diff --git a/frameworks/common/src/permission_map.cpp b/frameworks/common/src/permission_map.cpp index 3f55ebaba92f7ee2b82d3eab3659f52be903a7f9..411ad9667cda69ec5f95d4b0b1086e74850e1f4b 100644 --- a/frameworks/common/src/permission_map.cpp +++ b/frameworks/common/src/permission_map.cpp @@ -367,7 +367,10 @@ const static std::vector> g_permMap = { {"ohos.permission.ACCESS_PASSWORDVAULT_ABILITY", false}, {"ohos.permission.ACCESS_LOWPOWER_MANAGER", false}, {"ohos.permission.ACCESS_DDK_USB", false}, + {"ohos.permission.ACCESS_DDK_USB_SERIAL", false}, + {"ohos.permission.ACCESS_DDK_SCSI_PERIPHERAL", false}, {"ohos.permission.ACCESS_EXTENSIONAL_DEVICE_DRIVER", false}, + {"ohos.permission.ACCESS_DDK_DRIVERS", false}, {"ohos.permission.ACCESS_TEXTAUTOFILL_ABILITY", false}, {"ohos.permission.ACCESS_DDK_HID", false}, {"ohos.permission.MANAGE_APP_BOOT", false}, diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp index df8d70174ab9d0c87627b45394c95318686c45af..0480df088df70dc598fcc32caca3142357fec56b 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp @@ -450,6 +450,110 @@ HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest006, TestSize.Level1) EXPECT_EQ(PERMISSION_GRANTED, ret); } +/** + * @tc.name: UpdateHapTokenFuncTest007 + * @tc.desc: test permission list number is decreased from 1 to 0. + * 1.permStateList = {permissionStateFull001}. + * 2.permStateList={}, Update success. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest007, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenFuncTest007"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_SYSTEM_CORE; + PermissionStateFull permissionStateFull001 = { + .permissionName = "ohos.permission.ACCESS_DDK_USB_SERIAL", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + + policyParams.permStateList = {permissionStateFull001}; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_USB_SERIAL"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + + UpdateHapInfoParams updateHapInfoParams = { + .appIDDesc = infoParams.appIDDesc, + .apiVersion = infoParams.apiVersion, + .isSystemApp = false, + .appDistributionType = infoParams.appDistributionType + }; + policyParams.permStateList = {}; + + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams); + ASSERT_EQ(RET_SUCCESS, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_USB_SERIAL"); + EXPECT_EQ(PERMISSION_DENIED, ret); +} + +/** + * @tc.name: UpdateHapTokenFuncTest008 + * @tc.desc: test permission list number is decreased from 2 to 0. + * 1.permStateList = {permissionStateFull001, permissionStateFull002}. + * 2.permStateList={}, Update success. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest008, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenFuncTest008"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_SYSTEM_CORE; + PermissionStateFull permissionStateFull001 = { + .permissionName = "ohos.permission.ACCESS_DDK_DRIVERS", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + + PermissionStateFull permissionStateFull002 = { + .permissionName = "ohos.permission.ACCESS_DDK_SCSI_PERIPHERAL", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + policyParams.permStateList = {permissionStateFull001, permissionStateFull002}; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_DRIVERS"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_SCSI_PERIPHERAL"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + + UpdateHapInfoParams updateHapInfoParams = { + .appIDDesc = infoParams.appIDDesc, + .apiVersion = infoParams.apiVersion, + .isSystemApp = false, + .appDistributionType = infoParams.appDistributionType + }; + policyParams.permStateList = {}; + + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams); + ASSERT_EQ(RET_SUCCESS, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_DRIVERS"); + EXPECT_EQ(PERMISSION_DENIED, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_SCSI_PERIPHERAL"); + EXPECT_EQ(PERMISSION_DENIED, ret); +} + /** * @tc.name: UpdateHapTokenSpecsTest001 * @tc.desc: test aclRequestedList does not exist before update and add one after update. @@ -1001,6 +1105,213 @@ HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest010, TestSize.Level1) ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); } +/** + * @tc.name: UpdateHapTokenSpecsTest011 + * @tc.desc: test aclRequestedList exist before update and remove after update. + * 1.aclRequestedList = {"ohos.permission.ACCESS_DDK_USB_SERIAL"} + * 2.aclRequestedList = {}, Update failed. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest011, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest011"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_NORMAL; + PermissionStateFull permissionStateFull001 = { + .permissionName = "ohos.permission.ACCESS_DDK_USB_SERIAL", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + + policyParams.permStateList = {permissionStateFull001}; + policyParams.aclRequestedList = {"ohos.permission.ACCESS_DDK_USB_SERIAL"}; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_USB_SERIAL"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + + UpdateHapInfoParams updateHapInfoParams = { + .appIDDesc = infoParams.appIDDesc, + .apiVersion = infoParams.apiVersion, + .isSystemApp = false, + .appDistributionType = infoParams.appDistributionType + }; + + policyParams.aclRequestedList = {}; + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams); + ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, ret); +} + +/** + * @tc.name: UpdateHapTokenSpecsTest012 + * @tc.desc: test permission not available after apl update from APL_SYSTEM_CORE to APL_NORMAL. + * 1.apl = APL_SYSTEM_CORE. + * 2.apl = APL_NORMAL, Update failed. