diff --git a/services/accesstokenmanager/BUILD.gn b/services/accesstokenmanager/BUILD.gn index b4336aa5d406861a2c9f1c1f2d7b1262cbb974c4..cbb9c992a550701894c2052fe2904fb515761906 100644 --- a/services/accesstokenmanager/BUILD.gn +++ b/services/accesstokenmanager/BUILD.gn @@ -98,7 +98,6 @@ if (is_standard_system) { "main/cpp/src/token/accesstoken_id_manager.cpp", "main/cpp/src/token/accesstoken_info_manager.cpp", "main/cpp/src/token/hap_token_info_inner.cpp", - "main/cpp/src/token/native_token_info_inner.cpp", "main/cpp/src/token/native_token_receptor.cpp", ] sources += access_token_impl_sources diff --git a/services/accesstokenmanager/main/cpp/include/database/access_token_db.h b/services/accesstokenmanager/main/cpp/include/database/access_token_db.h index 280b7610cc7b5d1660f6c58abcd3204fe5b05869..58a5512956ed0593a0e289fcdf85825debe6e93f 100644 --- a/services/accesstokenmanager/main/cpp/include/database/access_token_db.h +++ b/services/accesstokenmanager/main/cpp/include/database/access_token_db.h @@ -35,14 +35,12 @@ public: static AccessTokenDb& GetInstance(); virtual ~AccessTokenDb() = default; - int32_t Add(const AtmDataType type, const std::vector& values); - int32_t Remove(const AtmDataType type, const GenericValues& conditionValue); int32_t Modify(const AtmDataType type, const GenericValues& modifyValue, const GenericValues& conditionValue); int32_t Find(AtmDataType type, const GenericValues& conditionValue, std::vector& results); std::shared_ptr GetRdb(); - int32_t DeleteAndInsertValues(const std::vector& deleteDataTypes, - const std::vector& deleteValues, const std::vector& addDataTypes, - const std::vector>& addValues); + int32_t DeleteAndInsertValues( + const std::vector& delDataTypes, const std::vector& delValues, + const std::vector& addDataTypes, const std::vector>& addValues); private: AccessTokenDb(); diff --git a/services/accesstokenmanager/main/cpp/include/database/data_translator.h b/services/accesstokenmanager/main/cpp/include/database/data_translator.h index be2eb79eb4dac8da1276ab68b8e0ad54a1beb838..1c694c3c2b936879063e603211a089a090506e5d 100644 --- a/services/accesstokenmanager/main/cpp/include/database/data_translator.h +++ b/services/accesstokenmanager/main/cpp/include/database/data_translator.h @@ -18,9 +18,9 @@ #include -#include "hap_token_info_inner.h" -#include "native_token_info_inner.h" #include "generic_values.h" +#include "permission_def.h" +#include "permission_status.h" namespace OHOS { namespace Security { diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h index 83e5eb808d6b3f6c71c9decc17f11bbab5f42b3a..2150418c7ecf65da0a588c9fcd772e319e9d98e5 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h @@ -67,8 +67,6 @@ public: int GetReqPermissions( AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant); int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag); - int32_t SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status, int32_t userID); - int32_t GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status, int32_t userID); int32_t RequestAppPermOnSetting(const HapTokenInfo& hapInfo, const std::string& bundleName, const std::string& abilityName); int32_t CheckAndUpdatePermission(AccessTokenID tokenID, const std::string& permissionName, @@ -91,9 +89,9 @@ public: void ParamUpdate(const std::string& permissionName, uint32_t flag, bool filtered); void NotifyWhenPermissionStateUpdated(AccessTokenID tokenID, const std::string& permissionName, bool isGranted, uint32_t flag, const std::shared_ptr& infoPtr); - void AddPermToKernel(AccessTokenID tokenID); - void AddPermToKernel(AccessTokenID tokenID, const std::shared_ptr& policy); - void AddPermToKernel(AccessTokenID tokenID, const std::vector& permList); + void AddNativePermToKernel( + AccessTokenID tokenID, const std::vector& opCodeList, const std::vector& statusList); + void AddHapPermToKernel(AccessTokenID tokenID, const std::vector& permList); void RemovePermFromKernel(AccessTokenID tokenID); void SetPermToKernel(AccessTokenID tokenID, const std::string& permissionName, bool isGranted); bool InitPermissionList(const std::string& appDistributionType, const HapPolicy& policy, @@ -119,8 +117,6 @@ private: bool GetLocationPermissionIndex(std::vector& reqPermList, LocationIndex& locationIndex); bool GetLocationPermissionState(AccessTokenID tokenID, std::vector& reqPermList, std::vector& permsList, int32_t apiVersion, const LocationIndex& locationIndex); - int32_t FindPermRequestToggleStatusFromDb(int32_t userID, const std::string& permissionName); - void AddPermRequestToggleStatusToDb(int32_t userID, const std::string& permissionName, int32_t status); bool IsPermissionStateOrFlagMatched(const PermissionStatus& stata1, const PermissionStatus& stata2); PermissionGrantEvent grantEvent_; diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h b/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h index 7c3462b8f712339473fca43983c4c664a3d97ca8..d23ab610e943521e5734c897301e3f8d05d4b119 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h @@ -53,13 +53,9 @@ public: void ToString(std::string& info); static void ToString(std::string& info, const std::vector& permList, const std::vector& permStateList); - bool IsPermissionReqValid(int32_t tokenApl, const std::string& permissionName, - const std::vector& nativeAcls); - void PermStateToString(int32_t tokenApl, const std::vector& nativeAcls, std::string& info); void GetPermissionStateList(std::vector& stateList); void ResetUserGrantPermissionStatus(void); static uint32_t GetFlagWroteToDb(uint32_t grantFlag); - void GetPermissionStateList(std::vector& opCodeList, std::vector& statusList); uint32_t GetReqPermissionSize(); static std::shared_ptr BuildPermissionPolicySetFromDb( AccessTokenID tokenId, const std::vector& permStateRes); diff --git a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h index 0a0a2637dae516fa3fadd9a7041c69226950e0d0..8d5343970702687fa4dcdcea5f7ef6fb877614df 100644 --- a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h +++ b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h @@ -30,13 +30,11 @@ #endif #include "hap_token_info.h" #include "hap_token_info_inner.h" -#include "native_token_info_inner.h" +#include "native_token_info_base.h" namespace OHOS { namespace Security { namespace AccessToken { -static const int UDID_MAX_LENGTH = 128; // udid/uuid max length - #ifdef TOKEN_SYNC_ENABLE class AccessTokenDmInitCallback final : public DistributedHardware::DmInitCallback { void OnRemoteDied() override @@ -49,10 +47,10 @@ public: static AccessTokenInfoManager& GetInstance(); ~AccessTokenInfoManager(); void Init(); + void InitNativeTokenInfos(uint32_t& nativeSize); int32_t GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenIdList); std::shared_ptr GetHapTokenInfoInner(AccessTokenID id); int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& infoParcel); - std::shared_ptr GetNativeTokenInfoInner(AccessTokenID id); int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoBase& info); int AllocAccessTokenIDEx(const HapInfoParams& info, AccessTokenID tokenId, AccessTokenIDEx& tokenIdEx); int RemoveHapTokenInfo(AccessTokenID id); @@ -61,7 +59,6 @@ public: int CreateHapTokenInfo(const HapInfoParams& info, const HapPolicy& policy, AccessTokenIDEx& tokenIdEx); AccessTokenIDEx GetHapTokenID(int32_t userID, const std::string& bundleName, int32_t instIndex); AccessTokenID AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID); - void ProcessNativeTokenInfos(const std::vector>& tokenInfos); int32_t UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, const std::vector& permStateList, ATokenAplEnum apl, const std::vector& permList); @@ -100,38 +97,20 @@ public: #endif bool UpdateCapStateToDatabase(AccessTokenID tokenID, bool enable); + int32_t SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status, int32_t userID); + int32_t GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status, int32_t userID); private: AccessTokenInfoManager(); DISALLOW_COPY_AND_MOVE(AccessTokenInfoManager); void InitHapTokenInfos(uint32_t& hapSize); - void InitNativeTokenInfos(uint32_t& nativeSize); int AddHapTokenInfo(const std::shared_ptr& info); - int AddNativeTokenInfo(const std::shared_ptr& info); std::string GetHapUniqueStr(const std::shared_ptr& info) const; std::string GetHapUniqueStr(const int& userID, const std::string& bundleName, const int& instIndex) const; - void IdFalseWithProcessTrueCache(const std::shared_ptr& infoPtr, AccessTokenID cfgTokenId, - std::string& cfgProcessName, AccessTokenID oriTokenId); - void IdFalseWithProcessFalseCache(const std::shared_ptr& infoPtr, AccessTokenID cfgTokenId, - std::string& cfgProcessName); - void IdTrueWithProcessTrueCache(const std::shared_ptr& infoPtr, AccessTokenID cfgTokenId, - std::string& cfgProcessName); - void TryUpdateExistNativeToken(const std::shared_ptr& infoPtr, - std::vector& deleteTokenList, std::vector& nativeTokenValues, - std::vector& permStateValues); - int AllocNativeToken(const std::shared_ptr& infoPtr); - int AddHapTokenInfoToDb(AccessTokenID tokenID, const std::shared_ptr& hapInfo, - const std::string& appId, ATokenAplEnum apl); - int AddNativeTokenInfoToDb( - const std::vector& nativeInfoValues, const std::vector& permStateValues); - int RemoveTokenInfoFromDb(AccessTokenID tokenID, bool isHap = true); - void StoreHapInfo(const std::shared_ptr& hapInfo, - const std::string& appId, ATokenAplEnum apl, - std::vector& valueList); - int32_t ModifyHapTokenInfoToDb(std::shared_ptr& infoPtr, - const std::vector& permStateList, - const UpdateHapInfoParams& info, ATokenAplEnum apl); + int AddHapTokenInfoToDb(const std::shared_ptr& hapInfo, + const std::string& appId, ATokenAplEnum apl, bool isUpdate); + int RemoveHapTokenInfoFromDb(AccessTokenID tokenID); int CreateRemoteHapTokenInfo(AccessTokenID mapID, HapTokenInfoForSync& hapSync); int UpdateRemoteHapTokenInfo(AccessTokenID mapID, HapTokenInfoForSync& hapSync); void PermissionStateNotify(const std::shared_ptr& info, AccessTokenID id); @@ -149,6 +128,13 @@ private: int32_t UpdatePermissionStateToKernel(const std::map& tokenIdList); void GetGoalHapList(std::map& tokenIdList, std::map& changedUserList); + int32_t AddPermRequestToggleStatusToDb(int32_t userID, const std::string& permissionName, int32_t status); + int32_t FindPermRequestToggleStatusFromDb(int32_t userID, const std::string& permissionName); + void GetNativePermissionList(const NativeTokenInfoBase& native, + std::vector& opCodeList, std::vector& statusList); + bool IsPermissionReqValid(int32_t tokenApl, const std::string& permissionName, + const std::vector& nativeAcls); + void NativeTokenToString(AccessTokenID tokenID, std::string& info); bool hasInited_; std::atomic_int32_t dumpTaskNum_; diff --git a/services/accesstokenmanager/main/cpp/include/token/accesstoken_remote_token_manager.h b/services/accesstokenmanager/main/cpp/include/token/accesstoken_remote_token_manager.h index c110c1df08ca5305b1bfd53f9a6be0c27254cb78..80637308f694872238e03816b1e9330726c898b5 100644 --- a/services/accesstokenmanager/main/cpp/include/token/accesstoken_remote_token_manager.h +++ b/services/accesstokenmanager/main/cpp/include/token/accesstoken_remote_token_manager.h @@ -23,7 +23,6 @@ #include "access_token.h" #include "hap_token_info.h" #include "hap_token_info_inner.h" -#include "native_token_info_inner.h" #include "nocopyable.h" #include "rwlock.h" diff --git a/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h b/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h index f18ddf548dda6093f1a3e1118e3e442a994f0ec4..c31d0b2848cd43809873e7f24afe9a9cfb3f66d6 100644 --- a/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h +++ b/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h @@ -41,7 +41,7 @@ public: void Update(const UpdateHapInfoParams& info, const std::vector& permStateList); void TranslateToHapTokenInfo(HapTokenInfo& infoParcel) const; - void StoreHapInfo(std::vector& valueList) const; + void StoreHapInfo(std::vector& valueList, const std::string& appId, ATokenAplEnum apl) const; void StorePermissionPolicy(std::vector& permStateValues); int RestoreHapTokenInfo(AccessTokenID tokenId, const GenericValues& tokenValue, const std::vector& permStateRes); diff --git a/services/accesstokenmanager/main/cpp/include/token/native_token_info_base.h b/services/accesstokenmanager/main/cpp/include/token/native_token_info_base.h index fce6962433ca0d605d29192c7a7a0eeb9d499527..47cbf7d9c147f162d2f8f3c141c63412a8f33811 100644 --- a/services/accesstokenmanager/main/cpp/include/token/native_token_info_base.h +++ b/services/accesstokenmanager/main/cpp/include/token/native_token_info_base.h @@ -18,11 +18,13 @@ #include #include #include "access_token.h" +#include "permission_status.h" namespace OHOS { namespace Security { namespace AccessToken { struct NativeTokenInfoBase { + /** native token info */ ATokenAplEnum apl; unsigned char ver; std::string processName; @@ -30,6 +32,8 @@ struct NativeTokenInfoBase { AccessTokenID tokenID; AccessTokenAttr tokenAttr; std::vector nativeAcls; + /** permission state list */ + std::vector permStateList; }; struct NativeTokenInfoCache { diff --git a/services/accesstokenmanager/main/cpp/include/token/native_token_info_inner.h b/services/accesstokenmanager/main/cpp/include/token/native_token_info_inner.h deleted file mode 100644 index 80f1189c502dfdf7185d36e525af6e3cf4a7a587..0000000000000000000000000000000000000000 --- a/services/accesstokenmanager/main/cpp/include/token/native_token_info_inner.h +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef ACCESSTOKEN_NATIVE_TOKEN_INFO_INNER_H -#define ACCESSTOKEN_NATIVE_TOKEN_INFO_INNER_H - -#include -#include -#include "access_token.h" -#include "generic_values.h" -#include "native_token_info_base.h" -#include "permission_policy_set.h" -#include "permission_status.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -static const int MAX_DCAPS_NUM = 10 * 1024; -static const int MAX_REQ_PERM_NUM = 10 * 1024; - -class NativeTokenInfoInner final { -public: - NativeTokenInfoInner(); - NativeTokenInfoInner(NativeTokenInfoBase& info, - const std::vector& permStateList); - virtual ~NativeTokenInfoInner(); - - void TransferNativeInfo(std::vector& valueList) const; - void TransferPermissionPolicy(std::vector& permStateValues) const; - void SetDcaps(const std::string& dcapStr); - void SetNativeAcls(const std::string& aclsStr); - void ToString(std::string& info) const; - int RestoreNativeTokenInfo(AccessTokenID tokenId, const GenericValues& inGenericValues, - const std::vector& permStateRes); - - AccessTokenID GetTokenID() const; - AccessTokenID GetApl() const; - std::string GetProcessName() const; - std::shared_ptr GetNativeInfoPermissionPolicySet() const; - uint32_t GetReqPermissionSize() const; - -private: - std::string DcapToString(const std::vector& dcap) const; - std::string NativeAclsToString(const std::vector& nativeAcls) const; - - NativeTokenInfoBase tokenInfoBasic_; - std::shared_ptr permPolicySet_; -}; -} // namespace AccessToken -} // namespace Security -} // namespace OHOS -#endif // ACCESSTOKEN_NATIVE_TOKEN_INFO_INNER_H diff --git a/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h b/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h index 33e553efb6beb093d69e982d5ede98c969420a1f..009fa2dadd21602771c53ec9b28db6baf058452a 100644 --- a/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h +++ b/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h @@ -19,12 +19,11 @@ #include #include -#include "native_token_info_inner.h" +#include "native_token_info_base.h" #include "access_token.h" #include "nlohmann/json.hpp" #include "nocopyable.h" -#include "permission_policy_set.h" #include "permission_status.h" namespace OHOS { @@ -37,16 +36,14 @@ class NativeTokenReceptor final { public: static NativeTokenReceptor& GetInstance(); virtual ~NativeTokenReceptor() = default; - int Init(); + int GetAllNativeTokenInfo(std::vector& tokenInfos); private: NativeTokenReceptor() {} DISALLOW_COPY_AND_MOVE(NativeTokenReceptor); int ReadCfgFile(std::string &nativeRawData); - void FromJson(const nlohmann::json &jsonObject, - std::vector>& tokenInfos); - int32_t ParserNativeRawData(const std::string& nativeRawData, - std::vector>& tokenInfos); + void FromJson(const nlohmann::json &jsonObject, std::vector>& tokenInfos); + int32_t ParserNativeRawData(const std::string& nativeRawData, std::vector& tokenInfos); void from_json(const nlohmann::json& j, NativeTokenInfoBase& p); }; } // namespace AccessToken diff --git a/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp b/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp index 1d163e3b6e83c22273c7324d1a08ca0fb7755424..5678b1207b61c5f00ef7bfd3e27d3d7088cfa9c3 100644 --- a/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp +++ b/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp @@ -152,24 +152,6 @@ int32_t AccessTokenDb::AddValues(const AtmDataType type, const std::vector& values) -{ - int64_t beginTime = TimeUtil::GetCurrentTimestamp(); - - { - OHOS::Utils::UniqueWriteGuard lock(this->rwLock_); - int32_t res = AddValues(type, values); - if (res != 0) { - return res; - } - } - - int64_t endTime = TimeUtil::GetCurrentTimestamp(); - ACCESSTOKEN_LOG_INFO(LABEL, "Add cost %{public}" PRId64, endTime - beginTime); - - return 0; -} - int32_t AccessTokenDb::RestoreAndDeleteIfCorrupt(const int32_t resultCode, int32_t& deletedRows, const NativeRdb::RdbPredicates& predicates, const std::shared_ptr& db) { @@ -229,24 +211,6 @@ int32_t AccessTokenDb::RemoveValues(const AtmDataType type, const GenericValues& return 0; } -int32_t AccessTokenDb::Remove(const AtmDataType type, const GenericValues& conditionValue) -{ - int64_t beginTime = TimeUtil::GetCurrentTimestamp(); - - { - OHOS::Utils::UniqueWriteGuard lock(this->rwLock_); - int32_t res = RemoveValues(type, conditionValue); - if (res != 0) { - return res; - } - } - - int64_t endTime = TimeUtil::GetCurrentTimestamp(); - ACCESSTOKEN_LOG_INFO(LABEL, "Remove cost %{public}" PRId64, endTime - beginTime); - - return 0; -} - int32_t AccessTokenDb::RestoreAndUpdateIfCorrupt(const int32_t resultCode, int32_t& changedRows, const NativeRdb::ValuesBucket& bucket, const NativeRdb::RdbPredicates& predicates, const std::shared_ptr& db) @@ -408,9 +372,9 @@ int32_t AccessTokenDb::Find(AtmDataType type, const GenericValues& conditionValu return 0; } -int32_t AccessTokenDb::DeleteAndInsertValues(const std::vector& deleteDataTypes, - const std::vector& deleteValues, const std::vector& addDataTypes, - const std::vector>& addValues) +int32_t AccessTokenDb::DeleteAndInsertValues( + const std::vector& delDataTypes, const std::vector& delValues, + const std::vector& addDataTypes, const std::vector>& addValues) { int64_t beginTime = TimeUtil::GetCurrentTimestamp(); @@ -425,9 +389,9 @@ int32_t AccessTokenDb::DeleteAndInsertValues(const std::vector& del db->BeginTransaction(); int32_t res = 0; - size_t count = deleteDataTypes.size(); + size_t count = delDataTypes.size(); for (size_t i = 0; i < count; ++i) { - res = RemoveValues(deleteDataTypes[i], deleteValues[i]); + res = RemoveValues(delDataTypes[i], delValues[i]); if (res != 0) { db->RollBack(); return res; diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp index 71d4315b63f3cc3008a336e2599e9ebf7ebbc507..acb050d628572cd6b6b9c32e163c0d508b2b89dc 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp @@ -15,6 +15,7 @@ #include "permission_definition_cache.h" +#include #include "access_token.h" #include "access_token_error.h" #include "accesstoken_log.h" diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index 0761e4ffd1143ef17b83d1afdc341937b0f2f16f..7a86b74f40dd1fdb1887c60f0e5e17d63b9d76be 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -54,7 +54,6 @@ namespace { static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "PermissionManager"}; static const char* PERMISSION_STATUS_CHANGE_KEY = "accesstoken.permission.change"; static constexpr int32_t VALUE_MAX_LEN = 32; -static constexpr int32_t BASE_USER_RANGE = 200000; static const std::vector g_notDisplayedPerms = { "ohos.permission.ANSWER_CALL", "ohos.permission.MANAGE_VOICEMAIL", @@ -312,110 +311,6 @@ int PermissionManager::GetPermissionFlag(AccessTokenID tokenID, const std::strin return ret; } -int32_t PermissionManager::FindPermRequestToggleStatusFromDb(int32_t userID, const std::string& permissionName) -{ - std::vector permRequestToggleStatusRes; - GenericValues conditionValue; - conditionValue.Put(TokenFiledConst::FIELD_USER_ID, userID); - conditionValue.Put(TokenFiledConst::FIELD_PERMISSION_NAME, permissionName); - - AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_PERMISSION_REQUEST_TOGGLE_STATUS, - conditionValue, permRequestToggleStatusRes); - if (permRequestToggleStatusRes.empty()) { - // never set, return default status: CLOSED if APP_TRACKING_CONSENT - return (permissionName == "ohos.permission.APP_TRACKING_CONSENT") ? - PermissionRequestToggleStatus::CLOSED : PermissionRequestToggleStatus::OPEN; - } - return permRequestToggleStatusRes[0].GetInt(TokenFiledConst::FIELD_REQUEST_TOGGLE_STATUS); -} - -void PermissionManager::AddPermRequestToggleStatusToDb( - int32_t userID, const std::string& permissionName, int32_t status) -{ - Utils::UniqueWriteGuard infoGuard(this->permToggleStateLock_); - GenericValues value; - value.Put(TokenFiledConst::FIELD_USER_ID, userID); - value.Put(TokenFiledConst::FIELD_PERMISSION_NAME, permissionName); - AccessTokenDb::GetInstance().Remove(AtmDataType::ACCESSTOKEN_PERMISSION_REQUEST_TOGGLE_STATUS, value); - - std::vector permRequestToggleStatusValues; - value.Put(TokenFiledConst::FIELD_REQUEST_TOGGLE_STATUS, status); - permRequestToggleStatusValues.emplace_back(value); - AccessTokenDb::GetInstance().Add(AtmDataType::ACCESSTOKEN_PERMISSION_REQUEST_TOGGLE_STATUS, - permRequestToggleStatusValues); -} - -int32_t PermissionManager::SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status, - int32_t userID) -{ - if (userID == 0) { - userID = IPCSkeleton::GetCallingUid() / BASE_USER_RANGE; - } - - ACCESSTOKEN_LOG_INFO(LABEL, "UserID=%{public}u, permissionName=%{public}s, status=%{public}d", userID, - permissionName.c_str(), status); - if (!PermissionValidator::IsUserIdValid(userID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "UserID is invalid."); - return AccessTokenError::ERR_PARAM_INVALID; - } - if (!PermissionValidator::IsPermissionNameValid(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission name is invalid."); - return AccessTokenError::ERR_PARAM_INVALID; - } - if (!PermissionDefinitionCache::GetInstance().HasDefinition(permissionName)) { - ACCESSTOKEN_LOG_ERROR( - LABEL, "Permission=%{public}s is not defined.", permissionName.c_str()); - return AccessTokenError::ERR_PERMISSION_NOT_EXIST; - } - if (PermissionDefinitionCache::GetInstance().IsSystemGrantedPermission(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Only support permissions of user_grant to set."); - return AccessTokenError::ERR_PARAM_INVALID; - } - if (!PermissionValidator::IsToggleStatusValid(status)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Status is invalid."); - return AccessTokenError::ERR_PARAM_INVALID; - } - - AddPermRequestToggleStatusToDb(userID, permissionName, status); - - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERM_DIALOG_STATUS_INFO", - HiviewDFX::HiSysEvent::EventType::STATISTIC, "USERID", userID, "PERMISSION_NAME", permissionName, - "TOGGLE_STATUS", status); - - return 0; -} - -int32_t PermissionManager::GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status, - int32_t userID) -{ - if (userID == 0) { - userID = IPCSkeleton::GetCallingUid() / BASE_USER_RANGE; - } - - ACCESSTOKEN_LOG_INFO(LABEL, "UserID=%{public}u, permissionName=%{public}s", userID, permissionName.c_str()); - if (!PermissionValidator::IsUserIdValid(userID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "UserID is invalid."); - return AccessTokenError::ERR_PARAM_INVALID; - } - if (!PermissionValidator::IsPermissionNameValid(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission name is invalid."); - return AccessTokenError::ERR_PARAM_INVALID; - } - if (!PermissionDefinitionCache::GetInstance().HasDefinition(permissionName)) { - ACCESSTOKEN_LOG_ERROR( - LABEL, "Permission=%{public}s is not defined.", permissionName.c_str()); - return AccessTokenError::ERR_PERMISSION_NOT_EXIST; - } - if (PermissionDefinitionCache::GetInstance().IsSystemGrantedPermission(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Only support permissions of user_grant to get."); - return AccessTokenError::ERR_PARAM_INVALID; - } - - status = static_cast(FindPermRequestToggleStatusFromDb(userID, permissionName)); - - return 0; -} - int32_t PermissionManager::RequestAppPermOnSetting(const HapTokenInfo& hapInfo, const std::string& bundleName, const std::string& abilityName) { @@ -893,27 +788,9 @@ void PermissionManager::NotifyPermGrantStoreResult(bool result, uint64_t timesta grantEvent_.NotifyPermGrantStoreResult(result, timestamp); } -void PermissionManager::AddPermToKernel(AccessTokenID tokenID, const std::shared_ptr& policy) +void PermissionManager::AddNativePermToKernel(AccessTokenID tokenID, + const std::vector& opCodeList, const std::vector& statusList) { - if (policy == nullptr) { - return; - } - std::vector opCodeList; - std::vector statusList; - policy->GetPermissionStateList(opCodeList, statusList); - int32_t ret = AddPermissionToKernel(tokenID, opCodeList, statusList); - if (ret != ACCESS_TOKEN_OK) { - ACCESSTOKEN_LOG_ERROR(LABEL, "AddPermissionToKernel(token=%{public}d), size=%{public}zu, err=%{public}d", - tokenID, opCodeList.size(), ret); - } -} - -void PermissionManager::AddPermToKernel(AccessTokenID tokenID) -{ - std::vector opCodeList; - std::vector statusList; - std::vector EmptyList; - HapTokenInfoInner::GetPermStatusListByTokenId(tokenID, EmptyList, opCodeList, statusList); int32_t ret = AddPermissionToKernel(tokenID, opCodeList, statusList); if (ret != ACCESS_TOKEN_OK) { ACCESSTOKEN_LOG_ERROR(LABEL, "AddPermissionToKernel(token=%{public}d), size=%{public}zu, err=%{public}d", @@ -921,7 +798,7 @@ void PermissionManager::AddPermToKernel(AccessTokenID tokenID) } } -void PermissionManager::AddPermToKernel(AccessTokenID tokenID, const std::vector& permList) +void PermissionManager::AddHapPermToKernel(AccessTokenID tokenID, const std::vector& permList) { std::vector permCodeList; for (const auto &permission : permList) { diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp index cdff38c419994d1b8ce93266a59ef0619a8f7018..da4559bd08a3ecfdf3b89a7a71c68f13ab566a69 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp @@ -350,18 +350,6 @@ void PermissionPolicySet::GetPermissionStateList(std::vector& permList.assign(permStateList_.begin(), permStateList_.end()); } -void PermissionPolicySet::GetPermissionStateList(std::vector& opCodeList, std::vector& statusList) -{ - Utils::UniqueReadGuard infoGuard(this->permPolicySetLock_); - for (const auto& state : permStateList_) { - uint32_t code; - if (TransferPermissionToOpcode(state.permissionName, code)) { - opCodeList.emplace_back(code); - statusList.emplace_back(state.grantStatus == PERMISSION_GRANTED); - } - } -} - uint32_t PermissionPolicySet::GetReqPermissionSize() { return static_cast(permStateList_.size()); @@ -443,58 +431,6 @@ void PermissionPolicySet::ToString(std::string& info, const std::vector& nativeAcls) -{ - PermissionDef permissionDef; - int ret = PermissionDefinitionCache::GetInstance().FindByPermissionName( - permissionName, permissionDef); - if (ret != RET_SUCCESS) { - return false; - } - if (tokenApl >= permissionDef.availableLevel) { - return true; - } - - auto iter = std::find(nativeAcls.begin(), nativeAcls.end(), permissionName); - if (iter != nativeAcls.end()) { - return true; - } - return false; -} - -void PermissionPolicySet::PermStateToString(int32_t tokenApl, - const std::vector& nativeAcls, std::string& info) -{ - Utils::UniqueReadGuard infoGuard(this->permPolicySetLock_); - - std::vector invalidPermList = {}; - info.append(R"( "permStateList": [)"); - info.append("\n"); - for (auto iter = permStateList_.begin(); iter != permStateList_.end(); iter++) { - if (!IsPermissionReqValid(tokenApl, iter->permissionName, nativeAcls)) { - invalidPermList.emplace_back(iter->permissionName); - continue; - } - PermStateFullToString(*iter, info); - if (iter != (permStateList_.end() - 1)) { - info.append(",\n"); - } - } - info.append("\n ]\n"); - - if (invalidPermList.empty()) { - return; - } - - info.append(R"( "invalidPermList": [)"); - info.append("\n"); - for (auto iter = invalidPermList.begin(); iter != invalidPermList.end(); iter++) { - info.append(R"( "permissionName": ")" + *iter + R"(")" + ",\n"); - } - info.append("\n ]\n"); -} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index 94c1899ac0c75bf4970a394c51aa1aa65a8023ab..f934671177b8eb141ca648ba0d20ffefb8a178c5 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -36,8 +36,6 @@ #endif #include "ipc_skeleton.h" #include "libraryloader.h" -#include "native_token_info_inner.h" -#include "native_token_receptor.h" #include "parameter.h" #include "permission_list_state.h" #include "permission_manager.h" @@ -291,13 +289,13 @@ int AccessTokenManagerService::GetPermissionFlag( int32_t AccessTokenManagerService::SetPermissionRequestToggleStatus( const std::string& permissionName, uint32_t status, int32_t userID = 0) { - return PermissionManager::GetInstance().SetPermissionRequestToggleStatus(permissionName, status, userID); + return AccessTokenInfoManager::GetInstance().SetPermissionRequestToggleStatus(permissionName, status, userID); } int32_t AccessTokenManagerService::GetPermissionRequestToggleStatus( const std::string& permissionName, uint32_t& status, int32_t userID = 0) { - return PermissionManager::GetInstance().GetPermissionRequestToggleStatus(permissionName, status, userID); + return AccessTokenInfoManager::GetInstance().GetPermissionRequestToggleStatus(permissionName, status, userID); } int32_t AccessTokenManagerService::RequestAppPermOnSetting(AccessTokenID tokenID) @@ -487,9 +485,10 @@ int AccessTokenManagerService::GetNativeTokenInfo(AccessTokenID tokenID, NativeT #ifndef ATM_BUILD_VARIANT_USER_ENABLE int32_t AccessTokenManagerService::ReloadNativeTokenInfo() { - return NativeTokenReceptor::GetInstance().Init(); + uint32_t nativeSize = 0; + AccessTokenInfoManager::GetInstance().InitNativeTokenInfos(nativeSize); + return RET_SUCCESS; } - #endif AccessTokenID AccessTokenManagerService::GetNativeTokenId(const std::string& processName) @@ -699,7 +698,6 @@ bool AccessTokenManagerService::Initialize() ReportSysEventPerformance(); AccessTokenInfoManager::GetInstance().Init(); AccessTokenInfoManager::GetInstance().ClearHapPolicy(); - NativeTokenReceptor::GetInstance().Init(); #ifdef EVENTHANDLER_ENABLE TempPermissionObserver::GetInstance().InitEventHandler(); diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index 7473ce26d5096cc1cb786536805c0b2a592768c5..e83af4bb4b68ab917235c946d634f2313bbae973 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -21,6 +21,7 @@ #include #include #include "access_token.h" +#include "access_token_db.h" #include "accesstoken_dfx_define.h" #include "accesstoken_id_manager.h" #include "accesstoken_log.h" @@ -43,7 +44,7 @@ #include "permission_map.h" #include "permission_validator.h" #include "perm_setproc.h" -#include "access_token_db.h" +#include "native_token_receptor.h" #include "token_field_const.h" #include "token_setproc.h" #ifdef TOKEN_SYNC_ENABLE @@ -57,6 +58,7 @@ namespace { std::recursive_mutex g_instanceMutex; static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AccessTokenInfoManager"}; static const unsigned int SYSTEM_APP_FLAG = 0x0001; +static constexpr int32_t BASE_USER_RANGE = 200000; #ifdef TOKEN_SYNC_ENABLE static const int MAX_PTHREAD_NAME_LEN = 15; // pthread name max length static const std::string ACCESS_TOKEN_PACKAGE_NAME = "ohos.security.distributed_token_sync"; @@ -176,54 +178,6 @@ void AccessTokenInfoManager::InitHapTokenInfos(uint32_t& hapSize) PermissionDefinitionCache::GetInstance().RestorePermDefInfo(permDefRes); } -void AccessTokenInfoManager::InitNativeTokenInfos(uint32_t& nativeSize) -{ - GenericValues conditionValue; - std::vector nativeTokenResults; - std::vector permStateRes; - int32_t ret = AccessTokenDb::GetInstance().Find( - AtmDataType::ACCESSTOKEN_NATIVE_INFO, conditionValue, nativeTokenResults); - if (ret != RET_SUCCESS || nativeTokenResults.empty()) { - ReportSysEventServiceStartError(INIT_NATIVE_TOKENINFO_ERROR, "Load native from db fail.", ret); - } - ret = AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_PERMISSION_STATE, conditionValue, permStateRes); - if (ret != RET_SUCCESS || permStateRes.empty()) { - ReportSysEventServiceStartError(INIT_NATIVE_TOKENINFO_ERROR, "Load perm state from db fail.", ret); - } - for (const GenericValues& nativeTokenValue : nativeTokenResults) { - AccessTokenID tokenId = (AccessTokenID)nativeTokenValue.GetInt(TokenFiledConst::FIELD_TOKEN_ID); - std::string process = nativeTokenValue.GetString(TokenFiledConst::FIELD_PROCESS_NAME); - ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(tokenId); - int result = AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, type); - if (result != RET_SUCCESS) { - ReportSysEventServiceStartError(INIT_NATIVE_TOKENINFO_ERROR, - "RegisterTokenId fail, " + process + std::to_string(tokenId), result); - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenId %{public}u add failed, error=%{public}d.", tokenId, result); - continue; - } - std::shared_ptr native = std::make_shared(); - result = native->RestoreNativeTokenInfo(tokenId, nativeTokenValue, permStateRes); - if (result != RET_SUCCESS) { - AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); - ACCESSTOKEN_LOG_ERROR(LABEL, "Id %{public}u restore failed.", tokenId); - continue; - } - - result = AddNativeTokenInfo(native); - if (result != RET_SUCCESS) { - AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); - ACCESSTOKEN_LOG_ERROR(LABEL, "Id %{public}u add failed.", tokenId); - ReportSysEventServiceStartError(INIT_NATIVE_TOKENINFO_ERROR, - "AddNativeTokenInfo fail, " + process + std::to_string(tokenId), result); - continue; - } - nativeSize++; - ACCESSTOKEN_LOG_INFO(LABEL, - "restore native token %{public}u process name %{public}s, permSize %{public}u ok!", - tokenId, native->GetProcessName().c_str(), native->GetReqPermissionSize()); - } -} - std::string AccessTokenInfoManager::GetHapUniqueStr(const int& userID, const std::string& bundleName, const int& instIndex) const { @@ -279,38 +233,11 @@ int AccessTokenInfoManager::AddHapTokenInfo(const std::shared_ptr& info) -{ - if (info == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Token info is null."); - return AccessTokenError::ERR_PARAM_INVALID; - } - - AccessTokenID id = info->GetTokenID(); - Utils::UniqueWriteGuard infoGuard(this->nativeTokenInfoLock_); - if (nativeTokenInfoMap_.count(id) > 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Token %{public}u has exist.", id); - return AccessTokenError::ERR_TOKENID_HAS_EXISTED; - } - - ACCESSTOKEN_LOG_DEBUG(LABEL, "Token info is added %{public}u.", id); - nativeTokenInfoMap_[id].processName = info->GetProcessName(); - nativeTokenInfoMap_[id].apl = ATokenAplEnum(info->GetApl()); - - std::shared_ptr policySet = info->GetNativeInfoPermissionPolicySet(); - if (policySet != nullptr) { - policySet->GetPermissionStateList(nativeTokenInfoMap_[id].opCodeList, nativeTokenInfoMap_[id].statusList); - } - - PermissionManager::GetInstance().AddPermToKernel(id, policySet); + PermissionManager::GetInstance().AddHapPermToKernel(id, std::vector()); return RET_SUCCESS; } @@ -360,7 +287,7 @@ std::shared_ptr