diff --git a/frameworks/common/BUILD.gn b/frameworks/common/BUILD.gn index 5ef5ab824b8667fcf9c0a8b074c0860841888deb..84a20c2c2b6acd9990e420015802728e80bd312f 100644 --- a/frameworks/common/BUILD.gn +++ b/frameworks/common/BUILD.gn @@ -44,7 +44,6 @@ ohos_shared_library("accesstoken_common_cxx") { sources = [ "src/constant_common.cpp", "src/data_validator.cpp", - "src/json_parser.cpp", "src/permission_map.cpp", "src/time_util.cpp", ] @@ -53,7 +52,6 @@ ohos_shared_library("accesstoken_common_cxx") { "c_utils:utils", "hilog:libhilog", "init:libbegetutil", - "json:nlohmann_json_static", ] configs = [ diff --git a/frameworks/common/include/json_parser.h b/frameworks/common/include/json_parser.h deleted file mode 100644 index 44a19837d9a57698b2d498ef69c9ecce9a5eb4e7..0000000000000000000000000000000000000000 --- a/frameworks/common/include/json_parser.h +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (c) 2023 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef ACCESS_TOKEN_FRAMEWORK_COMMON_INCLUDE_JSON_PARSER_H -#define ACCESS_TOKEN_FRAMEWORK_COMMON_INCLUDE_JSON_PARSER_H - -#include - -#include "nlohmann/json.hpp" - -namespace OHOS { -namespace Security { -namespace AccessToken { -class JsonParser final { -public: -static bool GetStringFromJson(const nlohmann::json& j, const std::string& tag, std::string& out); -static bool GetIntFromJson(const nlohmann::json& j, const std::string& tag, int& out); -static bool GetUnsignedIntFromJson(const nlohmann::json& j, const std::string& tag, unsigned int& out); -static bool GetBoolFromJson(const nlohmann::json& j, const std::string& tag, bool& out); -static int32_t ReadCfgFile(const std::string& file, std::string& rawData); -static bool IsDirExsit(const std::string& file); -}; -} // namespace AccessToken -} // namespace Security -} // namespace OHOS -#endif // ACCESS_TOKEN_FRAMEWORK_COMMON_INCLUDE_JSON_PARSER_H \ No newline at end of file diff --git a/frameworks/common/src/json_parser.cpp b/frameworks/common/src/json_parser.cpp deleted file mode 100644 index 76a309152a81e14c1ab98fb2761fb4fd86e93322..0000000000000000000000000000000000000000 --- a/frameworks/common/src/json_parser.cpp +++ /dev/null @@ -1,137 +0,0 @@ -/* - * Copyright (c) 2023 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "json_parser.h" - -#include -#include -#include -#include -#include - -#include "accesstoken_common_log.h" -#include "access_token_error.h" -#include "access_token.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -constexpr int MAX_NATIVE_CONFIG_FILE_SIZE = 5 * 1024 * 1024; // 5M -constexpr size_t BUFFER_SIZE = 1024; -} - -bool JsonParser::GetStringFromJson(const nlohmann::json& j, const std::string& tag, std::string& out) -{ - if (j.find(tag) != j.end() && j.at(tag).is_string()) { - out = j.at(tag).get(); - return true; - } - return false; -} - -bool JsonParser::GetIntFromJson(const nlohmann::json& j, const std::string& tag, int& out) -{ - if (j.find(tag) != j.end() && j.at(tag).is_number()) { - out = j.at(tag).get(); - return true; - } - return false; -} - -bool JsonParser::GetUnsignedIntFromJson(const nlohmann::json& j, const std::string& tag, unsigned int& out) -{ - if (j.find(tag) != j.end() && j.at(tag).is_number()) { - out = j.at(tag).get(); - return true; - } - return false; -} - -bool JsonParser::GetBoolFromJson(const nlohmann::json& j, const std::string& tag, bool& out) -{ - if (j.find(tag) != j.end() && j.at(tag).is_boolean()) { - out = j.at(tag).get(); - return true; - } - return false; -} - -int32_t JsonParser::ReadCfgFile(const std::string& file, std::string& rawData) -{ - char filePath[PATH_MAX + 1] = {0}; - if (realpath(file.c_str(), filePath) == NULL) { - return ERR_FILE_OPERATE_FAILED; - } - int32_t fd = open(filePath, O_RDONLY); - if (fd < 0) { - LOGE(ATM_DOMAIN, ATM_TAG, "Open failed errno %{public}d.", errno); - return ERR_FILE_OPERATE_FAILED; - } - struct stat statBuffer; - - if (fstat(fd, &statBuffer) != 0) { - LOGE(ATM_DOMAIN, ATM_TAG, "Fstat failed."); - close(fd); - return ERR_FILE_OPERATE_FAILED; - } - - if (statBuffer.st_size == 0) { - LOGE(ATM_DOMAIN, ATM_TAG, "Config file size is invalid."); - close(fd); - return ERR_PARAM_INVALID; - } - if (statBuffer.st_size > MAX_NATIVE_CONFIG_FILE_SIZE) { - LOGE(ATM_DOMAIN, ATM_TAG, "Config file size is too large."); - close(fd); - return ERR_OVERSIZE; - } - rawData.reserve(statBuffer.st_size); - - char buff[BUFFER_SIZE] = { 0 }; - ssize_t readLen = 0; - while ((readLen = read(fd, buff, BUFFER_SIZE)) > 0) { - rawData.append(buff, readLen); - } - close(fd); - if (readLen == 0) { - return RET_SUCCESS; - } - return ERR_FILE_OPERATE_FAILED; -} - -bool JsonParser::IsDirExsit(const std::string& file) -{ - if (file.empty()) { - LOGE(ATM_DOMAIN, ATM_TAG, "File path is empty"); - return false; - } - - struct stat buf; - if (stat(file.c_str(), &buf) != 0) { - LOGE(ATM_DOMAIN, ATM_TAG, "Get file attributes failed, errno %{public}d.", errno); - return false; - } - - if (!S_ISDIR(buf.st_mode)) { - LOGE(ATM_DOMAIN, ATM_TAG, "File mode is not directory."); - return false; - } - - return true; -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS \ No newline at end of file diff --git a/frameworks/common/src/time_util.cpp b/frameworks/common/src/time_util.cpp index 63d54fef2ed89ea3b7947f990a3e2c05acf84d9f..6f8f7a0edd24ffef0cb74f69179add12272cd97b 100644 --- a/frameworks/common/src/time_util.cpp +++ b/frameworks/common/src/time_util.cpp @@ -25,7 +25,7 @@ static constexpr int64_t ONE_SECOND_MILLISECONDS = 1000; int64_t TimeUtil::GetCurrentTimestamp() { struct timeval t; - gettimeofday(&t, NULL); + gettimeofday(&t, nullptr); int64_t timestamp = t.tv_sec * ONE_SECOND_MILLISECONDS + t.tv_usec / ONE_SECOND_MILLISECONDS; return timestamp; diff --git a/frameworks/test/unittest/BUILD.gn b/frameworks/test/unittest/BUILD.gn index f8a2c20eac4626ae6c1e9efc0e478b95202c08b9..36b40804cf398b0adfefbea0657da44211ccd1f5 100644 --- a/frameworks/test/unittest/BUILD.gn +++ b/frameworks/test/unittest/BUILD.gn @@ -55,7 +55,6 @@ ohos_unittest("libaccesstoken_framework_test") { external_deps = [ "c_utils:utils", "ipc:ipc_single", - "json:nlohmann_json_static", "openssl:libcrypto_shared", ] } diff --git a/frameworks/test/unittest/common_test.cpp b/frameworks/test/unittest/common_test.cpp index a303ec35283b599d92e979ea41e62b3bd68e98e6..0ab1a2fbd8908ac80bd8332d2db61f77fb8d541e 100644 --- a/frameworks/test/unittest/common_test.cpp +++ b/frameworks/test/unittest/common_test.cpp @@ -23,7 +23,6 @@ #define private public #include "permission_map.h" #undef private -#include "json_parser.h" using namespace testing::ext; @@ -32,19 +31,6 @@ namespace Security { namespace AccessToken { namespace { const static uint32_t MAX_PERM_SIZE = 2048; -const static uint32_t MAX_CONFIG_FILE_SIZE = 5 * 1024; -const static std::string TEST_JSON_PATH = "/data/test.json"; -const static std::string TEST_STR = - "iVBORw0KGgoAAAANSUhEUgAAABUAAAAXCAIAAABrvZPKAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAEXRFWHRTb2Z0d2FyZQBTbmlwYXN0ZV0Xzt0AA" - "iVBORw0KGgoAAAANSUhEUgAAABUAAAAXCAIAAABrvZPKAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAEXRFWHRTb2Z0d2FyZQBTbmlwYXN0ZV0Xzt0AA" - "iVBORw0KGgoAAAANSUhEUgAAABUAAAAXCAIAAABrvZPKAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAEXRFWHRTb2Z0d2FyZQBTbmlwYXN0ZV0Xzt0AA" - "iVBORw0KGgoAAAANSUhEUgAAABUAAAAXCAIAAABrvZPKAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAEXRFWHRTb2Z0d2FyZQBTbmlwYXN0ZV0Xzt0AA" - "iVBORw0KGgoAAAANSUhEUgAAABUAAAAXCAIAAABrvZPKAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAEXRFWHRTb2Z0d2FyZQBTbmlwYXN0ZV0Xzt0AA" - "iVBORw0KGgoAAAANSUhEUgAAABUAAAAXCAIAAABrvZPKAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAEXRFWHRTb2Z0d2FyZQBTbmlwYXN0ZV0Xzt0AA" - "iVBORw0KGgoAAAANSUhEUgAAABUAAAAXCAIAAABrvZPKAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAEXRFWHRTb2Z0d2FyZQBTbmlwYXN0ZV0Xzt0AA" - "iVBORw0KGgoAAAANSUhEUgAAABUAAAAXCAIAAABrvZPKAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAEXRFWHRTb2Z0d2FyZQBTbmlwYXN0ZV0Xzt0AA" - "iVBORw0KGgoAAAANSUhEUgAAABUAAAAXCAIAAABrvZPKAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAEXRFWHRTb2Z0d2FyZQBTbmlwYXN0ZV0Xzt0AA" - "iVBORw0KGgoAAAANSUhEUgAAABUAAAAXCAIAAABrvZPKAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAEXRFWHRTb2Z0d2FyZQBTbmlwYXN0ZV0Xzt0AA"; } class CommonTest : public testing::Test { public: @@ -104,58 +90,6 @@ HWTEST_F(CommonTest, TransferOpcodeToPermission002, TestSize.Level1) EXPECT_FALSE(TransferOpcodeToPermission(MAX_PERM_SIZE, permissionName)); EXPECT_FALSE(TransferOpcodeToPermission(MAX_PERM_SIZE - 1, permissionName)); } - -/* - * @tc.name: GetUnsignedIntFromJson001 - * @tc.desc: GetUnsignedIntFromJson - * @tc.type: FUNC - * @tc.require: issueI6024A - */ -HWTEST_F(CommonTest, GetUnsignedIntFromJson001, TestSize.Level1) -{ - const nlohmann::json json; - u_int32_t out = 0; - EXPECT_FALSE(JsonParser::GetUnsignedIntFromJson(json, "tokenId", out)); - EXPECT_EQ(0, out); -} - -/* - * @tc.name: ReadCfgFile001 - * @tc.desc: GetUnsignedIntFromJson json invalid - * @tc.type: FUNC - * @tc.require: issueI6024A - */ -HWTEST_F(CommonTest, ReadCfgFile001, TestSize.Level1) -{ - int32_t fd = open(TEST_JSON_PATH.c_str(), O_RDWR | O_CREAT); - EXPECT_NE(-1, fd); - std::string rawData; - EXPECT_EQ(ERR_PARAM_INVALID, JsonParser::ReadCfgFile(TEST_JSON_PATH, rawData)); - for (int i = 0; i < MAX_CONFIG_FILE_SIZE; i++) { - size_t strLen = strlen(TEST_STR.c_str()); - write(fd, TEST_STR.c_str(), strLen); - } - EXPECT_EQ(ERR_OVERSIZE, JsonParser::ReadCfgFile(TEST_JSON_PATH, rawData)); - close(fd); - sleep(5); - - remove(TEST_JSON_PATH.c_str()); -} - -/* - * @tc.name: IsDirExsit001 - * @tc.desc: IsDirExsit input param error - * @tc.type: FUNC - * @tc.require: issueI6024A - */ -HWTEST_F(CommonTest, IsDirExsit001, TestSize.Level1) -{ - EXPECT_FALSE(JsonParser::IsDirExsit("")); - int32_t fd = open(TEST_JSON_PATH.c_str(), O_RDWR | O_CREAT); - EXPECT_NE(-1, fd); - - EXPECT_FALSE(JsonParser::IsDirExsit(TEST_JSON_PATH.c_str())); -} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/include/access_token_error.h b/interfaces/innerkits/accesstoken/include/access_token_error.h index 9f0fd9a9149709529bced03ea790b5d6e208b1c9..4e3f4e30c6f588fbf3d04726358fe9b659e4e400 100644 --- a/interfaces/innerkits/accesstoken/include/access_token_error.h +++ b/interfaces/innerkits/accesstoken/include/access_token_error.h @@ -78,6 +78,7 @@ enum AccessTokenError { ERR_USER_POLICY_NOT_INITIALIZED, ERR_REMOTE_CONNECTION, ERR_ADD_DEATH_RECIPIENT_FAILED, + ERR_PRASE_RAW_DATA_FAILED }; } // namespace AccessToken } // namespace Security diff --git a/interfaces/innerkits/accesstoken/test/unittest/BUILD.gn b/interfaces/innerkits/accesstoken/test/unittest/BUILD.gn index 962baa30bfcb3ae382aa16b8c8490344a04ef914..00d77b966bcf912f9e774aad06aebaea2ae5b754 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/BUILD.gn +++ b/interfaces/innerkits/accesstoken/test/unittest/BUILD.gn @@ -98,6 +98,7 @@ ohos_unittest("libaccesstoken_sdk_test") { ] external_deps = [ + "cJSON:cjson", "c_utils:utils", "hilog:libhilog", "ipc:ipc_single", diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/check_permission_map_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/check_permission_map_test.cpp index 8ae943d7e5b3e0d4fb440832bed04099abf5b877..bb184830e179035be8aa91a96ec79405284716d9 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/check_permission_map_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/check_permission_map_test.cpp @@ -15,19 +15,24 @@ #include "check_permission_map_test.h" #include "gtest/gtest.h" -#include +#include +#include +#include +#include +#include +#include +#include +#include + #include "access_token.h" -#include "access_token_error.h" -#include "accesstoken_common_log.h" -#include "tokenid_kit.h" -#include "token_setproc.h" -#include "json_parser.h" +#include "cJSON.h" + #include "permission_def.h" -#include "nlohmann/json.hpp" -#include "data_validator.h" #include "permission_map.h" using namespace testing::ext; +typedef cJSON CJson; +typedef std::unique_ptr> CJsonUnique; namespace OHOS { namespace Security { namespace AccessToken { @@ -36,6 +41,9 @@ static const std::string DEFINE_PERMISSION_FILE = "/system/etc/access_token/perm static const std::string SYSTEM_GRANT_DEFINE_PERMISSION = "systemGrantPermissions"; static const std::string USER_GRANT_DEFINE_PERMISSION = "userGrantPermissions"; static const std::string PERMISSION_GRANT_MODE_SYSTEM_GRANT = "system_grant"; +constexpr int32_t MAX_NATIVE_CONFIG_FILE_SIZE = 5 * 1024 * 1024; // 5M +constexpr size_t BUFFER_SIZE = 1024; +constexpr uint32_t ACCESS_TOKEN_UID = 3020; } void CheckPermissionMapTest::SetUpTestCase() @@ -62,46 +70,126 @@ static int32_t GetPermissionGrantMode(const std::string &mode) return AccessToken::GrantMode::USER_GRANT; } -static int32_t GetPermissionDefList(const nlohmann::json& json, const std::string& permsRawData, - const std::string& type, std::vector& permDefList) +static bool ReadCfgFile(const std::string& file, std::string& rawData) { - if ((json.find(type) == json.end()) || (!json.at(type).is_array())) { - LOGE(ATM_DOMAIN, ATM_TAG, "Json is not array."); - return ERR_PARAM_INVALID; + int32_t selfUid = getuid(); + setuid(ACCESS_TOKEN_UID); + char filePath[PATH_MAX] = {0}; + if (realpath(file.c_str(), filePath) == NULL) { + setuid(selfUid); + return false; + } + int32_t fd = open(filePath, O_RDONLY); + if (fd < 0) { + setuid(selfUid); + return false; + } + struct stat statBuffer; + + if (fstat(fd, &statBuffer) != 0) { + close(fd); + setuid(selfUid); + return false; + } + + if (statBuffer.st_size == 0) { + close(fd); + setuid(selfUid); + return false; } + if (statBuffer.st_size > MAX_NATIVE_CONFIG_FILE_SIZE) { + close(fd); + setuid(selfUid); + return false; + } + rawData.reserve(statBuffer.st_size); + + char buff[BUFFER_SIZE] = { 0 }; + ssize_t readLen = 0; + while ((readLen = read(fd, buff, BUFFER_SIZE)) > 0) { + rawData.append(buff, readLen); + } + close(fd); + setuid(selfUid); + return true; +} + +void FreeJson(CJson* jsonObj) +{ + cJSON_Delete(jsonObj); + jsonObj = nullptr; +} + +CJsonUnique CreateJsonFromString(const std::string& jsonStr) +{ + if (jsonStr.empty()) { + CJsonUnique aPtr(cJSON_CreateObject(), FreeJson); + return aPtr; + } + CJsonUnique aPtr(cJSON_Parse(jsonStr.c_str()), FreeJson); + return aPtr; +} - PermissionDef result; - nlohmann::json JsonData = json.at(type).get(); - for (auto it = JsonData.begin(); it != JsonData.end(); it++) { - result.permissionName = it->at("name").get(); - result.grantMode = GetPermissionGrantMode(it->at("grantMode").get()); +static CJson* GetArrayFromJson(const CJson* jsonObj, const std::string& key) +{ + if (key.empty()) { + return nullptr; + } + + CJson* objValue = cJSON_GetObjectItemCaseSensitive(jsonObj, key.c_str()); + if (objValue != nullptr && cJSON_IsArray(objValue)) { + return objValue; + } + return nullptr; +} + +bool GetStringFromJson(const CJson *jsonObj, const std::string& key, std::string& out) +{ + if (jsonObj == nullptr || key.empty()) { + return false; + } + + cJSON *jsonObjTmp = cJSON_GetObjectItemCaseSensitive(jsonObj, key.c_str()); + if (jsonObjTmp != nullptr && cJSON_IsString(jsonObjTmp)) { + out = cJSON_GetStringValue(jsonObjTmp); + return true; + } + return false; +} + +static bool GetPermissionDefList(const CJsonUnique &json, const std::string& permsRawData, + const std::string& type, std::vector& permDefList) +{ + cJSON *permDefObj = GetArrayFromJson(json.get(), type); + if (permDefObj == nullptr) { + return false; + } + CJson *j = nullptr; + cJSON_ArrayForEach(j, permDefObj) { + PermissionDef result; + GetStringFromJson(j, "name", result.permissionName); + std::string grantModeStr = ""; + GetStringFromJson(j, "grantMode", grantModeStr); + result.grantMode = GetPermissionGrantMode(grantModeStr); permDefList.emplace_back(result); } - return RET_SUCCESS; + return true; } -static int32_t ParserPermsRawData(const std::string& permsRawData, +static bool ParserPermsRawData(const std::string& permsRawData, std::vector& permDefList) { - nlohmann::json jsonRes = nlohmann::json::parse(permsRawData, nullptr, false); - if (jsonRes.is_discarded()) { - LOGE(ATM_DOMAIN, ATM_TAG, "JsonRes is invalid."); - return ERR_PARAM_INVALID; + CJsonUnique jsonRes = CreateJsonFromString(permsRawData); + if (jsonRes == nullptr) { + return false; } - int32_t ret = GetPermissionDefList(jsonRes, permsRawData, SYSTEM_GRANT_DEFINE_PERMISSION, permDefList); - if (ret != RET_SUCCESS) { - LOGE(ATM_DOMAIN, ATM_TAG, "Get system_grant permission def list failed."); - return ret; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Get system_grant permission size=%{public}zu.", permDefList.size()); - ret = GetPermissionDefList(jsonRes, permsRawData, USER_GRANT_DEFINE_PERMISSION, permDefList); - if (ret != RET_SUCCESS) { - LOGE(ATM_DOMAIN, ATM_TAG, "Get user_grant permission def list failed."); - return ret; + bool ret = GetPermissionDefList(jsonRes, permsRawData, SYSTEM_GRANT_DEFINE_PERMISSION, permDefList); + if (!ret) { + return false; } - LOGI(ATM_DOMAIN, ATM_TAG, "Get permission size=%{public}zu.", permDefList.size()); - return RET_SUCCESS; + + return GetPermissionDefList(jsonRes, permsRawData, USER_GRANT_DEFINE_PERMISSION, permDefList); } /** @@ -112,15 +200,11 @@ static int32_t ParserPermsRawData(const std::string& permsRawData, */ HWTEST_F(CheckPermissionMapTest, CheckPermissionMapFuncTest001, TestSize.Level1) { - LOGI(ATM_DOMAIN, ATM_TAG, "CheckPermissionMapFuncTest001"); - std::string permsRawData; - int32_t ret = JsonParser::ReadCfgFile(DEFINE_PERMISSION_FILE, permsRawData); - EXPECT_EQ(RET_SUCCESS, ret); + EXPECT_TRUE(ReadCfgFile(DEFINE_PERMISSION_FILE, permsRawData)); std::vector permDefList; - ret = ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(RET_SUCCESS, ret); + EXPECT_TRUE(ParserPermsRawData(permsRawData, permDefList)); uint32_t opCode; for (const auto& perm : permDefList) { diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/check_permission_map_test.h b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/check_permission_map_test.h index ba0fe49b93dcb1f3be063b8d9335aa56a7a2241d..f539a211d5ff1d782c6dee3996d79b4850584013 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/check_permission_map_test.h +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/check_permission_map_test.h @@ -22,7 +22,6 @@ #include "accesstoken_kit.h" #include "permission_def.h" #include "permission_state_full.h" -#include "nlohmann/json.hpp" #include "nocopyable.h" #include "permission_def.h" diff --git a/services/accesstokenmanager/BUILD.gn b/services/accesstokenmanager/BUILD.gn index b8755ca525e87aafb3cca8c09902969ca62e24cd..becae31e7d00d75b97fd7097febfe13c17017620 100644 --- a/services/accesstokenmanager/BUILD.gn +++ b/services/accesstokenmanager/BUILD.gn @@ -53,7 +53,7 @@ if (is_standard_system) { "${access_token_path}/interfaces/innerkits/tokensync/src", "${access_token_path}/services/common/ability_manager/include", "${access_token_path}/services/common/app_manager/include", - "${access_token_path}/services/common/config_policy/include", + "${access_token_path}/services/common/json_parse/include", "${access_token_path}/services/common/database/include", "${access_token_path}/services/common/handler/include", "${access_token_path}/services/common/libraryloader/include", @@ -86,7 +86,6 @@ if (is_standard_system) { "main/cpp/src/form_manager/form_status_change_callback.cpp", "main/cpp/src/permission/permission_data_brief.cpp", "main/cpp/src/permission/permission_definition_cache.cpp", - "main/cpp/src/permission/permission_definition_parser.cpp", "main/cpp/src/permission/permission_grant_event.cpp", "main/cpp/src/permission/permission_manager.cpp", "main/cpp/src/permission/permission_validator.cpp", @@ -97,7 +96,6 @@ if (is_standard_system) { "main/cpp/src/token/accesstoken_id_manager.cpp", "main/cpp/src/token/accesstoken_info_manager.cpp", "main/cpp/src/token/hap_token_info_inner.cpp", - "main/cpp/src/token/native_token_receptor.cpp", ] sources += access_token_impl_sources @@ -112,10 +110,7 @@ if (is_standard_system) { if (dlp_permission_enable == true) { cflags_cc += [ "-DSUPPORT_SANDBOX_APP" ] - sources += [ - "main/cpp/src/permission/dlp_permission_set_manager.cpp", - "main/cpp/src/permission/dlp_permission_set_parser.cpp", - ] + sources += [ "main/cpp/src/permission/dlp_permission_set_manager.cpp" ] } if (build_variant == "user") { @@ -142,7 +137,6 @@ if (is_standard_system) { "hisysevent:libhisysevent", "init:libbegetutil", "ipc:ipc_single", - "json:nlohmann_json_static", "relational_store:native_rdb", "safwk:system_ability_fwk", "samgr:samgr_proxy", diff --git a/services/accesstokenmanager/main/cpp/include/permission/dlp_permission_set_parser.h b/services/accesstokenmanager/main/cpp/include/permission/dlp_permission_set_parser.h deleted file mode 100644 index 67b9e12bebdc45b50a0801b114945a2d90133162..0000000000000000000000000000000000000000 --- a/services/accesstokenmanager/main/cpp/include/permission/dlp_permission_set_parser.h +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef ACCESSTOKEN_DLP_PERMISSION_SET_PARSER_H -#define ACCESSTOKEN_DLP_PERMISSION_SET_PARSER_H - -#include -#include - -#include "permission_dlp_mode.h" -#include "nlohmann/json.hpp" -#include "nocopyable.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -const std::string CLONE_PERMISSION_CONFIG_FILE = "/system/etc/dlp_permission/clone_app_permission.json"; -constexpr int32_t MAX_CLONE_PERMISSION_CONFIG_FILE_SIZE = 5 * 1024 * 1024; -constexpr size_t MAX_BUFFER_SIZE = 1024; -class DlpPermissionSetParser final { -public: - static DlpPermissionSetParser& GetInstance(); - virtual ~DlpPermissionSetParser() = default; - int32_t Init(); - -private: - DlpPermissionSetParser() : ready_(false) {} - DISALLOW_COPY_AND_MOVE(DlpPermissionSetParser); - int ReadCfgFile(std::string& dlpPermsRawData); - void FromJson(const nlohmann::json& jsonObject, std::vector& dlpPerms); - int32_t ParserDlpPermsRawData(const std::string& dlpPermsRawData, - std::vector& dlpPerms); - void from_json(const nlohmann::json& j, PermissionDlpMode& p); - void ProcessDlpPermsInfos(std::vector& dlpPerms); - - bool ready_; -}; -} // namespace AccessToken -} // namespace Security -} // namespace OHOS -#endif // ACCESSTOKEN_DLP_PERMISSION_SET_PARSER_H diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_definition_parser.h b/services/accesstokenmanager/main/cpp/include/permission/permission_definition_parser.h deleted file mode 100644 index d50b5c2f7a5e758a1e296b25cc00922c15643af9..0000000000000000000000000000000000000000 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_definition_parser.h +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright (c) 2023 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef PERMISSION_DEFINITION_PARSER_H -#define PERMISSION_DEFINITION_PARSER_H - -#include - -#include "accesstoken_common_log.h" -#include "nlohmann/json.hpp" -#include "nocopyable.h" -#include "permission_def.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -struct PermissionDefParseRet { - PermissionDef permDef; - bool isSuccessful = false; -}; -class PermissionDefinitionParser final { -public: - static PermissionDefinitionParser& GetInstance(); - virtual ~PermissionDefinitionParser() = default; - int32_t Init(); - -private: - PermissionDefinitionParser() : ready_(false) {} - DISALLOW_COPY_AND_MOVE(PermissionDefinitionParser); - int ReadCfgFile(std::string& PermsRawData); - int32_t GetPermissionDefList(const nlohmann::json& json, const std::string& permsRawData, const std::string& type, - std::vector& permDefList); - int32_t ParserPermsRawData(const std::string& permsRawData, std::vector& perms); - void from_json(const nlohmann::json& j, PermissionDefParseRet& p); - void ProcessPermsInfos(std::vector& Perms); - - bool ready_; -}; - -} // namespace AccessToken -} // namespace Security -} // namespace OHOS -#endif // PERMISSION_DEFINITION_PARSER_H \ No newline at end of file diff --git a/services/accesstokenmanager/main/cpp/include/permission/temp_permission_observer.h b/services/accesstokenmanager/main/cpp/include/permission/temp_permission_observer.h index 6ca16aa6460143030826a8a13b8462b51f283fc5..c9e96dc8fbebb0d7424011f45ede90f256204160 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/temp_permission_observer.h +++ b/services/accesstokenmanager/main/cpp/include/permission/temp_permission_observer.h @@ -100,7 +100,7 @@ public: bool FindContinuousTask(AccessTokenID tokenID); #ifdef EVENTHANDLER_ENABLE void InitEventHandler(); - void GetConfigValue(); + void SetCancelTime(int32_t cancelTime); #endif bool DelayRevokePermission(AccessToken::AccessTokenID tokenId, const std::string& taskName); bool CancleTaskOfPermissionRevoking(const std::string& taskName); diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h index a808b9cec9ed762e2c8d53ff2c254a1cf00fab08..ade78794ce9cec8040149f4bcb68647aa1b4f67e 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h @@ -114,7 +114,6 @@ public: private: void GetValidConfigFilePathList(std::vector& pathList); - bool GetConfigGrantValueFromFile(std::string& fileContent); void GetConfigValue(); bool Initialize(); void AccessTokenServiceParamSet() const; diff --git a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h index 97eb3e1ec2f7dd2c4eacf49a7b839d5315b57b1d..c01a2ebcc0b8ab03469ec321f9f10fbcadf1b98a 100644 --- a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h +++ b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h @@ -47,7 +47,7 @@ public: static AccessTokenInfoManager& GetInstance(); ~AccessTokenInfoManager(); void Init(); - void InitNativeTokenInfos(uint32_t& nativeSize); + void InitNativeTokenInfos(const std::vector& tokenInfos); int32_t GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenIdList); std::shared_ptr GetHapTokenInfoInner(AccessTokenID id); int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& infoParcel); @@ -133,6 +133,7 @@ private: std::vector& opCodeList, std::vector& statusList); bool IsPermissionReqValid(int32_t tokenApl, const std::string& permissionName, const std::vector& nativeAcls); + int32_t GetNativeCfgInfo(std::vector& tokenInfos); void NativeTokenToString(AccessTokenID tokenID, std::string& info); int32_t CheckHapInfoParam(const HapInfoParams& info, const HapPolicy& policy); void UpdateHapToKernel(AccessTokenID tokenID, int32_t userId); diff --git a/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h b/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h deleted file mode 100644 index 009fa2dadd21602771c53ec9b28db6baf058452a..0000000000000000000000000000000000000000 --- a/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright (c) 2021-2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef ACCESSTOKEN_NATIVE_TOKEN_RECEPTOR_H -#define ACCESSTOKEN_NATIVE_TOKEN_RECEPTOR_H - -#include -#include - -#include "native_token_info_base.h" - -#include "access_token.h" -#include "nlohmann/json.hpp" -#include "nocopyable.h" -#include "permission_status.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -const std::string NATIVE_TOKEN_CONFIG_FILE = "/data/service/el0/access_token/nativetoken.json"; -constexpr int MAX_NATIVE_CONFIG_FILE_SIZE = 5 * 1024 * 1024; // 5M -constexpr size_t BUFFER_SIZE = 1024; -class NativeTokenReceptor final { -public: - static NativeTokenReceptor& GetInstance(); - virtual ~NativeTokenReceptor() = default; - int GetAllNativeTokenInfo(std::vector& tokenInfos); - -private: - NativeTokenReceptor() {} - DISALLOW_COPY_AND_MOVE(NativeTokenReceptor); - int ReadCfgFile(std::string &nativeRawData); - void FromJson(const nlohmann::json &jsonObject, std::vector>& tokenInfos); - int32_t ParserNativeRawData(const std::string& nativeRawData, std::vector& tokenInfos); - void from_json(const nlohmann::json& j, NativeTokenInfoBase& p); -}; -} // namespace AccessToken -} // namespace Security -} // namespace OHOS -#endif // ACCESSTOKEN_NATIVE_TOKEN_RECEPTOR_H diff --git a/services/accesstokenmanager/main/cpp/src/permission/dlp_permission_set_parser.cpp b/services/accesstokenmanager/main/cpp/src/permission/dlp_permission_set_parser.cpp deleted file mode 100644 index 6f64f7ab8fac58038910a9ea8c3afe6a4d31df60..0000000000000000000000000000000000000000 --- a/services/accesstokenmanager/main/cpp/src/permission/dlp_permission_set_parser.cpp +++ /dev/null @@ -1,160 +0,0 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include "dlp_permission_set_parser.h" - -#include -#include -#include -#include -#include - -#include "access_token_error.h" -#include "accesstoken_common_log.h" -#include "data_validator.h" -#include "dlp_permission_set_manager.h" -#include "securec.