From 7438550f311243a232e6d8e2738bb4cadf8e0038 Mon Sep 17 00:00:00 2001 From: zhouyan Date: Thu, 6 Mar 2025 17:44:07 +0800 Subject: [PATCH] =?UTF-8?q?=E6=9D=83=E9=99=90=E5=AE=9A=E4=B9=89=E5=BD=92?= =?UTF-8?q?=E4=B8=80=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: zhouyan Change-Id: I2a53442ad8f3d235de845b0802d584f077bbb7b6 --- frameworks/common/BUILD.gn | 17 +- frameworks/common/include/permission_map.h | 24 +- .../common/permission_definition_parser.py | 164 ++++ frameworks/common/src/permission_map.cpp | 759 +++--------------- frameworks/test/unittest/common_test.cpp | 2 +- .../accesstoken/src/accesstoken_kit.cpp | 23 +- .../HapTokenTest/delete_token_test.cpp | 12 +- .../PermissionsTest/get_permission_test.cpp | 67 +- .../src/accesstoken_kit_extension_test.cpp | 2 +- .../unittest/src/accesstoken_kit_test.cpp | 372 ++------- .../src/app_installation_optimized_test.cpp | 8 +- .../test/unittest/src/privacy_kit_test.cpp | 50 +- services/accesstokenmanager/BUILD.gn | 1 - .../permission/permission_definition_cache.h | 87 -- .../include/permission/permission_manager.h | 4 - .../include/token/accesstoken_info_manager.h | 3 +- .../src/permission/permission_data_brief.cpp | 5 +- .../permission_definition_cache.cpp | 220 ----- .../cpp/src/permission/permission_manager.cpp | 132 ++- .../src/permission/permission_validator.cpp | 4 +- .../service/accesstoken_manager_service.cpp | 42 +- .../src/token/accesstoken_info_manager.cpp | 187 +++-- .../cpp/src/token/hap_token_info_inner.cpp | 1 - .../permission_definitions.json | 2 +- .../accesstokenmanager/test/coverage/BUILD.gn | 1 - .../permission_manager_coverage_test.cpp | 1 - .../accesstokenmanager/test/mock/BUILD.gn | 1 - .../accesstokenmanager/test/unittest/BUILD.gn | 1 - .../accesstoken_info_manager_test.cpp | 117 --- .../unittest/native_token_receptor_test.cpp | 18 - .../test/unittest/permission_manager_test.cpp | 63 -- .../unittest/short_grant_manager_test.cpp | 13 - .../json_parse/include/json_parse_loader.h | 3 - .../json_parse/src/json_parse_loader.cpp | 215 ----- .../json_parse/unittest/json_parse_test.cpp | 320 -------- .../permission_record_manager_test.cpp | 4 +- .../accesstoken/access_token_service_fuzz.gni | 1 - 37 files changed, 642 insertions(+), 2304 deletions(-) create mode 100755 frameworks/common/permission_definition_parser.py delete mode 100644 services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h delete mode 100644 services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp diff --git a/frameworks/common/BUILD.gn b/frameworks/common/BUILD.gn index 84a20c2c2..ff42eaf9f 100644 --- a/frameworks/common/BUILD.gn +++ b/frameworks/common/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021-2023 Huawei Device Co., Ltd. +# Copyright (c) 2021-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -19,6 +19,18 @@ config("accesstoken_common_cxx_public_config") { include_dirs = [ "include" ] } +action("permission_definition_parse") { + script = "permission_definition_parser.py" + args = [ + "--input-json", + rebase_path(access_token_path) + + "/services/accesstokenmanager/permission_definitions.json", + "--output-path", + rebase_path(target_out_dir) + "/permission_map_constant.h", + ] + outputs = [ "$target_out_dir" ] +} + ohos_shared_library("accesstoken_common_cxx") { subsystem_name = "security" innerapi_tags = [ @@ -39,6 +51,7 @@ ohos_shared_library("accesstoken_common_cxx") { "${access_token_path}/interfaces/innerkits/accesstoken/include", "${access_token_path}/interfaces/innerkits/privacy/include", "include", + rebase_path(target_out_dir), ] sources = [ @@ -48,6 +61,8 @@ ohos_shared_library("accesstoken_common_cxx") { "src/time_util.cpp", ] + deps = [ ":permission_definition_parse" ] + external_deps = [ "c_utils:utils", "hilog:libhilog", diff --git a/frameworks/common/include/permission_map.h b/frameworks/common/include/permission_map.h index 6f3754637..a359c7192 100644 --- a/frameworks/common/include/permission_map.h +++ b/frameworks/common/include/permission_map.h @@ -18,13 +18,35 @@ #include #include +#include + +#include "access_token.h" +#include "permission_def.h" namespace OHOS { namespace Security { namespace AccessToken { +struct PermissionBriefDef { + char *permissionName; + GrantMode grantMode; + ATokenAplEnum availableLevel; + ATokenAvailableTypeEnum availableType; + bool provisionEnable; + bool distributedSceneEnable; + bool isKernelEffect; + bool hasValue; +}; + bool TransferPermissionToOpcode(const std::string& permissionName, uint32_t& opCode); bool TransferOpcodeToPermission(uint32_t opCode, std::string& permissionName); -bool IsUserGrantPermission(const std::string& permission); +bool IsUserGrantPermission(const std::string& permissionName); +bool IsDefinedPermission(const std::string& permissionName); +bool GetPermissionBriefDef(const std::string& permissionName, PermissionBriefDef& briefDef); +void ConvertPermissionBriefToDef(const PermissionBriefDef& briefDef, PermissionDef &def); +bool IsPermissionValidForHap(const std::string& permissionName); +bool IsKernelPermission(const std::string& permissionName); +bool IsPermissionHasValue(const std::string& permissionName); +size_t GetDefPermissionsSize(); } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/frameworks/common/permission_definition_parser.py b/frameworks/common/permission_definition_parser.py new file mode 100755 index 000000000..bb13ec2a0 --- /dev/null +++ b/frameworks/common/permission_definition_parser.py @@ -0,0 +1,164 @@ +#!