AccessTokenInfoManager::GetHapTokenInfoInner( AccessTokenIDManager::GetInstance().RegisterTokenId(id, TOKEN_HAP); hapTokenIdMap_[GetHapUniqueStr(hap)] = id; hapTokenInfoMap_[id] = hap; - PermissionManager::GetInstance().AddPermToKernel(id); + PermissionManager::GetInstance().AddHapPermToKernel(id, std::vector()); ACCESSTOKEN_LOG_INFO(LABEL, " Token %{public}u is not found in map(mapSize: %{public}zu), begin load from DB," " restore bundle %{public}s user %{public}d, idx %{public}d, permSize %{public}d.", id, hapTokenInfoMap_.size(), hap->GetBundleName().c_str(), hap->GetUserID(), hap->GetInstIndex(), hap->GetReqPermissionSize()); @@ -430,38 +357,6 @@ int AccessTokenInfoManager::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& return RET_SUCCESS; } -std::shared_ptr AccessTokenInfoManager::GetNativeTokenInfoInner(AccessTokenID id) -{ - GenericValues conditionValue; - std::vector nativeTokenResults; - std::vector permStateRes; - conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(id)); - - int32_t ret = AccessTokenDb::GetInstance().Find( - AtmDataType::ACCESSTOKEN_NATIVE_INFO, conditionValue, nativeTokenResults); - if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Id %{public}u find native info failed.", id); - return nullptr; - } - if (nativeTokenResults.empty()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Id %{public}u find native info empty.", id); - return nullptr; - } - ret = AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_PERMISSION_STATE, conditionValue, permStateRes); - if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Id %{public}u find permState info failed.", id); - return nullptr; - } - - std::shared_ptr native = std::make_shared(); - ret = native->RestoreNativeTokenInfo(id, nativeTokenResults[0], permStateRes); - if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Id %{public}u restore failed.", id); - return nullptr; - } - return native; -} - int AccessTokenInfoManager::GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoBase& info) { Utils::UniqueReadGuard infoGuard(this->nativeTokenInfoLock_); @@ -487,7 +382,7 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id) PermissionManager::GetInstance().RemoveDefPermissions(id); { Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); - RemoveTokenInfoFromDb(id, true); + RemoveHapTokenInfoFromDb(id); // remove hap to kernel PermissionManager::GetInstance().RemovePermFromKernel(id); AccessTokenIDManager::GetInstance().ReleaseTokenId(id); @@ -547,9 +442,6 @@ int AccessTokenInfoManager::RemoveNativeTokenInfo(AccessTokenID id) } AccessTokenIDManager::GetInstance().ReleaseTokenId(id); ACCESSTOKEN_LOG_INFO(LABEL, "Remove native token %{public}u ok!", id); - if (RemoveTokenInfoFromDb(id, false) != RET_SUCCESS) { - return AccessTokenError::ERR_DATABASE_OPERATE_FAILED; - } // remove native to kernel PermissionManager::GetInstance().RemovePermFromKernel(id); @@ -601,13 +493,13 @@ int AccessTokenInfoManager::CreateHapTokenInfo( #else std::shared_ptr tokenInfo = std::make_shared(tokenId, info, policy); #endif - AddHapTokenInfoToDb(tokenId, tokenInfo, info.appIDDesc, policy.apl); + AddHapTokenInfoToDb(tokenInfo, info.appIDDesc, policy.apl, false); int ret = AddHapTokenInfo(tokenInfo); if (ret != RET_SUCCESS) { ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s add token info failed", info.bundleName.c_str()); AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); PermissionManager::GetInstance().RemoveDefPermissions(tokenId); - RemoveTokenInfoFromDb(tokenId, true); + RemoveHapTokenInfoFromDb(tokenId); return ret; } ACCESSTOKEN_LOG_INFO(LABEL, "Create hap token %{public}u bundleName %{public}s user %{public}d inst %{public}d ok", @@ -648,299 +540,60 @@ AccessTokenIDEx AccessTokenInfoManager::GetHapTokenID(int32_t userID, const std: return tokenIdEx; } -void AccessTokenInfoManager::IdFalseWithProcessTrueCache(const std::shared_ptr& infoPtr, - AccessTokenID cfgTokenId, std::string& cfgProcessName, AccessTokenID oriTokenId) -{ - if (infoPtr == nullptr) { - ACCESSTOKEN_LOG_WARN(LABEL, "Info is null."); - return; - } - - ACCESSTOKEN_LOG_INFO(LABEL, "Token %{public}u is new, process name %{public}s is old, " - "delete origin and add new to cache and database!", cfgTokenId, cfgProcessName.c_str()); - - // remove old tokenId from cache - AccessTokenIDManager::GetInstance().ReleaseTokenId(oriTokenId); - - // add new tokenId to cache - ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(cfgTokenId); - int32_t res = AccessTokenIDManager::GetInstance().RegisterTokenId(cfgTokenId, type); - if (res != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Token id register fail, res is %{public}d.", res); - return; - } - - // remove old native token info from cache - Utils::UniqueWriteGuard infoGuard(this->nativeTokenInfoLock_); - if (nativeTokenInfoMap_.count(oriTokenId) > 0) { - nativeTokenInfoMap_.erase(oriTokenId); - } - - // add new native token info to cache - NativeTokenInfoCache cache; - cache.processName = cfgProcessName; - cache.apl = static_cast(infoPtr->GetApl()); - - std::shared_ptr policySet = infoPtr->GetNativeInfoPermissionPolicySet(); - if (policySet != nullptr) { - policySet->GetPermissionStateList(cache.opCodeList, cache.statusList); - } - - nativeTokenInfoMap_[cfgTokenId] = cache; - PermissionManager::GetInstance().AddPermToKernel(cfgTokenId, policySet); -} - -void AccessTokenInfoManager::IdFalseWithProcessFalseCache(const std::shared_ptr& infoPtr, - AccessTokenID cfgTokenId, std::string& cfgProcessName) +void AccessTokenInfoManager::GetNativePermissionList(const NativeTokenInfoBase& native, + std::vector& opCodeList, std::vector& statusList) { - if (infoPtr == nullptr) { - ACCESSTOKEN_LOG_WARN(LABEL, "Info is null."); - return; - } - - ACCESSTOKEN_LOG_INFO(LABEL, "Token %{public}u and process %{public}s is new, add to cache and database!", - cfgTokenId, cfgProcessName.c_str()); - - // add new tokenId to cache - ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(cfgTokenId); - int32_t res = AccessTokenIDManager::GetInstance().RegisterTokenId(cfgTokenId, type); - if (res != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Token id register fail, res is %{public}d.", res); - return; - } - - // add new native token info to cache - Utils::UniqueWriteGuard infoGuard(this->nativeTokenInfoLock_); - NativeTokenInfoCache cache; - cache.processName = cfgProcessName; - cache.apl = static_cast(infoPtr->GetApl()); - - std::shared_ptr policySet = infoPtr->GetNativeInfoPermissionPolicySet(); - if (policySet != nullptr) { - policySet->GetPermissionStateList(cache.opCodeList, cache.statusList); - } - - nativeTokenInfoMap_[cfgTokenId] = cache; - PermissionManager::GetInstance().AddPermToKernel(cfgTokenId, policySet); -} - -void AccessTokenInfoManager::IdTrueWithProcessTrueCache(const std::shared_ptr& infoPtr, - AccessTokenID cfgTokenId, std::string& cfgProcessName) -{ - if (infoPtr == nullptr) { - ACCESSTOKEN_LOG_WARN(LABEL, "Info is null."); - return; - } - - ACCESSTOKEN_LOG_INFO(LABEL, "Token %{public}u and process %{public}s is old, update cache!", - cfgTokenId, cfgProcessName.c_str()); - - // update new native token info to cache - Utils::UniqueWriteGuard infoGuard(this->nativeTokenInfoLock_); - nativeTokenInfoMap_[cfgTokenId].apl = static_cast(infoPtr->GetApl()); - nativeTokenInfoMap_[cfgTokenId].opCodeList.clear(); - nativeTokenInfoMap_[cfgTokenId].statusList.clear(); - - std::shared_ptr policySet = infoPtr->GetNativeInfoPermissionPolicySet(); - if (policySet != nullptr) { - policySet->GetPermissionStateList(nativeTokenInfoMap_[cfgTokenId].opCodeList, - nativeTokenInfoMap_[cfgTokenId].statusList); + // need to process aclList + for (const auto& state : native.permStateList) { + uint32_t code; + // add IsPermissionReqValid to filter invalid permission + if (TransferPermissionToOpcode(state.permissionName, code)) { + opCodeList.emplace_back(code); + statusList.emplace_back(state.grantStatus == PERMISSION_GRANTED); + } } - - PermissionManager::GetInstance().AddPermToKernel(cfgTokenId, policySet); } -// idExist true + processExist false : do nothing -// idExist false + processExist true : delete native from cache and db + add tokenId and native to cache and db -// idExist false + processExist false : add tokenId and native cache + add native db -// idExist true + processExist true : update native cache -// db operation handle out of this function -void AccessTokenInfoManager::TryUpdateExistNativeToken(const std::shared_ptr& infoPtr, - std::vector& deleteTokenList, std::vector& nativeTokenValues, - std::vector& permStateValues) +void AccessTokenInfoManager::InitNativeTokenInfos(uint32_t& nativeSize) { - AccessTokenID cfgTokenId = infoPtr->GetTokenID(); - std::string cfgProcessName = infoPtr->GetProcessName(); - AccessTokenID oriTokenId = INVALID_TOKENID; - bool idExist = false; - bool processExist = false; - - { - Utils::UniqueReadGuard infoGuard(this->nativeTokenInfoLock_); - idExist = (nativeTokenInfoMap_.count(cfgTokenId) > 0); - for (auto iter = nativeTokenInfoMap_.begin(); iter != nativeTokenInfoMap_.end(); ++iter) { - if (iter->second.processName == cfgProcessName) { - processExist = true; - oriTokenId = iter->first; - break; - } - } - } - - if (idExist && processExist && (cfgTokenId != oriTokenId)) { - AccessTokenIDManager::GetInstance().ReleaseTokenId(cfgTokenId); - idExist = false; - } - - if (idExist && !processExist) { // id is exist, but it is not this process, so neither update nor add - ACCESSTOKEN_LOG_ERROR(LABEL, "Token %{public}u is old and process %{public}s is new, can not update.", - cfgTokenId, cfgProcessName.c_str()); - return; - } - - if (!idExist && processExist) { // this process is exist, but id is not same, perhaps libat lose his data - IdFalseWithProcessTrueCache(infoPtr, cfgTokenId, cfgProcessName, oriTokenId); - - std::string errMsg = "processName=" + cfgProcessName + ", newTokenID=" + std::to_string(cfgTokenId) + - ", oldTokenID=" + std::to_string(oriTokenId); - ReportSysEventServiceStartError(TOKENID_NOT_EQUAL, errMsg, TOKENID_NOT_EQUAL); - - deleteTokenList.emplace_back(oriTokenId); - infoPtr->TransferNativeInfo(nativeTokenValues); // get new native token info - infoPtr->TransferPermissionPolicy(permStateValues); // get new permission state - - return; - } - - if (!idExist && !processExist) { - IdFalseWithProcessFalseCache(infoPtr, cfgTokenId, cfgProcessName); - - infoPtr->TransferNativeInfo(nativeTokenValues); // get new native token info - infoPtr->TransferPermissionPolicy(permStateValues); // get new permission state - + std::vector tokenInfos; + int ret = NativeTokenReceptor::GetInstance().GetAllNativeTokenInfo(tokenInfos); + if (ret != RET_SUCCESS) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to load native from native json, err=%{public}d.", ret); + ReportSysEventServiceStartError( + INIT_NATIVE_TOKENINFO_ERROR, "GetAllNativeTokenInfo fail from native json.", ret); return; } - - IdTrueWithProcessTrueCache(infoPtr, cfgTokenId, cfgProcessName); -} - -void AccessTokenInfoManager::ProcessNativeTokenInfos( - const std::vector>& tokenInfos) -{ - std::vector deleteTokenList; - std::vector permStateValues; - std::vector nativeTokenValues; - for (const auto& infoPtr: tokenInfos) { - if (infoPtr == nullptr) { - ACCESSTOKEN_LOG_WARN(LABEL, "Token info from libat is null"); + for (const auto& info: tokenInfos) { + AccessTokenID tokenId = info.tokenID; + std::string process = info.processName; + // add tokenId to cache + ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(tokenId); + int32_t res = AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, type); + if (res != RET_SUCCESS) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Token id register fail, res is %{public}d.", res); + ReportSysEventServiceStartError(INIT_NATIVE_TOKENINFO_ERROR, + "RegisterTokenId fail, " + process + std::to_string(tokenId), res); continue; } - - TryUpdateExistNativeToken(infoPtr, deleteTokenList, nativeTokenValues, permStateValues); - } - - std::vector deleteDataTypes; - std::vector deleteValues; - for (const auto& tokenId : deleteTokenList) { - GenericValues conditionValue; - conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenId)); - - deleteDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_NATIVE_INFO); - deleteValues.emplace_back(conditionValue); - } - - std::vector addDataTypes; - addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_NATIVE_INFO); - addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_STATE); - - std::vector> addValues; - addValues.emplace_back(nativeTokenValues); - addValues.emplace_back(permStateValues); - - int32_t res = AccessTokenDb::GetInstance().DeleteAndInsertValues(deleteDataTypes, deleteValues, addDataTypes, - addValues); - if (res != 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "DeleteAndInsertNative failed!"); - } -} - -void AccessTokenInfoManager::StoreHapInfo(const std::shared_ptr& hapInfo, - const std::string& appId, ATokenAplEnum apl, - std::vector& valueList) -{ - if (hapInfo == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "hap token ptr is null"); - return; - } - - if (hapInfo->IsRemote()) { - ACCESSTOKEN_LOG_INFO(LABEL, - "token %{public}x is remote hap token, will not store", hapInfo->GetTokenID()); - return; - } - hapInfo->StoreHapInfo(valueList); - if (valueList.empty()) { - return; - } - GenericValues &outGenericValues = valueList.at(valueList.size() - 1); - outGenericValues.Put(TokenFiledConst::FIELD_APP_ID, appId); - outGenericValues.Put(TokenFiledConst::FIELD_APL, static_cast(apl)); - outGenericValues.Put(TokenFiledConst::FIELD_DEVICE_ID, ""); -} - -int32_t AccessTokenInfoManager::ModifyHapTokenInfoToDb(std::shared_ptr& infoPtr, - const std::vector& permStateList, - const UpdateHapInfoParams& info, ATokenAplEnum apl) -{ - infoPtr->Update(info, permStateList); - AccessTokenID tokenId = infoPtr->GetTokenID(); - if (infoPtr->IsRemote()) { + std::vector opCodeList; + std::vector statusList; + GetNativePermissionList(info, opCodeList, statusList); + // add native token info to cache + Utils::UniqueWriteGuard infoGuard(this->nativeTokenInfoLock_); + NativeTokenInfoCache cache; + cache.processName = process; + cache.apl = static_cast(info.apl); + cache.opCodeList = opCodeList; + cache.statusList = statusList; + + nativeTokenInfoMap_[tokenId] = cache; + PermissionManager::GetInstance().AddNativePermToKernel(tokenId, cache.opCodeList, cache.statusList); ACCESSTOKEN_LOG_INFO(LABEL, - "token %{public}x is remote hap token, will not store", tokenId); - return RET_SUCCESS; - } - - // get new hap token info from cache - std::vector hapInfoValues; - StoreHapInfo(infoPtr, info.appIDDesc, apl, hapInfoValues); - - // get new permission def from cache if exist - std::vector permDefValues; - PermissionDefinitionCache::GetInstance().StorePermissionDef(tokenId, permDefValues); - - // get new permission status from cache if exist - std::vector permStateValues; - infoPtr->StorePermissionPolicy(permStateValues); - - GenericValues conditionValue; - conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenId)); - - std::vector deleteDataTypes; - deleteDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_HAP_INFO); - deleteDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_DEF); - deleteDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_STATE); - - std::vector deleteValues; - deleteValues.emplace_back(conditionValue); - deleteValues.emplace_back(conditionValue); - deleteValues.emplace_back(conditionValue); - - std::vector addDataTypes; - addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_HAP_INFO); - addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_DEF); - addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_STATE); - - std::vector> addValues; - addValues.emplace_back(hapInfoValues); - addValues.emplace_back(permDefValues); - addValues.emplace_back(permStateValues); - - int32_t ret = AccessTokenDb::GetInstance().DeleteAndInsertValues(deleteDataTypes, deleteValues, addDataTypes, - addValues); - if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, - "TokenID %{public}d DeleteAndInsertHap failed, ret %{public}d.", tokenId, ret); - return ret; + "Init native token %{public}u process name %{public}s, permSize %{public}zu ok!", + tokenId, process.c_str(), info.permStateList.size()); + nativeSize++; } - - ACCESSTOKEN_LOG_INFO(LABEL, "Token %{public}u bundle name %{public}s user %{public}d \ -inst %{public}d tokenAttr %{public}d update ok!", infoPtr->GetTokenID(), infoPtr->GetBundleName().c_str(), - infoPtr->GetUserID(), infoPtr->GetInstIndex(), infoPtr->GetHapInfoBasic().tokenAttr); - // DFX - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_HAP", - HiviewDFX::HiSysEvent::EventType::STATISTIC, "TOKENID", infoPtr->GetTokenID(), "USERID", - infoPtr->GetUserID(), "BUNDLENAME", infoPtr->GetBundleName(), "INSTINDEX", infoPtr->GetInstIndex()); - return RET_SUCCESS; } int32_t AccessTokenInfoManager::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, @@ -970,7 +623,8 @@ int32_t AccessTokenInfoManager::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const PermissionManager::GetInstance().AddDefPermissions(permList, tokenID, true); { Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); - int32_t ret = ModifyHapTokenInfoToDb(infoPtr, permStateList, info, apl); + infoPtr->Update(info, permStateList); + int32_t ret = AddHapTokenInfoToDb(infoPtr, info.appIDDesc, apl, true); if (ret != RET_SUCCESS) { return ret; } @@ -986,11 +640,11 @@ int32_t AccessTokenInfoManager::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const if (!permPolicyList_.empty() && (std::find(inactiveUserList_.begin(), inactiveUserList_.end(), userId) != inactiveUserList_.end())) { ACCESSTOKEN_LOG_INFO(LABEL, "Execute user policy."); - PermissionManager::GetInstance().AddPermToKernel(tokenID, permPolicyList_); + PermissionManager::GetInstance().AddHapPermToKernel(tokenID, permPolicyList_); return RET_SUCCESS; } } - PermissionManager::GetInstance().AddPermToKernel(tokenID); + PermissionManager::GetInstance().AddHapPermToKernel(tokenID, std::vector()); return