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -std::recursive_mutex g_instanceMutex; -} - -// nlohmann json need the function named from_json to parse -void from_json(const nlohmann::json& j, PermissionDlpMode& p) -{ - if (j.find("name") == j.end() || (!j.at("name").is_string())) { - return; - } - p.permissionName = j.at("name").get(); - if (!DataValidator::IsProcessNameValid(p.permissionName)) { - return; - } - - if (j.find("dlpGrantRange") == j.end() || (!j.at("dlpGrantRange").is_string())) { - return; - } - std::string dlpModeStr = j.at("dlpGrantRange").get(); - if (dlpModeStr == "all") { - p.dlpMode = DLP_PERM_ALL; - return; - } - if (dlpModeStr == "full_control") { - p.dlpMode = DLP_PERM_FULL_CONTROL; - return; - } - p.dlpMode = DLP_PERM_NONE; - return; -} - -int32_t DlpPermissionSetParser::ParserDlpPermsRawData(const std::string& dlpPermsRawData, - std::vector& dlpPerms) -{ - nlohmann::json jsonRes = nlohmann::json::parse(dlpPermsRawData, nullptr, false); - if (jsonRes.is_discarded()) { - LOGE(ATM_DOMAIN, ATM_TAG, "JsonRes is invalid."); - return ERR_PARAM_INVALID; - } - - if ((jsonRes.find("dlpPermissions") != jsonRes.end()) && (jsonRes.at("dlpPermissions").is_array())) { - nlohmann::json dlpPermTokenJson = jsonRes.at("dlpPermissions").get(); - dlpPerms = dlpPermTokenJson.get>(); - } - - return RET_SUCCESS; -} - -int32_t DlpPermissionSetParser::ReadCfgFile(std::string& dlpPermsRawData) -{ - int32_t fd = open(CLONE_PERMISSION_CONFIG_FILE.c_str(), O_RDONLY); - if (fd < 0) { - LOGE(ATM_DOMAIN, ATM_TAG, "Open failed errno %{public}d.", errno); - return ERR_FILE_OPERATE_FAILED; - } - struct stat statBuffer; - - if (fstat(fd, &statBuffer) != 0) { - LOGE(ATM_DOMAIN, ATM_TAG, "Fstat failed errno %{public}d.", errno); - close(fd); - return ERR_FILE_OPERATE_FAILED; - } - - if (statBuffer.st_size == 0) { - LOGE(ATM_DOMAIN, ATM_TAG, "Config file size is 0."); - close(fd); - return ERR_PARAM_INVALID; - } - if (statBuffer.st_size > MAX_CLONE_PERMISSION_CONFIG_FILE_SIZE) { - LOGE(ATM_DOMAIN, ATM_TAG, "Config file size is too large."); - close(fd); - return ERR_OVERSIZE; - } - dlpPermsRawData.reserve(statBuffer.st_size); - - char buff[MAX_BUFFER_SIZE] = { 0 }; - ssize_t readLen = 0; - while ((readLen = read(fd, buff, MAX_BUFFER_SIZE)) > 0) { - dlpPermsRawData.append(buff, readLen); - } - close(fd); - - if (readLen == 0) { - return RET_SUCCESS; - } - return ERR_FILE_OPERATE_FAILED; -} - -int32_t DlpPermissionSetParser::Init() -{ - if (ready_) { - LOGE(ATM_DOMAIN, ATM_TAG, "Dlp permission has been set."); - return RET_SUCCESS; - } - - std::string dlpPermsRawData; - int32_t ret = ReadCfgFile(dlpPermsRawData); - if (ret != RET_SUCCESS) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadCfgFile failed."); - return ret; - } - std::vector dlpPerms; - ret = ParserDlpPermsRawData(dlpPermsRawData, dlpPerms); - if (ret != RET_SUCCESS) { - LOGE(ATM_DOMAIN, ATM_TAG, "ParserDlpPermsRawData failed."); - return ERR_FILE_OPERATE_FAILED; - } - DlpPermissionSetManager::GetInstance().ProcessDlpPermInfos(dlpPerms); - - ready_ = true; - LOGI(ATM_DOMAIN, ATM_TAG, "Init ok."); - return RET_SUCCESS; -} - -DlpPermissionSetParser& DlpPermissionSetParser::GetInstance() -{ - static DlpPermissionSetParser* instance = nullptr; - if (instance == nullptr) { - std::lock_guard lock(g_instanceMutex); - if (instance == nullptr) { - DlpPermissionSetParser* tmp = new DlpPermissionSetParser(); - instance = std::move(tmp); - } - } - return *instance; -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_definition_parser.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_definition_parser.cpp deleted file mode 100644 index 4b74de0b171034a951c06dfaff19152da1c2d622..0000000000000000000000000000000000000000 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_definition_parser.cpp +++ /dev/null @@ -1,277 +0,0 @@ -/* - * Copyright (c) 2023 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include "permission_definition_parser.h" - -#include -#include -#include -#include -#include - -#include "accesstoken_common_log.h" -#include "access_token.h" -#include "access_token_error.h" -#include "accesstoken_info_manager.h" -#include "data_validator.h" -#include "hisysevent_adapter.h" -#include "json_parser.h" -#include "permission_def.h" -#include "permission_definition_cache.h" -#include "securec.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -std::recursive_mutex g_instanceMutex; -static const int32_t EXTENSION_PERMISSION_ID = 0; -static const std::string PERMISSION_NAME = "name"; -static const std::string PERMISSION_GRANT_MODE = "grantMode"; -static const std::string PERMISSION_AVAILABLE_LEVEL = "availableLevel"; -static const std::string PERMISSION_AVAILABLE_TYPE = "availableType"; -static const std::string PERMISSION_PROVISION_ENABLE = "provisionEnable"; -static const std::string PERMISSION_DISTRIBUTED_SCENE_ENABLE = "distributedSceneEnable"; -static const std::string PERMISSION_LABEL = "label"; -static const std::string PERMISSION_DESCRIPTION = "description"; -static const std::string AVAILABLE_TYPE_NORMAL_HAP = "NORMAL"; -static const std::string AVAILABLE_TYPE_SYSTEM_HAP = "SYSTEM"; -static const std::string AVAILABLE_TYPE_MDM = "MDM"; -static const std::string AVAILABLE_TYPE_SYSTEM_AND_MDM = "SYSTEM_AND_MDM"; -static const std::string AVAILABLE_TYPE_SERVICE = "SERVICE"; -static const std::string AVAILABLE_TYPE_ENTERPRISE_NORMAL = "ENTERPRISE_NORMAL"; -static const std::string AVAILABLE_LEVEL_NORMAL = "normal"; -static const std::string AVAILABLE_LEVEL_SYSTEM_BASIC = "system_basic"; -static const std::string AVAILABLE_LEVEL_SYSTEM_CORE = "system_core"; -static const std::string PERMISSION_GRANT_MODE_SYSTEM_GRANT = "system_grant"; -static const std::string PERMISSION_GRANT_MODE_USER_GRANT = "user_grant"; -static const std::string SYSTEM_GRANT_DEFINE_PERMISSION = "systemGrantPermissions"; -static const std::string USER_GRANT_DEFINE_PERMISSION = "userGrantPermissions"; -static const std::string DEFINE_PERMISSION_FILE = "/system/etc/access_token/permission_definitions.json"; -} - -static bool GetPermissionApl(const std::string &apl, AccessToken::ATokenAplEnum& aplNum) -{ - if (apl == AVAILABLE_LEVEL_SYSTEM_CORE) { - aplNum = AccessToken::ATokenAplEnum::APL_SYSTEM_CORE; - return true; - } - if (apl == AVAILABLE_LEVEL_SYSTEM_BASIC) { - aplNum = AccessToken::ATokenAplEnum::APL_SYSTEM_BASIC; - return true; - } - if (apl == AVAILABLE_LEVEL_NORMAL) { - aplNum = AccessToken::ATokenAplEnum::APL_NORMAL; - return true; - } - LOGE(ATM_DOMAIN, ATM_TAG, "Apl: %{public}s is invalid.", apl.c_str()); - return false; -} - -static bool GetPermissionAvailableType(const std::string &availableType, AccessToken::ATokenAvailableTypeEnum& typeNum) -{ - if (availableType == AVAILABLE_TYPE_NORMAL_HAP) { - typeNum = AccessToken::ATokenAvailableTypeEnum::NORMAL; - return true; - } - if (availableType == AVAILABLE_TYPE_SYSTEM_HAP) { - typeNum = AccessToken::ATokenAvailableTypeEnum::SYSTEM; - return true; - } - if (availableType == AVAILABLE_TYPE_MDM) { - typeNum = AccessToken::ATokenAvailableTypeEnum::MDM; - return true; - } - if (availableType == AVAILABLE_TYPE_SYSTEM_AND_MDM) { - typeNum = AccessToken::ATokenAvailableTypeEnum::SYSTEM_AND_MDM; - return true; - } - if (availableType == AVAILABLE_TYPE_SERVICE) { - typeNum = AccessToken::ATokenAvailableTypeEnum::SERVICE; - return true; - } - if (availableType == AVAILABLE_TYPE_ENTERPRISE_NORMAL) { - typeNum = AccessToken::ATokenAvailableTypeEnum::ENTERPRISE_NORMAL; - return true; - } - typeNum = AccessToken::ATokenAvailableTypeEnum::INVALID; - LOGE(ATM_DOMAIN, ATM_TAG, "AvailableType: %{public}s is invalid.", availableType.c_str()); - return false; -} - -static int32_t GetPermissionGrantMode(const std::string &mode) -{ - if (mode == PERMISSION_GRANT_MODE_SYSTEM_GRANT) { - return AccessToken::GrantMode::SYSTEM_GRANT; - } - return AccessToken::GrantMode::USER_GRANT; -} - -void from_json(const nlohmann::json& j, PermissionDefParseRet& result) -{ - result.isSuccessful = false; - PermissionDef permDef; - if (!JsonParser::GetStringFromJson(j, PERMISSION_NAME, permDef.permissionName) || - !DataValidator::IsProcessNameValid(permDef.permissionName)) { - return; - } - std::string grantModeStr; - if (!JsonParser::GetStringFromJson(j, PERMISSION_GRANT_MODE, grantModeStr)) { - return; - } - permDef.grantMode = GetPermissionGrantMode(grantModeStr); - - std::string availableLevelStr; - if (!JsonParser::GetStringFromJson(j, PERMISSION_AVAILABLE_LEVEL, availableLevelStr)) { - return; - } - if (!GetPermissionApl(availableLevelStr, permDef.availableLevel)) { - return; - } - - std::string availableTypeStr; - if (!JsonParser::GetStringFromJson(j, PERMISSION_AVAILABLE_TYPE, availableTypeStr)) { - return; - } - if (!GetPermissionAvailableType(availableTypeStr, permDef.availableType)) { - return; - } - - if (!JsonParser::GetBoolFromJson(j, PERMISSION_PROVISION_ENABLE, permDef.provisionEnable)) { - return; - } - if (!JsonParser::GetBoolFromJson(j, PERMISSION_DISTRIBUTED_SCENE_ENABLE, permDef.distributedSceneEnable)) { - return; - } - permDef.bundleName = "system_ability"; - if (permDef.grantMode == AccessToken::GrantMode::SYSTEM_GRANT) { - result.permDef = permDef; - result.isSuccessful = true; - return; - } - if (!JsonParser::GetStringFromJson(j, PERMISSION_LABEL, permDef.label)) { - return; - } - if (!JsonParser::GetStringFromJson(j, PERMISSION_DESCRIPTION, permDef.description)) { - return; - } - result.permDef = permDef; - result.isSuccessful = true; - return; -} - -static bool CheckPermissionDefRules(const PermissionDef& permDef) -{ - // Extension permission support permission for service only. - if (permDef.availableType != AccessToken::ATokenAvailableTypeEnum::SERVICE) { - LOGD(ATM_DOMAIN, ATM_TAG, "%{public}s is for hap.", permDef.permissionName.c_str()); - return false; - } - return true; -} - -int32_t PermissionDefinitionParser::GetPermissionDefList(const nlohmann::json& json, const std::string& permsRawData, - const std::string& type, std::vector& permDefList) -{ - if ((json.find(type) == json.end()) || (!json.at(type).is_array())) { - LOGE(ATM_DOMAIN, ATM_TAG, "Json is not array."); - return ERR_PARAM_INVALID; - } - - nlohmann::json JsonData = json.at(type).get(); - for (auto it = JsonData.begin(); it != JsonData.end(); it++) { - auto result = it->get(); - if (!result.isSuccessful) { - LOGE(ATM_DOMAIN, ATM_TAG, "Get permission def failed."); - return ERR_PERM_REQUEST_CFG_FAILED; - } - if (!CheckPermissionDefRules(result.permDef)) { - continue; - } - LOGD(ATM_DOMAIN, ATM_TAG, "%{public}s insert.", result.permDef.permissionName.c_str()); - permDefList.emplace_back(result.permDef); - } - return RET_SUCCESS; -} - -int32_t PermissionDefinitionParser::ParserPermsRawData(const std::string& permsRawData, - std::vector& permDefList) -{ - nlohmann::json jsonRes = nlohmann::json::parse(permsRawData, nullptr, false); - if (jsonRes.is_discarded()) { - LOGE(ATM_DOMAIN, ATM_TAG, "JsonRes is invalid."); - return ERR_PARAM_INVALID; - } - - int32_t ret = GetPermissionDefList(jsonRes, permsRawData, SYSTEM_GRANT_DEFINE_PERMISSION, permDefList); - if (ret != RET_SUCCESS) { - LOGE(ATM_DOMAIN, ATM_TAG, "Get system_grant permission def list failed."); - return ret; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Get system_grant permission size=%{public}zu.", permDefList.size()); - ret = GetPermissionDefList(jsonRes, permsRawData, USER_GRANT_DEFINE_PERMISSION, permDefList); - if (ret != RET_SUCCESS) { - LOGE(ATM_DOMAIN, ATM_TAG, "Get user_grant permission def list failed."); - return ret; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Get permission size=%{public}zu.", permDefList.size()); - return RET_SUCCESS; -} - -int32_t PermissionDefinitionParser::Init() -{ - LOGI(ATM_DOMAIN, ATM_TAG, "System permission set begin."); - if (ready_) { - LOGE(ATM_DOMAIN, ATM_TAG, " system permission has been set."); - return RET_SUCCESS; - } - - std::string permsRawData; - int32_t ret = JsonParser::ReadCfgFile(DEFINE_PERMISSION_FILE, permsRawData); - if (ret != RET_SUCCESS) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadCfgFile failed."); - ReportSysEventServiceStartError(INIT_PERM_DEF_JSON_ERROR, "ReadCfgFile fail.", ret); - return ERR_FILE_OPERATE_FAILED; - } - std::vector permDefList; - ret = ParserPermsRawData(permsRawData, permDefList); - if (ret != RET_SUCCESS) { - ReportSysEventServiceStartError(INIT_PERM_DEF_JSON_ERROR, "ParserPermsRawData fail.", ret); - LOGE(ATM_DOMAIN, ATM_TAG, "ParserPermsRawData failed."); - return ret; - } - - for (const auto& perm : permDefList) { - PermissionDefinitionCache::GetInstance().Insert(perm, EXTENSION_PERMISSION_ID); - } - ready_ = true; - LOGI(ATM_DOMAIN, ATM_TAG, "Init ok."); - return RET_SUCCESS; -} - -PermissionDefinitionParser& PermissionDefinitionParser::GetInstance() -{ - static PermissionDefinitionParser* instance = nullptr; - if (instance == nullptr) { - std::lock_guard lock(g_instanceMutex); - if (instance == nullptr) { - PermissionDefinitionParser* tmp = new PermissionDefinitionParser(); - instance = std::move(tmp); - } - } - return *instance; -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp b/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp index 4ab5769dbf94e021d980d12751c241890b7a0382..ccb878ac6e04331fee9a7f2da4861c312c4f9720 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp @@ -17,7 +17,6 @@ #include "access_token.h" #include "access_token_error.h" -#include "config_policy_loader.h" #include "accesstoken_info_manager.h" #include "accesstoken_common_log.h" #include "libraryloader.h" @@ -29,6 +28,7 @@ #include "hisysevent.h" #include "hisysevent_adapter.h" #include "ipc_skeleton.h" +#include "json_parse_loader.h" namespace OHOS { namespace Security { @@ -41,9 +41,7 @@ static constexpr int32_t ROOT_UID = 0; static constexpr int32_t FOREGROUND_FLAG = 0; static constexpr int32_t FORMS_FLAG = 1; static constexpr int32_t CONTINUOUS_TASK_FLAG = 2; -#ifdef EVENTHANDLER_ENABLE static constexpr int32_t DEFAULT_CANCLE_MILLISECONDS = 10 * 1000; // 10s -#endif std::recursive_mutex g_instanceMutex; static const std::vector g_tempPermission = { "ohos.permission.READ_PASTEBOARD", @@ -661,19 +659,10 @@ bool TempPermissionObserver::CancleTaskOfPermissionRevoking(const std::string& t #endif } -void TempPermissionObserver::GetConfigValue() +void TempPermissionObserver::SetCancelTime(int32_t cancleTime) { - LibraryLoader loader(CONFIG_POLICY_LIBPATH); - ConfigPolicyLoaderInterface* policy = loader.GetObject(); - if (policy == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Dlopen libaccesstoken_config_policy failed."); - return; - } - AccessTokenConfigValue value; - if (policy->GetConfigValue(ServiceType::ACCESSTOKEN_SERVICE, value)) { - cancleTimes_ = value.atConfig.cancleTime == 0 ? DEFAULT_CANCLE_MILLISECONDS : value.atConfig.cancleTime; - } else { - cancleTimes_ = DEFAULT_CANCLE_MILLISECONDS; + if (cancleTime != 0) { + cancleTimes_ = cancleTime; } LOGI(ATM_DOMAIN, ATM_TAG, "CancleTimes_ is %{public}d.", cancleTimes_); diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index db205f14f17887b4d216b42714bc493542967c25..d8e6d31c03eac4b88d4a067535c3bb42177ca1f2 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -23,11 +23,7 @@ #include "accesstoken_id_manager.h" #include "accesstoken_info_manager.h" #include "accesstoken_common_log.h" -#include "config_policy_loader.h" #include "constant_common.h" -#ifdef SUPPORT_SANDBOX_APP -#include "dlp_permission_set_parser.h" -#endif #include "hap_token_info.h" #include "hap_token_info_inner.h" #include "hisysevent_adapter.h" @@ -35,6 +31,7 @@ #include "hitrace_meter.h" #endif #include "ipc_skeleton.h" +#include "json_parse_loader.h" #include "libraryloader.h" #include "parameter.h" #include "permission_list_state.h" @@ -42,7 +39,6 @@ #include "short_grant_manager.h" #include "string_ex.h" #include "system_ability_definition.h" -#include "permission_definition_parser.h" #ifdef TOKEN_SYNC_ENABLE #include "token_modify_notifier.h" #endif // TOKEN_SYNC_ENABLE @@ -479,8 +475,20 @@ int AccessTokenManagerService::GetNativeTokenInfo(AccessTokenID tokenID, NativeT #ifndef ATM_BUILD_VARIANT_USER_ENABLE int32_t AccessTokenManagerService::ReloadNativeTokenInfo() { - uint32_t nativeSize = 0; - AccessTokenInfoManager::GetInstance().InitNativeTokenInfos(nativeSize); + LibraryLoader loader(CONFIG_PARSE_LIBPATH); + ConfigPolicyLoaderInterface* policy = loader.GetObject(); + if (policy == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Dlopen libaccesstoken_json_parse failed."); + return RET_FAILED; + } + + std::vector tokenInfos; + int32_t res = policy->GetAllNativeTokenInfo(tokenInfos); + if (res != RET_SUCCESS) { + return res; + } + + AccessTokenInfoManager::GetInstance().InitNativeTokenInfos(tokenInfos); return RET_SUCCESS; } #endif @@ -650,10 +658,10 @@ void AccessTokenManagerService::AccessTokenServiceParamSet() const void AccessTokenManagerService::GetConfigValue() { - LibraryLoader loader(CONFIG_POLICY_LIBPATH); + LibraryLoader loader(CONFIG_PARSE_LIBPATH); ConfigPolicyLoaderInterface* policy = loader.GetObject(); if (policy == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Dlopen libaccesstoken_config_policy failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "Dlopen libaccesstoken_json_parse failed."); return; } AccessTokenConfigValue value; @@ -671,6 +679,7 @@ void AccessTokenManagerService::GetConfigValue() GLOBAL_SWITCH_SHEET_ABILITY_NAME : value.atConfig.globalSwitchAbilityName; applicationSettingAbilityName_ = value.atConfig.applicationSettingAbilityName.empty() ? APPLICATION_SETTING_ABILITY_NAME : value.atConfig.applicationSettingAbilityName; + TempPermissionObserver::GetInstance().SetCancelTime(value.atConfig.cancleTime); } else { LOGI(ATM_DOMAIN, ATM_TAG, "No config file or config file is not valid, use default values"); grantBundleName_ = GRANT_ABILITY_BUNDLE_NAME; @@ -681,10 +690,11 @@ void AccessTokenManagerService::GetConfigValue() applicationSettingAbilityName_ = APPLICATION_SETTING_ABILITY_NAME; } - LOGI(ATM_DOMAIN, ATM_TAG, "GrantBundleName_ is %{public}s, grantAbilityName_ is %{public}s, \ - permStateAbilityName_ is %{public}s, permStateAbilityName_ is %{public}s", - grantBundleName_.c_str(), grantAbilityName_.c_str(), - permStateAbilityName_.c_str(), permStateAbilityName_.c_str()); + LOGI(ATM_DOMAIN, ATM_TAG, "GrantBundleName_ is %{public}s, grantAbilityName_ is %{public}s, " + "grantServiceAbilityName_ is %{public}s, permStateAbilityName_ is %{public}s, " + "globalSwitchAbilityName_ is %{public}s, applicationSettingAbilityName_ is %{public}s.", + grantBundleName_.c_str(), grantAbilityName_.c_str(), grantServiceAbilityName_.c_str(), + permStateAbilityName_.c_str(), globalSwitchAbilityName_.c_str(), applicationSettingAbilityName_.c_str()); } bool AccessTokenManagerService::Initialize() @@ -696,13 +706,7 @@ bool AccessTokenManagerService::Initialize() TempPermissionObserver::GetInstance().InitEventHandler(); ShortGrantManager::GetInstance().InitEventHandler(); #endif - -#ifdef SUPPORT_SANDBOX_APP - DlpPermissionSetParser::GetInstance().Init(); -#endif - PermissionDefinitionParser::GetInstance().Init(); GetConfigValue(); - TempPermissionObserver::GetInstance().GetConfigValue(); LOGI(ATM_DOMAIN, ATM_TAG, "Initialize success"); return true; } diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index 79823d1cefaf26efc53f8d16a56ec5f7ac29985e..25621e1ec94231b19438844b3d8d4a4ea5c5bebd 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -39,12 +39,12 @@ #include "hap_token_info_inner.h" #include "hisysevent_adapter.h" #include "ipc_skeleton.h" +#include "json_parse_loader.h" #include "permission_definition_cache.h" #include "permission_manager.h" #include "permission_map.h" #include "permission_validator.h" #include "perm_setproc.h" -#include "native_token_receptor.h" #include "token_field_const.h" #include "token_setproc.h" #ifdef TOKEN_SYNC_ENABLE @@ -60,9 +60,10 @@ static const unsigned int SYSTEM_APP_FLAG = 0x0001; static constexpr int32_t BASE_USER_RANGE = 200000; #ifdef TOKEN_SYNC_ENABLE static const int MAX_PTHREAD_NAME_LEN = 15; // pthread name max length -static const std::string ACCESS_TOKEN_PACKAGE_NAME = "ohos.security.distributed_token_sync"; +static const char* ACCESS_TOKEN_PACKAGE_NAME = "ohos.security.distributed_token_sync"; #endif -static const std::string DUMP_JSON_PATH = "/data/service/el1/public/access_token/nativetoken.log"; +static const char* DUMP_JSON_PATH = "/data/service/el1/public/access_token/nativetoken.log"; +static const int32_t EXTENSION_PERMISSION_ID = 0; } AccessTokenInfoManager::AccessTokenInfoManager() : hasInited_(false) {} @@ -91,15 +92,43 @@ void AccessTokenInfoManager::Init() } LOGI(ATM_DOMAIN, ATM_TAG, "Init begin!"); + LibraryLoader loader(CONFIG_PARSE_LIBPATH); + ConfigPolicyLoaderInterface* policy = loader.GetObject(); + if (policy == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Dlopen libaccesstoken_json_parse failed."); + return; + } + std::vector tokenInfos; + int ret = policy->GetAllNativeTokenInfo(tokenInfos); + if (ret != RET_SUCCESS) { + ReportSysEventServiceStartError( + INIT_NATIVE_TOKENINFO_ERROR, "GetAllNativeTokenInfo fail from native json.", ret); + } uint32_t hapSize = 0; - uint32_t nativeSize = 0; + uint32_t nativeSize = tokenInfos.size(); InitHapTokenInfos(hapSize); - InitNativeTokenInfos(nativeSize); + InitNativeTokenInfos(tokenInfos); uint32_t pefDefSize = PermissionDefinitionCache::GetInstance().GetDefPermissionsSize(); ReportSysEventServiceStart(getpid(), hapSize, nativeSize, pefDefSize); LOGI(ATM_DOMAIN, ATM_TAG, "InitTokenInfo end, hapSize %{public}d, nativeSize %{public}d, pefDefSize %{public}d.", hapSize, nativeSize, pefDefSize); +#ifdef SUPPORT_SANDBOX_APP + std::vector dlpPerms; + ret = policy->GetDlpPermissions(dlpPerms); + if (ret == RET_SUCCESS) { + LOGI(ATM_DOMAIN, ATM_TAG, "Load dlpPer size=%{public}zu.", dlpPerms.size()); + DlpPermissionSetManager::GetInstance().ProcessDlpPermInfos(dlpPerms); + } +#endif + std::vector permDefList; + ret = policy->GetAllPermissionDef(permDefList); + if (ret != RET_SUCCESS) { + ReportSysEventServiceStartError(INIT_PERM_DEF_JSON_ERROR, "GetAllPermissionDef from json fail.", ret); + } + for (const auto& perm : permDefList) { + PermissionDefinitionCache::GetInstance().Insert(perm, EXTENSION_PERMISSION_ID); + } hasInited_ = true; LOGI(ATM_DOMAIN, ATM_TAG, "Init success"); } @@ -568,16 +597,8 @@ void AccessTokenInfoManager::GetNativePermissionList(const NativeTokenInfoBase& } } -void AccessTokenInfoManager::InitNativeTokenInfos(uint32_t& nativeSize) +void AccessTokenInfoManager::InitNativeTokenInfos(const std::vector& tokenInfos) { - std::vector tokenInfos; - int ret = NativeTokenReceptor::GetInstance().GetAllNativeTokenInfo(tokenInfos); - if (ret != RET_SUCCESS) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to load native from native json, err=%{public}d.", ret); - ReportSysEventServiceStartError( - INIT_NATIVE_TOKENINFO_ERROR, "GetAllNativeTokenInfo fail from native json.", ret); - return; - } for (const auto& info: tokenInfos) { AccessTokenID tokenId = info.tokenID; std::string process = info.processName; @@ -606,7 +627,6 @@ void AccessTokenInfoManager::InitNativeTokenInfos(uint32_t& nativeSize) LOGI(ATM_DOMAIN, ATM_TAG, "Init native token %{public}u process name %{public}s, permSize %{public}zu ok!", tokenId, process.c_str(), info.permStateList.size()); - nativeSize++; } } @@ -1139,7 +1159,7 @@ void AccessTokenInfoManager::ReduceDumpTaskNum() void AccessTokenInfoManager::DumpToken() { LOGI(ATM_DOMAIN, ATM_TAG, "AccessToken Dump"); - int32_t fd = open(DUMP_JSON_PATH.c_str(), O_RDWR | O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP); + int32_t fd = open(DUMP_JSON_PATH, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP); if (fd < 0) { LOGE(ATM_DOMAIN, ATM_TAG, "Open failed errno %{public}d.", errno); return; @@ -1715,10 +1735,27 @@ bool AccessTokenInfoManager::IsPermissionReqValid(int32_t tokenApl, const std::s return false; } +int32_t AccessTokenInfoManager::GetNativeCfgInfo(std::vector& tokenInfos) +{ + LibraryLoader loader(CONFIG_PARSE_LIBPATH); + ConfigPolicyLoaderInterface* policy = loader.GetObject(); + if (policy == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Dlopen libaccesstoken_json_parse failed."); + return RET_FAILED; + } + int ret = policy->GetAllNativeTokenInfo(tokenInfos); + if (ret != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to load native from native json, err=%{public}d.", ret); + return ret; + } + + return RET_SUCCESS; +} + void AccessTokenInfoManager::NativeTokenToString(AccessTokenID tokenID, std::string& info) { std::vector tokenInfos; - int ret = NativeTokenReceptor::GetInstance().GetAllNativeTokenInfo(tokenInfos); + int ret = GetNativeCfgInfo(tokenInfos); if (ret != RET_SUCCESS || tokenInfos.empty()) { LOGE(ATM_DOMAIN, ATM_TAG, "Failed to load native from native json, err=%{public}d.", ret); return; diff --git a/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp b/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp deleted file mode 100644 index 82afa58c0ff46d8c76c251fe1cf5ce4fa8256f20..0000000000000000000000000000000000000000 --- a/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp +++ /dev/null @@ -1,183 +0,0 @@ -/* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include -#include -#include -#include -#include - -#include "access_token_error.h" -#include "accesstoken_id_manager.h" -#include "accesstoken_info_manager.h" -#include "accesstoken_common_log.h" -#include "data_validator.h" -#include "json_parser.h" -#include "native_token_receptor.h" -#include "securec.