/usr/bin/env python +# coding: utf-8 + +""" +Copyright (c) 2025 Huawei Device Co., Ltd. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +""" + +import json, argparse, os + +PERMISSION_DEFINITION_PREFIX = ''' +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PERMISSION_DEFINITION_PARSER_H +#define PERMISSION_DEFINITION_PARSER_H + +#include "permission_map.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +''' + +PERMISSION_DEFINITION_SUFFIX = ''' +}; + +const uint32_t MAX_PERM_SIZE = sizeof(g_permList) / sizeof(PermissionBriefDef); +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // PERMISSION_DEFINITION_PARSER_H +''' + +PERMISSION_NAME_STRING = "char PERMISSION_NAME_%i[] = \"%s\";\n" + +PERMISSION_LIST_DECLEARE = "const static PermissionBriefDef g_permList[] = {" + +PERMISSION_BRIEF_DEFINE_PATTERN = ''' +{ + .permissionName = PERMISSION_NAME_%i, + .grantMode = %s, + .availableLevel = %s, + .availableType = %s, + .provisionEnable = %s, + .distributedSceneEnable = %s, + .isKernelEffect = %s, + .hasValue = %s +},''' + +JSON_VALUE_CONVERT_TO_CPP_DICT = { + "user_grant": "USER_GRANT", + "system_grant": "SYSTEM_GRANT", + "normal": "APL_NORMAL", + "system_basic": "APL_SYSTEM_BASIC", + "system_core": "APL_SYSTEM_CORE", +} + +class PermissionDef(object): + def __init__(self, permission_def_dict, code): + self.name = permission_def_dict["name"] + self.grant_mode = JSON_VALUE_CONVERT_TO_CPP_DICT[ + permission_def_dict["grantMode"]] + + self.available_level = JSON_VALUE_CONVERT_TO_CPP_DICT[ + permission_def_dict["availableLevel"] + ] + self.available_type = permission_def_dict["availableType"] + + if "provisionEnable" in permission_def_dict and permission_def_dict["provisionEnable"]: + self.provision_enable = "true" + else: + self.provision_enable = "false" + + if "distributedSceneEnable" in permission_def_dict and permission_def_dict["distributedSceneEnable"]: + self.distributed_scene_enable = "true" + else: + self.distributed_scene_enable = "false" + + if "isKernelEffect" in permission_def_dict and permission_def_dict["isKernelEffect"]: + self.is_kernel_effect = "true" + else: + self.is_kernel_effect = "false" + + if "hasValue" in permission_def_dict and permission_def_dict["hasValue"]: + self.has_value = "true" + else: + self.has_value = "false" + + self.code = code + + def dump_permission_name(self): + return PERMISSION_NAME_STRING % ( + self.code, self.name + ) + + def dump_struct(self): + entry = PERMISSION_BRIEF_DEFINE_PATTERN % ( + self.code, self.grant_mode, self.available_level, + self.available_type, self.provision_enable, self.distributed_scene_enable, + self.is_kernel_effect, self.has_value + ) + return entry + +def parse_json(path): + permission_list = [] + with open(path, "r", encoding = "utf-8") as f: + data = json.load(f) + index = 0 + for perm in data["systemGrantPermissions"]: + permission_list.append(PermissionDef(perm, index)) + index += 1 + + for perm in data["userGrantPermissions"]: + permission_list.append(PermissionDef(perm, index)) + index += 1 + return permission_list + + +def convert_to_cpp(path, permission_list): + with open(path, "w") as f: + f.write(PERMISSION_DEFINITION_PREFIX) + for perm in permission_list: + f.write(perm.dump_permission_name()) + f.write(PERMISSION_LIST_DECLEARE) + for perm in permission_list: + f.write(perm.dump_struct()) + f.write(PERMISSION_DEFINITION_SUFFIX) + + +def parse_args(): + parser = argparse.ArgumentParser() + parser.add_argument('--output-path', help='the output cpp path', required=True) + parser.add_argument('--input-json', help='json file for permission difinition', required=True) + return parser.parse_args() + + +if __name__ == "__main__": + input_args = parse_args() + permission_list = parse_json(input_args.input_json) + convert_to_cpp(input_args.output_path, permission_list) diff --git a/frameworks/common/src/permission_map.cpp b/frameworks/common/src/permission_map.cpp index 5ee7fa4f4..8771a364e 100644 --- a/frameworks/common/src/permission_map.cpp +++ b/frameworks/common/src/permission_map.