RET_SUCCESS; } @@ -1025,7 +679,7 @@ int AccessTokenInfoManager::UpdateRemoteHapTokenInfo(AccessTokenID mapID, HapTok Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); infoPtr->UpdateRemoteHapTokenInfo(mapID, hapSync.baseInfo, hapSync.permStateList); // update remote hap to kernel - PermissionManager::GetInstance().AddPermToKernel(mapID); + PermissionManager::GetInstance().AddHapPermToKernel(mapID, std::vector()); return RET_SUCCESS; } @@ -1243,46 +897,82 @@ AccessTokenInfoManager& AccessTokenInfoManager::GetInstance() return *instance; } -int AccessTokenInfoManager::AddHapTokenInfoToDb( - AccessTokenID tokenID, const std::shared_ptr& hapInfo, - const std::string& appId, ATokenAplEnum apl) +int AccessTokenInfoManager::AddHapTokenInfoToDb(const std::shared_ptr& hapInfo, + const std::string& appId, ATokenAplEnum apl, bool isUpdate) { - std::vector hapInfoValues; - std::vector permDefValues; - std::vector permStateValues; if (hapInfo == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Token %{public}u info is null!", tokenID); + ACCESSTOKEN_LOG_ERROR(LABEL, "Token info is null!"); return AccessTokenError::ERR_TOKENID_NOT_EXIST; } - StoreHapInfo(hapInfo, appId, apl, hapInfoValues); - hapInfo->StorePermissionPolicy(permStateValues); + if (hapInfo->IsRemote()) { + ACCESSTOKEN_LOG_ERROR(LABEL, "It is a remote hap!"); + return AccessTokenError::ERR_TOKENID_NOT_EXIST; + } + AccessTokenID tokenID = hapInfo->GetTokenID(); + + // get new hap token info from cache + std::vector hapInfoValues; + hapInfo->StoreHapInfo(hapInfoValues, appId, apl); + + // get new permission def from cache if exist + std::vector permDefValues; PermissionDefinitionCache::GetInstance().StorePermissionDef(tokenID, permDefValues); - AccessTokenDb::GetInstance().Add(AtmDataType::ACCESSTOKEN_HAP_INFO, hapInfoValues); - AccessTokenDb::GetInstance().Add(AtmDataType::ACCESSTOKEN_PERMISSION_STATE, permStateValues); - AccessTokenDb::GetInstance().Add(AtmDataType::ACCESSTOKEN_PERMISSION_DEF, permDefValues); - return RET_SUCCESS; -} -int AccessTokenInfoManager::AddNativeTokenInfoToDb( - const std::vector& nativeInfoValues, const std::vector& permStateValues) -{ - AccessTokenDb::GetInstance().Add(AtmDataType::ACCESSTOKEN_NATIVE_INFO, nativeInfoValues); - AccessTokenDb::GetInstance().Add(AtmDataType::ACCESSTOKEN_PERMISSION_STATE, permStateValues); + // get new permission status from cache if exist + std::vector permStateValues; + hapInfo->StorePermissionPolicy(permStateValues); + + std::vector addDataTypes; + std::vector delDataTypes; + addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_HAP_INFO); + addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_DEF); + addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_STATE); + + std::vector deleteValues; + if (isUpdate) { // udapte: delete and add; otherwise add only + delDataTypes.assign(addDataTypes.begin(), addDataTypes.end()); + GenericValues conditionValue; + conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenID)); + deleteValues.emplace_back(conditionValue); + deleteValues.emplace_back(conditionValue); + deleteValues.emplace_back(conditionValue); + } + + std::vector> addValues; + addValues.emplace_back(hapInfoValues); + addValues.emplace_back(permDefValues); + addValues.emplace_back(permStateValues); + + int32_t ret = AccessTokenDb::GetInstance().DeleteAndInsertValues( + delDataTypes, deleteValues, addDataTypes, addValues); + if (ret != RET_SUCCESS) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Id %{public}d DeleteAndInsertHap failed, ret %{public}d.", tokenID, ret); + return ret; + } return RET_SUCCESS; } -int AccessTokenInfoManager::RemoveTokenInfoFromDb(AccessTokenID tokenID, bool isHap) +int AccessTokenInfoManager::RemoveHapTokenInfoFromDb(AccessTokenID tokenID) { - GenericValues values; - values.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenID)); + GenericValues condition; + condition.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenID)); + std::vector deleteDataTypes; + std::vector deleteValues; + deleteDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_HAP_INFO); + deleteDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_DEF); + deleteDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_STATE); + deleteValues.emplace_back(condition); + deleteValues.emplace_back(condition); + deleteValues.emplace_back(condition); - if (isHap) { - AccessTokenDb::GetInstance().Remove(AtmDataType::ACCESSTOKEN_HAP_INFO, values); - AccessTokenDb::GetInstance().Remove(AtmDataType::ACCESSTOKEN_PERMISSION_DEF, values); - } else { - AccessTokenDb::GetInstance().Remove(AtmDataType::ACCESSTOKEN_NATIVE_INFO, values); + std::vector addDataTypes; + std::vector> addValues; + int32_t ret = AccessTokenDb::GetInstance().DeleteAndInsertValues(deleteDataTypes, deleteValues, addDataTypes, + addValues); + if (ret != RET_SUCCESS) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Id %{public}d DeleteAndInsertHap failed, ret %{public}d.", tokenID, ret); + return ret; } - AccessTokenDb::GetInstance().Remove(AtmDataType::ACCESSTOKEN_PERMISSION_STATE, values); return RET_SUCCESS; } @@ -1357,10 +1047,7 @@ void AccessTokenInfoManager::DumpHapTokenInfoByTokenId(const AccessTokenID token infoPtr->ToString(dumpInfo); } } else if (type == TOKEN_NATIVE || type == TOKEN_SHELL) { - std::shared_ptr infoPtr = GetNativeTokenInfoInner(tokenId); - if (infoPtr != nullptr) { - infoPtr->ToString(dumpInfo); - } + NativeTokenToString(tokenId, dumpInfo); } else { dumpInfo.append("invalid tokenId"); } @@ -1396,11 +1083,7 @@ void AccessTokenInfoManager::DumpAllHapTokenname(std::string& dumpInfo) void AccessTokenInfoManager::DumpNativeTokenInfoByProcessName(const std::string& processName, std::string& dumpInfo) { - AccessTokenID id = GetNativeTokenId(processName); - std::shared_ptr infoPtr = GetNativeTokenInfoInner(id); - if (infoPtr != nullptr) { - infoPtr->ToString(dumpInfo); - } + NativeTokenToString(GetNativeTokenId(processName), dumpInfo); } void AccessTokenInfoManager::DumpAllNativeTokenName(std::string& dumpInfo) @@ -1508,12 +1191,12 @@ int32_t AccessTokenInfoManager::ClearUserGrantedPermission(AccessTokenID id) Utils::UniqueReadGuard infoGuard(this->userPolicyLock_); if (!permPolicyList_.empty() && (std::find(inactiveUserList_.begin(), inactiveUserList_.end(), userId) != inactiveUserList_.end())) { - PermissionManager::GetInstance().AddPermToKernel(id, permPolicyList_); + PermissionManager::GetInstance().AddHapPermToKernel(id, permPolicyList_); PermissionManager::GetInstance().NotifyUpdatedPermList(grantedPermListBefore, grantedPermListAfter, id); return RET_SUCCESS; } } - PermissionManager::GetInstance().AddPermToKernel(id); + PermissionManager::GetInstance().AddHapPermToKernel(id, std::vector()); ACCESSTOKEN_LOG_INFO(LABEL, "grantedPermListBefore size %{public}zu, grantedPermListAfter size %{public}zu!", grantedPermListBefore.size(), grantedPermListAfter.size()); @@ -1885,6 +1568,193 @@ void AccessTokenInfoManager::ClearHapPolicy() iter->second->ClearHapInfoPermissionPolicySet(); } } + +int32_t AccessTokenInfoManager::AddPermRequestToggleStatusToDb( + int32_t userID, const std::string& permissionName, int32_t status) +{ + GenericValues condition; + condition.Put(TokenFiledConst::FIELD_USER_ID, userID); + condition.Put(TokenFiledConst::FIELD_PERMISSION_NAME, permissionName); + + std::vector dataTypes; + dataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_REQUEST_TOGGLE_STATUS); + + // delete + std::vector deleteValues; + deleteValues.emplace_back(condition); + + // add + std::vector> addValues; + std::vector value; + condition.Put(TokenFiledConst::FIELD_REQUEST_TOGGLE_STATUS, status); + value.emplace_back(condition); + addValues.emplace_back(value); + int32_t ret = AccessTokenDb::GetInstance().DeleteAndInsertValues(dataTypes, deleteValues, dataTypes, addValues); + if (ret != RET_SUCCESS) { + ACCESSTOKEN_LOG_ERROR(LABEL, "DeleteAndInsertHap failed, ret %{public}d.", ret); + return ret; + } + return RET_SUCCESS; +} + +int32_t AccessTokenInfoManager::SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status, + int32_t userID) +{ + if (userID == 0) { + userID = IPCSkeleton::GetCallingUid() / BASE_USER_RANGE; + } + + ACCESSTOKEN_LOG_INFO(LABEL, "UserID=%{public}u, permission=%{public}s, status=%{public}d", userID, + permissionName.c_str(), status); + if (!PermissionValidator::IsUserIdValid(userID) || + !PermissionValidator::IsPermissionNameValid(permissionName) || + !PermissionValidator::IsToggleStatusValid(status)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid parameter(userId=%{public}d, perm=%{public}s, status=%{public}d).", + userID, permissionName.c_str(), status); + return AccessTokenError::ERR_PARAM_INVALID; + } + if (!PermissionDefinitionCache::GetInstance().HasDefinition(permissionName)) { + ACCESSTOKEN_LOG_ERROR( + LABEL, "Permission=%{public}s is not defined.", permissionName.c_str()); + return AccessTokenError::ERR_PERMISSION_NOT_EXIST; + } + if (PermissionDefinitionCache::GetInstance().IsSystemGrantedPermission(permissionName)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Only support permissions of user_grant to set."); + return AccessTokenError::ERR_PARAM_INVALID; + } + + int32_t ret = AddPermRequestToggleStatusToDb(userID, permissionName, status); + if (ret != RET_SUCCESS) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Status is invalid."); + return ret; + } + + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERM_DIALOG_STATUS_INFO", + HiviewDFX::HiSysEvent::EventType::STATISTIC, "USERID", userID, "PERMISSION_NAME", permissionName, + "TOGGLE_STATUS", status); + + return RET_SUCCESS; +} + +int32_t AccessTokenInfoManager::FindPermRequestToggleStatusFromDb(int32_t userID, const std::string& permissionName) +{ + std::vector result; + GenericValues conditionValue; + conditionValue.Put(TokenFiledConst::FIELD_USER_ID, userID); + conditionValue.Put(TokenFiledConst::FIELD_PERMISSION_NAME, permissionName); + + AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_PERMISSION_REQUEST_TOGGLE_STATUS, + conditionValue, result); + if (result.empty()) { + // never set, return default status: CLOSED if APP_TRACKING_CONSENT + return (permissionName == "ohos.permission.APP_TRACKING_CONSENT") ? + PermissionRequestToggleStatus::CLOSED : PermissionRequestToggleStatus::OPEN; + } + return result[0].GetInt(TokenFiledConst::FIELD_REQUEST_TOGGLE_STATUS); +} + +int32_t AccessTokenInfoManager::GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status, + int32_t userID) +{ + if (userID == 0) { + userID = IPCSkeleton::GetCallingUid() / BASE_USER_RANGE; + } + + ACCESSTOKEN_LOG_INFO(LABEL, "UserID=%{public}u, permissionName=%{public}s", userID, permissionName.c_str()); + if (!PermissionValidator::IsUserIdValid(userID) || + !PermissionValidator::IsPermissionNameValid(permissionName)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid parameter(userId=%{public}d, perm=%{public}s.", + userID, permissionName.c_str()); + return AccessTokenError::ERR_PARAM_INVALID; + } + if (!PermissionDefinitionCache::GetInstance().HasDefinition(permissionName)) { + ACCESSTOKEN_LOG_ERROR( + LABEL, "Permission=%{public}s is not defined.", permissionName.c_str()); + return AccessTokenError::ERR_PERMISSION_NOT_EXIST; + } + if (PermissionDefinitionCache::GetInstance().IsSystemGrantedPermission(permissionName)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Only support permissions of user_grant to get."); + return AccessTokenError::ERR_PARAM_INVALID; + } + + status = static_cast(FindPermRequestToggleStatusFromDb(userID, permissionName)); + + return 0; +} + +bool AccessTokenInfoManager::IsPermissionReqValid(int32_t tokenApl, const std::string& permissionName, + const std::vector& nativeAcls) +{ + PermissionDef permissionDef; + int ret = PermissionDefinitionCache::GetInstance().FindByPermissionName( + permissionName, permissionDef); + if (ret != RET_SUCCESS) { + return false; + } + if (tokenApl >= permissionDef.availableLevel) { + return true; + } + + auto iter = std::find(nativeAcls.begin(), nativeAcls.end(), permissionName); + if (iter != nativeAcls.end()) { + return true; + } + return false; +} + +void AccessTokenInfoManager::NativeTokenToString(AccessTokenID tokenID, std::string& info) +{ + std::vector tokenInfos; + int ret = NativeTokenReceptor::GetInstance().GetAllNativeTokenInfo(tokenInfos); + if (ret != RET_SUCCESS || tokenInfos.empty()) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to load native from native json, err=%{public}d.", ret); + return; + } + auto iter = tokenInfos.begin(); + while (iter != tokenInfos.end()) { + if (iter->tokenID == tokenID) { + break; + } + ++iter; + } + if (iter == tokenInfos.end()) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Id %{public}u is not exist.", tokenID); + return; + } + NativeTokenInfoBase native = *iter; + std::string invalidPermString = ""; + info.append(R"({\n)"); + info.append(R"( "tokenID": )" + std::to_string(native.tokenID) + ",\n"); + info.append(R"( "processName": ")" + native.processName + R"(")" + ",\n"); + info.append(R"( "apl": )" + std::to_string(native.apl) + ",\n"); + info.append(R"( "permStateList": [)"); + info.append("\n"); + for (auto iter = native.permStateList.begin(); iter != native.permStateList.end(); iter++) { + if (!IsPermissionReqValid(native.apl, iter->permissionName, native.nativeAcls)) { + invalidPermString.append(R"( "permissionName": ")" + iter->permissionName + R"(")" + ",\n"); + continue; + } + info.append(R"( {)"); + info.append("\n"); + info.append(R"( "permissionName": ")" + iter->permissionName + R"(")" + ",\n"); + info.append(R"( "grantStatus": )" + std::to_string(iter->grantStatus) + ",\n"); + info.append(R"( "grantFlag": )" + std::to_string(iter->grantFlag) + ",\n"); + info.append(R"( })"); + if (iter != (native.permStateList.end() - 1)) { + info.append(",\n"); + } + } + info.append("\n ]\n"); + + if (invalidPermString.empty()) { + info.append("}"); + return; + } + + info.append(R"( "invalidPermList": [\n)"); + info.append(invalidPermString); + info.append("\n ]\n}"); +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp b/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp index d073febc437cb0ebc22fee5cbd3c990307701577..a68b0f471b59db80868ff876ebeb6e8b19ada8a8 100644 --- a/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp @@ -169,7 +169,8 @@ int HapTokenInfoInner::RestoreHapTokenInfo(AccessTokenID tokenId, return RET_SUCCESS; } -void HapTokenInfoInner::StoreHapInfo(std::vector& valueList) const +void HapTokenInfoInner::StoreHapInfo(std::vector& valueList, + const std::string& appId, ATokenAplEnum apl) const { if (isRemote_) { ACCESSTOKEN_LOG_INFO(LABEL, "Token %{public}u is remote hap token, will not store", tokenInfoBasic_.tokenID); @@ -177,6 +178,9 @@ void HapTokenInfoInner::StoreHapInfo(std::vector& valueList) cons } GenericValues genericValues; TranslationIntoGenericValues(genericValues); + genericValues.Put(TokenFiledConst::FIELD_APP_ID, appId); + genericValues.Put(TokenFiledConst::FIELD_APL, static_cast(apl)); + genericValues.Put(TokenFiledConst::FIELD_DEVICE_ID, "0"); valueList.emplace_back(genericValues); } diff --git a/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp b/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp deleted file mode 100644 index c8d7c4e4dfcc28ec7d6ff91ca2cb8295e212dc35..0000000000000000000000000000000000000000 --- a/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp +++ /dev/null @@ -1,210 +0,0 @@ -/* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "native_token_info_inner.h" - -#include "access_token_error.h" -#include "accesstoken_dfx_define.h" -#include "accesstoken_log.h" -#include "data_translator.h" -#include "data_validator.h" -#include "token_field_const.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "NativeTokenInfoInner"}; -} - -NativeTokenInfoInner::NativeTokenInfoInner() -{ - tokenInfoBasic_.ver = DEFAULT_TOKEN_VERSION; - tokenInfoBasic_.tokenID = 0; - tokenInfoBasic_.tokenAttr = 0; - tokenInfoBasic_.apl = APL_NORMAL; -} - -NativeTokenInfoInner::NativeTokenInfoInner(NativeTokenInfoBase& native, - const std::vector& permStateList) -{ - tokenInfoBasic_ = native; - permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(native.tokenID, - permStateList); -} - -NativeTokenInfoInner::~NativeTokenInfoInner() -{ - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID: %{public}u destruction", tokenInfoBasic_.tokenID); -} - -std::string NativeTokenInfoInner::DcapToString(const std::vector& dcap) const -{ - std::string dcapStr; - for (auto iter = dcap.begin(); iter != dcap.end(); iter++) { - dcapStr.append(*iter); - if (iter != (dcap.end() - 1)) { - dcapStr.append(","); - } - } - return dcapStr; -} - -std::string NativeTokenInfoInner::NativeAclsToString(const std::vector& nativeAcls) const -{ - std::string nativeAclsStr; - for (auto iter = nativeAcls.begin(); iter != nativeAcls.end(); iter++) { - nativeAclsStr.append(*iter); - if (iter != (nativeAcls.end() - 1)) { - nativeAclsStr.append(","); - } - } - return nativeAclsStr; -} - -int NativeTokenInfoInner::RestoreNativeTokenInfo(AccessTokenID tokenId, const GenericValues& inGenericValues, - const std::vector& permStateRes) -{ - tokenInfoBasic_.tokenID = tokenId; - tokenInfoBasic_.processName = inGenericValues.GetString(TokenFiledConst::FIELD_PROCESS_NAME); - if (!DataValidator::IsProcessNameValid(tokenInfoBasic_.processName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, - "tokenID: %{public}u process name is null", tokenInfoBasic_.tokenID); - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK", - HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, - "ERROR_REASON", "native token processName error"); - return ERR_PARAM_INVALID; - } - int aplNum = inGenericValues.GetInt(TokenFiledConst::FIELD_APL); - if (!DataValidator::IsAplNumValid(aplNum)) { - ACCESSTOKEN_LOG_ERROR(LABEL, - "tokenID: %{public}u apl is error, value %{public}d", - tokenInfoBasic_.tokenID, aplNum); - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK", - HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, - "ERROR_REASON", "native token apl error"); - return ERR_PARAM_INVALID; - } - tokenInfoBasic_.apl = static_cast(aplNum); - tokenInfoBasic_.ver = (char)inGenericValues.GetInt(TokenFiledConst::FIELD_TOKEN_VERSION); - if (tokenInfoBasic_.ver != DEFAULT_TOKEN_VERSION) { - ACCESSTOKEN_LOG_ERROR(LABEL, - "tokenID: %{public}u version is error, version %{public}d", - tokenInfoBasic_.tokenID, tokenInfoBasic_.ver); - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK", - HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, - "ERROR_REASON", "native token version error"); - return ERR_PARAM_INVALID; - } - - SetDcaps(inGenericValues.GetString(TokenFiledConst::FIELD_DCAP)); - SetNativeAcls(inGenericValues.GetString(TokenFiledConst::FIELD_NATIVE_ACLS)); - tokenInfoBasic_.tokenAttr = (uint32_t)inGenericValues.GetInt(TokenFiledConst::FIELD_TOKEN_ATTR); - - permPolicySet_ = PermissionPolicySet::RestorePermissionPolicy(tokenId, permStateRes); - return RET_SUCCESS; -} - -void NativeTokenInfoInner::TransferNativeInfo(std::vector& valueList) const -{ - GenericValues value; - value.