diff --git a/frameworks/accesstoken/include/permission_def_parcel.h b/frameworks/accesstoken/include/permission_def_parcel.h index c509deb9167cc207010e5d44fd18c53477f889ec..5b6d543eb4dcb693127bd1a7a51cc5a390781fe5 100644 --- a/frameworks/accesstoken/include/permission_def_parcel.h +++ b/frameworks/accesstoken/include/permission_def_parcel.h @@ -31,7 +31,7 @@ struct PermissionDefParcel final : public Parcelable { static PermissionDefParcel *Unmarshalling(Parcel &in); - PermissionDef permissionDef; + PermissionDefData permissionDef; }; } // namespace AccessToken } // namespace Security diff --git a/frameworks/accesstoken/src/hap_policy_parcel.cpp b/frameworks/accesstoken/src/hap_policy_parcel.cpp index 2f97c490c1e1e5e56af4d911ebb7765919810f9a..93d9fa174b22c4c7cba82ea2c784e0e85d43bd13 100644 --- a/frameworks/accesstoken/src/hap_policy_parcel.cpp +++ b/frameworks/accesstoken/src/hap_policy_parcel.cpp @@ -30,7 +30,7 @@ bool HapPolicyParcel::Marshalling(Parcel& out) const RETURN_IF_FALSE(out.WriteInt32(this->hapPolicy.apl)); RETURN_IF_FALSE(out.WriteString(this->hapPolicy.domain)); - const std::vector& permList = this->hapPolicy.permList; + const std::vector& permList = this->hapPolicy.permList; uint32_t permListSize = permList.size(); RETURN_IF_FALSE(out.WriteUint32(permListSize)); diff --git a/frameworks/accesstoken/src/permission_def_parcel.cpp b/frameworks/accesstoken/src/permission_def_parcel.cpp index 94226a443bb58dd5feee8f55317f45814dc4eb89..aa10e12984cd9635ef7052a63327abbea538c305 100644 --- a/frameworks/accesstoken/src/permission_def_parcel.cpp +++ b/frameworks/accesstoken/src/permission_def_parcel.cpp @@ -24,14 +24,11 @@ namespace AccessToken { bool PermissionDefParcel::Marshalling(Parcel& out) const { RETURN_IF_FALSE(out.WriteString(this->permissionDef.permissionName)); - RETURN_IF_FALSE(out.WriteString(this->permissionDef.bundleName)); RETURN_IF_FALSE(out.WriteInt32(this->permissionDef.grantMode)); RETURN_IF_FALSE(out.WriteInt32(this->permissionDef.availableLevel)); RETURN_IF_FALSE(out.WriteBool(this->permissionDef.provisionEnable)); RETURN_IF_FALSE(out.WriteBool(this->permissionDef.distributedSceneEnable)); - RETURN_IF_FALSE(out.WriteString(this->permissionDef.label)); RETURN_IF_FALSE(out.WriteInt32(this->permissionDef.labelId)); - RETURN_IF_FALSE(out.WriteString(this->permissionDef.description)); RETURN_IF_FALSE(out.WriteInt32(this->permissionDef.descriptionId)); RETURN_IF_FALSE(out.WriteInt32(this->permissionDef.availableType)); return true; @@ -45,8 +42,9 @@ PermissionDefParcel* PermissionDefParcel::Unmarshalling(Parcel& in) } permissionDefParcel->permissionDef.permissionName = in.ReadString(); - permissionDefParcel->permissionDef.bundleName = in.ReadString(); - RELEASE_IF_FALSE(in.ReadInt32(permissionDefParcel->permissionDef.grantMode), permissionDefParcel); + int grantMode; + RELEASE_IF_FALSE(in.ReadInt32(grantMode), permissionDefParcel); + permissionDefParcel->permissionDef.grantMode = static_cast(grantMode); int level; RELEASE_IF_FALSE(in.ReadInt32(level), permissionDefParcel); @@ -54,9 +52,7 @@ PermissionDefParcel* PermissionDefParcel::Unmarshalling(Parcel& in) RELEASE_IF_FALSE(in.ReadBool(permissionDefParcel->permissionDef.provisionEnable), permissionDefParcel); RELEASE_IF_FALSE(in.ReadBool(permissionDefParcel->permissionDef.distributedSceneEnable), permissionDefParcel); - permissionDefParcel->permissionDef.label = in.ReadString(); RELEASE_IF_FALSE(in.ReadInt32(permissionDefParcel->permissionDef.labelId), permissionDefParcel); - permissionDefParcel->permissionDef.description = in.ReadString(); RELEASE_IF_FALSE(in.ReadInt32(permissionDefParcel->permissionDef.descriptionId), permissionDefParcel); int32_t availableType; RELEASE_IF_FALSE(in.ReadInt32(availableType), permissionDefParcel); diff --git a/frameworks/common/include/data_validator.h b/frameworks/common/include/data_validator.h index 1ee7c352ee08782044319947c57ed8172b7f9f88..4e7015b954560379c707f090fe3b14ce949eb9a9 100644 --- a/frameworks/common/include/data_validator.h +++ b/frameworks/common/include/data_validator.h @@ -43,10 +43,6 @@ public: static bool IsProcessNameValid(const std::string& processName); static bool IsDeviceIdValid(const std::string& deviceId); - - static bool IsLabelValid(const std::string& label); - - static bool IsDescValid(const std::string& desc); static bool IsPermissionFlagValid(uint32_t flag); static bool IsDcapValid(const std::string& dcap); static bool IsTokenIDValid(AccessTokenID id); diff --git a/frameworks/common/src/data_validator.cpp b/frameworks/common/src/data_validator.cpp index 22fa6eea2891b6f14f6f4bf8b58e8e50db30f941..bef15344c378972b02435d89bad02c8f947d5025 100644 --- a/frameworks/common/src/data_validator.cpp +++ b/frameworks/common/src/data_validator.cpp @@ -30,16 +30,6 @@ bool DataValidator::IsBundleNameValid(const std::string& bundleName) return !bundleName.empty() && (bundleName.length() <= MAX_LENGTH); } -bool DataValidator::IsLabelValid(const std::string& label) -{ - return label.length() <= MAX_LENGTH; -} - -bool DataValidator::IsDescValid(const std::string& desc) -{ - return desc.length() <= MAX_LENGTH; -} - bool DataValidator::IsPermissionNameValid(const std::string& permissionName) { if (permissionName.empty() || (permissionName.length() > MAX_LENGTH)) { diff --git a/frameworks/test/unittest/accesstoken_parcel_test.cpp b/frameworks/test/unittest/accesstoken_parcel_test.cpp index ebafe0eb737d453bd0fafb944f36f45a3fd75c48..67602d41629b5d385c539eaf411c53ad525499f7 100644 --- a/frameworks/test/unittest/accesstoken_parcel_test.cpp +++ b/frameworks/test/unittest/accesstoken_parcel_test.cpp @@ -43,24 +43,18 @@ static const std::string TEST_PERMISSION_NAME_BETA = "ohos.permission.BETA"; static constexpr AccessTokenID TEST_TOKEN_ID = 10002; static constexpr int32_t TEST_PERMSTATE_CHANGE_TYPE = 10001; -PermissionDef g_permDefAlpha = { +PermissionDefData g_permDefAlpha = { .permissionName = TEST_PERMISSION_NAME_ALPHA, - .bundleName = "accesstoken_test", - .grantMode = 1, + .grantMode = GrantMode::USER_GRANT, .availableLevel = APL_NORMAL, - .label = "label", .labelId = 1, - .description = "annoying", .descriptionId = 1 }; -PermissionDef g_permDefBeta = { +PermissionDefData g_permDefBeta = { .permissionName = TEST_PERMISSION_NAME_BETA, - .bundleName = "accesstoken_test", - .grantMode = 1, + .grantMode = GrantMode::USER_GRANT, .availableLevel = APL_NORMAL, - .label = "label", .labelId = 1, - .description = "so trouble", .descriptionId = 1 }; @@ -152,18 +146,12 @@ HWTEST_F(AccessTokenParcelTest, HapPolicyParcel001, TestSize.Level1) for (uint32_t i = 0; i < hapPolicyParcel.hapPolicy.permList.size(); i++) { EXPECT_EQ(hapPolicyParcel.hapPolicy.permList[i].permissionName, readedData->hapPolicy.permList[i].permissionName); - EXPECT_EQ(hapPolicyParcel.hapPolicy.permList[i].bundleName, - readedData->hapPolicy.permList[i].bundleName); EXPECT_EQ(hapPolicyParcel.hapPolicy.permList[i].grantMode, readedData->hapPolicy.permList[i].grantMode); EXPECT_EQ(hapPolicyParcel.hapPolicy.permList[i].availableLevel, readedData->hapPolicy.permList[i].availableLevel); - EXPECT_EQ(hapPolicyParcel.hapPolicy.permList[i].label, - readedData->hapPolicy.permList[i].label); EXPECT_EQ(hapPolicyParcel.hapPolicy.permList[i].labelId, readedData->hapPolicy.permList[i].labelId); - EXPECT_EQ(hapPolicyParcel.hapPolicy.permList[i].description, - readedData->hapPolicy.permList[i].description); EXPECT_EQ(hapPolicyParcel.hapPolicy.permList[i].descriptionId, readedData->hapPolicy.permList[i].descriptionId); } diff --git a/interfaces/innerkits/accesstoken/include/hap_token_info.h b/interfaces/innerkits/accesstoken/include/hap_token_info.h index 0f090e7561103f9353596d1ff8ab9333d0bf3686..7081b2c84d6931bfe9f60ee03dd4089c068787fd 100644 --- a/interfaces/innerkits/accesstoken/include/hap_token_info.h +++ b/interfaces/innerkits/accesstoken/include/hap_token_info.h @@ -196,7 +196,7 @@ public: */ ATokenAplEnum apl; std::string domain; - std::vector permList; + std::vector permList; std::vector permStateList; std::vector aclRequestedList; std::vector preAuthorizationInfo; diff --git a/interfaces/innerkits/accesstoken/include/permission_def.h b/interfaces/innerkits/accesstoken/include/permission_def.h index 811e97999eb822da66834a8ea8fb1a8b6ded0a3f..34d2187b3e53fb0e5e4aee572e302d70a7006d4a 100644 --- a/interfaces/innerkits/accesstoken/include/permission_def.h +++ b/interfaces/innerkits/accesstoken/include/permission_def.h @@ -81,8 +81,24 @@ public: */ class PermissionDefData final { public: - AccessTokenID tokenId; - PermissionDef permDef; + /** permission name */ + std::string permissionName; + /** + * grant mode, for details about the valid values, + * see the definition of GrantMode in the access_token.h file. + */ + GrantMode grantMode; + /** which SDK version can use this permission to develop app */ + ATokenAplEnum availableLevel; + /** indicats whether this permission can be access control list permission */ + bool provisionEnable; + /** + * indicates whether the distributed scene can use this permission or not + */ + bool distributedSceneEnable; + int labelId = 0; + int descriptionId = 0; + ATokenAvailableTypeEnum availableType = NORMAL; }; } // namespace AccessToken } // namespace Security diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp index 1ee63594d9c5c7b39f2557382165afbe3e42e250..d52b89b5b190ce9a1be980e98374aae4d5bf9a20 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp @@ -67,11 +67,27 @@ int AccessTokenKit::GrantPermissionForSpecifiedTime( return AccessTokenManagerClient::GetInstance().GrantPermissionForSpecifiedTime(tokenID, permissionName, onceTime); } +static void ConvertPermissionDefToData(const PermissionDef &def, PermissionDefData& data) +{ + data.permissionName = def.permissionName; + data.grantMode = static_cast(def.grantMode); + data.availableLevel = def.availableLevel; + data.provisionEnable = def.provisionEnable; + data.distributedSceneEnable = def.distributedSceneEnable; + data.labelId = def.labelId; + data.descriptionId = def.descriptionId; + data.availableType = def.availableType; +} + static void TransferHapPolicyParams(const HapPolicyParams& policyIn, HapPolicy& policyOut) { policyOut.apl = policyIn.apl; policyOut.domain = policyIn.domain; - policyOut.permList.assign(policyIn.permList.begin(), policyIn.permList.end()); + for (const auto& permDef : policyIn.permList) { + PermissionDefData data; + ConvertPermissionDefToData(permDef, data); + policyOut.permList.emplace_back(data); + } policyOut.aclRequestedList.assign(policyIn.aclRequestedList.begin(), policyIn.aclRequestedList.end()); policyOut.preAuthorizationInfo.assign(policyIn.preAuthorizationInfo.begin(), policyIn.preAuthorizationInfo.end()); for (const auto& perm : policyIn.permStateList) { @@ -404,6 +420,18 @@ int AccessTokenKit::VerifyAccessToken(AccessTokenID tokenID, const std::vector(data.grantMode); + def.availableLevel = data.availableLevel; + def.provisionEnable = data.provisionEnable; + def.distributedSceneEnable = data.distributedSceneEnable; + def.labelId = data.labelId; + def.descriptionId = data.descriptionId; + def.availableType = data.availableType; +} + int AccessTokenKit::GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult) { LOGD(ATM_DOMAIN, ATM_TAG, "PermissionName=%{public}s.", permissionName.c_str()); @@ -412,7 +440,9 @@ int AccessTokenKit::GetDefPermission(const std::string& permissionName, Permissi return AccessTokenError::ERR_PARAM_INVALID; } - int ret = AccessTokenManagerClient::GetInstance().GetDefPermission(permissionName, permissionDefResult); + PermissionDefData data; + int ret = AccessTokenManagerClient::GetInstance().GetDefPermission(permissionName, data); + ConvertPermissionDataToDef(data, permissionDefResult); LOGD(ATM_DOMAIN, ATM_TAG, "GetDefPermission bundleName = %{public}s", permissionDefResult.bundleName.c_str()); return ret; diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp index 66df084ada76083ba6816493658086196b035bdc..a83a56f4e41b5d14624a7c7c70b715ee3ecf342f 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp @@ -103,7 +103,7 @@ int AccessTokenManagerClient::VerifyAccessToken(AccessTokenID tokenID, } int AccessTokenManagerClient::GetDefPermission( - const std::string& permissionName, PermissionDef& permissionDefResult) + const std::string& permissionName, PermissionDefData& permissionDefResult) { auto proxy = GetProxy(); if (proxy == nullptr) { @@ -116,6 +116,18 @@ int AccessTokenManagerClient::GetDefPermission( return result; } +static void ConvertPermissionDataToDef(const PermissionDefData& data, PermissionDef &def) +{ + def.permissionName = data.permissionName; + def.grantMode = static_cast(data.grantMode); + def.availableLevel = data.availableLevel; + def.provisionEnable = data.provisionEnable; + def.distributedSceneEnable = data.distributedSceneEnable; + def.labelId = data.labelId; + def.descriptionId = data.descriptionId; + def.availableType = data.availableType; +} + int AccessTokenManagerClient::GetDefPermissions(AccessTokenID tokenID, std::vector& permList) { auto proxy = GetProxy(); @@ -126,7 +138,8 @@ int AccessTokenManagerClient::GetDefPermissions(AccessTokenID tokenID, std::vect std::vector parcelList; int result = proxy->GetDefPermissions(tokenID, parcelList); for (const auto& permParcel : parcelList) { - PermissionDef perm = permParcel.permissionDef; + PermissionDef perm; + ConvertPermissionDataToDef(permParcel.permissionDef, perm); permList.emplace_back(perm); } return result; diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h index c185a95f6f33a1fa0087c19d85f1ccbb7edc032f..2cec3e0610a6bed6be901500602bf7d215fc48b1 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h @@ -52,7 +52,7 @@ public: int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName); int VerifyAccessToken(AccessTokenID tokenID, const std::vector& permissionList, std::vector& permStateList); - int GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult); + int GetDefPermission(const std::string& permissionName, PermissionDefData& permissionDefResult); int GetDefPermissions(AccessTokenID tokenID, std::vector& permList); int GetReqPermissions( AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant); diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/delete_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/delete_token_test.cpp index 1a8a7a94206f6ca42520850f8b8eec4d36cae554..2d4567bf92b6cc716961262974d7796557e7f368 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/delete_token_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/delete_token_test.cpp @@ -101,32 +101,6 @@ void DeleteTokenTest::TearDown() { } -/** - * @tc.name: DeleteTokenFuncTest001 - * @tc.desc: Cannot get permission definition info after DeleteToken function has been invoked. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(DeleteTokenTest, DeleteTokenFuncTest001, TestSize.Level1) -{ - LOGI(ATM_DOMAIN, ATM_TAG, "DeleteTokenFuncTest001"); - - AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); - ASSERT_NE(INVALID_TOKENID, tokenID); - - PermissionDef permDefResultAlpha; - int ret = AccessTokenKit::GetDefPermission("ohos.permission.ALPHA", permDefResultAlpha); - ASSERT_EQ("ohos.permission.ALPHA", permDefResultAlpha.permissionName); - ASSERT_EQ(RET_SUCCESS, ret); - - ret = AccessTokenKit::DeleteToken(tokenID); - ASSERT_EQ(RET_SUCCESS, ret); - - PermissionDef defResult; - ret = AccessTokenKit::GetDefPermission("ohos.permission.ALPHA", defResult); - ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret); -} - /** * @tc.name: DeleteTokenFuncTest002 * @tc.desc: Cannot get haptoken info after DeleteToken function has been invoked. diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/get_permission_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/get_permission_test.cpp index 927de028f11451060e43c2c202e68bb51dc0cd00..0ab385ce88a0c14bcb38592d163992d7a694b356 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/get_permission_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/get_permission_test.cpp @@ -35,7 +35,6 @@ namespace AccessToken { namespace { static AccessTokenID g_selfTokenId = 0; static const std::string TEST_BUNDLE_NAME = "ohos"; -static const int INVALID_PERMNAME_LEN = 260; static const unsigned int TEST_TOKENID_INVALID = 0; static const int CYCLE_TIMES = 100; static const int TEST_USER_ID = 0; @@ -190,88 +189,6 @@ HWTEST_F(GetPermissionTest, GetPermissionUsedTypeFuncTest001, TestSize.Level1) ASSERT_EQ(0, SetSelfTokenID(g_selfTokenId)); } -/** - * @tc.name: GetDefPermissionFuncTest001 - * @tc.desc: Get permission definition info after AllocHapToken function has been invoked. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(GetPermissionTest, GetDefPermissionFuncTest001, TestSize.Level1) -{ - LOGI(ATM_DOMAIN, ATM_TAG, "GetDefPermissionFuncTest001"); - - PermissionDef permDefResultAlpha; - int ret = AccessTokenKit::GetDefPermission("ohos.permission.ALPHA", permDefResultAlpha); - ASSERT_EQ(RET_SUCCESS, ret); - ASSERT_EQ("ohos.permission.ALPHA", permDefResultAlpha.permissionName); - - PermissionDef permDefResultBeta; - ret = AccessTokenKit::GetDefPermission("ohos.permission.BETA", permDefResultBeta); - ASSERT_EQ(RET_SUCCESS, ret); - ASSERT_EQ("ohos.permission.BETA", permDefResultBeta.permissionName); -} - -/** - * @tc.name: GetDefPermissionAbnormalTest001 - * @tc.desc: Get permission definition info that permission is invalid. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(GetPermissionTest, GetDefPermissionAbnormalTest001, TestSize.Level1) -{ - LOGI(ATM_DOMAIN, ATM_TAG, "GetDefPermissionAbnormalTest001"); - - PermissionDef permDefResult; - int ret = AccessTokenKit::GetDefPermission("ohos.permission.GAMMA", permDefResult); - ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret); - - ret = AccessTokenKit::GetDefPermission("", permDefResult); - ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); - - std::string invalidPerm(INVALID_PERMNAME_LEN, 'a'); - ret = AccessTokenKit::GetDefPermission(invalidPerm, permDefResult); - ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); -} - -/** - * @tc.name: GetDefPermissionSpecTest001 - * @tc.desc: GetDefPermission is invoked multiple times. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(GetPermissionTest, GetDefPermissionSpecTest001, TestSize.Level0) -{ - LOGI(ATM_DOMAIN, ATM_TAG, "GetDefPermissionSpecTest001"); - - for (int j = 0; j < CYCLE_TIMES; j++) { - PermissionDef permDefResultAlpha; - int32_t ret = AccessTokenKit::GetDefPermission("ohos.permission.ALPHA", permDefResultAlpha); - ASSERT_EQ(RET_SUCCESS, ret); - ASSERT_EQ("ohos.permission.ALPHA", permDefResultAlpha.permissionName); - } -} - -/** - * @tc.name: GetDefPermissionsFuncTest001 - * @tc.desc: Get permission definition info list after AllocHapToken function has been invoked. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(GetPermissionTest, GetDefPermissionsFuncTest001, TestSize.Level1) -{ - LOGI(ATM_DOMAIN, ATM_TAG, "GetDefPermissionsFuncTest001"); - - AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); - ASSERT_NE(INVALID_TOKENID, tokenID); - std::vector permDefList; - int ret = AccessTokenKit::GetDefPermissions(tokenID, permDefList); - ASSERT_EQ(RET_SUCCESS, ret); - ASSERT_EQ(static_cast(2), permDefList.size()); - - ret = AccessTokenKit::DeleteToken(tokenID); - ASSERT_EQ(RET_SUCCESS, ret); -} - /** * @tc.name: GetDefPermissionsFuncTest002 * @tc.desc: Get permission definition info list after clear permission definition list @@ -320,27 +237,6 @@ HWTEST_F(GetPermissionTest, GetDefPermissionsAbnormalTest001, TestSize.Level1) ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); } -/** - * @tc.name: GetDefPermissionsSpecTest001 - * @tc.desc: GetDefPermissions is invoked multiple times. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(GetPermissionTest, GetDefPermissionsSpecTest001, TestSize.Level0) -{ - LOGI(ATM_DOMAIN, ATM_TAG, "GetDefPermissionsSpecTest001"); - - AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); - ASSERT_NE(INVALID_TOKENID, tokenID); - for (int i = 0; i < CYCLE_TIMES; i++) { - std::vector permDefList; - int32_t ret = AccessTokenKit::GetDefPermissions(tokenID, permDefList); - ASSERT_EQ(RET_SUCCESS, ret); - ASSERT_EQ(static_cast(2), permDefList.size()); - } - ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); -} - /** * @tc.name: GetReqPermissionsFuncTest001 * @tc.desc: Get user granted permission state info. diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_extension_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_extension_test.cpp index cadd682a047541a08234363ab76e0a9945e7e635..6336f007d9f5ec8141da53968f3982fa4d1d1d9e 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_extension_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_extension_test.cpp @@ -1741,12 +1741,12 @@ HWTEST_F(AccessTokenKitExtensionTest, VerifyAccessToken005, TestSize.Level1) */ HWTEST_F(AccessTokenKitExtensionTest, IsSystemAppByFullTokenIDTest001, TestSize.Level1) { - AccessTokenIDEx tokenIdEx = {0}; - tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestSystemInfoParms, g_infoManagerTestPolicyPrams); + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken( + g_infoManagerTestSystemInfoParms, g_infoManagerTestPolicyPrams); AccessTokenIDEx tokenIdEx1 = AccessTokenKit::GetHapTokenIDEx(1, "accesstoken_test", 0); ASSERT_EQ(tokenIdEx.tokenIDEx, tokenIdEx1.tokenIDEx); - bool res = TokenIdKit::IsSystemAppByFullTokenID(tokenIdEx.tokenIDEx); - ASSERT_EQ(true, res); + ASSERT_EQ(true, TokenIdKit::IsSystemAppByFullTokenID(tokenIdEx.tokenIDEx)); + UpdateHapInfoParams info; info.appIDDesc = g_infoManagerTestSystemInfoParms.appIDDesc; info.apiVersion = g_infoManagerTestSystemInfoParms.apiVersion; @@ -1754,8 +1754,7 @@ HWTEST_F(AccessTokenKitExtensionTest, IsSystemAppByFullTokenIDTest001, TestSize. ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(tokenIdEx, info, g_infoManagerTestPolicyPrams)); tokenIdEx1 = AccessTokenKit::GetHapTokenIDEx(1, "accesstoken_test", 0); ASSERT_EQ(tokenIdEx.tokenIDEx, tokenIdEx1.tokenIDEx); - res = TokenIdKit::IsSystemAppByFullTokenID(tokenIdEx.tokenIDEx); - ASSERT_EQ(false, res); + ASSERT_EQ(false, TokenIdKit::IsSystemAppByFullTokenID(tokenIdEx.tokenIDEx)); } /** diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp index 9f86b5180e9e48026bce7f46bdb9f79786879fd3..a19a92f30f9d52cf20d4e9ab6668b3df6247d3dc 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp @@ -397,52 +397,23 @@ HWTEST_F(AccessTokenKitTest, GetPermissionUsedType002, TestSize.Level1) * @tc.require: Issue Number */ HWTEST_F(AccessTokenKitTest, GetDefPermission001, TestSize.Level1) -{ - PermissionDef permDefResultAlpha; - int ret = AccessTokenKit::GetDefPermission(TEST_PERMISSION_NAME_ALPHA, permDefResultAlpha); - ASSERT_EQ(RET_SUCCESS, ret); - ASSERT_EQ(TEST_PERMISSION_NAME_ALPHA, permDefResultAlpha.permissionName); - - PermissionDef permDefResultBeta; - ret = AccessTokenKit::GetDefPermission(TEST_PERMISSION_NAME_BETA, permDefResultBeta); - ASSERT_EQ(RET_SUCCESS, ret); - ASSERT_EQ(TEST_PERMISSION_NAME_BETA, permDefResultBeta.permissionName); -} - -/** - * @tc.name: GetDefPermission002 - * @tc.desc: Get permission definition info that permission is invalid. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(AccessTokenKitTest, GetDefPermission002, TestSize.Level1) { PermissionDef permDefResult; - int ret = AccessTokenKit::GetDefPermission(TEST_PERMISSION_NAME_GAMMA, permDefResult); - ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret); - ret = AccessTokenKit::GetDefPermission("", permDefResult); - ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); + // permissionName is nullptr + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, AccessTokenKit::GetDefPermission("", permDefResult)); + // permissionName is over 256 size std::string invalidPerm(INVALID_PERMNAME_LEN, 'a'); - ret = AccessTokenKit::GetDefPermission(invalidPerm, permDefResult); - ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); -} + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, AccessTokenKit::GetDefPermission(invalidPerm, permDefResult)); -/** - * @tc.name: GetDefPermission003 - * @tc.desc: GetDefPermission is invoked multiple times. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(AccessTokenKitTest, GetDefPermission003, TestSize.Level0) -{ - for (int j = 0; j < CYCLE_TIMES; j++) { - PermissionDef permDefResultAlpha; - int32_t ret = AccessTokenKit::GetDefPermission(TEST_PERMISSION_NAME_ALPHA, permDefResultAlpha); - ASSERT_EQ(RET_SUCCESS, ret); - ASSERT_EQ(TEST_PERMISSION_NAME_ALPHA, permDefResultAlpha.permissionName); - } + // not exsit permission + ASSERT_EQ(ERR_PERMISSION_NOT_EXIST, AccessTokenKit::GetDefPermission(TEST_PERMISSION_NAME_ALPHA, permDefResult)); + ASSERT_EQ(ERR_PERMISSION_NOT_EXIST, AccessTokenKit::GetDefPermission(TEST_PERMISSION_NAME_BETA, permDefResult)); + ASSERT_EQ(ERR_PERMISSION_NOT_EXIST, AccessTokenKit::GetDefPermission(TEST_PERMISSION_NAME_GAMMA, permDefResult)); + + ASSERT_EQ(0, AccessTokenKit::GetDefPermission("ohos.permission.CAMERA", permDefResult)); + ASSERT_EQ("ohos.permission.CAMERA", permDefResult.permissionName); } /** @@ -454,11 +425,18 @@ HWTEST_F(AccessTokenKitTest, GetDefPermission003, TestSize.Level0) HWTEST_F(AccessTokenKitTest, GetDefPermissions001, TestSize.Level1) { AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + GTEST_LOG_(INFO) << "tokenID :" << tokenID; ASSERT_NE(INVALID_TOKENID, tokenID); + + // only when tokenID is ohos.global.systemres may return permissionDefs std::vector permDefList; - int ret = AccessTokenKit::GetDefPermissions(tokenID, permDefList); - ASSERT_EQ(RET_SUCCESS, ret); - ASSERT_EQ(static_cast(2), permDefList.size()); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetDefPermissions(tokenID, permDefList)); + ASSERT_EQ(static_cast(0), permDefList.size()); + + tokenID = GetAccessTokenID(TEST_USER_ID, SYSTEM_RESOURCE_BUNDLE_NAME, TEST_INST_INDEX); + GTEST_LOG_(INFO) << "tokenID :" << tokenID; + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetDefPermissions(tokenID, permDefList)); + ASSERT_NE(static_cast(0), permDefList.size()); } /** @@ -503,24 +481,6 @@ HWTEST_F(AccessTokenKitTest, GetDefPermissions003, TestSize.Level1) ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); } -/** - * @tc.name: GetDefPermissions004 - * @tc.desc: GetDefPermissions is invoked multiple times. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(AccessTokenKitTest, GetDefPermissions004, TestSize.Level0) -{ - AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); - ASSERT_NE(INVALID_TOKENID, tokenID); - for (int i = 0; i < CYCLE_TIMES; i++) { - std::vector permDefList; - int32_t ret = AccessTokenKit::GetDefPermissions(tokenID, permDefList); - ASSERT_EQ(RET_SUCCESS, ret); - ASSERT_EQ(static_cast(2), permDefList.size()); - } -} - /** * @tc.name: GetReqPermissions001 * @tc.desc: Get user granted permission state info. @@ -1770,28 +1730,6 @@ HWTEST_F(AccessTokenKitTest, GetHapTokenInfo002, TestSize.Level0) ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); } -/** - * @tc.name: DeleteToken001 - * @tc.desc: Cannot get permission definition info after DeleteToken function has been invoked. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(AccessTokenKitTest, DeleteToken001, TestSize.Level1) -{ - AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); - PermissionDef permDefResultAlpha; - int ret = AccessTokenKit::GetDefPermission(TEST_PERMISSION_NAME_ALPHA, permDefResultAlpha); - ASSERT_EQ(TEST_PERMISSION_NAME_ALPHA, permDefResultAlpha.permissionName); - ASSERT_EQ(RET_SUCCESS, ret); - - ret = AccessTokenKit::DeleteToken(tokenID); - ASSERT_EQ(RET_SUCCESS, ret); - - PermissionDef defResult; - ret = AccessTokenKit::GetDefPermission(TEST_PERMISSION_NAME_ALPHA, defResult); - ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret); -} - /** * @tc.name: DeleteToken002 * @tc.desc: Delete invalid tokenID. @@ -2181,28 +2119,24 @@ HWTEST_F(AccessTokenKitTest, AllocHapToken005, TestSize.Level1) { std::string backUpPermission = g_infoManagerTestPolicyPrams.permList[INDEX_ONE].permissionName; std::string bundleNameBackUp = g_infoManagerTestPolicyPrams.permList[INDEX_ONE].bundleName; + std::string labelBackUp = g_infoManagerTestPolicyPrams.permList[INDEX_ONE].label; ATokenAvailableTypeEnum typeBakup = g_infoManagerTestPolicyPrams.permList[INDEX_ONE].availableType; DeleteTestToken(); g_infoManagerTestPolicyPrams.permList[INDEX_ONE].bundleName = "invalid_bundleName"; g_infoManagerTestPolicyPrams.permList[INDEX_ONE].permissionName = "ohos.permission.testtmp01"; g_infoManagerTestPolicyPrams.permList[INDEX_ONE].availableType = MDM; - AccessTokenID tokenID = AllocTestToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); - ASSERT_NE(INVALID_TOKENID, tokenID); + ASSERT_NE(INVALID_TOKENID, AllocTestToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams)); + DeleteTestToken(); + + g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].label = ""; + ASSERT_NE(INVALID_TOKENID, AllocTestToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams)); + DeleteTestToken(); - PermissionDef permDefResult; - int ret = AccessTokenKit::GetDefPermission( - g_infoManagerTestPolicyPrams.permList[INDEX_ONE].permissionName, permDefResult); - ASSERT_EQ(RET_SUCCESS, ret); - ASSERT_EQ(permDefResult.availableType, MDM); - ret = AccessTokenKit::GetDefPermission( - g_infoManagerTestPolicyPrams.permList[INDEX_ONE].permissionName, permDefResult); - ASSERT_EQ(RET_SUCCESS, ret); g_infoManagerTestPolicyPrams.permList[INDEX_ONE].bundleName = bundleNameBackUp; g_infoManagerTestPolicyPrams.permList[INDEX_ONE].permissionName = backUpPermission; g_infoManagerTestPolicyPrams.permList[INDEX_ONE].availableType = typeBakup; - - DeleteTestToken(); + g_infoManagerTestPolicyPrams.permList[INDEX_ONE].label = labelBackUp; } /** @@ -2226,7 +2160,7 @@ HWTEST_F(AccessTokenKitTest, AllocHapToken006, TestSize.Level1) ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); ret = AccessTokenKit::GetDefPermission( g_infoManagerTestPolicyPrams.permList[INDEX_ONE].permissionName, permDefResultBeta); - ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret); g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = backUp; DeleteTestToken(); @@ -2257,7 +2191,7 @@ HWTEST_F(AccessTokenKitTest, AllocHapToken007, TestSize.Level1) ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret); ret = AccessTokenKit::GetDefPermission( g_infoManagerTestPolicyPrams.permList[INDEX_ONE].permissionName, permDefResultBeta); - ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret); g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].bundleName = backUp; g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = backUpPermission; @@ -2288,7 +2222,7 @@ HWTEST_F(AccessTokenKitTest, AllocHapToken008, TestSize.Level1) ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret); ret = AccessTokenKit::GetDefPermission( g_infoManagerTestPolicyPrams.permList[INDEX_ONE].permissionName, permDefResultBeta); - ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret); g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].label = backUp; g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = backUpPermission; @@ -2320,7 +2254,7 @@ HWTEST_F(AccessTokenKitTest, AllocHapToken009, TestSize.Level1) ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret); ret = AccessTokenKit::GetDefPermission( g_infoManagerTestPolicyPrams.permList[INDEX_ONE].permissionName, permDefResultBeta); - ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret); g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].description = backUp; g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = backUpPermission; @@ -2463,38 +2397,13 @@ HWTEST_F(AccessTokenKitTest, AllocHapToken015, TestSize.Level1) ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret); ret = AccessTokenKit::GetDefPermission( g_infoManagerTestPolicyPrams.permList[INDEX_ONE].permissionName, permDefResultBeta); - ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret); g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].bundleName = backup; g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = backUpPermission; DeleteTestToken(); } -/** - * @tc.name: AllocHapToken016 - * @tc.desc: can alloc a tokenId with label as "". - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(AccessTokenKitTest, AllocHapToken016, TestSize.Level1) -{ - std::string backup = g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].label; - std::string backUpPermission = g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName; - - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].label = ""; - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = "ohos.permission.testtmp06"; - AllocTestToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); - - PermissionDef permDefResult; - int ret = AccessTokenKit::GetDefPermission( - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName, permDefResult); - ASSERT_EQ(ret, RET_SUCCESS); - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].label = backup; - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = backUpPermission; - - DeleteTestToken(); -} - /** * @tc.name: AllocHapToken017 * @tc.desc: cannot alloc a tokenId with invalid permdef. @@ -2513,7 +2422,7 @@ HWTEST_F(AccessTokenKitTest, AllocHapToken017, TestSize.Level1) PermissionDef permDefResult; int ret = AccessTokenKit::GetDefPermission( g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName, permDefResult); - ASSERT_EQ(ret, RET_SUCCESS); + ASSERT_EQ(ret, ERR_PERMISSION_NOT_EXIST); g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].description = backupDec; g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = backUpPermission; @@ -2624,22 +2533,15 @@ HWTEST_F(AccessTokenKitTest, AllocHapToken019, TestSize.Level1) */ HWTEST_F(AccessTokenKitTest, AvailableType001, TestSize.Level1) { - AccessTokenID tokenID = AllocTestToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); - ASSERT_NE(INVALID_TOKENID, tokenID); + PermissionDef permDef; - // test MDM permission - std::string permission = g_infoManagerTestPermDef1.permissionName; - ATokenAvailableTypeEnum type = g_infoManagerTestPermDef1.availableType; - PermissionDef permDef1; - ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetDefPermission(permission, permDef1)); - ASSERT_EQ(permDef1.availableType, type); + // test NORMAL permission + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetDefPermission("ohos.permission.CAMERA", permDef)); + ASSERT_EQ(permDef.availableType, ATokenAvailableTypeEnum::NORMAL); - // test NORMAL permission(default) - permission = g_infoManagerTestPermDef2.permissionName; - type = g_infoManagerTestPermDef2.availableType; - PermissionDef permDef2; - ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetDefPermission(permission, permDef2)); - ASSERT_EQ(permDef2.availableType, type); + // test MDM permission + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetDefPermission("ohos.permission.ENTERPRISE_MANAGE_WIFI", permDef)); + ASSERT_EQ(permDef.availableType, ATokenAvailableTypeEnum::MDM); } /** @@ -2684,10 +2586,10 @@ HWTEST_F(AccessTokenKitTest, UpdateHapToken001, TestSize.Level1) */ HWTEST_F(AccessTokenKitTest, UpdateHapToken002, TestSize.Level1) { - AccessTokenIDEx tokenIdEx = { - .tokenIdExStruct.tokenID = TEST_TOKENID_INVALID, - .tokenIdExStruct.tokenAttr = 0, - }; + AccessTokenIDEx tokenIdEx = {}; + tokenIdEx.tokenIdExStruct.tokenID = TEST_TOKENID_INVALID; + tokenIdEx.tokenIdExStruct.tokenAttr = 0; + UpdateHapInfoParams info; info.appIDDesc = "appIDDesc"; info.apiVersion = DEFAULT_API_VERSION; @@ -2800,7 +2702,7 @@ HWTEST_F(AccessTokenKitTest, UpdateHapToken005, TestSize.Level1) ASSERT_EQ(RET_SUCCESS, ret); ret = AccessTokenKit::GetDefPermission( g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName, permDefResult); - ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret); g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].label = backup; g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = backUpPermission; @@ -2811,7 +2713,7 @@ HWTEST_F(AccessTokenKitTest, UpdateHapToken005, TestSize.Level1) ASSERT_EQ(RET_SUCCESS, ret); ret = AccessTokenKit::GetDefPermission( g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName, permDefResult); - ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret); g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].description = backup; g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = backUpPermission; @@ -2856,10 +2758,9 @@ HWTEST_F(AccessTokenKitTest, UpdateHapToken006, TestSize.Level1) info.appDistributionType = "enterprise_mdm"; info.isSystemApp = false; for (size_t i = 0; i < obj.size(); i++) { - AccessTokenIDEx idEx = { - .tokenIdExStruct.tokenID = obj[i], - .tokenIdExStruct.tokenAttr = 0, - }; + AccessTokenIDEx idEx = {}; + idEx.tokenIdExStruct.tokenID = obj[i]; + idEx.tokenIdExStruct.tokenAttr = 0; int ret = AccessTokenKit::UpdateHapToken(idEx, info, g_infoManagerTestPolicyPrams); if (RET_SUCCESS != ret) { updateFlag = 1; @@ -2913,13 +2814,9 @@ HWTEST_F(AccessTokenKitTest, UpdateHapToken007, TestSize.Level1) GTEST_LOG_(INFO) << "permissionName :" << g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName; - ret = AccessTokenKit::GetDefPermission("ohos.permission.test3", permDefResult); - if (ret != RET_SUCCESS) { - ret = AccessTokenKit::DeleteToken(tokenID); - ASSERT_EQ(RET_SUCCESS, ret); - } - ASSERT_EQ(RET_SUCCESS, ret); - ASSERT_EQ("ohos.permission.test3", permDefResult.permissionName); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, AccessTokenKit::GetDefPermission( + "ohos.permission.test3", permDefResult)); + ASSERT_EQ("", permDefResult.permissionName); ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); } @@ -2944,12 +2841,9 @@ HWTEST_F(AccessTokenKitTest, UpdateHapToken008, TestSize.Level1) PermissionDef permDefResult; /* check permission define before update */ - ret = AccessTokenKit::GetDefPermission( - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName, permDefResult); - ASSERT_EQ(RET_SUCCESS, ret); - ASSERT_EQ(g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName, permDefResult.permissionName); - ASSERT_EQ(g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].label, permDefResult.label); - ASSERT_EQ(g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].grantMode, permDefResult.grantMode); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, AccessTokenKit::GetDefPermission( + g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName, permDefResult)); + ASSERT_EQ("", permDefResult.permissionName); g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].grantMode = 0; g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].label = "updated label"; @@ -2964,10 +2858,8 @@ HWTEST_F(AccessTokenKitTest, UpdateHapToken008, TestSize.Level1) /* check permission define after update */ ret = AccessTokenKit::GetDefPermission( g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName, permDefResult); - ASSERT_EQ(RET_SUCCESS, ret); - ASSERT_EQ(g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName, permDefResult.permissionName); - ASSERT_EQ(g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].label, permDefResult.label); - ASSERT_EQ(g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].grantMode, permDefResult.grantMode); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret); + ASSERT_EQ("", permDefResult.permissionName); g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].label = backupLable; g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].grantMode = backupMode; diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.h b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.h index 892e41259aefb8636df6bf28394ef7f6ca8db296..cf4e10daf6a19fb7adfec812b1751ca0b7d1fffc 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.h +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.h @@ -27,22 +27,24 @@ namespace OHOS { namespace Security { namespace AccessToken { static const std::string TEST_BUNDLE_NAME = "ohos"; +static const std::string SYSTEM_RESOURCE_BUNDLE_NAME = "ohos.global.systemres"; static const std::string TEST_PERMISSION_NAME_ALPHA = "ohos.permission.ALPHA"; static const std::string TEST_PERMISSION_NAME_BETA = "ohos.permission.BETA"; static const std::string TEST_PERMISSION_NAME_GAMMA = "ohos.permission.GAMMA"; static const std::string TEST_PKG_NAME = "com.softbus.test"; -static const int TEST_USER_ID = 0; -static const int TEST_USER_ID_INVALID = -1; -static const unsigned int TEST_TOKENID_INVALID = 0; -static const int INVALID_BUNDLENAME_LEN = 260; -static const int INVALID_APPIDDESC_LEN = 10244; -static const int INVALID_LABEL_LEN = 260; -static const int INVALID_DESCRIPTION_LEN = 260; -static const int INVALID_PERMNAME_LEN = 260; -static const int CYCLE_TIMES = 100; -static const int THREAD_NUM = 3; -static const int INVALID_DCAP_LEN = 1025; -static const int INVALID_DLP_TYPE = 4; +static constexpr int TEST_USER_ID = 0; +static constexpr int TEST_INST_INDEX = 0; +static constexpr int TEST_USER_ID_INVALID = -1; +static constexpr unsigned int TEST_TOKENID_INVALID = 0; +static constexpr int INVALID_BUNDLENAME_LEN = 260; +static constexpr int INVALID_APPIDDESC_LEN = 10244; +static constexpr int INVALID_LABEL_LEN = 260; +static constexpr int INVALID_DESCRIPTION_LEN = 260; +static constexpr int INVALID_PERMNAME_LEN = 260; +static constexpr int CYCLE_TIMES = 100; +static constexpr int THREAD_NUM = 3; +static constexpr int INVALID_DCAP_LEN = 1025; +static constexpr int INVALID_DLP_TYPE = 4; class AccessTokenKitTest : public testing::Test { public: static void SetUpTestCase(); diff --git a/services/accesstokenmanager/main/cpp/include/database/data_translator.h b/services/accesstokenmanager/main/cpp/include/database/data_translator.h index 1c694c3c2b936879063e603211a089a090506e5d..2f0c75ee9b4b38292f969302d494f438dc6750e4 