diff --git a/frameworks/accesstoken/include/i_accesstoken_manager.h b/frameworks/accesstoken/include/i_accesstoken_manager.h index 5ec9285f4ed86c4eb07d6a51c6cab1321a587e64..deecc2cbfc98bac7d71d81026004cd3f5a041c5e 100644 --- a/frameworks/accesstoken/include/i_accesstoken_manager.h +++ b/frameworks/accesstoken/include/i_accesstoken_manager.h @@ -47,8 +47,7 @@ public: DECLARE_INTERFACE_DESCRIPTOR(u"ohos.security.accesstoken.IAccessTokenManager"); - virtual PermUsedTypeEnum GetPermissionUsedType( - AccessTokenID tokenID, const std::string& permissionName) = 0; + virtual PermUsedTypeEnum GetPermissionUsedType(AccessTokenID tokenID, uint16_t permCode) = 0; virtual int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) = 0; virtual int VerifyAccessToken(AccessTokenID tokenID, const std::vector& permissionList, std::vector& permStateList) = 0; diff --git a/frameworks/common/include/permission_map.h b/frameworks/common/include/permission_map.h index 6f375463753a50940f30cd9f11a1c8970d4f58bb..b6868624adc46de8501acc0e319392e4a930a01e 100644 --- a/frameworks/common/include/permission_map.h +++ b/frameworks/common/include/permission_map.h @@ -22,8 +22,8 @@ namespace OHOS { namespace Security { namespace AccessToken { -bool TransferPermissionToOpcode(const std::string& permissionName, uint32_t& opCode); -bool TransferOpcodeToPermission(uint32_t opCode, std::string& permissionName); +uint16_t TransferPermissionToOpcode(const std::string& permissionName); +std::string TransferOpcodeToPermission(uint16_t permCode); bool IsUserGrantPermission(const std::string& permission); } // namespace AccessToken } // namespace Security diff --git a/frameworks/common/src/permission_map.cpp b/frameworks/common/src/permission_map.cpp index 1816b495eeb2582da56504344143ab8cb9f3d2c4..2edc144594dadc1371294ab6b6ec6bf0cad9332f 100644 --- a/frameworks/common/src/permission_map.cpp +++ b/frameworks/common/src/permission_map.cpp @@ -613,26 +613,24 @@ const static std::vector> g_permMap = { {"ohos.permission.SET_PAC_URL", false}, }; -bool TransferPermissionToOpcode(const std::string& permission, uint32_t& opCode) +uint16_t TransferPermissionToOpcode(const std::string& permission) { size_t size = g_permMap.size(); for (size_t i = 0; i < size; i++) { std::pair it = g_permMap[i]; if (permission == it.first) { - opCode = i; - return true; + return static_cast(i); } } - return false; + return -1; } -bool TransferOpcodeToPermission(uint32_t opCode, std::string& permission) +std::string TransferOpcodeToPermission(uint16_t permCode) { - if (opCode >= MAX_PERM_SIZE || opCode >= g_permMap.size()) { - return false; + if (permCode >= MAX_PERM_SIZE || permCode >= static_cast(g_permMap.size())) { + return ""; } - permission = g_permMap[opCode].first; - return true; + return g_permMap[permCode].first; } bool IsUserGrantPermission(const std::string& permission) diff --git a/frameworks/test/unittest/common_test.cpp b/frameworks/test/unittest/common_test.cpp index a303ec35283b599d92e979ea41e62b3bd68e98e6..4e71f0c2e47d33ae8424eacaa33db1efa497ed55 100644 --- a/frameworks/test/unittest/common_test.cpp +++ b/frameworks/test/unittest/common_test.cpp @@ -87,9 +87,7 @@ HWTEST_F(CommonTest, EncryptDevId001, TestSize.Level1) */ HWTEST_F(CommonTest, TransferOpcodeToPermission001, TestSize.Level1) { - std::string permissionName; - EXPECT_TRUE(TransferOpcodeToPermission(0, permissionName)); - EXPECT_EQ(permissionName, "ohos.permission.ANSWER_CALL"); + EXPECT_EQ(TransferOpcodeToPermission(0), "ohos.permission.ANSWER_CALL"); } /* @@ -100,9 +98,8 @@ HWTEST_F(CommonTest, TransferOpcodeToPermission001, TestSize.Level1) */ HWTEST_F(CommonTest, TransferOpcodeToPermission002, TestSize.Level1) { - std::string permissionName; - EXPECT_FALSE(TransferOpcodeToPermission(MAX_PERM_SIZE, permissionName)); - EXPECT_FALSE(TransferOpcodeToPermission(MAX_PERM_SIZE - 1, permissionName)); + std::string permissionName = TransferOpcodeToPermission(MAX_PERM_SIZE); + EXPECT_TRUE(permissionName.empty()); } /* diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp index 25780123347fe49c26b2dafa02039a5443ba016f..2f82cffc2f398876a4dbf4d0480266e569c9c39b 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp @@ -40,16 +40,19 @@ static const int INVALID_DLP_TOKEN_FLAG = -1; static const int FIRSTCALLER_TOKENID_DEFAULT = 0; } // namespace -PermUsedTypeEnum AccessTokenKit::GetPermissionUsedType( - AccessTokenID tokenID, const std::string& permissionName) +PermUsedTypeEnum AccessTokenKit::GetPermissionUsedType(AccessTokenID tokenID, const std::string& permissionName) { ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d, permissionName=%{public}s.", tokenID, permissionName.c_str()); - if ((tokenID == INVALID_TOKENID) || (!DataValidator::IsPermissionNameValid(permissionName))) { + if (tokenID == INVALID_TOKENID) { ACCESSTOKEN_LOG_ERROR(LABEL, "Input param failed."); return PermUsedTypeEnum::INVALID_USED_TYPE; } - return AccessTokenManagerClient::GetInstance().GetPermissionUsedType(tokenID, permissionName); + uint16_t code = TransferPermissionToOpcode(permissionName); + if (code < 0) { + return PermUsedTypeEnum::INVALID_USED_TYPE; + } + return AccessTokenManagerClient::GetInstance().GetPermissionUsedType(tokenID, code); } int AccessTokenKit::GrantPermissionForSpecifiedTime( @@ -295,8 +298,8 @@ int AccessTokenKit::VerifyAccessToken(AccessTokenID tokenID, const std::string& { ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d, permissionName=%{public}s, crossIpc=%{public}d.", tokenID, permissionName.c_str(), crossIpc); - uint32_t code; - if (!TransferPermissionToOpcode(permissionName, code)) { + uint16_t code = TransferPermissionToOpcode(permissionName); + if (code < 0) { ACCESSTOKEN_LOG_ERROR(LABEL, "PermissionName(%{public}s) is not exist.", permissionName.c_str()); return PERMISSION_DENIED; } @@ -330,8 +333,8 @@ int AccessTokenKit::VerifyAccessToken(AccessTokenID tokenID, const std::string& { ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d, permissionName=%{public}s.", tokenID, permissionName.c_str()); - uint32_t