endif + void PrivacyManagerStub::GetPermissionUsedTypeInfosInner(MessageParcel& data, MessageParcel& reply) { uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); diff --git a/services/privacymanager/test/unittest/privacy_manager_service_test.cpp b/services/privacymanager/test/unittest/privacy_manager_service_test.cpp index b38650f3dab1cb4f57155bdf9ca7702ce64de0bf..6b6e5d81bf70c90654f5f3a43ded0ccaf810166e 100644 --- a/services/privacymanager/test/unittest/privacy_manager_service_test.cpp +++ b/services/privacymanager/test/unittest/privacy_manager_service_test.cpp @@ -343,20 +343,6 @@ public: { return RET_SUCCESS; } -#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE - int32_t RegisterSecCompEnhance(const SecCompEnhanceDataParcel& enhanceParcel) - { - return RET_SUCCESS; - } - int32_t DepositSecCompEnhance(const std::vector& enhanceParcelList) - { - return RET_SUCCESS; - } - int32_t RecoverSecCompEnhance(std::vector& enhanceParcelList) - { - return RET_SUCCESS; - } -#endif }; /** diff --git a/test/fuzztest/innerkits/accesstoken/BUILD.gn b/test/fuzztest/innerkits/accesstoken/BUILD.gn index ddeecb6867d36b02697e8893df071d2ad1018f2c..89ffba52a93c61228dabc28d6541492b6e6d43b5 100644 --- a/test/fuzztest/innerkits/accesstoken/BUILD.gn +++ b/test/fuzztest/innerkits/accesstoken/BUILD.gn @@ -61,4 +61,12 @@ group("fuzztest") { "verifyaccesstoken_fuzzer:VerifyAccessTokenFuzzTest", "verifyaccesstokenwithlist_fuzzer:VerifyAccessTokenWithListFuzzTest", ] + if (security_component_enhance_enable) { + deps += [ + "getseccompenhance_fuzzer:GetSecCompEnhanceFuzzTest", + "getspecialseccompenhance_fuzzer:GetSpecialSecCompEnhanceFuzzTest", + "registerseccompenhance_fuzzer:RegisterSecCompEnhanceFuzzTest", + "updateseccompenhance_fuzzer:UpdateSecCompEnhanceFuzzTest", + ] + } } diff --git a/test/fuzztest/innerkits/privacy/getseccompenhance_fuzzer/BUILD.gn b/test/fuzztest/innerkits/accesstoken/getseccompenhance_fuzzer/BUILD.gn similarity index 88% rename from test/fuzztest/innerkits/privacy/getseccompenhance_fuzzer/BUILD.gn rename to test/fuzztest/innerkits/accesstoken/getseccompenhance_fuzzer/BUILD.gn index e3d12b3ac9971e54fcd362fe7b76d79a173cf6b6..7103b3a139b6acc3d5f5499b45cdadf3081800c9 100644 --- a/test/fuzztest/innerkits/privacy/getseccompenhance_fuzzer/BUILD.gn +++ b/test/fuzztest/innerkits/accesstoken/getseccompenhance_fuzzer/BUILD.gn @@ -16,7 +16,7 @@ import("//build/test.gni") import("../../../../../access_token.gni") ohos_fuzztest("GetSecCompEnhanceFuzzTest") { - module_out_path = module_output_path_interface_privacy + module_out_path = module_output_path_interface_access_token fuzz_config_file = "." include_dirs = [ "${access_token_path}/interfaces/innerkits/accesstoken/include", @@ -29,16 +29,15 @@ ohos_fuzztest("GetSecCompEnhanceFuzzTest") { "-fno-omit-frame-pointer", ] sources = [ "getseccompenhance_fuzzer.cpp" ] - - deps = [ "${access_token_path}/interfaces/innerkits/privacy:libprivacy_sdk" ] + deps = [ + "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", + ] configs = [ "${access_token_path}/config:coverage_flags" ] - cflags_cc = [ "-DSECURITY_COMPONENT_ENHANCE_ENABLE" ] external_deps = [ "c_utils:utils", "hilog:libhilog", - "ipc:ipc_core", ] -} +} \ No newline at end of file diff --git a/test/fuzztest/innerkits/privacy/getseccompenhance_fuzzer/corpus/init b/test/fuzztest/innerkits/accesstoken/getseccompenhance_fuzzer/corpus/init similarity index 100% rename from test/fuzztest/innerkits/privacy/getseccompenhance_fuzzer/corpus/init rename to test/fuzztest/innerkits/accesstoken/getseccompenhance_fuzzer/corpus/init diff --git a/test/fuzztest/innerkits/privacy/getseccompenhance_fuzzer/getseccompenhance_fuzzer.cpp b/test/fuzztest/innerkits/accesstoken/getseccompenhance_fuzzer/getseccompenhance_fuzzer.cpp similarity index 91% rename from test/fuzztest/innerkits/privacy/getseccompenhance_fuzzer/getseccompenhance_fuzzer.cpp rename to test/fuzztest/innerkits/accesstoken/getseccompenhance_fuzzer/getseccompenhance_fuzzer.cpp index e8722acb792b302e0eb7ada991b0015084fb878b..50a3f7dfe3a69926699d15c39a3a69c272ea42b4 100644 --- a/test/fuzztest/innerkits/privacy/getseccompenhance_fuzzer/getseccompenhance_fuzzer.cpp +++ b/test/fuzztest/innerkits/accesstoken/getseccompenhance_fuzzer/getseccompenhance_fuzzer.cpp @@ -22,7 +22,7 @@ #include "accesstoken_fuzzdata.h" #undef private -#include "privacy_kit.h" +#include "accesstoken_kit.