100644 --- a/services/accesstokenmanager/main/cpp/include/database/data_translator.h +++ b/services/accesstokenmanager/main/cpp/include/database/data_translator.h @@ -27,8 +27,8 @@ namespace Security { namespace AccessToken { class DataTranslator final { public: - static int TranslationIntoGenericValues(const PermissionDef& inPermissionDef, GenericValues& outGenericValues); - static int TranslationIntoPermissionDef(const GenericValues& inGenericValues, PermissionDef& outPermissionDef); + static int TranslationIntoGenericValues(const PermissionDefData& inPermissionDef, GenericValues& outGenericValues); + static int TranslationIntoPermissionDef(const GenericValues& inGenericValues, PermissionDefData& outPermissionDef); static int TranslationIntoGenericValues(const PermissionStatus& inPermissionState, GenericValues& outGenericValues); static int TranslationIntoPermissionStatus(const GenericValues& inGenericValues, diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h b/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h index d387721ecec6638ba368fb0ab2d26857d2902b7d..17124a2503364bcca678b71f4d8aac2163e6d60f 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h @@ -34,13 +34,11 @@ public: virtual ~PermissionDefinitionCache(); - bool Insert(const PermissionDef& info, AccessTokenID tokenId); + bool Insert(const PermissionDefData& info); - bool Update(const PermissionDef& info, AccessTokenID tokenId); + bool Update(const PermissionDefData& info); - void DeleteByToken(AccessTokenID tokenId); - - int FindByPermissionName(const std::string& permissionName, PermissionDef& info); + int FindByPermissionName(const std::string& permissionName, PermissionDefData& info); bool IsSystemGrantedPermission(const std::string& permissionName); @@ -52,9 +50,7 @@ public: void StorePermissionDef(std::vector& valueList); - void StorePermissionDef(AccessTokenID tokenID, std::vector& valueList); - - void GetDefPermissionsByTokenId(std::vector& permList, AccessTokenID tokenId); + void GetDefPermissions(std::vector& permList); int32_t RestorePermDefInfo(std::vector& permDefRes); diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h index 1b11210d4fdef7d4aa9dc052cfdcefff7ad190ae..ece46191b77f3c200be38e63a2e6c2e6a7c233ab 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h @@ -58,13 +58,12 @@ public: void RegisterApplicationCallback(); void RegisterAppManagerDeathCallback(); - void AddDefPermissions(const std::vector& permList, AccessTokenID tokenId, - bool updateFlag); + void AddDefPermissions(const std::vector& permList, bool updateFlag); void RemoveDefPermissions(AccessTokenID tokenID); int VerifyHapAccessToken(AccessTokenID tokenID, const std::string& permissionName); PermUsedTypeEnum GetPermissionUsedType(AccessTokenID tokenID, const std::string& permissionName); - int GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult); - void GetDefPermissions(AccessTokenID tokenID, std::vector& permList); + int GetDefPermission(const std::string& permissionName, PermissionDefData& permissionDefResult); + void GetDefPermissions(AccessTokenID tokenID, std::vector& permList); int GetReqPermissions( AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant); int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag); @@ -103,6 +102,7 @@ public: std::vector& stateListAfter, std::vector& stateChangeList); void NotifyUpdatedPermList(const std::vector& grantedPermListBefore, const std::vector& grantedPermListAfter, AccessTokenID tokenID); + bool IsSystemResource(const std::string& bundleName); protected: static void RegisterImpl(PermissionManager* implInstance); diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_validator.h b/services/accesstokenmanager/main/cpp/include/permission/permission_validator.h index aec8b663e3de759a952c71c17cf79e365ea5a105..34d919ba9f1b334e504a4f0183895f8d38326e73 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_validator.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_validator.h @@ -31,10 +31,10 @@ public: static bool IsUserIdValid(const int32_t userID); static bool IsToggleStatusValid(const uint32_t status); static bool IsPermissionFlagValid(uint32_t flag); - static bool IsPermissionDefValid(const PermissionDef& permDef); + static bool IsPermissionDefValid(const PermissionDefData& permDef); static bool IsPermissionStateValid(const PermissionStatus& permState); static void FilterInvalidPermissionDef( - const std::vector& permList, std::vector& result); + const std::vector& permList, std::vector& result); static void FilterInvalidPermissionState(ATokenTypeEnum tokenType, bool doPermAvailableCheck, const std::vector& permList, std::vector& result); static bool IsGrantModeValid(int grantMode); diff --git a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h index c01a2ebcc0b8ab03469ec321f9f10fbcadf1b98a..57bd434cc9713527f3ac633ee31da1c1c580401f 100644 --- a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h +++ b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h @@ -61,7 +61,7 @@ public: AccessTokenID AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID); int32_t UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, const std::vector& permStateList, ATokenAplEnum apl, - const std::vector& permList); + const std::vector& permList); void DumpTokenInfo(const AtmToolsParamInfo& info, std::string& dumpInfo); bool IsTokenIdExist(AccessTokenID id); AccessTokenID GetNativeTokenId(const std::string& processName); @@ -109,7 +109,7 @@ private: std::string GetHapUniqueStr(const int& userID, const std::string& bundleName, const int& instIndex) const; int AddHapTokenInfoToDb(const std::shared_ptr& hapInfo, const std::string& appId, ATokenAplEnum apl, bool isUpdate); - int RemoveHapTokenInfoFromDb(AccessTokenID tokenID); + int RemoveHapTokenInfoFromDb(const std::shared_ptr& info); int CreateRemoteHapTokenInfo(AccessTokenID mapID, HapTokenInfoForSync& hapSync); int UpdateRemoteHapTokenInfo(AccessTokenID mapID, HapTokenInfoForSync& hapSync); void PermissionStateNotify(const std::shared_ptr& info, AccessTokenID id); diff --git a/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h b/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h index cbe2de083ff9c92a0fe481e11a858679c8d18b0a..cc8acf95e92f5862ef1da1aee2970c5c9fbf400a 100644 --- a/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h +++ b/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h @@ -87,8 +87,7 @@ private: void TranslationIntoGenericValues(GenericValues& outGenericValues) const; int RestoreHapTokenBasicInfo(const GenericValues& inGenericValues); bool UpdateStatesToDB(AccessTokenID tokenID, std::vector& stateChangeList); - static void PermToString(const std::vector& permList, - const std::vector& permStateList, std::string& info); + static void PermToString(const std::vector& permStateList, std::string& info); HapTokenInfo tokenInfoBasic_; diff --git a/services/accesstokenmanager/main/cpp/src/database/data_translator.cpp b/services/accesstokenmanager/main/cpp/src/database/data_translator.cpp index 7fccb5ec2a0ae71722207044aa3fdda6bfc954d3..6d8d4fc00ac9b866783728dfa40c4c8d18db76f0 100644 --- a/services/accesstokenmanager/main/cpp/src/database/data_translator.cpp +++ b/services/accesstokenmanager/main/cpp/src/database/data_translator.cpp @@ -28,28 +28,29 @@ namespace OHOS { namespace Security { namespace AccessToken { -int DataTranslator::TranslationIntoGenericValues(const PermissionDef& inPermissionDef, GenericValues& outGenericValues) +int DataTranslator::TranslationIntoGenericValues(const PermissionDefData& inPermissionDef, + GenericValues& outGenericValues) { outGenericValues.Put(TokenFiledConst::FIELD_PERMISSION_NAME, inPermissionDef.permissionName); - outGenericValues.Put(TokenFiledConst::FIELD_BUNDLE_NAME, inPermissionDef.bundleName); + outGenericValues.Put(TokenFiledConst::FIELD_BUNDLE_NAME, ""); outGenericValues.Put(TokenFiledConst::FIELD_GRANT_MODE, inPermissionDef.grantMode); outGenericValues.Put(TokenFiledConst::FIELD_AVAILABLE_LEVEL, inPermissionDef.availableLevel); outGenericValues.Put(TokenFiledConst::FIELD_PROVISION_ENABLE, inPermissionDef.provisionEnable ? 1 : 0); outGenericValues.Put(TokenFiledConst::FIELD_DISTRIBUTED_SCENE_ENABLE, inPermissionDef.distributedSceneEnable ? 1 : 0); - outGenericValues.Put(TokenFiledConst::FIELD_LABEL, inPermissionDef.label); + outGenericValues.Put(TokenFiledConst::FIELD_LABEL, ""); outGenericValues.Put(TokenFiledConst::FIELD_LABEL_ID, inPermissionDef.labelId); - outGenericValues.Put(TokenFiledConst::FIELD_DESCRIPTION, inPermissionDef.description); + outGenericValues.Put(TokenFiledConst::FIELD_DESCRIPTION, ""); outGenericValues.Put(TokenFiledConst::FIELD_DESCRIPTION_ID, inPermissionDef.descriptionId); outGenericValues.Put(TokenFiledConst::FIELD_AVAILABLE_TYPE, inPermissionDef.availableType); return RET_SUCCESS; } -int DataTranslator::TranslationIntoPermissionDef(const GenericValues& inGenericValues, PermissionDef& outPermissionDef) +int DataTranslator::TranslationIntoPermissionDef(const GenericValues& inGenericValues, + PermissionDefData& outPermissionDef) { outPermissionDef.permissionName = inGenericValues.GetString(TokenFiledConst::FIELD_PERMISSION_NAME); - outPermissionDef.bundleName = inGenericValues.GetString(TokenFiledConst::FIELD_BUNDLE_NAME); - outPermissionDef.grantMode = inGenericValues.GetInt(TokenFiledConst::FIELD_GRANT_MODE); + outPermissionDef.grantMode = static_cast(inGenericValues.GetInt(TokenFiledConst::FIELD_GRANT_MODE)); int aplNum = inGenericValues.GetInt(TokenFiledConst::FIELD_AVAILABLE_LEVEL); if (!DataValidator::IsAplNumValid(aplNum)) { LOGE(ATM_DOMAIN, ATM_TAG, "Apl is wrong."); @@ -59,9 +60,7 @@ int DataTranslator::TranslationIntoPermissionDef(const GenericValues& inGenericV outPermissionDef.provisionEnable = (inGenericValues.GetInt(TokenFiledConst::FIELD_PROVISION_ENABLE) == 1); outPermissionDef.distributedSceneEnable = (inGenericValues.GetInt(TokenFiledConst::FIELD_DISTRIBUTED_SCENE_ENABLE) == 1); - outPermissionDef.label = inGenericValues.GetString(TokenFiledConst::FIELD_LABEL); outPermissionDef.labelId = inGenericValues.GetInt(TokenFiledConst::FIELD_LABEL_ID); - outPermissionDef.description = inGenericValues.GetString(TokenFiledConst::FIELD_DESCRIPTION); outPermissionDef.descriptionId = inGenericValues.GetInt(TokenFiledConst::FIELD_DESCRIPTION_ID); int availableType = inGenericValues.GetInt(TokenFiledConst::FIELD_AVAILABLE_TYPE); outPermissionDef.availableType = static_cast(availableType); diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp index a73ced1f7b147e86b4c6d2d5adc641247af74065..b3e372137bd74a2e43bc3d5f6b2a3c2aa488d0f2 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp @@ -26,7 +26,6 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { -static const int32_t EXTENSION_PERMISSION_ID = 0; std::recursive_mutex g_instanceMutex; } @@ -49,7 +48,7 @@ PermissionDefinitionCache::PermissionDefinitionCache() PermissionDefinitionCache::~PermissionDefinitionCache() {} -bool PermissionDefinitionCache::Insert(const PermissionDef& info, AccessTokenID tokenId) +bool PermissionDefinitionCache::Insert(const PermissionDefData& info) { Utils::UniqueWriteGuard cacheGuard(this->cacheLock_); auto it = permissionDefinitionMap_.find(info.permissionName); @@ -58,36 +57,21 @@ bool PermissionDefinitionCache::Insert(const PermissionDef& info, AccessTokenID info.permissionName.c_str()); return false; } - permissionDefinitionMap_[info.permissionName].permDef = info; - permissionDefinitionMap_[info.permissionName].tokenId = tokenId; - if (!hasHapPermissionDefinition_ && (tokenId != EXTENSION_PERMISSION_ID)) { - hasHapPermissionDefinition_ = true; + permissionDefinitionMap_[info.permissionName] = info; + if (!hasHapPermissionDefinition_) { + hasHapPermissionDefinition_ = true; // hasHapPermissionDefinition_为true表示系统资源包已加载 } return true; } -bool PermissionDefinitionCache::Update(const PermissionDef& info, AccessTokenID tokenId) +bool PermissionDefinitionCache::Update(const PermissionDefData& info) { Utils::UniqueWriteGuard cacheGuard(this->cacheLock_); - permissionDefinitionMap_[info.permissionName].permDef = info; - permissionDefinitionMap_[info.permissionName].tokenId = tokenId; + permissionDefinitionMap_[info.permissionName] = info; return true; } -void PermissionDefinitionCache::DeleteByToken(AccessTokenID tokenId) -{ - Utils::UniqueWriteGuard cacheGuard(this->cacheLock_); - auto it = permissionDefinitionMap_.begin(); - while (it != permissionDefinitionMap_.end()) { - if (tokenId == it->second.tokenId) { - it = permissionDefinitionMap_.erase(it); - } else { - ++it; - } - } -} - -int PermissionDefinitionCache::FindByPermissionName(const std::string& permissionName, PermissionDef& info) +int PermissionDefinitionCache::FindByPermissionName(const std::string& permissionName, PermissionDefData& info) { Utils::UniqueReadGuard cacheGuard(this->cacheLock_); auto it = permissionDefinitionMap_.find(permissionName); @@ -96,7 +80,7 @@ int PermissionDefinitionCache::FindByPermissionName(const std::string& permissio permissionName.c_str()); return AccessTokenError::ERR_PERMISSION_NOT_EXIST; } - info = it->second.permDef; + info = it->second; return RET_SUCCESS; } @@ -118,7 +102,7 @@ bool PermissionDefinitionCache::IsGrantedModeEqualInner(const std::string& permi if (it == permissionDefinitionMap_.end()) { return false; } - return it->second.permDef.grantMode == grantMode; + return it->second.grantMode == grantMode; } bool PermissionDefinitionCache::HasDefinition(const std::string& permissionName) @@ -135,7 +119,7 @@ bool PermissionDefinitionCache::HasHapPermissionDefinitionForHap(const std::stri { Utils::UniqueReadGuard cacheGuard(this->cacheLock_); auto it = permissionDefinitionMap_.find(permissionName); - if ((it != permissionDefinitionMap_.end()) && (it->second.tokenId != EXTENSION_PERMISSION_ID)) { + if ((it != permissionDefinitionMap_.end()) && (it->second.availableType != SERVICE)) { return true; } return false; @@ -153,36 +137,20 @@ void PermissionDefinitionCache::StorePermissionDef(std::vector& v auto it = permissionDefinitionMap_.begin(); while (it != permissionDefinitionMap_.end()) { GenericValues genericValues; - genericValues.