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023-2024 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -13,665 +13,148 @@ * limitations under the License. */ #include "permission_map.h" +#include "permission_map_constant.h" #include +#include #include #include namespace OHOS { namespace Security { namespace AccessToken { -const static uint32_t MAX_PERM_SIZE = 2048; -/* -Permission code must be a number between 0 and OP_MAX. -The number must be added sequentially. -*/ -const static std::vector> g_permMap = { - /* first: permission name, second: true-user_grant/false-system_grant */ - {"ohos.permission.ANSWER_CALL", true}, - {"ohos.permission.READ_CALENDAR", true}, - {"ohos.permission.READ_CALL_LOG", true}, - {"ohos.permission.READ_CELL_MESSAGES", true}, - {"ohos.permission.READ_CONTACTS", true}, - {"ohos.permission.READ_MESSAGES", true}, - {"ohos.permission.RECEIVE_MMS", true}, - {"ohos.permission.RECEIVE_SMS", true}, - {"ohos.permission.RECEIVE_WAP_MESSAGES", true}, - {"ohos.permission.MICROPHONE", true}, - {"ohos.permission.SEND_MESSAGES", true}, - {"ohos.permission.WRITE_CALENDAR", true}, - {"ohos.permission.WRITE_CALL_LOG", true}, - {"ohos.permission.WRITE_CONTACTS", true}, - {"ohos.permission.DISTRIBUTED_DATASYNC", true}, - {"ohos.permission.MANAGE_VOICEMAIL", true}, - {"ohos.permission.LOCATION_IN_BACKGROUND", true}, - {"ohos.permission.LOCATION", true}, - {"ohos.permission.APPROXIMATELY_LOCATION", true}, - {"ohos.permission.MEDIA_LOCATION", true}, - {"ohos.permission.CAMERA", true}, - {"ohos.permission.READ_MEDIA", true}, - {"ohos.permission.WRITE_MEDIA", true}, - {"ohos.permission.ACTIVITY_MOTION", true}, - {"ohos.permission.READ_HEALTH_DATA", true}, - {"ohos.permission.READ_IMAGEVIDEO", true}, - {"ohos.permission.READ_AUDIO", true}, - {"ohos.permission.READ_DOCUMENT", true}, - {"ohos.permission.WRITE_IMAGEVIDEO", true}, - {"ohos.permission.WRITE_AUDIO", true}, - {"ohos.permission.WRITE_DOCUMENT", true}, - {"ohos.permission.READ_WHOLE_CALENDAR", true}, - {"ohos.permission.WRITE_WHOLE_CALENDAR", true}, - {"ohos.permission.APP_TRACKING_CONSENT", true}, - {"ohos.permission.GET_INSTALLED_BUNDLE_LIST", true}, - {"ohos.permission.ACCESS_BLUETOOTH", true}, - {"ohos.permission.READ_PASTEBOARD", true}, - {"ohos.permission.READ_WRITE_DOWNLOAD_DIRECTORY", true}, - {"ohos.permission.READ_WRITE_DOCUMENTS_DIRECTORY", true}, - {"ohos.permission.READ_WRITE_DESKTOP_DIRECTORY", true}, - {"ohos.permission.SHORT_TERM_WRITE_IMAGEVIDEO", true}, - {"ohos.permission.ACCESS_NEARLINK", true}, - {"ohos.permission.CUSTOM_SCREEN_CAPTURE", true}, - {"ohos.permission.USE_BLUETOOTH", false}, - {"ohos.permission.DISCOVER_BLUETOOTH", false}, - {"ohos.permission.MANAGE_BLUETOOTH", false}, - {"ohos.permission.GET_BLUETOOTH_LOCAL_MAC", false}, - {"ohos.permission.GET_BLUETOOTH_PEERS_MAC", false}, - {"ohos.permission.INTERNET", false}, - {"ohos.permission.GET_APP_DOMAIN_BUNDLE_INFO", false}, - {"ohos.permission.MODIFY_AUDIO_SETTINGS", false}, - {"ohos.permission.ACCESS_NOTIFICATION_POLICY", false}, - {"ohos.permission.GET_TELEPHONY_STATE", false}, - {"ohos.permission.GET_PHONE_NUMBERS", false}, - {"ohos.permission.DISTRIBUTED_SOFTBUS_CENTER", false}, - {"ohos.permission.REQUIRE_FORM", false}, - {"ohos.permission.START_DESKTOP_UI_COMPONENT", false}, - {"ohos.permission.AGENT_REQUIRE_FORM", false}, - {"ohos.permission.GET_NETWORK_INFO", false}, - {"ohos.permission.PLACE_CALL", false}, - {"ohos.permission.SET_NETWORK_INFO", false}, - {"ohos.permission.REMOVE_CACHE_FILES", false}, - {"ohos.permission.REBOOT", false}, - {"ohos.permission.RUNNING_LOCK", false}, - {"ohos.permission.SET_TIME", false}, - {"ohos.permission.SET_TIME_ZONE", false}, - {"ohos.permission.DOWNLOAD_SESSION_MANAGER", false}, - {"ohos.permission.COMMONEVENT_STICKY", false}, - {"ohos.permission.SYSTEM_FLOAT_WINDOW", false}, - {"ohos.permission.PRIVACY_WINDOW", false}, - {"ohos.permission.POWER_MANAGER", false}, - {"ohos.permission.REFRESH_USER_ACTION", false}, - {"ohos.permission.POWER_OPTIMIZATION", false}, - {"ohos.permission.REBOOT_RECOVERY", false}, - {"ohos.permission.MANAGE_LOCAL_ACCOUNTS", false}, - {"ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS", false}, - {"ohos.permission.VIBRATE", false}, - {"ohos.permission.SYSTEM_LIGHT_CONTROL", false}, - {"ohos.permission.CONNECT_IME_ABILITY", false}, - {"ohos.permission.CONNECT_SCREEN_SAVER_ABILITY", false}, - {"ohos.permission.READ_SCREEN_SAVER", false}, - {"ohos.permission.WRITE_SCREEN_SAVER", false}, - {"ohos.permission.SET_WALLPAPER", false}, - {"ohos.permission.GET_WALLPAPER", false}, - {"ohos.permission.CHANGE_ABILITY_ENABLED_STATE", false}, - {"ohos.permission.ACCESS_MISSIONS", false}, - {"ohos.permission.CLEAN_BACKGROUND_PROCESSES", false}, - {"ohos.permission.KEEP_BACKGROUND_RUNNING", false}, - {"ohos.permission.UPDATE_CONFIGURATION", false}, - {"ohos.permission.UPDATE_SYSTEM", false}, - {"ohos.permission.FACTORY_RESET", false}, - {"ohos.permission.ASSIST_DEVICE_UPDATE", false}, - {"ohos.permission.PLUGIN_UPDATE", false}, - {"ohos.permission.RECEIVE_UPDATE_MESSAGE", false}, - {"ohos.permission.UPDATE_MIGRATE", false}, - {"ohos.permission.GRANT_SENSITIVE_PERMISSIONS", false}, - {"ohos.permission.REVOKE_SENSITIVE_PERMISSIONS", false}, - {"ohos.permission.GET_SENSITIVE_PERMISSIONS", false}, - {"ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS_EXTENSION", false}, - {"ohos