code; - if (!TransferPermissionToOpcode(permissionName, code)) { + uint16_t code = TransferPermissionToOpcode(permissionName); + if (code < 0) { ACCESSTOKEN_LOG_ERROR(LABEL, "PermissionName(%{public}s) is not exist.", permissionName.c_str()); return PERMISSION_DENIED; } @@ -373,8 +376,8 @@ int AccessTokenKit::VerifyAccessToken(AccessTokenID tokenID, const std::vector permToState; for (size_t i = 0; i < permissionList.size(); i++) { bool isGranted = false; - uint32_t code; - if (!TransferPermissionToOpcode(permissionList[i], code)) { + uint16_t code = TransferPermissionToOpcode(permissionList[i]); + if (code < 0) { ACCESSTOKEN_LOG_ERROR(LABEL, "PermissionName(%{public}s) is not exist.", permissionList[i].c_str()); permStateList[i] = PERMISSION_DENIED; continue; diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp index a8e0ce1f1b182e716da2bdb193dbd706ae83870c..9fbd56ebeb980e5d690cf9045e0cd70f4315f915 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp @@ -62,15 +62,14 @@ AccessTokenManagerClient::~AccessTokenManagerClient() ReleaseProxy(); } -PermUsedTypeEnum AccessTokenManagerClient::GetPermissionUsedType( - AccessTokenID tokenID, const std::string &permissionName) +PermUsedTypeEnum AccessTokenManagerClient::GetPermissionUsedType(AccessTokenID tokenID, uint16_t permCode) { auto proxy = GetProxy(); if (proxy == nullptr) { ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); return PermUsedTypeEnum::INVALID_USED_TYPE; } - return proxy->GetPermissionUsedType(tokenID, permissionName); + return proxy->GetPermissionUsedType(tokenID, permCode); } int AccessTokenManagerClient::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h index c185a95f6f33a1fa0087c19d85f1ccbb7edc032f..2d1dcfaf0e1c9f5e021cb510c1b41e8299a6b700 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h @@ -48,7 +48,7 @@ public: virtual ~AccessTokenManagerClient(); - PermUsedTypeEnum GetPermissionUsedType(AccessTokenID tokenID, const std::string& permissionName); + PermUsedTypeEnum GetPermissionUsedType(AccessTokenID tokenID, uint16_t permCode); int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName); int VerifyAccessToken(AccessTokenID tokenID, const std::vector& permissionList, std::vector& permStateList); diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp index e2ed43ae2aeb49a8fc93f8ea44b6645311ad9220..f2f319cc0ee18f1e1af62577bcdc32f182fcea91 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp @@ -56,8 +56,7 @@ bool AccessTokenManagerProxy::SendRequest( return true; } -PermUsedTypeEnum AccessTokenManagerProxy::GetPermissionUsedType( - AccessTokenID tokenID, const std::string &permissionName) +PermUsedTypeEnum AccessTokenManagerProxy::GetPermissionUsedType(AccessTokenID tokenID, uint16_t permCode) { MessageParcel data; if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { @@ -68,8 +67,8 @@ PermUsedTypeEnum AccessTokenManagerProxy::GetPermissionUsedType( ACCESSTOKEN_LOG_ERROR(LABEL, "WriteUint32 failed."); return PermUsedTypeEnum::INVALID_USED_TYPE; } - if (!data.WriteString(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteString failed."); + if (!data.WriteUint16(permCode)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "WriteUint16 failed."); return PermUsedTypeEnum::INVALID_USED_TYPE; } diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h index 3c79708d665cd1db76e130d7ff83d24502eb6025..1c9f1c0d2b05e55658fcbc48902901b7bf221efb 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h @@ -42,8 +42,7 @@ public: explicit AccessTokenManagerProxy(const sptr& impl); ~AccessTokenManagerProxy() override; - PermUsedTypeEnum GetPermissionUsedType( - AccessTokenID tokenID, const std::string& permissionName) override; + PermUsedTypeEnum GetPermissionUsedType(AccessTokenID tokenID, uint16_t permCode) override; int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) override; int VerifyAccessToken(AccessTokenID tokenID, const std::vector& permissionList, std::vector& permStateList) override; diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/check_permission_map_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/check_permission_map_test.cpp index 8ae943d7e5b3e0d4fb440832bed04099abf5b877..6aacd604cad0c2112bf6cd56d8a6f117c2046562 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/check_permission_map_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/check_permission_map_test.cpp @@ -122,14 +122,13 @@ HWTEST_F(CheckPermissionMapTest, CheckPermissionMapFuncTest001, TestSize.Level1) ret = ParserPermsRawData(permsRawData, permDefList); EXPECT_EQ(RET_SUCCESS, ret); - uint32_t opCode; for (const auto& perm : permDefList) { // Check if permissions exist - bool isExsit = TransferPermissionToOpcode(perm.permissionName, opCode); - if (!isExsit) { + uint16_t permCode = TransferPermissionToOpcode(perm.permissionName); + if (permCode < 0) { GTEST_LOG_(INFO) << "permission name is " << perm.permissionName; } - EXPECT_TRUE(isExsit); + EXPECT_TRUE(permCode >= 0); // Check true-user_grant/false-system_grant if (perm.grantMode == AccessToken::GrantMode::USER_GRANT) { EXPECT_TRUE(IsUserGrantPermission(perm.permissionName)); diff --git a/interfaces/innerkits/privacy/test/unittest/src/privacy_kit_test.cpp b/interfaces/innerkits/privacy/test/unittest/src/privacy_kit_test.cpp index 931a291e2c2c200de9527ed63f0eb35a625d02d2..c433c95fbc0d3ffc34f85686fb5ca90418ae9299 100644 --- a/interfaces/innerkits/privacy/test/unittest/src/privacy_kit_test.cpp +++ b/interfaces/innerkits/privacy/test/unittest/src/privacy_kit_test.cpp @@ -2619,10 +2619,10 @@ HWTEST_F(PrivacyKitTest, IsAllowedUsingPermission013, TestSize.Level1) uint32_t selfUid = getuid(); setuid(ACCESS_TOKEN_UID); - uint32_t opCode1 = -1; - uint32_t opCode2 = -1; - ASSERT_EQ(true, TransferPermissionToOpcode("ohos.permission.SET_FOREGROUND_HAP_REMINDER", opCode1)); - ASSERT_EQ(true, TransferPermissionToOpcode("ohos.permission.PERMISSION_USED_STATS", opCode2)); + uint16_t opCode1 = TransferPermissionToOpcode("ohos.permission.SET_FOREGROUND_HAP_REMINDER"); + uint16_t opCode2 = TransferPermissionToOpcode("ohos.permission.PERMISSION_USED_STATS"); + ASSERT_TRUE(opCode1 >= 0); + ASSERT_TRUE(opCode2 >= 0); ASSERT_EQ(0, AddPermissionToKernel(RANDOM_TOKENID, {opCode1, opCode2}, {1, 1})); EXPECT_EQ(0, SetSelfTokenID(RANDOM_TOKENID)); GTEST_LOG_(INFO) << "permissionSet OK "; @@ -2649,14 +2649,14 @@ HWTEST_F(PrivacyKitTest, IsAllowedUsingPermission013, TestSize.Level1) */ HWTEST_F(PrivacyKitTest, SetHapWithFGReminder01, TestSize.Level1) { - uint32_t opCode1; - uint32_t opCode2; uint32_t tokenTest = 111; /// 111 is a tokenId uint32_t selfUid = getuid(); setuid(ACCESS_TOKEN_UID); - EXPECT_EQ(true, TransferPermissionToOpcode("ohos.permission.SET_FOREGROUND_HAP_REMINDER", opCode1)); - EXPECT_EQ(true, TransferPermissionToOpcode("ohos.permission.PERMISSION_USED_STATS", opCode2)); + uint16_t opCode1 = TransferPermissionToOpcode("ohos.permission.SET_FOREGROUND_HAP_REMINDER"); + uint16_t opCode2 = TransferPermissionToOpcode("ohos.permission.PERMISSION_USED_STATS"); + ASSERT_TRUE(opCode1 >= 0); + ASSERT_TRUE(opCode2 >= 0); int32_t res = AddPermissionToKernel(tokenTest, {opCode1, opCode2}, {1, 1}); ASSERT_EQ(res, 0); GTEST_LOG_(INFO) << "permissionSet OK "; @@ -2683,14 +2683,15 @@ HWTEST_F(PrivacyKitTest, SetHapWithFGReminder01, TestSize.Level1) */ HWTEST_F(PrivacyKitTest, SetHapWithFGReminder02, TestSize.Level1) { - uint32_t opCode1; - uint32_t opCode2; uint32_t tokenTest = 111; /// 111 is a tokenId uint32_t selfUid = getuid(); setuid(ACCESS_TOKEN_UID); - EXPECT_EQ(true, TransferPermissionToOpcode("ohos.permission.SET_FOREGROUND_HAP_REMINDER", opCode1)); - EXPECT_EQ(true, TransferPermissionToOpcode("ohos.permission.PERMISSION_USED_STATS", opCode2)); + uint16_t opCode1 = TransferPermissionToOpcode("ohos.permission.SET_FOREGROUND_HAP_REMINDER"); + uint16_t opCode2 = TransferPermissionToOpcode("ohos.permission.PERMISSION_USED_STATS"); + ASSERT_TRUE(opCode1 >= 0); + ASSERT_TRUE(opCode2 >= 0); + int32_t res = AddPermissionToKernel(tokenTest, {opCode1, opCode2}, {1, 1}); ASSERT_EQ(res, 0); @@ -2716,14 +2717,15 @@ HWTEST_F(PrivacyKitTest, SetHapWithFGReminder02, TestSize.Level1) */ HWTEST_F(PrivacyKitTest, SetHapWithFGReminder03, TestSize.Level1) { - uint32_t opCode1; - uint32_t opCode2; uint32_t tokenTest = 111; /// 111 is a tokenId uint32_t selfUid = getuid(); setuid(ACCESS_TOKEN_UID); - EXPECT_EQ(true, TransferPermissionToOpcode("ohos.permission.SET_FOREGROUND_HAP_REMINDER", opCode1)); - EXPECT_EQ(true, TransferPermissionToOpcode("ohos.permission.PERMISSION_USED_STATS", opCode2)); + uint16_t opCode1 = TransferPermissionToOpcode("ohos.permission.SET_FOREGROUND_HAP_REMINDER"); + uint16_t opCode2 = TransferPermissionToOpcode("ohos.permission.PERMISSION_USED_STATS"); + ASSERT_TRUE(opCode1 >= 0); + ASSERT_TRUE(opCode2 >= 0); + int32_t res = AddPermissionToKernel(tokenTest, {opCode1, opCode2}, {1, 1}); ASSERT_EQ(res, 0); diff --git a/interfaces/innerkits/token_setproc/include/perm_setproc.h b/interfaces/innerkits/token_setproc/include/perm_setproc.h index 2c0c2efc1ae8c934f65cce459d6e993df79c10af..c4d50ed220a1d5e0ed3129674aa31d0e4e0c9008 100644 --- a/interfaces/innerkits/token_setproc/include/perm_setproc.h +++ b/interfaces/innerkits/token_setproc/include/perm_setproc.h @@ -21,10 +21,10 @@ namespace OHOS { namespace Security { namespace AccessToken { int32_t AddPermissionToKernel( - uint32_t tokenID, const std::vector& opCodeList, const std::vector& statusList); + uint32_t tokenID, const std::vector& opCodeList, const std::vector& statusList); int32_t RemovePermissionFromKernel(uint32_t tokenID); -int32_t SetPermissionToKernel(uint32_t tokenID, int32_t opCode, bool status); -int32_t GetPermissionFromKernel(uint32_t tokenID, int32_t opCode, bool& isGranted); +int32_t SetPermissionToKernel(uint32_t tokenID, uint16_t opCode, bool status); +int32_t GetPermissionFromKernel(uint32_t tokenID, uint16_t opCode, bool& isGranted); } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/interfaces/innerkits/token_setproc/src/perm_setproc.cpp b/interfaces/innerkits/token_setproc/src/perm_setproc.cpp index 4338fb20223113a342452dae3ef0eb425626af51..17d024b4849336362293b5916c17ee38b81ab84f 100644 --- a/interfaces/innerkits/token_setproc/src/perm_setproc.cpp +++ b/interfaces/innerkits/token_setproc/src/perm_setproc.cpp @@ -46,7 +46,7 @@ struct IoctlSetGetPermData { _IOW(ACCESS_TOKEN_ID_IOCTL_BASE, SET_PERMISSION, struct IoctlSetGetPermData) int32_t AddPermissionToKernel( - uint32_t tokenID, const std::vector& opCodeList, const std::vector& statusList) + uint32_t tokenID, const std::vector& opCodeList, const std::vector& statusList) { if (opCodeList.size() != statusList.size()) { return ACCESS_TOKEN_PARAM_INVALID; @@ -97,11 +97,11 @@ int32_t RemovePermissionFromKernel(uint32_t tokenID) return ACCESS_TOKEN_OK; } -int32_t SetPermissionToKernel(uint32_t tokenID, int32_t opCode, bool status) +int32_t SetPermissionToKernel(uint32_t tokenID, uint16_t permCode, bool status) { struct IoctlSetGetPermData data = { .token = tokenID, - .opCode = opCode, + .opCode = permCode, .isGranted = status, }; @@ -118,11 +118,11 @@ int32_t SetPermissionToKernel(uint32_t tokenID, int32_t opCode, bool status) return ACCESS_TOKEN_OK; } -int32_t GetPermissionFromKernel(uint32_t tokenID, int32_t opCode, bool& isGranted) +int32_t GetPermissionFromKernel(uint32_t tokenID, uint16_t permCode, bool& isGranted) { struct IoctlSetGetPermData data = { .token = tokenID, - .opCode = opCode, + .opCode = permCode, .isGranted = false, }; isGranted = false; diff --git a/interfaces/innerkits/token_setproc/test/unittest/src/tokensetproc_kit_test.cpp b/interfaces/innerkits/token_setproc/test/unittest/src/tokensetproc_kit_test.cpp index 92a6df1e3b5785f82598bda5058db98d2763b147..dfd78c2462d0cc40f54d4232f77e3e62ef9070f4 100644 --- a/interfaces/innerkits/token_setproc/test/unittest/src/tokensetproc_kit_test.cpp +++ b/interfaces/innerkits/token_setproc/test/unittest/src/tokensetproc_kit_test.cpp @@ -26,7 +26,7 @@ static const uint32_t MAX_PROCESS_SIZE = 500; // same as kernel size static const uint32_t MAX_PERM_NUM = 2048; // 