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -38,7 +38,7 @@ namespace OHOS { SecCompEnhanceData secData; - return PrivacyKit::GetSecCompEnhance(fuzzData.GetData(), secData) == 0; + return AccessTokenKit::GetSecCompEnhance(fuzzData.GetData(), secData) == 0; } } diff --git a/test/fuzztest/innerkits/privacy/getseccompenhance_fuzzer/getseccompenhance_fuzzer.h b/test/fuzztest/innerkits/accesstoken/getseccompenhance_fuzzer/getseccompenhance_fuzzer.h similarity index 100% rename from test/fuzztest/innerkits/privacy/getseccompenhance_fuzzer/getseccompenhance_fuzzer.h rename to test/fuzztest/innerkits/accesstoken/getseccompenhance_fuzzer/getseccompenhance_fuzzer.h diff --git a/test/fuzztest/innerkits/privacy/getseccompenhance_fuzzer/project.xml b/test/fuzztest/innerkits/accesstoken/getseccompenhance_fuzzer/project.xml similarity index 100% rename from test/fuzztest/innerkits/privacy/getseccompenhance_fuzzer/project.xml rename to test/fuzztest/innerkits/accesstoken/getseccompenhance_fuzzer/project.xml diff --git a/test/fuzztest/innerkits/privacy/getspecialseccompenhance_fuzzer/BUILD.gn b/test/fuzztest/innerkits/accesstoken/getspecialseccompenhance_fuzzer/BUILD.gn similarity index 88% rename from test/fuzztest/innerkits/privacy/getspecialseccompenhance_fuzzer/BUILD.gn rename to test/fuzztest/innerkits/accesstoken/getspecialseccompenhance_fuzzer/BUILD.gn index 96844110a9914ffc69e5109ceeeac7506425f1df..39bd4126d92cc6ea6f921604b955028bfc355428 100644 --- a/test/fuzztest/innerkits/privacy/getspecialseccompenhance_fuzzer/BUILD.gn +++ b/test/fuzztest/innerkits/accesstoken/getspecialseccompenhance_fuzzer/BUILD.gn @@ -16,7 +16,7 @@ import("//build/test.gni") import("../../../../../access_token.gni") ohos_fuzztest("GetSpecialSecCompEnhanceFuzzTest") { - module_out_path = module_output_path_interface_privacy + module_out_path = module_output_path_interface_access_token fuzz_config_file = "." include_dirs = [ "${access_token_path}/interfaces/innerkits/accesstoken/include", @@ -29,16 +29,15 @@ ohos_fuzztest("GetSpecialSecCompEnhanceFuzzTest") { "-fno-omit-frame-pointer", ] sources = [ "getspecialseccompenhance_fuzzer.cpp" ] - - deps = [ "${access_token_path}/interfaces/innerkits/privacy:libprivacy_sdk" ] + deps = [ + "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", + ] configs = [ "${access_token_path}/config:coverage_flags" ] - cflags_cc = [ "-DSECURITY_COMPONENT_ENHANCE_ENABLE" ] external_deps = [ "c_utils:utils", "hilog:libhilog", - "ipc:ipc_core", ] -} +} \ No newline at end of file diff --git a/test/fuzztest/innerkits/privacy/getspecialseccompenhance_fuzzer/corpus/init b/test/fuzztest/innerkits/accesstoken/getspecialseccompenhance_fuzzer/corpus/init similarity index 100% rename from test/fuzztest/innerkits/privacy/getspecialseccompenhance_fuzzer/corpus/init rename to test/fuzztest/innerkits/accesstoken/getspecialseccompenhance_fuzzer/corpus/init diff --git a/test/fuzztest/innerkits/privacy/getspecialseccompenhance_fuzzer/getspecialseccompenhance_fuzzer.cpp b/test/fuzztest/innerkits/accesstoken/getspecialseccompenhance_fuzzer/getspecialseccompenhance_fuzzer.cpp similarity index 90% rename from test/fuzztest/innerkits/privacy/getspecialseccompenhance_fuzzer/getspecialseccompenhance_fuzzer.cpp rename to test/fuzztest/innerkits/accesstoken/getspecialseccompenhance_fuzzer/getspecialseccompenhance_fuzzer.cpp index 85bea67be61dfb87fdeb19f60990289d2329e6de..0879776d9deaefdc2619c1d68bfe257f5999cda8 100644 --- a/test/fuzztest/innerkits/privacy/getspecialseccompenhance_fuzzer/getspecialseccompenhance_fuzzer.cpp +++ b/test/fuzztest/innerkits/accesstoken/getspecialseccompenhance_fuzzer/getspecialseccompenhance_fuzzer.cpp @@ -22,7 +22,7 @@ #include "accesstoken_fuzzdata.h" #undef private -#include "privacy_kit.h" +#include "accesstoken_kit.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -38,7 +38,7 @@ namespace OHOS { std::vector enhanceList; - return PrivacyKit::GetSpecialSecCompEnhance(fuzzData.GenerateStochasticString(), enhanceList) == 0; + return AccessTokenKit::GetSpecialSecCompEnhance(fuzzData.GenerateStochasticString(), enhanceList) == 0; } } diff --git a/test/fuzztest/innerkits/privacy/getspecialseccompenhance_fuzzer/getspecialseccompenhance_fuzzer.h b/test/fuzztest/innerkits/accesstoken/getspecialseccompenhance_fuzzer/getspecialseccompenhance_fuzzer.h similarity index 100% rename from test/fuzztest/innerkits/privacy/getspecialseccompenhance_fuzzer/getspecialseccompenhance_fuzzer.h rename to