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(it->second.tokenId)); - DataTranslator::TranslationIntoGenericValues(it->second.permDef, genericValues); + genericValues.Put(TokenFiledConst::FIELD_TOKEN_ID, 0); + DataTranslator::TranslationIntoGenericValues(it->second, genericValues); valueList.emplace_back(genericValues); ++it; } } -void PermissionDefinitionCache::StorePermissionDef(AccessTokenID tokenID, std::vector& valueList) -{ - Utils::UniqueReadGuard cacheGuard(this->cacheLock_); - auto it = permissionDefinitionMap_.begin(); - while (it != permissionDefinitionMap_.end()) { - if (tokenID == it->second.tokenId) { - GenericValues genericValues; - genericValues.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(it->second.tokenId)); - DataTranslator::TranslationIntoGenericValues(it->second.permDef, genericValues); - valueList.emplace_back(genericValues); - } - ++it; - } -} - -void PermissionDefinitionCache::GetDefPermissionsByTokenId(std::vector& permList, - AccessTokenID tokenId) +void PermissionDefinitionCache::GetDefPermissions(std::vector& permList) { Utils::UniqueReadGuard cacheGuard(this->cacheLock_); auto it = permissionDefinitionMap_.begin(); while (it != permissionDefinitionMap_.end()) { - if (tokenId == it->second.tokenId) { - permList.emplace_back(it->second.permDef); + if (ATokenAvailableTypeEnum::SERVICE != it->second.availableType) { + permList.emplace_back(it->second); } ++it; } @@ -191,14 +159,13 @@ void PermissionDefinitionCache::GetDefPermissionsByTokenId(std::vector& permDefRes) { for (const GenericValues& defValue : permDefRes) { - PermissionDef def; - AccessTokenID tokenId = (AccessTokenID)defValue.GetInt(TokenFiledConst::FIELD_TOKEN_ID); + PermissionDefData def; int32_t ret = DataTranslator::TranslationIntoPermissionDef(defValue, def); if (ret != RET_SUCCESS) { - LOGE(ATM_DOMAIN, ATM_TAG, "TokenId 0x%{public}x permDef is wrong.", tokenId); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to transfer permDef, err=%{public}d.", ret); return ret; } - Insert(def, tokenId); + Insert(def); } return RET_SUCCESS; } diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index 82b8fb437447858203781273ec537c87c7cc8d03..a15439a9660dfb4b80de1e9a9587686919b00e8a 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -65,6 +65,7 @@ static const std::vector g_notDisplayedPerms = { "ohos.permission.SHORT_TERM_WRITE_IMAGEVIDEO" }; constexpr const char* APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM = "enterprise_mdm"; +constexpr const char* SYSTEM_RESOURCE_BUNDLE_NAME = "ohos.global.systemres"; } PermissionManager* PermissionManager::implInstance_ = nullptr; std::recursive_mutex PermissionManager::mutex_; @@ -100,32 +101,25 @@ PermissionManager::PermissionManager() PermissionManager::~PermissionManager() {} -void PermissionManager::AddDefPermissions(const std::vector& permList, AccessTokenID tokenId, - bool updateFlag) +void PermissionManager::AddDefPermissions(const std::vector& permList, bool updateFlag) { - std::vector permFilterList; + std::vector permFilterList; PermissionValidator::FilterInvalidPermissionDef(permList, permFilterList); for (const auto& perm : permFilterList) { if (updateFlag) { - PermissionDefinitionCache::GetInstance().Update(perm, tokenId); + PermissionDefinitionCache::GetInstance().Update(perm); continue; } if (!PermissionDefinitionCache::GetInstance().HasDefinition(perm.permissionName)) { - PermissionDefinitionCache::GetInstance().Insert(perm, tokenId); + PermissionDefinitionCache::GetInstance().Insert(perm); } else { - PermissionDefinitionCache::GetInstance().Update(perm, tokenId); + PermissionDefinitionCache::GetInstance().Update(perm); LOGI(ATM_DOMAIN, ATM_TAG, "Permission %{public}s has define", perm.permissionName.c_str()); } } } -void PermissionManager::RemoveDefPermissions(AccessTokenID tokenID) -{ - LOGI(ATM_DOMAIN, ATM_TAG, "tokenID: %{public}u", tokenID); - PermissionDefinitionCache::GetInstance().DeleteByToken(tokenID); -} - int PermissionManager::VerifyHapAccessToken(AccessTokenID tokenID, const std::string& permissionName) { return HapTokenInfoInner::VerifyPermissionStatus(tokenID, permissionName); // 从data获取 @@ -145,7 +139,7 @@ PermUsedTypeEnum PermissionManager::GetPermissionUsedType( return ret; } -int PermissionManager::GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult) +int PermissionManager::GetDefPermission(const std::string& permissionName, PermissionDefData& permissionDefResult) { if (!PermissionValidator::IsPermissionNameValid(permissionName)) { LOGE(ATM_DOMAIN, ATM_TAG, "Invalid params!"); @@ -154,9 +148,22 @@ int PermissionManager::GetDefPermission(const std::string& permissionName, Permi return PermissionDefinitionCache::GetInstance().FindByPermissionName(permissionName, permissionDefResult); } -void PermissionManager::GetDefPermissions(AccessTokenID tokenID, std::vector& permList) +bool PermissionManager::IsSystemResource(const std::string& bundleName) +{ + return std::string(SYSTEM_RESOURCE_BUNDLE_NAME) == bundleName; +} + +void PermissionManager::GetDefPermissions(AccessTokenID tokenID, std::vector& permList) { - PermissionDefinitionCache::GetInstance().GetDefPermissionsByTokenId(permList, tokenID); + std::shared_ptr infoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenID); + if (infoPtr == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Token %{public}u is invalid.", tokenID); + return; + } + + if (IsSystemResource(infoPtr->GetBundleName())) { + PermissionDefinitionCache::GetInstance().GetDefPermissions(permList); + } } int PermissionManager::GetReqPermissions( @@ -177,7 +184,7 @@ int PermissionManager::GetReqPermissions( return ret; } for (const auto& perm : tmpList) { - PermissionDef permDef; + PermissionDefData permDef; GetDefPermission(perm.permissionName, permDef); if (permDef.grantMode == mode) { reqPermList.emplace_back(perm); @@ -507,26 +514,23 @@ int32_t PermissionManager::CheckAndUpdatePermission(AccessTokenID tokenID, const int32_t PermissionManager::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) { - LOGI(ATM_DOMAIN, ATM_TAG, - "%{public}s called, tokenID: %{public}u, permissionName: %{public}s, flag: %{public}d", - __func__, tokenID, permissionName.c_str(), flag); + LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}u, permissionName: %{public}s, flag: %{public}d", + tokenID, permissionName.c_str(), flag); return CheckAndUpdatePermission(tokenID, permissionName, true, flag); } int32_t PermissionManager::RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) { - LOGI(ATM_DOMAIN, ATM_TAG, - "%{public}s called, tokenID: %{public}u, permissionName: %{public}s, flag: %{public}d", - __func__, tokenID, permissionName.c_str(), flag); + LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}u, permissionName: %{public}s, flag: %{public}d", + tokenID, permissionName.c_str(), flag); return CheckAndUpdatePermission(tokenID, permissionName, false, flag); } int32_t PermissionManager::GrantPermissionForSpecifiedTime( AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime) { - LOGI(ATM_DOMAIN, ATM_TAG, - "%{public}s called, tokenID: %{public}u, permissionName: %{public}s, onceTime: %{public}d", - __func__, tokenID, permissionName.c_str(), onceTime); + LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}u, permissionName: %{public}s, onceTime: %{public}d", + tokenID, permissionName.c_str(), onceTime); return ShortGrantManager::GetInstance().RefreshPermission(tokenID, permissionName, onceTime); } @@ -837,7 +841,7 @@ void PermissionManager::SetPermToKernel( tokenID, permissionName.c_str(), ret); } -bool IsAclSatisfied(const PermissionDef& permDef, const HapPolicy& policy) +bool IsAclSatisfied(const PermissionDefData& permDef, const HapPolicy& policy) { if (policy.checkIgnore == HapPolicyCheckIgnore::ACL_IGNORE_CHECK) { LOGI(ATM_DOMAIN, ATM_TAG, "%{public}s ignore acl check.", permDef.permissionName.c_str()); @@ -861,7 +865,7 @@ bool IsAclSatisfied(const PermissionDef& permDef, const HapPolicy& policy) return true; } -bool IsPermAvailableRangeSatisfied(const PermissionDef& permDef, const std::string& appDistributionType) +bool IsPermAvailableRangeSatisfied(const PermissionDefData& permDef, const std::string& appDistributionType) { if (permDef.availableType == ATokenAvailableTypeEnum::MDM) { if (appDistributionType == "none") { @@ -916,7 +920,7 @@ bool PermissionManager::InitPermissionList(const std::string& appDistributionTyp policy.permStateList.size(), policy.preAuthorizationInfo.size(), policy.aclRequestedList.size()); for (auto state : policy.permStateList) { - PermissionDef permDef; + PermissionDefData permDef; int32_t ret = PermissionManager::GetInstance().GetDefPermission( state.permissionName, permDef); if (ret != AccessToken::AccessTokenKitRet::RET_SUCCESS) { diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp index 9e21164a8d96e19d06dea45b79e9f31ff3e06897..a9e24c3e7f7314a3fb5070ad61c45c8fa0b0402a 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp @@ -55,20 +55,8 @@ bool PermissionValidator::IsToggleStatusValid(const uint32_t status) return DataValidator::IsToggleStatusValid(status); } -bool PermissionValidator::IsPermissionDefValid(const PermissionDef& permDef) +bool PermissionValidator::IsPermissionDefValid(const PermissionDefData& permDef) { - if (!DataValidator::IsLabelValid(permDef.label)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Label invalid."); - return false; - } - if (!DataValidator::IsDescValid(permDef.description)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Desc invalid."); - return false; - } - if (!DataValidator::IsBundleNameValid(permDef.bundleName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "BundleName invalid."); - return false; - } if (!DataValidator::IsPermissionNameValid(permDef.permissionName)) { LOGE(ATM_DOMAIN, ATM_TAG, "PermissionName invalid."); return false; @@ -114,7 +102,7 @@ bool PermissionValidator::IsPermissionStateValid(const PermissionStatus& permSta } void PermissionValidator::FilterInvalidPermissionDef( - const std::vector& permList, std::vector& result) + const std::vector& permList, std::vector& result) { std::set permDefSet; for (auto it = permList.begin(); it != permList.end(); ++it) { diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index d8e6d31c03eac4b88d4a067535c3bb42177ca1f2..ca0b27a4bf86f6cd36277d18dbc83db5d7d851e4 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -167,7 +167,7 @@ int AccessTokenManagerService::GetDefPermission( int AccessTokenManagerService::GetDefPermissions(AccessTokenID tokenID, std::vector& permList) { LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenID); - std::vector permVec; + std::vector permVec; PermissionManager::GetInstance().GetDefPermissions(tokenID, permVec); for (const auto& perm : permVec) { PermissionDefParcel permParcel; diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index 25621e1ec94231b19438844b3d8d4a4ea5c5bebd..4c4a1047a48c345d77629e6c1fbcdb6905ef3b2a 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -63,7 +63,6 @@ static const int MAX_PTHREAD_NAME_LEN = 15; // pthread name max length static const char* ACCESS_TOKEN_PACKAGE_NAME = "ohos.security.distributed_token_sync"; #endif static const char* DUMP_JSON_PATH = "/data/service/el1/public/access_token/nativetoken.log"; -static const int32_t EXTENSION_PERMISSION_ID = 0; } AccessTokenInfoManager::AccessTokenInfoManager() : hasInited_(false) {} @@ -121,13 +120,13 @@ void AccessTokenInfoManager::Init() DlpPermissionSetManager::GetInstance().ProcessDlpPermInfos(dlpPerms); } #endif - std::vector permDefList; + std::vector permDefList; ret = policy->GetAllPermissionDef(permDefList); if (ret != RET_SUCCESS) { ReportSysEventServiceStartError(INIT_PERM_DEF_JSON_ERROR, "GetAllPermissionDef from json fail.", ret); } for (const auto& perm : permDefList) { - PermissionDefinitionCache::GetInstance().Insert(perm, EXTENSION_PERMISSION_ID); + PermissionDefinitionCache::GetInstance().Insert(perm); } hasInited_ = true; LOGI(ATM_DOMAIN, ATM_TAG, "Init success"); @@ -405,11 +404,8 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id) return ERR_PARAM_INVALID; } std::shared_ptr info; - // make sure that RemoveDefPermissions is called outside of the lock to avoid deadlocks. - PermissionManager::GetInstance().RemoveDefPermissions(id); { Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); - RemoveHapTokenInfoFromDb(id); // remove hap to kernel PermissionManager::GetInstance().RemovePermFromKernel(id); AccessTokenIDManager::GetInstance().ReleaseTokenId(id); @@ -435,6 +431,7 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id) } hapTokenInfoMap_.erase(id); } + RemoveHapTokenInfoFromDb(info); LOGI(ATM_DOMAIN, ATM_TAG, "Remove hap token %{public}u ok!", id); PermissionStateNotify(info, id); @@ -523,7 +520,7 @@ int AccessTokenInfoManager::CreateHapTokenInfo( return ERR_TOKENID_CREATE_FAILED; } } - PermissionManager::GetInstance().AddDefPermissions(policy.permList, tokenId, false); + #ifdef SUPPORT_SANDBOX_APP std::shared_ptr tokenInfo; HapPolicy policyNew = policy; @@ -535,13 +532,16 @@ int AccessTokenInfoManager::CreateHapTokenInfo( #else std::shared_ptr tokenInfo = std::make_shared(tokenId, info, policy); #endif + if (PermissionManager::GetInstance().IsSystemResource(tokenInfo->GetBundleName())) { + PermissionManager::GetInstance().AddDefPermissions(policy.permList, false); + } + AddHapTokenInfoToDb(tokenInfo, info.appIDDesc, policy.apl, false); int ret = AddHapTokenInfo(tokenInfo); if (ret != RET_SUCCESS) { LOGE(ATM_DOMAIN, ATM_TAG, "%{public}s add token info failed", info.bundleName.c_str()); AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); - PermissionManager::GetInstance().RemoveDefPermissions(tokenId); - RemoveHapTokenInfoFromDb(tokenId); + RemoveHapTokenInfoFromDb(tokenInfo); return