.permission.LISTEN_BUNDLE_CHANGE", false}, - {"ohos.permission.GET_BUNDLE_INFO", false}, - {"ohos.permission.ACCELEROMETER", false}, - {"ohos.permission.GYROSCOPE", false}, - {"ohos.permission.GET_BUNDLE_INFO_PRIVILEGED", false}, - {"ohos.permission.INSTALL_BUNDLE", false}, - {"ohos.permission.MANAGE_SHORTCUTS", false}, - {"ohos.permission.radio.ACCESS_FM_AM", false}, - {"ohos.permission.SET_TELEPHONY_STATE", false}, - {"ohos.permission.ACCESS_BOOSTER_SERVICE", false}, - {"ohos.permission.START_ABILIIES_FROM_BACKGROUND", false}, - {"ohos.permission.START_ABILITIES_FROM_BACKGROUND", false}, - {"ohos.permission.BUNDLE_ACTIVE_INFO", false}, - {"ohos.permission.START_INVISIBLE_ABILITY", false}, - {"ohos.permission.sec.ACCESS_UDID", false}, - {"ohos.permission.LAUNCH_DATA_PRIVACY_CENTER", false}, - {"ohos.permission.MANAGE_MEDIA_RESOURCES", false}, - {"ohos.permission.PUBLISH_AGENT_REMINDER", false}, - {"ohos.permission.CONTROL_TASK_SYNC_ANIMATOR", false}, - {"ohos.permission.INPUT_MONITORING", false}, - {"ohos.permission.MANAGE_MISSIONS", false}, - {"ohos.permission.NOTIFICATION_CONTROLLER", false}, - {"ohos.permission.CONNECTIVITY_INTERNAL", false}, - {"ohos.permission.MANAGE_NET_STRATEGY", false}, - {"ohos.permission.GET_NETWORK_STATS", false}, - {"ohos.permission.MANAGE_VPN", false}, - {"ohos.permission.SET_ABILITY_CONTROLLER", false}, - {"ohos.permission.USE_USER_IDM", false}, - {"ohos.permission.MANAGE_USER_IDM", false}, - {"ohos.permission.NETSYS_INTERNAL", false}, - {"ohos.permission.ACCESS_BIOMETRIC", false}, - {"ohos.permission.ACCESS_USER_AUTH_INTERNAL", false}, - {"ohos.permission.MANAGE_FINGERPRINT_AUTH", false}, - {"ohos.permission.ACCESS_PIN_AUTH", false}, - {"ohos.permission.ACCESS_AUTH_RESPOOL", false}, - {"ohos.permission.ENFORCE_USER_IDM", false}, - {"ohos.permission.GET_RUNNING_INFO", false}, - {"ohos.permission.CLEAN_APPLICATION_DATA", false}, - {"ohos.permission.RUNNING_STATE_OBSERVER", false}, - {"ohos.permission.CAPTURE_SCREEN", false}, - {"ohos.permission.GET_WIFI_INFO", false}, - {"ohos.permission.GET_WIFI_INFO_INTERNAL", false}, - {"ohos.permission.SET_WIFI_INFO", false}, - {"ohos.permission.GET_WIFI_PEERS_MAC", false}, - {"ohos.permission.GET_WIFI_LOCAL_MAC", false}, - {"ohos.permission.GET_WIFI_CONFIG", false}, - {"ohos.permission.SET_WIFI_CONFIG", false}, - {"ohos.permission.MANAGE_ENTERPRISE_WIFI_CONNECTION", false}, - {"ohos.permission.MANAGE_WIFI_CONNECTION", false}, - {"ohos.permission.DUMP", false}, - {"ohos.permission.MANAGE_WIFI_HOTSPOT", false}, - {"ohos.permission.GET_ALL_APP_ACCOUNTS", false}, - {"ohos.permission.MANAGE_SECURE_SETTINGS", false}, - {"ohos.permission.READ_DFX_SYSEVENT", false}, - {"ohos.permission.READ_HIVIEW_SYSTEM", false}, - {"ohos.permission.READ_DFX_XPOWER", false}, - {"ohos.permission.WRITE_HIVIEW_SYSTEM", false}, - {"ohos.permission.SUBSCRIBE_SWING_ABILITY", false}, - {"ohos.permission.MANAGER_SWING_MOTION", false}, - {"ohos.permission.MANAGE_ENTERPRISE_DEVICE_ADMIN", false}, - {"ohos.permission.SET_ENTERPRISE_INFO", false}, - {"ohos.permission.ACCESS_BUNDLE_DIR", false}, - {"ohos.permission.ENTERPRISE_SUBSCRIBE_MANAGED_EVENT", false}, - {"ohos.permission.ENTERPRISE_SET_DATETIME", false}, - {"ohos.permission.ENTERPRISE_GET_DEVICE_INFO", false}, - {"ohos.permission.ENTERPRISE_RESET_DEVICE", false}, - {"ohos.permission.ENTERPRISE_SET_WIFI", false}, - {"ohos.permission.ENTERPRISE_GET_NETWORK_INFO", false}, - {"ohos.permission.ENTERPRISE_SET_ACCOUNT_POLICY", false}, - {"ohos.permission.ENTERPRISE_SET_BUNDLE_INSTALL_POLICY", false}, - {"ohos.permission.ENTERPRISE_SET_NETWORK", false}, - {"ohos.permission.ENTERPRISE_MANAGE_SET_APP_RUNNING_POLICY", false}, - {"ohos.permission.ENTERPRISE_SET_SCREENOFF_TIME", false}, - {"ohos.permission.ENTERPRISE_MANAGE_SECURITY", false}, - {"ohos.permission.ENTERPRISE_MANAGE_BLUETOOTH", false}, - {"ohos.permission.ENTERPRISE_MANAGE_WIFI", false}, - {"ohos.permission.ENTERPRISE_MANAGE_RESTRICTIONS", false}, - {"ohos.permission.ENTERPRISE_MANAGE_APPLICATION", false}, - {"ohos.permission.ENTERPRISE_MANAGE_LOCATION", false}, - {"ohos.permission.ENTERPRISE_REBOOT", false}, - {"ohos.permission.ENTERPRISE_LOCK_DEVICE", false}, - {"ohos.permission.ENTERPRISE_GET_SETTINGS", false}, - {"ohos.permission.ENTERPRISE_MANAGE_SETTINGS", false}, - {"ohos.permission.ENTERPRISE_INSTALL_BUNDLE", false}, - {"ohos.permission.ENTERPRISE_MANAGE_CERTIFICATE", false}, - {"ohos.permission.ENTERPRISE_MANAGE_SYSTEM", false}, - {"ohos.permission.ENTERPRISE_RESTRICT_POLICY", false}, - {"ohos.permission.ENTERPRISE_MANAGE_USB", false}, - {"ohos.permission.ENTERPRISE_MANAGE_NETWORK", false}, - {"ohos.permission.ENTERPRISE_SET_BROWSER_POLICY", false}, - {"ohos.permission.ENTERPRISE_OPERATE_DEVICE", false}, - {"ohos.permission.ENTERPRISE_ADMIN_MANAGE", false}, - {"ohos.permission.ENTERPRISE_CONFIG", false}, - {"ohos.permission.ENTERPRISE_MANAGE_DELEGATED_POLICY", false}, - {"ohos.permission.PUBLISH_ENTERPRISE_POLICY_EVENT", false}