test/fuzztest/innerkits/accesstoken/getspecialseccompenhance_fuzzer/getspecialseccompenhance_fuzzer.h diff --git a/test/fuzztest/innerkits/privacy/getspecialseccompenhance_fuzzer/project.xml b/test/fuzztest/innerkits/accesstoken/getspecialseccompenhance_fuzzer/project.xml similarity index 100% rename from test/fuzztest/innerkits/privacy/getspecialseccompenhance_fuzzer/project.xml rename to test/fuzztest/innerkits/accesstoken/getspecialseccompenhance_fuzzer/project.xml diff --git a/test/fuzztest/innerkits/privacy/registerseccompenhance_fuzzer/BUILD.gn b/test/fuzztest/innerkits/accesstoken/registerseccompenhance_fuzzer/BUILD.gn similarity index 88% rename from test/fuzztest/innerkits/privacy/registerseccompenhance_fuzzer/BUILD.gn rename to test/fuzztest/innerkits/accesstoken/registerseccompenhance_fuzzer/BUILD.gn index d63a7d3a77ace5d9b0dc71e59a06bd36d784e38a..e76dc0cb1af5e11ead891deea6c41715effc39b9 100644 --- a/test/fuzztest/innerkits/privacy/registerseccompenhance_fuzzer/BUILD.gn +++ b/test/fuzztest/innerkits/accesstoken/registerseccompenhance_fuzzer/BUILD.gn @@ -16,7 +16,7 @@ import("//build/test.gni") import("../../../../../access_token.gni") ohos_fuzztest("RegisterSecCompEnhanceFuzzTest") { - module_out_path = module_output_path_interface_privacy + module_out_path = module_output_path_interface_access_token fuzz_config_file = "." include_dirs = [ "${access_token_path}/interfaces/innerkits/accesstoken/include", @@ -29,16 +29,15 @@ ohos_fuzztest("RegisterSecCompEnhanceFuzzTest") { "-fno-omit-frame-pointer", ] sources = [ "registerseccompenhance_fuzzer.cpp" ] - - deps = [ "${access_token_path}/interfaces/innerkits/privacy:libprivacy_sdk" ] + deps = [ + "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", + ] configs = [ "${access_token_path}/config:coverage_flags" ] - cflags_cc = [ "-DSECURITY_COMPONENT_ENHANCE_ENABLE" ] external_deps = [ "c_utils:utils", "hilog:libhilog", - "ipc:ipc_core", ] -} +} \ No newline at end of file diff --git a/test/fuzztest/innerkits/privacy/registerseccompenhance_fuzzer/corpus/init b/test/fuzztest/innerkits/accesstoken/registerseccompenhance_fuzzer/corpus/init similarity index 100% rename from test/fuzztest/innerkits/privacy/registerseccompenhance_fuzzer/corpus/init rename to test/fuzztest/innerkits/accesstoken/registerseccompenhance_fuzzer/corpus/init diff --git a/test/fuzztest/innerkits/privacy/registerseccompenhance_fuzzer/project.xml b/test/fuzztest/innerkits/accesstoken/registerseccompenhance_fuzzer/project.xml similarity index 100% rename from test/fuzztest/innerkits/privacy/registerseccompenhance_fuzzer/project.xml rename to test/fuzztest/innerkits/accesstoken/registerseccompenhance_fuzzer/project.xml diff --git a/test/fuzztest/innerkits/privacy/registerseccompenhance_fuzzer/registerseccompenhance_fuzzer.cpp b/test/fuzztest/innerkits/accesstoken/registerseccompenhance_fuzzer/registerseccompenhance_fuzzer.cpp similarity index 94% rename from test/fuzztest/innerkits/privacy/registerseccompenhance_fuzzer/registerseccompenhance_fuzzer.cpp rename to test/fuzztest/innerkits/accesstoken/registerseccompenhance_fuzzer/registerseccompenhance_fuzzer.cpp index dbd328e0994e540c6efdba24ac31fcdd769c3222..b18d9fa5127f3dcec333e3894101eb09f5ca62d4 100644 --- a/test/fuzztest/innerkits/privacy/registerseccompenhance_fuzzer/registerseccompenhance_fuzzer.cpp +++ b/test/fuzztest/innerkits/accesstoken/registerseccompenhance_fuzzer/registerseccompenhance_fuzzer.cpp @@ -22,7 +22,7 @@ #include "accesstoken_fuzzdata.h" #undef private -#include "privacy_kit.h" +#include "accesstoken_kit.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -44,7 +44,7 @@ namespace OHOS { secData.sessionId = fuzzData.GetData(); secData.seqNum = fuzzData.GetData(); - return PrivacyKit::RegisterSecCompEnhance(secData) == 0; + return AccessTokenKit::RegisterSecCompEnhance(secData) == 0; } } diff --git a/test/fuzztest/innerkits/privacy/registerseccompenhance_fuzzer/registerseccompenhance_fuzzer.h b/test/fuzztest/innerkits/accesstoken/registerseccompenhance_fuzzer/registerseccompenhance_fuzzer.h similarity index 100% rename from test/fuzztest/innerkits/privacy/registerseccompenhance_fuzzer/registerseccompenhance_fuzzer.h rename to test/fuzztest/innerkits/accesstoken/registerseccompenhance_fuzzer/registerseccompenhance_fuzzer.h diff --git a/test/fuzztest/innerkits/privacy/updateseccompenhance_fuzzer/BUILD.gn b/test/fuzztest/innerkits/accesstoken/updateseccompenhance_fuzzer/BUILD.gn