64 * 32 static const uint32_t INVALID_OP_CODE = 65532; static uint32_t g_tokeId = 5000; -static const std::vector g_opCodeList = {0, 1, 2, 3, 4, 5, 63, 128}; +static const std::vector g_opCodeList = {0, 1, 2, 3, 4, 5, 63, 128}; static const std::vector g_statusList = {true, true, false, false, false, false, true, false}; static uint32_t g_selfUid; static const int32_t CYCLE_TIMES = 1000; @@ -68,7 +68,7 @@ HWTEST_F(TokensetprocKitTest, AddPermissionToKernel001, TestSize.Level1) HWTEST_F(TokensetprocKitTest, AddPermissionToKernel002, TestSize.Level1) { setuid(ACCESS_TOKEN_UID); - std::vector opcodeList = {0, 1, 2}; + std::vector opcodeList = {0, 1, 2}; std::vector statusList = {0, 0}; ASSERT_EQ(ACCESS_TOKEN_PARAM_INVALID, AddPermissionToKernel(g_tokeId, opcodeList, statusList)); ASSERT_EQ(ACCESS_TOKEN_OK, RemovePermissionFromKernel(g_tokeId)); @@ -84,7 +84,7 @@ HWTEST_F(TokensetprocKitTest, AddPermissionToKernel002, TestSize.Level1) HWTEST_F(TokensetprocKitTest, AddPermissionToKernel003, TestSize.Level1) { setuid(ACCESS_TOKEN_UID); - std::vector opcodeList; + std::vector opcodeList; std::vector statusList; ASSERT_EQ(ACCESS_TOKEN_OK, AddPermissionToKernel(g_tokeId, opcodeList, statusList)); ASSERT_EQ(ACCESS_TOKEN_OK, RemovePermissionFromKernel(g_tokeId)); @@ -114,9 +114,9 @@ HWTEST_F(TokensetprocKitTest, AddPermissionToKernel004, TestSize.Level1) HWTEST_F(TokensetprocKitTest, AddPermissionToKernel005, TestSize.Level1) { setuid(ACCESS_TOKEN_UID); - std::vector opCodeList1 = {123, 124}; + std::vector opCodeList1 = {123, 124}; std::vector statusList1 = {false, false}; // not granted - std::vector opCodeList2 = {123}; + std::vector opCodeList2 = {123}; std::vector statusList2 = {true}; // granted ASSERT_EQ(ACCESS_TOKEN_OK, AddPermissionToKernel(g_tokeId, opCodeList1, statusList1)); @@ -142,9 +142,9 @@ HWTEST_F(TokensetprocKitTest, AddPermissionToKernel005, TestSize.Level1) HWTEST_F(TokensetprocKitTest, AddPermissionToKernel006, TestSize.Level1) { setuid(ACCESS_TOKEN_UID); - std::vector opCodeList1 = {123}; + std::vector opCodeList1 = {123}; std::vector statusList1 = {true}; // granted - std::vector opCodeList2 = {123, 124}; + std::vector opCodeList2 = {123, 124}; std::vector statusList2 = {false, false}; // not granted ASSERT_EQ(ACCESS_TOKEN_OK, AddPermissionToKernel(g_tokeId, opCodeList1, statusList1)); @@ -222,7 +222,7 @@ HWTEST_F(TokensetprocKitTest, AddPermissionToKernel009, TestSize.Level1) ASSERT_EQ(ACCESS_TOKEN_OK, GetPermissionFromKernel(g_tokeId, g_opCodeList[0], isGranted)); ASSERT_EQ(true, isGranted); - std::vector opCodeList; + std::vector opCodeList; std::vector statusList; // update with less permission(size is 0) EXPECT_EQ(ACCESS_TOKEN_OK, AddPermissionToKernel(g_tokeId, opCodeList, statusList)); diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_data_brief.h b/services/accesstokenmanager/main/cpp/include/permission/permission_data_brief.h index a7088e8dadc29dee626c197567e9fd8d2765b4b3..a94edda8476f13eac088f6c0b48bfee794647055 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_data_brief.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_data_brief.h @@ -52,10 +52,10 @@ public: int32_t AddBriefPermDataByTokenId(AccessTokenID tokenID, const std::vector& listInput); int32_t DeleteBriefPermDataByTokenId(AccessTokenID tokenID); - int32_t SetBriefPermData(AccessTokenID tokenID, int32_t opCode, bool status, uint32_t flag); + int32_t SetBriefPermData(AccessTokenID tokenID, uint16_t permCode, bool status, uint32_t flag); int32_t GetBriefPermDataByTokenId(AccessTokenID tokenID, std::vector& data); void ToString(std::string& info); - PermUsedTypeEnum GetPermissionUsedType(AccessTokenID tokenID, int32_t opCode); + PermUsedTypeEnum GetPermissionUsedType(AccessTokenID tokenID, uint16_t permCode); bool IsPermissionGrantedWithSecComp(AccessTokenID tokenID, const std::string& permissionName); int32_t VerifyPermissionStatus(AccessTokenID tokenID, const std::string& permission); int32_t QueryPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag); @@ -66,7 +66,7 @@ public: void GetGrantedPermByTokenId(AccessTokenID tokenID, const std::vector& constrainedList, std::vector& permissionList); void GetPermStatusListByTokenId(AccessTokenID tokenID, - const std::vector constrainedList, std::vector& opCodeList, std::vector& statusList); + const std::vector constrainedList, std::vector& opCodeList, std::vector& statusList); int32_t RefreshPermStateToKernel(const std::vector& constrainedList, bool hapUserIsActive, AccessTokenID tokenId, std::map& refreshedPermList); private: diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h index 2150418c7ecf65da0a588c9fcd772e319e9d98e5..b5d703ed4393dc0b3fed4cdd9de1cd686abc9054 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h @@ -61,7 +61,7 @@ public: bool updateFlag); void RemoveDefPermissions(AccessTokenID tokenID); int VerifyHapAccessToken(AccessTokenID tokenID, const std::string& permissionName); - PermUsedTypeEnum GetPermissionUsedType(AccessTokenID tokenID, const std::string& permissionName); + PermUsedTypeEnum GetPermissionUsedType(AccessTokenID tokenID, uint16_t permCode); int GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult); void GetDefPermissions(AccessTokenID tokenID, std::vector& permList); int GetReqPermissions( @@ -90,7 +90,7 @@ public: void NotifyWhenPermissionStateUpdated(AccessTokenID tokenID, const std::string& permissionName, bool isGranted, uint32_t flag, const std::shared_ptr& infoPtr); void AddNativePermToKernel( - AccessTokenID tokenID, const std::vector& opCodeList, const std::vector& statusList); + AccessTokenID tokenID, const std::vector& opCodeList, const std::vector& statusList); void AddHapPermToKernel(AccessTokenID tokenID, const std::vector& permList); void RemovePermFromKernel(AccessTokenID tokenID); void SetPermToKernel(AccessTokenID tokenID, const std::string& permissionName, bool isGranted); diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h b/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h index