From 7485d1a5855cbcac19c1e3e3c129b4b3471f3580 Mon Sep 17 00:00:00 2001 From: gengshaobo Date: Tue, 24 Dec 2024 09:07:44 +0800 Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E6=89=A9=E5=B1=95=E5=A4=96?= =?UTF-8?q?=E8=AE=BE=E8=AE=BF=E9=97=AE=E6=9D=83=E9=99=90=E5=AE=9A=E4=B9=89?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: gengshaobo Change-Id: Ic0fe06a97de8a48169155da6c912b84c0625598e --- frameworks/common/src/permission_map.cpp | 3 + .../HapTokenTest/update_hap_token_test.cpp | 311 ++++++++++++++++++ .../permission_definitions.json | 30 ++ 3 files changed, 344 insertions(+) diff --git a/frameworks/common/src/permission_map.cpp b/frameworks/common/src/permission_map.cpp index 3f55ebaba..411ad9667 100644 --- a/frameworks/common/src/permission_map.cpp +++ b/frameworks/common/src/permission_map.cpp @@ -367,7 +367,10 @@ const static std::vector> g_permMap = { {"ohos.permission.ACCESS_PASSWORDVAULT_ABILITY", false}, {"ohos.permission.ACCESS_LOWPOWER_MANAGER", false}, {"ohos.permission.ACCESS_DDK_USB", false}, + {"ohos.permission.ACCESS_DDK_USB_SERIAL", false}, + {"ohos.permission.ACCESS_DDK_SCSI_PERIPHERAL", false}, {"ohos.permission.ACCESS_EXTENSIONAL_DEVICE_DRIVER", false}, + {"ohos.permission.ACCESS_DDK_DRIVERS", false}, {"ohos.permission.ACCESS_TEXTAUTOFILL_ABILITY", false}, {"ohos.permission.ACCESS_DDK_HID", false}, {"ohos.permission.MANAGE_APP_BOOT", false}, diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp index df8d70174..0480df088 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp @@ -450,6 +450,110 @@ HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest006, TestSize.Level1) EXPECT_EQ(PERMISSION_GRANTED, ret); } +/** + * @tc.name: UpdateHapTokenFuncTest007 + * @tc.desc: test permission list number is decreased from 1 to 0. + * 1.permStateList = {permissionStateFull001}. + * 2.permStateList={}, Update success. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest007, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenFuncTest007"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_SYSTEM_CORE; + PermissionStateFull permissionStateFull001 = { + .permissionName = "ohos.permission.ACCESS_DDK_USB_SERIAL", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + + policyParams.permStateList = {permissionStateFull001}; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_USB_SERIAL"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + + UpdateHapInfoParams updateHapInfoParams = { + .appIDDesc = infoParams.appIDDesc, + .apiVersion = infoParams.apiVersion, + .isSystemApp = false, + .appDistributionType = infoParams.appDistributionType + }; + policyParams.permStateList = {}; + + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams); + ASSERT_EQ(RET_SUCCESS, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_USB_SERIAL"); + EXPECT_EQ(PERMISSION_DENIED, ret); +} + +/** + * @tc.name: UpdateHapTokenFuncTest008 + * @tc.desc: test permission list number is decreased from 2 to 0. + * 1.permStateList = {permissionStateFull001, permissionStateFull002}. + * 2.permStateList={}, Update success. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest008, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenFuncTest008"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_SYSTEM_CORE; + PermissionStateFull permissionStateFull001 = { + .permissionName = "ohos.permission.ACCESS_DDK_DRIVERS", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + + PermissionStateFull permissionStateFull002 = { + .permissionName = "ohos.permission.ACCESS_DDK_SCSI_PERIPHERAL", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + policyParams.permStateList = {permissionStateFull001, permissionStateFull002}; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_DRIVERS"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_SCSI_PERIPHERAL"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + + UpdateHapInfoParams updateHapInfoParams = { + .appIDDesc = infoParams.appIDDesc, + .apiVersion = infoParams.apiVersion, + .isSystemApp = false, + .appDistributionType = infoParams.appDistributionType + }; + policyParams.permStateList = {}; + + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams); + ASSERT_EQ(RET_SUCCESS, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_DRIVERS"); + EXPECT_EQ(PERMISSION_DENIED, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_SCSI_PERIPHERAL"); + EXPECT_EQ(PERMISSION_DENIED, ret); +} + /** * @tc.name: UpdateHapTokenSpecsTest001 * @tc.desc: test aclRequestedList does not exist before update and add one after update. @@ -1001,6 +1105,213 @@ HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest010, TestSize.Level1) ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); } +/** + * @tc.name: UpdateHapTokenSpecsTest011 + * @tc.desc: test aclRequestedList exist before update and remove after update. + * 1.aclRequestedList = {"ohos.permission.ACCESS_DDK_USB_SERIAL"} + * 2.aclRequestedList = {}, Update failed. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest011, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest011"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_NORMAL; + PermissionStateFull permissionStateFull001 = { + .permissionName = "ohos.permission.ACCESS_DDK_USB_SERIAL", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + + policyParams.permStateList = {permissionStateFull001}; + policyParams.aclRequestedList = {"ohos.permission.ACCESS_DDK_USB_SERIAL"}; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_USB_SERIAL"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + + UpdateHapInfoParams updateHapInfoParams = { + .appIDDesc = infoParams.appIDDesc, + .apiVersion = infoParams.apiVersion, + .isSystemApp = false, + .appDistributionType = infoParams.appDistributionType + }; + + policyParams.aclRequestedList = {}; + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams); + ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, ret); +} + +/** + * @tc.name: UpdateHapTokenSpecsTest012 + * @tc.desc: test permission not available after apl update from APL_SYSTEM_CORE to APL_NORMAL. + * 1.apl = APL_SYSTEM_CORE. + * 2.apl = APL_NORMAL, Update failed. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest012, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest012"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_SYSTEM_CORE; + PermissionStateFull permissionStateFull001 = { + .permissionName = "ohos.permission.ACCESS_DDK_USB_SERIAL", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + + policyParams.permStateList = {permissionStateFull001}; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_USB_SERIAL"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + + UpdateHapInfoParams updateHapInfoParams = { + .appIDDesc = infoParams.appIDDesc, + .apiVersion = infoParams.apiVersion, + .isSystemApp = false, + .appDistributionType = infoParams.appDistributionType + }; + + policyParams.apl = APL_NORMAL; + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams); + ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, ret); +} + +/** + * @tc.name: UpdateHapTokenSpecsTest013 + * @tc.desc: test aclRequestedList exist one before update and add one after update. + * 1.aclRequestedList = {"ohos.permission.ACCESS_DDK_DRIVERS"}. + * 2.aclRequestedList = {"ohos.permission.ACCESS_DDK_DRIVERS", + * "ohos.permission.ACCESS_DDK_SCSI_PERIPHERAL"}, Update success. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest013, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest013"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_NORMAL; + PermissionStateFull permissionStateFull001 = { + .permissionName = "ohos.permission.ACCESS_DDK_DRIVERS", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + + PermissionStateFull permissionStateFull002 = { + .permissionName = "ohos.permission.ACCESS_DDK_SCSI_PERIPHERAL", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + policyParams.permStateList = {permissionStateFull001}; + policyParams.aclRequestedList = {"ohos.permission.ACCESS_DDK_DRIVERS"}; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_DRIVERS"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_SCSI_PERIPHERAL"); + EXPECT_EQ(PERMISSION_DENIED, ret); + + UpdateHapInfoParams updateHapInfoParams = { + .appIDDesc = infoParams.appIDDesc, + .apiVersion = infoParams.apiVersion, + .isSystemApp = false, + .appDistributionType = infoParams.appDistributionType + }; + policyParams.permStateList = {permissionStateFull001, permissionStateFull002}; + policyParams.aclRequestedList = {"ohos.permission.ACCESS_DDK_DRIVERS", + "ohos.permission.ACCESS_DDK_SCSI_PERIPHERAL"}; + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_DRIVERS"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_SCSI_PERIPHERAL"); + EXPECT_EQ(PERMISSION_GRANTED, ret); +} + +/** + * @tc.name: UpdateHapTokenSpecsTest014 + * @tc.desc: test permission not available after apl update from APL_SYSTEM_BASIC to APL_NORMAL. + * 1.apl = APL_SYSTEM_BASIC. + * 2.apl = APL_NORMAL, Update failed. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest014, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest014"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_SYSTEM_BASIC; + PermissionStateFull permissionStateFull001 = { + .permissionName = "ohos.permission.ACCESS_DDK_DRIVERS", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + + PermissionStateFull permissionStateFull002 = { + .permissionName = "ohos.permission.ACCESS_DDK_SCSI_PERIPHERAL", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + policyParams.permStateList = {permissionStateFull001, permissionStateFull002}; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_DRIVERS"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_SCSI_PERIPHERAL"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + + UpdateHapInfoParams updateHapInfoParams = { + .appIDDesc = infoParams.appIDDesc, + .apiVersion = infoParams.apiVersion, + .isSystemApp = false, + .appDistributionType = infoParams.appDistributionType + }; + + policyParams.apl = APL_NORMAL; + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams); + ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, ret); +} + /** * @tc.name: UpdateHapTokenAbnormalTest001 * @tc.desc: test invaild UpdateHapInfoParams.appIDDesc diff --git a/services/accesstokenmanager/permission_definitions.json b/services/accesstokenmanager/permission_definitions.json index 68c506f8c..b452fbbd2 100644 --- a/services/accesstokenmanager/permission_definitions.json +++ b/services/accesstokenmanager/permission_definitions.json @@ -2130,6 +2130,26 @@ "provisionEnable": true, "distributedSceneEnable": false }, + { + "name": "ohos.permission.ACCESS_DDK_USB_SERIAL", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "NORMAL", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.ACCESS_DDK_SCSI_PERIPHERAL", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "NORMAL", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, { "name": "ohos.permission.ACCESS_EXTENSIONAL_DEVICE_DRIVER", "grantMode": "system_grant", @@ -2140,6 +2160,16 @@ "provisionEnable": false, "distributedSceneEnable": false }, + { + "name": "ohos.permission.ACCESS_DDK_DRIVERS", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "NORMAL", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, { "name": "ohos.permission.AGENT_REQUIRE_FORM", "grantMode": "system_grant", -- Gitee