similarity index 88% rename from test/fuzztest/innerkits/privacy/updateseccompenhance_fuzzer/BUILD.gn rename to test/fuzztest/innerkits/accesstoken/updateseccompenhance_fuzzer/BUILD.gn index 8793950f824742961efd0c12505ae6903c1107fb..a7d77cc8b2d3efa0c490179ddb2559b5689e9844 100644 --- a/test/fuzztest/innerkits/privacy/updateseccompenhance_fuzzer/BUILD.gn +++ b/test/fuzztest/innerkits/accesstoken/updateseccompenhance_fuzzer/BUILD.gn @@ -16,7 +16,7 @@ import("//build/test.gni") import("../../../../../access_token.gni") ohos_fuzztest("UpdateSecCompEnhanceFuzzTest") { - module_out_path = module_output_path_interface_privacy + module_out_path = module_output_path_interface_access_token fuzz_config_file = "." include_dirs = [ "${access_token_path}/interfaces/innerkits/accesstoken/include", @@ -29,16 +29,15 @@ ohos_fuzztest("UpdateSecCompEnhanceFuzzTest") { "-fno-omit-frame-pointer", ] sources = [ "updateseccompenhance_fuzzer.cpp" ] - - deps = [ "${access_token_path}/interfaces/innerkits/privacy:libprivacy_sdk" ] + deps = [ + "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", + ] configs = [ "${access_token_path}/config:coverage_flags" ] - cflags_cc = [ "-DSECURITY_COMPONENT_ENHANCE_ENABLE" ] external_deps = [ "c_utils:utils", "hilog:libhilog", - "ipc:ipc_core", ] } diff --git a/test/fuzztest/innerkits/privacy/updateseccompenhance_fuzzer/corpus/init b/test/fuzztest/innerkits/accesstoken/updateseccompenhance_fuzzer/corpus/init similarity index 100% rename from test/fuzztest/innerkits/privacy/updateseccompenhance_fuzzer/corpus/init rename to test/fuzztest/innerkits/accesstoken/updateseccompenhance_fuzzer/corpus/init diff --git a/test/fuzztest/innerkits/privacy/updateseccompenhance_fuzzer/project.xml b/test/fuzztest/innerkits/accesstoken/updateseccompenhance_fuzzer/project.xml similarity index 100% rename from test/fuzztest/innerkits/privacy/updateseccompenhance_fuzzer/project.xml rename to test/fuzztest/innerkits/accesstoken/updateseccompenhance_fuzzer/project.xml diff --git a/test/fuzztest/innerkits/privacy/updateseccompenhance_fuzzer/updateseccompenhance_fuzzer.cpp b/test/fuzztest/innerkits/accesstoken/updateseccompenhance_fuzzer/updateseccompenhance_fuzzer.cpp similarity index 89% rename from test/fuzztest/innerkits/privacy/updateseccompenhance_fuzzer/updateseccompenhance_fuzzer.cpp rename to test/fuzztest/innerkits/accesstoken/updateseccompenhance_fuzzer/updateseccompenhance_fuzzer.cpp index 8dcf3b3762969e8c044ae8373e0b626bd053cc08..ae4fcaf3fc779ded9c682bec5eb1444258a8eea0 100644 --- a/test/fuzztest/innerkits/privacy/updateseccompenhance_fuzzer/updateseccompenhance_fuzzer.cpp +++ b/test/fuzztest/innerkits/accesstoken/updateseccompenhance_fuzzer/updateseccompenhance_fuzzer.cpp @@ -22,7 +22,7 @@ #include "accesstoken_fuzzdata.h" #undef private -#include "privacy_kit.h" +#include "accesstoken_kit.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -36,7 +36,7 @@ namespace OHOS { AccessTokenFuzzData fuzzData(data, size); - return PrivacyKit::UpdateSecCompEnhance(fuzzData.GetData(), fuzzData.GetData()) == 0; + return AccessTokenKit::UpdateSecCompEnhance(fuzzData.GetData(), fuzzData.GetData()) == 0; } } diff --git a/test/fuzztest/innerkits/privacy/updateseccompenhance_fuzzer/updateseccompenhance_fuzzer.h b/test/fuzztest/innerkits/accesstoken/updateseccompenhance_fuzzer/updateseccompenhance_fuzzer.h similarity index 100% rename from test/fuzztest/innerkits/privacy/updateseccompenhance_fuzzer/updateseccompenhance_fuzzer.h rename to test/fuzztest/innerkits/accesstoken/updateseccompenhance_fuzzer/updateseccompenhance_fuzzer.h diff --git a/test/fuzztest/innerkits/privacy/BUILD.gn b/test/fuzztest/innerkits/privacy/BUILD.gn index 6c9eb2ded8c10e6cc504d7cc9b251700c3b37a39..a7a07f891c87cb6fbdd59fafda7e4d89984bc75b 100644 --- a/test/fuzztest/innerkits/privacy/BUILD.gn +++ b/test/fuzztest/innerkits/privacy/BUILD.gn @@ -31,13 +31,5 @@ group("fuzztest") { "stopusingpermission_fuzzer:StopUsingPermissionFuzzTest", "unregisterpermactivestatuscallback_fuzzer:UnRegisterPermActiveStatusCallbackFuzzTest", ] - if (security_component_enhance_enable) { - deps += [ - "getseccompenhance_fuzzer:GetSecCompEnhanceFuzzTest", - "getspecialseccompenhance_fuzzer:GetSpecialSecCompEnhanceFuzzTest", - "registerseccompenhance_fuzzer:RegisterSecCompEnhanceFuzzTest", - "updateseccompenhance_fuzzer:UpdateSecCompEnhanceFuzzTest", - ] - } } } diff --git a/test/fuzztest/innerkits/privacy/setmutepolicy_fuzzer/BUILD.gn