, - {"ohos.permission.RECEIVE_ENTERPRISE_POLICY_EVENT", false}, - {"ohos.permission.PERSONAL_MANAGE_RESTRICTIONS", false}, - {"ohos.permission.START_PROVISIONING_MESSAGE", false}, - {"ohos.permission.NFC_TAG", false}, - {"ohos.permission.NFC_CARD_EMULATION", false}, - {"ohos.permission.MANAGE_UWB", false}, - {"ohos.permission.USE_UWB_RANGING", false}, - {"ohos.permission.PERMISSION_USED_STATS", false}, - {"ohos.permission.PERMISSION_RECORD_TOGGLE", false}, - {"ohos.permission.NOTIFICATION_AGENT_CONTROLLER", false}, - {"ohos.permission.MOUNT_UNMOUNT_MANAGER", false}, - {"ohos.permission.MOUNT_FORMAT_MANAGER", false}, - {"ohos.permission.STORAGE_MANAGER", false}, - {"ohos.permission.BACKUP", false}, - {"ohos.permission.CLOUDFILE_SYNC_MANAGER", false}, - {"ohos.permission.CLOUDFILE_SYNC", false}, - {"ohos.permission.FILE_ACCESS_MANAGER", false}, - {"ohos.permission.GET_DEFAULT_APPLICATION", false}, - {"ohos.permission.SET_DEFAULT_APPLICATION", false}, - {"ohos.permission.ACCESS_IDS", false}, - {"ohos.permission.MANAGE_DISPOSED_APP_STATUS", false}, - {"ohos.permission.GET_DISPOSED_APP_STATUS", false}, - {"ohos.permission.ACCESS_DLP_FILE", false}, - {"ohos.permission.PROVISIONING_MESSAGE", false}, - {"ohos.permission.ACCESS_SYSTEM_SETTINGS", false}, - {"ohos.permission.ABILITY_BACKGROUND_COMMUNICATION", false}, - {"ohos.permission.securityguard.REPORT_SECURITY_INFO", false}, - {"ohos.permission.securityguard.REQUEST_SECURITY_MODEL_RESULT", false}, - {"ohos.permission.securityguard.REQUEST_SECURITY_EVENT_INFO", false}, - {"ohos.permission.ACCESS_CERT_MANAGER_INTERNAL", false}, - {"ohos.permission.ACCESS_CERT_MANAGER", false}, - {"ohos.permission.GET_LOCAL_ACCOUNTS", false}, - {"ohos.permission.MANAGE_DISTRIBUTED_ACCOUNTS", false}, - {"ohos.permission.GET_DISTRIBUTED_ACCOUNTS", false}, - {"ohos.permission.READ_ACCESSIBILITY_CONFIG", false}, - {"ohos.permission.WRITE_ACCESSIBILITY_CONFIG", false}, - {"ohos.permission.ACCESS_PUSH_SERVICE", false}, - {"ohos.permission.READ_APP_PUSH_DATA", false}, - {"ohos.permission.WRITE_APP_PUSH_DATA", false}, - {"ohos.permission.MANAGE_AUDIO_CONFIG", false}, - {"ohos.permission.MANAGE_CAMERA_CONFIG", false}, - {"ohos.permission.CAMERA_CONTROL", false}, - {"ohos.permission.RECEIVER_STARTUP_COMPLETED", false}, - {"ohos.permission.ACCESS_SERVICE_DM", false}, - {"ohos.permission.RUN_ANY_CODE", false}, - {"ohos.permission.PUBLISH_SYSTEM_COMMON_EVENT", false}, - {"ohos.permission.ACCESS_SCREEN_LOCK_INNER", false}, - {"ohos.permission.PRINT", false}, - {"ohos.permission.MANAGE_PRINT_JOB", false}, - {"ohos.permission.CHANGE_OVERLAY_ENABLED_STATE", false}, - {"ohos.permission.CONNECT_CELLULAR_CALL_SERVICE", false}, - {"ohos.permission.CONNECT_IMS_SERVICE", false}, - {"ohos.permission.ACCESS_SENSING_WITH_ULTRASOUND", false}, - {"ohos.permission.PROXY_AUTHORIZATION_URI", false}, - {"ohos.permission.INSTALL_ENTERPRISE_BUNDLE", false}, - {"ohos.permission.ACCESS_CAST_ENGINE_MIRROR", false}, - {"ohos.permission.ACCESS_CAST_ENGINE_STREAM", false}, - {"ohos.permission.CLOUDDATA_CONFIG", false}, - {"ohos.permission.DEVICE_STANDBY_EXEMPTION", false}, - {"ohos.permission.PERCEIVE_SMART_POWER_SCENARIO", false}, - {"ohos.permission.RESTRICT_APPLICATION_ACTIVE", false}, - {"ohos.permission.MANAGE_SENSOR", false}, - {"ohos.permission.UPLOAD_SESSION_MANAGER", false}, - {"ohos.permission.PREPARE_APP_TERMINATE", false}, - {"ohos.permission.MANAGE_ECOLOGICAL_RULE", false}, - {"ohos.permission.GET_SCENE_CODE", false}, - {"ohos.permission.FILE_GUARD_MANAGER", false}, - {"ohos.permission.SET_FILE_GUARD_POLICY", false}, - {"ohos.permission.ENTERPRISE_RECOVERY_KEY", false}, - {"ohos.permission.MANAGE_RECOVERY_KEY", false}, - {"ohos.permission.UTILIZE_RECOVERY_KEY", false}, - {"ohos.permission.GET_RECOVERY_KEY_BRIEF_INFORMATION", false}, - {"ohos.permission.securityguard.SET_MODEL_STATE", false}, - {"ohos.permission.hsdr.HSDR_ACCESS", false}, - {"ohos.permission.SUPPORT_USER_AUTH", false}, - {"ohos.permission.CAPTURE_VOICE_DOWNLINK_AUDIO", false}, - {"ohos.permission.MANAGE_INTELLIGENT_VOICE", false}, - {"ohos.permission.INSTALL_ENTERPRISE_MDM_BUNDLE", false}, - {"ohos.permission.INSTALL_ENTERPRISE_NORMAL_BUNDLE", false}, - {"ohos.permission.INSTALL_SELF_BUNDLE", false}, - {"ohos.permission.OBSERVE_FORM_RUNNING", false}, - {"ohos.permission.MANAGE_DEVICE_AUTH_CRED", false}, - {"ohos.permission.UNINSTALL_BUNDLE", false}, - {"ohos.permission.RECOVER_BUNDLE", false}, - {"ohos.permission.GET_DOMAIN_ACCOUNTS", false}, - {"ohos.permission.SET_UNREMOVABLE_NOTIFICATION", false}, - {"ohos.permission.QUERY_ACCESSIBILITY_ELEMENT", false}, - {"ohos.permission.ACTIVATE_THEME_PACKAGE", false}, - {"ohos.permission.ATTEST_KEY", false}, - {"ohos.permission.WAKEUP_VOICE", false}, - {"ohos.permission.WAKEUP_VISION", false}, - {"ohos.permission.ENABLE_DISTRIBUTED_HARDWARE", false}, - {"ohos.permission.ACCESS_DISTRIBUTED_HARDWARE", false}, - {"ohos.permission.INSTANTSHARE_SWITCH_CONTROL", false}, - {"ohos