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenInfoBasic_.tokenID)); - value.Put(TokenFiledConst::FIELD_PROCESS_NAME, tokenInfoBasic_.processName); - value.Put(TokenFiledConst::FIELD_APL, tokenInfoBasic_.apl); - value.Put(TokenFiledConst::FIELD_TOKEN_VERSION, tokenInfoBasic_.ver); - value.Put(TokenFiledConst::FIELD_DCAP, DcapToString(tokenInfoBasic_.dcap)); - value.Put(TokenFiledConst::FIELD_NATIVE_ACLS, NativeAclsToString(tokenInfoBasic_.nativeAcls)); - value.Put(TokenFiledConst::FIELD_TOKEN_ATTR, static_cast(tokenInfoBasic_.tokenAttr)); - valueList.emplace_back(value); -} - -void NativeTokenInfoInner::TransferPermissionPolicy(std::vector& permStateValues) const -{ - if (permPolicySet_ != nullptr) { - permPolicySet_->StorePermissionPolicySet(permStateValues); - } -} - -AccessTokenID NativeTokenInfoInner::GetTokenID() const -{ - return tokenInfoBasic_.tokenID; -} - -AccessTokenID NativeTokenInfoInner::GetApl() const -{ - return tokenInfoBasic_.apl; -} - -std::string NativeTokenInfoInner::GetProcessName() const -{ - return tokenInfoBasic_.processName; -} - -std::shared_ptr NativeTokenInfoInner::GetNativeInfoPermissionPolicySet() const -{ - return permPolicySet_; -} - -uint32_t NativeTokenInfoInner::GetReqPermissionSize() const -{ - if (permPolicySet_ != nullptr) { - return permPolicySet_->GetReqPermissionSize(); - } - return static_cast(0); -} - -void NativeTokenInfoInner::SetDcaps(const std::string& dcapStr) -{ - std::string::size_type start = 0; - while (true) { - std::string::size_type offset = dcapStr.find(',', start); - if (offset == std::string::npos) { - tokenInfoBasic_.dcap.push_back(dcapStr.substr(start)); - break; - } - tokenInfoBasic_.dcap.push_back(dcapStr.substr(start, start - offset)); - start = offset + 1; - } -} - -void NativeTokenInfoInner::SetNativeAcls(const std::string& aclsStr) -{ - std::string::size_type start = 0; - while (true) { - std::string::size_type offset = aclsStr.find(',', start); - if (offset == std::string::npos) { - tokenInfoBasic_.nativeAcls.push_back(aclsStr.substr(start)); - break; - } - tokenInfoBasic_.nativeAcls.push_back(aclsStr.substr(start, offset - start)); - start = offset + 1; - } -} - -void NativeTokenInfoInner::ToString(std::string& info) const -{ - info.append(R"({)"); - info.append("\n"); - info.append(R"( "tokenID": )" + std::to_string(tokenInfoBasic_.tokenID) + ",\n"); - info.append(R"( "processName": ")" + tokenInfoBasic_.processName + R"(")" + ",\n"); - info.append(R"( "apl": )" + std::to_string(tokenInfoBasic_.apl) + ",\n"); - if (permPolicySet_ != nullptr) { - permPolicySet_->PermStateToString(tokenInfoBasic_.apl, tokenInfoBasic_.nativeAcls, info); - } - info.append("}"); -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp b/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp index 90c2d685e6b89d42d00fde935f27b6ce06641fb9..8c51b490c3744da47814e4c312a9bce83e183e8e 100644 --- a/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp @@ -33,15 +33,16 @@ namespace AccessToken { namespace { std::recursive_mutex g_instanceMutex; static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "NativeTokenReceptor"}; -static const std::string DEFAULT_DEVICEID = "0"; -static const std::string JSON_PROCESS_NAME = "processName"; -static const std::string JSON_APL = "APL"; -static const std::string JSON_VERSION = "version"; -static const std::string JSON_TOKEN_ID = "tokenId"; -static const std::string JSON_TOKEN_ATTR = "tokenAttr"; -static const std::string JSON_DCAPS = "dcaps"; -static const std::string JSON_PERMS = "permissions"; -static const std::string JSON_ACLS = "nativeAcls"; +static const char* JSON_PROCESS_NAME = "processName"; +static const char* JSON_APL = "APL"; +static const char* JSON_VERSION = "version"; +static const char* JSON_TOKEN_ID = "tokenId"; +static const char* JSON_TOKEN_ATTR = "tokenAttr"; +static const char* JSON_DCAPS = "dcaps"; +static const char* JSON_PERMS = "permissions"; +static const char* JSON_ACLS = "nativeAcls"; +static const int MAX_DCAPS_NUM = 10 * 1024; +static const int MAX_REQ_PERM_NUM = 10 * 1024; } int32_t NativeReqPermsGet( @@ -73,48 +74,42 @@ int32_t NativeReqPermsGet( } // nlohmann json need the function named from_json to parse NativeTokenInfoBase -void from_json(const nlohmann::json& j, std::shared_ptr& p) +void from_json(const nlohmann::json& j, NativeTokenInfoBase& native) { - NativeTokenInfoBase native; - - if (!JsonParser::GetStringFromJson(j, JSON_PROCESS_NAME, native.processName) || - !DataValidator::IsProcessNameValid(native.processName)) { - return; - } - + NativeTokenInfoBase info; int aplNum = 0; if (!JsonParser::GetIntFromJson(j, JSON_APL, aplNum) || !DataValidator::IsAplNumValid(aplNum)) { return; } - native.apl = static_cast(aplNum); + info.apl = static_cast(aplNum); if (j.find(JSON_VERSION) == j.end() || (!j.at(JSON_VERSION).is_number())) { return; } - native.ver = (uint8_t)j.at(JSON_VERSION).get(); - if (native.ver != DEFAULT_TOKEN_VERSION) { + info.ver = (uint8_t)j.at(JSON_VERSION).get(); + if (info.ver != DEFAULT_TOKEN_VERSION) { return; } - if (!JsonParser::GetUnsignedIntFromJson(j, JSON_TOKEN_ID, native.tokenID) || (native.tokenID == 0)) { + if (!JsonParser::GetUnsignedIntFromJson(j, JSON_TOKEN_ID, info.tokenID) || (info.tokenID == 0)) { return; } - ATokenTypeEnum type = AccessTokenIDManager::GetTokenIdTypeEnum(native.tokenID); + ATokenTypeEnum type = AccessTokenIDManager::GetTokenIdTypeEnum(info.tokenID); if ((type != TOKEN_NATIVE) && (type != TOKEN_SHELL)) { return; } - if (!JsonParser::GetUnsignedIntFromJson(j, JSON_TOKEN_ATTR, native.tokenAttr)) { + if (!JsonParser::GetUnsignedIntFromJson(j, JSON_TOKEN_ATTR, info.tokenAttr)) { return; } if (j.find(JSON_DCAPS) == j.end() || (!j.at(JSON_DCAPS).is_array())) { return; } - native.dcap = j.at(JSON_DCAPS).get>(); - if (native.dcap.size() > MAX_DCAPS_NUM) { + info.dcap = j.at(JSON_DCAPS).get>(); + if (info.dcap.size() > MAX_DCAPS_NUM) { ACCESSTOKEN_LOG_ERROR(LABEL, "Native dcap oversize."); return; } @@ -122,22 +117,25 @@ void from_json(const nlohmann::json& j, std::shared_ptr& p if (j.find(JSON_ACLS) == j.end() || (!j.at(JSON_DCAPS).is_array())) { return; } - native.nativeAcls = j.at(JSON_ACLS).get>(); - if (native.nativeAcls.size() > MAX_REQ_PERM_NUM) { + info.nativeAcls = j.at(JSON_ACLS).get>(); + if (info.nativeAcls.size() > MAX_REQ_PERM_NUM) { ACCESSTOKEN_LOG_ERROR(LABEL, "Permission num oversize."); return; } - std::vector permStateList; - if (NativeReqPermsGet(j, permStateList) != RET_SUCCESS) { + if (NativeReqPermsGet(j, info.permStateList) != RET_SUCCESS) { return; } - p = std::make_shared(native, permStateList); + if (!JsonParser::GetStringFromJson(j, JSON_PROCESS_NAME, info.processName) || + !DataValidator::IsProcessNameValid(info.processName)) { + return; + } + native = info; } int32_t NativeTokenReceptor::ParserNativeRawData(const std::string& nativeRawData, - std::vector>& tokenInfos) + std::vector& tokenInfos) { nlohmann::json jsonRes = nlohmann::json::parse(nativeRawData, nullptr, false); if (jsonRes.is_discarded()) { @@ -145,17 +143,15 @@ int32_t NativeTokenReceptor::ParserNativeRawData(const std::string& nativeRawDat return ERR_PARAM_INVALID; } for (auto it = jsonRes.begin(); it != jsonRes.end(); it++) { - auto token = it->get>(); - if (token != nullptr) { + auto token = it->get(); + if (!token.processName.empty()) { tokenInfos.emplace_back(token); - } else { - ACCESSTOKEN_LOG_ERROR(LABEL, "Token is invalid."); } } return RET_SUCCESS; } -int NativeTokenReceptor::Init() +int NativeTokenReceptor::GetAllNativeTokenInfo(std::vector& tokenInfos) { std::string nativeRawData; int ret = JsonParser::ReadCfgFile(NATIVE_TOKEN_CONFIG_FILE, nativeRawData); @@ -163,15 +159,11 @@ int NativeTokenReceptor::Init() ACCESSTOKEN_LOG_ERROR(LABEL, "ReadCfgFile failed."); return ret; } - std::vector> tokenInfos; ret = ParserNativeRawData(nativeRawData, tokenInfos); if (ret != RET_SUCCESS) { ACCESSTOKEN_LOG_ERROR(LABEL, "ParserNativeRawData failed."); return ret; } - AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); - - ACCESSTOKEN_LOG_INFO(LABEL, "Init ok, native token size: %{public}zu.", tokenInfos.size()); return RET_SUCCESS; } diff --git a/services/accesstokenmanager/test/coverage/BUILD.gn b/services/accesstokenmanager/test/coverage/BUILD.gn index 14a663fc4613d3493e4052dba330ddad667b9f4f..05498f5f718a70caacd30552cdf6a12795198a5b 100644 --- a/services/accesstokenmanager/test/coverage/BUILD.gn +++ b/services/accesstokenmanager/test/coverage/BUILD.gn @@ -43,7 +43,6 @@ accesstoken_manager_service_source = [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp", ] diff --git a/services/accesstokenmanager/test/coverage/accesstoken_database_coverage_test.cpp b/services/accesstokenmanager/test/coverage/accesstoken_database_coverage_test.cpp index 2471fdae8af02c248d7f13eb41a44036602fc03c..74a4a86caf0bfa20f237930d1eff63707a695bbc 100644 --- a/services/accesstokenmanager/test/coverage/accesstoken_database_coverage_test.cpp +++ b/services/accesstokenmanager/test/coverage/accesstoken_database_coverage_test.cpp @@ -112,67 +112,6 @@ HWTEST_F(AccessTokenDatabaseCoverageTest, OnUpgrade001, TestSize.Level1) ASSERT_EQ(NativeRdb::E_OK, callback.OnUpgrade(*(db.get()), 0, 0)); } -/* - * @tc.name: Add001 - * @tc.desc: AccessTokenDb::Add - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenDatabaseCoverageTest, Add001, TestSize.Level1) -{ - AtmDataType type = static_cast(NOT_EXSIT_ATM_TYPE); - std::vector values; - GenericValues value; - values.emplace_back(value); - ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, AccessTokenDb::GetInstance().Add(type, values)); - - type = AtmDataType::ACCESSTOKEN_HAP_INFO; - ASSERT_EQ(AccessTokenError::ERR_DATABASE_OPERATE_FAILED, AccessTokenDb::GetInstance().Add(type, values)); - - ASSERT_NE(NativeRdb::E_OK, AccessTokenDb::GetInstance().Add(type, values)); - - int32_t resultCode = NativeRdb::E_SQLITE_ERROR; - int64_t outInsertNum = 0; - std::string tableName = "hap_token_info_table"; - std::vector buckets; - std::shared_ptr db = AccessTokenDb::GetInstance().GetRdb(); - ASSERT_EQ(NativeRdb::E_SQLITE_ERROR, - AccessTokenDb::GetInstance().RestoreAndInsertIfCorrupt(resultCode, outInsertNum, tableName, buckets, db)); - - resultCode = NativeRdb::E_SQLITE_CORRUPT; - ASSERT_EQ(NativeRdb::E_OK, - AccessTokenDb::GetInstance().RestoreAndInsertIfCorrupt(resultCode, outInsertNum, tableName, buckets, db)); -} - -/* - * @tc.name: Remove001 - * @tc.desc: AccessTokenDb::Remove - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenDatabaseCoverageTest, Remove001, TestSize.Level1) -{ - AtmDataType type = static_cast(NOT_EXSIT_ATM_TYPE); - GenericValues value; - ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, AccessTokenDb::GetInstance().Remove(type, value)); - - type = AtmDataType::ACCESSTOKEN_HAP_INFO; - value.Put(TokenFiledConst::FIELD_PROCESS_NAME, "hdcd"); - ASSERT_NE(NativeRdb::E_OK, AccessTokenDb::GetInstance().Remove(type, value)); - - int32_t resultCode = NativeRdb::E_SQLITE_ERROR; - int32_t deletedRows = 0; - NativeRdb::RdbPredicates predicates("hap_token_info_table"); - AccessTokenDbUtil::ToRdbPredicates(value, predicates); - std::shared_ptr db = AccessTokenDb::GetInstance().GetRdb(); - ASSERT_EQ(NativeRdb::E_SQLITE_ERROR, - AccessTokenDb::GetInstance().RestoreAndDeleteIfCorrupt(resultCode, deletedRows, predicates, db)); - - resultCode = NativeRdb::E_SQLITE_CORRUPT; - ASSERT_NE(NativeRdb::E_OK, - AccessTokenDb::GetInstance().RestoreAndDeleteIfCorrupt(resultCode, deletedRows, predicates, db)); -} - /* * @tc.name: Modify001 * @tc.desc: AccessTokenDb::Modify diff --git a/services/accesstokenmanager/test/mock/BUILD.gn b/services/accesstokenmanager/test/mock/BUILD.gn index 39820d045112ec57b1c29923b3f8011a7bd36775..3b4126c1ec765b82b2b67be162f3dc170cdab508 100644 --- a/services/accesstokenmanager/test/mock/BUILD.gn +++ b/services/accesstokenmanager/test/mock/BUILD.gn @@ -43,7 +43,6 @@ accesstoken_manager_service_source = [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp", ] diff --git a/services/accesstokenmanager/test/unittest/BUILD.gn b/services/accesstokenmanager/test/unittest/BUILD.gn index 9c9276dd7bed68d3e42d8b680effd15e841c8907..a1b308d51087fea61714f09e455c3a71a71d3ede 100644 --- a/services/accesstokenmanager/test/unittest/BUILD.gn +++ b/services/accesstokenmanager/test/unittest/BUILD.gn @@ -43,7 +43,6 @@ accesstoken_manager_service_source = [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp", ] diff --git a/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp b/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp index 873bcee5bee0e7eb7b64a731fe82b339bd262485..58b195d705fda1e64ebc6bdef3d22af657bad2ca 100644 --- a/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp +++ b/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp @@ -185,7 +185,7 @@ HWTEST_F(AccessTokenInfoManagerTest, HapTokenInfoInner001, TestSize.Level1) ASSERT_EQ(hap->IsRemote(), false); hap->SetRemote(true); std::vector valueList; - hap->StoreHapInfo(valueList); + hap->StoreHapInfo(valueList, "test", APL_NORMAL); hap->StorePermissionPolicy(valueList); ASSERT_EQ(hap->IsRemote(), true); @@ -1402,50 +1402,6 @@ HWTEST_F(AccessTokenInfoManagerTest, GetHapTokenID002, TestSize.Level1) ASSERT_EQ(static_cast(0), tokenIdEx.tokenIDEx); } -/** - * @tc.name: AddNativeTokenInfo001 - * @tc.desc: AccessTokenInfoManager::AddNativeTokenInfo function test - * @tc.type: FUNC - * @tc.require: issueI62M6G - */ -HWTEST_F(AccessTokenInfoManagerTest, AddNativeTokenInfo001, TestSize.Level1) -{ - std::shared_ptr info = nullptr; - ASSERT_EQ(ERR_PARAM_INVALID, AccessTokenInfoManager::GetInstance().AddNativeTokenInfo(info)); // info is null - - AccessTokenID tokenId = AccessTokenInfoManager::GetInstance().GetNativeTokenId("accesstoken_service"); - info = std::make_shared(); - info->tokenInfoBasic_.tokenID = tokenId; - ASSERT_EQ(ERR_TOKENID_HAS_EXISTED, AccessTokenInfoManager::GetInstance().AddNativeTokenInfo(info)); // count(id) > 0 -} - -/** - * @tc.name: RemoveNativeTokenInfo001 - * @tc.desc: AccessTokenInfoManager::RemoveNativeTokenInfo function test - * @tc.type: FUNC - * @tc.require: issueI62M6G - */ -HWTEST_F(AccessTokenInfoManagerTest, RemoveNativeTokenInfo001, TestSize.Level1) -{ - AccessTokenID tokenId = 537919487; // 537919487 is max hap tokenId: 001 00 0 000000 11111111111111111111 - ASSERT_EQ(RET_SUCCESS, AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_HAP)); - ASSERT_EQ(ERR_PARAM_INVALID, AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(tokenId)); - - tokenId = 806354943; // 806354943 is shell tokenId: 001 10 0 000000 11111111111111111111 - ASSERT_EQ(RET_SUCCESS, AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_SHELL)); - ASSERT_EQ(ERR_TOKENID_NOT_EXIST, AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(tokenId)); - - tokenId = 672137215; // 672137215 is native tokenId: 001 01 0 000000 11111111111111111111 - - std::shared_ptr native = std::make_shared(); - ASSERT_NE(nullptr, native); - native->tokenInfoBasic_.apl = ATokenAplEnum::APL_SYSTEM_BASIC; - native->tokenInfoBasic_.tokenID = tokenId; - ASSERT_EQ(RET_SUCCESS, AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_NATIVE)); - ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().AddNativeTokenInfo(native)); - ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(tokenId)); -} - /** * @tc.name: Insert001 * @tc.desc: PermissionDefinitionCache::Insert function test @@ -1828,48 +1784,6 @@ HWTEST_F(AccessTokenInfoManagerTest, AddHapTokenObservation001, TestSize.Level1) } #endif -/** - * @tc.name: RestoreNativeTokenInfo001 - * @tc.desc: NativeTokenInfoInner::RestoreNativeTokenInfo function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenInfoManagerTest, RestoreNativeTokenInfo001, TestSize.Level1) -{ - std::shared_ptr native = std::make_shared(); - ASSERT_NE(nullptr, native); - - std::string info; - native->ToString(info); // permPolicySet_ is null - - AccessTokenID tokenId = 0; - std::string processName; - int apl = static_cast(ATokenAplEnum::APL_INVALID); - int version = 10; // 10 is random input which only need not equal 1 - std::vector dcap; - std::vector nativeAcls; - std::vector permStateList; - GenericValues inGenericValues; - std::vector permStateRes; - - inGenericValues.Put(TokenFiledConst::FIELD_PROCESS_NAME, processName); - // processName invalid - ASSERT_NE(RET_SUCCESS, native->RestoreNativeTokenInfo(tokenId, inGenericValues, permStateRes)); - inGenericValues.Remove(TokenFiledConst::FIELD_PROCESS_NAME); - - inGenericValues.Put(TokenFiledConst::FIELD_PROCESS_NAME, processName); - inGenericValues.Put(TokenFiledConst::FIELD_APL, apl); - // apl invalid - ASSERT_NE(RET_SUCCESS, native->RestoreNativeTokenInfo(tokenId, inGenericValues, permStateRes)); - inGenericValues.Remove(TokenFiledConst::FIELD_APL); - - apl = static_cast(ATokenAplEnum::APL_NORMAL); - inGenericValues.Put(TokenFiledConst::FIELD_APL, apl); - inGenericValues.Put(TokenFiledConst::FIELD_TOKEN_VERSION, version); - // version invalid - ASSERT_NE(RET_SUCCESS, native->RestoreNativeTokenInfo(tokenId, inGenericValues, permStateRes)); -} - /** * @tc.name: RestoreHapTokenInfo001 * @tc.desc: HapTokenInfoInner::RestoreHapTokenInfo function test @@ -1899,7 +1813,7 @@ HWTEST_F(AccessTokenInfoManagerTest, RestoreHapTokenInfo001, TestSize.Level1) std::vector hapInfoValues; std::vector permStateValues; - hap->StoreHapInfo(hapInfoValues); + hap->StoreHapInfo(hapInfoValues, "test", APL_NORMAL); hap->StorePermissionPolicy(permStateValues); // permPolicySet_ is null @@ -2162,43 +2076,36 @@ HWTEST_F(AccessTokenInfoManagerTest, VerifyNativeAccessToken001, TestSize.Level1 { AccessTokenID tokenId = 0x280bc142; // 0x280bc142 is random input std::string permissionName = "ohos.permission.INVALID_AA"; - - PermissionManager::GetInstance().RemoveDefPermissions(tokenId); // tokenInfo is null - - // tokenInfoPtr is null + AccessTokenID tokenId1 = AccessTokenInfoManager::GetInstance().GetNativeTokenId("accesstoken_service"); + // tokenId is not exist ASSERT_EQ(PermissionState::PERMISSION_DENIED, AccessTokenInfoManager::GetInstance().VerifyNativeAccessToken(tokenId, permissionName)); - // backup - PermissionDefinitionCache::GetInstance().permissionDefinitionMap_.clear(); + // permission is not defined and permissionHap is not installed PermissionDefinitionCache::GetInstance().hasHapPermissionDefinition_ = false; - - // apl default normal, remote default false - std::shared_ptr native = std::make_shared(); - ASSERT_NE(nullptr, native); - - ASSERT_EQ(PermissionDefinitionCache::GetInstance().IsHapPermissionDefEmpty(), true); - native->tokenInfoBasic_.apl = ATokenAplEnum::APL_SYSTEM_BASIC; - native->tokenInfoBasic_.tokenID = tokenId; - ASSERT_EQ(RET_SUCCESS, AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_NATIVE)); - ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().AddNativeTokenInfo(native)); - - // permission definition set has not been installed + apl >= APL_SYSTEM_BASIC ASSERT_EQ(PermissionState::PERMISSION_GRANTED, - AccessTokenInfoManager::GetInstance().VerifyNativeAccessToken(tokenId, permissionName)); - PermissionDefinitionCache::GetInstance().permissionDefinitionMap_ = g_permissionDefinitionMap; // recovery - PermissionDefinitionCache::GetInstance().hasHapPermissionDefinition_ = g_hasHapPermissionDefinition; + AccessTokenInfoManager::GetInstance().VerifyNativeAccessToken(tokenId1, permissionName)); - // not remote + no definition + // permission is not defined and permissionHap is installed + PermissionDefinitionCache::GetInstance().hasHapPermissionDefinition_ = true; ASSERT_EQ(PermissionState::PERMISSION_DENIED, - AccessTokenInfoManager::GetInstance().VerifyNativeAccessToken(tokenId, permissionName)); + AccessTokenInfoManager::GetInstance().VerifyNativeAccessToken(tokenId1, permissionName)); permissionName = "ohos.permission.CAMERA"; - // permPolicySet is null + // permission is not request ASSERT_EQ(PermissionState::PERMISSION_DENIED, - AccessTokenInfoManager::GetInstance().VerifyNativeAccessToken(tokenId, permissionName)); + AccessTokenInfoManager::GetInstance().VerifyNativeAccessToken(tokenId1, permissionName)); + + // tokenId is native token, and permission is defined + PermissionDefinitionCache::GetInstance().permissionDefinitionMap_ = g_permissionDefinitionMap; // recovery + PermissionDefinitionCache::GetInstance().hasHapPermissionDefinition_ = true; + ASSERT_EQ(PermissionDefinitionCache::GetInstance().IsHapPermissionDefEmpty(), false); + ASSERT_EQ(PermissionState::PERMISSION_DENIED, + AccessTokenInfoManager::GetInstance().VerifyNativeAccessToken(tokenId1, permissionName)); - ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(tokenId)); + permissionName = "ohos.permission.KILL_APP_PROCESSES"; + ASSERT_EQ(PermissionState::PERMISSION_GRANTED, + AccessTokenInfoManager::GetInstance().VerifyNativeAccessToken(tokenId1, permissionName)); } /** @@ -2249,6 +2156,134 @@ HWTEST_F(AccessTokenInfoManagerTest, GetAppId001, TestSize.Level1) ASSERT_EQ(appId, "accesstoken_info_manager_test"); ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID)); } + + +/** + * @tc.name: SetPermissionRequestToggleStatus001 + * @tc.desc: PermissionManager::SetPermissionRequestToggleStatus function test with invalid permissionName, invalid + * status and invalid userID. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenInfoManagerTest, SetPermissionRequestToggleStatus001, TestSize.Level1) +{ + int32_t userID = -1; + uint32_t status = PermissionRequestToggleStatus::CLOSED; + std::string permissionName = "ohos.permission.CAMERA"; + + // UserId is invalid. + ASSERT_EQ(ERR_PARAM_INVALID, AccessTokenInfoManager::GetInstance().SetPermissionRequestToggleStatus( + permissionName, status, userID)); + + // Permission name is invalid. + userID = 123; + ASSERT_EQ(ERR_PARAM_INVALID, AccessTokenInfoManager::GetInstance().SetPermissionRequestToggleStatus( + "", status, userID)); + + // PermissionName is not defined. + permissionName = "ohos.permission.invalid"; + ASSERT_EQ(ERR_PERMISSION_NOT_EXIST, AccessTokenInfoManager::GetInstance().SetPermissionRequestToggleStatus( + permissionName, status, userID)); + + // Permission is system_grant. + permissionName = "ohos.permission.USE_BLUETOOTH"; + ASSERT_EQ(ERR_PARAM_INVALID, AccessTokenInfoManager::GetInstance().SetPermissionRequestToggleStatus( + permissionName, status, userID)); + + // Status is invalid. + status = -1; + permissionName = "ohos.permission.CAMERA"; + ASSERT_EQ(ERR_PARAM_INVALID, AccessTokenInfoManager::GetInstance().SetPermissionRequestToggleStatus( + permissionName, status, userID)); +} + +/** + * @tc.name: SetPermissionRequestToggleStatus002 + * @tc.desc: PermissionManager::SetPermissionRequestToggleStatus function test with normal process. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenInfoManagerTest, SetPermissionRequestToggleStatus002, TestSize.Level1) +{ + int32_t userID = 123; + uint32_t status = PermissionRequestToggleStatus::CLOSED; + std::string permissionName = "ohos.permission.CAMERA"; + + ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().SetPermissionRequestToggleStatus( + permissionName, status, userID)); + + status = PermissionRequestToggleStatus::OPEN; + ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().SetPermissionRequestToggleStatus( + permissionName, status, userID)); +} + +/** + * @tc.name: GetPermissionRequestToggleStatus001 + * @tc.desc: PermissionManager::GetPermissionRequestToggleStatus function test with invalid userID, invalid permission + * name. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenInfoManagerTest, GetPermissionRequestToggleStatus001, TestSize.Level1) +{ + int32_t userID = -1; + uint32_t status; + std::string permissionName = "ohos.permission.CAMERA"; + + // UserId is invalid. + ASSERT_EQ(ERR_PARAM_INVALID, AccessTokenInfoManager::GetInstance().GetPermissionRequestToggleStatus( + permissionName, status, userID)); + + // PermissionName is invalid. + userID = 123; + ASSERT_EQ(ERR_PARAM_INVALID, AccessTokenInfoManager::GetInstance().GetPermissionRequestToggleStatus( + "", status, userID)); + + // PermissionName is not defined. + permissionName = "ohos.permission.invalid"; + ASSERT_EQ(ERR_PERMISSION_NOT_EXIST, AccessTokenInfoManager::GetInstance().GetPermissionRequestToggleStatus( + permissionName, status, userID)); + + // Permission is system_grant. + permissionName = "ohos.permission.USE_BLUETOOTH"; + ASSERT_EQ(ERR_PARAM_INVALID, AccessTokenInfoManager::GetInstance().GetPermissionRequestToggleStatus( + permissionName, status, userID)); +} + +/** + * @tc.name: GetPermissionRequestToggleStatus002 + * @tc.desc: PermissionManager::GetPermissionRequestToggleStatus function test with normal process. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenInfoManagerTest, GetPermissionRequestToggleStatus002, TestSize.Level1) +{ + int32_t userID = 123; + uint32_t setStatusClose = PermissionRequestToggleStatus::CLOSED; + uint32_t setStatusOpen = PermissionRequestToggleStatus::OPEN; + uint32_t getStatus; + + ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().GetPermissionRequestToggleStatus( + "ohos.permission.CAMERA", getStatus, userID)); + + ASSERT_EQ(setStatusOpen, getStatus); + + ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().SetPermissionRequestToggleStatus( + "ohos.permission.CAMERA", setStatusClose, userID)); + + ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().GetPermissionRequestToggleStatus( + "ohos.permission.CAMERA", getStatus, userID)); + + ASSERT_EQ(setStatusClose, getStatus); + + ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().SetPermissionRequestToggleStatus( + "ohos.permission.CAMERA", setStatusOpen, userID)); + + ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().GetPermissionRequestToggleStatus( + "ohos.permission.CAMERA", getStatus, userID)); + + ASSERT_EQ(setStatusOpen, getStatus); +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/accesstokenmanager/test/unittest/native_token_receptor_test.cpp b/services/accesstokenmanager/test/unittest/native_token_receptor_test.cpp index d503768f5bf8d572fd22b48a181aa0e72b874f18..8c281fdb213b21c4d57f14d1bfccd71277161b1d 100644 --- a/services/accesstokenmanager/test/unittest/native_token_receptor_test.cpp +++ b/services/accesstokenmanager/test/unittest/native_token_receptor_test.cpp @@ -33,8 +33,8 @@ #include "permission_manager.h" #include "permission_status.h" #include "token_field_const.h" -#define private public #include "nativetoken_kit.h" +#define private public #include "native_token_receptor.h" #undef private #include "securec.h" @@ -96,17 +96,15 @@ HWTEST_F(NativeTokenReceptorTest, ParserNativeRawData001, TestSize.Level1) R"("dcaps":["AT_CAP","ST_CAP"], "permissions":[], "nativeAcls":[]}])"; NativeTokenReceptor& receptor = NativeTokenReceptor::GetInstance(); - std::vector> tokenInfos; + std::vector tokenInfos; receptor.ParserNativeRawData(testStr, tokenInfos); ASSERT_EQ(static_cast(2), tokenInfos.size()); - ASSERT_NE(nullptr, tokenInfos[0]); - ASSERT_NE(nullptr, tokenInfos[1]); - ASSERT_EQ("process6", tokenInfos[0]->GetProcessName()); - ASSERT_EQ(static_cast(685266937), tokenInfos[0]->GetTokenID()); + ASSERT_EQ("process6", tokenInfos[0].processName); + ASSERT_EQ(static_cast(685266937), tokenInfos[0].tokenID); - ASSERT_EQ("process5", tokenInfos[1]->GetProcessName()); - ASSERT_EQ(static_cast(678065606), tokenInfos[1]->GetTokenID()); + ASSERT_EQ("process5", tokenInfos[1].processName); + ASSERT_EQ(static_cast(678065606), tokenInfos[1].tokenID); } /** @@ -119,7 +117,7 @@ HWTEST_F(NativeTokenReceptorTest, ParserNativeRawData002, TestSize.Level1) { LOGI(ATM_DOMAIN, ATM_TAG, "test ParserNativeRawData002!"); std::string testStr = R"([{"processName":""}])"; - std::vector> tokenInfos; + std::vector tokenInfos; NativeTokenReceptor& receptor = NativeTokenReceptor::GetInstance(); @@ -167,7 +165,7 @@ HWTEST_F(NativeTokenReceptorTest, ParserNativeRawData002, TestSize.Level1) namespace OHOS { namespace Security { namespace AccessToken { - extern void from_json(const nlohmann::json& j, std::shared_ptr& p); + extern bool from_json(const nlohmann::json& j, NativeTokenInfoBase& p); } } } @@ -190,9 +188,9 @@ HWTEST_F(NativeTokenReceptorTest, from_json001, TestSize.Level1) {"dcaps", {"AT_CAP", "ST_CAP"}}, {"permissions", {"ohos.permission.PLACE_CALL"}}, {"nativeAcls", {"ohos.permission.PLACE_CALL"}}}; - std::shared_ptr p; - from_json(j, p); - ASSERT_NE((p == nullptr), true); + NativeTokenInfoBase native; + from_json(j, native); + ASSERT_EQ(native.tokenID, 685266937); } /** @@ -210,9 +208,9 @@ HWTEST_F(NativeTokenReceptorTest, from_json002, TestSize.Level1) {"version", 2}, {"tokenId", 685266937}, {"tokenAttr", 0}, {"dcaps", {"AT_CAP", "ST_CAP"}}}; - std::shared_ptr p; - from_json(j, p); - ASSERT_EQ((p == nullptr), true); + NativeTokenInfoBase native; + from_json(j, native); + ASSERT_EQ(native.tokenID, 0); // APL wrong j = nlohmann::json{ @@ -220,8 +218,8 @@ HWTEST_F(NativeTokenReceptorTest, from_json002, TestSize.Level1) {"APL", -1}, {"version", 1}, {"tokenId", 685266937}, {"tokenAttr", 0}, {"dcaps", {"AT_CAP", "ST_CAP"}}}; - from_json(j, p); - ASSERT_EQ((p == nullptr), true); + from_json(j, native); + ASSERT_EQ(native.tokenID, 0); // tokenId wrong j = nlohmann::json{ @@ -229,8 +227,8 @@ HWTEST_F(NativeTokenReceptorTest, from_json002, TestSize.Level1) {"APL", APL_SYSTEM_BASIC}, {"version", 1}, {"tokenId", 0}, {"tokenAttr", 0}, {"dcaps", {"AT_CAP", "ST_CAP"}}}; - from_json(j, p); - ASSERT_EQ((p == nullptr), true); + from_json(j, native); + ASSERT_EQ(native.tokenID, 0); // process name empty j = nlohmann::json{ @@ -238,8 +236,8 @@ HWTEST_F(NativeTokenReceptorTest, from_json002, TestSize.Level1) {"APL", APL_SYSTEM_BASIC}, {"version", 1}, {"tokenId", 685266937}, {"tokenAttr", 0}, {"dcaps", {"AT_CAP", "ST_CAP"}}}; - from_json(j, p); - ASSERT_EQ((p == nullptr), true); + from_json(j, native); + ASSERT_EQ(native.tokenID, 0); // process name too long std::string name(512, 'c'); @@ -248,653 +246,16 @@ HWTEST_F(NativeTokenReceptorTest, from_json002, TestSize.Level1) {"APL", APL_SYSTEM_BASIC}, {"version", 1}, {"tokenId", 685266937}, {"tokenAttr", 0}, {"dcaps", {"AT_CAP", "ST_CAP"}}}; - from_json(j, p); - ASSERT_EQ((p == nullptr), true); + from_json(j, native); + ASSERT_EQ(native.tokenID, 0); // lose process name j = nlohmann::json{ {"APL", APL_SYSTEM_BASIC}, {"version", 1}, {"tokenId", 685266937}, {"tokenAttr", 0}, {"dcaps", {"AT_CAP", "ST_CAP"}}}; - from_json(j, p); - ASSERT_EQ((p == nullptr), true); -} - -/** - * @tc.name: ProcessNativeTokenInfos001 - * @tc.desc: test add one native token - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos001, TestSize.Level1) -{ - LOGI(ATM_DOMAIN, ATM_TAG, "test ProcessNativeTokenInfos001!"); - std::vector> tokenInfos; - - // test process one - NativeTokenInfoBase info = { - .apl = APL_NORMAL, - .ver = 1, - .processName = "ProcessNativeTokenInfos001", - .dcap = {"AT_CAP", "ST_CAP"}, - .tokenID = 0x28100000, - .tokenAttr = 0 - }; - - std::vector permStateList = {}; - std::shared_ptr nativeToken = std::make_shared(info, permStateList); - tokenInfos.emplace_back(nativeToken); - AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); - NativeTokenInfoBase findInfo; - int ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(info.tokenID, findInfo); - ASSERT_EQ(ret, RET_SUCCESS); - ASSERT_EQ(findInfo.apl, info.apl); - ASSERT_EQ(findInfo.processName, info.processName); - - // wait fresh tokens to sql. - sleep(3); - - // get sql data - GenericValues conditionValue; - std::vector nativeTokenResults; - AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_NATIVE_INFO, conditionValue, nativeTokenResults); - std::vector permStateRes; - AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_PERMISSION_STATE, conditionValue, permStateRes); - for (GenericValues nativeTokenValue : nativeTokenResults) { - AccessTokenID tokenId = (AccessTokenID)nativeTokenValue.GetInt(TokenFiledConst::FIELD_TOKEN_ID); - if (tokenId != info.tokenID) { - continue; - } - GTEST_LOG_(INFO) << "apl " << nativeTokenValue.GetInt(TokenFiledConst::FIELD_APL); - std::shared_ptr native = std::make_shared(); - ASSERT_NE(native, nullptr); - ret = native->RestoreNativeTokenInfo(tokenId, nativeTokenValue, permStateRes); - ASSERT_EQ(ret, RET_SUCCESS); - ASSERT_EQ(native->GetTokenID(), info.tokenID); - ASSERT_EQ(native->GetProcessName(), info.processName); - } - - ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info.tokenID); - ASSERT_EQ(ret, RET_SUCCESS); -} - -static void PermStateListSet(std::vector &permStateList) -{ - PermissionStatus infoManagerTestState1 = { - .permissionName = "ohos.permission.ACCELEROMETER", - .grantStatus = 0, - .grantFlag = 0 - }; - - PermissionStatus infoManagerTestState2 = { - .permissionName = "ohos.permission.MANAGE_USER_IDM", - .grantStatus = 0, - .grantFlag = 0 - }; - - PermissionStatus infoManagerTestState3 = { - .permissionName = "ohos.permission.USER_TEAT", - .grantStatus = 0, - .grantFlag = 0 - }; - permStateList.emplace_back(infoManagerTestState1); - permStateList.emplace_back(infoManagerTestState2); - permStateList.emplace_back(infoManagerTestState3); -} - -static void CompareGoalTokenInfo(const NativeTokenInfoBase &info) -{ - NativeTokenInfoBase findInfo; - int ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(info.tokenID, findInfo); - ASSERT_EQ(ret, RET_SUCCESS); - ASSERT_EQ(findInfo.apl, info.apl); - ASSERT_EQ(findInfo.processName, info.processName); -} - -/** - * @tc.name: ProcessNativeTokenInfos002 - * @tc.desc: test add two native tokens. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos002, TestSize.Level1) -{ - LOGI(ATM_DOMAIN, ATM_TAG, "test ProcessNativeTokenInfos002!"); - std::vector> tokenInfos; - NativeTokenInfoBase info1; - info1.apl = APL_NORMAL; - info1.ver = 1; - info1.processName = "native_token_test1"; - info1.dcap = {"AT_CAP", "ST_CAP"}; - info1.tokenID = 0x28100001; - info1.tokenAttr = 0; - - NativeTokenInfoBase info2; - info2.apl = APL_SYSTEM_BASIC; - info2.ver = 1; - info2.processName = "native_token_test2"; - info2.dcap = {"AT_CAP", "ST_CAP"}; - info2.tokenID = 0x28100002; - info2.tokenAttr = 0; - - std::vector permStateList; - PermStateListSet(permStateList); - std::shared_ptr nativeToken1 = std::make_shared(info1, permStateList); - - std::shared_ptr permPolicySet = - nativeToken1->GetNativeInfoPermissionPolicySet(); - GTEST_LOG_(INFO) <<"permPolicySet: " << permPolicySet; - - std::vector permList; - permPolicySet->GetPermissionStateList(permList); - for (const auto& perm : permList) { - GTEST_LOG_(INFO) <<"perm.permissionName: " << perm.permissionName; - } - - tokenInfos.emplace_back(nativeToken1); - - std::shared_ptr nativeToken2 = std::make_shared(info2, permStateList); - tokenInfos.emplace_back(nativeToken2); - - AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); - - CompareGoalTokenInfo(info1); - - int ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(info1.tokenID, "ohos.permission.MANAGE_USER_IDM"); - ASSERT_EQ(ret, PERMISSION_GRANTED); - ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(info1.tokenID, "ohos.permission.ACCELEROMETER"); - ASSERT_EQ(ret, PERMISSION_GRANTED); - ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(info1.tokenID, "ohos.permission.DISCOVER_BLUETOOTH"); - ASSERT_EQ(ret, PERMISSION_DENIED); - - CompareGoalTokenInfo(info2); - - ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info1.tokenID); - ASSERT_EQ(ret, RET_SUCCESS); - - ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(info2.tokenID, "ohos.permission.MANAGE_USER_IDM"); - ASSERT_EQ(ret, PERMISSION_GRANTED); - ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(info2.tokenID, "ohos.permission.ACCELEROMETER"); - ASSERT_EQ(ret, PERMISSION_GRANTED); - - ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info2.tokenID); - ASSERT_EQ(ret, RET_SUCCESS); -} - -/** - * @tc.name: ProcessNativeTokenInfos003 - * @tc.desc: test add nullptr tokenInfo. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos003, TestSize.Level1) -{ - LOGI(ATM_DOMAIN, ATM_TAG, "test ProcessNativeTokenInfos003!"); - std::vector> tokenInfos; - - std::shared_ptr nativeToken1 = std::make_shared(); - tokenInfos.emplace_back(nativeToken1); - AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); - ASSERT_EQ(RET_SUCCESS, RET_SUCCESS); -} - -/** - * @tc.name: ProcessNativeTokenInfos004 - * @tc.desc: test add repeat id, but process doesn't - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos004, TestSize.Level1) -{ - LOGI(ATM_DOMAIN, ATM_TAG, "test ProcessNativeTokenInfos004!"); - std::vector> tokenInfos; - - NativeTokenInfoBase info3 = { - .apl = APL_NORMAL, - .ver = 1, - .processName = "native_token_test3", - .dcap = {"AT_CAP", "ST_CAP"}, - .tokenID = 0x28100003, - .tokenAttr = 0 - }; - - NativeTokenInfoBase info4 = { - .apl = APL_NORMAL, - .ver = 1, - .processName = "native_token_test4", - .dcap = {"AT_CAP", "ST_CAP"}, - .tokenID = 0x28100003, - .tokenAttr = 0 - }; - std::vector permStateList = {}; - std::shared_ptr nativeToken3 = std::make_shared(info3, permStateList); - tokenInfos.emplace_back(nativeToken3); - - std::shared_ptr nativeToken4 = std::make_shared(info4, permStateList); - tokenInfos.emplace_back(nativeToken4); - - AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); - - NativeTokenInfoBase findInfo; - int ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(info3.tokenID, findInfo); - ASSERT_EQ(ret, RET_SUCCESS); - ASSERT_EQ(findInfo.apl, info3.apl); - ASSERT_EQ(findInfo.processName, info3.processName); - - ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info3.tokenID); - ASSERT_EQ(ret, RET_SUCCESS); -} - -/** - * @tc.name: ProcessNativeTokenInfos005 - * @tc.desc: test add repeat process, but id doesn't - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos005, TestSize.Level1) -{ - LOGI(ATM_DOMAIN, ATM_TAG, "test ProcessNativeTokenInfos005!"); - std::vector> tokenInfos; - - NativeTokenInfoBase info5 = { - .apl = APL_NORMAL, - .ver = 1, - .processName = "native_token_test5", - .dcap = {"AT_CAP", "ST_CAP"}, - .tokenID = 0x28100005, - .tokenAttr = 0 - }; - - NativeTokenInfoBase info6 = { - .apl = APL_NORMAL, - .ver = 1, - .processName = "native_token_test5", - .dcap = {"AT_CAP", "ST_CAP"}, - .tokenID = 0x28100006, - .tokenAttr = 0 - }; - std::vector permStateList = {}; - std::shared_ptr nativeToken5 = std::make_shared(info5, permStateList); - tokenInfos.emplace_back(nativeToken5); - - std::shared_ptr nativeToken6 = std::make_shared(info6, permStateList); - tokenInfos.emplace_back(nativeToken6); - - AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); - - NativeTokenInfoBase findInfo; - int ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(info5.tokenID, findInfo); - ASSERT_EQ(ret, ERR_TOKENID_NOT_EXIST); - - ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(info6.tokenID, findInfo); - ASSERT_EQ(ret, RET_SUCCESS); - ASSERT_EQ(findInfo.apl, info6.apl); - ASSERT_EQ(findInfo.processName, info6.processName); - - ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info6.tokenID); - ASSERT_EQ(ret, RET_SUCCESS); -} - -/** - * @tc.name: ProcessNativeTokenInfos006 - * @tc.desc: test add repeat process and id - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos006, TestSize.Level1) -{ - LOGI(ATM_DOMAIN, ATM_TAG, "test ProcessNativeTokenInfos006!"); - std::vector> tokenInfos; - - NativeTokenInfoBase info7 = { - .apl = APL_NORMAL, - .ver = 1, - .processName = "native_token_test7", - .dcap = {"AT_CAP", "ST_CAP"}, - .tokenID = 0x28100007, - .tokenAttr = 0 - }; - - NativeTokenInfoBase info8 = { - .apl = APL_SYSTEM_BASIC, - .ver = 1, - .processName = "native_token_test7", - .dcap = {"AT_CAP"}, - .tokenID = 0x28100007, - .tokenAttr = 0 - }; - std::vector permStateList = {}; - std::shared_ptr nativeToken7 = std::make_shared(info7, permStateList); - tokenInfos.emplace_back(nativeToken7); - - std::shared_ptr nativeToken8 = std::make_shared(info8, permStateList); - tokenInfos.emplace_back(nativeToken8); - - AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); - - NativeTokenInfoBase findInfo; - int ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(info7.tokenID, findInfo); - ASSERT_EQ(ret, RET_SUCCESS); - ASSERT_EQ(findInfo.apl, info8.apl); - ASSERT_EQ(findInfo.processName, info8.processName); - - ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info8.tokenID); - ASSERT_EQ(ret, RET_SUCCESS); -} - -/** - * @tc.name: ProcessNativeTokenInfos007 - * @tc.desc: test new create native token same from the old with different processName - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos007, TestSize.Level1) -{ - LOGI(ATM_DOMAIN, ATM_TAG, "test ProcessNativeTokenInfos007!"); - std::vector> tokenInfos1; - std::vector> tokenInfos2; - - NativeTokenInfoBase info1 = { - .apl = APL_NORMAL, - .ver = 1, - .processName = "native_token_test71", - .dcap = {"AT_CAP", "ST_CAP"}, - .tokenID = 0x28100007, - .tokenAttr = 0 - }; - - NativeTokenInfoBase info2 = { - .apl = APL_SYSTEM_BASIC, - .ver = 1, - .processName = "native_token_test72", - .dcap = {"AT_CAP"}, - .tokenID = 0x28100008, - .tokenAttr = 0 - }; - - std::vector permStateList = {}; - std::shared_ptr nativeToken1 = std::make_shared(info1, permStateList); - tokenInfos1.emplace_back(nativeToken1); - - std::shared_ptr nativeToken2 = std::make_shared(info2, permStateList); - tokenInfos1.emplace_back(nativeToken2); - - AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos1); - ASSERT_EQ(0x28100007, AccessTokenInfoManager::GetInstance().GetNativeTokenId("native_token_test71")); - ASSERT_EQ(0x28100008, AccessTokenInfoManager::GetInstance().GetNativeTokenId("native_token_test72")); - - info1.tokenID = 0x28100008; - std::shared_ptr nativeToken3 = std::make_shared(info1, permStateList); - tokenInfos2.emplace_back(nativeToken3); - info2.tokenID = 0x28100009; - std::shared_ptr nativeToken4 = std::make_shared(info2, permStateList); - tokenInfos2.emplace_back(nativeToken4); - - AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos2); - ASSERT_EQ(0x28100008, AccessTokenInfoManager::GetInstance().GetNativeTokenId("native_token_test71")); - ASSERT_EQ(0x28100009, AccessTokenInfoManager::GetInstance().GetNativeTokenId("native_token_test72")); - - ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info1.tokenID)); - ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info2.tokenID)); -} - -/** - * @tc.name: ProcessNativeTokenInfos008 - * @tc.desc: test new create native token same from the old with different processName - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos008, TestSize.Level1) -{ - LOGI(ATM_DOMAIN, ATM_TAG, "test ProcessNativeTokenInfos008!"); - std::vector> tokenInfos1; - std::vector> tokenInfos2; - - NativeTokenInfoBase info1 = { - .apl = APL_NORMAL, - .ver = 1, - .processName = "native_token_test81", - .dcap = {"AT_CAP", "ST_CAP"}, - .tokenID = 0x28100007, - .tokenAttr = 0 - }; - - NativeTokenInfoBase info2 = { - .apl = APL_SYSTEM_BASIC, - .ver = 1, - .processName = "native_token_test82", - .dcap = {"AT_CAP"}, - .tokenID = 0x28100008, - .tokenAttr = 0 - }; - - std::vector permStateList = {}; - std::shared_ptr nativeToken1 = std::make_shared(info1, permStateList); - tokenInfos1.emplace_back(nativeToken1); - - std::shared_ptr nativeToken2 = std::make_shared(info2, permStateList); - tokenInfos1.emplace_back(nativeToken2); - - AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos1); - ASSERT_EQ(0x28100007, AccessTokenInfoManager::GetInstance().GetNativeTokenId("native_token_test81")); - ASSERT_EQ(0x28100008, AccessTokenInfoManager::GetInstance().GetNativeTokenId("native_token_test82")); - - info1.tokenID = 0x28100008; - std::shared_ptr nativeToken3 = std::make_shared(info1, permStateList); - tokenInfos2.emplace_back(nativeToken3); - info2.tokenID = 0x28100007; - std::shared_ptr nativeToken4 = std::make_shared(info2, permStateList); - tokenInfos2.emplace_back(nativeToken4); - - AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos2); - ASSERT_EQ(0x28100008, AccessTokenInfoManager::GetInstance().GetNativeTokenId("native_token_test81")); - ASSERT_EQ(0x28100007, AccessTokenInfoManager::GetInstance().GetNativeTokenId("native_token_test82")); - - ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info1.tokenID)); - ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info2.tokenID)); -} - -/** - * @tc.name: ProcessNativeTokenInfos009 - * @tc.desc: test new create native token same from the old with different processName - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos009, TestSize.Level1) -{ - LOGI(ATM_DOMAIN, ATM_TAG, "test ProcessNativeTokenInfos009!"); - std::vector> tokenInfos1; - std::vector> tokenInfos2; - - NativeTokenInfoBase info1 = { - .apl = APL_NORMAL, - .ver = 1, - .processName = "native_token_test91", - .dcap = {"AT_CAP", "ST_CAP"}, - .tokenID = 0x28100007, - .tokenAttr = 0 - }; - - NativeTokenInfoBase info2 = { - .apl = APL_SYSTEM_BASIC, - .ver = 1, - .processName = "native_token_test92", - .dcap = {"AT_CAP"}, - .tokenID = 0x28100008, - .tokenAttr = 0 - }; - - std::vector permStateList = {}; - std::shared_ptr nativeToken1 = std::make_shared(info1, permStateList); - tokenInfos1.emplace_back(nativeToken1); - - std::shared_ptr nativeToken2 = std::make_shared(info2, permStateList); - tokenInfos1.emplace_back(nativeToken2); - - AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos1); - ASSERT_EQ(0x28100007, AccessTokenInfoManager::GetInstance().GetNativeTokenId("native_token_test91")); - ASSERT_EQ(0x28100008, AccessTokenInfoManager::GetInstance().GetNativeTokenId("native_token_test92")); - - info2.tokenID = 0x28100007; - std::shared_ptr nativeToken3 = std::make_shared(info2, permStateList); - tokenInfos2.emplace_back(nativeToken3); - info1.tokenID = 0x28100008; - std::shared_ptr nativeToken4 = std::make_shared(info1, permStateList); - tokenInfos2.emplace_back(nativeToken4); - - AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos2); - ASSERT_EQ(0x28100008, AccessTokenInfoManager::GetInstance().GetNativeTokenId("native_token_test91")); - ASSERT_EQ(0x28100007, AccessTokenInfoManager::GetInstance().GetNativeTokenId("native_token_test92")); - - ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info1.tokenID)); - ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info2.tokenID)); -} - -/** - * @tc.name: ProcessNativeTokenInfos010 - * @tc.desc: test new create native token same from the old with different processName - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos010, TestSize.Level1) -{ - LOGI(ATM_DOMAIN, ATM_TAG, "test ProcessNativeTokenInfos010!"); - std::vector> tokenInfos1; - std::vector> tokenInfos2; - - NativeTokenInfoBase info1 = { - .apl = APL_NORMAL, - .ver = 1, - .processName = "native_token_test101", - .dcap = {"AT_CAP", "ST_CAP"}, - .tokenID = 0x28100007, - .tokenAttr = 0 - }; - - NativeTokenInfoBase info2 = { - .apl = APL_SYSTEM_BASIC, - .ver = 1, - .processName = "native_token_test102", - .dcap = {"AT_CAP"}, - .tokenID = 0x28100007, - .tokenAttr = 0 - }; - - std::vector permStateList = {}; - std::shared_ptr nativeToken1 = std::make_shared(info1, permStateList); - tokenInfos1.emplace_back(nativeToken1); - - AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos1); - ASSERT_EQ(0x28100007, AccessTokenInfoManager::GetInstance().GetNativeTokenId("native_token_test101")); - ASSERT_EQ(0, AccessTokenInfoManager::GetInstance().GetNativeTokenId("native_token_test102")); - - std::shared_ptr nativeToken2 = std::make_shared(info2, permStateList); - tokenInfos2.emplace_back(nativeToken2); - - AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos2); - ASSERT_EQ(0x28100007, AccessTokenInfoManager::GetInstance().GetNativeTokenId("native_token_test101")); - ASSERT_EQ(0, AccessTokenInfoManager::GetInstance().GetNativeTokenId("native_token_test102")); - - ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info1.tokenID)); -} - -/** - * @tc.name: ProcessNativeTokenInfos011 - * @tc.desc: test new create native token same from the old with different processName - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos011, TestSize.Level1) -{ - LOGI(ATM_DOMAIN, ATM_TAG, "test ProcessNativeTokenInfos011!"); - std::vector> tokenInfos1; - std::vector> tokenInfos2; - - NativeTokenInfoBase info1 = { - .apl = APL_NORMAL, - .ver = 1, - .processName = "native_token_test111", - .dcap = {"AT_CAP", "ST_CAP"}, - .tokenID = 0x28100007, - .tokenAttr = 0 - }; - - NativeTokenInfoBase info2 = { - .apl = APL_SYSTEM_BASIC, - .ver = 1, - .processName = "native_token_test112", - .dcap = {"AT_CAP"}, - .tokenID = 0x28100008, - .tokenAttr = 0 - }; - - std::vector permStateList = {}; - std::shared_ptr nativeToken1 = std::make_shared(info1, permStateList); - tokenInfos1.emplace_back(nativeToken1); - - AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos1); - ASSERT_EQ(0x28100007, AccessTokenInfoManager::GetInstance().GetNativeTokenId("native_token_test111")); - - std::shared_ptr nativeToken2 = std::make_shared(info2, permStateList); - tokenInfos2.emplace_back(nativeToken2); - - AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos2); - ASSERT_EQ(0x28100007, AccessTokenInfoManager::GetInstance().GetNativeTokenId("native_token_test111")); - ASSERT_EQ(0x28100008, AccessTokenInfoManager::GetInstance().GetNativeTokenId("native_token_test112")); - - ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info1.tokenID)); - ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info2.tokenID)); -} - -/** - * @tc.name: ProcessNativeTokenInfos012 - * @tc.desc: test new create native token same from the old with different processName - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos012, TestSize.Level1) -{ - LOGI(ATM_DOMAIN, ATM_TAG, "test ProcessNativeTokenInfos012!"); - std::vector> tokenInfos1; - std::vector> tokenInfos2; - - NativeTokenInfoBase info1 = { - .apl = APL_NORMAL, - .ver = 1, - .processName = "native_token_test121", - .dcap = {"AT_CAP", "ST_CAP"}, - .tokenID = 0x28100007, - .tokenAttr = 0 - }; - - NativeTokenInfoBase info2 = { - .apl = APL_SYSTEM_BASIC, - .ver = 1, - .processName = "native_token_test122", - .dcap = {"AT_CAP"}, - .tokenID = 0x28100008, - .tokenAttr = 0 - }; - - std::vector permStateList = {}; - std::shared_ptr nativeToken1 = std::make_shared(info1, permStateList); - tokenInfos1.emplace_back(nativeToken1); - std::shared_ptr nativeToken2 = std::make_shared(info2, permStateList); - tokenInfos1.emplace_back(nativeToken2); - - AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos1); - ASSERT_EQ(0x28100007, AccessTokenInfoManager::GetInstance().GetNativeTokenId("native_token_test121")); - ASSERT_EQ(0x28100008, AccessTokenInfoManager::GetInstance().GetNativeTokenId("native_token_test122")); - - info1.tokenID = 0x28100008; - std::shared_ptr nativeToken3 = std::make_shared(info1, permStateList); - tokenInfos2.emplace_back(nativeToken3); - - AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos2); - ASSERT_EQ(0x28100008, AccessTokenInfoManager::GetInstance().GetNativeTokenId("native_token_test121")); - ASSERT_EQ(0, AccessTokenInfoManager::GetInstance().GetNativeTokenId("native_token_test122")); - - ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info1.tokenID)); + from_json(j, native); + ASSERT_EQ(native.tokenID, 0); } /** @@ -926,7 +287,8 @@ HWTEST_F(NativeTokenReceptorTest, init001, TestSize.Level1) uint64_t tokenId = ::GetAccessTokenId(&infoInstance); ASSERT_NE(tokenId, INVALID_TOKENID); - NativeTokenReceptor::GetInstance().Init(); + uint32_t nativeSize = 0; + AccessTokenInfoManager::GetInstance().InitNativeTokenInfos(nativeSize); NativeTokenInfoBase findInfo; int ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(tokenId, findInfo); ASSERT_EQ(ret, RET_SUCCESS); diff --git a/services/accesstokenmanager/test/unittest/permission_manager_test.cpp b/services/accesstokenmanager/test/unittest/permission_manager_test.cpp index 85f7863455a479f9e159ea7cdf32719bd3c4c236..c07ef53d393f5d477976b0ee41bf300c989ea665 100644 --- a/services/accesstokenmanager/test/unittest/permission_manager_test.cpp +++ b/services/accesstokenmanager/test/unittest/permission_manager_test.cpp @@ -1045,142 +1045,15 @@ HWTEST_F(PermissionManagerTest, GetSelfPermissionState003, TestSize.Level1) permsList1.emplace_back(g_permState2); std::string permissionName = "ohos.permission.CAMERA"; uint32_t oriStatus; - PermissionManager::GetInstance().GetPermissionRequestToggleStatus(permissionName, oriStatus, 0); + AccessTokenInfoManager::GetInstance().GetPermissionRequestToggleStatus(permissionName, oriStatus, 0); - PermissionManager::GetInstance().SetPermissionRequestToggleStatus(permissionName, + AccessTokenInfoManager::GetInstance().SetPermissionRequestToggleStatus(permissionName, PermissionRequestToggleStatus::CLOSED, 