b/test/fuzztest/innerkits/privacy/setmutepolicy_fuzzer/BUILD.gn index ebeb4cf84ec53fcf89f16a000f4b22b8f2d14ba6..a0325bf64b6877f9d25f64cf924fe389cb02394c 100644 --- a/test/fuzztest/innerkits/privacy/setmutepolicy_fuzzer/BUILD.gn +++ b/test/fuzztest/innerkits/privacy/setmutepolicy_fuzzer/BUILD.gn @@ -34,8 +34,6 @@ ohos_fuzztest("SetMutePolicyFuzzTest") { configs = [ "${access_token_path}/config:coverage_flags" ] - cflags_cc = [ "-DSECURITY_COMPONENT_ENHANCE_ENABLE" ] - external_deps = [ "c_utils:utils", "hilog:libhilog", diff --git a/test/fuzztest/services/accesstoken/BUILD.gn b/test/fuzztest/services/accesstoken/BUILD.gn index 86e91e3da25a49fcf854da5705e39dfa5d053d5b..05e4316ae67c1d48d5149e642ccfb5fce8d45d18 100644 --- a/test/fuzztest/services/accesstoken/BUILD.gn +++ b/test/fuzztest/services/accesstoken/BUILD.gn @@ -66,4 +66,13 @@ group("fuzztest") { "setfirstcallertokenid_fuzzer:SetFirstCallerTokenIDFuzzTest", ] } + + if (security_component_enhance_enable) { + deps += [ + "getseccompenhancestub_fuzzer:GetSecCompEnhanceStubFuzzTest", + "getspecialseccompenhancestub_fuzzer:GetSpecialSecCompEnhanceStubFuzzTest", + "registerseccompenhancestub_fuzzer:RegisterSecCompEnhanceStubFuzzTest", + "updateseccompenhancestub_fuzzer:UpdateSecCompEnhanceStubFuzzTest", + ] + } } diff --git a/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni b/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni index 794c1e61a962d972c39127e391670cd4b55623fc..1a873f373dac611424595812a0ebc52d04230bcc 100644 --- a/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni +++ b/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni @@ -177,3 +177,8 @@ if (eventhandler_enable == true) { access_token_cflags_cc += [ "-DEVENTHANDLER_ENABLE" ] access_token_external_deps += [ "eventhandler:libeventhandler" ] } + +if (security_component_enhance_enable) { + access_token_cflags_cc += [ "-DSECURITY_COMPONENT_ENHANCE_ENABLE" ] + access_token_sources += [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/seccomp/sec_comp_enhance_agent.cpp" ] +} \ No newline at end of file diff --git a/test/fuzztest/services/privacy/getseccompenhancestub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getseccompenhancestub_fuzzer/BUILD.gn similarity index 65% rename from test/fuzztest/services/privacy/getseccompenhancestub_fuzzer/BUILD.gn rename to test/fuzztest/services/accesstoken/getseccompenhancestub_fuzzer/BUILD.gn index 058d96bbdd5af7b42bb89919ce64357dc832f2bb..3c19beefa77770b1f215b6187b751dcdc3b7e34e 100644 --- a/test/fuzztest/services/privacy/getseccompenhancestub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getseccompenhancestub_fuzzer/BUILD.gn @@ -14,10 +14,10 @@ import("//build/config/features.gni") import("//build/test.gni") import("../../../../../access_token.gni") -import("../privacy_service_fuzz.gni") +import("../access_token_service_fuzz.gni") ohos_fuzztest("GetSecCompEnhanceStubFuzzTest") { - module_out_path = module_output_path_service_privacy + module_out_path = module_output_path_service_access_token fuzz_config_file = "." sources = [ "getseccompenhancestub_fuzzer.cpp" ] @@ -29,21 +29,18 @@ ohos_fuzztest("GetSecCompEnhanceStubFuzzTest") { "-fno-omit-frame-pointer", ] - configs = [ "${access_token_path}/config:coverage_flags" ] - - include_dirs = privacy_include_dirs + include_dirs = access_token_include_dirs - sources += privacy_sources - sources += [ "${access_token_path}/services/privacymanager/src/seccomp/privacy_sec_comp_enhance_agent.cpp" ] + deps = access_token_deps - defines = privacy_defines + configs = [ "${access_token_path}/config:coverage_flags" ] - cflags_cc = privacy_cflags_cc - cflags_cc += [ "-DSECURITY_COMPONENT_ENHANCE_ENABLE" ] + external_deps = access_token_external_deps - deps = privacy_deps + include_dirs += access_token_impl_include_dirs - deps += [ "${access_token_path}/interfaces/innerkits/privacy:libprivacy_sdk" ] + cflags_cc = access_token_cflags_cc - external_deps = privacy_external_deps + sources += access_token_sources + sources += access_token_impl_sources } diff --git a/test/fuzztest/services/privacy/getseccompenhancestub_fuzzer/corpus/init b/test/fuzztest/services/accesstoken/getseccompenhancestub_fuzzer/corpus/init similarity index 100% rename from test/fuzztest/services/privacy/getseccompenhancestub_fuzzer/corpus/init rename to test/fuzztest/services/accesstoken/getseccompenhancestub_fuzzer/corpus/init diff --git