ret; } LOGI(ATM_DOMAIN, ATM_TAG, @@ -632,7 +632,7 @@ void AccessTokenInfoManager::InitNativeTokenInfos(const std::vector& permStateList, ATokenAplEnum apl, - const std::vector& permList) + const std::vector& permList) { AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; if (!DataValidator::IsAppIDDescValid(info.appIDDesc)) { @@ -654,7 +654,9 @@ int32_t AccessTokenInfoManager::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const } else { tokenIdEx.tokenIdExStruct.tokenAttr &= ~SYSTEM_APP_FLAG; } - PermissionManager::GetInstance().AddDefPermissions(permList, tokenID, true); + if (PermissionManager::GetInstance().IsSystemResource(infoPtr->GetBundleName())) { + PermissionManager::GetInstance().AddDefPermissions(permList, true); + } { Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); infoPtr->Update(info, permStateList); @@ -953,25 +955,34 @@ int AccessTokenInfoManager::AddHapTokenInfoToDb(const std::shared_ptrGetTokenID(); + bool isSystemRes = PermissionManager::GetInstance().IsSystemResource(hapInfo->GetBundleName()); // get new hap token info from cache std::vector hapInfoValues; hapInfo->StoreHapInfo(hapInfoValues, appId, apl); - // get new permission def from cache if exist - std::vector permDefValues; - PermissionDefinitionCache::GetInstance().StorePermissionDef(tokenID, permDefValues); - // get new permission status from cache if exist std::vector permStateValues; hapInfo->StorePermissionPolicy(permStateValues); std::vector addDataTypes; - std::vector delDataTypes; addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_HAP_INFO); - addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_DEF); addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_STATE); + std::vector> addValues; + addValues.emplace_back(hapInfoValues); + addValues.emplace_back(permStateValues); + + // only when add or update ohos.global.systemres, permission define will restore + if (isSystemRes) { + LOGI(ATM_DOMAIN, ATM_TAG, "Deteach system resource install or update."); + std::vector permDefValues; + PermissionDefinitionCache::GetInstance().StorePermissionDef(permDefValues); + addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_DEF); + addValues.emplace_back(permDefValues); + } + + std::vector delDataTypes; std::vector deleteValues; if (isUpdate) { // udapte: delete and add; otherwise add only delDataTypes.assign(addDataTypes.begin(), addDataTypes.end()); @@ -979,14 +990,11 @@ int AccessTokenInfoManager::AddHapTokenInfoToDb(const std::shared_ptr(tokenID)); deleteValues.emplace_back(conditionValue); deleteValues.emplace_back(conditionValue); - deleteValues.emplace_back(conditionValue); + if (isSystemRes) { + deleteValues.emplace_back(conditionValue); + } } - std::vector> addValues; - addValues.emplace_back(hapInfoValues); - addValues.emplace_back(permDefValues); - addValues.emplace_back(permStateValues); - int32_t ret = AccessTokenDb::GetInstance().DeleteAndInsertValues( delDataTypes, deleteValues, addDataTypes, addValues); if (ret != RET_SUCCESS) { @@ -996,19 +1004,24 @@ int AccessTokenInfoManager::AddHapTokenInfoToDb(const std::shared_ptr& info) { + AccessTokenID tokenID = info->GetTokenID(); GenericValues condition; condition.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenID)); std::vector deleteDataTypes; - std::vector deleteValues; deleteDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_HAP_INFO); - deleteDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_DEF); deleteDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_STATE); - deleteValues.emplace_back(condition); + + std::vector deleteValues; deleteValues.emplace_back(condition); deleteValues.emplace_back(condition); + if (PermissionManager::GetInstance().IsSystemResource(info->GetBundleName())) { + deleteDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_DEF); + deleteValues.emplace_back(condition); + } + std::vector addDataTypes; std::vector> addValues; int32_t ret = AccessTokenDb::GetInstance().DeleteAndInsertValues(deleteDataTypes, deleteValues, addDataTypes, @@ -1718,7 +1731,7 @@ int32_t AccessTokenInfoManager::GetPermissionRequestToggleStatus(const std::stri bool AccessTokenInfoManager::IsPermissionReqValid(int32_t tokenApl, const std::string& permissionName, const std::vector& nativeAcls) { - PermissionDef permissionDef; + PermissionDefData permissionDef; int ret = PermissionDefinitionCache::GetInstance().FindByPermissionName( permissionName, permissionDef); if (ret != RET_SUCCESS) { @@ -1773,7 +1786,8 @@ void AccessTokenInfoManager::NativeTokenToString(AccessTokenID tokenID, std::str } NativeTokenInfoBase native = *iter; std::string invalidPermString = ""; - info.append(R"({\n)"); + info.append(R"({)"); + info.append("\n"); info.append(R"( "tokenID": )" + std::to_string(native.tokenID) + ",\n"); info.append(R"( "processName": ")" + native.processName + R"(")" + ",\n"); info.append(R"( "apl": )" + std::to_string(native.apl) + ",\n"); diff --git a/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp b/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp index 70211011a34a7cef377377446c7d08a4e37cace2..9bb929966e295012b843dc660ac67b6bd140a530 100644 --- a/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp @@ -426,19 +426,16 @@ bool HapTokenInfoInner::IsPermissionGrantedWithSecComp(AccessTokenID tokenID, co return PermissionDataBrief::GetInstance().IsPermissionGrantedWithSecComp(tokenID, permissionName); } -void PermDefToString(const PermissionDef& def, std::string& info) +void PermDefToString(const PermissionDefData& def, std::string& info) { info.append(R"( {)"); info.append("\n"); info.append(R"( "permissionName": ")" + def.permissionName + R"(")" + ",\n"); - info.append(R"( "bundleName": ")" + def.bundleName + R"(")" + ",\n"); info.append(R"( "grantMode": )" + std::to_string(def.grantMode) + ",\n"); info.append(R"( "availableLevel": )" + std::to_string(def.availableLevel) + ",\n"); info.append(R"( "provisionEnable": )" + std::to_string(def.provisionEnable) + ",\n"); info.append(R"( "distributedSceneEnable": )" + std::to_string(def.distributedSceneEnable) + ",\n"); - info.append(R"( "label": ")" + def.label + R"(")" + ",\n"); info.append(R"( "labelId": )" + std::to_string(def.labelId) + ",\n"); - info.append(R"( "description": ")" + def.description + R"(")" + ",\n"); info.append(R"( "descriptionId": )" + std::to_string(def.descriptionId) + ",\n"); info.append(R"( })"); } @@ -453,19 +450,8 @@ void PermStateFullToString(const PermissionStatus& state, std::string& info) info.append(R"( })"); } -void HapTokenInfoInner::PermToString(const std::vector& permList, - const std::vector& permStateList, std::string& info) +void HapTokenInfoInner::PermToString(const std::vector& permStateList, std::string& info) { - info.append(R"( "permDefList": [)"); - info.append("\n"); - for (auto iter = permList.begin(); iter != permList.end(); iter++) { - PermDefToString(*iter, info); - if (iter != (permList.end() - 1)) { - info.append(",\n"); - } - } - info.append("\n ],\n"); - info.append(R"( "permStateList": [)"); info.append("\n"); for (auto iter = permStateList.begin(); iter != permStateList.end(); iter++) { @@ -491,11 +477,9 @@ void HapTokenInfoInner::ToString(std::string& info) info.append(R"( "isRemote": )" + std::to_string(isRemote_) + ",\n"); info.append(R"( "isPermDialogForbidden": )" + std::to_string(isPermDialogForbidden_) + ",\n"); - std::vector permList; - PermissionDefinitionCache::GetInstance().GetDefPermissionsByTokenId(permList, tokenInfoBasic_.tokenID); std::vector permStateList; (void)GetPermissionStateList(permStateList); - PermToString(permList, permStateList, info); + PermToString(permStateList, info); info.append("}"); } } // namespace AccessToken diff --git a/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp b/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp index 147a6e5f7c63c0db0a7180492a4a477fd6527ed6..2e2a00f5f12dc1238cf4b8a8f607ea4fcd28d83b 100644 --- a/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp +++ b/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp @@ -48,29 +48,23 @@ static bool g_hasHapPermissionDefinition; static constexpr int32_t DEFAULT_API_VERSION = 8; static constexpr int USER_ID = 100; static constexpr int INST_INDEX = 0; -static PermissionDef g_infoManagerTestPermDef1 = { +static PermissionDefData g_infoManagerTestPermDef1 = { .permissionName = "open the door", - .bundleName = "accesstoken_test", - .grantMode = 1, + .grantMode = GrantMode::USER_GRANT, .availableLevel = APL_NORMAL, .provisionEnable = false, .distributedSceneEnable = false, - .label = "label", .labelId = 1, - .description = "open the door", .descriptionId = 1 }; -static PermissionDef g_infoManagerTestPermDef2 = { +static PermissionDefData g_infoManagerTestPermDef2 = { .permissionName = "break the door", - .bundleName = "accesstoken_test", - .grantMode = 1, + .grantMode = GrantMode::USER_GRANT, .availableLevel = APL_NORMAL, .provisionEnable = false, .distributedSceneEnable = false, - .label = "label", .labelId = 1, - .description = "break the door", .descriptionId = 1 }; @@ -134,24 +128,22 @@ void AccessTokenInfoManagerTest::SetUp() { atManagerService_ = DelayedSingleton::GetInstance(); EXPECT_NE(nullptr, atManagerService_); - PermissionDef infoManagerPermDefA = { + PermissionDefData infoManagerPermDefA = { .permissionName = "ohos.permission.CAMERA", - .bundleName = "accesstoken_test", .grantMode = USER_GRANT, .availableLevel = APL_NORMAL, .provisionEnable = false, .distributedSceneEnable = false, }; - PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDefA, 1); - PermissionDef infoManagerPermDefB = { + PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDefA); + PermissionDefData infoManagerPermDefB = { .permissionName = "ohos.permission.LOCATION", - .bundleName = "accesstoken_test", .grantMode = USER_GRANT, .availableLevel = APL_NORMAL, .provisionEnable = false, .distributedSceneEnable = false, }; - PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDefB, 1); + PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDefB); g_permissionDefinitionMap = PermissionDefinitionCache::GetInstance().permissionDefinitionMap_; g_hasHapPermissionDefinition = PermissionDefinitionCache::GetInstance().hasHapPermissionDefinition_; } @@ -243,10 +235,9 @@ HWTEST_F(AccessTokenInfoManagerTest, CreateHapTokenInfo002, TestSize.Level1) ASSERT_EQ(RET_SUCCESS, ret); ASSERT_NE(tokenIdEx.tokenIdExStruct.tokenID, tokenIdEx1.tokenIdExStruct.tokenID); GTEST_LOG_(INFO) << "add same hap token"; - PermissionDef permDef; - ASSERT_EQ(RET_SUCCESS, + PermissionDefData permDef; + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, PermissionManager::GetInstance().GetDefPermission(g_infoManagerTestPermDef1.permissionName, permDef)); - ASSERT_EQ(permDef.permissionName, g_infoManagerTestPermDef1.permissionName); std::shared_ptr tokenInfo; tokenInfo = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenIdEx1.tokenIdExStruct.tokenID); @@ -366,16 +357,13 @@ HWTEST_F(AccessTokenInfoManagerTest, CreateHapTokenInfo007, TestSize.Level1) */ HWTEST_F(AccessTokenInfoManagerTest, CreateHapTokenInfo008, TestSize.Level1) { - static PermissionDef permDef = { + static PermissionDefData permDef = { .permissionName = "ohos.permission.test", - .bundleName = "accesstoken_test", - .grantMode = -1, // -1:invalid grant mode + .grantMode = static_cast(-1), // -1:invalid grant mode .availableLevel = APL_NORMAL, .provisionEnable = false, .distributedSceneEnable = false, - .label = "label", .labelId = 1, - .description = "open the door", .descriptionId = 1 }; HapInfoParams info = { @@ -1409,21 +1397,16 @@ HWTEST_F(AccessTokenInfoManagerTest, GetHapTokenID002, TestSize.Level1) */ HWTEST_F(AccessTokenInfoManagerTest, Insert001, TestSize.Level1) { - PermissionDef info = { + PermissionDefData info = { .permissionName = "ohos.permission.CAMERA", - .bundleName = "com.ohos.test", - .grantMode = 0, + .grantMode = GrantMode::SYSTEM_GRANT, .availableLevel = ATokenAplEnum::APL_NORMAL, .provisionEnable = false, .distributedSceneEnable = false, - .label = "buzhidao", .labelId = 100, // 100 is random input - .description = "buzhidao", .descriptionId = 100 // 100 is random input }; - AccessTokenID tokenId = 123; // 123 is random input - - ASSERT_EQ(false, PermissionDefinitionCache::GetInstance().Insert(info, tokenId)); // permission has insert + ASSERT_EQ(false, PermissionDefinitionCache::GetInstance().Insert(info)); // permission has insert } /** @@ -1471,16 +1454,13 @@ HWTEST_F(AccessTokenInfoManagerTest, RestorePermDefInfo001, TestSize.Level1) */ HWTEST_F(AccessTokenInfoManagerTest, IsPermissionDefValid001, TestSize.Level1) { - PermissionDef permDef = { + PermissionDefData permDef = { .permissionName = "ohos.permission.TEST", - .bundleName = "com.ohos.test", .grantMode = static_cast(2), .availableLevel = ATokenAplEnum::APL_NORMAL, .provisionEnable = false, .distributedSceneEnable = false, - .label = "buzhidao", .labelId = 100, // 100 is random input - .description = "buzhidao", .descriptionId = 100 // 100 is random input }; @@ -1532,26 +1512,23 @@ HWTEST_F(AccessTokenInfoManagerTest, IsPermissionStateValid001, TestSize.Level1) */ HWTEST_F(AccessTokenInfoManagerTest, FilterInvalidPermissionDef001, TestSize.Level1) { - PermissionDef permDef = { + PermissionDefData permDef = { .permissionName = "ohos.permission.TEST", - .bundleName = "com.ohos.test", .grantMode = GrantMode::SYSTEM_GRANT, .availableLevel = ATokenAplEnum::APL_NORMAL, .provisionEnable = false, .distributedSceneEnable = false, - .label = "buzhidao", .labelId = 100, // 100 is random input - .description = "buzhidao", .descriptionId = 100 // 100 is random input }; - std::vector permList; + std::vector permList; permList.emplace_back(permDef); permList.emplace_back(permDef); ASSERT_EQ(static_cast(2), permList.size()); - std::vector result; + std::vector