d23ab610e943521e5734c897301e3f8d05d4b119..d815a712ecd139cf76cdb63591da417f7f69ebb5 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h @@ -44,7 +44,7 @@ public: void StorePermissionPolicySet(std::vector& permStateValueList); void Update(const std::vector& permStateList); - PermUsedTypeEnum GetPermissionUsedType(const std::string& permissionName); + PermUsedTypeEnum GetPermissionUsedType(uint16_t permCode); void GetDefPermissions(std::vector& permList); bool IsPermissionGrantedWithSecComp(const std::string& permissionName); int QueryPermissionFlag(const std::string& permissionName, int& flag); diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h index a808b9cec9ed762e2c8d53ff2c254a1cf00fab08..60de8edf561198b542820b82837de9e89cbcef27 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h @@ -46,8 +46,7 @@ public: void OnRemoveSystemAbility(int32_t systemAbilityId, const std::string& deviceId) override; AccessTokenIDEx AllocHapToken(const HapInfoParcel& info, const HapPolicyParcel& policy) override; - PermUsedTypeEnum GetPermissionUsedType( - AccessTokenID tokenID, const std::string& permissionName) override; + PermUsedTypeEnum GetPermissionUsedType(AccessTokenID tokenID, uint16_t permCode) override; int32_t InitHapToken(const HapInfoParcel& info, HapPolicyParcel& policy, AccessTokenIDEx& fullTokenId, HapInfoCheckResult& result) override; int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) override; diff --git a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h index 8d5343970702687fa4dcdcea5f7ef6fb877614df..048e6d78f003fd3800a7881ffda96823361d48a2 100644 --- a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h +++ b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h @@ -131,7 +131,7 @@ private: int32_t AddPermRequestToggleStatusToDb(int32_t userID, const std::string& permissionName, int32_t status); int32_t FindPermRequestToggleStatusFromDb(int32_t userID, const std::string& permissionName); void GetNativePermissionList(const NativeTokenInfoBase& native, - std::vector& opCodeList, std::vector& statusList); + std::vector& opCodeList, std::vector& statusList); bool IsPermissionReqValid(int32_t tokenApl, const std::string& permissionName, const std::vector& nativeAcls); void NativeTokenToString(AccessTokenID tokenID, std::string& info); diff --git a/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h b/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h index c31d0b2848cd43809873e7f24afe9a9cfb3f66d6..349229007ec3ce7caa1ca32bf13401275a3371c9 100644 --- a/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h +++ b/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h @@ -72,10 +72,10 @@ public: static void RefreshPermStateToKernel(const std::vector& constrainedList, bool hapUserIsActive, AccessTokenID tokenId, std::map& refreshedPermList); static int32_t VerifyPermissionStatus(AccessTokenID tokenID, const std::string& permissionName); - static PermUsedTypeEnum GetPermissionUsedType(AccessTokenID tokenID, const std::string& permissionName); + static PermUsedTypeEnum GetPermissionUsedType(AccessTokenID tokenID, uint16_t permCode); static int32_t QueryPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag); static void GetPermStatusListByTokenId(AccessTokenID tokenID, - const std::vector constrainedList, std::vector& opCodeList, std::vector& statusList); + const std::vector constrainedList, std::vector& opCodeList, std::vector& statusList); static void GetGrantedPermByTokenId(AccessTokenID tokenID, const std::vector& constrainedList, std::vector& permissionList); static void ClearAllSecCompGrantedPerm(); diff --git a/services/accesstokenmanager/main/cpp/include/token/native_token_info_base.h b/services/accesstokenmanager/main/cpp/include/token/native_token_info_base.h index 47cbf7d9c147f162d2f8f3c141c63412a8f33811..90d49191d19529f915fb84f24ae1fe802ae7faad 100644 --- a/services/accesstokenmanager/main/cpp/include/token/native_token_info_base.h +++ b/services/accesstokenmanager/main/cpp/include/token/native_token_info_base.h @@ -39,7 +39,7 @@ struct NativeTokenInfoBase { struct NativeTokenInfoCache { ATokenAplEnum apl; std::string processName; - std::vector opCodeList; + std::vector opCodeList; std::vector statusList; }; } // namespace AccessToken diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp index 3c0c5e52e93e92084563dd5e5c4d586a4a5028bc..c8089370c443d3ceff50edd14c20162d9c14d28b 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp @@ -79,7 +79,7 @@ int32_t PermissionDataBrief::DeleteBriefPermDataByTokenId(AccessTokenID tokenID) return RET_SUCCESS; } -int32_t PermissionDataBrief::SetBriefPermData(AccessTokenID tokenID, int32_t opCode, bool status, uint32_t flag) +int32_t PermissionDataBrief::SetBriefPermData(AccessTokenID tokenID, uint16_t permCode, bool status, uint32_t flag) { Utils::UniqueWriteGuard infoGuard(this->permissionStateDataLock_); auto iter = requestedPermData_.find(tokenID); @@ -87,8 +87,8 @@ int32_t PermissionDataBrief::SetBriefPermData(AccessTokenID tokenID, int32_t opC LOGE(ATM_DOMAIN, ATM_TAG, "TokenID %{public}d is not exist.", tokenID); return ERR_TOKEN_INVALID; } - auto it = std::find_if(iter->second.begin(), iter->second.end(), [opCode](BriefPermData data) { - return (data.permCode == opCode); + auto it = std::find_if(iter->second.begin(), iter->second.end(), [permCode](BriefPermData data) { + return (data.permCode == permCode); }); if (it != iter->second.end()) { it->status = status ? 