a/test/fuzztest/services/privacy/getseccompenhancestub_fuzzer/getseccompenhancestub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getseccompenhancestub_fuzzer/getseccompenhancestub_fuzzer.cpp similarity index 100% rename from test/fuzztest/services/privacy/getseccompenhancestub_fuzzer/getseccompenhancestub_fuzzer.cpp rename to test/fuzztest/services/accesstoken/getseccompenhancestub_fuzzer/getseccompenhancestub_fuzzer.cpp diff --git a/test/fuzztest/services/privacy/getseccompenhancestub_fuzzer/getseccompenhancestub_fuzzer.h b/test/fuzztest/services/accesstoken/getseccompenhancestub_fuzzer/getseccompenhancestub_fuzzer.h similarity index 100% rename from test/fuzztest/services/privacy/getseccompenhancestub_fuzzer/getseccompenhancestub_fuzzer.h rename to test/fuzztest/services/accesstoken/getseccompenhancestub_fuzzer/getseccompenhancestub_fuzzer.h diff --git a/test/fuzztest/services/privacy/getseccompenhancestub_fuzzer/project.xml b/test/fuzztest/services/accesstoken/getseccompenhancestub_fuzzer/project.xml similarity index 100% rename from test/fuzztest/services/privacy/getseccompenhancestub_fuzzer/project.xml rename to test/fuzztest/services/accesstoken/getseccompenhancestub_fuzzer/project.xml diff --git a/test/fuzztest/services/privacy/getspecialseccompenhancestub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getspecialseccompenhancestub_fuzzer/BUILD.gn similarity index 65% rename from test/fuzztest/services/privacy/getspecialseccompenhancestub_fuzzer/BUILD.gn rename to test/fuzztest/services/accesstoken/getspecialseccompenhancestub_fuzzer/BUILD.gn index f9454c81c1ccf81769147ae2304a7aa07e603d3a..a069f9ee51ef325a94e5081b1ed1d71ba318b82c 100644 --- a/test/fuzztest/services/privacy/getspecialseccompenhancestub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getspecialseccompenhancestub_fuzzer/BUILD.gn @@ -14,10 +14,10 @@ import("//build/config/features.gni") import("//build/test.gni") import("../../../../../access_token.gni") -import("../privacy_service_fuzz.gni") +import("../access_token_service_fuzz.gni") ohos_fuzztest("GetSpecialSecCompEnhanceStubFuzzTest") { - module_out_path = module_output_path_service_privacy + module_out_path = module_output_path_service_access_token fuzz_config_file = "." sources = [ "getspecialseccompenhancestub_fuzzer.cpp" ] @@ -29,21 +29,18 @@ ohos_fuzztest("GetSpecialSecCompEnhanceStubFuzzTest") { "-fno-omit-frame-pointer", ] - configs = [ "${access_token_path}/config:coverage_flags" ] - - include_dirs = privacy_include_dirs + include_dirs = access_token_include_dirs - sources += privacy_sources - sources += [ "${access_token_path}/services/privacymanager/src/seccomp/privacy_sec_comp_enhance_agent.cpp" ] + deps = access_token_deps - defines = privacy_defines + configs = [ "${access_token_path}/config:coverage_flags" ] - cflags_cc = privacy_cflags_cc - cflags_cc += [ "-DSECURITY_COMPONENT_ENHANCE_ENABLE" ] + external_deps = access_token_external_deps - deps = privacy_deps + include_dirs += access_token_impl_include_dirs - deps += [ "${access_token_path}/interfaces/innerkits/privacy:libprivacy_sdk" ] + cflags_cc = access_token_cflags_cc - external_deps = privacy_external_deps -} + sources += access_token_sources + sources += access_token_impl_sources +} \ No newline at end of file diff --git a/test/fuzztest/services/privacy/getspecialseccompenhancestub_fuzzer/corpus/init b/test/fuzztest/services/accesstoken/getspecialseccompenhancestub_fuzzer/corpus/init similarity index 100% rename from test/fuzztest/services/privacy/getspecialseccompenhancestub_fuzzer/corpus/init rename to test/fuzztest/services/accesstoken/getspecialseccompenhancestub_fuzzer/corpus/init diff --git a/test/fuzztest/services/privacy/getspecialseccompenhancestub_fuzzer/getspecialseccompenhancestub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getspecialseccompenhancestub_fuzzer/getspecialseccompenhancestub_fuzzer.cpp similarity index 100% rename from test/fuzztest/services/privacy/getspecialseccompenhancestub_fuzzer/getspecialseccompenhancestub_fuzzer.cpp rename to test/fuzztest/services/accesstoken/getspecialseccompenhancestub_fuzzer/getspecialseccompenhancestub_fuzzer.cpp diff --git a/test/fuzztest/services/privacy/getspecialseccompenhancestub_fuzzer/getspecialseccompenhancestub_fuzzer.h b/test/fuzztest/services/accesstoken/getspecialseccompenhancestub_fuzzer/getspecialseccompenhancestub_fuzzer.h similarity index 100% rename from