result; PermissionValidator::FilterInvalidPermissionDef(permList, result); // permDefSet.count != 0 ASSERT_EQ(static_cast(1), result.size()); } @@ -1564,26 +1541,23 @@ HWTEST_F(AccessTokenInfoManagerTest, FilterInvalidPermissionDef001, TestSize.Lev */ HWTEST_F(AccessTokenInfoManagerTest, QueryPermissionFlag001, TestSize.Level1) { - PermissionDef def = { - .permissionName = "ohos.permission.TEST", - .bundleName = "QueryPermissionFlag001", - .grantMode = 1, + PermissionDefData def = { + .permissionName = "ohos.permission.READ_MEDIA", + .grantMode = GrantMode::USER_GRANT, .availableLevel = APL_NORMAL, .provisionEnable = false, .distributedSceneEnable = false, - .label = "label", .labelId = 1, - .description = "description", .descriptionId = 1 }; PermissionStatus perm = { - .permissionName = "ohos.permission.TEST", + .permissionName = "ohos.permission.READ_MEDIA", .grantStatus = PermissionState::PERMISSION_DENIED, .grantFlag = PermissionFlag::PERMISSION_DEFAULT_FLAG }; AccessTokenID tokenId = 0x280bc140; // 0x280bc140 is random native - PermissionDefinitionCache::GetInstance().Insert(def, tokenId); + PermissionDefinitionCache::GetInstance().Insert(def); std::vector permStateList; permStateList.emplace_back(perm); @@ -1663,9 +1637,9 @@ HWTEST_F(AccessTokenInfoManagerTest, PermStateFullToString001, TestSize.Level1) ASSERT_EQ(RET_SUCCESS, PermissionDataBrief::GetInstance().GetBriefPermDataByTokenId(tokenId, briefPermDataList)); std::string info; - std::vector permList; + std::vector permList; // iter != end - 1 - HapTokenInfoInner::PermToString(permList, permStateList, info); + HapTokenInfoInner::PermToString(permStateList, info); ASSERT_TRUE(!info.empty()); } diff --git a/services/accesstokenmanager/test/unittest/native_token_receptor_test.cpp b/services/accesstokenmanager/test/unittest/native_token_receptor_test.cpp index aac2855c11e58b165004cd0545f169f9d99e11a4..e7219a553fc85a84e5516bf974f8317115e3c4b1 100644 --- a/services/accesstokenmanager/test/unittest/native_token_receptor_test.cpp +++ b/services/accesstokenmanager/test/unittest/native_token_receptor_test.cpp @@ -48,23 +48,20 @@ void NativeTokenReceptorTest::SetUpTestCase() for (unsigned int i = 0x28100000; i <= 0x28100007; i++) { AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(i); } - PermissionDef infoManagerPermDef = { + PermissionDefData infoManagerPermDef = { .permissionName = "ohos.permission.DISCOVER_BLUETOOTH", - .bundleName = "accesstoken_test", .grantMode = USER_GRANT, .availableLevel = APL_NORMAL, .provisionEnable = false, .distributedSceneEnable = false, - .label = "label", .labelId = 1, - .description = "CAMERA", .descriptionId = 1 }; - PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDef, 1); + PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDef); infoManagerPermDef.permissionName = "ohos.permission.MANAGE_USER_IDM"; - PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDef, 1); + PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDef); infoManagerPermDef.permissionName = "ohos.permission.ACCELEROMETER"; - PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDef, 1); + PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDef); } void NativeTokenReceptorTest::TearDownTestCase() diff --git a/services/accesstokenmanager/test/unittest/permission_manager_test.cpp b/services/accesstokenmanager/test/unittest/permission_manager_test.cpp index be9f5a49399b1b47fbb336b4eef3d61932e64fc3..a9b3f4c861afb50df393f806371b56a4fcc76359 100644 --- a/services/accesstokenmanager/test/unittest/permission_manager_test.cpp +++ b/services/accesstokenmanager/test/unittest/permission_manager_test.cpp @@ -43,29 +43,23 @@ namespace { static constexpr uint32_t MAX_CALLBACK_SIZE = 1024; static constexpr int32_t USER_ID = 100; static constexpr int32_t INST_INDEX = 0; -static PermissionDef g_infoManagerTestPermDef1 = { +static PermissionDefData g_infoManagerTestPermDef1 = { .permissionName = "open the door", - .bundleName = "accesstoken_test", - .grantMode = 1, + .grantMode = GrantMode::USER_GRANT, .availableLevel = APL_NORMAL, .provisionEnable = false, .distributedSceneEnable = false, - .label = "label", .labelId = 1, - .description = "open the door", .descriptionId = 1 }; -static PermissionDef g_infoManagerTestPermDef2 = { +static PermissionDefData g_infoManagerTestPermDef2 = { .permissionName = "break the door", - .bundleName = "accesstoken_test", - .grantMode = 1, + .grantMode = GrantMode::USER_GRANT, .availableLevel = APL_NORMAL, .provisionEnable = false, .distributedSceneEnable = false, - .label = "label", .labelId = 1, - .description = "break the door", .descriptionId = 1 }; @@ -151,55 +145,43 @@ static PermissionStatus g_permState9 = { .grantFlag = PermissionFlag::PERMISSION_POLICY_FIXED | PermissionFlag::PERMISSION_USER_SET }; -static PermissionDef g_infoManagerPermDef1 = { +static PermissionDefData g_infoManagerPermDef1 = { .permissionName = "ohos.permission.MEDIA_LOCATION", - .bundleName = "accesstoken_test", .grantMode = USER_GRANT, .availableLevel = APL_NORMAL, .provisionEnable = false, .distributedSceneEnable = false, - .label = "label", .labelId = 1, - .description = "MEDIA_LOCATION", .descriptionId = 1 }; -static PermissionDef g_infoManagerPermDef2 = { +static PermissionDefData g_infoManagerPermDef2 = { .permissionName = "ohos.permission.MICROPHONE", - .bundleName = "accesstoken_test", .grantMode = USER_GRANT, .availableLevel = APL_NORMAL, .provisionEnable = false, .distributedSceneEnable = false, - .label = "label", .labelId = 1, - .description = "MICROPHONE", .descriptionId = 1 }; -static PermissionDef g_infoManagerPermDef3 = { +static PermissionDefData g_infoManagerPermDef3 = { .permissionName = "ohos.permission.READ_CALENDAR", - .bundleName = "accesstoken_test", .grantMode = USER_GRANT, .availableLevel = APL_NORMAL, .provisionEnable = false, .distributedSceneEnable = false, - .label = "label", .labelId = 1, - .description = "READ_CALENDAR", .descriptionId = 1 }; -static PermissionDef g_infoManagerPermDef4 = { +static PermissionDefData g_infoManagerPermDef4 = { .permissionName = "ohos.permission.READ_CALL_LOG", - .bundleName = "accesstoken_test", .grantMode = USER_GRANT, .availableLevel = APL_NORMAL, .provisionEnable = false, .distributedSceneEnable = false, - .label = "label", .labelId = 1, - .description = "READ_CALL_LOG", .descriptionId = 1 }; } @@ -236,31 +218,28 @@ void PermissionManagerTest::SetUp() } formStateObserver_ = std::make_shared(); - PermissionDef infoManagerPermDef = { + PermissionDefData infoManagerPermDef = { .permissionName = "ohos.permission.CAMERA", - .bundleName = "accesstoken_test", .grantMode = USER_GRANT, .availableLevel = APL_NORMAL, .provisionEnable = false, .distributedSceneEnable = false, - .label = "label", .labelId = 1, - .description = "CAMERA", .descriptionId = 1 }; - PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDef, 1); + PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDef); infoManagerPermDef.permissionName = "ohos.permission.APPROXIMATELY_LOCATION"; - PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDef, 1); + PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDef); infoManagerPermDef.permissionName = "ohos.permission.LOCATION"; - PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDef, 1); + PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDef); infoManagerPermDef.permissionName = "ohos.permission.CAPTURE_SCREEN"; - PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDef, 1); + PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDef); infoManagerPermDef.permissionName = "ohos.permission.CHANGE_ABILITY_ENABLED_STATE"; - PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDef, 1); + PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDef); infoManagerPermDef.permissionName = "ohos.permission.CLEAN_APPLICATION_DATA"; - PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDef, 1); + PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDef); infoManagerPermDef.permissionName = "ohos.permission.COMMONEVENT_STICKY"; - PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDef, 1); + PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDef); } void PermissionManagerTest::TearDown() @@ -476,7 +455,7 @@ HWTEST_F(PermissionManagerTest, RevokePermission001, TestSize.Level1) HWTEST_F(PermissionManagerTest, GetDefPermission001, TestSize.Level1) { std::string permissionName; - PermissionDef permissionDefResult; + PermissionDefData permissionDefResult; // permissionName is empty ASSERT_EQ( @@ -497,7 +476,7 @@ HWTEST_F(PermissionManagerTest, GetDefPermission001, TestSize.Level1) HWTEST_F(PermissionManagerTest, GetDefPermission002, TestSize.Level1) { std::string permissionName = "ohos.permission.CAMERA"; - PermissionDef permissionDefResult; + PermissionDefData permissionDefResult; // permissionName invalid ASSERT_EQ(RET_SUCCESS, PermissionManager::GetInstance().GetDefPermission(permissionName, permissionDefResult)); @@ -511,7 +490,7 @@ HWTEST_F(PermissionManagerTest, GetDefPermission002, TestSize.Level1) */ HWTEST_F(PermissionManagerTest, GetDefPermissions001, TestSize.Level1) { - std::vector result; + std::vector result; AccessTokenID tokenId = 123; PermissionManager::GetInstance().GetDefPermissions(tokenId, result); @@ -531,10 +510,10 @@ HWTEST_F(PermissionManagerTest, GetDefPermissions002, TestSize.Level1) g_infoManagerTestPolicyPrams1, tokenIdEx); ASSERT_EQ(RET_SUCCESS, ret); - std::vector result; + std::vector result; AccessTokenID tokenId = tokenIdEx.tokenIdExStruct.tokenID; PermissionManager::GetInstance().GetDefPermissions(tokenId, result); - ASSERT_TRUE(!result.empty()); + ASSERT_TRUE(result.empty()); ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID); ASSERT_EQ(RET_SUCCESS, ret); @@ -548,11 +527,11 @@ HWTEST_F(PermissionManagerTest, GetDefPermissions002, TestSize.Level1) */ HWTEST_F(PermissionManagerTest, GetDefPermissions003, TestSize.Level1) { - std::vector result; + std::vector result; AccessTokenID tokenId = 0; PermissionManager::GetInstance().GetDefPermissions(tokenId, result); - ASSERT_TRUE(!result.empty()); + ASSERT_TRUE(result.empty()); } /** diff --git a/services/accesstokenmanager/test/unittest/short_grant_manager_test.cpp b/services/accesstokenmanager/test/unittest/short_grant_manager_test.cpp index d2e4b116505c43005af5d6812c78cf905d671803..cd982afd5cbd6c0ac9c8b5cf3e3d7cab74f819fc 100644 --- a/services/accesstokenmanager/test/unittest/short_grant_manager_test.cpp +++ b/services/accesstokenmanager/test/unittest/short_grant_manager_test.cpp @@ -67,17 +67,14 @@ void ShortGrantManagerTest::SetUp() ShortGrantManager::GetInstance().InitEventHandler(); #endif - PermissionDef permDefAlpha = { + PermissionDefData permDefAlpha = { .permissionName = "ohos.permission.SHORT_TERM_WRITE_IMAGEVIDEO", - .bundleName = "accesstoken_test", - .grantMode = 1, + .grantMode = GrantMode::USER_GRANT, .availableLevel = APL_NORMAL, - .label = "label", .labelId = 1, - .description = "annoying", .descriptionId = 1 }; - PermissionDefinitionCache::GetInstance().Insert(permDefAlpha, 537719865); // 537719865 means a tokenId. + PermissionDefinitionCache::GetInstance().Insert(permDefAlpha); } void ShortGrantManagerTest::TearDown() diff --git a/services/common/database/test/unittest/database_test.cpp b/services/common/database/test/unittest/database_test.cpp index 99bd22516ba775a8a8818add18e54de9200cdfa5..52a38ba02273fe32292d5cfc50bb4b82b6e3fb3d 100644 --- a/services/common/database/test/unittest/database_test.cpp +++ b/services/common/database/test/unittest/database_test.cpp @@ -227,7 +227,7 @@ HWTEST_F(DatabaseTest, DataTranslatorTranslationIntoPermissionDef001, TestSize.L genericValues.Put(TokenFiledConst::FIELD_TOKEN_ID, TEST_TOKEN_ID); genericValues.Put(TokenFiledConst::FIELD_AVAILABLE_LEVEL, ATokenAplEnum::APL_INVALID); - PermissionDef outPermissionDef; + PermissionDefData outPermissionDef; ASSERT_NE(RET_SUCCESS, DataTranslator::TranslationIntoPermissionDef(genericValues, outPermissionDef)); LOGI(ATM_DOMAIN, ATM_TAG, "DataTranslatorTranslationIntoPermissionDefTest001 end"); } @@ -248,7 +248,7 @@ HWTEST_F(DatabaseTest, DataTranslatorTranslationIntoPermissionStatus001, TestSiz inGenericValues.Put(TokenFiledConst::FIELD_GRANT_IS_GENERAL, 1); inGenericValues.Put(TokenFiledConst::FIELD_PERMISSION_NAME, ""); - PermissionDef outPermissionDef; + PermissionDefData outPermissionDef; ASSERT_NE(RET_SUCCESS, DataTranslator::TranslationIntoPermissionStatus(inGenericValues, outPermissionState)); LOGI(ATM_DOMAIN, ATM_TAG, "DataTranslatorTranslationIntoPermissionStatus001 end"); } @@ -270,7 +270,7 @@ HWTEST_F(DatabaseTest, DataTranslatorTranslationIntoPermissionStatus002, TestSiz inGenericValues.Put(TokenFiledConst::FIELD_PERMISSION_NAME, "test_permission_name"); inGenericValues.Put(TokenFiledConst::FIELD_DEVICE_ID, ""); - PermissionDef outPermissionDef; + PermissionDefData outPermissionDef; ASSERT_NE(RET_SUCCESS, DataTranslator::TranslationIntoPermissionStatus(inGenericValues, outPermissionState)); LOGI(ATM_DOMAIN, ATM_TAG, "DataTranslatorTranslationIntoPermissionStatus002 end"); } @@ -293,7 +293,7 @@ HWTEST_F(DatabaseTest, DataTranslatorTranslationIntoPermissionStatus003, TestSiz inGenericValues.Put(TokenFiledConst::FIELD_DEVICE_ID, "test_device_id"); inGenericValues.Put(TokenFiledConst::FIELD_GRANT_STATE, 100); - PermissionDef outPermissionDef; + PermissionDefData outPermissionDef; ASSERT_NE(RET_SUCCESS, DataTranslator::TranslationIntoPermissionStatus(inGenericValues, outPermissionState)); LOGI(ATM_DOMAIN, ATM_TAG, "DataTranslatorTranslationIntoPermissionStatus003 end"); } @@ -317,7 +317,7 @@ HWTEST_F(DatabaseTest, DataTranslatorTranslationIntoPermissionStatus004, TestSiz inGenericValues.Put(TokenFiledConst::FIELD_GRANT_STATE, PermissionState::PERMISSION_GRANTED); inGenericValues.Put(TokenFiledConst::FIELD_GRANT_FLAG, 100); - PermissionDef outPermissionDef; + PermissionDefData outPermissionDef; ASSERT_NE(RET_SUCCESS, DataTranslator::TranslationIntoPermissionStatus(inGenericValues, outPermissionState)); LOGI(ATM_DOMAIN, ATM_TAG, "DataTranslatorTranslationIntoPermissionStatus004 