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -std::recursive_mutex g_instanceMutex; -static const char* JSON_PROCESS_NAME = "processName"; -static const char* JSON_APL = "APL"; -static const char* JSON_VERSION = "version"; -static const char* JSON_TOKEN_ID = "tokenId"; -static const char* JSON_TOKEN_ATTR = "tokenAttr"; -static const char* JSON_DCAPS = "dcaps"; -static const char* JSON_PERMS = "permissions"; -static const char* JSON_ACLS = "nativeAcls"; -static const int MAX_DCAPS_NUM = 10 * 1024; -static const int MAX_REQ_PERM_NUM = 10 * 1024; -} - -int32_t NativeReqPermsGet( - const nlohmann::json& j, std::vector& permStateList) -{ - std::vector permReqList; - if (j.find(JSON_PERMS) == j.end() || (!j.at(JSON_PERMS).is_array())) { - LOGE(ATM_DOMAIN, ATM_TAG, "JSON_PERMS is invalid."); - return ERR_PARAM_INVALID; - } - permReqList = j.at(JSON_PERMS).get>(); - if (permReqList.size() > MAX_REQ_PERM_NUM) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission num oversize."); - return ERR_OVERSIZE; - } - std::set permRes; - for (const auto& permReq : permReqList) { - PermissionStatus permState; - if (permRes.count(permReq) != 0) { - continue; - } - permState.permissionName = permReq; - permState.grantStatus = PERMISSION_GRANTED; - permState.grantFlag = PERMISSION_SYSTEM_FIXED; - permStateList.push_back(permState); - permRes.insert(permReq); - } - return RET_SUCCESS; -} - -// nlohmann json need the function named from_json to parse NativeTokenInfoBase -void from_json(const nlohmann::json& j, NativeTokenInfoBase& native) -{ - NativeTokenInfoBase info; - int aplNum = 0; - if (!JsonParser::GetIntFromJson(j, JSON_APL, aplNum) || !DataValidator::IsAplNumValid(aplNum)) { - return; - } - - info.apl = static_cast(aplNum); - - if (j.find(JSON_VERSION) == j.end() || (!j.at(JSON_VERSION).is_number())) { - return; - } - info.ver = (uint8_t)j.at(JSON_VERSION).get(); - if (info.ver != DEFAULT_TOKEN_VERSION) { - return; - } - - if (!JsonParser::GetUnsignedIntFromJson(j, JSON_TOKEN_ID, info.tokenID) || (info.tokenID == 0)) { - return; - } - - ATokenTypeEnum type = AccessTokenIDManager::GetTokenIdTypeEnum(info.tokenID); - if ((type != TOKEN_NATIVE) && (type != TOKEN_SHELL)) { - return; - } - - if (!JsonParser::GetUnsignedIntFromJson(j, JSON_TOKEN_ATTR, info.tokenAttr)) { - return; - } - - if (j.find(JSON_DCAPS) == j.end() || (!j.at(JSON_DCAPS).is_array())) { - return; - } - info.dcap = j.at(JSON_DCAPS).get>(); - if (info.dcap.size() > MAX_DCAPS_NUM) { - LOGE(ATM_DOMAIN, ATM_TAG, "Native dcap oversize."); - return; - } - - if (j.find(JSON_ACLS) == j.end() || (!j.at(JSON_DCAPS).is_array())) { - return; - } - info.nativeAcls = j.at(JSON_ACLS).get>(); - if (info.nativeAcls.size() > MAX_REQ_PERM_NUM) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission num oversize."); - return; - } - - if (NativeReqPermsGet(j, info.permStateList) != RET_SUCCESS) { - return; - } - - if (!JsonParser::GetStringFromJson(j, JSON_PROCESS_NAME, info.processName) || - !DataValidator::IsProcessNameValid(info.processName)) { - return; - } - native = info; -} - -int32_t NativeTokenReceptor::ParserNativeRawData(const std::string& nativeRawData, - std::vector& tokenInfos) -{ - nlohmann::json jsonRes = nlohmann::json::parse(nativeRawData, nullptr, false); - if (jsonRes.is_discarded()) { - LOGE(ATM_DOMAIN, ATM_TAG, "JsonRes is invalid."); - return ERR_PARAM_INVALID; - } - for (auto it = jsonRes.begin(); it != jsonRes.end(); it++) { - auto token = it->get(); - if (!token.processName.empty()) { - tokenInfos.emplace_back(token); - } - } - return RET_SUCCESS; -} - -int NativeTokenReceptor::GetAllNativeTokenInfo(std::vector& tokenInfos) -{ - std::string nativeRawData; - int ret = JsonParser::ReadCfgFile(NATIVE_TOKEN_CONFIG_FILE, nativeRawData); - if (ret != RET_SUCCESS) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadCfgFile failed."); - return ret; - } - ret = ParserNativeRawData(nativeRawData, tokenInfos); - if (ret != RET_SUCCESS) { - LOGE(ATM_DOMAIN, ATM_TAG, "ParserNativeRawData failed."); - return ret; - } - return RET_SUCCESS; -} - -NativeTokenReceptor& NativeTokenReceptor::GetInstance() -{ - static NativeTokenReceptor* instance = nullptr; - if (instance == nullptr) { - std::lock_guard lock(g_instanceMutex); - if (instance == nullptr) { - NativeTokenReceptor* tmp = new NativeTokenReceptor(); - instance = std::move(tmp); - } - } - return *instance; -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS diff --git a/services/accesstokenmanager/test/coverage/BUILD.gn b/services/accesstokenmanager/test/coverage/BUILD.gn index 8ea09ba72a4734c6e4e97f68ee6c13eb92430113..931d3fc59f0d44e3f755d9b4cbb48acb23ad81e3 100644 --- a/services/accesstokenmanager/test/coverage/BUILD.gn +++ b/services/accesstokenmanager/test/coverage/BUILD.gn @@ -35,14 +35,12 @@ accesstoken_manager_service_source = [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/short_grant_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_definition_parser.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp", ] ohos_unittest("libaccesstoken_manager_service_coverage_test") { @@ -68,7 +66,7 @@ ohos_unittest("libaccesstoken_manager_service_coverage_test") { "${access_token_path}/interfaces/innerkits/nativetoken/include", "${access_token_path}/services/common/ability_manager/include", "${access_token_path}/services/common/app_manager/include", - "${access_token_path}/services/common/config_policy/include", + "${access_token_path}/services/common/json_parse/include", "${access_token_path}/services/common/database/include", "${access_token_path}/services/common/handler/include", "${access_token_path}/services/common/libraryloader/include", @@ -113,7 +111,6 @@ ohos_unittest("libaccesstoken_manager_service_coverage_test") { "hisysevent:libhisysevent", "init:libbegetutil", "ipc:ipc_single", - "json:nlohmann_json_static", "relational_store:native_rdb", "safwk:system_ability_fwk", "samgr:samgr_proxy", diff --git a/services/accesstokenmanager/test/mock/BUILD.gn b/services/accesstokenmanager/test/mock/BUILD.gn index 7a2a6d9d1221383c086cc4dd164110b4b4f29cba..57814bd33cf6a770167b299ac0cf81dbfc0a3f04 100644 --- a/services/accesstokenmanager/test/mock/BUILD.gn +++ b/services/accesstokenmanager/test/mock/BUILD.gn @@ -35,14 +35,12 @@ accesstoken_manager_service_source = [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/short_grant_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_definition_parser.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp", ] ohos_unittest("libpermission_manager_mock_test") { @@ -68,7 +66,7 @@ ohos_unittest("libpermission_manager_mock_test") { "${access_token_path}/interfaces/innerkits/nativetoken/include", "${access_token_path}/services/common/ability_manager/include", "${access_token_path}/services/common/app_manager/include", - "${access_token_path}/services/common/config_policy/include", + "${access_token_path}/services/common/json_parse/include", "${access_token_path}/services/common/database/include", "${access_token_path}/services/common/handler/include", "${access_token_path}/services/common/libraryloader/include", @@ -114,7 +112,6 @@ ohos_unittest("libpermission_manager_mock_test") { "hisysevent:libhisysevent", "init:libbegetutil", "ipc:ipc_single", - "json:nlohmann_json_static", "relational_store:native_rdb", "safwk:system_ability_fwk", "samgr:samgr_proxy", diff --git a/services/accesstokenmanager/test/unittest/BUILD.gn b/services/accesstokenmanager/test/unittest/BUILD.gn index 1a813aa80fb209a9eb8a374c658a09cf775b30ed..b83852af6b23a63267e35ad934c5effc385392e8 100644 --- a/services/accesstokenmanager/test/unittest/BUILD.gn +++ b/services/accesstokenmanager/test/unittest/BUILD.gn @@ -35,14 +35,12 @@ accesstoken_manager_service_source = [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/short_grant_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_definition_parser.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp", ] ohos_unittest("libaccesstoken_manager_service_standard_test") { @@ -68,7 +66,7 @@ ohos_unittest("libaccesstoken_manager_service_standard_test") { "${access_token_path}/interfaces/innerkits/nativetoken/include", "${access_token_path}/services/common/ability_manager/include", "${access_token_path}/services/common/app_manager/include", - "${access_token_path}/services/common/config_policy/include", + "${access_token_path}/services/common/json_parse/include", "${access_token_path}/services/common/database/include", "${access_token_path}/services/common/handler/include", "${access_token_path}/services/common/libraryloader/include", @@ -87,8 +85,6 @@ ohos_unittest("libaccesstoken_manager_service_standard_test") { "accesstoken_database_test.cpp", "accesstoken_info_manager_test.cpp", "multi_thread_test.cpp", - "native_token_receptor_test.cpp", - "permission_definition_parser_test.cpp", "permission_grant_event_test.cpp", "permission_manager_test.cpp", "short_grant_manager_test.cpp", @@ -100,10 +96,7 @@ ohos_unittest("libaccesstoken_manager_service_standard_test") { if (dlp_permission_enable == true) { cflags_cc += [ "-DSUPPORT_SANDBOX_APP" ] - sources += [ - "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/dlp_permission_set_manager.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/dlp_permission_set_parser.cpp", - ] + sources += [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/dlp_permission_set_manager.cpp" ] } configs = [ "${access_token_path}/config:coverage_flags" ] @@ -128,7 +121,6 @@ ohos_unittest("libaccesstoken_manager_service_standard_test") { "hisysevent:libhisysevent", "init:libbegetutil", "ipc:ipc_single", - "json:nlohmann_json_static", "relational_store:native_rdb", "safwk:system_ability_fwk", "samgr:samgr_proxy", diff --git a/services/accesstokenmanager/test/unittest/native_token_receptor_test.cpp b/services/accesstokenmanager/test/unittest/native_token_receptor_test.cpp index 8c281fdb213b21c4d57f14d1bfccd71277161b1d..aac2855c11e58b165004cd0545f169f9d99e11a4 100644 --- a/services/accesstokenmanager/test/unittest/native_token_receptor_test.cpp +++ b/services/accesstokenmanager/test/unittest/native_token_receptor_test.cpp @@ -162,99 +162,89 @@ HWTEST_F(NativeTokenReceptorTest, ParserNativeRawData002, TestSize.Level1) ASSERT_EQ(static_cast(0), tokenInfos.size()); } -namespace OHOS { -namespace Security { -namespace AccessToken { - extern bool from_json(const nlohmann::json& j, NativeTokenInfoBase& p); -} -} -} - /** - * @tc.name: from_json001 + * @tc.name: ParserNativeRawData002 * @tc.desc: Verify from json right case. * @tc.type: FUNC * @tc.require: Issue Number */ -HWTEST_F(NativeTokenReceptorTest, from_json001, TestSize.Level1) +HWTEST_F(NativeTokenReceptorTest, ParserNativeRawData002, TestSize.Level1) { - LOGI(ATM_DOMAIN, ATM_TAG, "test from_json001!"); - nlohmann::json j = nlohmann::json{ - {"processName", "process6"}, - {"APL", APL_SYSTEM_CORE}, - {"version", 1}, - {"tokenId", 685266937}, - {"tokenAttr", 0}, - {"dcaps", {"AT_CAP", "ST_CAP"}}, - {"permissions", {"ohos.permission.PLACE_CALL"}}, - {"nativeAcls", {"ohos.permission.PLACE_CALL"}}}; + LOGI(ATM_DOMAIN, ATM_TAG, "test ParserNativeRawData002!"); + std::string testStr = R"([)"\ + R"({"processName":"process6","APL":APL_SYSTEM_CORE,"version":1,"tokenId":685266937,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"],)"\ + R"("permissions":["ohos.permission.PLACE_CALL"],)"\ + R"("nativeAcls":["ohos.permission.PLACE_CALL"]})"\ + R"(])"; + CJsonUnique j = CreateJsonFromString(testStr); NativeTokenInfoBase native; - from_json(j, native); + NativeTokenReceptor::GetInstance().GetNativeTokenInfoFromJson(j.get(), native); ASSERT_EQ(native.tokenID, 685266937); } /** - * @tc.name: from_json002 + * @tc.name: GetnNativeTokenInfoFromJson002 * @tc.desc: Verify from json wrong case. * @tc.type: FUNC * @tc.require: Issue Number */ -HWTEST_F(NativeTokenReceptorTest, from_json002, TestSize.Level1) +HWTEST_F(NativeTokenReceptorTest, GetnNativeTokenInfoFromJson002, TestSize.Level1) { - LOGI(ATM_DOMAIN, ATM_TAG, "test from_json002!"); + LOGI(ATM_DOMAIN, ATM_TAG, "test GetnNativeTokenInfoFromJson002!"); // version wrong - nlohmann::json j = nlohmann::json{ - {"processName", "process6"}, {"APL", APL_SYSTEM_CORE}, - {"version", 2}, {"tokenId", 685266937}, - {"tokenAttr", 0}, - {"dcaps", {"AT_CAP", "ST_CAP"}}}; + std::string testStr = R"([)"\ + R"({"processName":"process6","APL":APL_SYSTEM_CORE,"version":2,"tokenId":685266937,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"]})"\ + R"(])"; + CJsonUnique j = CreateJsonFromString(testStr); NativeTokenInfoBase native; - from_json(j, native); + NativeTokenReceptor::GetInstance().GetNativeTokenInfoFromJson(j.get(), native); ASSERT_EQ(native.tokenID, 0); // APL wrong - j = nlohmann::json{ - {"processName", "process6"}, - {"APL", -1}, {"version", 1}, - {"tokenId", 685266937}, {"tokenAttr", 0}, - {"dcaps", {"AT_CAP", "ST_CAP"}}}; - from_json(j, native); + testStr = R"([)"\ + R"({"processName":"process6","APL":-1,"version":1,"tokenId":685266937,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"]})"\ + R"(])"; + j = CreateJsonFromString(testStr); + NativeTokenReceptor::GetInstance().GetNativeTokenInfoFromJson(j.get(), native); ASSERT_EQ(native.tokenID, 0); // tokenId wrong - j = nlohmann::json{ - {"processName", "process6"}, - {"APL", APL_SYSTEM_BASIC}, {"version", 1}, - {"tokenId", 0}, {"tokenAttr", 0}, - {"dcaps", {"AT_CAP", "ST_CAP"}}}; - from_json(j, native); + testStr = R"([)"\ + R"({"processName":"","APL":APL_SYSTEM_BASIC,"version":1,"tokenId":685266937,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"]})"\ + R"(])"; + j = CreateJsonFromString(testStr); + NativeTokenReceptor::GetInstance().GetNativeTokenInfoFromJson(j.get(), native); ASSERT_EQ(native.tokenID, 0); // process name empty - j = nlohmann::json{ - {"processName", ""}, - {"APL", APL_SYSTEM_BASIC}, {"version", 1}, - {"tokenId", 685266937}, {"tokenAttr", 0}, - {"dcaps", {"AT_CAP", "ST_CAP"}}}; - from_json(j, native); + testStr = R"([)"\ + R"({"processName":name,"APL":APL_SYSTEM_BASIC,"version":1,"tokenId":685266937,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"]})"\ + R"(])"; + j = CreateJsonFromString(testStr); + NativeTokenReceptor::GetInstance().GetNativeTokenInfoFromJson(j.get(), native); ASSERT_EQ(native.tokenID, 0); // process name too long - std::string name(512, 'c'); - j = nlohmann::json{ - {"processName", name}, - {"APL", APL_SYSTEM_BASIC}, {"version", 1}, - {"tokenId", 685266937}, {"tokenAttr", 0}, - {"dcaps", {"AT_CAP", "ST_CAP"}}}; - from_json(j, native); + testStr = R"([)"\ + R"({"processName":name,"APL":APL_SYSTEM_BASIC,"version":1,"tokenId":685266937,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"]})"\ + R"(])"; + j = CreateJsonFromString(testStr); + NativeTokenReceptor::GetInstance().GetNativeTokenInfoFromJson(j.get(), native); ASSERT_EQ(native.tokenID, 0); // lose process name - j = nlohmann::json{ - {"APL", APL_SYSTEM_BASIC}, - {"version", 1}, {"tokenId", 685266937}, - {"tokenAttr", 0}, {"dcaps", {"AT_CAP", "ST_CAP"}}}; - from_json(j, native); + testStr = R"([)"\ + R"({"APL":APL_SYSTEM_BASIC,"version":1,"tokenId":685266937,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"]})"\ + R"(])"; + j = CreateJsonFromString(testStr); + NativeTokenReceptor::GetInstance().GetNativeTokenInfoFromJson(j.get(), native); ASSERT_EQ(native.tokenID, 0); } diff --git a/services/accesstokenmanager/test/unittest/permission_definition_parser_test.cpp b/services/accesstokenmanager/test/unittest/permission_definition_parser_test.cpp deleted file mode 100644 index 951447117b15a8adba479188833ccd1852d62f4d..0000000000000000000000000000000000000000 --- a/services/accesstokenmanager/test/unittest/permission_definition_parser_test.cpp +++ /dev/null @@ -1,373 +0,0 @@ -/* - * Copyright (c) 2021-2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "permission_definition_parser_test.h" - -#include "gtest/gtest.h" -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "access_token.h" -#include "accesstoken_info_manager.h" -#include "accesstoken_kit.h" -#include "access_token_error.h" -#include "permission_manager.h" -#include "permission_status.h" -#define private public -#include "json_parser.h" -#include "permission_definition_cache.h" -#include "permission_definition_parser.h" -#undef private -#include "securec.h" -#include "access_token_db.h" - -using namespace testing::ext; -using namespace OHOS::Security::AccessToken; - -namespace { -static bool g_hasHapPermissionDefinition; -static std::map g_permissionDefinitionMap; -static const int32_t EXTENSION_PERMISSION_ID = 0; -static const std::string SYSTEM_PERMISSION_A = "ohos.permission.PermDefParserTestA"; -static const std::string USER_PERMISSION_B = "ohos.permission.PermDefParserTestB"; -} - -void PermissionDefinitionParserTest::SetUpTestCase() -{ -} - -void PermissionDefinitionParserTest::TearDownTestCase() -{ -} - -void PermissionDefinitionParserTest::SetUp() -{ - g_permissionDefinitionMap = PermissionDefinitionCache::GetInstance().permissionDefinitionMap_; - PermissionDefinitionCache::GetInstance().permissionDefinitionMap_.clear(); - g_hasHapPermissionDefinition = PermissionDefinitionCache::GetInstance().hasHapPermissionDefinition_; - PermissionDefinitionCache::GetInstance().hasHapPermissionDefinition_ = false; -} - -void PermissionDefinitionParserTest::TearDown() -{ - PermissionDefinitionCache::GetInstance().permissionDefinitionMap_ = g_permissionDefinitionMap; // recovery - PermissionDefinitionCache::GetInstance().hasHapPermissionDefinition_ = g_hasHapPermissionDefinition; - LOGI(ATM_DOMAIN, ATM_TAG, "test down!"); -} - -/** - * @tc.name: ParserPermsRawDataTest001 - * @tc.desc: Parse permission definition information. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(PermissionDefinitionParserTest, ParserPermsRawDataTest001, TestSize.Level1) -{ - EXPECT_FALSE(PermissionDefinitionCache::GetInstance().HasDefinition(SYSTEM_PERMISSION_A)); - EXPECT_FALSE(PermissionDefinitionCache::GetInstance().HasDefinition(USER_PERMISSION_B)); - PermissionDefinitionParser& parser = PermissionDefinitionParser::GetInstance(); - std::string permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestB","grantMode":"user_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false,)"\ - R"("label":"$string:test_label_B","description":"$string:test_description_B"}]})"; - std::vector permDefList; - int32_t ret = parser.ParserPermsRawData(permsRawData, permDefList); - ASSERT_EQ(ret, RET_SUCCESS); - EXPECT_EQ(2, permDefList.size()); - - for (const auto& perm : permDefList) { - GTEST_LOG_(INFO) << perm.permissionName.c_str(); - PermissionDefinitionCache::GetInstance().Insert(perm, EXTENSION_PERMISSION_ID); - } - - EXPECT_TRUE(PermissionDefinitionCache::GetInstance().HasDefinition(SYSTEM_PERMISSION_A)); - EXPECT_TRUE(PermissionDefinitionCache::GetInstance().HasDefinition(USER_PERMISSION_B)); - PermissionDef permissionDefResult; - PermissionManager::GetInstance().GetDefPermission(SYSTEM_PERMISSION_A, permissionDefResult); - EXPECT_EQ(SYSTEM_GRANT, permissionDefResult.grantMode); - EXPECT_EQ(APL_SYSTEM_BASIC, permissionDefResult.availableLevel); - EXPECT_EQ(SERVICE, permissionDefResult.availableType); - EXPECT_EQ(true, permissionDefResult.provisionEnable); - EXPECT_EQ(false, permissionDefResult.distributedSceneEnable); - EXPECT_EQ("", permissionDefResult.label); - EXPECT_EQ("", permissionDefResult.description); - - PermissionManager::GetInstance().GetDefPermission(USER_PERMISSION_B, permissionDefResult); - EXPECT_EQ(USER_GRANT, permissionDefResult.grantMode); - EXPECT_EQ(APL_SYSTEM_BASIC, permissionDefResult.availableLevel); - EXPECT_EQ(SERVICE, permissionDefResult.availableType); - EXPECT_EQ(true, permissionDefResult.provisionEnable); - EXPECT_EQ(false, permissionDefResult.distributedSceneEnable); - EXPECT_EQ("$string:test_label_B", permissionDefResult.label); - EXPECT_EQ("$string:test_description_B", permissionDefResult.description); -} - -/** - * @tc.name: ParserPermsRawDataTest002 - * @tc.desc: Invalid file. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(PermissionDefinitionParserTest, ParserPermsRawDataTest002, TestSize.Level1) -{ - PermissionDefinitionParser& parser = PermissionDefinitionParser::GetInstance(); - std::string permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.xxxxxxxxxxxxxxxxxxxxxxxxxx",)"\ - R"("xxxxxxxxxxxxxxxxxxxxxxxxxx":"$string:test_description_B"}]})"; - std::vector permDefList; - int32_t ret = parser.ParserPermsRawData(permsRawData, permDefList); - ASSERT_EQ(ret, ERR_PERM_REQUEST_CFG_FAILED); -} - -/** - * @tc.name: ParserPermsRawDataTest003 - * @tc.desc: Permission definition file missing. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(PermissionDefinitionParserTest, ParserPermsRawDataTest003, TestSize.Level1) -{ - EXPECT_FALSE(PermissionDefinitionCache::GetInstance().HasDefinition(SYSTEM_PERMISSION_A)); - EXPECT_FALSE(PermissionDefinitionCache::GetInstance().HasDefinition(USER_PERMISSION_B)); - PermissionDefinitionParser& parser = PermissionDefinitionParser::GetInstance(); - std::string permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}]})"; - std::vector permDefList; - int32_t ret = parser.ParserPermsRawData(permsRawData, permDefList); - ASSERT_EQ(ret, ERR_PARAM_INVALID); - - permsRawData = R"({"userGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestB","grantMode":"user_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false,)"\ - R"("label":"$string:test_label_B","description":"$string:test_description_B"}]})"; - ret = parser.ParserPermsRawData(permsRawData, permDefList); - ASSERT_EQ(ret, ERR_PARAM_INVALID); -} - -/** - * @tc.name: FromJson001 - * @tc.desc: Test property value is missing - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(PermissionDefinitionParserTest, FromJson001, TestSize.Level1) -{ - PermissionDefinitionParser& instance = PermissionDefinitionParser::GetInstance(); - std::string permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"grantMode":"system_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[]})"; - std::vector permDefList; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(0, permDefList.size()); - EXPECT_EQ(false, PermissionDefinitionCache::GetInstance().HasDefinition(SYSTEM_PERMISSION_A)); - - permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[]})"; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(0, permDefList.size()); - EXPECT_EQ(false, PermissionDefinitionCache::GetInstance().HasDefinition(SYSTEM_PERMISSION_A)); - - permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[]})"; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(0, permDefList.size()); - EXPECT_EQ(false, PermissionDefinitionCache::GetInstance().HasDefinition(SYSTEM_PERMISSION_A)); - - permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ - R"("provisionEnable":true,"distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[]})"; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(0, permDefList.size()); - EXPECT_EQ(false, PermissionDefinitionCache::GetInstance().HasDefinition(SYSTEM_PERMISSION_A)); -} - -/** - * @tc.name: FromJson002 - * @tc.desc: Test property value is missing - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(PermissionDefinitionParserTest, FromJson002, TestSize.Level1) -{ - PermissionDefinitionParser& instance = PermissionDefinitionParser::GetInstance(); - std::string permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[]})"; - std::vector permDefList; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(0, permDefList.size()); - EXPECT_EQ(false, PermissionDefinitionCache::GetInstance().HasDefinition(SYSTEM_PERMISSION_A)); - - permsRawData = R"({"systemGrantPermissions":[],)"\ - R"("userGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestB","grantMode":"user_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false,)"\ - R"("description":"$string:test_description_B"}]})"; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(0, permDefList.size()); - EXPECT_EQ(false, PermissionDefinitionCache::GetInstance().HasDefinition(USER_PERMISSION_B)); - - permsRawData = R"({"systemGrantPermissions":[],)"\ - R"("userGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestB","grantMode":"user_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false,})"\ - R"("label":"$string:test_label_B"]})"; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(0, permDefList.size()); - EXPECT_EQ(false, PermissionDefinitionCache::GetInstance().HasDefinition(USER_PERMISSION_B)); -} - -/** - * @tc.name: FromJson003 - * @tc.desc: Invalid param - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(PermissionDefinitionParserTest, FromJson003, TestSize.Level1) -{ - PermissionDefinitionParser& instance = PermissionDefinitionParser::GetInstance(); - std::string permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":123,"grantMode":"system_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[]})"; - std::vector permDefList; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(0, permDefList.size()); - EXPECT_EQ(false, PermissionDefinitionCache::GetInstance().HasDefinition(SYSTEM_PERMISSION_A)); - - permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":123,"availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[]})"; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(0, permDefList.size()); - EXPECT_EQ(false, PermissionDefinitionCache::GetInstance().HasDefinition(SYSTEM_PERMISSION_A)); - - permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":123,)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[]})"; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(0, permDefList.size()); - EXPECT_EQ(false, PermissionDefinitionCache::GetInstance().HasDefinition(SYSTEM_PERMISSION_A)); - - permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ - R"("availableType":SERVICE,"provisionEnable":true,"distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[]})"; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(0, permDefList.size()); - EXPECT_EQ(false, PermissionDefinitionCache::GetInstance().HasDefinition(SYSTEM_PERMISSION_A)); -} - -/** - * @tc.name: FromJson004 - * @tc.desc: Invalid param - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(PermissionDefinitionParserTest, FromJson004, TestSize.Level1) -{ - PermissionDefinitionParser& instance = PermissionDefinitionParser::GetInstance(); - std::string permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":"true","distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[]})"; - std::vector permDefList; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(0, permDefList.size()); - EXPECT_EQ(false, PermissionDefinitionCache::GetInstance().HasDefinition(SYSTEM_PERMISSION_A)); - - permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":"false"}],)"\ - R"("userGrantPermissions":[]})"; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(0, permDefList.size()); - EXPECT_EQ(false, PermissionDefinitionCache::GetInstance().HasDefinition(SYSTEM_PERMISSION_A)); - - permsRawData = R"({"systemGrantPermissions":[],)"\ - R"("userGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestB","grantMode":"user_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false,"label":123,)"\ - R"("description":"$string:test_description_B"}]})"; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(0, permDefList.size()); - EXPECT_EQ(false, PermissionDefinitionCache::GetInstance().HasDefinition(USER_PERMISSION_B)); - - permsRawData = R"({"systemGrantPermissions":[],)"\ - R"("userGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestB","grantMode":"user_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false,)"\ - R"("label":"$string:test_label_B","description":123}]})"; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(0, permDefList.size()); - EXPECT_EQ(false, PermissionDefinitionCache::GetInstance().HasDefinition(USER_PERMISSION_B)); -} - -/** - * @tc.name: FromJson005 - * @tc.desc: Invalid param - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(PermissionDefinitionParserTest, FromJson005, TestSize.Level1) -{ - PermissionDefinitionParser& instance = PermissionDefinitionParser::GetInstance(); - std::string permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"","grantMode":"system_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[]})"; - std::vector permDefList; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(0, permDefList.size()); - - permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"test",)"\ - R"("availableType":TEST,"provisionEnable":true,"distributedSceneEnable":"false"}],)"\ - R"("userGrantPermissions":[]})"; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(0, permDefList.size()); -} - -/** - * @tc.name: IsSystemGrantedPermission001 - * @tc.desc: Invalid param - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(PermissionDefinitionParserTest, IsSystemGrantedPermission001, TestSize.Level1) -{ - EXPECT_FALSE( - PermissionDefinitionCache::GetInstance().IsSystemGrantedPermission("ohos.permission.SYSTEM_GRANT_FASLE")); -} diff --git a/services/accesstokenmanager/test/unittest/permission_manager_test.cpp b/services/accesstokenmanager/test/unittest/permission_manager_test.cpp index c07ef53d393f5d477976b0ee41bf300c989ea665..be9f5a49399b1b47fbb336b4eef3d61932e64fc3 100644 --- a/services/accesstokenmanager/test/unittest/permission_manager_test.cpp +++ b/services/accesstokenmanager/test/unittest/permission_manager_test.cpp @@ -21,7 +21,6 @@ #ifdef SUPPORT_SANDBOX_APP #define private public #include "dlp_permission_set_manager.h" -#include "dlp_permission_set_parser.h" #undef private #endif #define private public @@ -298,386 +297,6 @@ static AccessTokenID CreateTempHapTokenInfo() return tokenID; } -#ifdef SUPPORT_SANDBOX_APP -static void PrepareJsonData1() -{ - std::string testStr = R"({"dlpPermissions":[)"\ - R"({"name":"ohos.permission.CAPTURE_SCREEN","dlpGrantRange":"none"},)"\ - R"({"name":"ohos.permission.CHANGE_ABILITY_ENABLED_STATE","dlpGrantRange":"all"},)"\ - R"({"name":"ohos.permission.CLEAN_APPLICATION_DATA","dlpGrantRange":"full_control"}]})"; - - std::vector dlpPerms; - int32_t res = DlpPermissionSetParser::GetInstance().ParserDlpPermsRawData(testStr, dlpPerms); - if (res != RET_SUCCESS) { - GTEST_LOG_(INFO) << "ParserDlpPermsRawData failed:"; - } - for (auto iter = dlpPerms.begin(); iter != dlpPerms.end(); iter++) { - GTEST_LOG_(INFO) << "iter:" << iter->permissionName.c_str(); - } - DlpPermissionSetManager::GetInstance().ProcessDlpPermInfos(dlpPerms); -} - -/** - * @tc.name: DlpPermissionConfig001 - * @tc.desc: test DLP_COMMON app with system_grant permissions. - * @tc.type: FUNC - * @tc.require: SR000GVIGR - */ -HWTEST_F(PermissionManagerTest, DlpPermissionConfig001, TestSize.Level1) -{ - PrepareJsonData1(); - - g_infoManagerTestStateA.permissionName = "ohos.permission.CAPTURE_SCREEN"; - g_infoManagerTestStateB.permissionName = "ohos.permission.CHANGE_ABILITY_ENABLED_STATE"; - g_infoManagerTestStateC.permissionName = "ohos.permission.CLEAN_APPLICATION_DATA"; - g_infoManagerTestStateD.permissionName = "ohos.permission.COMMONEVENT_STICKY"; - - static HapPolicy infoManagerTestPolicyPrams = { - .apl = APL_NORMAL, - .domain = "test.domain1", - .permList = {}, - .permStateList = {g_infoManagerTestStateA, g_infoManagerTestStateB, - g_infoManagerTestStateC, g_infoManagerTestStateD} - }; - static HapInfoParams infoManagerTestInfoParms = { - .userID = 1, - .bundleName = "DlpPermissionConfig001", - .instIndex = 0, - .dlpType = DLP_COMMON, - .appIDDesc = "DlpPermissionConfig001" - }; - AccessTokenIDEx tokenIdEx = {0}; - int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms, - infoManagerTestPolicyPrams, tokenIdEx); - ASSERT_EQ(RET_SUCCESS, ret); - GTEST_LOG_(INFO) << "add a hap token"; - - AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; - ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( - tokenID, "ohos.permission.COMMONEVENT_STICKY"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( - tokenID, "ohos.permission.CAPTURE_SCREEN"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( - tokenID, "ohos.permission.CHANGE_ABILITY_ENABLED_STATE"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( - tokenID, "ohos.permission.CLEAN_APPLICATION_DATA"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - - ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); - ASSERT_EQ(RET_SUCCESS, ret); - GTEST_LOG_(INFO) << "remove the token info"; -} - -/** - * @tc.name: DlpPermissionConfig002 - * @tc.desc: test DLP_READ app with system_grant permissions. - * @tc.type: FUNC - * @tc.require: SR000GVIGR - */ -HWTEST_F(PermissionManagerTest, DlpPermissionConfig002, TestSize.Level1) -{ - PrepareJsonData1(); - - g_infoManagerTestStateA.permissionName = "ohos.permission.CAPTURE_SCREEN"; - g_infoManagerTestStateB.permissionName = "ohos.permission.CHANGE_ABILITY_ENABLED_STATE"; - g_infoManagerTestStateC.permissionName = "ohos.permission.CLEAN_APPLICATION_DATA"; - g_infoManagerTestStateD.permissionName = "ohos.permission.COMMONEVENT_STICKY"; - - static HapPolicy infoManagerTestPolicyPrams = { - .apl = APL_NORMAL, - .domain = "test.domain2", - .permList = {}, - .permStateList = {g_infoManagerTestStateA, g_infoManagerTestStateB, - g_infoManagerTestStateC, g_infoManagerTestStateD} - }; - static HapInfoParams infoManagerTestInfoParms = { - .userID = 1, - .bundleName = "DlpPermissionConfig002", - .instIndex = 0, - .dlpType = DLP_READ, - .appIDDesc = "DlpPermissionConfig002" - }; - AccessTokenIDEx tokenIdEx = {0}; - int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms, - infoManagerTestPolicyPrams, tokenIdEx); - ASSERT_EQ(RET_SUCCESS, ret); - GTEST_LOG_(INFO) << "add a hap token"; - - AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; - ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( - tokenID, "ohos.permission.CAPTURE_SCREEN"); - ASSERT_EQ(PERMISSION_DENIED, ret); - ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( - tokenID, "ohos.permission.COMMONEVENT_STICKY"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( - tokenID, "ohos.permission.CHANGE_ABILITY_ENABLED_STATE"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( - tokenID, "ohos.permission.CLEAN_APPLICATION_DATA"); - ASSERT_EQ(PERMISSION_DENIED, ret); - - ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); - ASSERT_EQ(RET_SUCCESS, ret); - GTEST_LOG_(INFO) << "remove the token info"; -} - -/** - * @tc.name: DlpPermissionConfig003 - * @tc.desc: test DLP_FULL_CONTROL app with system_grant permissions. - * @tc.type: FUNC - * @tc.require: SR000GVIGR - */ -HWTEST_F(PermissionManagerTest, DlpPermissionConfig003, TestSize.Level1) -{ - PrepareJsonData1(); - - g_infoManagerTestStateA.permissionName = "ohos.permission.CAPTURE_SCREEN"; - g_infoManagerTestStateB.permissionName = "ohos.permission.CHANGE_ABILITY_ENABLED_STATE"; - g_infoManagerTestStateC.permissionName = "ohos.permission.CLEAN_APPLICATION_DATA"; - g_infoManagerTestStateD.permissionName = "ohos.permission.COMMONEVENT_STICKY"; - - static HapPolicy infoManagerTestPolicyPrams = { - .apl = APL_NORMAL, - .domain = "test.domain3", - .permList = {}, - .permStateList = {g_infoManagerTestStateA, g_infoManagerTestStateB, - g_infoManagerTestStateC, g_infoManagerTestStateD} - }; - static HapInfoParams infoManagerTestInfoParms = { - .userID = 1, - .bundleName = "DlpPermissionConfig003", - .instIndex = 0, - .dlpType = DLP_FULL_CONTROL, - .appIDDesc = "DlpPermissionConfig003" - }; - AccessTokenIDEx tokenIdEx = {0}; - int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms, - infoManagerTestPolicyPrams, tokenIdEx); - ASSERT_EQ(RET_SUCCESS, ret); - GTEST_LOG_(INFO) << "add a hap token"; - - AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; - ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( - tokenID, "ohos.permission.CLEAN_APPLICATION_DATA"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( - tokenID, "ohos.permission.COMMONEVENT_STICKY"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( - tokenID, "ohos.permission.CAPTURE_SCREEN"); - ASSERT_EQ(PERMISSION_DENIED, ret); - ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( - tokenID, "ohos.permission.CHANGE_ABILITY_ENABLED_STATE"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); - ASSERT_EQ(RET_SUCCESS, ret); - GTEST_LOG_(INFO) << "remove the token info"; -} - -static void PrepareUserPermState() -{ - g_infoManagerTestStateA.permissionName = "ohos.permission.MEDIA_LOCATION"; - g_infoManagerTestStateA.grantStatus = PERMISSION_DENIED; - g_infoManagerTestStateB.permissionName = "ohos.permission.MICROPHONE"; - g_infoManagerTestStateB.grantStatus = PERMISSION_DENIED; - g_infoManagerTestStateC.permissionName = "ohos.permission.READ_CALENDAR"; - g_infoManagerTestStateC.grantStatus = PERMISSION_DENIED; - g_infoManagerTestStateD.permissionName = "ohos.permission.READ_CALL_LOG"; - g_infoManagerTestStateD.grantStatus = PERMISSION_DENIED; -} - -static void PrepareJsonData2() -{ - std::string testStr = R"({"dlpPermissions":[)"\ - R"({"name":"ohos.permission.MEDIA_LOCATION","dlpGrantRange":"none"},)"\ - R"({"name":"ohos.permission.MICROPHONE","dlpGrantRange":"all"},)"\ - R"({"name":"ohos.permission.READ_CALENDAR","dlpGrantRange":"full_control"}]})"; - - std::vector dlpPermissions; - int32_t res = DlpPermissionSetParser::GetInstance().ParserDlpPermsRawData(testStr, dlpPermissions); - if (res != RET_SUCCESS) { - GTEST_LOG_(INFO) << "ParserDlpPermsRawData failed:"; - } - DlpPermissionSetManager::GetInstance().ProcessDlpPermInfos(dlpPermissions); -} - -/** - * @tc.name: DlpPermissionConfig004 - * @tc.desc: test DLP_COMMON app with user_grant permissions. - * @tc.type: FUNC - * @tc.require: SR000GVIGR - */ -HWTEST_F(PermissionManagerTest, DlpPermissionConfig004, TestSize.Level1) -{ - PrepareJsonData2(); - PrepareUserPermState(); - - static HapPolicy infoManagerTestPolicyPrams = { - .apl = APL_NORMAL, - .domain = "test.domain4", - .permList = {g_infoManagerPermDef1, g_infoManagerPermDef2, - g_infoManagerPermDef3, g_infoManagerPermDef4}, - .permStateList = {g_infoManagerTestStateA, g_infoManagerTestStateB, - g_infoManagerTestStateC, g_infoManagerTestStateD} - }; - static HapInfoParams infoManagerTestInfoParms = { - .userID = 1, - .bundleName = "DlpPermissionConfig004", - .instIndex = 0, - .dlpType = DLP_COMMON, - .appIDDesc = "DlpPermissionConfig004" - }; - AccessTokenIDEx tokenIdEx = {0}; - int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms, - infoManagerTestPolicyPrams, tokenIdEx); - ASSERT_EQ(RET_SUCCESS, ret); - GTEST_LOG_(INFO) << "add a hap token"; - - AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; - - PermissionManager::GetInstance().GrantPermission(tokenID, - "ohos.permission.MEDIA_LOCATION", PERMISSION_USER_FIXED); - PermissionManager::GetInstance().GrantPermission(tokenID, - "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED); - PermissionManager::GetInstance().GrantPermission(tokenID, - "ohos.permission.READ_CALENDAR", PERMISSION_USER_FIXED); - ASSERT_EQ(RET_SUCCESS, ret); - PermissionManager::GetInstance().GrantPermission(tokenID, - "ohos.permission.READ_CALL_LOG", PERMISSION_USER_FIXED); - - ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.MEDIA_LOCATION"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.READ_CALENDAR"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.READ_CALL_LOG"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - - ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); - ASSERT_EQ(RET_SUCCESS, ret); - GTEST_LOG_(INFO) << "remove the token info"; -} - -/** - * @tc.name: DlpPermissionConfig005 - * @tc.desc: test DLP_READ app with user_grant permissions. - * @tc.type: FUNC - * @tc.require: SR000GVIGR - */ -HWTEST_F(PermissionManagerTest, DlpPermissionConfig005, TestSize.Level1) -{ - PrepareJsonData2(); - PrepareUserPermState(); - - static HapPolicy infoManagerTestPolicyPrams = { - .apl = APL_NORMAL, - .domain = "test.domain5", - .permList = {g_infoManagerPermDef1, g_infoManagerPermDef2, - g_infoManagerPermDef3, g_infoManagerPermDef4}, - .permStateList = {g_infoManagerTestStateA, g_infoManagerTestStateB, - g_infoManagerTestStateC, g_infoManagerTestStateD} - }; - static HapInfoParams infoManagerTestInfoParms = { - .userID = 1, - .bundleName = "DlpPermissionConfig005", - .instIndex = 0, - .dlpType = DLP_READ, - .appIDDesc = "DlpPermissionConfig005" - }; - AccessTokenIDEx tokenIdEx = {0}; - int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms, - infoManagerTestPolicyPrams, tokenIdEx); - ASSERT_EQ(RET_SUCCESS, ret); - GTEST_LOG_(INFO) << "add a hap token"; - - AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; - - PermissionManager::GetInstance().GrantPermission(tokenID, - "ohos.permission.READ_CALENDAR", PERMISSION_USER_FIXED); - PermissionManager::GetInstance().GrantPermission(tokenID, - "ohos.permission.READ_CALL_LOG", PERMISSION_USER_FIXED); - PermissionManager::GetInstance().GrantPermission(tokenID, - "ohos.permission.MEDIA_LOCATION", PERMISSION_USER_FIXED); - PermissionManager::GetInstance().GrantPermission(tokenID, - "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED); - - ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.READ_CALENDAR"); - ASSERT_EQ(PERMISSION_DENIED, ret); - ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.READ_CALL_LOG"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.MEDIA_LOCATION"); - ASSERT_EQ(PERMISSION_DENIED, ret); - ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - - ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); - ASSERT_EQ(RET_SUCCESS, ret); - GTEST_LOG_(INFO) << "remove the token info"; -} - -/** - * @tc.name: DlpPermissionConfig006 - * @tc.desc: test DLP_FULL_CONTROL app with user_grant permissions. - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(PermissionManagerTest, DlpPermissionConfig006, TestSize.Level1) -{ - PrepareJsonData2(); - PrepareUserPermState(); - - static HapPolicy infoManagerTestPolicyPrams = { - .apl = APL_NORMAL, - .domain = "test.domain6", - .permList = {g_infoManagerPermDef1, g_infoManagerPermDef2, - g_infoManagerPermDef3, g_infoManagerPermDef4}, - .permStateList = {g_infoManagerTestStateA, g_infoManagerTestStateB, - g_infoManagerTestStateC, g_infoManagerTestStateD} - }; - static HapInfoParams infoManagerTestInfoParms = { - .userID = 1, - .bundleName = "DlpPermissionConfig006", - .instIndex = 0, - .dlpType = DLP_FULL_CONTROL, - .appIDDesc = "DlpPermissionConfig006" - }; - AccessTokenIDEx tokenIdEx = {0}; - int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms, - infoManagerTestPolicyPrams, tokenIdEx); - ASSERT_EQ(RET_SUCCESS, ret); - GTEST_LOG_(INFO) << "add a hap token"; - - AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; - - PermissionManager::GetInstance().GrantPermission(tokenID, - "ohos.permission.READ_CALENDAR", PERMISSION_USER_FIXED); - PermissionManager::GetInstance().GrantPermission(tokenID, - "ohos.permission.MEDIA_LOCATION", PERMISSION_USER_FIXED); - PermissionManager::GetInstance().GrantPermission(tokenID, - "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED); - PermissionManager::GetInstance().GrantPermission(tokenID, - "ohos.permission.READ_CALL_LOG", PERMISSION_USER_FIXED); - - ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.READ_CALENDAR"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.MEDIA_LOCATION"); - ASSERT_EQ(PERMISSION_DENIED, ret); - ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.READ_CALL_LOG"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - - ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); - ASSERT_EQ(RET_SUCCESS, ret); - GTEST_LOG_(INFO) << "remove the token info"; -} -#endif - /** * @tc.name: ScopeFilter001 * @tc.desc: Test filter scopes. @@ -894,8 +513,8 @@ HWTEST_F(PermissionManagerTest, GetDefPermissions001, TestSize.Level1) { std::vector result; - // permissionName is empty - PermissionManager::GetInstance().GetDefPermissions(0, result); + AccessTokenID tokenId = 123; + PermissionManager::GetInstance().GetDefPermissions(tokenId, result); ASSERT_TRUE(result.empty()); } @@ -914,7 +533,6 @@ HWTEST_F(PermissionManagerTest, GetDefPermissions002, TestSize.Level1) std::vector result; AccessTokenID tokenId = tokenIdEx.tokenIdExStruct.tokenID; - // permissionName is empty PermissionManager::GetInstance().GetDefPermissions(tokenId, result); ASSERT_TRUE(!result.empty()); @@ -922,6 +540,21 @@ HWTEST_F(PermissionManagerTest, GetDefPermissions002, TestSize.Level1) ASSERT_EQ(RET_SUCCESS, ret); } +/** + * @tc.name: GetDefPermissions003 + * @tc.desc: GetDefPermissions with extension tokenId + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionManagerTest, GetDefPermissions003, TestSize.Level1) +{ + std::vector result; + + AccessTokenID tokenId = 0; + PermissionManager::GetInstance().GetDefPermissions(tokenId, result); + ASSERT_TRUE(!result.empty()); +} + /** * @tc.name: GetReqPermissions001 * @tc.desc: GetReqPermissions with invalid tokenid diff --git a/services/common/BUILD.gn b/services/common/BUILD.gn index 2181cb8c6e2e60f4d8500a9c18fec19e9b455bf3..d9e57623222c2e148f5638b2b5d2aff902c0e6da 100644 --- a/services/common/BUILD.gn +++ b/services/common/BUILD.gn @@ -94,7 +94,8 @@ group("accesstoken_common") { deps = [ ":accesstoken_service_common", "ability_manager:accesstoken_ability_manager_adapter", - "config_policy:accesstoken_config_policy", + "json_parse:accesstoken_cjson_utils", + "json_parse:accesstoken_json_parse", "screenlock_manager:accesstoken_screenlock_manager", ] } diff --git a/services/common/config_policy/src/config_policy_loader.cpp b/services/common/config_policy/src/config_policy_loader.cpp deleted file mode 100644 index 2819ce70d8dd40ee23bc9478e75f5da1162a98e5..0000000000000000000000000000000000000000 --- a/services/common/config_policy/src/config_policy_loader.cpp +++ /dev/null @@ -1,202 +0,0 @@ -/* - * Copyright (c) 2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include "config_policy_loader.h" - -#ifdef CUSTOMIZATION_CONFIG_POLICY_ENABLE -#include "accesstoken_common_log.h" -#include "config_policy_utils.h" -#include "json_parser.h" -#endif - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -#ifdef CUSTOMIZATION_CONFIG_POLICY_ENABLE -static constexpr const char* ACCESSTOKEN_CONFIG_FILE = "/etc/access_token/accesstoken_config.json"; - -static constexpr const char* PERMISSION_MANAGER_BUNDLE_NAME_KEY = "permission_manager_bundle_name"; -static constexpr const char* GRANT_ABILITY_NAME_KEY = "grant_ability_name"; -static constexpr const char* GRANT_SERVICE_ABILITY_NAME_KEY = "grant_service_ability_name"; -static constexpr const char* PERMISSION_STATE_SHEET_ABILITY_NAME_KEY = "permission_state_sheet_ability_name"; -static constexpr const char* GLOBAL_SWITCH_SHEET_ABILITY_NAME_KEY = "global_switch_sheet_ability_name"; -static constexpr const char* TEMP_PERM_CANCLE_TIME_KEY = "temp_perm_cencle_time"; -static constexpr const char* APPLICATION_SETTING_ABILITY_NAME_KEY = "application_setting_ability_name"; - -static constexpr const char* RECORD_SIZE_MAXIMUM_KEY = "permission_used_record_size_maximum"; -static constexpr const char* RECORD_AGING_TIME_KEY = "permission_used_record_aging_time"; -static constexpr const char* GLOBAL_DIALOG_BUNDLE_NAME_KEY = "global_dialog_bundle_name"; -static constexpr const char* GLOBAL_DIALOG_ABILITY_NAME_KEY = "global_dialog_ability_name"; - -static constexpr const char* SEND_REQUEST_REPEAT_TIMES_KEY = "send_request_repeat_times"; -#endif // CUSTOMIZATION_CONFIG_POLICY_ENABLE -} - -#ifdef CUSTOMIZATION_CONFIG_POLICY_ENABLE -void ConfigPolicLoader::GetConfigFilePathList(std::vector& pathList) -{ - CfgDir *dirs = GetCfgDirList(); // malloc a CfgDir point, need to free later - if (dirs == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Can't get cfg file path."); - return; - } - - for (const auto& path : dirs->paths) { - if ((path == nullptr) || (!JsonParser::IsDirExsit(path))) { - continue; - } - - LOGI(ATM_DOMAIN, ATM_TAG, "Accesstoken cfg dir: %{public}s.", path); - pathList.emplace_back(path); - } - - FreeCfgDirList(dirs); // free -} - -void from_json(const nlohmann::json& j, AccessTokenServiceConfig& a) -{ - if (!JsonParser::GetStringFromJson(j, PERMISSION_MANAGER_BUNDLE_NAME_KEY, a.grantBundleName)) { - return; - } - - if (!JsonParser::GetStringFromJson(j, GRANT_ABILITY_NAME_KEY, a.grantAbilityName)) { - return; - } - - if (!JsonParser::GetStringFromJson(j, GRANT_SERVICE_ABILITY_NAME_KEY, a.grantAbilityName)) { - return; - } - - if (!JsonParser::GetStringFromJson(j, PERMISSION_STATE_SHEET_ABILITY_NAME_KEY, a.permStateAbilityName)) { - return; - } - - if (!JsonParser::GetStringFromJson(j, GLOBAL_SWITCH_SHEET_ABILITY_NAME_KEY, a.globalSwitchAbilityName)) { - return; - } - - if (!JsonParser::GetIntFromJson(j, TEMP_PERM_CANCLE_TIME_KEY, a.cancleTime)) { - return; - } - - if (!JsonParser::GetStringFromJson(j, APPLICATION_SETTING_ABILITY_NAME_KEY, a.applicationSettingAbilityName)) { - return; - } -} - -void from_json(const nlohmann::json& j, PrivacyServiceConfig& p) -{ - if (!JsonParser::GetIntFromJson(j, RECORD_SIZE_MAXIMUM_KEY, p.sizeMaxImum)) { - return; - } - - if (!JsonParser::GetIntFromJson(j, RECORD_AGING_TIME_KEY, p.agingTime)) { - return; - } - - if (!JsonParser::GetStringFromJson(j, GLOBAL_DIALOG_BUNDLE_NAME_KEY, p.globalDialogBundleName)) { - return; - } - - if (!JsonParser::GetStringFromJson(j, GLOBAL_DIALOG_ABILITY_NAME_KEY, p.globalDialogAbilityName)) { - return; - } -} - -void from_json(const nlohmann::json& j, TokenSyncServiceConfig& t) -{ - if (!JsonParser::GetIntFromJson(j, SEND_REQUEST_REPEAT_TIMES_KEY, t.sendRequestRepeatTimes)) { - return; - } -} - -bool ConfigPolicLoader::GetConfigValueFromFile(const ServiceType& type, const std::string& fileContent, - AccessTokenConfigValue& config) -{ - nlohmann::json jsonRes = nlohmann::json::parse(fileContent, nullptr, false); - if (jsonRes.is_discarded()) { - LOGE(ATM_DOMAIN, ATM_TAG, "JsonRes is invalid."); - return false; - } - - if (type == ServiceType::ACCESSTOKEN_SERVICE) { - if ((jsonRes.find("accesstoken") != jsonRes.end()) && (jsonRes.at("accesstoken").is_object())) { - config.atConfig = jsonRes.at("accesstoken").get(); - return true; - } else { - return false; - } - } else if (type == ServiceType::PRIVACY_SERVICE) { - if ((jsonRes.find("privacy") != jsonRes.end()) && (jsonRes.at("privacy").is_object())) { - config.pConfig = jsonRes.at("privacy").get(); - return true; - } else { - return false; - } - } - - if ((jsonRes.find("tokensync") != jsonRes.end()) && (jsonRes.at("tokensync").is_object())) { - config.tsConfig = jsonRes.at("tokensync").get(); - return true; - } else { - return false; - } -} -#endif // CUSTOMIZATION_CONFIG_POLICY_ENABLE - -bool ConfigPolicLoader::GetConfigValue(const ServiceType& type, AccessTokenConfigValue& config) -{ - bool successFlag = false; -#ifdef CUSTOMIZATION_CONFIG_POLICY_ENABLE - std::vector pathList; - GetConfigFilePathList(pathList); - - for (const auto& path : pathList) { - std::string filePath = path + ACCESSTOKEN_CONFIG_FILE; - std::string fileContent; - int32_t res = JsonParser::ReadCfgFile(filePath, fileContent); - if (res != 0) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read Cfg file [%{public}s] failed, error(%{public}d).", - filePath.c_str(), res); - continue; - } - - if (GetConfigValueFromFile(type, fileContent, config)) { - LOGI(ATM_DOMAIN, ATM_TAG, "Get valid config value!"); - successFlag = true; - break; // once get the config value, break the loop - } - } -#endif // CUSTOMIZATION_CONFIG_POLICY_ENABLE - return successFlag; -} - -extern "C" { -void* Create() -{ - return reinterpret_cast(new ConfigPolicLoader); -} - -void Destroy(void* loaderPtr) -{ - ConfigPolicyLoaderInterface* loader = reinterpret_cast(loaderPtr); - if (loader != nullptr) { - delete loader; - } -} -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS diff --git a/services/common/config_policy/BUILD.gn b/services/common/json_parse/BUILD.gn similarity index 50% rename from services/common/config_policy/BUILD.gn rename to services/common/json_parse/BUILD.gn index e381fc230a7392119cf66987bd9ff83a0c7a7ac4..6b340009fac7c2125272bcdfe6f45adb6c420501 100644 --- a/services/common/config_policy/BUILD.gn +++ b/services/common/json_parse/BUILD.gn @@ -14,12 +14,12 @@ import("//build/ohos.gni") import("../../../access_token.gni") -config("accesstoken_config_policy_config") { +config("accesstoken_json_parse_config") { visibility = [ ":*" ] include_dirs = [ "include" ] } -ohos_shared_library("accesstoken_config_policy") { +ohos_shared_library("accesstoken_json_parse") { if (is_standard_system) { subsystem_name = "security" part_name = "access_token" @@ -33,24 +33,70 @@ ohos_shared_library("accesstoken_config_policy") { include_dirs = [ "include", "${access_token_path}/frameworks/common/include", + "${access_token_path}/interfaces/innerkits/accesstoken/include", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/token", ] - sources = [ "src/config_policy_loader.cpp" ] + sources = [ + "src/cjson_utils.cpp", + "src/json_parse_loader.cpp", + ] cflags_cc = [ "-DHILOG_ENABLE" ] configs = [ "${access_token_path}/config:access_token_compile_flags", "${access_token_path}/config:coverage_flags", ] - public_configs = [ ":accesstoken_config_policy_config" ] + public_configs = [ ":accesstoken_json_parse_config" ] deps = [ "${access_token_path}/frameworks/common:accesstoken_common_cxx" ] external_deps = [ + "cJSON:cjson", "c_utils:utils", "hilog:libhilog", "ipc:ipc_single", - "json:nlohmann_json_static", + ] + if (customization_config_policy_enable) { + cflags_cc += [ "-DCUSTOMIZATION_CONFIG_POLICY_ENABLE" ] + external_deps += [ "config_policy:configpolicy_util" ] + } + } +} + +ohos_shared_library("accesstoken_cjson_utils") { + if (is_standard_system) { + subsystem_name = "security" + part_name = "access_token" + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + } + branch_protector_ret = "pac_ret" + + include_dirs = [ + "include", + "${access_token_path}/frameworks/common/include", + "${access_token_path}/interfaces/innerkits/accesstoken/include", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/token", + ] + + sources = [ "src/cjson_utils.cpp" ] + + cflags_cc = [ "-DHILOG_ENABLE" ] + configs = [ + "${access_token_path}/config:access_token_compile_flags", + "${access_token_path}/config:coverage_flags", + ] + public_configs = [ ":accesstoken_json_parse_config" ] + + deps = [ "${access_token_path}/frameworks/common:accesstoken_common_cxx" ] + + external_deps = [ + "cJSON:cjson", + "c_utils:utils", + "hilog:libhilog", ] if (customization_config_policy_enable) { cflags_cc += [ "-DCUSTOMIZATION_CONFIG_POLICY_ENABLE" ] diff --git a/services/common/json_parse/include/cjson_utils.h b/services/common/json_parse/include/cjson_utils.h new file mode 100644 index 0000000000000000000000000000000000000000..9c0f10119f41e03d0ca78db57b203e6c25641552 --- /dev/null +++ b/services/common/json_parse/include/cjson_utils.h @@ -0,0 +1,83 @@ +/* + * Copyright (C) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef JSON_UTILS_H +#define JSON_UTILS_H + +#include +#include +#include +#include +#include +#include "cJSON.