test/fuzztest/services/privacy/getspecialseccompenhancestub_fuzzer/getspecialseccompenhancestub_fuzzer.h rename to test/fuzztest/services/accesstoken/getspecialseccompenhancestub_fuzzer/getspecialseccompenhancestub_fuzzer.h diff --git a/test/fuzztest/services/privacy/getspecialseccompenhancestub_fuzzer/project.xml b/test/fuzztest/services/accesstoken/getspecialseccompenhancestub_fuzzer/project.xml similarity index 100% rename from test/fuzztest/services/privacy/getspecialseccompenhancestub_fuzzer/project.xml rename to test/fuzztest/services/accesstoken/getspecialseccompenhancestub_fuzzer/project.xml diff --git a/test/fuzztest/services/privacy/registerseccompenhancestub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/registerseccompenhancestub_fuzzer/BUILD.gn similarity index 63% rename from test/fuzztest/services/privacy/registerseccompenhancestub_fuzzer/BUILD.gn rename to test/fuzztest/services/accesstoken/registerseccompenhancestub_fuzzer/BUILD.gn index 7e2be9f5b4a79c20ba34538909c52100eca32d42..a4d9d7c8a47170dcde6eef2b252cc6376f84bf1b 100644 --- a/test/fuzztest/services/privacy/registerseccompenhancestub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/registerseccompenhancestub_fuzzer/BUILD.gn @@ -14,10 +14,10 @@ import("//build/config/features.gni") import("//build/test.gni") import("../../../../../access_token.gni") -import("../privacy_service_fuzz.gni") +import("../access_token_service_fuzz.gni") ohos_fuzztest("RegisterSecCompEnhanceStubFuzzTest") { - module_out_path = module_output_path_service_privacy + module_out_path = module_output_path_service_access_token fuzz_config_file = "." sources = [ "registerseccompenhancestub_fuzzer.cpp" ] @@ -29,24 +29,18 @@ ohos_fuzztest("RegisterSecCompEnhanceStubFuzzTest") { "-fno-omit-frame-pointer", ] - configs = [ "${access_token_path}/config:coverage_flags" ] - - include_dirs = privacy_include_dirs + include_dirs = access_token_include_dirs - sources += privacy_sources - sources += [ "${access_token_path}/services/privacymanager/src/seccomp/privacy_sec_comp_enhance_agent.cpp" ] + deps = access_token_deps - defines = privacy_defines + configs = [ "${access_token_path}/config:coverage_flags" ] - cflags_cc = privacy_cflags_cc - cflags_cc += [ - "-DSECURITY_COMPONENT_ENHANCE_ENABLE", - "-DTOKEN_SYNC_ENABLE", - ] + external_deps = access_token_external_deps - deps = privacy_deps + include_dirs += access_token_impl_include_dirs - deps += [ "${access_token_path}/interfaces/innerkits/privacy:libprivacy_sdk" ] + cflags_cc = access_token_cflags_cc - external_deps = privacy_external_deps -} + sources += access_token_sources + sources += access_token_impl_sources +} \ No newline at end of file diff --git a/test/fuzztest/services/privacy/registerseccompenhancestub_fuzzer/corpus/init b/test/fuzztest/services/accesstoken/registerseccompenhancestub_fuzzer/corpus/init similarity index 100% rename from test/fuzztest/services/privacy/registerseccompenhancestub_fuzzer/corpus/init rename to test/fuzztest/services/accesstoken/registerseccompenhancestub_fuzzer/corpus/init diff --git a/test/fuzztest/services/privacy/registerseccompenhancestub_fuzzer/project.xml b/test/fuzztest/services/accesstoken/registerseccompenhancestub_fuzzer/project.xml similarity index 100% rename from test/fuzztest/services/privacy/registerseccompenhancestub_fuzzer/project.xml rename to test/fuzztest/services/accesstoken/registerseccompenhancestub_fuzzer/project.xml diff --git a/test/fuzztest/services/privacy/registerseccompenhancestub_fuzzer/registerseccompenhancestub_fuzzer.cpp b/test/fuzztest/services/accesstoken/registerseccompenhancestub_fuzzer/registerseccompenhancestub_fuzzer.cpp similarity index 100% rename from test/fuzztest/services/privacy/registerseccompenhancestub_fuzzer/registerseccompenhancestub_fuzzer.cpp rename to test/fuzztest/services/accesstoken/registerseccompenhancestub_fuzzer/registerseccompenhancestub_fuzzer.cpp diff --git a/test/fuzztest/services/privacy/registerseccompenhancestub_fuzzer/registerseccompenhancestub_fuzzer.h b/test/fuzztest/services/accesstoken/registerseccompenhancestub_fuzzer/registerseccompenhancestub_fuzzer.h similarity index 100% rename from test/fuzztest/services/privacy/registerseccompenhancestub_fuzzer/registerseccompenhancestub_fuzzer.h rename to test/fuzztest/services/accesstoken/registerseccompenhancestub_fuzzer/registerseccompenhancestub_fuzzer.h diff --git