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest012, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest012"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_SYSTEM_CORE; + PermissionStateFull permissionStateFull001 = { + .permissionName = "ohos.permission.ACCESS_DDK_USB_SERIAL", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + + policyParams.permStateList = {permissionStateFull001}; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_USB_SERIAL"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + + UpdateHapInfoParams updateHapInfoParams = { + .appIDDesc = infoParams.appIDDesc, + .apiVersion = infoParams.apiVersion, + .isSystemApp = false, + .appDistributionType = infoParams.appDistributionType + }; + + policyParams.apl = APL_NORMAL; + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams); + ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, ret); +} + +/** + * @tc.name: UpdateHapTokenSpecsTest013 + * @tc.desc: test aclRequestedList exist one before update and add one after update. + * 1.aclRequestedList = {"ohos.permission.ACCESS_DDK_DRIVERS"}. + * 2.aclRequestedList = {"ohos.permission.ACCESS_DDK_DRIVERS", + * "ohos.permission.ACCESS_DDK_SCSI_PERIPHERAL"}, Update success. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest013, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest013"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_NORMAL; + PermissionStateFull permissionStateFull001 = { + .permissionName = "ohos.permission.ACCESS_DDK_DRIVERS", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + + PermissionStateFull permissionStateFull002 = { + .permissionName = "ohos.permission.ACCESS_DDK_SCSI_PERIPHERAL", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + policyParams.permStateList = {permissionStateFull001}; + policyParams.aclRequestedList = {"ohos.permission.ACCESS_DDK_DRIVERS"}; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_DRIVERS"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_SCSI_PERIPHERAL"); + EXPECT_EQ(PERMISSION_DENIED, ret); + + UpdateHapInfoParams updateHapInfoParams = { + .appIDDesc = infoParams.appIDDesc, + .apiVersion = infoParams.apiVersion, + .isSystemApp = false, + .appDistributionType = infoParams.appDistributionType + }; + policyParams.permStateList = {permissionStateFull001, permissionStateFull002}; + policyParams.aclRequestedList = {"ohos.permission.ACCESS_DDK_DRIVERS", + "ohos.permission.ACCESS_DDK_SCSI_PERIPHERAL"}; + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_DRIVERS"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_SCSI_PERIPHERAL"); + EXPECT_EQ(PERMISSION_GRANTED, ret); +} + +/** + * @tc.name: UpdateHapTokenSpecsTest014 + * @tc.desc: test permission not available after apl update from APL_SYSTEM_BASIC to APL_NORMAL. + * 1.apl = APL_SYSTEM_BASIC. + * 2.apl = APL_NORMAL, Update failed. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest014, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest014"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_SYSTEM_BASIC; + PermissionStateFull permissionStateFull001 = { + .permissionName = "ohos.permission.ACCESS_DDK_DRIVERS", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + + PermissionStateFull permissionStateFull002 = { + .permissionName = "ohos.permission.ACCESS_DDK_SCSI_PERIPHERAL", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + policyParams.permStateList = {permissionStateFull001, permissionStateFull002}; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_DRIVERS"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_SCSI_PERIPHERAL"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + + UpdateHapInfoParams updateHapInfoParams = { + .appIDDesc = infoParams.appIDDesc, + .apiVersion = infoParams.apiVersion, + .isSystemApp = false, + .appDistributionType = infoParams.appDistributionType + }; + + policyParams.apl = APL_NORMAL; + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams); + ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, ret); +} + /** * @tc.name: UpdateHapTokenAbnormalTest001 * @tc.desc: test invaild UpdateHapInfoParams.appIDDesc diff --git a/services/accesstokenmanager/permission_definitions.json b/services/accesstokenmanager/permission_definitions.json index 68c506f8cd1bab7e7fcbc625e18a2264a8c92f19..b452fbbd2426bc3dcc945f1d4e5a96c665bc798e 100644 --- a/services/accesstokenmanager/permission_definitions.json +++ b/services/accesstokenmanager/permission_definitions.json @@ -2130,6 +2130,26 @@ "provisionEnable": true, "distributedSceneEnable": false }, + { + "name": "ohos.permission.ACCESS_DDK_USB_SERIAL", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "NORMAL", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.ACCESS_DDK_SCSI_PERIPHERAL", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "NORMAL", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, { "name": "ohos.permission.ACCESS_EXTENSIONAL_DEVICE_DRIVER", "grantMode": "system_grant", @@ -2140,6 +2160,16 @@ "provisionEnable": false, "distributedSceneEnable": false }, + { + "name": "ohos.permission.ACCESS_DDK_DRIVERS", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "NORMAL", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, { "name": "ohos.permission.AGENT_REQUIRE_FORM", "grantMode": "system_grant",