1 : 0; @@ -103,13 +103,13 @@ int32_t PermissionDataBrief::SetBriefPermData(AccessTokenID tokenID, int32_t opC // Set secComp permission without existing in state list. if (status) { BriefSecCompData secCompData = { 0 }; - secCompData.permCode = opCode; + secCompData.permCode = permCode; secCompData.tokenId = tokenID; secCompList_.push_back(secCompData); } else { std::list::iterator secCompData; for (secCompData = secCompList_.begin(); secCompData != secCompList_.end(); ++secCompData) { - if (secCompData->tokenId == tokenID && secCompData->permCode == opCode) { + if (secCompData->tokenId == tokenID && secCompData->permCode == permCode) { secCompList_.erase(secCompData); break; } @@ -143,8 +143,7 @@ void PermissionDataBrief::GetGrantedPermByTokenId(AccessTokenID tokenID, } for (const auto& data : iter->second) { if (data.status) { - std::string permission; - (void)TransferOpcodeToPermission(data.permCode, permission); + std::string permission = TransferOpcodeToPermission(data.permCode); if (constrainedList.empty() || (std::find(constrainedList.begin(), constrainedList.end(), permission) == constrainedList.end())) { permissionList.emplace_back(permission); @@ -155,8 +154,7 @@ void PermissionDataBrief::GetGrantedPermByTokenId(AccessTokenID tokenID, std::list::iterator secCompData; for (secCompData = secCompList_.begin(); secCompData != secCompList_.end(); ++secCompData) { if (secCompData->tokenId == tokenID) { - std::string permission; - (void)TransferOpcodeToPermission(secCompData->permCode, permission); + std::string permission = TransferOpcodeToPermission(secCompData->permCode); permissionList.emplace_back(permission); LOGD(ATM_DOMAIN, ATM_TAG, "Permission %{public}s is granted by secComp.", permission.c_str()); } @@ -165,7 +163,7 @@ void PermissionDataBrief::GetGrantedPermByTokenId(AccessTokenID tokenID, } void PermissionDataBrief::GetPermStatusListByTokenId(AccessTokenID tokenID, - const std::vector constrainedList, std::vector& opCodeList, std::vector& statusList) + const std::vector constrainedList, std::vector& opCodeList, std::vector& statusList) { Utils::UniqueReadGuard infoGuard(this->permissionStateDataLock_); auto iter = requestedPermData_.find(tokenID); @@ -201,7 +199,7 @@ void PermissionDataBrief::GetPermStatusListByTokenId(AccessTokenID tokenID, return; } -PermUsedTypeEnum PermissionDataBrief::GetPermissionUsedType(AccessTokenID tokenID, int32_t opCode) +PermUsedTypeEnum PermissionDataBrief::GetPermissionUsedType(AccessTokenID tokenID, uint16_t permCode) { Utils::UniqueReadGuard infoGuard(this->permissionStateDataLock_); auto iter = requestedPermData_.find(tokenID); @@ -209,8 +207,8 @@ PermUsedTypeEnum PermissionDataBrief::GetPermissionUsedType(AccessTokenID tokenI LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is not exist %{public}d.", tokenID); return PermUsedTypeEnum::INVALID_USED_TYPE; } - auto it = std::find_if(iter->second.begin(), iter->second.end(), [opCode](BriefPermData data) { - return (data.permCode == opCode); + auto it = std::find_if(iter->second.begin(), iter->second.end(), [permCode](BriefPermData data) { + return (data.permCode == permCode); }); if (it != iter->second.end()) { if (ConstantCommon::IsPermGrantedBySecComp(it->flag)) { @@ -224,7 +222,7 @@ PermUsedTypeEnum PermissionDataBrief::GetPermissionUsedType(AccessTokenID tokenI } std::list::iterator secCompData; for (secCompData = secCompList_.begin(); secCompData != secCompList_.end(); ++secCompData) { - if ((secCompData->tokenId == tokenID) && (secCompData->permCode == opCode)) { + if ((secCompData->tokenId == tokenID) && (secCompData->permCode == permCode)) { return PermUsedTypeEnum::SEC_COMPONENT_TYPE; } } @@ -234,8 +232,8 @@ PermUsedTypeEnum PermissionDataBrief::GetPermissionUsedType(AccessTokenID tokenI int32_t PermissionDataBrief::VerifyPermissionStatus(AccessTokenID tokenID, const std::string& permission) { LOGD(ATM_DOMAIN, ATM_TAG, "tokenID %{public}d, permissionName %{public}s.", tokenID, permission.c_str()); - uint32_t opCode; - if (!TransferPermissionToOpcode(permission, opCode)) { + uint16_t permCode = TransferPermissionToOpcode(permission); + if (permCode < 0) { LOGE(ATM_DOMAIN, ATM_TAG, "PermissionName is invalid %{public}s.", permission.c_str()); return PERMISSION_DENIED; } @@ -246,8 +244,8 @@ int32_t PermissionDataBrief::VerifyPermissionStatus(AccessTokenID tokenID, const LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is not exist %{public}d.", tokenID); return PERMISSION_DENIED; } - auto it = std::find_if(iter->second.begin(), iter->second.end(), [opCode](BriefPermData data) { - return (data.permCode == opCode); + auto it = std::find_if(iter->second.begin(), iter->second.end(), [permCode](BriefPermData data) { + return (data.permCode == permCode); }); if (it != iter->second.end()) { if (ConstantCommon::IsPermGrantedBySecComp(it->flag)) { @@ -262,7 +260,7 @@ int32_t PermissionDataBrief::VerifyPermissionStatus(AccessTokenID tokenID, const std::list::iterator secCompData; for (secCompData = secCompList_.begin(); secCompData != secCompList_.end(); ++secCompData) { - if ((secCompData->tokenId == tokenID) && (secCompData->permCode == opCode)) { + if ((secCompData->tokenId == tokenID) && (secCompData->permCode == permCode)) { LOGD(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d, permission is not requested. While it is granted by secComp", tokenID); return PERMISSION_GRANTED; @@ -273,8 +271,8 @@ int32_t PermissionDataBrief::VerifyPermissionStatus(AccessTokenID tokenID, const bool PermissionDataBrief::IsPermissionGrantedWithSecComp(AccessTokenID tokenID, const std::string& permissionName) { - uint32_t opCode; - if (!TransferPermissionToOpcode(permissionName, opCode)) { + uint16_t permCode = TransferPermissionToOpcode(permissionName); + if (permCode < 0) { LOGE(ATM_DOMAIN, ATM_TAG, "PermissionName is invalid %{public}s.", permissionName.c_str()); return false; } @@ -285,8 +283,8 @@ bool PermissionDataBrief::IsPermissionGrantedWithSecComp(AccessTokenID tokenID, LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is not exist %{public}d.", tokenID); return false; } - auto it = std::find_if(iter->second.begin(), iter->second.end(), [opCode](BriefPermData data) { - return (data.permCode == opCode); + auto it = std::find_if(iter->second.begin(), iter->second.end(), [permCode](BriefPermData data) { + return (data.permCode == permCode); }); if (it != iter->second.end()) { if (ConstantCommon::IsPermGrantedBySecComp(it->flag)) { @@ -296,7 +294,7 @@ bool PermissionDataBrief::IsPermissionGrantedWithSecComp(AccessTokenID tokenID, } std::list::iterator secCompData; for (secCompData = secCompList_.begin(); secCompData != secCompList_.end(); ++secCompData) { - if (secCompData->tokenId == tokenID && secCompData->permCode == opCode) { + if (secCompData->tokenId == tokenID && secCompData->permCode == permCode) { return true; } } @@ -306,8 +304,8 @@ bool PermissionDataBrief::IsPermissionGrantedWithSecComp(AccessTokenID tokenID, int32_t PermissionDataBrief::QueryPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag) { - uint32_t opCode; - if (!TransferPermissionToOpcode(permissionName, opCode)) { + uint16_t permCode = TransferPermissionToOpcode(permissionName); + if (permCode < 0) { LOGE(ATM_DOMAIN, ATM_TAG, "PermissionName is invalid %{public}s.", permissionName.c_str()); return AccessTokenError::ERR_PERMISSION_NOT_EXIST; } @@ -318,8 +316,8 @@ int32_t PermissionDataBrief::QueryPermissionFlag(AccessTokenID tokenID, const st LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is invalid %{public}u.", tokenID); return AccessTokenError::ERR_TOKENID_NOT_EXIST; } - auto it = std::find_if(iter->second.begin(), iter->second.end(), [opCode](BriefPermData data) { - return (data.permCode == opCode); + auto it = std::find_if(iter->second.begin(), iter->second.end(), [permCode](BriefPermData data) { + return (data.permCode == permCode); }); if (it != iter->second.end()) { flag = it->flag; @@ -332,8 +330,8 @@ int32_t PermissionDataBrief::QueryPermissionFlag(AccessTokenID tokenID, const st void PermissionDataBrief::SecCompGrantedPermListUpdated( AccessTokenID tokenID, const std::string& permissionName, bool isAdded) { - uint32_t opCode; - if (!TransferPermissionToOpcode(permissionName, opCode)) { + uint16_t permCode = TransferPermissionToOpcode(permissionName); + if (permCode < 0) { LOGE(ATM_DOMAIN, ATM_TAG, "PermissionName is invalid %{public}s.", permissionName.c_str()); return; } @@ -347,21 +345,21 @@ void PermissionDataBrief::SecCompGrantedPermListUpdated( if (isAdded) { BriefSecCompData secCompData = { 0 }; - secCompData.permCode = opCode; + secCompData.permCode = permCode; secCompData.tokenId = tokenID; secCompList_.push_back(secCompData); } else { std::list::iterator secCompData; for (secCompData = secCompList_.begin(); secCompData != secCompList_.end(); ++secCompData) { - if (secCompData->tokenId == tokenID && secCompData->permCode == opCode) { + if (secCompData->tokenId == tokenID && secCompData->permCode == permCode) { secCompList_.erase(secCompData); break; } } } - auto it = std::find_if(iter->second.begin(), iter->second.end(), [opCode](BriefPermData data) { - return (data.permCode == opCode); + auto it = std::find_if(iter->second.begin(), iter->second.end(), [permCode](BriefPermData data) { + return (data.permCode == permCode); }); if (it != iter->second.end()) { uint32_t oldFlag = it->flag; @@ -401,8 +399,8 @@ int32_t PermissionDataBrief::RefreshPermStateToKernel(const std::vector constrainedCodeList; for (const auto& perm : constrainedList) { - uint32_t code; - if (TransferPermissionToOpcode(perm, code)) { + uint16_t code = TransferPermissionToOpcode(perm); + if (code < 0) { constrainedCodeList.emplace_back(code); } else { LOGW(ATM_DOMAIN, ATM_TAG, "Perm %{public}s is not exist.", perm.c_str()); @@ -433,7 +431,7 @@ int32_t PermissionDataBrief::RefreshPermStateToKernel(const std::vector& opCodeList, const std::vector& statusList) + const std::vector& opCodeList, const std::vector& statusList) { int32_t ret = AddPermissionToKernel(tokenID, opCodeList, statusList); if (ret != ACCESS_TOKEN_OK) { @@ -797,16 +796,16 @@ void PermissionManager::AddNativePermToKernel(AccessTokenID tokenID, void PermissionManager::AddHapPermToKernel(AccessTokenID tokenID, const std::vector& permList) { - std::vector permCodeList; + std::vector permCodeList; for (const auto &permission : permList) { - uint32_t code; - if (!TransferPermissionToOpcode(permission, code)) { + uint16_t permCode = TransferPermissionToOpcode(permission); + if (permCode < 0) { continue; } - permCodeList.emplace_back(code); + permCodeList.emplace_back(permCode); } - std::vector opCodeList; + std::vector opCodeList; std::vector statusList; HapTokenInfoInner::GetPermStatusListByTokenId(tokenID, permCodeList, opCodeList, statusList); int32_t ret = AddPermissionToKernel(tokenID, opCodeList, statusList); @@ -826,11 +825,11 @@ void PermissionManager::RemovePermFromKernel(AccessTokenID tokenID) void PermissionManager::SetPermToKernel( AccessTokenID tokenID, const std::string& permissionName, bool isGranted) { - uint32_t code; - if (!TransferPermissionToOpcode(permissionName, code)) { + uint16_t permCode = TransferPermissionToOpcode(permissionName); + if (permCode < 0) { return; } - int32_t ret = SetPermissionToKernel(tokenID, code, isGranted); + int32_t ret = SetPermissionToKernel(tokenID, permCode, isGranted); LOGI(ATM_DOMAIN, ATM_TAG, "SetPermissionToKernel(token=%{public}d, permission=(%{public}s), err=%{public}d", tokenID, permissionName.c_str(), ret); diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp index 0eb7d53c8d63b436f8418aafa0701f0e038321ab..69a7cef67d29b40968cb654d8b54de392134dd22 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp @@ -45,10 +45,10 @@ void PermissionPolicySet::GetPermissionBriefData(std::vector& lis { for (const auto& state : permStateList) { BriefPermData data = {0}; - uint32_t code; - if (TransferPermissionToOpcode(state.permissionName, code)) { + uint16_t permCode = TransferPermissionToOpcode(state.permissionName); + if (permCode < 0) { data.status = (state.grantStatus == PERMISSION_GRANTED) ? 1 : 0; - data.permCode = code; + data.permCode = permCode; data.flag = state.grantFlag; list.emplace_back(data); } @@ -255,13 +255,13 @@ int32_t PermissionPolicySet::UpdatePermStateList( } iter->grantStatus = isGranted ? PERMISSION_GRANTED : PERMISSION_DENIED; iter->grantFlag = UpdateWithNewFlag(iter->grantFlag, flag); - uint32_t opCode; - if (!TransferPermissionToOpcode(permissionName, opCode)) { + uint16_t permCode = TransferPermissionToOpcode(permissionName); + if (permCode < 0) { LOGE(ATM_DOMAIN, ATM_TAG, "permissionName is invalid %{public}s.", permissionName.c_str()); return AccessTokenError::ERR_PARAM_INVALID; } bool status = (iter->grantStatus == PERMISSION_GRANTED) ? 