a/test/fuzztest/services/privacy/updateseccompenhancestub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/updateseccompenhancestub_fuzzer/BUILD.gn similarity index 65% rename from test/fuzztest/services/privacy/updateseccompenhancestub_fuzzer/BUILD.gn rename to test/fuzztest/services/accesstoken/updateseccompenhancestub_fuzzer/BUILD.gn index d97ec3ca21304560e79868572f02c836577e1003..0d43d652bb42d537912f3c2051756db6635213df 100644 --- a/test/fuzztest/services/privacy/updateseccompenhancestub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/updateseccompenhancestub_fuzzer/BUILD.gn @@ -14,10 +14,10 @@ import("//build/config/features.gni") import("//build/test.gni") import("../../../../../access_token.gni") -import("../privacy_service_fuzz.gni") +import("../access_token_service_fuzz.gni") ohos_fuzztest("UpdateSecCompEnhanceStubFuzzTest") { - module_out_path = module_output_path_service_privacy + module_out_path = module_output_path_service_access_token fuzz_config_file = "." sources = [ "updateseccompenhancestub_fuzzer.cpp" ] @@ -29,21 +29,18 @@ ohos_fuzztest("UpdateSecCompEnhanceStubFuzzTest") { "-fno-omit-frame-pointer", ] - configs = [ "${access_token_path}/config:coverage_flags" ] - - include_dirs = privacy_include_dirs + include_dirs = access_token_include_dirs - sources += privacy_sources - sources += [ "${access_token_path}/services/privacymanager/src/seccomp/privacy_sec_comp_enhance_agent.cpp" ] + deps = access_token_deps - defines = privacy_defines + configs = [ "${access_token_path}/config:coverage_flags" ] - cflags_cc = privacy_cflags_cc - cflags_cc += [ "-DSECURITY_COMPONENT_ENHANCE_ENABLE" ] + external_deps = access_token_external_deps - deps = privacy_deps + include_dirs += access_token_impl_include_dirs - deps += [ "${access_token_path}/interfaces/innerkits/privacy:libprivacy_sdk" ] + cflags_cc = access_token_cflags_cc - external_deps = privacy_external_deps -} + sources += access_token_sources + sources += access_token_impl_sources +} \ No newline at end of file diff --git a/test/fuzztest/services/privacy/updateseccompenhancestub_fuzzer/corpus/init b/test/fuzztest/services/accesstoken/updateseccompenhancestub_fuzzer/corpus/init similarity index 100% rename from test/fuzztest/services/privacy/updateseccompenhancestub_fuzzer/corpus/init rename to test/fuzztest/services/accesstoken/updateseccompenhancestub_fuzzer/corpus/init diff --git a/test/fuzztest/services/privacy/updateseccompenhancestub_fuzzer/project.xml b/test/fuzztest/services/accesstoken/updateseccompenhancestub_fuzzer/project.xml similarity index 100% rename from test/fuzztest/services/privacy/updateseccompenhancestub_fuzzer/project.xml rename to test/fuzztest/services/accesstoken/updateseccompenhancestub_fuzzer/project.xml diff --git a/test/fuzztest/services/privacy/updateseccompenhancestub_fuzzer/updateseccompenhancestub_fuzzer.cpp b/test/fuzztest/services/accesstoken/updateseccompenhancestub_fuzzer/updateseccompenhancestub_fuzzer.cpp similarity index 100% rename from test/fuzztest/services/privacy/updateseccompenhancestub_fuzzer/updateseccompenhancestub_fuzzer.cpp rename to test/fuzztest/services/accesstoken/updateseccompenhancestub_fuzzer/updateseccompenhancestub_fuzzer.cpp diff --git a/test/fuzztest/services/privacy/updateseccompenhancestub_fuzzer/updateseccompenhancestub_fuzzer.h b/test/fuzztest/services/accesstoken/updateseccompenhancestub_fuzzer/updateseccompenhancestub_fuzzer.h similarity index 100% rename from test/fuzztest/services/privacy/updateseccompenhancestub_fuzzer/updateseccompenhancestub_fuzzer.h rename to test/fuzztest/services/accesstoken/updateseccompenhancestub_fuzzer/updateseccompenhancestub_fuzzer.h diff --git a/test/fuzztest/services/privacy/BUILD.gn b/test/fuzztest/services/privacy/BUILD.gn index c27efe960861af886aa2232d32c3447a9912e777..45d1e7aff103e09e2fefb2173d17486c7e9efc3f 100644 --- a/test/fuzztest/services/privacy/BUILD.gn +++ b/test/fuzztest/services/privacy/BUILD.gn @@ -34,14 +34,5 @@ group("fuzztest") { "stopusingpermissionstub_fuzzer:StopUsingPermissionStubFuzzTest", "unregisterpermactivestatuscallbackstub_fuzzer:UnRegisterPermActiveStatusCallbackStubFuzzTest", ] - - if (security_component_enhance_enable) { - deps += [ - "getseccompenhancestub_fuzzer:GetSecCompEnhanceStubFuzzTest", - "getspecialseccompenhancestub_fuzzer:GetSpecialSecCompEnhanceStubFuzzTest", - "registerseccompenhancestub_fuzzer:RegisterSecCompEnhanceStubFuzzTest", - "updateseccompenhancestub_fuzzer:UpdateSecCompEnhanceStubFuzzTest", - ] - } } }