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +typedef cJSON CJson; +typedef std::unique_ptr> CJsonUnique; + +/* NO Need to call FreeJson to free the returned pointer when it's no longer in use. */ +CJsonUnique CreateJsonFromString(const std::string& jsonStr); +/* NO Need to call FreeJson to free the returned pointer when it's no longer in use. */ +CJsonUnique CreateJson(void); +/* NO Need to call FreeJson to free the returned pointer when it's no longer in use. */ +CJsonUnique CreateJsonArray(void); +void FreeJson(CJson* jsonObj); + +/* NO Need to call FreeJsonString to free the returned pointer when it's no longer in use. */ +std::string PackJsonToString(const CJson* jsonObj); +std::string PackJsonToString(const CJsonUnique& jsonObj); +void FreeJsonString(char* jsonStr); + +/* + * Can't release the returned pointer, otherwise, an exception may occur. + * It refers to the parent object(param--jsonObj)'s memory. + * It will be recycled along with jsonObj when jsonObj is released. + */ +CJson* GetObjFromJson(const CJson* jsonObj, const std::string& key); +CJson* GetObjFromJson(CJsonUnique& jsonObj, const std::string& key); +CJson* GetArrayFromJson(const CJson* jsonObj, const std::string& key); +CJson* GetArrayFromJson(CJsonUnique& jsonObj, const std::string& key); + +/* +* Return a copy of string in jsonObj in std::string +*/ +bool GetStringFromJson(const CJson *jsonObj, const std::string& key, std::string& out); + +bool GetIntFromJson(const CJson* jsonObj, const std::string& key, int32_t& value); +bool GetIntFromJson(const CJsonUnique& jsonObj, const std::string& key, int32_t& value); +bool GetUnsignedIntFromJson(const CJson* jsonObj, const std::string& key, uint32_t& value); +bool GetUnsignedIntFromJson(const CJsonUnique& jsonObj, const std::string& key, uint32_t& value); +bool GetBoolFromJson(const CJson* jsonObj, const std::string& key, bool& value); +bool GetBoolFromJson(const CJsonUnique& jsonObj, const std::string& key, bool& value); + +bool AddObjToJson(CJson* jsonObj, const std::string& key, const CJson* childObj); +bool AddObjToJson(CJsonUnique& jsonObj, const std::string& key, CJsonUnique& childObj); +bool AddObjToArray(CJson* jsonArr, CJson* item); +bool AddObjToArray(CJsonUnique& jsonArr, CJsonUnique& item); +bool AddStringToJson(CJson* jsonObj, const std::string& key, const std::string& value); +bool AddStringToJson(CJsonUnique& jsonObj, const std::string& key, const std::string& value); +bool AddBoolToJson(CJson* jsonObj, const std::string& key, const bool value); +bool AddBoolToJson(CJsonUnique& jsonObj, const std::string& key, const bool value); +bool AddIntToJson(CJson* jsonObj, const std::string& key, const int value); +bool AddIntToJson(CJsonUnique& jsonObj, const std::string& key, const int value); +bool AddUnsignedIntToJson(CJson* jsonObj, const std::string& key, const uint32_t value); +bool AddUnsignedIntToJson(CJsonUnique& jsonObj, const std::string& key, const uint32_t value); +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif + \ No newline at end of file diff --git a/services/common/config_policy/include/config_policy_loader.h b/services/common/json_parse/include/json_parse_loader.h similarity index 65% rename from services/common/config_policy/include/config_policy_loader.h rename to services/common/json_parse/include/json_parse_loader.h index 286001c50f208b40300a8614b4aad220991b03db..9ea7ad619e404f094b23b4cfafbc65a7ce9066a1 100644 --- a/services/common/config_policy/include/config_policy_loader.h +++ b/services/common/json_parse/include/json_parse_loader.h @@ -18,18 +18,21 @@ #include #include +#include "permission_def.h" +#include "native_token_info_base.h" +#include "permission_dlp_mode.h" namespace OHOS { namespace Security { namespace AccessToken { -const static std::string CONFIG_POLICY_LIBPATH = "libaccesstoken_config_policy.z.so"; +const static std::string CONFIG_PARSE_LIBPATH = "libaccesstoken_json_parse.z.so"; struct AccessTokenServiceConfig final { std::string grantBundleName; std::string grantAbilityName; std::string grantServiceAbilityName; std::string permStateAbilityName; std::string globalSwitchAbilityName; - int32_t cancleTime; + int32_t cancleTime = 0; std::string applicationSettingAbilityName; }; @@ -56,21 +59,37 @@ enum ServiceType { TOKENSYNC_SERVICE, }; +struct PermissionDefParseRet { + PermissionDef permDef; + bool isSuccessful = false; +}; + class ConfigPolicyLoaderInterface { public: ConfigPolicyLoaderInterface() {} virtual ~ConfigPolicyLoaderInterface() {} virtual bool GetConfigValue(const ServiceType& type, AccessTokenConfigValue& config); + virtual int32_t GetAllNativeTokenInfo(std::vector& tokenInfos); + virtual int32_t GetDlpPermissions(std::vector& dlpPerms); + virtual int32_t GetAllPermissionDef(std::vector& permDefList); }; class ConfigPolicLoader final: public ConfigPolicyLoaderInterface { bool GetConfigValue(const ServiceType& type, AccessTokenConfigValue& config); + int32_t GetAllNativeTokenInfo(std::vector& tokenInfos); + int32_t GetDlpPermissions(std::vector& dlpPerms); + int32_t GetAllPermissionDef(std::vector& permDefList); private: #ifdef CUSTOMIZATION_CONFIG_POLICY_ENABLE void GetConfigFilePathList(std::vector& pathList); bool GetConfigValueFromFile(const ServiceType& type, const std::string& fileContent, AccessTokenConfigValue& config); #endif // CUSTOMIZATION_CONFIG_POLICY_ENABLE + bool ParserNativeRawData(const std::string& nativeRawData, std::vector& tokenInfos); + bool ParserPermDefRawData(const std::string& permsRawData, std::vector& permDefList); + bool ParserDlpPermsRawData(const std::string& dlpPermsRawData, std::vector& dlpPerms); + int32_t ReadCfgFile(const std::string& file, std::string& rawData); + bool IsDirExsit(const std::string& file); }; #ifdef __cplusplus @@ -84,4 +103,4 @@ extern "C" { } // namespace AccessToken } // namespace Security } // namespace OHOS -#endif // ACCESSTOKEN_CONFIG_POLICY_LOADER_H \ No newline at end of file +#endif // ACCESSTOKEN_CONFIG_POLICY_LOADER_H diff --git a/services/common/json_parse/src/cjson_utils.cpp b/services/common/json_parse/src/cjson_utils.cpp new file mode 100644 index 0000000000000000000000000000000000000000..d76f8ee8ad80032367178477431835c772669214 --- /dev/null +++ b/services/common/json_parse/src/cjson_utils.cpp @@ -0,0 +1,375 @@ +/* + * Copyright (C) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "cjson_utils.h" +#include +#include +#include + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +#define RECURSE_FLAG_TRUE 1 +} + +CJson *GetItemFromArray(const CJson* jsonArr, int32_t index) +{ + if (jsonArr == nullptr) { + return nullptr; + } + return cJSON_GetArrayItem(jsonArr, index); +} + +CJsonUnique CreateJsonFromString(const std::string& jsonStr) +{ + if (jsonStr.empty()) { + return nullptr; + } + CJsonUnique aPtr(cJSON_Parse(jsonStr.c_str()), FreeJson); + return aPtr; +} + +CJsonUnique CreateJson(void) +{ + CJsonUnique aPtr(cJSON_CreateObject(), FreeJson); + return aPtr; +} + +CJsonUnique CreateJsonArray(void) +{ + CJsonUnique aPtr(cJSON_CreateArray(), FreeJson); + return aPtr; +} + +void FreeJson(CJson* jsonObj) +{ + cJSON_Delete(jsonObj); + jsonObj = nullptr; +} + +std::string PackJsonToString(const CJson* jsonObj) +{ + char* ptr = cJSON_PrintUnformatted(jsonObj); + if (ptr == nullptr) { + return std::string(); + } + std::string ret = std::string(ptr); + FreeJsonString(ptr); + return ret; +} + +std::string PackJsonToString(const CJsonUnique& jsonObj) +{ + return PackJsonToString(jsonObj.get()); +} + +void FreeJsonString(char* jsonStr) +{ + if (jsonStr != nullptr) { + cJSON_free(jsonStr); + } +} + +CJson* GetObjFromJson(const CJson* jsonObj, const std::string& key) +{ + if (key.empty()) { + return nullptr; + } + + CJson* objValue = cJSON_GetObjectItemCaseSensitive(jsonObj, key.c_str()); + if (objValue != nullptr && cJSON_IsObject(objValue)) { + return objValue; + } + return nullptr; +} + +CJson* GetObjFromJson(CJsonUnique& jsonObj, const std::string& key) +{ + return GetObjFromJson(jsonObj.get(), key); +} + +CJson* GetArrayFromJson(const CJson* jsonObj, const std::string& key) +{ + if (key.empty()) { + return nullptr; + } + + CJson* objValue = cJSON_GetObjectItemCaseSensitive(jsonObj, key.c_str()); + if (objValue != nullptr && cJSON_IsArray(objValue)) { + return objValue; + } + return nullptr; +} + +CJson* GetArrayFromJson(CJsonUnique& jsonObj, const std::string& key) +{ + return GetArrayFromJson(jsonObj.get(), key); +} + +bool GetStringFromJson(const CJson *jsonObj, const std::string& key, std::string& out) +{ + if (jsonObj == nullptr || key.empty()) { + return false; + } + + cJSON *jsonObjTmp = cJSON_GetObjectItemCaseSensitive(jsonObj, key.c_str()); + if (jsonObjTmp != nullptr && cJSON_IsString(jsonObjTmp)) { + out = cJSON_GetStringValue(jsonObjTmp); + return true; + } + return false; +} + +bool GetIntFromJson(const CJson* jsonObj, const std::string& key, int32_t& value) +{ + if (key.empty()) { + return false; + } + + CJson* jsonObjTmp = cJSON_GetObjectItemCaseSensitive(jsonObj, key.c_str()); + if (jsonObjTmp != nullptr && cJSON_IsNumber(jsonObjTmp)) { + value = (int)cJSON_GetNumberValue(jsonObjTmp); + return true; + } + return false; +} + +bool GetIntFromJson(const CJsonUnique& jsonObj, const std::string& key, int32_t& value) +{ + return GetIntFromJson(jsonObj.get(), key, value); +} + +bool GetUnsignedIntFromJson(const CJson* jsonObj, const std::string& key, uint32_t& value) +{ + if (key.empty()) { + return false; + } + + CJson* jsonObjTmp = cJSON_GetObjectItemCaseSensitive(jsonObj, key.c_str()); + if (jsonObjTmp != nullptr && cJSON_IsNumber(jsonObjTmp)) { + double realValue = cJSON_GetNumberValue(jsonObjTmp); + if (realValue < 0) { + int32_t tmpValue = static_cast(realValue); + value = static_cast(tmpValue); + } else { + value = static_cast(realValue); + } + return true; + } + return false; +} + +bool GetUnsignedIntFromJson(const CJsonUnique& jsonObj, const std::string& key, uint32_t& value) +{ + return GetUnsignedIntFromJson(jsonObj.get(), key, value); +} + +bool GetBoolFromJson(const CJson* jsonObj, const std::string& key, bool& value) +{ + if (key.empty()) { + return false; + } + + CJson* jsonObjTmp = cJSON_GetObjectItemCaseSensitive(jsonObj, key.c_str()); + if (jsonObjTmp != nullptr && cJSON_IsBool(jsonObjTmp)) { + value = cJSON_IsTrue(jsonObjTmp) ? true : false; + return true; + } + return false; +} + +bool GetBoolFromJson(const CJsonUnique& jsonObj, const std::string& key, bool& value) +{ + return GetBoolFromJson(jsonObj.get(), key, value); +} + +bool AddObjToJson(CJson* jsonObj, const std::string& key, const CJson* childObj) +{ + if (key.empty() || childObj == nullptr) { + return false; + } + + CJson* tmpObj = cJSON_Duplicate(childObj, RECURSE_FLAG_TRUE); + if (tmpObj == nullptr) { + return false; + } + + CJson* objInJson = cJSON_GetObjectItemCaseSensitive(jsonObj, key.c_str()); + if (objInJson == nullptr) { + if (!cJSON_AddItemToObject(jsonObj, key.c_str(), tmpObj)) { + cJSON_Delete(tmpObj); + return false; + } + } else { + if (!cJSON_ReplaceItemInObjectCaseSensitive(jsonObj, key.c_str(), tmpObj)) { + cJSON_Delete(tmpObj); + return false; + } + } + return true; +} + +bool AddObjToJson(CJsonUnique& jsonObj, const std::string& key, CJsonUnique& childObj) +{ + return AddObjToJson(jsonObj.get(), key, childObj.get()); +} + +bool AddObjToArray(CJson* jsonArr, CJson* item) +{ + if (item == nullptr) { + return false; + } + + if (!cJSON_IsArray(jsonArr)) { + return false; + } + + CJson* tmpObj = cJSON_Duplicate(item, RECURSE_FLAG_TRUE); + if (tmpObj == nullptr) { + return false; + } + + bool ret = cJSON_AddItemToArray(jsonArr, tmpObj); + return ret; +} + +bool AddObjToArray(CJsonUnique& jsonArr, CJsonUnique& item) +{ + return AddObjToArray(jsonArr.get(), item.get()); +} + +bool AddStringToJson(CJson* jsonObj, const std::string& key, const std::string& value) +{ + if (key.empty() || value.empty()) { + return false; + } + + CJson* objInJson = cJSON_GetObjectItemCaseSensitive(jsonObj, key.c_str()); + if (objInJson == nullptr) { + if (cJSON_AddStringToObject(jsonObj, key.c_str(), value.c_str()) == nullptr) { + return false; + } + } else { + CJson* tmp = cJSON_CreateString(value.c_str()); + if (tmp == nullptr) { + return false; + } + if (!cJSON_ReplaceItemInObjectCaseSensitive(jsonObj, key.c_str(), tmp)) { + cJSON_Delete(tmp); + return false; + } + } + + return true; +} + +bool AddStringToJson(CJsonUnique& jsonObj, const std::string& key, const std::string& value) +{ + return AddStringToJson(jsonObj.get(), key, value); +} + +bool AddBoolToJson(CJson* jsonObj, const std::string& key, const bool value) +{ + if (key.empty()) { + return false; + } + + CJson* objInJson = cJSON_GetObjectItemCaseSensitive(jsonObj, key.c_str()); + if (objInJson == nullptr) { + if (cJSON_AddBoolToObject(jsonObj, key.c_str(), value) == nullptr) { + return false; + } + } else { + CJson* tmp = cJSON_CreateBool(value); + if (tmp == nullptr) { + return false; + } + if (!cJSON_ReplaceItemInObjectCaseSensitive(jsonObj, key.c_str(), tmp)) { + cJSON_Delete(tmp); + return false; + } + } + + return true; +} + +bool AddBoolToJson(CJsonUnique& jsonObj, const std::string& key, const bool value) +{ + return AddBoolToJson(jsonObj.get(), key, value); +} + +bool AddIntToJson(CJson* jsonObj, const std::string& key, const int value) +{ + if (key.empty()) { + return false; + } + + CJson* objInJson = cJSON_GetObjectItemCaseSensitive(jsonObj, key.c_str()); + if (objInJson == nullptr) { + if (cJSON_AddNumberToObject(jsonObj, key.c_str(), value) == nullptr) { + return false; + } + } else { + CJson* tmp = cJSON_CreateNumber(value); + if (tmp == nullptr) { + return false; + } + if (!cJSON_ReplaceItemInObjectCaseSensitive(jsonObj, key.c_str(), tmp)) { + cJSON_Delete(tmp); + return false; + } + } + + return true; +} + +bool AddIntToJson(CJsonUnique& jsonObj, const std::string& key, const int value) +{ + return AddIntToJson(jsonObj.get(), key, value); +} + +bool AddUnsignedIntToJson(CJson* jsonObj, const std::string& key, const uint32_t value) +{ + if (key.empty()) { + return false; + } + + CJson* objInJson = cJSON_GetObjectItemCaseSensitive(jsonObj, key.c_str()); + double tmpValue = static_cast(value); + if (objInJson == nullptr) { + if (cJSON_AddNumberToObject(jsonObj, key.c_str(), tmpValue) == nullptr) { + return false; + } + } else { + CJson* tmp = cJSON_CreateNumber(tmpValue); + if (tmp == nullptr) { + return false; + } + if (!cJSON_ReplaceItemInObjectCaseSensitive(jsonObj, key.c_str(), tmp)) { + cJSON_Delete(tmp); + return false; + } + } + return true; +} + +bool AddUnsignedIntToJson(CJsonUnique& jsonObj, const std::string& key, const uint32_t value) +{ + return AddUnsignedIntToJson(jsonObj.get(), key, value); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/services/common/json_parse/src/json_parse_loader.cpp b/services/common/json_parse/src/json_parse_loader.cpp new file mode 100644 index 0000000000000000000000000000000000000000..909e9d62290e56da4c6f1b0e58666a2c5b4f1908 --- /dev/null +++ b/services/common/json_parse/src/json_parse_loader.cpp @@ -0,0 +1,678 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "json_parse_loader.h" + +#include +#include +#include +#include +#include +#include + +#include "access_token_error.h" +#include "accesstoken_common_log.h" +#include "cjson_utils.h" +#ifdef CUSTOMIZATION_CONFIG_POLICY_ENABLE +#include "config_policy_utils.h" +#endif +#include "data_validator.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +constexpr int32_t MAX_NATIVE_CONFIG_FILE_SIZE = 5 * 1024 * 1024; // 5M +constexpr size_t BUFFER_SIZE = 1024; + +#ifdef CUSTOMIZATION_CONFIG_POLICY_ENABLE +static constexpr const char* ACCESSTOKEN_CONFIG_FILE = "/etc/access_token/accesstoken_config.json"; +static constexpr const char* PERMISSION_MANAGER_BUNDLE_NAME_KEY = "permission_manager_bundle_name"; +static constexpr const char* GRANT_ABILITY_NAME_KEY = "grant_ability_name"; +static constexpr const char* GRANT_SERVICE_ABILITY_NAME_KEY = "grant_service_ability_name"; +static constexpr const char* PERMISSION_STATE_SHEET_ABILITY_NAME_KEY = "permission_state_sheet_ability_name"; +static constexpr const char* GLOBAL_SWITCH_SHEET_ABILITY_NAME_KEY = "global_switch_sheet_ability_name"; +static constexpr const char* TEMP_PERM_CANCLE_TIME_KEY = "temp_perm_cencle_time"; +static constexpr const char* APPLICATION_SETTING_ABILITY_NAME_KEY = "application_setting_ability_name"; + +static constexpr const char* RECORD_SIZE_MAXIMUM_KEY = "permission_used_record_size_maximum"; +static constexpr const char* RECORD_AGING_TIME_KEY = "permission_used_record_aging_time"; +static constexpr const char* GLOBAL_DIALOG_BUNDLE_NAME_KEY = "global_dialog_bundle_name"; +static constexpr const char* GLOBAL_DIALOG_ABILITY_NAME_KEY = "global_dialog_ability_name"; + +static constexpr const char* SEND_REQUEST_REPEAT_TIMES_KEY = "send_request_repeat_times"; +#endif // CUSTOMIZATION_CONFIG_POLICY_ENABLE + +// native_token.json +static const char* NATIVE_TOKEN_CONFIG_FILE = "/data/service/el0/access_token/nativetoken.json"; +static const char* JSON_PROCESS_NAME = "processName"; +static const char* JSON_APL = "APL"; +static const char* JSON_VERSION = "version"; +static const char* JSON_TOKEN_ID = "tokenId"; +static const char* JSON_TOKEN_ATTR = "tokenAttr"; +static const char* JSON_DCAPS = "dcaps"; +static const char* JSON_PERMS = "permissions"; +static const char* JSON_ACLS = "nativeAcls"; +static const int32_t MAX_DCAPS_NUM = 10 * 1024; +static const int32_t MAX_REQ_PERM_NUM = 10 * 1024; + +// dlp json +static const char* CLONE_PERMISSION_CONFIG_FILE = "/system/etc/dlp_permission/clone_app_permission.json"; + +// permission_define json +static const char* DEFINE_PERMISSION_FILE = "/system/etc/access_token/permission_definitions.json"; +static const char* PERMISSION_NAME = "name"; +static const char* PERMISSION_GRANT_MODE = "grantMode"; +static const char* PERMISSION_AVAILABLE_LEVEL = "availableLevel"; +static const char* PERMISSION_AVAILABLE_TYPE = "availableType"; +static const char* PERMISSION_PROVISION_ENABLE = "provisionEnable"; +static const char* PERMISSION_DISTRIBUTED_SCENE_ENABLE = "distributedSceneEnable"; +static const char* PERMISSION_LABEL = "label"; +static const char* PERMISSION_DESCRIPTION = "description"; +static const char* AVAILABLE_TYPE_NORMAL_HAP = "NORMAL"; +static const char* AVAILABLE_TYPE_SYSTEM_HAP = "SYSTEM"; +static const char* AVAILABLE_TYPE_MDM = "MDM"; +static const char* AVAILABLE_TYPE_SYSTEM_AND_MDM = "SYSTEM_AND_MDM"; +static const char* AVAILABLE_TYPE_SERVICE = "SERVICE"; +static const char* AVAILABLE_TYPE_ENTERPRISE_NORMAL = "ENTERPRISE_NORMAL"; +static const char* AVAILABLE_LEVEL_NORMAL = "normal"; +static const char* AVAILABLE_LEVEL_SYSTEM_BASIC = "system_basic"; +static const char* AVAILABLE_LEVEL_SYSTEM_CORE = "system_core"; +static const char* PERMISSION_GRANT_MODE_SYSTEM_GRANT = "system_grant"; +static const char* SYSTEM_GRANT_DEFINE_PERMISSION = "systemGrantPermissions"; +static const char* USER_GRANT_DEFINE_PERMISSION = "userGrantPermissions"; +} + +int32_t ConfigPolicLoader::ReadCfgFile(const std::string& file, std::string& rawData) +{ + char filePath[PATH_MAX] = {0}; + if (realpath(file.c_str(), filePath) == nullptr) { + return ERR_FILE_OPERATE_FAILED; + } + int32_t fd = open(filePath, O_RDONLY); + if (fd < 0) { + LOGE(ATM_DOMAIN, ATM_TAG, "Open failed errno %{public}d.", errno); + return ERR_FILE_OPERATE_FAILED; + } + struct stat statBuffer; + + if (fstat(fd, &statBuffer) != 0) { + LOGE(ATM_DOMAIN, ATM_TAG, "Fstat failed."); + close(fd); + return ERR_FILE_OPERATE_FAILED; + } + + if (statBuffer.st_size == 0) { + LOGE(ATM_DOMAIN, ATM_TAG, "Config file size is invalid."); + close(fd); + return ERR_PARAM_INVALID; + } + if (statBuffer.st_size > MAX_NATIVE_CONFIG_FILE_SIZE) { + LOGE(ATM_DOMAIN, ATM_TAG, "Config file size is too large."); + close(fd); + return ERR_OVERSIZE; + } + rawData.reserve(statBuffer.st_size); + + char buff[BUFFER_SIZE] = { 0 }; + ssize_t readLen = 0; + while ((readLen = read(fd, buff, BUFFER_SIZE)) > 0) { + rawData.append(buff, readLen); + } + close(fd); + if (readLen == 0) { + return RET_SUCCESS; + } + return ERR_FILE_OPERATE_FAILED; +} + +bool ConfigPolicLoader::IsDirExsit(const std::string& file) +{ + if (file.empty()) { + LOGE(ATM_DOMAIN, ATM_TAG, "File path is empty"); + return false; + } + + struct stat buf; + if (stat(file.c_str(), &buf) != 0) { + LOGE(ATM_DOMAIN, ATM_TAG, "Get file attributes failed, errno %{public}d.", errno); + return false; + } + + if (!S_ISDIR(buf.st_mode)) { + LOGE(ATM_DOMAIN, ATM_TAG, "File mode is not directory."); + return false; + } + + return true; +} + +#ifdef CUSTOMIZATION_CONFIG_POLICY_ENABLE +void ConfigPolicLoader::GetConfigFilePathList(std::vector& pathList) +{ + CfgDir *dirs = GetCfgDirList(); // malloc a CfgDir point, need to free later + if (dirs == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Can't get cfg file path."); + return; + } + + for (const auto& path : dirs->paths) { + if ((path == nullptr) || (!IsDirExsit(path))) { + continue; + } + + LOGI(ATM_DOMAIN, ATM_TAG, "Accesstoken cfg dir: %{public}s.", path); + pathList.emplace_back(path); + } + + FreeCfgDirList(dirs); // free +} + +bool GetAtCfgFromJson(const CJson* j, AccessTokenServiceConfig& a) +{ + if (!GetStringFromJson(j, PERMISSION_MANAGER_BUNDLE_NAME_KEY, a.grantBundleName)) { + return false; + } + + if (!GetStringFromJson(j, GRANT_ABILITY_NAME_KEY, a.grantAbilityName)) { + return false; + } + + if (!GetStringFromJson(j, GRANT_SERVICE_ABILITY_NAME_KEY, a.grantAbilityName)) { + return false; + } + + if (!GetStringFromJson(j, PERMISSION_STATE_SHEET_ABILITY_NAME_KEY, a.permStateAbilityName)) { + return false; + } + + if (!GetStringFromJson(j, GLOBAL_SWITCH_SHEET_ABILITY_NAME_KEY, a.globalSwitchAbilityName)) { + return false; + } + + if (!GetIntFromJson(j, TEMP_PERM_CANCLE_TIME_KEY, a.cancleTime)) { + return false; + } + + if (!GetStringFromJson(j, APPLICATION_SETTING_ABILITY_NAME_KEY, a.applicationSettingAbilityName)) { + return false; + } + return true; +} + +bool GetPrivacyCfgFromJson(const CJson* j, PrivacyServiceConfig& p) +{ + if (!GetIntFromJson(j, RECORD_SIZE_MAXIMUM_KEY, p.sizeMaxImum)) { + return false; + } + + if (!GetIntFromJson(j, RECORD_AGING_TIME_KEY, p.agingTime)) { + return false; + } + + if (!GetStringFromJson(j, GLOBAL_DIALOG_BUNDLE_NAME_KEY, p.globalDialogBundleName)) { + return false; + } + + if (!GetStringFromJson(j, GLOBAL_DIALOG_ABILITY_NAME_KEY, p.globalDialogAbilityName)) { + return false; + } + return true; +} + +bool GetTokenSyncCfgFromJson(const CJson* j, TokenSyncServiceConfig& t) +{ + if (!GetIntFromJson(j, SEND_REQUEST_REPEAT_TIMES_KEY, t.sendRequestRepeatTimes)) { + return false; + } + return true; +} + +bool ConfigPolicLoader::GetConfigValueFromFile(const ServiceType& type, const std::string& fileContent, + AccessTokenConfigValue& config) +{ + CJsonUnique jsonRes = CreateJsonFromString(fileContent); + if (jsonRes == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "JsonRes is invalid."); + return false; + } + + if (type == ServiceType::ACCESSTOKEN_SERVICE) { + CJson *atJson = GetObjFromJson(jsonRes, "accesstoken"); + return GetAtCfgFromJson(atJson, config.atConfig); + } else if (type == ServiceType::PRIVACY_SERVICE) { + CJson *prJson = GetObjFromJson(jsonRes, "privacy"); + return GetPrivacyCfgFromJson(prJson, config.pConfig); + } + CJson *toSyncJson = GetObjFromJson(jsonRes, "tokensync"); + return GetPrivacyCfgFromJson(toSyncJson, config.pConfig); +} +#endif // CUSTOMIZATION_CONFIG_POLICY_ENABLE + +bool ConfigPolicLoader::GetConfigValue(const ServiceType& type, AccessTokenConfigValue& config) +{ + bool successFlag = false; +#ifdef CUSTOMIZATION_CONFIG_POLICY_ENABLE + std::vector pathList; + GetConfigFilePathList(pathList); + + for (const auto& path : pathList) { + std::string filePath = path + ACCESSTOKEN_CONFIG_FILE; + std::string fileContent; + int32_t res = ReadCfgFile(filePath, fileContent); + if (res != 0) { + LOGE(ATM_DOMAIN, ATM_TAG, "Read Cfg file [%{public}s] failed, error(%{public}d).", + filePath.c_str(), res); + continue; + } + + if (GetConfigValueFromFile(type, fileContent, config)) { + LOGI(ATM_DOMAIN, ATM_TAG, "Get valid config value!"); + successFlag = true; + break; // once get the config value, break the loop + } + } +#endif // CUSTOMIZATION_CONFIG_POLICY_ENABLE + return successFlag; +} + +static int32_t NativeReqPermsGet(const CJson* j, std::vector& permStateList) +{ + CJson *permJson = GetArrayFromJson(j, JSON_PERMS); + if (permJson == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "JSON_PERMS is invalid."); + return ERR_PARAM_INVALID; + } + int32_t len = cJSON_GetArraySize(permJson); + if (len > MAX_REQ_PERM_NUM) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission num oversize."); + return ERR_OVERSIZE; + } + std::set permRes; + for (int32_t i = 0; i < len; i++) { + std::string permReq = cJSON_GetStringValue(cJSON_GetArrayItem(permJson, i)); + PermissionStatus permState; + if (permRes.count(permReq) != 0) { + continue; + } + permState.permissionName = permReq; + permState.grantStatus = PERMISSION_GRANTED; + permState.grantFlag = PERMISSION_SYSTEM_FIXED; + permStateList.push_back(permState); + permRes.insert(permReq); + } + return RET_SUCCESS; +} + +static ATokenTypeEnum GetTokenIdTypeEnum(AccessTokenID id) +{ + AccessTokenIDInner *idInner = reinterpret_cast(&id); + return static_cast(idInner->type); +} + +static void GetSingleNativeTokenFromJson(const CJson* j, NativeTokenInfoBase& native) +{ + NativeTokenInfoBase info; + int32_t aplNum = 0; + if (!GetIntFromJson(j, JSON_APL, aplNum) || !DataValidator::IsAplNumValid(aplNum)) { + return; + } + info.apl = static_cast(aplNum); + int32_t ver; + GetIntFromJson(j, JSON_VERSION, ver); + info.ver = (uint8_t)ver; + GetUnsignedIntFromJson(j, JSON_TOKEN_ID, info.tokenID); + if ((info.ver != DEFAULT_TOKEN_VERSION) || (info.tokenID == 0)) { + return; + } + ATokenTypeEnum type = GetTokenIdTypeEnum(info.tokenID); + if ((type != TOKEN_NATIVE) && (type != TOKEN_SHELL)) { + return; + } + if (!GetUnsignedIntFromJson(j, JSON_TOKEN_ATTR, info.tokenAttr)) { + return; + } + CJson *dcapsJson = GetArrayFromJson(j, JSON_DCAPS); + CJson *aclsJson = GetArrayFromJson(j, JSON_ACLS); + if ((dcapsJson == nullptr) || (aclsJson == nullptr)) { + return; + } + int32_t dcapLen = cJSON_GetArraySize(dcapsJson); + int32_t aclLen = cJSON_GetArraySize(aclsJson); + if ((dcapLen > MAX_DCAPS_NUM) || (aclLen > MAX_REQ_PERM_NUM)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Native dcap oversize."); + return; + } + for (int32_t i = 0; i < dcapLen; i++) { + std::string item = cJSON_GetStringValue(cJSON_GetArrayItem(dcapsJson, i)); + info.dcap.push_back(item); + } + for (int i = 0; i < aclLen; i++) { + std::string item = cJSON_GetStringValue(cJSON_GetArrayItem(aclsJson, i)); + info.nativeAcls.push_back(item); + } + + if (NativeReqPermsGet(j, info.permStateList) != RET_SUCCESS) { + return; + } + + if (!GetStringFromJson(j, JSON_PROCESS_NAME, info.processName) || + !DataValidator::IsProcessNameValid(info.processName)) { + return; + } + native = info; +} + +bool ConfigPolicLoader::ParserNativeRawData( + const std::string& nativeRawData, std::vector& tokenInfos) +{ + CJsonUnique jsonRes = CreateJsonFromString(nativeRawData); + if (jsonRes == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "JsonRes is invalid."); + return false; + } + int32_t len = cJSON_GetArraySize(jsonRes.get()); + for (int32_t i = 0; i < len; i++) { + cJSON *item = cJSON_GetArrayItem(jsonRes.get(), i); + NativeTokenInfoBase token; + GetSingleNativeTokenFromJson(item, token); + if (!token.processName.empty()) { + tokenInfos.emplace_back(token); + } + } + return true; +} + +int32_t ConfigPolicLoader::GetAllNativeTokenInfo(std::vector& tokenInfos) +{ + std::string nativeRawData; + int32_t ret = ReadCfgFile(NATIVE_TOKEN_CONFIG_FILE, nativeRawData); + if (ret != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, + "Read(%{public}s) failed, err = %{public}d.", NATIVE_TOKEN_CONFIG_FILE, ret); + return ret; + } + if (!ParserNativeRawData(nativeRawData, tokenInfos)) { + LOGE(ATM_DOMAIN, ATM_TAG, "ParserNativeRawData failed."); + return ERR_PRASE_RAW_DATA_FAILED; + } + return RET_SUCCESS; +} + +static void JsonFromPermissionDlpMode(const CJson *j, PermissionDlpMode& p) +{ + if (!GetStringFromJson(j, "name", p.permissionName)) { + return; + } + if (!DataValidator::IsProcessNameValid(p.permissionName)) { + return; + } + + std::string dlpModeStr; + if (!GetStringFromJson(j, "dlpGrantRange", dlpModeStr)) { + return; + } + if (dlpModeStr == "all") { + p.dlpMode = DLP_PERM_ALL; + return; + } + if (dlpModeStr == "full_control") { + p.dlpMode = DLP_PERM_FULL_CONTROL; + return; + } + p.dlpMode = DLP_PERM_NONE; + return; +} + +bool ConfigPolicLoader::ParserDlpPermsRawData( + const std::string& dlpPermsRawData, std::vector& dlpPerms) +{ + CJsonUnique jsonRes = CreateJsonFromString(dlpPermsRawData); + if (jsonRes == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "JsonRes is invalid."); + return false; + } + + cJSON *dlpPermTokenJson = GetArrayFromJson(jsonRes.get(), "dlpPermissions"); + if ((dlpPermTokenJson != nullptr)) { + CJson *j = nullptr; + std::vector dlpPermissions; + cJSON_ArrayForEach(j, dlpPermTokenJson) { + PermissionDlpMode p; + JsonFromPermissionDlpMode(j, p); + dlpPerms.emplace_back(p); + } + } + return true; +} + +int32_t ConfigPolicLoader::GetDlpPermissions(std::vector& dlpPerms) +{ + std::string dlpPermsRawData; + int32_t ret = ReadCfgFile(CLONE_PERMISSION_CONFIG_FILE, dlpPermsRawData); + if (ret != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, + "Read(%{public}s) failed, err = %{public}d.", CLONE_PERMISSION_CONFIG_FILE, ret); + return ret; + } + if (!ParserDlpPermsRawData(dlpPermsRawData, dlpPerms)) { + LOGE(ATM_DOMAIN, ATM_TAG, "ParserDlpPermsRawData failed."); + return ERR_PRASE_RAW_DATA_FAILED; + } + return RET_SUCCESS; +} + +static bool GetPermissionApl(const std::string &apl, AccessToken::ATokenAplEnum& aplNum) +{ + if (apl == AVAILABLE_LEVEL_SYSTEM_CORE) { + aplNum = AccessToken::ATokenAplEnum::APL_SYSTEM_CORE; + return true; + } + if (apl == AVAILABLE_LEVEL_SYSTEM_BASIC) { + aplNum = AccessToken::ATokenAplEnum::APL_SYSTEM_BASIC; + return true; + } + if (apl == AVAILABLE_LEVEL_NORMAL) { + aplNum = AccessToken::ATokenAplEnum::APL_NORMAL; + return true; + } + LOGE(ATM_DOMAIN, ATM_TAG, "Apl: %{public}s is invalid.", apl.c_str()); + return false; +} + +static bool GetPermissionAvailableType( + const std::string &availableType, AccessToken::ATokenAvailableTypeEnum& typeNum) +{ + if (availableType == AVAILABLE_TYPE_NORMAL_HAP) { + typeNum = AccessToken::ATokenAvailableTypeEnum::NORMAL; + return true; + } + if (availableType == AVAILABLE_TYPE_SYSTEM_HAP) { + typeNum = AccessToken::ATokenAvailableTypeEnum::SYSTEM; + return true; + } + if (availableType == AVAILABLE_TYPE_MDM) { + typeNum = AccessToken::ATokenAvailableTypeEnum::MDM; + return true; + } + if (availableType == AVAILABLE_TYPE_SYSTEM_AND_MDM) { + typeNum = AccessToken::ATokenAvailableTypeEnum::SYSTEM_AND_MDM; + return true; + } + if (availableType == AVAILABLE_TYPE_SERVICE) { + typeNum = AccessToken::ATokenAvailableTypeEnum::SERVICE; + return true; + } + if (availableType == AVAILABLE_TYPE_ENTERPRISE_NORMAL) { + typeNum = AccessToken::ATokenAvailableTypeEnum::ENTERPRISE_NORMAL; + return true; + } + typeNum = AccessToken::ATokenAvailableTypeEnum::INVALID; + LOGE(ATM_DOMAIN, ATM_TAG, "AvailableType: %{public}s is invalid.", availableType.c_str()); + return false; +} + +static int32_t GetPermissionGrantMode(const std::string &mode) +{ + if (mode == PERMISSION_GRANT_MODE_SYSTEM_GRANT) { + return AccessToken::GrantMode::SYSTEM_GRANT; + } + return AccessToken::GrantMode::USER_GRANT; +} + +static void FromJsonPermissionDefParseRet(const CJson *j, PermissionDefParseRet& result) +{ + result.isSuccessful = false; + PermissionDef permDef; + if (!GetStringFromJson(j, PERMISSION_NAME, permDef.permissionName) || + !DataValidator::IsProcessNameValid(permDef.permissionName)) { + return; + } + std::string grantModeStr; + if (!GetStringFromJson(j, PERMISSION_GRANT_MODE, grantModeStr)) { + return; + } + permDef.grantMode = GetPermissionGrantMode(grantModeStr); + + std::string availableLevelStr; + if (!GetStringFromJson(j, PERMISSION_AVAILABLE_LEVEL, availableLevelStr)) { + return; + } + if (!GetPermissionApl(availableLevelStr, permDef.availableLevel)) { + return; + } + + std::string availableTypeStr; + if (!GetStringFromJson(j, PERMISSION_AVAILABLE_TYPE, availableTypeStr)) { + return; + } + if (!GetPermissionAvailableType(availableTypeStr, permDef.availableType)) { + return; + } + + if (!GetBoolFromJson(j, PERMISSION_PROVISION_ENABLE, permDef.provisionEnable)) { + return; + } + if (!GetBoolFromJson(j, PERMISSION_DISTRIBUTED_SCENE_ENABLE, permDef.distributedSceneEnable)) { + return; + } + permDef.bundleName = "system_ability"; + if (permDef.grantMode == AccessToken::GrantMode::SYSTEM_GRANT) { + result.permDef = permDef; + result.isSuccessful = true; + return; + } + if (!GetStringFromJson(j, PERMISSION_LABEL, permDef.label)) { + return; + } + if (!GetStringFromJson(j, PERMISSION_DESCRIPTION, permDef.description)) { + return; + } + result.permDef = permDef; + result.isSuccessful = true; + return; +} + +static bool CheckPermissionDefRules(const PermissionDef& permDef) +{ + // Extension permission support permission for service only. + if (permDef.availableType != AccessToken::ATokenAvailableTypeEnum::SERVICE) { + LOGD(ATM_DOMAIN, ATM_TAG, "%{public}s is for hap.", permDef.permissionName.c_str()); + return false; + } + return true; +} + +static int32_t GetPermissionDefList(const CJsonUnique &json, const std::string& permsRawData, + const std::string& type, std::vector& permDefList) +{ + cJSON *JsonData = GetArrayFromJson(json.get(), type); + if (JsonData == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Json is null."); + return ERR_PARAM_INVALID; + } + CJson *j = nullptr; + cJSON_ArrayForEach(j, JsonData) { + PermissionDefParseRet result; + FromJsonPermissionDefParseRet(j, result); + if (!result.isSuccessful) { + LOGE(ATM_DOMAIN, ATM_TAG, "Get permission def failed."); + return ERR_PERM_REQUEST_CFG_FAILED; + } + if (!CheckPermissionDefRules(result.permDef)) { + continue; + } + LOGD(ATM_DOMAIN, ATM_TAG, "%{public}s insert.", result.permDef.permissionName.c_str()); + permDefList.emplace_back(result.permDef); + } + return RET_SUCCESS; +} + +bool ConfigPolicLoader::ParserPermDefRawData( + const std::string& permsRawData, std::vector& permDefList) +{ + CJsonUnique jsonRes = CreateJsonFromString(permsRawData); + if (jsonRes == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "JsonRes is invalid."); + return false; + } + + int32_t ret = GetPermissionDefList(jsonRes, permsRawData, SYSTEM_GRANT_DEFINE_PERMISSION, permDefList); + if (ret != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "Get system_grant permission def list failed, err = %{public}d.", ret); + return false; + } + LOGI(ATM_DOMAIN, ATM_TAG, "Get system_grant permission size=%{public}zu.", permDefList.size()); + ret = GetPermissionDefList(jsonRes, permsRawData, USER_GRANT_DEFINE_PERMISSION, permDefList); + if (ret != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "Get user_grant permission def list failed, err = %{public}d.", ret); + return false; + } + return true; +} + +int32_t ConfigPolicLoader::GetAllPermissionDef(std::vector& permDefList) +{ + std::string permsRawData; + int32_t ret = ReadCfgFile(DEFINE_PERMISSION_FILE, permsRawData); + if (ret != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, + "Read(%{public}s) failed, err = %{public}d.", DEFINE_PERMISSION_FILE, ret); + return ret; + } + if (!ParserPermDefRawData(permsRawData, permDefList)) { + LOGE(ATM_DOMAIN, ATM_TAG, "ParserPermDefRawData failed."); + return ERR_PRASE_RAW_DATA_FAILED; + } + LOGI(ATM_DOMAIN, ATM_TAG, "Get permission size=%{public}zu.", permDefList.size()); + return RET_SUCCESS; +} + +extern "C" { +void* Create() +{ + return reinterpret_cast(new ConfigPolicLoader); +} + +void Destroy(void* loaderPtr) +{ + ConfigPolicyLoaderInterface* loader = reinterpret_cast(loaderPtr); + if (loader != nullptr) { + delete loader; + } +} +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/services/common/json_parse/unittest/json_parse_test.cpp b/services/common/json_parse/unittest/json_parse_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..005172b82d479fc3f0b931afa57f123e17b3845f --- /dev/null +++ b/services/common/json_parse/unittest/json_parse_test.cpp @@ -0,0 +1,925 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include "accesstoken_info_manager.h" +#define private public +#include "accesstoken_manager_service.h" +#undef private + +#define private public +#include "json_parse_loader.h" +#undef private + +using namespace testing::ext; + +namespace OHOS { +namespace Security { +namespace AccessToken { +class PrivacyParcelTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + + void SetUp(); + void TearDown(); + +public: + std::shared_ptr atManagerService_; +}; + +void PrivacyParcelTest::SetUpTestCase() +{ + // delete all test 0x28100000 - 0x28100007 + for (unsigned int i = 0x28100000; i <= 0x28100007; i++) { + AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(i); + } +} +void PrivacyParcelTest::TearDownTestCase() {} +void PrivacyParcelTest::SetUp() +{ + atManagerService_ = DelayedSingleton::GetInstance(); + EXPECT_NE(nullptr, atManagerService_); +} +void PrivacyParcelTest::TearDown() {} + +/* + * @tc.name: IsDirExsit001 + * @tc.desc: IsDirExsit input param error + * @tc.type: FUNC + * @tc.require: issueI6024A + */ +HWTEST_F(JsonParseTest, IsDirExsit001, TestSize.Level1) +{ + ConfigPolicLoader loader; + EXPECT_FALSE(loader.IsDirExsit("")); + int32_t fd = open(TEST_JSON_PATH.c_str(), O_RDWR | O_CREAT); + EXPECT_NE(-1, fd); + + EXPECT_FALSE(loader.IIsDirExsit(TEST_JSON_PATH.c_str())); +} + +/** + * @tc.name: ParserNativeRawData001 + * @tc.desc: Verify processing right native token json. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(JsonParseTest, ParserNativeRawData001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "test ParserNativeRawData001!"); + std::string testStr = R"([)"\ + R"({"processName":"process6","APL":3,"version":1,"tokenId":685266937,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"], "permissions":[], "nativeAcls":[]},)"\ + R"({"processName":"process5","APL":3,"version":1,"tokenId":678065606,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"], "permissions":[], "nativeAcls":[]}])"; + + ConfigPolicLoader loader; + std::vector tokenInfos; + loader.ParserNativeRawData(testStr, tokenInfos); + ASSERT_EQ(static_cast(2), tokenInfos.size()); + + ASSERT_EQ("process6", tokenInfos[0].processName); + ASSERT_EQ(static_cast(685266937), tokenInfos[0].tokenID); + + ASSERT_EQ("process5", tokenInfos[1].processName); + ASSERT_EQ(static_cast(678065606), tokenInfos[1].tokenID); +} + +/** + * @tc.name: ParserNativeRawData002 + * @tc.desc: Verify processing wrong native token json. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(JsonParseTest, ParserNativeRawData002, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "test ParserNativeRawData002!"); + std::string testStr = R"([{"processName":""}])"; + std::vector tokenInfos; + + ConfigPolicLoader loader; + loader.ParserNativeRawData(testStr, tokenInfos); + ASSERT_EQ(static_cast(0), tokenInfos.size()); + + std::string testStr1 = R"([{"processName":"", }])"; + loader.ParserNativeRawData(testStr1, tokenInfos); + ASSERT_EQ(static_cast(0), tokenInfos.size()); + + std::string testStr2 = R"([{"processName":"process6"}, {}])"; + loader.ParserNativeRawData(testStr2, tokenInfos); + ASSERT_EQ(static_cast(0), tokenInfos.size()); + + std::string testStr3 = R"([{"processName":""}, {"":"", ""}])"; + loader.ParserNativeRawData(testStr3, tokenInfos); + ASSERT_EQ(static_cast(0), tokenInfos.size()); + + std::string testStr4 = R"([{"processName":"process6", "tokenId":685266937, "APL":3, "version":new}])"; + loader.ParserNativeRawData(testStr4, tokenInfos); + ASSERT_EQ(static_cast(0), tokenInfos.size()); + + std::string testStr5 = R"([{"processName":"process6", "tokenId":685266937, "APL":7, "version":1}])"; + loader.ParserNativeRawData(testStr5, tokenInfos); + ASSERT_EQ(static_cast(0), tokenInfos.size()); + + std::string testStr6 = + R"({"NativeToken":[{"processName":"process6", "tokenId":685266937, "APL":7, "version":1}]})"; + loader.ParserNativeRawData(testStr6, tokenInfos); + ASSERT_EQ(static_cast(0), tokenInfos.size()); + + std::string testStr7 = R"({"NativeToken":[{"processName":"process6", "tokenId":685266937, "APL":7, "version":1}])"; + loader.ParserNativeRawData(testStr7, tokenInfos); + ASSERT_EQ(static_cast(0), tokenInfos.size()); + + std::string testStr8 = R"(["NativeToken":])"; + loader.ParserNativeRawData(testStr8, tokenInfos); + ASSERT_EQ(static_cast(0), tokenInfos.size()); + + std::string testStr9 = R"([)"; + loader.ParserNativeRawData(testStr9, tokenInfos); + ASSERT_EQ(static_cast(0), tokenInfos.size()); +} + +/** + * @tc.name: ParserNativeRawData003 + * @tc.desc: Verify from json right case. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(JsonParseTest, ParserNativeRawData003, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "test ParserNativeRawData003!"); + std::string testStr = R"([)"\ + R"({"processName":"process6","APL":APL_SYSTEM_CORE,"version":1,"tokenId":685266937,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"],)"\ + R"("permissions":["ohos.permission.PLACE_CALL"],)"\ + R"("nativeAcls":["ohos.permission.PLACE_CALL"]})"\ + R"(])"; + ConfigPolicLoader loader; + std::vector tokenInfos; + loader.ParserNativeRawData(testStr, tokenInfos); + ASSERT_EQ(static_cast(1), tokenInfos.size()); + ASSERT_EQ(native.tokenID, 685266937); +} + +/** + * @tc.name: ParserNativeRawData004 + * @tc.desc: Verify from json wrong case. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(JsonParseTest, ParserNativeRawData004, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "test ParserNativeRawData004!"); + // version wrong + std::string testStr = R"([)"\ + R"({"processName":"process6","APL":APL_SYSTEM_CORE,"version":2,"tokenId":685266937,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"]})"\ + R"(])"; + ConfigPolicLoader loader; + std::vector tokenInfos; + loader.ParserNativeRawData(testStr, tokenInfos); + ASSERT_EQ(static_cast(0), tokenInfos.size()); + + // APL wrong + testStr = R"([)"\ + R"({"processName":"process6","APL":-1,"version":1,"tokenId":685266937,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"]})"\ + R"(])"; + loader.ParserNativeRawData(testStr, tokenInfos); + ASSERT_EQ(static_cast(0), tokenInfos.size()); + + // tokenId wrong + testStr = R"([)"\ + R"({"processName":"process6","APL":APL_SYSTEM_BASIC,"version":1,"tokenId":0,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"]})"\ + R"(])"; + loader.ParserNativeRawData(testStr, tokenInfos); + ASSERT_EQ(static_cast(0), tokenInfos.size()); + + // process name empty + testStr = R"([)"\ + R"({"processName":"","APL":APL_SYSTEM_BASIC,"version":1,"tokenId":685266937,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"]})"\ + R"(])"; + loader.ParserNativeRawData(testStr, tokenInfos); + ASSERT_EQ(static_cast(0), tokenInfos.size()); + + // process name too long + std::string name(512, 'c'); + testStr = R"([)"\ + R"({"processName":name,"APL":APL_SYSTEM_BASIC,"version":1,"tokenId":685266937,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"]})"\ + R"(])"; + loader.ParserNativeRawData(testStr, tokenInfos); + ASSERT_EQ(static_cast(0), tokenInfos.size()); + + // lose process name + testStr = R"([)"\ + R"({"APL":APL_SYSTEM_BASIC,"version":1,"tokenId":685266937,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"]})"\ + R"(])"; + loader.ParserNativeRawData(testStr, tokenInfos); + ASSERT_EQ(static_cast(0), tokenInfos.size()); +} + +/** + * @tc.name: init001 + * @tc.desc: test get native cfg + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(JsonParseTest, init001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "test init001!"); + + const char *dcaps[1]; + dcaps[0] = "AT_CAP_01"; + int dcapNum = 1; + const char *perms[2]; + perms[0] = "ohos.permission.test1"; + perms[1] = "ohos.permission.test2"; + NativeTokenInfoParams infoInstance = { + .dcapsNum = dcapNum, + .permsNum = 2, + .aclsNum = 0, + .dcaps = dcaps, + .perms = perms, + .acls = nullptr, + .processName = "native_token_test7", + .aplStr = "system_core", + }; + uint64_t tokenId = ::GetAccessTokenId(&infoInstance); + ASSERT_NE(tokenId, INVALID_TOKENID); + + atManagerService_->ReloadNativeTokenInfo(); + + NativeTokenInfoBase findInfo; + int ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(tokenId, findInfo); + ASSERT_EQ(ret, RET_SUCCESS); + ASSERT_EQ(findInfo.processName, infoInstance.processName); + + ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(tokenId); + ASSERT_EQ(ret, RET_SUCCESS); +} + +/** + * @tc.name: ParserPermsRawDataTest001 + * @tc.desc: Parse permission definition information. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(JsonParseTest, ParserPermsRawDataTest001, TestSize.Level1) +{ + std::string permsRawData = R"({"systemGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ + R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ + R"("userGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestB","grantMode":"user_grant","availableLevel":"system_basic",)"\ + R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false,)"\ + R"("label":"$string:test_label_B","description":"$string:test_description_B"}]})"; + ConfigPolicLoader loader; + std::vector permDefList; + ASSERT_TRUE(loader.ParserPermsRawData(testStr, tokenInfos)); + EXPECT_EQ(2, permDefList.size()); + + for (const auto& perm : permDefList) { + GTEST_LOG_(INFO) << perm.permissionName.c_str(); + PermissionDefinitionCache::GetInstance().Insert(perm, EXTENSION_PERMISSION_ID); + } + + EXPECT_TRUE(PermissionDefinitionCache::GetInstance().HasDefinition(SYSTEM_PERMISSION_A)); + EXPECT_TRUE(PermissionDefinitionCache::GetInstance().HasDefinition(USER_PERMISSION_B)); + PermissionDef permissionDefResult; + PermissionManager::GetInstance().GetDefPermission(SYSTEM_PERMISSION_A, permissionDefResult); + EXPECT_EQ(SYSTEM_GRANT, permissionDefResult.grantMode); + EXPECT_EQ(APL_SYSTEM_BASIC, permissionDefResult.availableLevel); + EXPECT_EQ(SERVICE, permissionDefResult.availableType); + EXPECT_EQ(true, permissionDefResult.provisionEnable); + EXPECT_EQ(false, permissionDefResult.distributedSceneEnable); + EXPECT_EQ("", permissionDefResult.label); + EXPECT_EQ("", permissionDefResult.description); + + PermissionManager::GetInstance().GetDefPermission(USER_PERMISSION_B, permissionDefResult); + EXPECT_EQ(USER_GRANT, permissionDefResult.grantMode); + EXPECT_EQ(APL_SYSTEM_BASIC, permissionDefResult.availableLevel); + EXPECT_EQ(SERVICE, permissionDefResult.availableType); + EXPECT_EQ(true, permissionDefResult.provisionEnable); + EXPECT_EQ(false, permissionDefResult.distributedSceneEnable); + EXPECT_EQ("$string:test_label_B", permissionDefResult.label); + EXPECT_EQ("$string:test_description_B", permissionDefResult.description); +} + +/** + * @tc.name: ParserPermsRawDataTest002 + * @tc.desc: Invalid file. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(JsonParseTest, ParserPermsRawDataTest002, TestSize.Level1) +{ + std::string permsRawData = R"({"systemGrantPermissions":[)"\ + R"({"name":"ohos.permission.xxxxxxxxxxxxxxxxxxxxxxxxxx",)"\ + R"("xxxxxxxxxxxxxxxxxxxxxxxxxx":"$string:test_description_B"}]})"; + ConfigPolicLoader loader; + std::vector permDefList; + ASSERT_FALSE(loader.ParserPermsRawData(testStr, tokenInfos)); +} + +/** + * @tc.name: ParserPermsRawDataTest003 + * @tc.desc: Permission definition file missing. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(JsonParseTest, ParserPermsRawDataTest003, TestSize.Level1) +{ + EXPECT_FALSE(PermissionDefinitionCache::GetInstance().HasDefinition(SYSTEM_PERMISSION_A)); + EXPECT_FALSE(PermissionDefinitionCache::GetInstance().HasDefinition(USER_PERMISSION_B)); + std::string permsRawData = R"({"systemGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ + R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}]})"; + ConfigPolicLoader loader; + std::vector permDefList; + ASSERT_FALSE(loader.ParserPermsRawData(permsRawData, permDefList)); + + permsRawData = R"({"userGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestB","grantMode":"user_grant","availableLevel":"system_basic",)"\ + R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false,)"\ + R"("label":"$string:test_label_B","description":"$string:test_description_B"}]})"; + ret = parser.ParserPermsRawData(permsRawData, permDefList); + ASSERT_FALSE(loader.ParserPermsRawData(permsRawData, permDefList)); +} + +/** + * @tc.name: ParserPermsRawDataTest004 + * @tc.desc: Test property value is missing + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(JsonParseTest, ParserPermsRawDataTest004, TestSize.Level1) +{ + std::string permsRawData = R"({"systemGrantPermissions":[)"\ + R"({"grantMode":"system_grant","availableLevel":"system_basic",)"\ + R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ + R"("userGrantPermissions":[]})"; + ConfigPolicLoader loader; + std::vector permDefList; + ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); + EXPECT_EQ(0, permDefList.size()); + + permsRawData = R"({"systemGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestA","availableLevel":"system_basic",)"\ + R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ + R"("userGrantPermissions":[]})"; + ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); + EXPECT_EQ(0, permDefList.size()); + + permsRawData = R"({"systemGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant",)"\ + R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ + R"("userGrantPermissions":[]})"; + ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); + EXPECT_EQ(0, permDefList.size()); + + permsRawData = R"({"systemGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ + R"("provisionEnable":true,"distributedSceneEnable":false}],)"\ + R"("userGrantPermissions":[]})"; + ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); + EXPECT_EQ(0, permDefList.size()); +} + +/** + * @tc.name: ParserPermsRawDataTest005 + * @tc.desc: Test property value is missing + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(JsonParseTest, ParserPermsRawDataTest005, TestSize.Level1) +{ + std::string permsRawData = R"({"systemGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ + R"("availableType":"SERVICE","distributedSceneEnable":false}],)"\ + R"("userGrantPermissions":[]})"; + ConfigPolicLoader loader; + std::vector permDefList; + ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); + EXPECT_EQ(0, permDefList.size()); + + permsRawData = R"({"systemGrantPermissions":[],)"\ + R"("userGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestB","grantMode":"user_grant","availableLevel":"system_basic",)"\ + R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false,)"\ + R"("description":"$string:test_description_B"}]})"; + ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); + EXPECT_EQ(0, permDefList.size()); + + permsRawData = R"({"systemGrantPermissions":[],)"\ + R"("userGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestB","grantMode":"user_grant","availableLevel":"system_basic",)"\ + R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false,})"\ + R"("label":"$string:test_label_B"]})"; + ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); + EXPECT_EQ(0, permDefList.size()); +} + +/** + * @tc.name: ParserPermsRawDataTest006 + * @tc.desc: Invalid param + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(JsonParseTest, ParserPermsRawDataTest006, TestSize.Level1) +{ + std::string permsRawData = R"({"systemGrantPermissions":[)"\ + R"({"name":123,"grantMode":"system_grant","availableLevel":"system_basic",)"\ + R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ + R"("userGrantPermissions":[]})"; + ConfigPolicLoader loader; + std::vector permDefList; + ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); + EXPECT_EQ(0, permDefList.size()); + + permsRawData = R"({"systemGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestA","grantMode":123,"availableLevel":"system_basic",)"\ + R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ + R"("userGrantPermissions":[]})"; + ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); + EXPECT_EQ(0, permDefList.size()); + + permsRawData = R"({"systemGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":123,)"\ + R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ + R"("userGrantPermissions":[]})"; + ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); + EXPECT_EQ(0, permDefList.size()); + + permsRawData = R"({"systemGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ + R"("availableType":SERVICE,"provisionEnable":true,"distributedSceneEnable":false}],)"\ + R"("userGrantPermissions":[]})"; + ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); + EXPECT_EQ(0, permDefList.size()); +} + +/** + * @tc.name: ParserPermsRawDataTest007 + * @tc.desc: Invalid param + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(JsonParseTest, ParserPermsRawDataTest007, TestSize.Level1) +{ + std::string permsRawData = R"({"systemGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ + R"("availableType":"SERVICE","provisionEnable":"true","distributedSceneEnable":false}],)"\ + R"("userGrantPermissions":[]})"; + ConfigPolicLoader loader; + std::vector permDefList; + ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); + EXPECT_EQ(0, permDefList.size()); + + permsRawData = R"({"systemGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ + R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":"false"}],)"\ + R"("userGrantPermissions":[]})"; + ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); + EXPECT_EQ(0, permDefList.size()); + + permsRawData = R"({"systemGrantPermissions":[],)"\ + R"("userGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestB","grantMode":"user_grant","availableLevel":"system_basic",)"\ + R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false,"label":123,)"\ + R"("description":"$string:test_description_B"}]})"; + ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); + EXPECT_EQ(0, permDefList.size()); + + permsRawData = R"({"systemGrantPermissions":[],)"\ + R"("userGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestB","grantMode":"user_grant","availableLevel":"system_basic",)"\ + R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false,)"\ + R"("label":"$string:test_label_B","description":123}]})"; + ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); + EXPECT_EQ(0, permDefList.size()); +} + +/** + * @tc.name: ParserPermsRawDataTest008 + * @tc.desc: Invalid param + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(JsonParseTest, ParserPermsRawDataTest008, TestSize.Level1) +{ + std::string permsRawData = R"({"systemGrantPermissions":[)"\ + R"({"name":"","grantMode":"system_grant","availableLevel":"system_basic",)"\ + R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ + R"("userGrantPermissions":[]})"; + ConfigPolicLoader loader; + std::vector permDefList; + ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); + EXPECT_EQ(0, permDefList.size()); + + permsRawData = R"({"systemGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"test",)"\ + R"("availableType":TEST,"provisionEnable":true,"distributedSceneEnable":"false"}],)"\ + R"("userGrantPermissions":[]})"; + ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); + EXPECT_EQ(0, permDefList.size()); +} + +#ifdef SUPPORT_SANDBOX_APP +static void PrepareJsonData1() +{ + std::string testStr = R"({"dlpPermissions":[)"\ + R"({"name":"ohos.permission.CAPTURE_SCREEN","dlpGrantRange":"none"},)"\ + R"({"name":"ohos.permission.CHANGE_ABILITY_ENABLED_STATE","dlpGrantRange":"all"},)"\ + R"({"name":"ohos.permission.CLEAN_APPLICATION_DATA","dlpGrantRange":"full_control"}]})"; + + ConfigPolicLoader loader; + std::vector dlpPerms; + loader.ParserDlpPermsRawData(testStr, permDefList); + for (auto iter = dlpPerms.begin(); iter != dlpPerms.end(); iter++) { + GTEST_LOG_(INFO) << "iter:" << iter->permissionName.c_str(); + } + DlpPermissionSetManager::GetInstance().ProcessDlpPermInfos(dlpPerms); +} + +/** + * @tc.name: DlpPermissionConfig001 + * @tc.desc: test DLP_COMMON app with system_grant permissions. + * @tc.type: FUNC + * @tc.require: SR000GVIGR + */ +HWTEST_F(PermissionManagerTest, DlpPermissionConfig001, TestSize.Level1) +{ + PrepareJsonData1(); + + g_infoManagerTestStateA.permissionName = "ohos.permission.CAPTURE_SCREEN"; + g_infoManagerTestStateB.permissionName = "ohos.permission.CHANGE_ABILITY_ENABLED_STATE"; + g_infoManagerTestStateC.permissionName = "ohos.permission.CLEAN_APPLICATION_DATA"; + g_infoManagerTestStateD.permissionName = "ohos.permission.COMMONEVENT_STICKY"; + + static HapPolicy infoManagerTestPolicyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain1", + .permList = {}, + .permStateList = {g_infoManagerTestStateA, g_infoManagerTestStateB, + g_infoManagerTestStateC, g_infoManagerTestStateD} + }; + static HapInfoParams infoManagerTestInfoParms = { + .userID = 1, + .bundleName = "DlpPermissionConfig001", + .instIndex = 0, + .dlpType = DLP_COMMON, + .appIDDesc = "DlpPermissionConfig001" + }; + AccessTokenIDEx tokenIdEx = {0}; + int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms, + infoManagerTestPolicyPrams, tokenIdEx); + ASSERT_EQ(RET_SUCCESS, ret); + GTEST_LOG_(INFO) << "add a hap token"; + + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( + tokenID, "ohos.permission.COMMONEVENT_STICKY"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( + tokenID, "ohos.permission.CAPTURE_SCREEN"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( + tokenID, "ohos.permission.CHANGE_ABILITY_ENABLED_STATE"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( + tokenID, "ohos.permission.CLEAN_APPLICATION_DATA"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + + ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); + GTEST_LOG_(INFO) << "remove the token info"; +} + +/** + * @tc.name: DlpPermissionConfig002 + * @tc.desc: test DLP_READ app with system_grant permissions. + * @tc.type: FUNC + * @tc.require: SR000GVIGR + */ +HWTEST_F(PermissionManagerTest, DlpPermissionConfig002, TestSize.Level1) +{ + PrepareJsonData1(); + + g_infoManagerTestStateA.permissionName = "ohos.permission.CAPTURE_SCREEN"; + g_infoManagerTestStateB.permissionName = "ohos.permission.CHANGE_ABILITY_ENABLED_STATE"; + g_infoManagerTestStateC.permissionName = "ohos.permission.CLEAN_APPLICATION_DATA"; + g_infoManagerTestStateD.permissionName = "ohos.permission.COMMONEVENT_STICKY"; + + static HapPolicy infoManagerTestPolicyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain2", + .permList = {}, + .permStateList = {g_infoManagerTestStateA, g_infoManagerTestStateB, + g_infoManagerTestStateC, g_infoManagerTestStateD} + }; + static HapInfoParams infoManagerTestInfoParms = { + .userID = 1, + .bundleName = "DlpPermissionConfig002", + .instIndex = 0, + .dlpType = DLP_READ, + .appIDDesc = "DlpPermissionConfig002" + }; + AccessTokenIDEx tokenIdEx = {0}; + int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms, + infoManagerTestPolicyPrams, tokenIdEx); + ASSERT_EQ(RET_SUCCESS, ret); + GTEST_LOG_(INFO) << "add a hap token"; + + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( + tokenID, "ohos.permission.CAPTURE_SCREEN"); + ASSERT_EQ(PERMISSION_DENIED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( + tokenID, "ohos.permission.COMMONEVENT_STICKY"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( + tokenID, "ohos.permission.CHANGE_ABILITY_ENABLED_STATE"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( + tokenID, "ohos.permission.CLEAN_APPLICATION_DATA"); + ASSERT_EQ(PERMISSION_DENIED, ret); + + ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); + GTEST_LOG_(INFO) << "remove the token info"; +} + +/** + * @tc.name: DlpPermissionConfig003 + * @tc.desc: test DLP_FULL_CONTROL app with system_grant permissions. + * @tc.type: FUNC + * @tc.require: SR000GVIGR + */ +HWTEST_F(PermissionManagerTest, DlpPermissionConfig003, TestSize.Level1) +{ + PrepareJsonData1(); + + g_infoManagerTestStateA.permissionName = "ohos.permission.CAPTURE_SCREEN"; + g_infoManagerTestStateB.permissionName = "ohos.permission.CHANGE_ABILITY_ENABLED_STATE"; + g_infoManagerTestStateC.permissionName = "ohos.permission.CLEAN_APPLICATION_DATA"; + g_infoManagerTestStateD.permissionName = "ohos.permission.COMMONEVENT_STICKY"; + + static HapPolicy infoManagerTestPolicyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain3", + .permList = {}, + .permStateList = {g_infoManagerTestStateA, g_infoManagerTestStateB, + g_infoManagerTestStateC, g_infoManagerTestStateD} + }; + static HapInfoParams infoManagerTestInfoParms = { + .userID = 1, + .bundleName = "DlpPermissionConfig003", + .instIndex = 0, + .dlpType = DLP_FULL_CONTROL, + .appIDDesc = "DlpPermissionConfig003" + }; + AccessTokenIDEx tokenIdEx = {0}; + int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms, + infoManagerTestPolicyPrams, tokenIdEx); + ASSERT_EQ(RET_SUCCESS, ret); + GTEST_LOG_(INFO) << "add a hap token"; + + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( + tokenID, "ohos.permission.CLEAN_APPLICATION_DATA"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( + tokenID, "ohos.permission.COMMONEVENT_STICKY"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( + tokenID, "ohos.permission.CAPTURE_SCREEN"); + ASSERT_EQ(PERMISSION_DENIED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( + tokenID, "ohos.permission.CHANGE_ABILITY_ENABLED_STATE"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); + GTEST_LOG_(INFO) << "remove the token info"; +} + +static void PrepareUserPermState() +{ + g_infoManagerTestStateA.permissionName = "ohos.permission.MEDIA_LOCATION"; + g_infoManagerTestStateA.grantStatus = PERMISSION_DENIED; + g_infoManagerTestStateB.permissionName = "ohos.permission.MICROPHONE"; + g_infoManagerTestStateB.grantStatus = PERMISSION_DENIED; + g_infoManagerTestStateC.permissionName = "ohos.permission.READ_CALENDAR"; + g_infoManagerTestStateC.grantStatus = PERMISSION_DENIED; + g_infoManagerTestStateD.permissionName = "ohos.permission.READ_CALL_LOG"; + g_infoManagerTestStateD.grantStatus = PERMISSION_DENIED; +} + +static void PrepareJsonData2() +{ + std::string testStr = R"({"dlpPermissions":[)"\ + R"({"name":"ohos.permission.MEDIA_LOCATION","dlpGrantRange":"none"},)"\ + R"({"name":"ohos.permission.MICROPHONE","dlpGrantRange":"all"},)"\ + R"({"name":"ohos.permission.READ_CALENDAR","dlpGrantRange":"full_control"}]})"; + + ConfigPolicLoader loader; + std::vector dlpPerms; + if (!loader.ParserDlpPermsRawData(testStr, permDefList)) { + GTEST_LOG_(INFO) << "ParserDlpPermsRawData failed."; + } + DlpPermissionSetManager::GetInstance().ProcessDlpPermInfos(dlpPermissions); +} + +/** + * @tc.name: DlpPermissionConfig004 + * @tc.desc: test DLP_COMMON app with user_grant permissions. + * @tc.type: FUNC + * @tc.require: SR000GVIGR + */ +HWTEST_F(PermissionManagerTest, DlpPermissionConfig004, TestSize.Level1) +{ + PrepareJsonData2(); + PrepareUserPermState(); + + static HapPolicy infoManagerTestPolicyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain4", + .permList = {g_infoManagerPermDef1, g_infoManagerPermDef2, + g_infoManagerPermDef3, g_infoManagerPermDef4}, + .permStateList = {g_infoManagerTestStateA, g_infoManagerTestStateB, + g_infoManagerTestStateC, g_infoManagerTestStateD} + }; + static HapInfoParams infoManagerTestInfoParms = { + .userID = 1, + .bundleName = "DlpPermissionConfig004", + .instIndex = 0, + .dlpType = DLP_COMMON, + .appIDDesc = "DlpPermissionConfig004" + }; + AccessTokenIDEx tokenIdEx = {0}; + int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms, + infoManagerTestPolicyPrams, tokenIdEx); + ASSERT_EQ(RET_SUCCESS, ret); + GTEST_LOG_(INFO) << "add a hap token"; + + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + + PermissionManager::GetInstance().GrantPermission(tokenID, + "ohos.permission.MEDIA_LOCATION", PERMISSION_USER_FIXED); + PermissionManager::GetInstance().GrantPermission(tokenID, + "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED); + PermissionManager::GetInstance().GrantPermission(tokenID, + "ohos.permission.READ_CALENDAR", PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + PermissionManager::GetInstance().GrantPermission(tokenID, + "ohos.permission.READ_CALL_LOG", PERMISSION_USER_FIXED); + + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.MEDIA_LOCATION"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.READ_CALENDAR"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.READ_CALL_LOG"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + + ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); + GTEST_LOG_(INFO) << "remove the token info"; +} + +/** + * @tc.name: DlpPermissionConfig005 + * @tc.desc: test DLP_READ app with user_grant permissions. + * @tc.type: FUNC + * @tc.require: SR000GVIGR + */ +HWTEST_F(PermissionManagerTest, DlpPermissionConfig005, TestSize.Level1) +{ + PrepareJsonData2(); + PrepareUserPermState(); + + static HapPolicy infoManagerTestPolicyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain5", + .permList = {g_infoManagerPermDef1, g_infoManagerPermDef2, + g_infoManagerPermDef3, g_infoManagerPermDef4}, + .permStateList = {g_infoManagerTestStateA, g_infoManagerTestStateB, + g_infoManagerTestStateC, g_infoManagerTestStateD} + }; + static HapInfoParams infoManagerTestInfoParms = { + .userID = 1, + .bundleName = "DlpPermissionConfig005", + .instIndex = 0, + .dlpType = DLP_READ, + .appIDDesc = "DlpPermissionConfig005" + }; + AccessTokenIDEx tokenIdEx = {0}; + int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms, + infoManagerTestPolicyPrams, tokenIdEx); + ASSERT_EQ(RET_SUCCESS, ret); + GTEST_LOG_(INFO) << "add a hap token"; + + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + + PermissionManager::GetInstance().GrantPermission(tokenID, + "ohos.permission.READ_CALENDAR", PERMISSION_USER_FIXED); + PermissionManager::GetInstance().GrantPermission(tokenID, + "ohos.permission.READ_CALL_LOG", PERMISSION_USER_FIXED); + PermissionManager::GetInstance().GrantPermission(tokenID, + "ohos.permission.MEDIA_LOCATION", PERMISSION_USER_FIXED); + PermissionManager::GetInstance().GrantPermission(tokenID, + "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED); + + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.READ_CALENDAR"); + ASSERT_EQ(PERMISSION_DENIED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.READ_CALL_LOG"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.MEDIA_LOCATION"); + ASSERT_EQ(PERMISSION_DENIED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + + ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); + GTEST_LOG_(INFO) << "remove the token info"; +} + +/** + * @tc.name: DlpPermissionConfig006 + * @tc.desc: test DLP_FULL_CONTROL app with user_grant permissions. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionManagerTest, DlpPermissionConfig006, TestSize.Level1) +{ + PrepareJsonData2(); + PrepareUserPermState(); + + static HapPolicy infoManagerTestPolicyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain6", + .permList = {g_infoManagerPermDef1, g_infoManagerPermDef2, + g_infoManagerPermDef3, g_infoManagerPermDef4}, + .permStateList = {g_infoManagerTestStateA, g_infoManagerTestStateB, + g_infoManagerTestStateC, g_infoManagerTestStateD} + }; + static HapInfoParams infoManagerTestInfoParms = { + .userID = 1, + .bundleName = "DlpPermissionConfig006", + .instIndex = 0, + .dlpType = DLP_FULL_CONTROL, + .appIDDesc = "DlpPermissionConfig006" + }; + AccessTokenIDEx tokenIdEx = {0}; + int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms, + infoManagerTestPolicyPrams, tokenIdEx); + ASSERT_EQ(RET_SUCCESS, ret); + GTEST_LOG_(INFO) << "add a hap token"; + + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + + PermissionManager::GetInstance().GrantPermission(tokenID, + "ohos.permission.READ_CALENDAR", PERMISSION_USER_FIXED); + PermissionManager::GetInstance().GrantPermission(tokenID, + "ohos.permission.MEDIA_LOCATION", PERMISSION_USER_FIXED); + PermissionManager::GetInstance().GrantPermission(tokenID, + "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED); + PermissionManager::GetInstance().GrantPermission(tokenID, + "ohos.permission.READ_CALL_LOG", PERMISSION_USER_FIXED); + + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.READ_CALENDAR"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.MEDIA_LOCATION"); + ASSERT_EQ(PERMISSION_DENIED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.READ_CALL_LOG"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + + ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); + GTEST_LOG_(INFO) << "remove the token info"; +} +#endif +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/services/el5filekeymanager/BUILD.gn b/services/el5filekeymanager/BUILD.gn index dc2a9c9d7a98c7aac765f9eace959f1622d7507d..b2445cc3282ff04d49bde504c85fd47e96f2a732 100644 --- a/services/el5filekeymanager/BUILD.gn +++ b/services/el5filekeymanager/BUILD.gn @@ -82,7 +82,6 @@ if (is_standard_system && ability_base_enable == true) { "c_utils:utils", "hilog:libhilog", "ipc:ipc_single", - "json:nlohmann_json_static", "safwk:system_ability_fwk", "samgr:samgr_proxy", ] diff --git a/services/privacymanager/BUILD.gn b/services/privacymanager/BUILD.gn index 92c48374a9486a510333186c231c5ee60f140d50..24f932dbde108aaa5321b5bb55a6bd723c4c66c0 100644 --- a/services/privacymanager/BUILD.gn +++ b/services/privacymanager/BUILD.gn @@ -62,12 +62,13 @@ if (is_standard_system && ability_base_enable == true) { "${access_token_path}/interfaces/innerkits/privacy/include", "${access_token_path}/interfaces/innerkits/privacy/src", "${access_token_path}/services/common/app_manager/include", - "${access_token_path}/services/common/config_policy/include", + "${access_token_path}/services/common/json_parse/include", "${access_token_path}/services/common/database/include", "${access_token_path}/services/common/handler/include", "${access_token_path}/services/common/libraryloader/include", "${access_token_path}/services/common/screenlock_manager/include", "${access_token_path}/services/common/utils/include", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/token", ] sources = [ @@ -133,10 +134,7 @@ if (is_standard_system && ability_base_enable == true) { } if (ohos_indep_compiler_enable) { - external_deps += [ - "bounds_checking_function:libsec_shared", - "json:nlohmann_json_static", - ] + external_deps += [ "bounds_checking_function:libsec_shared" ] } if (eventhandler_enable == true) { cflags_cc += [ "-DEVENTHANDLER_ENABLE" ] diff --git a/services/privacymanager/src/record/permission_record_manager.cpp b/services/privacymanager/src/record/permission_record_manager.cpp index 77751eee7830993cafeea02ca7dd5ce63f675b23..ad3e6b424d9c15b7f32acd7eb5b4e1f47dd8de22 100644 --- a/services/privacymanager/src/record/permission_record_manager.cpp +++ b/services/privacymanager/src/record/permission_record_manager.cpp @@ -29,13 +29,13 @@ #include "app_manager_access_client.h" #include "audio_manager_adapter.h" #include "camera_manager_adapter.h" -#include "config_policy_loader.h" #include "constant.h" #include "constant_common.h" #include "data_translator.h" #include "i_state_change_callback.h" #include "ipc_skeleton.h" #include "iservice_registry.h" +#include "json_parse_loader.h" #include "libraryloader.h" #include "parameter.h" #include "parcel_utils.h" @@ -1975,10 +1975,10 @@ void PermissionRecordManager::SetDefaultConfigValue() void PermissionRecordManager::GetConfigValue() { - LibraryLoader loader(CONFIG_POLICY_LIBPATH); + LibraryLoader loader(CONFIG_PARSE_LIBPATH); ConfigPolicyLoaderInterface* policy = loader.GetObject(); if (policy == nullptr) { - LOGE(PRI_DOMAIN, PRI_TAG, "Dlopen libaccesstoken_config_policy failed."); + LOGE(PRI_DOMAIN, PRI_TAG, "Dlopen libaccesstoken_json_parse failed."); return; } AccessTokenConfigValue value; diff --git a/services/privacymanager/test/coverage/BUILD.gn b/services/privacymanager/test/coverage/BUILD.gn index 2fad215660910147ab16f8175dfdf110b159a6cd..36d7efa6bf57a7d21d4bf0ee83f7690bcff45f7a 100644 --- a/services/privacymanager/test/coverage/BUILD.gn +++ b/services/privacymanager/test/coverage/BUILD.gn @@ -33,7 +33,7 @@ if (is_standard_system && ability_base_enable == true) { "${access_token_path}/interfaces/innerkits/privacy/include", "${access_token_path}/interfaces/innerkits/privacy/src", "${access_token_path}/services/common/app_manager/include", - "${access_token_path}/services/common/config_policy/include", + "${access_token_path}/services/common/json_parse/include", "${access_token_path}/services/common/database/include", "${access_token_path}/services/common/handler/include", "${access_token_path}/services/common/libraryloader/include", @@ -47,6 +47,7 @@ if (is_standard_system && ability_base_enable == true) { "${access_token_path}/services/privacymanager/include/proxy", "${access_token_path}/services/privacymanager/include/sensitive/audio_manager", "${access_token_path}/services/privacymanager/include/sensitive/camera_manager", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/token", ] sources = [ diff --git a/services/privacymanager/test/unittest/BUILD.gn b/services/privacymanager/test/unittest/BUILD.gn index 9899247f5eb0c611c00a77c71015813584d5b46b..1520b904c6f86e5268a0809d2e973308862d5f49 100644 --- a/services/privacymanager/test/unittest/BUILD.gn +++ b/services/privacymanager/test/unittest/BUILD.gn @@ -33,7 +33,7 @@ if (is_standard_system && ability_base_enable == true) { "${access_token_path}/interfaces/innerkits/privacy/include", "${access_token_path}/interfaces/innerkits/privacy/src", "${access_token_path}/services/common/app_manager/include", - "${access_token_path}/services/common/config_policy/include", + "${access_token_path}/services/common/json_parse/include", "${access_token_path}/services/common/database/include", "${access_token_path}/services/common/handler/include", "${access_token_path}/services/common/libraryloader/include", @@ -47,6 +47,7 @@ if (is_standard_system && ability_base_enable == true) { "${access_token_path}/services/privacymanager/include/proxy", "${access_token_path}/services/privacymanager/include/sensitive/audio_manager", "${access_token_path}/services/privacymanager/include/sensitive/camera_manager", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/token", ] sources = [ diff --git a/services/tokensyncmanager/BUILD.gn b/services/tokensyncmanager/BUILD.gn index 1630d590b0af2f12bad48a1512d8e2cc1d159c7d..74841d7b3435321faf4652e51e71262ab9cda127 100644 --- a/services/tokensyncmanager/BUILD.gn +++ b/services/tokensyncmanager/BUILD.gn @@ -58,7 +58,7 @@ if (token_sync_enable == true) { "${access_token_path}/frameworks/tokensync/include", "${access_token_path}/interfaces/innerkits/accesstoken/include", "${access_token_path}/services/accesstokenmanager/main/cpp/include/token", - "${access_token_path}/services/common/config_policy/include", + "${access_token_path}/services/common/json_parse/include", "${access_token_path}/services/common/handler/include", "${access_token_path}/services/common/libraryloader/include", ] @@ -103,15 +103,16 @@ if (token_sync_enable == true) { "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", "${access_token_path}/interfaces/innerkits/token_setproc:libtoken_setproc", "${access_token_path}/services/common:accesstoken_service_common", + "${access_token_path}/services/common/json_parse:accesstoken_cjson_utils", "${access_token_path}/services/tokensyncmanager:token_sync.rc", ] external_deps = [ + "cJSON:cjson", "c_utils:utils", "dsoftbus:softbus_client", "hilog:libhilog", "ipc:ipc_single", - "json:nlohmann_json_static", "safwk:system_ability_fwk", "samgr:samgr_proxy", "zlib:shared_libz", diff --git a/services/tokensyncmanager/include/command/base_remote_command.h b/services/tokensyncmanager/include/command/base_remote_command.h index da180d85d1bb536bf5c33c259f05cfff1a45ccfe..94452238c6fffa98980eab67e405c4f977c7a81f 100644 --- a/services/tokensyncmanager/include/command/base_remote_command.h +++ b/services/tokensyncmanager/include/command/base_remote_command.h @@ -17,10 +17,10 @@ #include +#include "cjson_utils.h" #include "constant.h" #include "hap_token_info.h" #include "native_token_info_base.h" -#include "nlohmann/json.hpp" #include "permission_status.h" #include "remote_protocol.h" @@ -45,20 +45,20 @@ public: virtual void Finish() = 0; virtual std::string ToJsonPayload() = 0; - nlohmann::json ToRemoteProtocolJson(); - void FromRemoteProtocolJson(const nlohmann::json& jsonObject); + CJsonUnique ToRemoteProtocolJson(); + void FromRemoteProtocolJson(const CJson* jsonObject); - void ToPermStateJson(nlohmann::json& permStateJson, const PermissionStatus& state); - void FromPermStateListJson(const nlohmann::json& hapTokenJson, + void ToPermStateJson(CJson* permStateJson, const PermissionStatus& state); + void FromPermStateListJson(const CJson* hapTokenJson, std::vector& permStateList); - void FromHapTokenBasicInfoJson(const nlohmann::json& hapTokenJson, + void FromHapTokenBasicInfoJson(const CJson* hapTokenJson, HapTokenInfo& hapTokenBasicInfo); - nlohmann::json ToHapTokenInfosJson(const HapTokenInfoForSync &tokenInfo); - void FromHapTokenInfoJson(const nlohmann::json& hapTokenJson, HapTokenInfoForSync& hapTokenInfo); - nlohmann::json ToNativeTokenInfoJson(const NativeTokenInfoBase& tokenInfo); - void FromNativeTokenInfoJson(const nlohmann::json& nativeTokenJson, NativeTokenInfoBase& nativeTokenInfo); + CJsonUnique ToHapTokenInfosJson(const HapTokenInfoForSync &tokenInfo); + void FromHapTokenInfoJson(const CJson* hapTokenJson, HapTokenInfoForSync& hapTokenInfo); + CJsonUnique ToNativeTokenInfoJson(const NativeTokenInfoBase& tokenInfo); + void FromNativeTokenInfoJson(const CJson* nativeTokenJson, NativeTokenInfoBase& nativeTokenInfo); RemoteProtocol remoteProtocol_; }; } // namespace AccessToken diff --git a/services/tokensyncmanager/include/remote/soft_bus_channel.h b/services/tokensyncmanager/include/remote/soft_bus_channel.h index 337739104bb987e899f7b7e7bf762a1642216936..f5b76756515785bc27755f175d77ae60ee5d165c 100644 --- a/services/tokensyncmanager/include/remote/soft_bus_channel.h +++ b/services/tokensyncmanager/include/remote/soft_bus_channel.h @@ -26,7 +26,7 @@ #include #include "accesstoken_common_log.h" -#include "nlohmann/json.hpp" +#include "cjson_utils.h" #include "rpc_channel.h" #include "socket.h" #include "random.h" @@ -331,12 +331,12 @@ public: */ std::string ToJson() const { - nlohmann::json json; - json["type"] = this->type_; - json["id"] = this->id_; - json["commandName"] = this->commandName_; - json["jsonPayload"] = this->jsonPayload_; - return json.dump(); + CJsonUnique json = CreateJson(); + AddStringToJson(json, "type", this->type_); + AddStringToJson(json, "id", this->id_); + AddStringToJson(json, "commandName", this->commandName_); + AddStringToJson(json, "jsonPayload", this->jsonPayload_); + return PackJsonToString(json); } const std::string &GetType() const diff --git a/services/tokensyncmanager/include/remote/soft_bus_manager.h b/services/tokensyncmanager/include/remote/soft_bus_manager.h index 624861ec9022fb5add65aa633e0093230518a827..d53e94e62e6b8c5ca0ea575dda6500f1cd7eda62 100644 --- a/services/tokensyncmanager/include/remote/soft_bus_manager.h +++ b/services/tokensyncmanager/include/remote/soft_bus_manager.h @@ -18,6 +18,7 @@ #include #include +#include #include #include #include diff --git a/services/tokensyncmanager/src/command/base_remote_command.cpp b/services/tokensyncmanager/src/command/base_remote_command.cpp index 708aed5bd3e29da133d0cc02fa7c9878f3f780ff..b78f83703cd85890920be885a92a75f31e770197 100644 --- a/services/tokensyncmanager/src/command/base_remote_command.cpp +++ b/services/tokensyncmanager/src/command/base_remote_command.cpp @@ -41,29 +41,7 @@ static const std::string JSON_INST_INDEX = "instIndex"; static const std::string JSON_DLP_TYPE = "dlpType"; } -static void GetStringFromJson(const nlohmann::json& jsonObject, const std::string& tag, std::string& out) -{ - if (jsonObject.find(tag) != jsonObject.end() && jsonObject.at(tag).is_string()) { - out = jsonObject.at(tag).get(); - } -} - -static void GetIntFromJson(const nlohmann::json& jsonObject, const std::string& tag, int32_t& out) -{ - if (jsonObject.find(tag) != jsonObject.end() && jsonObject.at(tag).is_number()) { - out = jsonObject.at(tag).get(); - } -} - -static void GetUnSignedIntFromJson(const nlohmann::json& jsonObject, const std::string& tag, - unsigned int& out) -{ - if (jsonObject.find(tag) != jsonObject.end() && jsonObject.at(tag).is_number()) { - out = jsonObject.at(tag).get(); - } -} - -void BaseRemoteCommand::FromRemoteProtocolJson(const nlohmann::json& jsonObject) +void BaseRemoteCommand::FromRemoteProtocolJson(const CJson* jsonObject) { GetStringFromJson(jsonObject, JSON_COMMAND_NAME, remoteProtocol_.commandName); GetStringFromJson(jsonObject, JSON_UNIQUEID, remoteProtocol_.uniqueId); @@ -78,116 +56,122 @@ void BaseRemoteCommand::FromRemoteProtocolJson(const nlohmann::json& jsonObject) GetStringFromJson(jsonObject, JSON_RESPONSE_DEVICEID, remoteProtocol_.responseDeviceId); } -nlohmann::json BaseRemoteCommand::ToRemoteProtocolJson() +CJsonUnique BaseRemoteCommand::ToRemoteProtocolJson() { - nlohmann::json j; - j["commandName"] = remoteProtocol_.commandName; - j["uniqueId"] = remoteProtocol_.uniqueId; - j["requestVersion"] = remoteProtocol_.requestVersion; - j["srcDeviceId"] = remoteProtocol_.srcDeviceId; - j["srcDeviceLevel"] = remoteProtocol_.srcDeviceLevel; - j["dstDeviceId"] = remoteProtocol_.dstDeviceId; - j["dstDeviceLevel"] = remoteProtocol_.dstDeviceLevel; - j["statusCode"] = remoteProtocol_.statusCode; - j["message"] = remoteProtocol_.message; - j["responseVersion"] = remoteProtocol_.responseVersion; - j["responseDeviceId"] = remoteProtocol_.responseDeviceId; + CJsonUnique j = CreateJson(); + AddStringToJson(j, "commandName", remoteProtocol_.commandName); + AddStringToJson(j, "uniqueId", remoteProtocol_.uniqueId); + AddIntToJson(j, "requestVersion", remoteProtocol_.requestVersion); + AddStringToJson(j, "srcDeviceId", remoteProtocol_.srcDeviceId); + AddStringToJson(j, "srcDeviceLevel", remoteProtocol_.srcDeviceLevel); + AddStringToJson(j, "dstDeviceId", remoteProtocol_.dstDeviceId); + AddStringToJson(j, "dstDeviceLevel", remoteProtocol_.dstDeviceLevel); + AddIntToJson(j, "statusCode", remoteProtocol_.statusCode); + AddStringToJson(j, "message", remoteProtocol_.message); + AddIntToJson(j, "responseVersion", remoteProtocol_.responseVersion); + AddStringToJson(j, "responseDeviceId", remoteProtocol_.responseDeviceId); return j; } -nlohmann::json BaseRemoteCommand::ToNativeTokenInfoJson(const NativeTokenInfoBase& tokenInfo) +CJsonUnique BaseRemoteCommand::ToNativeTokenInfoJson(const NativeTokenInfoBase& tokenInfo) { - nlohmann::json permStatesJson; + CJsonUnique permStatesJson = CreateJsonArray(); for (const auto& permState : tokenInfo.permStateList) { - nlohmann::json permStateJson; - ToPermStateJson(permStateJson, permState); - permStatesJson.emplace_back(permStateJson); + CJsonUnique permStateJson = CreateJson(); + ToPermStateJson(permStateJson.get(), permState); + AddObjToArray(permStatesJson, permStateJson); } - - nlohmann::json DcapsJson = nlohmann::json(tokenInfo.dcap); - nlohmann::json NativeAclsJson = nlohmann::json(tokenInfo.nativeAcls); - nlohmann::json nativeTokenJson = nlohmann::json { - {"processName", tokenInfo.processName}, - {"apl", tokenInfo.apl}, - {"version", tokenInfo.ver}, - {"tokenId", tokenInfo.tokenID}, - {"tokenAttr", tokenInfo.tokenAttr}, - {"dcaps", DcapsJson}, - {"nativeAcls", NativeAclsJson}, - {"permState", permStatesJson}, - }; + CJsonUnique DcapsJson = CreateJsonArray(); + for (const auto& item : tokenInfo.dcap) { + cJSON *tmpObj = cJSON_CreateString(item.c_str()); + AddObjToArray(DcapsJson.get(), tmpObj); + cJSON_Delete(tmpObj); + tmpObj = nullptr; + } + CJsonUnique NativeAclsJson = CreateJsonArray(); + for (const auto& item : tokenInfo.nativeAcls) { + cJSON *tmpObj = cJSON_CreateString(item.c_str()); + AddObjToArray(NativeAclsJson.get(), tmpObj); + cJSON_Delete(tmpObj); + tmpObj = nullptr; + } + CJsonUnique nativeTokenJson = CreateJson(); + AddStringToJson(nativeTokenJson, "processName", tokenInfo.processName); + AddIntToJson(nativeTokenJson, "apl", tokenInfo.apl); + AddUnsignedIntToJson(nativeTokenJson, "version", tokenInfo.ver); + AddUnsignedIntToJson(nativeTokenJson, "tokenId", tokenInfo.tokenID); + AddUnsignedIntToJson(nativeTokenJson, "tokenAttr", tokenInfo.tokenAttr); + AddObjToJson(nativeTokenJson, "dcaps", DcapsJson); + AddObjToJson(nativeTokenJson, "nativeAcls", NativeAclsJson); + AddObjToJson(nativeTokenJson, "permState", permStatesJson); return nativeTokenJson; } -void BaseRemoteCommand::ToPermStateJson(nlohmann::json& permStateJson, const PermissionStatus& state) +void BaseRemoteCommand::ToPermStateJson(cJSON* permStateJson, const PermissionStatus& state) { - permStateJson["permissionName"] = state.permissionName; - permStateJson["grantStatus"] = state.grantStatus; - permStateJson["grantFlag"] = state.grantFlag; + AddStringToJson(permStateJson, "permissionName", state.permissionName); + AddIntToJson(permStateJson, "grantStatus", state.grantStatus); + AddUnsignedIntToJson(permStateJson, "grantFlag", state.grantFlag); } -nlohmann::json BaseRemoteCommand::ToHapTokenInfosJson(const HapTokenInfoForSync& tokenInfo) +CJsonUnique BaseRemoteCommand::ToHapTokenInfosJson(const HapTokenInfoForSync& tokenInfo) { - nlohmann::json permStatesJson; + CJsonUnique permStatesJson = CreateJsonArray(); for (const auto& permState : tokenInfo.permStateList) { - nlohmann::json permStateJson; - ToPermStateJson(permStateJson, permState); - permStatesJson.emplace_back(permStateJson); + CJsonUnique permStateJson = CreateJson(); + ToPermStateJson(permStateJson.get(), permState); + AddObjToArray(permStatesJson, permStateJson); } - - nlohmann::json hapTokensJson = nlohmann::json { - {"version", tokenInfo.baseInfo.ver}, - {"tokenID", tokenInfo.baseInfo.tokenID}, - {"tokenAttr", tokenInfo.baseInfo.tokenAttr}, - {"userID", tokenInfo.baseInfo.userID}, - {"bundleName", tokenInfo.baseInfo.bundleName}, - {"instIndex", tokenInfo.baseInfo.instIndex}, - {"dlpType", tokenInfo.baseInfo.dlpType}, - {"permState", permStatesJson} - }; + CJsonUnique hapTokensJson = CreateJson(); + AddIntToJson(hapTokensJson, JSON_VERSION, tokenInfo.baseInfo.ver); + AddUnsignedIntToJson(hapTokensJson, JSON_TOKENID, tokenInfo.baseInfo.tokenID); + AddUnsignedIntToJson(hapTokensJson, JSON_TOKEN_ATTR, tokenInfo.baseInfo.tokenAttr); + AddIntToJson(hapTokensJson, JSON_USERID, tokenInfo.baseInfo.userID); + AddStringToJson(hapTokensJson, JSON_BUNDLE_NAME, tokenInfo.baseInfo.bundleName); + AddIntToJson(hapTokensJson, JSON_INST_INDEX, tokenInfo.baseInfo.instIndex); + AddIntToJson(hapTokensJson, JSON_DLP_TYPE, tokenInfo.baseInfo.dlpType); + AddObjToJson(hapTokensJson, "permState", permStatesJson); return hapTokensJson; } -void BaseRemoteCommand::FromHapTokenBasicInfoJson(const nlohmann::json& hapTokenJson, +void BaseRemoteCommand::FromHapTokenBasicInfoJson(const cJSON* hapTokenJson, HapTokenInfo& hapTokenBasicInfo) { - if (hapTokenJson.find("version") != hapTokenJson.end() && hapTokenJson.at("version").is_number()) { - hapTokenJson.at("version").get_to(hapTokenBasicInfo.ver); - } - - GetUnSignedIntFromJson(hapTokenJson, JSON_TOKENID, hapTokenBasicInfo.tokenID); - GetUnSignedIntFromJson(hapTokenJson, JSON_TOKEN_ATTR, hapTokenBasicInfo.tokenAttr); + int32_t ver; + GetIntFromJson(hapTokenJson, JSON_VERSION, ver); + hapTokenBasicInfo.ver = (char)ver; + GetUnsignedIntFromJson(hapTokenJson, JSON_TOKENID, hapTokenBasicInfo.tokenID); + GetUnsignedIntFromJson(hapTokenJson, JSON_TOKEN_ATTR, hapTokenBasicInfo.tokenAttr); GetIntFromJson(hapTokenJson, JSON_USERID, hapTokenBasicInfo.userID); GetStringFromJson(hapTokenJson, JSON_BUNDLE_NAME, hapTokenBasicInfo.bundleName); GetIntFromJson(hapTokenJson, JSON_INST_INDEX, hapTokenBasicInfo.instIndex); GetIntFromJson(hapTokenJson, JSON_DLP_TYPE, hapTokenBasicInfo.dlpType); } -void BaseRemoteCommand::FromPermStateListJson(const nlohmann::json& hapTokenJson, +void BaseRemoteCommand::FromPermStateListJson(const cJSON* hapTokenJson, std::vector& permStateList) { - if (hapTokenJson.find("permState") != hapTokenJson.end() - && hapTokenJson.at("permState").is_array() - && !hapTokenJson.at("permState").empty()) { - nlohmann::json permissionsJson = hapTokenJson.at("permState").get(); - for (const auto& permissionJson : permissionsJson) { + cJSON *jsonObjTmp = GetArrayFromJson(hapTokenJson, "permState"); + if (jsonObjTmp != nullptr) { + int len = cJSON_GetArraySize(jsonObjTmp); + for (int i = 0; i < len; i++) { + cJSON *permissionJson = cJSON_GetArrayItem(jsonObjTmp, i); PermissionStatus permission; - if (permissionJson.find("permissionName") == permissionJson.end() || - !permissionJson.at("permissionName").is_string() || - permissionJson.find("grantStatus") == permissionJson.end() || - !permissionJson.at("grantStatus").is_number() || - permissionJson.find("grantFlag") == permissionJson.end() || - !permissionJson.at("grantFlag").is_number()) { + if (!GetStringFromJson(permissionJson, "permissionName", permission.permissionName)) { + continue; + } + if (!GetIntFromJson(permissionJson, "grantStatus", permission.grantStatus)) { + continue; + } + if (!GetUnsignedIntFromJson(permissionJson, "grantFlag", permission.grantFlag)) { continue; } - permissionJson.at("permissionName").get_to(permission.permissionName); - permissionJson.at("grantStatus").get_to(permission.grantStatus); - permissionJson.at("grantFlag").get_to(permission.grantFlag); + permStateList.emplace_back(permission); } } } -void BaseRemoteCommand::FromHapTokenInfoJson(const nlohmann::json& hapTokenJson, +void BaseRemoteCommand::FromHapTokenInfoJson(const cJSON* hapTokenJson, HapTokenInfoForSync& hapTokenInfo) { FromHapTokenBasicInfoJson(hapTokenJson, hapTokenInfo.baseInfo); @@ -198,36 +182,41 @@ void BaseRemoteCommand::FromHapTokenInfoJson(const nlohmann::json& hapTokenJson, FromPermStateListJson(hapTokenJson, hapTokenInfo.permStateList); } -void BaseRemoteCommand::FromNativeTokenInfoJson(const nlohmann::json& nativeTokenJson, +void BaseRemoteCommand::FromNativeTokenInfoJson(const cJSON* nativeTokenJson, NativeTokenInfoBase& nativeTokenInfo) { - if (nativeTokenJson.find("processName") != nativeTokenJson.end() && nativeTokenJson.at("processName").is_string()) { - nativeTokenInfo.processName = nativeTokenJson.at("processName").get(); + GetStringFromJson(nativeTokenJson, "processName", nativeTokenInfo.processName); + int32_t apl; + GetIntFromJson(nativeTokenJson, "apl", apl); + if (DataValidator::IsAplNumValid(apl)) { + nativeTokenInfo.apl = static_cast(apl); } - if (nativeTokenJson.find("apl") != nativeTokenJson.end() && nativeTokenJson.at("apl").is_number()) { - int apl = nativeTokenJson.at("apl").get(); - if (DataValidator::IsAplNumValid(apl)) { - nativeTokenInfo.apl = static_cast(apl); + int32_t ver; + GetIntFromJson(nativeTokenJson, JSON_VERSION, ver); + nativeTokenInfo.ver = (char)ver; + GetUnsignedIntFromJson(nativeTokenJson, "tokenId", nativeTokenInfo.tokenID); + GetUnsignedIntFromJson(nativeTokenJson, "tokenAttr", nativeTokenInfo.tokenAttr); + + cJSON *dcapsJson = GetArrayFromJson(nativeTokenJson, "dcaps"); + if (dcapsJson != nullptr) { + CJson *dcap = nullptr; + std::vector dcaps; + cJSON_ArrayForEach(dcap, dcapsJson) { + std::string item = cJSON_GetStringValue(dcap); + dcaps.push_back(item); } + nativeTokenInfo.dcap = dcaps; } - if (nativeTokenJson.find("version") != nativeTokenJson.end() && nativeTokenJson.at("version").is_number()) { - nativeTokenInfo.ver = (unsigned)nativeTokenJson.at("version").get(); - } - if (nativeTokenJson.find("tokenId") != nativeTokenJson.end() && nativeTokenJson.at("tokenId").is_number()) { - nativeTokenInfo.tokenID = (unsigned)nativeTokenJson.at("tokenId").get(); - } - if (nativeTokenJson.find("tokenAttr") != nativeTokenJson.end() && nativeTokenJson.at("tokenAttr").is_number()) { - nativeTokenInfo.tokenAttr = (unsigned)nativeTokenJson.at("tokenAttr").get(); - } - if (nativeTokenJson.find("dcaps") != nativeTokenJson.end() && nativeTokenJson.at("dcaps").is_array() - && !nativeTokenJson.at("dcaps").empty() && (nativeTokenJson.at("dcaps"))[0].is_string()) { - nativeTokenInfo.dcap = nativeTokenJson.at("dcaps").get>(); - } - if (nativeTokenJson.find("nativeAcls") != nativeTokenJson.end() && nativeTokenJson.at("nativeAcls").is_array() - && !nativeTokenJson.at("nativeAcls").empty() && (nativeTokenJson.at("nativeAcls"))[0].is_string()) { - nativeTokenInfo.nativeAcls = nativeTokenJson.at("nativeAcls").get>(); + cJSON *nativeAclsJson = GetArrayFromJson(nativeTokenJson, "nativeAcls"); + if (nativeAclsJson != nullptr) { + CJson *acl = nullptr; + std::vector nativeAcls; + cJSON_ArrayForEach(acl, nativeAclsJson) { + std::string item = cJSON_GetStringValue(acl); + nativeAcls.push_back(item); + } + nativeTokenInfo.nativeAcls = nativeAcls; } - FromPermStateListJson(nativeTokenJson, nativeTokenInfo.permStateList); } } // namespace AccessToken diff --git a/services/tokensyncmanager/src/command/delete_remote_token_command.cpp b/services/tokensyncmanager/src/command/delete_remote_token_command.cpp index d522e198449e04215905a1fca23e3dcae18411ae..11e3e6fea37806e8e519495279ed928c079c71b9 100644 --- a/services/tokensyncmanager/src/command/delete_remote_token_command.cpp +++ b/services/tokensyncmanager/src/command/delete_remote_token_command.cpp @@ -42,27 +42,27 @@ DeleteRemoteTokenCommand::DeleteRemoteTokenCommand( DeleteRemoteTokenCommand::DeleteRemoteTokenCommand(const std::string& json) { deleteTokenId_ = 0; - nlohmann::json jsonObject = nlohmann::json::parse(json, nullptr, false); - if (jsonObject.is_discarded()) { + CJsonUnique jsonObject = CreateJsonFromString(json); + if (jsonObject == nullptr) { LOGE(ATM_DOMAIN, ATM_TAG, "JsonObject is invalid."); return; } - BaseRemoteCommand::FromRemoteProtocolJson(jsonObject); - - if (jsonObject.find("tokenId") != jsonObject.end() && jsonObject.at("tokenId").is_number()) { - deleteTokenId_ = (AccessTokenID)jsonObject.at("tokenId").get(); + BaseRemoteCommand::FromRemoteProtocolJson(jsonObject.get()); + uint32_t tokenId; + if (GetUnsignedIntFromJson(jsonObject, "tokenId", tokenId)) { + deleteTokenId_ = (AccessTokenID)tokenId; } } std::string DeleteRemoteTokenCommand::ToJsonPayload() { - nlohmann::json j = BaseRemoteCommand::ToRemoteProtocolJson(); - if (j.is_discarded()) { + CJsonUnique j = BaseRemoteCommand::ToRemoteProtocolJson(); + if (j == nullptr) { LOGE(ATM_DOMAIN, ATM_TAG, "J is invalid."); return ""; } - j["tokenId"] = deleteTokenId_; - return j.dump(); + AddUnsignedIntToJson(j, "tokenId", deleteTokenId_); + return PackJsonToString(j); } void DeleteRemoteTokenCommand::Prepare() diff --git a/services/tokensyncmanager/src/command/sync_remote_hap_token_command.cpp b/services/tokensyncmanager/src/command/sync_remote_hap_token_command.cpp index 9885ff06985a84dd68ba5f5c72126873a8f17c1f..2ad94ec4801725fb91f6361d1eb9be783aa23580 100644 --- a/services/tokensyncmanager/src/command/sync_remote_hap_token_command.cpp +++ b/services/tokensyncmanager/src/command/sync_remote_hap_token_command.cpp @@ -54,28 +54,27 @@ SyncRemoteHapTokenCommand::SyncRemoteHapTokenCommand(const std::string &json) hapTokenInfo_.baseInfo.userID = 0; hapTokenInfo_.baseInfo.ver = DEFAULT_TOKEN_VERSION; - nlohmann::json jsonObject = nlohmann::json::parse(json, nullptr, false); - if (jsonObject.is_discarded()) { + CJsonUnique jsonObject = CreateJsonFromString(json); + if (jsonObject == nullptr) { LOGE(ATM_DOMAIN, ATM_TAG, "JsonObject is invalid."); return; } - BaseRemoteCommand::FromRemoteProtocolJson(jsonObject); - if ((jsonObject.find("requestTokenId") != jsonObject.end()) && (jsonObject.at("requestTokenId").is_number())) { - jsonObject.at("requestTokenId").get_to(requestTokenId_); - } + BaseRemoteCommand::FromRemoteProtocolJson(jsonObject.get()); + GetUnsignedIntFromJson(jsonObject, "requestTokenId", requestTokenId_); - if ((jsonObject.find("HapTokenInfo") != jsonObject.end()) && (jsonObject.at("HapTokenInfo").is_object())) { - nlohmann::json hapTokenJson = jsonObject.at("HapTokenInfo").get(); + CJson *hapTokenJson = GetObjFromJson(jsonObject, "HapTokenInfo"); + if (hapTokenJson != nullptr) { BaseRemoteCommand::FromHapTokenInfoJson(hapTokenJson, hapTokenInfo_); } } std::string SyncRemoteHapTokenCommand::ToJsonPayload() { - nlohmann::json j = BaseRemoteCommand::ToRemoteProtocolJson(); - j["requestTokenId"] = requestTokenId_; - j["HapTokenInfo"] = BaseRemoteCommand::ToHapTokenInfosJson(hapTokenInfo_); - return j.dump(); + CJsonUnique j = BaseRemoteCommand::ToRemoteProtocolJson(); + AddUnsignedIntToJson(j, "requestTokenId", requestTokenId_); + CJsonUnique HapTokenInfo = BaseRemoteCommand::ToHapTokenInfosJson(hapTokenInfo_); + AddObjToJson(j, "HapTokenInfo", HapTokenInfo); + return PackJsonToString(j); } void SyncRemoteHapTokenCommand::Prepare() diff --git a/services/tokensyncmanager/src/command/update_remote_hap_token_command.cpp b/services/tokensyncmanager/src/command/update_remote_hap_token_command.cpp index 4a36a44c4274f66889dc63e510f7bd0a78b2cba5..cd1ce38f8941efd6001146684061e8765d3fed59 100644 --- a/services/tokensyncmanager/src/command/update_remote_hap_token_command.cpp +++ b/services/tokensyncmanager/src/command/update_remote_hap_token_command.cpp @@ -40,24 +40,25 @@ UpdateRemoteHapTokenCommand::UpdateRemoteHapTokenCommand( UpdateRemoteHapTokenCommand::UpdateRemoteHapTokenCommand(const std::string &json) { - nlohmann::json jsonObject = nlohmann::json::parse(json, nullptr, false); - if (jsonObject.is_discarded()) { + CJsonUnique jsonObject = CreateJsonFromString(json); + if (jsonObject == nullptr) { LOGE(ATM_DOMAIN, ATM_TAG, "JsonObject is invalid."); return; } - BaseRemoteCommand::FromRemoteProtocolJson(jsonObject); + BaseRemoteCommand::FromRemoteProtocolJson(jsonObject.get()); - if ((jsonObject.find("HapTokenInfos") != jsonObject.end()) && (jsonObject.at("HapTokenInfos").is_object())) { - nlohmann::json hapTokenJson = jsonObject.at("HapTokenInfos").get(); + CJson *hapTokenJson = GetObjFromJson(jsonObject, "HapTokenInfos"); + if (hapTokenJson != nullptr) { BaseRemoteCommand::FromHapTokenInfoJson(hapTokenJson, updateTokenInfo_); } } std::string UpdateRemoteHapTokenCommand::ToJsonPayload() { - nlohmann::json j = BaseRemoteCommand::ToRemoteProtocolJson(); - j["HapTokenInfos"] = BaseRemoteCommand::ToHapTokenInfosJson(updateTokenInfo_); - return j.dump(); + CJsonUnique j = BaseRemoteCommand::ToRemoteProtocolJson(); + CJsonUnique HapTokenInfos = BaseRemoteCommand::ToHapTokenInfosJson(updateTokenInfo_); + AddObjToJson(j, "HapTokenInfos", HapTokenInfos); + return PackJsonToString(j); } void UpdateRemoteHapTokenCommand::Prepare() diff --git a/services/tokensyncmanager/src/remote/remote_command_factory.cpp b/services/tokensyncmanager/src/remote/remote_command_factory.cpp index 88ecff12441539a3d8cef5d9cc987bfbdd35ce6b..f485ed8059a50e8e82d4719d084497a59a1f8b1c 100644 --- a/services/tokensyncmanager/src/remote/remote_command_factory.cpp +++ b/services/tokensyncmanager/src/remote/remote_command_factory.cpp @@ -15,7 +15,7 @@ #include "remote_command_factory.h" -#include "nlohmann/json.hpp" +#include namespace OHOS { namespace Security { diff --git a/services/tokensyncmanager/src/remote/soft_bus_channel.cpp b/services/tokensyncmanager/src/remote/soft_bus_channel.cpp index 6df536fc48f4056f050428c67d1cabd8c693e5de..439da17929b20ea76ab95972a7e2a92dc66e24f7 100644 --- a/services/tokensyncmanager/src/remote/soft_bus_channel.cpp +++ b/services/tokensyncmanager/src/remote/soft_bus_channel.cpp @@ -452,12 +452,8 @@ int SoftBusChannel::SendResponseBytes(int socket, const unsigned char *bytes, co std::shared_ptr SoftBusMessage::FromJson(const std::string &jsonString) { - nlohmann::json json; - if (!json.accept(jsonString)) { - return nullptr; - } - json = json.parse(jsonString, nullptr, false); - if (json.is_discarded() || (!json.is_object())) { + CJsonUnique json = CreateJsonFromString(jsonString); + if (json == nullptr || cJSON_IsObject(json.get()) == false) { LOGE(ATM_DOMAIN, ATM_TAG, "Failed to parse jsonString"); return nullptr; } @@ -466,22 +462,10 @@ std::shared_ptr SoftBusMessage::FromJson(const std::string &json std::string id; std::string commandName; std::string jsonPayload; - if (json.find("type") != json.end() && json.at("type").is_string()) { - json.at("type").get_to(type); - } - if (json.find("id") != json.end() && json.at("id").is_string()) { - json.at("id").get_to(id); - } - if (json.find("commandName") != json.end() && json.at("commandName").is_string()) { - json.at("commandName").get_to(commandName); - } - if (json.find("jsonPayload") != json.end() && json.at("jsonPayload").is_string()) { - json.at("jsonPayload").get_to(jsonPayload); - } - if (type.empty() || id.empty() || commandName.empty() || jsonPayload.empty()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to get json string(json format error)"); - return nullptr; - } + GetStringFromJson(json.get(), "type", type); + GetStringFromJson(json.get(), "id", id); + GetStringFromJson(json.get(), "commandName", commandName); + GetStringFromJson(json.get(), "jsonPayload", jsonPayload); std::shared_ptr message = std::make_shared(type, id, commandName, jsonPayload); return message; } diff --git a/services/tokensyncmanager/src/remote/soft_bus_manager.cpp b/services/tokensyncmanager/src/remote/soft_bus_manager.cpp index 91997de7f596e24f131aae4f2edccb11f1d54191..82cf5470aab0610135c2d5b9b427c33dfce03e78 100644 --- a/services/tokensyncmanager/src/remote/soft_bus_manager.cpp +++ b/services/tokensyncmanager/src/remote/soft_bus_manager.cpp @@ -19,12 +19,12 @@ #include #include "accesstoken_common_log.h" -#include "config_policy_loader.h" #include "constant.h" #include "constant_common.h" #include "device_info_manager.h" #include "device_manager.h" #include "ipc_skeleton.h" +#include "json_parse_loader.h" #include "libraryloader.h" #include "remote_command_manager.h" #include "soft_bus_device_connection_listener.h" @@ -224,10 +224,10 @@ void SoftBusManager::SetDefaultConfigValue() void SoftBusManager::GetConfigValue() { - LibraryLoader loader(CONFIG_POLICY_LIBPATH); + LibraryLoader loader(CONFIG_PARSE_LIBPATH); ConfigPolicyLoaderInterface* policy = loader.GetObject(); if (policy == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Dlopen libaccesstoken_config_policy failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "Dlopen libaccesstoken_json_parse failed."); return; } AccessTokenConfigValue value; diff --git a/services/tokensyncmanager/test/coverage/BUILD.gn b/services/tokensyncmanager/test/coverage/BUILD.gn index f047ea9ed9ff1c58e9edf326e5b13bca25c4298a..5ddfb2d6f65e75f7571edd5316615e6ff6099d97 100644 --- a/services/tokensyncmanager/test/coverage/BUILD.gn +++ b/services/tokensyncmanager/test/coverage/BUILD.gn @@ -61,7 +61,7 @@ ohos_unittest("libtoken_sync_service_coverage_test") { "${access_token_path}/interfaces/innerkits/nativetoken/include", "${access_token_path}/interfaces/innerkits/token_setproc/include", "${access_token_path}/services/accesstokenmanager/main/cpp/include/token", - "${access_token_path}/services/common/config_policy/include", + "${access_token_path}/services/common/json_parse/include", "${access_token_path}/services/common/handler/include", ] @@ -71,6 +71,7 @@ ohos_unittest("libtoken_sync_service_coverage_test") { "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", "${access_token_path}/interfaces/innerkits/token_setproc:libtoken_setproc", "${access_token_path}/services/common:accesstoken_service_common", + "${access_token_path}/services/common/json_parse:accesstoken_cjson_utils", ] cflags_cc = [ "-DHILOG_ENABLE" ] @@ -78,11 +79,11 @@ ohos_unittest("libtoken_sync_service_coverage_test") { configs = [ "${access_token_path}/config:coverage_flags" ] external_deps = [ + "cJSON:cjson", "c_utils:utils", "dsoftbus:softbus_client", "hilog:libhilog", "ipc:ipc_single", - "json:nlohmann_json_static", "safwk:system_ability_fwk", "zlib:libz", ] diff --git a/services/tokensyncmanager/test/unittest/BUILD.gn b/services/tokensyncmanager/test/unittest/BUILD.gn index d3c771c7c84b09ae5dc499f8a0ed08bc5758527a..7c224502045d6d3317806caf54dfa81dd849c2a9 100644 --- a/services/tokensyncmanager/test/unittest/BUILD.gn +++ b/services/tokensyncmanager/test/unittest/BUILD.gn @@ -61,7 +61,7 @@ ohos_unittest("libtoken_sync_service_standard_test") { "${access_token_path}/interfaces/innerkits/nativetoken/include", "${access_token_path}/interfaces/innerkits/token_setproc/include", "${access_token_path}/services/accesstokenmanager/main/cpp/include/token", - "${access_token_path}/services/common/config_policy/include", + "${access_token_path}/services/common/json_parse/include", "${access_token_path}/services/common/handler/include", ] @@ -71,6 +71,7 @@ ohos_unittest("libtoken_sync_service_standard_test") { "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", "${access_token_path}/services/common:accesstoken_service_common", + "${access_token_path}/services/common/json_parse:accesstoken_cjson_utils", ] cflags_cc = [ "-DHILOG_ENABLE" ] @@ -82,11 +83,11 @@ ohos_unittest("libtoken_sync_service_standard_test") { configs = [ "${access_token_path}/config:coverage_flags" ] external_deps = [ + "cJSON:cjson", "c_utils:utils", "dsoftbus:softbus_client", "hilog:libhilog", "ipc:ipc_single", - "json:nlohmann_json_static", "safwk:system_ability_fwk", "zlib:libz", ] diff --git a/services/tokensyncmanager/test/unittest/token_sync_service_test.cpp b/services/tokensyncmanager/test/unittest/token_sync_service_test.cpp index cdca7a6219f933ee0fe71deae92e6f609a4ca69f..be54f37349f40a7bb3fb2e3cf4164699fe4dedf2 100644 --- a/services/tokensyncmanager/test/unittest/token_sync_service_test.cpp +++ b/services/tokensyncmanager/test/unittest/token_sync_service_test.cpp @@ -475,26 +475,26 @@ HWTEST_F(TokenSyncServiceTest, FromPermStateListJson001, TestSize.Level1) .baseInfo = baseInfo, .permStateList = permStateList }; - nlohmann::json hapTokenJson; + CJsonUnique hapTokenJson; auto cmd = std::make_shared(); hapTokenJson = cmd->ToHapTokenInfosJson(remoteTokenInfo); HapTokenInfoForSync hap; - cmd->FromHapTokenBasicInfoJson(hapTokenJson, hap.baseInfo); - cmd->FromPermStateListJson(hapTokenJson, hap.permStateList); + cmd->FromHapTokenBasicInfoJson(hapTokenJson.get(), hap.baseInfo); + cmd->FromPermStateListJson(hapTokenJson.get(), hap.permStateList); PermissionStatus state1 = { .permissionName = "ohos.permission.test1", .grantStatus = PermissionState::PERMISSION_GRANTED, .grantFlag = PermissionFlag::PERMISSION_SYSTEM_FIXED}; - nlohmann::json permStateJson; - cmd->ToPermStateJson(permStateJson, state1); + CJsonUnique permStateJson = CreateJson(); + cmd->ToPermStateJson(permStateJson.get(), state1); PermissionStatus state2 = { .permissionName = "ohos.permission.test1", .grantStatus = PermissionState::PERMISSION_GRANTED, .grantFlag = PermissionFlag::PERMISSION_SYSTEM_FIXED}; - cmd->ToPermStateJson(permStateJson, state2); + cmd->ToPermStateJson(permStateJson.get(), state2); EXPECT_EQ(hap.baseInfo.tokenID, remoteTokenInfo.baseInfo.tokenID); } @@ -509,13 +509,13 @@ HWTEST_F(TokenSyncServiceTest, FromNativeTokenInfoJson001, TestSize.Level1) { auto cmd = std::make_shared(); - nlohmann::json nativeTokenListJsonNull; + CJsonUnique nativeTokenListJsonNull = CreateJson(); NativeTokenInfoBase tokenNull; - cmd->FromNativeTokenInfoJson(nativeTokenListJsonNull, tokenNull); + cmd->FromNativeTokenInfoJson(nativeTokenListJsonNull.get(), tokenNull); - nlohmann::json hapTokenJsonNull; + CJsonUnique hapTokenJsonNull = CreateJson(); HapTokenInfo hapTokenBasicInfoNull; - cmd->FromHapTokenBasicInfoJson(hapTokenJsonNull, hapTokenBasicInfoNull); + cmd->FromHapTokenBasicInfoJson(hapTokenJsonNull.get(), hapTokenBasicInfoNull); NativeTokenInfoBase native1 = { .apl = APL_NORMAL, @@ -526,9 +526,10 @@ HWTEST_F(TokenSyncServiceTest, FromNativeTokenInfoJson001, TestSize.Level1) .tokenAttr = 0, .nativeAcls = {}, }; - nlohmann::json nativeTokenListJson = cmd->ToNativeTokenInfoJson(native1); + + CJsonUnique nativeTokenListJson = cmd->ToNativeTokenInfoJson(native1); NativeTokenInfoBase token; - cmd->FromNativeTokenInfoJson(nativeTokenListJson, token); + cmd->FromNativeTokenInfoJson(nativeTokenListJson.get(), token); EXPECT_EQ(token.processName, "token_sync_test"); EXPECT_EQ(token.apl, ATokenAplEnum::APL_NORMAL); } @@ -543,31 +544,32 @@ HWTEST_F(TokenSyncServiceTest, FromPermStateListJson002, TestSize.Level1) { auto cmd = std::make_shared(); - nlohmann::json hapTokenJsonNull = "{\\\"bundleName\\\":\\\"\\\"," + CJsonUnique hapTokenJsonNull = CreateJsonFromString("{\\\"bundleName\\\":\\\"\\\"," "\\\"instIndex\\\":0,\\\"permState\\\":[{\\\"permissionName\\\":\\\"TEST\\\", " "\\\"grantStatus\\\":0, \\\"grantFlag\\\":0}],\\\"tokenAttr\\\":0," - "\\\"tokenID\\\":111,\\\"userID\\\":0,\\\"version\\\":1}"; + "\\\"tokenID\\\":111,\\\"userID\\\":0,\\\"version\\\":1}"); + std::vector permStateListNull; - cmd->FromPermStateListJson(hapTokenJsonNull, permStateListNull); + cmd->FromPermStateListJson(hapTokenJsonNull.get(), permStateListNull); EXPECT_EQ(permStateListNull.size(), 0); - hapTokenJsonNull = "{\\\"bundleName\\\":\\\"\\\"," + hapTokenJsonNull = CreateJsonFromString("{\\\"bundleName\\\":\\\"\\\"," "\\\"instIndex\\\":0,\\\"permState\\\":[{\\\"permissionName\\\":\\\"TEST\\\"}]," - "\\\"tokenAttr\\\":0,\\\"tokenID\\\":111,\\\"userID\\\":0,\\\"version\\\":1}"; - cmd->FromPermStateListJson(hapTokenJsonNull, permStateListNull); + "\\\"tokenAttr\\\":0,\\\"tokenID\\\":111,\\\"userID\\\":0,\\\"version\\\":1}"); + cmd->FromPermStateListJson(hapTokenJsonNull.get(), permStateListNull); EXPECT_EQ(permStateListNull.size(), 0); - hapTokenJsonNull = "{\\\"bundleName\\\":\\\"\\\"," + hapTokenJsonNull = CreateJsonFromString("{\\\"bundleName\\\":\\\"\\\"," "\\\"instIndex\\\":0,\\\"permState\\\":[{\\\"permissionName\\\":\\\"TEST\\\"}]," - "\\\"tokenAttr\\\":0,\\\"tokenID\\\":111,\\\"userID\\\":0,\\\"version\\\":1}"; - cmd->FromPermStateListJson(hapTokenJsonNull, permStateListNull); + "\\\"tokenAttr\\\":0,\\\"tokenID\\\":111,\\\"userID\\\":0,\\\"version\\\":1}"); + cmd->FromPermStateListJson(hapTokenJsonNull.get(), permStateListNull); EXPECT_EQ(permStateListNull.size(), 0); - hapTokenJsonNull = "{\\\"bundleName\\\":\\\"\\\"," + hapTokenJsonNull = CreateJsonFromString("{\\\"bundleName\\\":\\\"\\\"," "\\\"instIndex\\\":0,\\\"permState\\\":[{\\\"permissionName\\\":\\\"TEST\\\", " "\\\"grantStatus\\\":0, \\\"grantFlag\\\":0}],\\\"tokenAttr\\\":0," - "\\\"tokenID\\\":111,\\\"userID\\\":0,\\\"version\\\":1}"; - cmd->FromPermStateListJson(hapTokenJsonNull, permStateListNull); + "\\\"tokenID\\\":111,\\\"userID\\\":0,\\\"version\\\":1}"); + cmd->FromPermStateListJson(hapTokenJsonNull.get(), permStateListNull); EXPECT_EQ(permStateListNull.size(), 0); } diff --git a/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni b/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni index c287774c71b10189ff25eac588dbf07850bbc39a..9555e69e1c49c8f3dcc024ae24536d301b0d881b 100644 --- a/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni +++ b/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni @@ -35,7 +35,7 @@ access_token_include_dirs = [ "${access_token_path}/interfaces/innerkits/tokensync/src", "${access_token_path}/services/common/ability_manager/include", "${access_token_path}/services/common/app_manager/include", - "${access_token_path}/services/common/config_policy/include", + "${access_token_path}/services/common/json_parse/include", "${access_token_path}/services/common/database/include", "${access_token_path}/services/common/handler/include", "${access_token_path}/services/common/random/include", @@ -57,10 +57,12 @@ access_token_deps = [ "${access_token_path}/services/accesstokenmanager:access_token.rc", "${access_token_path}/services/accesstokenmanager/etc:param_files", "${access_token_path}/services/common:accesstoken_service_common", + "${access_token_path}/services/common/json_parse:accesstoken_cjson_utils", ] access_token_external_deps = [ "ability_base:want", + "cJSON:cjson", "c_utils:utils", "device_manager:devicemanagersdk", "dsoftbus:softbus_client", @@ -69,7 +71,6 @@ access_token_external_deps = [ "hitrace:hitrace_meter", "init:libbegetutil", "ipc:ipc_single", - "json:nlohmann_json_static", "openssl:libcrypto_shared", "relational_store:native_rdb", "safwk:system_ability_fwk", @@ -94,7 +95,6 @@ access_token_sources = [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/form_manager/form_status_change_callback.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_definition_parser.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_grant_event.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp", @@ -105,7 +105,6 @@ access_token_sources = [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp", ] token_sync_sources = [ @@ -132,10 +131,7 @@ access_token_cflags_cc = [ "-DHILOG_ENABLE" ] if (dlp_permission_enable == true) { access_token_cflags_cc += [ "-DSUPPORT_SANDBOX_APP" ] - access_token_sources += [ - "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/dlp_permission_set_manager.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/dlp_permission_set_parser.cpp", - ] + access_token_sources += [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/dlp_permission_set_manager.cpp" ] } if (hicollie_enable == true) { diff --git a/test/fuzztest/services/privacy/privacy_service_fuzz.gni b/test/fuzztest/services/privacy/privacy_service_fuzz.gni index f8bcdfa4f10f0f5c033ca56a51a7f56a3aae6c01..1e574a97edba9a3a0b240834ea8ec59c5ae873cf 100644 --- a/test/fuzztest/services/privacy/privacy_service_fuzz.gni +++ b/test/fuzztest/services/privacy/privacy_service_fuzz.gni @@ -32,12 +32,13 @@ privacy_include_dirs = [ "${access_token_path}/services/privacymanager/include/sensitive/audio_manager/", "${access_token_path}/services/privacymanager/include/sensitive/camera_manager/", "${access_token_path}/services/common/app_manager/include", - "${access_token_path}/services/common/config_policy/include", + "${access_token_path}/services/common/json_parse/include", "${access_token_path}/services/common/database/include", "${access_token_path}/services/common/libraryloader/include", "${access_token_path}/services/common/screenlock_manager/include", "${access_token_path}/services/common/utils/include", "${access_token_path}/test/fuzztest/common", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/token", ] privacy_deps = [