end"); } diff --git a/services/common/json_parse/include/json_parse_loader.h b/services/common/json_parse/include/json_parse_loader.h index 9ea7ad619e404f094b23b4cfafbc65a7ce9066a1..8b4924d6f1eaa93692d820e450fa27a6f35b2fb5 100644 --- a/services/common/json_parse/include/json_parse_loader.h +++ b/services/common/json_parse/include/json_parse_loader.h @@ -60,7 +60,7 @@ enum ServiceType { }; struct PermissionDefParseRet { - PermissionDef permDef; + PermissionDefData permDef; bool isSuccessful = false; }; @@ -71,14 +71,14 @@ public: virtual bool GetConfigValue(const ServiceType& type, AccessTokenConfigValue& config); virtual int32_t GetAllNativeTokenInfo(std::vector& tokenInfos); virtual int32_t GetDlpPermissions(std::vector& dlpPerms); - virtual int32_t GetAllPermissionDef(std::vector& permDefList); + virtual int32_t GetAllPermissionDef(std::vector& permDefList); }; class ConfigPolicLoader final: public ConfigPolicyLoaderInterface { bool GetConfigValue(const ServiceType& type, AccessTokenConfigValue& config); int32_t GetAllNativeTokenInfo(std::vector& tokenInfos); int32_t GetDlpPermissions(std::vector& dlpPerms); - int32_t GetAllPermissionDef(std::vector& permDefList); + int32_t GetAllPermissionDef(std::vector& permDefList); private: #ifdef CUSTOMIZATION_CONFIG_POLICY_ENABLE void GetConfigFilePathList(std::vector& pathList); @@ -86,7 +86,7 @@ private: AccessTokenConfigValue& config); #endif // CUSTOMIZATION_CONFIG_POLICY_ENABLE bool ParserNativeRawData(const std::string& nativeRawData, std::vector& tokenInfos); - bool ParserPermDefRawData(const std::string& permsRawData, std::vector& permDefList); + bool ParserPermDefRawData(const std::string& permsRawData, std::vector& permDefList); bool ParserDlpPermsRawData(const std::string& dlpPermsRawData, std::vector& dlpPerms); int32_t ReadCfgFile(const std::string& file, std::string& rawData); bool IsDirExsit(const std::string& file); diff --git a/services/common/json_parse/src/json_parse_loader.cpp b/services/common/json_parse/src/json_parse_loader.cpp index 539182f811d45f142f916bcfe1d237f04a4cd29f..4f35f6bb2e24af5c345612773ab619ec932a9b41 100644 --- a/services/common/json_parse/src/json_parse_loader.cpp +++ b/services/common/json_parse/src/json_parse_loader.cpp @@ -78,8 +78,6 @@ static const char* PERMISSION_AVAILABLE_LEVEL = "availableLevel"; static const char* PERMISSION_AVAILABLE_TYPE = "availableType"; static const char* PERMISSION_PROVISION_ENABLE = "provisionEnable"; static const char* PERMISSION_DISTRIBUTED_SCENE_ENABLE = "distributedSceneEnable"; -static const char* PERMISSION_LABEL = "label"; -static const char* PERMISSION_DESCRIPTION = "description"; static const char* AVAILABLE_TYPE_NORMAL_HAP = "NORMAL"; static const char* AVAILABLE_TYPE_SYSTEM_HAP = "SYSTEM"; static const char* AVAILABLE_TYPE_MDM = "MDM"; @@ -189,7 +187,7 @@ bool GetAtCfgFromJson(const CJson* j, AccessTokenServiceConfig& a) return false; } - if (!GetStringFromJson(j, GRANT_SERVICE_ABILITY_NAME_KEY, a.grantAbilityName)) { + if (!GetStringFromJson(j, GRANT_SERVICE_ABILITY_NAME_KEY, a.grantServiceAbilityName)) { return false; } @@ -519,7 +517,7 @@ static bool GetPermissionAvailableType( return false; } -static int32_t GetPermissionGrantMode(const std::string &mode) +static GrantMode GetPermissionGrantMode(const std::string &mode) { if (mode == PERMISSION_GRANT_MODE_SYSTEM_GRANT) { return AccessToken::GrantMode::SYSTEM_GRANT; @@ -530,7 +528,7 @@ static int32_t GetPermissionGrantMode(const std::string &mode) static void FromJsonPermissionDefParseRet(const CJson *j, PermissionDefParseRet& result) { result.isSuccessful = false; - PermissionDef permDef; + PermissionDefData permDef; if (!GetStringFromJson(j, PERMISSION_NAME, permDef.permissionName) || !DataValidator::IsProcessNameValid(permDef.permissionName)) { return; @@ -563,24 +561,17 @@ static void FromJsonPermissionDefParseRet(const CJson *j, PermissionDefParseRet& if (!GetBoolFromJson(j, PERMISSION_DISTRIBUTED_SCENE_ENABLE, permDef.distributedSceneEnable)) { return; } - permDef.bundleName = "system_ability"; if (permDef.grantMode == AccessToken::GrantMode::SYSTEM_GRANT) { result.permDef = permDef; result.isSuccessful = true; return; } - if (!GetStringFromJson(j, PERMISSION_LABEL, permDef.label)) { - return; - } - if (!GetStringFromJson(j, PERMISSION_DESCRIPTION, permDef.description)) { - return; - } result.permDef = permDef; result.isSuccessful = true; return; } -static bool CheckPermissionDefRules(const PermissionDef& permDef) +static bool CheckPermissionDefRules(const PermissionDefData& permDef) { // Extension permission support permission for service only. if (permDef.availableType != AccessToken::ATokenAvailableTypeEnum::SERVICE) { @@ -591,7 +582,7 @@ static bool CheckPermissionDefRules(const PermissionDef& permDef) } static int32_t GetPermissionDefList(const CJsonUnique &json, const std::string& permsRawData, - const std::string& type, std::vector& permDefList) + const std::string& type, std::vector& permDefList) { cJSON *JsonData = GetArrayFromJson(json.get(), type); if (JsonData == nullptr) { @@ -616,7 +607,7 @@ static int32_t GetPermissionDefList(const CJsonUnique &json, const std::string& } bool ConfigPolicLoader::ParserPermDefRawData( - const std::string& permsRawData, std::vector& permDefList) + const std::string& permsRawData, std::vector& permDefList) { CJsonUnique jsonRes = CreateJsonFromString(permsRawData); if (jsonRes == nullptr) { @@ -638,7 +629,7 @@ bool ConfigPolicLoader::ParserPermDefRawData( return true; } -int32_t ConfigPolicLoader::GetAllPermissionDef(std::vector& permDefList) +int32_t ConfigPolicLoader::GetAllPermissionDef(std::vector& permDefList) { std::string permsRawData; int32_t ret = ReadCfgFile(DEFINE_PERMISSION_FILE, permsRawData); diff --git a/services/common/json_parse/unittest/json_parse_test.cpp b/services/common/json_parse/unittest/json_parse_test.cpp index 005172b82d479fc3f0b931afa57f123e17b3845f..536b8ac312eaab4d79820d99f7697dcd1d0ed0af 100644 --- a/services/common/json_parse/unittest/json_parse_test.cpp +++ b/services/common/json_parse/unittest/json_parse_test.cpp @@ -293,26 +293,24 @@ HWTEST_F(JsonParseTest, ParserPermsRawDataTest001, TestSize.Level1) R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false,)"\ R"("label":"$string:test_label_B","description":"$string:test_description_B"}]})"; ConfigPolicLoader loader; - std::vector permDefList; + std::vector permDefList; ASSERT_TRUE(loader.ParserPermsRawData(testStr, tokenInfos)); EXPECT_EQ(2, permDefList.size()); for (const auto& perm : permDefList) { GTEST_LOG_(INFO) << perm.permissionName.c_str(); - PermissionDefinitionCache::GetInstance().Insert(perm, EXTENSION_PERMISSION_ID); + PermissionDefinitionCache::GetInstance().Insert(perm); } EXPECT_TRUE(PermissionDefinitionCache::GetInstance().HasDefinition(SYSTEM_PERMISSION_A)); EXPECT_TRUE(PermissionDefinitionCache::GetInstance().HasDefinition(USER_PERMISSION_B)); - PermissionDef permissionDefResult; + PermissionDefData permissionDefResult; PermissionManager::GetInstance().GetDefPermission(SYSTEM_PERMISSION_A, permissionDefResult); EXPECT_EQ(SYSTEM_GRANT, permissionDefResult.grantMode); EXPECT_EQ(APL_SYSTEM_BASIC, permissionDefResult.availableLevel); EXPECT_EQ(SERVICE, permissionDefResult.availableType); EXPECT_EQ(true, permissionDefResult.provisionEnable); EXPECT_EQ(false, permissionDefResult.distributedSceneEnable); - EXPECT_EQ("", permissionDefResult.label); - EXPECT_EQ("", permissionDefResult.description); PermissionManager::GetInstance().GetDefPermission(USER_PERMISSION_B, permissionDefResult); EXPECT_EQ(USER_GRANT, permissionDefResult.grantMode); @@ -320,8 +318,6 @@ HWTEST_F(JsonParseTest, ParserPermsRawDataTest001, TestSize.Level1) EXPECT_EQ(SERVICE, permissionDefResult.availableType); EXPECT_EQ(true, permissionDefResult.provisionEnable); EXPECT_EQ(false, permissionDefResult.distributedSceneEnable); - EXPECT_EQ("$string:test_label_B", permissionDefResult.label); - EXPECT_EQ("$string:test_description_B", permissionDefResult.description); } /** @@ -336,7 +332,7 @@ HWTEST_F(JsonParseTest, ParserPermsRawDataTest002, TestSize.Level1) R"({"name":"ohos.permission.xxxxxxxxxxxxxxxxxxxxxxxxxx",)"\ R"("xxxxxxxxxxxxxxxxxxxxxxxxxx":"$string:test_description_B"}]})"; ConfigPolicLoader loader; - std::vector permDefList; + std::vector permDefList; ASSERT_FALSE(loader.ParserPermsRawData(testStr, tokenInfos)); } @@ -354,7 +350,7 @@ HWTEST_F(JsonParseTest, ParserPermsRawDataTest003, TestSize.Level1) R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}]})"; ConfigPolicLoader loader; - std::vector permDefList; + std::vector permDefList; ASSERT_FALSE(loader.ParserPermsRawData(permsRawData, permDefList)); permsRawData = R"({"userGrantPermissions":[)"\ @@ -378,7 +374,7 @@ HWTEST_F(JsonParseTest, ParserPermsRawDataTest004, TestSize.Level1) R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ R"("userGrantPermissions":[]})"; ConfigPolicLoader loader; - std::vector permDefList; + std::vector permDefList; ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); EXPECT_EQ(0, permDefList.size()); @@ -417,7 +413,7 @@ HWTEST_F(JsonParseTest, ParserPermsRawDataTest005, TestSize.Level1) R"("availableType":"SERVICE","distributedSceneEnable":false}],)"\ R"("userGrantPermissions":[]})"; ConfigPolicLoader loader; - std::vector permDefList; + std::vector permDefList; ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); EXPECT_EQ(0, permDefList.size()); @@ -451,7 +447,7 @@ HWTEST_F(JsonParseTest, ParserPermsRawDataTest006, TestSize.Level1) R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ R"("userGrantPermissions":[]})"; ConfigPolicLoader loader; - std::vector permDefList; + std::vector permDefList; ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); EXPECT_EQ(0, permDefList.size()); @@ -490,7 +486,7 @@ HWTEST_F(JsonParseTest, ParserPermsRawDataTest007, TestSize.Level1) R"("availableType":"SERVICE","provisionEnable":"true","distributedSceneEnable":false}],)"\ R"("userGrantPermissions":[]})"; ConfigPolicLoader loader; - std::vector permDefList; + std::vector permDefList; ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); EXPECT_EQ(0, permDefList.size()); @@ -531,7 +527,7 @@ HWTEST_F(JsonParseTest, ParserPermsRawDataTest008, TestSize.Level1) R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ R"("userGrantPermissions":[]})"; ConfigPolicLoader loader; - std::vector permDefList; + std::vector permDefList; ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); EXPECT_EQ(0, permDefList.size()); diff --git a/test/fuzztest/services/accesstoken/allochaptokenstub_fuzzer/allochaptokenstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/allochaptokenstub_fuzzer/allochaptokenstub_fuzzer.cpp index 15da22d9aecf7f7a433a461a56de1e9006523ed7..22b9049d1f286cdcd37236793e891b08986ae930 100644 --- a/test/fuzztest/services/accesstoken/allochaptokenstub_fuzzer/allochaptokenstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/allochaptokenstub_fuzzer/allochaptokenstub_fuzzer.cpp @@ -36,14 +36,11 @@ namespace OHOS { { std::string permissionName = fuzzData.GenerateStochasticString(); std::string bundleName = fuzzData.GenerateStochasticString(); - PermissionDef testPermDef = { + PermissionDefData testPermDef = { .permissionName = permissionName, - .bundleName = bundleName, - .grantMode = 1, + .grantMode = GrantMode::USER_GRANT, .availableLevel = APL_NORMAL, - .label = fuzzData.GenerateStochasticString(), .labelId = 1, - .description = fuzzData.GenerateStochasticString(), .descriptionId = 1}; PermissionStatus testState = { .permissionName = permissionName, diff --git a/test/fuzztest/services/accesstoken/inithaptokenstub_fuzzer/inithaptokenstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/inithaptokenstub_fuzzer/inithaptokenstub_fuzzer.cpp index 13fa49d2a6d74711f38502f802ef4fce46e935a8..656a7d1a4475623b1e27dec28a4d801bfe0f8082 100644 --- a/test/fuzztest/services/accesstoken/inithaptokenstub_fuzzer/inithaptokenstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/inithaptokenstub_fuzzer/inithaptokenstub_fuzzer.cpp @@ -36,14 +36,11 @@ namespace OHOS { { std::string permissionName = fuzzData.GenerateStochasticString(); std::string bundleName = fuzzData.GenerateStochasticString(); - PermissionDef testPermDef = { + PermissionDefData testPermDef = { .permissionName = permissionName, - .bundleName = bundleName, - .grantMode = 1, + .grantMode = GrantMode::USER_GRANT, .availableLevel = APL_NORMAL, - .label = fuzzData.GenerateStochasticString(), .labelId = 1, - .description = fuzzData.GenerateStochasticString(), .descriptionId = 1}; PermissionStatus testState = { .permissionName = permissionName, diff --git a/test/fuzztest/services/accesstoken/updatehaptokenstub_fuzzer/updatehaptokenstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/updatehaptokenstub_fuzzer/updatehaptokenstub_fuzzer.cpp index 939f5f390799ccbce13b60cb6b3fca280a81c7af..7e63d16d6cfd97d8a8a720f40c22280968690926 100644 --- a/test/fuzztest/services/accesstoken/updatehaptokenstub_fuzzer/updatehaptokenstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/updatehaptokenstub_fuzzer/updatehaptokenstub_fuzzer.cpp @@ -35,13 +35,10 @@ namespace OHOS { void ConstructorParam(AccessTokenFuzzData& fuzzData, HapPolicyParcel& hapPolicyParcel) { std::string permissionName(fuzzData.GenerateStochasticString()); - PermissionDef testPermDef = {.permissionName = permissionName, - .bundleName = fuzzData.GenerateStochasticString(), - .grantMode = 1, + PermissionDefData testPermDef = {.permissionName = permissionName, + .grantMode = GrantMode::USER_GRANT, .availableLevel = APL_NORMAL, - .label = fuzzData.GenerateStochasticString(), .labelId = 1, - .description = fuzzData.GenerateStochasticString(), .descriptionId = 1}; PermissionStatus testState = {.permissionName = permissionName, .grantStatus = PermissionState::PERMISSION_GRANTED,