1 : 0; - return PermissionDataBrief::GetInstance().SetBriefPermData(tokenId_, opCode, status, iter->grantFlag); + return PermissionDataBrief::GetInstance().SetBriefPermData(tokenId_, permCode, status, iter->grantFlag); } else { LOGE(ATM_DOMAIN, ATM_TAG, "Permission not request!"); return AccessTokenError::ERR_PARAM_INVALID; diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index c398040daa7cd9f14dc2a571907b212479a94d3e..6ff27f8aeb4337b6c4458f4ce29f804b3e66c2da 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -124,11 +124,9 @@ void AccessTokenManagerService::OnRemoveSystemAbility(int32_t systemAbilityId, c } } -PermUsedTypeEnum AccessTokenManagerService::GetPermissionUsedType( - AccessTokenID tokenID, const std::string& permissionName) +PermUsedTypeEnum AccessTokenManagerService::GetPermissionUsedType(AccessTokenID tokenID, uint16_t permCode) { - LOGI(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d, permission=%{public}s", tokenID, permissionName.c_str()); - return PermissionManager::GetInstance().GetPermissionUsedType(tokenID, permissionName); + return PermissionManager::GetInstance().GetPermissionUsedType(tokenID, permCode); } int AccessTokenManagerService::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp index f9cd095b5c5edbe97cc8888d1d07d44e52784d30..4144f9837269ba037bd7e1e90449e893d838c7c7 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp @@ -118,14 +118,14 @@ void AccessTokenManagerStub::GetPermissionUsedTypeInner(MessageParcel& data, Mes "WriteInt32 failed."); return; } - std::string permissionName; - if (!data.ReadString(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to read permissionName."); + uint16_t permCode; + if (!data.ReadUint16(permCode)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to read permCode."); IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32( static_cast(PermUsedTypeEnum::INVALID_USED_TYPE)), "WriteInt32 failed."); return; } - PermUsedTypeEnum result = this->GetPermissionUsedType(tokenID, permissionName); + PermUsedTypeEnum result = this->GetPermissionUsedType(tokenID, permCode); int32_t type = static_cast(result); IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(type), "WriteInt32 failed."); } diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index b5673a3f70457bac20ca351175b0ca256b915c7a..384a92565aa23f8b49619c61e76e6e762169faa7 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -538,14 +538,14 @@ AccessTokenIDEx AccessTokenInfoManager::GetHapTokenID(int32_t userID, const std: } void AccessTokenInfoManager::GetNativePermissionList(const NativeTokenInfoBase& native, - std::vector& opCodeList, std::vector& statusList) + std::vector& opCodeList, std::vector& statusList) { // need to process aclList for (const auto& state : native.permStateList) { - uint32_t code; + uint16_t permCode = TransferPermissionToOpcode(state.permissionName); // add IsPermissionReqValid to filter invalid permission - if (TransferPermissionToOpcode(state.permissionName, code)) { - opCodeList.emplace_back(code); + if (permCode < 0) { + opCodeList.emplace_back(permCode); statusList.emplace_back(state.grantStatus == PERMISSION_GRANTED); } } @@ -573,7 +573,7 @@ void AccessTokenInfoManager::InitNativeTokenInfos(uint32_t& nativeSize) "RegisterTokenId fail, " + process + std::to_string(tokenId), res); continue; } - std::vector opCodeList; + std::vector opCodeList; std::vector statusList; GetNativePermissionList(info, opCodeList, statusList); // add native token info to cache @@ -1507,8 +1507,8 @@ int AccessTokenInfoManager::VerifyNativeAccessToken(AccessTokenID tokenID, const LOGE(ATM_DOMAIN, ATM_TAG, "No definition for permission: %{public}s!", permissionName.c_str()); return PERMISSION_DENIED; } - uint32_t code; - if (!TransferPermissionToOpcode(permissionName, code)) { + uint16_t permCode = TransferPermissionToOpcode(permissionName); + if (permCode < 0) { LOGE(ATM_DOMAIN, ATM_TAG, "Invalid perm(%{public}s)", permissionName.c_str()); return PERMISSION_DENIED; } @@ -1522,7 +1522,7 @@ int AccessTokenInfoManager::VerifyNativeAccessToken(AccessTokenID tokenID, const NativeTokenInfoCache cache = iter->second; for (size_t i = 0; i < cache.opCodeList.size(); ++i) { - if (code == cache.opCodeList[i]) { + if (permCode == cache.opCodeList[i]) { return cache.statusList[i] ? PERMISSION_GRANTED : PERMISSION_DENIED; } } diff --git a/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp b/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp index ee03c582fb1c1ff69d2dc90f27a6087a915b7a1c..96d6680994a3eeba408a844a82b0b6a11b897ab5 100644 --- a/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp @@ -351,7 +351,7 @@ int32_t HapTokenInfoInner::GetPermissionStateListFromBrief(std::vector constrainedList, std::vector& opCodeList, std::vector& statusList) + const std::vector constrainedList, std::vector& opCodeList, std::vector& statusList) { return PermissionDataBrief::GetInstance().GetPermStatusListByTokenId( tokenID, constrainedList, opCodeList, statusList); diff --git a/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/getpermissionusedtypestub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/getpermissionusedtypestub_fuzzer.cpp index 5c8a672deff002860635be02480145956391f1ba..2e7beb07d89058b0fbbd05d67cdd5c4cdfb1d5ed 100644 --- a/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/getpermissionusedtypestub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/getpermissionusedtypestub_fuzzer.cpp @@ -40,14 +40,14 @@ bool GetPermissionUsedTypeStubFuzzTest(const uint8_t* data, size_t size) AccessTokenFuzzData fuzzData(data, size); AccessTokenID tokenId = fuzzData.GetData(); - std::string permissionName(fuzzData.GenerateStochasticString()); + uint16_t permCode = fuzzData.GetData(); MessageParcel datas; datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); if (!datas.WriteUint32(tokenId)) { return false; } - if (!datas.WriteString(permissionName)) { + if (!datas.WriteUint16(permCode)) { return false; }