0); uint32_t status; - PermissionManager::GetInstance().GetPermissionRequestToggleStatus(permissionName, status, 0); + AccessTokenInfoManager::GetInstance().GetPermissionRequestToggleStatus(permissionName, status, 0); ASSERT_EQ(PermissionRequestToggleStatus::CLOSED, status); - PermissionManager::GetInstance().SetPermissionRequestToggleStatus(permissionName, oriStatus, 0); -} - -/** - * @tc.name: SetPermissionRequestToggleStatus001 - * @tc.desc: PermissionManager::SetPermissionRequestToggleStatus function test with invalid permissionName, invalid - * status and invalid userID. - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(PermissionManagerTest, SetPermissionRequestToggleStatus001, TestSize.Level1) -{ - int32_t userID = -1; - uint32_t status = PermissionRequestToggleStatus::CLOSED; - std::string permissionName = "ohos.permission.CAMERA"; - - // UserId is invalid. - ASSERT_EQ(ERR_PARAM_INVALID, PermissionManager::GetInstance().SetPermissionRequestToggleStatus( - permissionName, status, userID)); - - // Permission name is invalid. - userID = 123; - ASSERT_EQ(ERR_PARAM_INVALID, PermissionManager::GetInstance().SetPermissionRequestToggleStatus( - "", status, userID)); - - // PermissionName is not defined. - permissionName = "ohos.permission.invalid"; - ASSERT_EQ(ERR_PERMISSION_NOT_EXIST, PermissionManager::GetInstance().SetPermissionRequestToggleStatus( - permissionName, status, userID)); - - // Permission is system_grant. - permissionName = "ohos.permission.USE_BLUETOOTH"; - ASSERT_EQ(ERR_PARAM_INVALID, PermissionManager::GetInstance().SetPermissionRequestToggleStatus( - permissionName, status, userID)); - - // Status is invalid. - status = -1; - permissionName = "ohos.permission.CAMERA"; - ASSERT_EQ(ERR_PARAM_INVALID, PermissionManager::GetInstance().SetPermissionRequestToggleStatus( - permissionName, status, userID)); -} - -/** - * @tc.name: SetPermissionRequestToggleStatus002 - * @tc.desc: PermissionManager::SetPermissionRequestToggleStatus function test with normal process. - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(PermissionManagerTest, SetPermissionRequestToggleStatus002, TestSize.Level1) -{ - int32_t userID = 123; - uint32_t status = PermissionRequestToggleStatus::CLOSED; - std::string permissionName = "ohos.permission.CAMERA"; - - ASSERT_EQ(RET_SUCCESS, PermissionManager::GetInstance().SetPermissionRequestToggleStatus( - permissionName, status, userID)); - - status = PermissionRequestToggleStatus::OPEN; - ASSERT_EQ(RET_SUCCESS, PermissionManager::GetInstance().SetPermissionRequestToggleStatus( - permissionName, status, userID)); -} - -/** - * @tc.name: GetPermissionRequestToggleStatus001 - * @tc.desc: PermissionManager::GetPermissionRequestToggleStatus function test with invalid userID, invalid permission - * name. - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(PermissionManagerTest, GetPermissionRequestToggleStatus001, TestSize.Level1) -{ - int32_t userID = -1; - uint32_t status; - std::string permissionName = "ohos.permission.CAMERA"; - - // UserId is invalid. - ASSERT_EQ(ERR_PARAM_INVALID, PermissionManager::GetInstance().GetPermissionRequestToggleStatus( - permissionName, status, userID)); - - // PermissionName is invalid. - userID = 123; - ASSERT_EQ(ERR_PARAM_INVALID, PermissionManager::GetInstance().GetPermissionRequestToggleStatus( - "", status, userID)); - - // PermissionName is not defined. - permissionName = "ohos.permission.invalid"; - ASSERT_EQ(ERR_PERMISSION_NOT_EXIST, PermissionManager::GetInstance().GetPermissionRequestToggleStatus( - permissionName, status, userID)); - - // Permission is system_grant. - permissionName = "ohos.permission.USE_BLUETOOTH"; - ASSERT_EQ(ERR_PARAM_INVALID, PermissionManager::GetInstance().GetPermissionRequestToggleStatus( - permissionName, status, userID)); -} - -/** - * @tc.name: GetPermissionRequestToggleStatus002 - * @tc.desc: PermissionManager::GetPermissionRequestToggleStatus function test with normal process. - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(PermissionManagerTest, GetPermissionRequestToggleStatus002, TestSize.Level1) -{ - int32_t userID = 123; - uint32_t setStatusClose = PermissionRequestToggleStatus::CLOSED; - uint32_t setStatusOpen = PermissionRequestToggleStatus::OPEN; - uint32_t getStatus; - - ASSERT_EQ(RET_SUCCESS, PermissionManager::GetInstance().GetPermissionRequestToggleStatus( - "ohos.permission.CAMERA", getStatus, userID)); - - ASSERT_EQ(setStatusOpen, getStatus); - - ASSERT_EQ(RET_SUCCESS, PermissionManager::GetInstance().SetPermissionRequestToggleStatus( - "ohos.permission.CAMERA", setStatusClose, userID)); - - ASSERT_EQ(RET_SUCCESS, PermissionManager::GetInstance().GetPermissionRequestToggleStatus( - "ohos.permission.CAMERA", getStatus, userID)); - - ASSERT_EQ(setStatusClose, getStatus); - - ASSERT_EQ(RET_SUCCESS, PermissionManager::GetInstance().SetPermissionRequestToggleStatus( - "ohos.permission.CAMERA", setStatusOpen, userID)); - - ASSERT_EQ(RET_SUCCESS, PermissionManager::GetInstance().GetPermissionRequestToggleStatus( - "ohos.permission.CAMERA", getStatus, userID)); - - ASSERT_EQ(setStatusOpen, getStatus); + AccessTokenInfoManager::GetInstance().SetPermissionRequestToggleStatus(permissionName, oriStatus, 0); } /** diff --git a/services/common/database/test/unittest/database_test.cpp b/services/common/database/test/unittest/database_test.cpp index 39f6b11d35cafecd842c36fcd3c4a8590fe8ebb8..99bd22516ba775a8a8818add18e54de9200cdfa5 100644 --- a/services/common/database/test/unittest/database_test.cpp +++ b/services/common/database/test/unittest/database_test.cpp @@ -136,70 +136,16 @@ HWTEST_F(DatabaseTest, VariantValue001, TestSize.Level1) static void RemoveTestTokenHapInfo() { - GenericValues conditionValue; - std::vector hapInfoResults; - AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_HAP_INFO, conditionValue, hapInfoResults); - for (GenericValues hapInfoValue : hapInfoResults) { - AccessTokenID tokenId = (AccessTokenID)hapInfoValue.GetInt(TokenFiledConst::FIELD_TOKEN_ID); - if (tokenId == TEST_TOKEN_ID) { - ASSERT_EQ(0, AccessTokenDb::GetInstance().Remove(AtmDataType::ACCESSTOKEN_HAP_INFO, hapInfoValue)); - break; - } - } -} - -/* - * @tc.name: SqliteStorageAddTest001 - * @tc.desc: Add function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(DatabaseTest, SqliteStorageAddTest001, TestSize.Level1) -{ - LOGI(ATM_DOMAIN, ATM_TAG, "SqliteStorageAddTest001 begin"); - - RemoveTestTokenHapInfo(); - - GenericValues genericValues; - genericValues.Put(TokenFiledConst::FIELD_TOKEN_ID, TEST_TOKEN_ID); - genericValues.Put(TokenFiledConst::FIELD_USER_ID, 100); - genericValues.Put(TokenFiledConst::FIELD_BUNDLE_NAME, "test_bundle_name"); - genericValues.Put(TokenFiledConst::FIELD_API_VERSION, 9); - genericValues.Put(TokenFiledConst::FIELD_INST_INDEX, 0); - genericValues.Put(TokenFiledConst::FIELD_DLP_TYPE, 0); - genericValues.Put(TokenFiledConst::FIELD_APP_ID, "test_app_id"); - genericValues.Put(TokenFiledConst::FIELD_DEVICE_ID, "test_device_id"); - genericValues.Put(TokenFiledConst::FIELD_APL, ATokenAplEnum::APL_NORMAL); - genericValues.Put(TokenFiledConst::FIELD_TOKEN_VERSION, 0); - genericValues.Put(TokenFiledConst::FIELD_TOKEN_ATTR, 0); - genericValues.Put(TokenFiledConst::FIELD_FORBID_PERM_DIALOG, "test_perm_dialog_cap_state"); - - std::vector values; - values.emplace_back(genericValues); - EXPECT_EQ(0, AccessTokenDb::GetInstance().Add(AtmDataType::ACCESSTOKEN_HAP_INFO, values)); - LOGI(ATM_DOMAIN, ATM_TAG, "SqliteStorageAddTest001 end"); -} - -/* - * @tc.name: SqliteStorageAddTest002 - * @tc.desc: Add function test failed - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(DatabaseTest, SqliteStorageAddTest002, TestSize.Level1) -{ - LOGI(ATM_DOMAIN, ATM_TAG, "SqliteStorageAddTest002 begin"); - - RemoveTestTokenHapInfo(); - - GenericValues genericValues; - genericValues.Put(TokenFiledConst::FIELD_TOKEN_ID, TEST_TOKEN_ID); - - std::vector values; - values.emplace_back(genericValues); - EXPECT_EQ(AccessTokenError::ERR_DATABASE_OPERATE_FAILED, - AccessTokenDb::GetInstance().Add(AtmDataType::ACCESSTOKEN_HAP_INFO, values)); - LOGI(ATM_DOMAIN, ATM_TAG, "SqliteStorageAddTest002 end"); + GenericValues condition; + condition.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(TEST_TOKEN_ID)); + std::vector deleteDataTypes; + std::vector deleteValues; + deleteDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_HAP_INFO); + deleteValues.emplace_back(condition); + + std::vector addDataTypes; + std::vector> addValues; + AccessTokenDb::GetInstance().DeleteAndInsertValues(deleteDataTypes, deleteValues, addDataTypes, addValues); } /* @@ -228,9 +174,17 @@ HWTEST_F(DatabaseTest, SqliteStorageModifyTest001, TestSize.Level1) genericValues.Put(TokenFiledConst::FIELD_TOKEN_ATTR, 0); genericValues.Put(TokenFiledConst::FIELD_FORBID_PERM_DIALOG, "test_perm_dialog_cap_state"); - std::vector values; - values.emplace_back(genericValues); - EXPECT_EQ(0, AccessTokenDb::GetInstance().Add(AtmDataType::ACCESSTOKEN_HAP_INFO, values)); + std::vector deleteDataTypes; + std::vector deleteValues; + + std::vector addDataTypes; + std::vector> addValues; + std::vector value; + addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_HAP_INFO); + value.emplace_back(genericValues); + addValues.emplace_back(value); + EXPECT_EQ(0, + AccessTokenDb::GetInstance().DeleteAndInsertValues(deleteDataTypes, deleteValues, addDataTypes, addValues)); GenericValues modifyValues; modifyValues.Put(TokenFiledConst::FIELD_BUNDLE_NAME, "test_bundle_name_modified"); diff --git a/services/tokensyncmanager/include/command/base_remote_command.h b/services/tokensyncmanager/include/command/base_remote_command.h index f53a3dde0a2222ba1efd174d2b4e7a7da131c259..da180d85d1bb536bf5c33c259f05cfff1a45ccfe 100644 --- a/services/tokensyncmanager/include/command/base_remote_command.h +++ b/services/tokensyncmanager/include/command/base_remote_command.h @@ -27,18 +27,6 @@ namespace OHOS { namespace Security { namespace AccessToken { - -/** - * @brief Declares native token info for distributed synchronize class - */ -class NativeTokenInfoForSync final { -public: - /** native token info */ - NativeTokenInfoBase baseInfo; - /** permission state list */ - std::vector permStateList; -}; - /** * The base class for command. You can treat this as remote command header. */ @@ -69,8 +57,8 @@ public: nlohmann::json ToHapTokenInfosJson(const HapTokenInfoForSync &tokenInfo); void FromHapTokenInfoJson(const nlohmann::json& hapTokenJson, HapTokenInfoForSync& hapTokenInfo); - nlohmann::json ToNativeTokenInfoJson(const NativeTokenInfoForSync& tokenInfo); - void FromNativeTokenInfoJson(const nlohmann::json& nativeTokenJson, NativeTokenInfoForSync& nativeTokenInfo); + nlohmann::json ToNativeTokenInfoJson(const NativeTokenInfoBase& tokenInfo); + void FromNativeTokenInfoJson(const nlohmann::json& nativeTokenJson, NativeTokenInfoBase& nativeTokenInfo); RemoteProtocol remoteProtocol_; }; } // namespace AccessToken diff --git a/services/tokensyncmanager/src/command/base_remote_command.cpp b/services/tokensyncmanager/src/command/base_remote_command.cpp index c83b19e188c1998fbd41622dc19c78e0392c0020..31e7f3bb15e4df6bafba7ddac6eeb1941fc63c1c 100644 --- a/services/tokensyncmanager/src/command/base_remote_command.cpp +++ b/services/tokensyncmanager/src/command/base_remote_command.cpp @@ -96,7 +96,7 @@ nlohmann::json BaseRemoteCommand::ToRemoteProtocolJson() return j; } -nlohmann::json BaseRemoteCommand::ToNativeTokenInfoJson(const NativeTokenInfoForSync& tokenInfo) +nlohmann::json BaseRemoteCommand::ToNativeTokenInfoJson(const NativeTokenInfoBase& tokenInfo) { nlohmann::json permStatesJson; for (const auto& permState : tokenInfo.permStateList) { @@ -105,14 +105,14 @@ nlohmann::json BaseRemoteCommand::ToNativeTokenInfoJson(const NativeTokenInfoFor permStatesJson.emplace_back(permStateJson); } - nlohmann::json DcapsJson = nlohmann::json(tokenInfo.baseInfo.dcap); - nlohmann::json NativeAclsJson = nlohmann::json(tokenInfo.baseInfo.nativeAcls); + nlohmann::json DcapsJson = nlohmann::json(tokenInfo.dcap); + nlohmann::json NativeAclsJson = nlohmann::json(tokenInfo.nativeAcls); nlohmann::json nativeTokenJson = nlohmann::json { - {"processName", tokenInfo.baseInfo.processName}, - {"apl", tokenInfo.baseInfo.apl}, - {"version", tokenInfo.baseInfo.ver}, - {"tokenId", tokenInfo.baseInfo.tokenID}, - {"tokenAttr", tokenInfo.baseInfo.tokenAttr}, + {"processName", tokenInfo.processName}, + {"apl", tokenInfo.apl}, + {"version", tokenInfo.ver}, + {"tokenId", tokenInfo.tokenID}, + {"tokenAttr", tokenInfo.tokenAttr}, {"dcaps", DcapsJson}, {"nativeAcls", NativeAclsJson}, {"permState", permStatesJson}, @@ -200,33 +200,33 @@ void BaseRemoteCommand::FromHapTokenInfoJson(const nlohmann::json& hapTokenJson, } void BaseRemoteCommand::FromNativeTokenInfoJson(const nlohmann::json& nativeTokenJson, - NativeTokenInfoForSync& nativeTokenInfo) + NativeTokenInfoBase& nativeTokenInfo) { if (nativeTokenJson.find("processName") != nativeTokenJson.end() && nativeTokenJson.at("processName").is_string()) { - nativeTokenInfo.baseInfo.processName = nativeTokenJson.at("processName").get(); + nativeTokenInfo.processName = nativeTokenJson.at("processName").get(); } if (nativeTokenJson.find("apl") != nativeTokenJson.end() && nativeTokenJson.at("apl").is_number()) { int apl = nativeTokenJson.at("apl").get(); if (DataValidator::IsAplNumValid(apl)) { - nativeTokenInfo.baseInfo.apl = static_cast(apl); + nativeTokenInfo.apl = static_cast(apl); } } if (nativeTokenJson.find("version") != nativeTokenJson.end() && nativeTokenJson.at("version").is_number()) { - nativeTokenInfo.baseInfo.ver = (unsigned)nativeTokenJson.at("version").get(); + nativeTokenInfo.ver = (unsigned)nativeTokenJson.at("version").get(); } if (nativeTokenJson.find("tokenId") != nativeTokenJson.end() && nativeTokenJson.at("tokenId").is_number()) { - nativeTokenInfo.baseInfo.tokenID = (unsigned)nativeTokenJson.at("tokenId").get(); + nativeTokenInfo.tokenID = (unsigned)nativeTokenJson.at("tokenId").get(); } if (nativeTokenJson.find("tokenAttr") != nativeTokenJson.end() && nativeTokenJson.at("tokenAttr").is_number()) { - nativeTokenInfo.baseInfo.tokenAttr = (unsigned)nativeTokenJson.at("tokenAttr").get(); + nativeTokenInfo.tokenAttr = (unsigned)nativeTokenJson.at("tokenAttr").get(); } if (nativeTokenJson.find("dcaps") != nativeTokenJson.end() && nativeTokenJson.at("dcaps").is_array() && !nativeTokenJson.at("dcaps").empty() && (nativeTokenJson.at("dcaps"))[0].is_string()) { - nativeTokenInfo.baseInfo.dcap = nativeTokenJson.at("dcaps").get>(); + nativeTokenInfo.dcap = nativeTokenJson.at("dcaps").get>(); } if (nativeTokenJson.find("nativeAcls") != nativeTokenJson.end() && nativeTokenJson.at("nativeAcls").is_array() && !nativeTokenJson.at("nativeAcls").empty() && (nativeTokenJson.at("nativeAcls"))[0].is_string()) { - nativeTokenInfo.baseInfo.nativeAcls = nativeTokenJson.at("nativeAcls").get>(); + nativeTokenInfo.nativeAcls = nativeTokenJson.at("nativeAcls").get>(); } FromPermStateListJson(nativeTokenJson, nativeTokenInfo.permStateList); diff --git a/services/tokensyncmanager/test/unittest/token_sync_service_test.cpp b/services/tokensyncmanager/test/unittest/token_sync_service_test.cpp index b3f70e9462ffcf741ccfe9cb86de6d0aa39ae6ab..cdca7a6219f933ee0fe71deae92e6f609a4ca69f 100644 --- a/services/tokensyncmanager/test/unittest/token_sync_service_test.cpp +++ b/services/tokensyncmanager/test/unittest/token_sync_service_test.cpp @@ -435,13 +435,13 @@ HWTEST_F(TokenSyncServiceTest, ClientProcessResult002, TestSize.Level1) */ HWTEST_F(TokenSyncServiceTest, ToNativeTokenInfoJson001, TestSize.Level1) { - NativeTokenInfoForSync native1 = { - .baseInfo.ver = 1, - .baseInfo.processName = "token_sync_test", - .baseInfo.dcap = {"AT_CAP"}, - .baseInfo.tokenID = 1, - .baseInfo.tokenAttr = 0, - .baseInfo.nativeAcls = {}, + NativeTokenInfoBase native1 = { + .ver = 1, + .processName = "token_sync_test", + .dcap = {"AT_CAP"}, + .tokenID = 1, + .tokenAttr = 0, + .nativeAcls = {}, }; auto cmd = std::make_shared(); EXPECT_NE(nullptr, cmd->ToNativeTokenInfoJson(native1)); @@ -510,27 +510,27 @@ HWTEST_F(TokenSyncServiceTest, FromNativeTokenInfoJson001, TestSize.Level1) auto cmd = std::make_shared(); nlohmann::json nativeTokenListJsonNull; - NativeTokenInfoForSync tokenNull; + NativeTokenInfoBase tokenNull; cmd->FromNativeTokenInfoJson(nativeTokenListJsonNull, tokenNull); nlohmann::json hapTokenJsonNull; HapTokenInfo hapTokenBasicInfoNull; cmd->FromHapTokenBasicInfoJson(hapTokenJsonNull, hapTokenBasicInfoNull); - NativeTokenInfoForSync native1 = { - .baseInfo.apl = APL_NORMAL, - .baseInfo.ver = 2, - .baseInfo.processName = "token_sync_test", - .baseInfo.dcap = {"AT_CAP"}, - .baseInfo.tokenID = 1, - .baseInfo.tokenAttr = 0, - .baseInfo.nativeAcls = {}, + NativeTokenInfoBase native1 = { + .apl = APL_NORMAL, + .ver = 2, + .processName = "token_sync_test", + .dcap = {"AT_CAP"}, + .tokenID = 1, + .tokenAttr = 0, + .nativeAcls = {}, }; nlohmann::json nativeTokenListJson = cmd->ToNativeTokenInfoJson(native1); - NativeTokenInfoForSync token; + NativeTokenInfoBase token; cmd->FromNativeTokenInfoJson(nativeTokenListJson, token); - EXPECT_EQ(token.baseInfo.processName, "token_sync_test"); - EXPECT_EQ(token.baseInfo.apl, ATokenAplEnum::APL_NORMAL); + EXPECT_EQ(token.processName, "token_sync_test"); + EXPECT_EQ(token.apl, ATokenAplEnum::APL_NORMAL); } /** diff --git a/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni b/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni index 794c1e61a962d972c39127e391670cd4b55623fc..3476e51ebe8747920cf0964bb25c6c7e838093ee 100644 --- a/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni +++ b/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni @@ -106,7 +106,6 @@ access_token_sources = [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp", ]