.permission.ACCESS_INSTANTSHARE_SERVICE", false}, - {"ohos.permission.ACCESS_INSTANTSHARE_PRIVATE_ABILITY", false}, - {"ohos.permission.SECURE_PASTE", false}, - {"ohos.permission.ACCESS_MCP_AUTHORIZATION", false}, - {"ohos.permission.GET_BUNDLE_RESOURCES", false}, - {"ohos.permission.SET_CODE_PROTECT_INFO", false}, - {"ohos.permission.SET_ADVANCED_SECURITY_MODE", false}, - {"ohos.permission.SET_DEVELOPER_MODE", false}, - {"ohos.permission.RUN_DYN_CODE", false}, - {"ohos.permission.COOPERATE_MANAGER", false}, - {"ohos.permission.PERCEIVE_TRAIL", false}, - {"ohos.permission.DISABLE_PERMISSION_DIALOG", false}, - {"ohos.permission.EXECUTE_INSIGHT_INTENT", false}, - {"ohos.permission.PRELOAD_UI_EXTENSION_ABILITY", false}, - {"ohos.permission.MANAGE_ACTIVATION_LOCK", false}, - {"ohos.permission.VERIFY_ACTIVATION_LOCK", false}, - {"ohos.permission.MANAGE_PRIVATE_PHOTOS", false}, - {"ohos.permission.ACCESS_OUC", false}, - {"ohos.permission.TRUSTED_RING_HASH_DATA_PERMISSION", false}, - {"ohos.permission.QUERY_TRUSTED_RING_USER_INFO", false}, - {"ohos.permission.MANAGE_TRUSTED_RING", false}, - {"ohos.permission.USE_TRUSTED_RING", false}, - {"ohos.permission.INPUT_CONTROL_DISPATCHING", false}, - {"ohos.permission.INTERCEPT_INPUT_EVENT", false}, - {"ohos.permission.LAUNCH_SPAMSHIELD_PAGE", false}, - {"ohos.permission.ACCESS_SPAMSHIELD_SERVICE", false}, - {"ohos.permission.ACCESS_SECURITY_PRIVACY_CENTER", false}, - {"ohos.permission.GET_SECURITY_PRIVACY_ADVICE", false}, - {"ohos.permission.SET_SECURITY_PRIVACY_ADVICE", false}, - {"ohos.permission.USE_SECURITY_PRIVACY_MESSAGER", false}, - {"ohos.permission.GET_PRIVACY_INDICATOR", false}, - {"ohos.permission.SET_PRIVACY_INDICATOR", false}, - {"ohos.permission.EXEMPT_PRIVACY_INDICATOR", false}, - {"ohos.permission.EXEMPT_CAMERA_PRIVACY_INDICATOR", false}, - {"ohos.permission.EXEMPT_MICROPHONE_PRIVACY_INDICATOR", false}, - {"ohos.permission.EXEMPT_LOCATION_PRIVACY_INDICATOR", false}, - {"ohos.permission.EXEMPT_PRIVACY_SECURITY_CENTER", false}, - {"ohos.permission.ACCESS_LEARN_MORE_DIALOG", false}, - {"ohos.permission.WRITE_PROTECTION_ADVICE_POLICY", false}, - {"ohos.permission.READ_PROTECTION_ADVICE_POLICY", false}, - {"ohos.permission.USE_FRAUD_MESSAGES_PICKER", false}, - {"ohos.permission.USE_FRAUD_CALL_LOG_PICKER", false}, - {"ohos.permission.USE_FRAUD_APP_PICKER", false}, - {"ohos.permission.PROXY_MESSAGE_AUTH", false}, - {"ohos.permission.GET_SUPER_PRIVACY", false}, - {"ohos.permission.SET_SUPER_PRIVACY", false}, - {"ohos.permission.RECORD_VOICE_CALL", false}, - {"ohos.permission.MANAGE_APP_INSTALL_INFO", false}, - {"ohos.permission.RECEIVE_APP_INSTALL_INFO_CHANGE", false}, - {"ohos.permission.ACCESS_ADVANCED_SECURITY_MODE", false}, - {"ohos.permission.STORE_PERSISTENT_DATA", false}, - {"ohos.permission.ACCESS_HIVIEWX", false}, - {"ohos.permission.ACCESS_PASSWORDVAULT_ABILITY", false}, - {"ohos.permission.ACCESS_LOWPOWER_MANAGER", false}, - {"ohos.permission.ACCESS_DDK_USB", false}, - {"ohos.permission.ACCESS_DDK_USB_SERIAL", false}, - {"ohos.permission.ACCESS_DDK_SCSI_PERIPHERAL", false}, - {"ohos.permission.ACCESS_EXTENSIONAL_DEVICE_DRIVER", false}, - {"ohos.permission.ACCESS_DDK_DRIVERS", false}, - {"ohos.permission.ACCESS_TEXTAUTOFILL_ABILITY", false}, - {"ohos.permission.ACCESS_DDK_HID", false}, - {"ohos.permission.MANAGE_APP_BOOT", false}, - {"ohos.permission.ACCESS_HIVIEWCARE", false}, - {"ohos.permission.CONNECT_UI_EXTENSION_ABILITY", false}, - {"ohos.permission.FILE_ACCESS_PERSIST", false}, - {"ohos.permission.SET_SANDBOX_POLICY", false}, - {"ohos.permission.CHECK_SANDBOX_POLICY", false}, - {"ohos.permission.ACCESS_ACCOUNT_KIT_SERVICE", false}, - {"ohos.permission.REQUEST_ANONYMOUS_ATTEST", false}, - {"ohos.permission.ACCESS_ACCOUNT_KIT_UI", false}, - {"ohos.permission.READ_ACCOUNT_LOGIN_STATE", false}, - {"ohos.permission.WRITE_ACCOUNT_LOGIN_STATE", false}, - {"ohos.permission.START_RECENT_ABILITY", false}, - {"ohos.permission.READ_CLOUD_SYNC_CONFIG", false}, - {"ohos.permission.MANAGE_CLOUD_SYNC_CONFIG", false}, - {"ohos.permission.ACCESS_FINDDEVICE", false}, - {"ohos.permission.MANAGE_FINDSERVICE", false}, - {"ohos.permission.TRIGGER_ACTIVATIONLOCK", false}, - {"ohos.permission.MANAGE_USB_CONFIG", false}, - {"ohos.permission.WRITE_PRIVACY_PUSH_DATA", false}, - {"ohos.permission.READ_PRIVACY_PUSH_DATA", false}, - {"ohos.permission.MANAGE_HAP_TOKENID", false}, - {"ohos.permission.REPORT_RESOURCE_SCHEDULE_EVENT", false}, - {"ohos.permission.SEND_TASK_COMPLETE_EVENT", false}, - {"ohos.permission.GET_SUSPEND_STATE", false}, - {"ohos.permission.MANAGE_APP_BOOT_INTERNAL", false}, - {"ohos.permission.REGISTER_APP_DEBUG_LISTENER", false}, - {"ohos.permission.ATTACH_APP_DEBUG", false}, - {"ohos.permission.NOTIFY_DEBUG_ASSERT_RESULT", false}, - {"ohos.permission.CHANGE_DISPLAYMODE", false}, - {"ohos.permission.ACCESS_MEDIALIB_THUMB_DB", false}, - {"ohos.permission.MIGRATE_DATA", false}, - {"ohos.permission.ACCESS_DYNAMIC_ICON", false}, - {"ohos.permission.CHANGE_BUNDLE_UNINSTALL_STATE", false}, - {"ohos.permission.MONITOR_DEVICE_NETWORK_STATE", false}, - {"ohos.permission.SYNC_PROFILE_DP", false}, - {"ohos.permission.ACCESS_SERVICE_DP", false}, - {"ohos.permission.ACCESS_PROTOCOL_DFX_STATE", false}, - {"ohos.permission.ACCESS_SERVICE_NAVIGATION_INFO", false}, - {"ohos.permission.MANAGE_STYLUS_EVENT", false}, - {"ohos.permission.WRITE_GTOKEN_POLICY", false}, - {"ohos.permission.READ_GTOKEN_POLICY", false}, - {"ohos.permission.ENABLE_PROFILER", false}, - {"ohos.permission.PRELOAD_APPLICATION", false}, - {"ohos.permission.USE_CLOUD_DRIVE_SERVICE", false}, - {"ohos.permission.USE_CLOUD_BACKUP_SERVICE", false}, - {"ohos.permission.USE_CLOUD_COMMON_SERVICE", false}, - {"ohos.permission.START_DLP_CRED", false}, - {"ohos.permission.START_SHORTCUT", false}, - {"ohos.permission.MANAGE_INPUT_INFRARED_EMITTER", false}, - {"ohos.permission.SET_PROCESS_CACHE_STATE", false}, - {"ohos.permission.ACCESS_PRIVATE_SPACE_MANAGER", false}, - {"ohos.permission.ACCESS_PRIVATE_SPACE_PASSWORD_PROTECT", false}, - {"ohos.permission.ACCESS_LOCAL_BACKUP", false}, - {"ohos.permission.ACCESS_SYSTEM_APP_CERT", false}, - {"ohos.permission.ACCESS_USER_TRUSTED_CERT", false}, - {"ohos.permission.CAST_AUDIO_OUTPUT", false}, - {"ohos.permission.GRANT_URI_PERMISSION_PRIVILEGED", false}, - {"ohos.permission.UPDATE_APP_CONFIGURATION", false}, - {"ohos.permission.KILL_APP_PROCESSES", false}, - {"ohos.permission.ACCESS_SCREEN_LOCK_MEDIA_DATA", false}, - {"ohos.permission.ACCESS_SCREEN_LOCK_ALL_DATA", false}, - {"ohos.permission.MANAGE_SYSTEM_ABILITY", false}, - {"ohos.permission.ACCESS_EXT_SYSTEM_ABILITY", false}, - {"ohos.permission.WRITE_RINGTONE", false}, - {"ohos.permission.UPDATE_QUICKFIX", false}, - {"ohos.permission.GET_QUICKFIX_INFO", false}, - {"ohos.permission.CHECK_QUICKFIX_RESULT", false}, - {"ohos.permission.GET_ACCOUNT_MINORS_INFO", false}, - {"ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS_AS_USER", false}, - {"ohos.permission.ACCESS_LOCAL_THEME", false}, - {"ohos.permission.ACCESS_SHADER_CACHE_DIR", false}, - {"ohos.permission.INSTALL_CLONE_BUNDLE", false}, - {"ohos.permission.UNINSTALL_CLONE_BUNDLE", false}, - {"ohos.permission.PROTECT_SCREEN_LOCK_DATA", false}, - {"ohos.permission.MANAGE_SETTINGS", false}, - {"ohos.permission.ACCESS_DEVICE_COLLABORATION_PRIVATE_ABILITY", false}, - {"ohos.permission.ACCESS_DEVICE_COLLABORATION_SERVICE", false}, - {"ohos.permission.ACCESS_FUSION_AWARENESS_DATA", false}, - {"ohos.permission.ACCESS_RINGTONE_RESOURCE", false}, - {"ohos.permission.ACCESS_FILE_CONTENT_SHARE", false}, - {"ohos.permission.ACCESS_SEARCH_SERVICE", false}, - {"ohos.permission.ACCESS_SCREEN_LOCK", false}, - {"ohos.permission.MANAGE_SOFTBUS_NETWORK", false}, - {"ohos.permission.MANAGE_FINDNETWORK", false}, - {"ohos.permission.SET_FOREGROUND_HAP_REMINDER", false}, - {"ohos.permission.OPERATE_FINDNETWORK", false}, - {"ohos.permission.QUERY_FINDNETWORK_LOCATION", false}, - {"ohos.permission.REGISTER_FINDNETWORK_ACCESSORY", false}, - {"ohos.permission.MANAGE_SHUTDOWN_FINDNETWORK", false}, - {"ohos.permission.INJECT_INPUT_EVENT", false}, - {"ohos.permission.ACCESS_SUBSCRIPTION_CAPSULE_DATA", false}, - {"ohos.permission.PRE_START_ATOMIC_SERVICE", false}, - {"ohos.permission.UPDATE_CALENDAR_RRULE", false}, - {"ohos.permission.QUERY_SECURITY_EVENT", false}, - {"ohos.permission.REPORT_SECURITY_EVENT", false}, - {"ohos.permission.QUERY_SECURITY_MODEL_RESULT", false}, - {"ohos.permission.MANAGE_SECURITY_GUARD_CONFIG", false}, - {"ohos.permission.COLLECT_SECURITY_EVENT", false}, - {"ohos.permission.QUERY_AUDIT_EVENT", false}, - {"ohos.permission.QUERY_SECURITY_POLICY_FROM_CLOUD", false}, - {"ohos.permission.REPORT_SECURITY_EVENT_TO_CLOUD", false}, - {"ohos.permission.CONNECT_FORM_EXTENSION", false}, - {"ohos.permission.CONNECT_WORK_SCHEDULER_EXTENSION", false}, - {"ohos.permission.CONNECT_INPUT_METHOD_EXTENSION", false}, - {"ohos.permission.CONNECT_ACCESSIBILITY_EXTENSION", false}, - {"ohos.permission.CONNECT_STATIC_SUBSCRIBER_EXTENSION", false}, - {"ohos.permission.CONNECT_WALLPAPER_EXTENSION", false}, - {"ohos.permission.CONNECT_BACKUP_EXTENSION", false}, - {"ohos.permission.CONNECT_ENTERPRISE_ADMIN_EXTENSION", false}, - {"ohos.permission.CONNECT_FILE_ACCESS_EXTENSION", false}, - {"ohos.permission.CONNECT_PRINT_EXTENSION", false}, - {"ohos.permission.CONNECT_DRIVER_EXTENSION", false}, - {"ohos.permission.CONNECT_APP_ACCOUNT_AUTHORIZATION_EXTENSION", false}, - {"ohos.permission.CONNECT_REMOTE_NOTIFICATION_EXTENSION", false}, - {"ohos.permission.CONNECT_REMOTE_LOCATION_EXTENSION", false}, - {"ohos.permission.CONNECT_VPN_EXTENSION", false}, - {"ohos.permission.KILL_PROCESS_DEPENDED_ON_ARKWEB", false}, - {"ohos.permission.CONTROL_LOCATION_SWITCH", false}, - {"ohos.permission.MOCK_LOCATION", false}, - {"ohos.permission.ALLOW_TIPS_ACCESS", false}, - {"ohos.permission.ACCESS_SCAN_SERVICE", false}, - {"ohos.permission.ACCESS_FACTORY_OTA_DIR", false}, - {"ohos.permission.MICROPHONE_CONTROL", false}, - {"ohos.permission.MANAGE_MOUSE_CURSOR", false}, - {"ohos.permission.INPUT_DEVICE_CONTROLLER", false}, - {"ohos.permission.FILTER_INPUT_EVENT", false}, - {"ohos.permission.INPUT_PANEL_STATUS_PUBLISHER", false}, - {"ohos.permission.RECEIVE_FUSION_MESSAGES", false}, - {"ohos.permission.ACCESS_FUSION_MANAGER", false}, - {"ohos.permission.ACCESS_AMS_FROM_FUSION", false}, - {"ohos.permission.PUBLISH_LOCATION_EVENT", false}, - {"ohos.permission.DUMP_AUDIO", false}, - {"ohos.permission.ACTIVATE_DEVICE_PSI", false}, - {"ohos.permission.ACCESS_MULTICORE_HYBRID_ABILITY", false}, - {"ohos.permission.INSTALL_INTERNALTESTING_BUNDLE", false}, - {"ohos.permission.GET_ALL_PROCESSES", false}, - {"ohos.permission.OPEN_FILE", false}, - {"ohos.permission.PROCESS_FILE_COPY_PASTE", false}, - {"ohos.permission.CLEAR_RECYCLEBIN", false}, - {"ohos.permission.GET_FILE_THUMBNAIL", false}, - {"ohos.permission.PUBLISH_DISPLAY_ROTATION_EVENT", false}, - {"ohos.permission.PUBLISH_CAST_PLUGGED_EVENT", false}, - {"ohos.permission.NETWORK_DHCP", false}, - {"ohos.permission.ACCESS_BBOX_DIR", false}, - {"ohos.permission.ACCESS_CAR_DISTRIBUTED_ENGINE", false}, - {"ohos.permission.START_RESTORE_NOTIFICATION", false}, - {"ohos.permission.ALLOW_CONNECT_CAR", false}, - {"ohos.permission.MANAGE_NET_FIREWALL", false}, - {"ohos.permission.GET_NET_FIREWALL", false}, - {"ohos.permission.ACCESS_IDM_WIDGET", false}, - {"ohos.permission.GET_TELEPHONY_ESIM_STATE", false}, - {"ohos.permission.SET_TELEPHONY_ESIM_STATE", false}, - {"ohos.permission.MANAGE_ACCESSORY", false}, - {"ohos.permission.COLLECT_ACCESSORY_LOG", false}, - {"ohos.permission.ACCESS_DISTRIBUTED_MODEM", false}, - {"ohos.permission.GET_ETHERNET_LOCAL_MAC", false}, - {"ohos.permission.ALLOW_SHOW_NON_SECURE_WINDOWS", false}, - {"ohos.permission.GRANT_SHORT_TERM_WRITE_MEDIAVIDEO", false}, - {"ohos.permission.CAMERA_BACKGROUND", false}, - {"ohos.permission.CONNECT_PUSH_EXTENSION", false}, - {"ohos.permission.CONNECT_VOIP_EXTENSION", false}, - {"ohos.permission.CALLED_TRANSITION_ON_LOCK_SCREEN", false}, - {"ohos.permission.CALLED_BELOW_LOCK_SCREEN", false}, - {"ohos.permission.MANAGE_USER_ACCOUNT_INFO", false}, - {"ohos.permission.ALLOW_UPGRADE_GUIDE_ACCESS", false}, - {"ohos.permission.MANAGE_RGM", false}, - {"ohos.permission.ACCESS_PROTOCOL_DFX_DATA", false}, - {"ohos.permission.ACCESS_CMAP_SERVICE", false}, - {"ohos.permission.GET_NEARLINK_LOCAL_MAC", false}, - {"ohos.permission.MANAGE_NEARLINK", false}, - {"ohos.permission.UNINSTALL_QUICK_FIX_BUNDLE", false}, - {"ohos.permission.INSTALL_QUICK_FIX_BUNDLE", false}, - {"ohos.permission.INSTALL_SANDBOX_BUNDLE", false}, - {"ohos.permission.UNINSTALL_SANDBOX_BUNDLE", false}, - {"ohos.permission.MANAGE_SYSTEM_AUDIO_EFFECTS", false}, - {"ohos.permission.START_SYSTEM_DIALOG", false}, - {"ohos.permission.ACCESS_STATUSBAR_ICON", false}, - {"ohos.permission.ACCESS_AI_ABILITY", false}, - {"ohos.permission.READ_HEALTH_MOTION", false}, - {"ohos.permission.hsdr.REQUEST_HSDR", false}, - {"ohos.permission.QUERY_PASSWORD_VAULT_DATA", false}, - {"ohos.permission.SUBSCRIBE_NOTIFICATION_WINDOW_STATE", false}, - {"ohos.permission.STORAGE_MANAGER_CRYPT", false}, - {"ohos.permission.READ_FINDSERVICE", false}, - {"ohos.permission.GET_NEARLINK_PEER_MAC", false}, - {"ohos.permission.SET_TELEPHONY_ESIM_STATE_OPEN", false}, - {"ohos.permission.SUPERVISE_KIA_SERVICE", false}, - {"ohos.permission.ACCESS_ANALYTICS", false}, - {"ohos.permission.WINDOW_TOPMOST", false}, - {"ohos.permission.BLOCK_ALL_APP_START", false}, - {"ohos.permission.START_UIABILITY_TO_HIDDEN", false}, - {"ohos.permission.ACCESS_SUPER_HUB", false}, - {"ohos.permission.READ_WRITE_USB_DEV", false}, - {"ohos.permission.READ_WRITE_USER_FILE", false}, - {"ohos.permission.USER_AUTH_FROM_BACKGROUND", false}, - {"ohos.permission.READ_WEATHER_DATA", false}, - {"ohos.permission.MANAGE_APP_KEEP_ALIVE", false}, - {"ohos.permission.MANAGE_APP_KEEP_ALIVE_INTERNAL", false}, - {"ohos.permission.ACCESS_VIRTUAL_KEYBOARD", false}, - {"ohos.permission.CALLED_UIEXTENSION_ON_LOCK_SCREEN", false}, - {"ohos.permission.READ_APP_LOCK", false}, - {"ohos.permission.WRITE_APP_LOCK", false}, - {"ohos.permission.ACCESS_APP_LOCK", false}, - {"ohos.permission.ACCESS_APP_SINGLE_PERMISSION_MANAGEMENT", false}, - {"ohos.permission.ACCESS_APP_INSTALL_DIR", false}, - {"ohos.permission.kernel.DISABLE_CODE_MEMORY_PROTECTION", false}, - {"ohos.permission.kernel.ALLOW_WRITABLE_CODE_MEMORY", false}, - {"ohos.permission.MANAGE_UDMF_APP_SHARE_OPTION", false}, - {"ohos.permission.MANAGE_PASTEBOARD_APP_SHARE_OPTION", false}, - {"ohos.permission.ENABLE_EXPERIENCE_HBM", false}, - {"ohos.permission.CAPTURE_PLAYBACK", false}, - {"ohos.permission.MICROPHONE_BACKGROUND", false}, - {"ohos.permission.USE_USER_ACCESS_MANAGER", false}, - {"ohos.permission.ACCESS_ENTERPRISE_USER_TRUSTED_CERT", false}, - {"ohos.permission.ACCESS_CONFIDENTIAL_COMPUTING_ZONE", false}, - {"ohos.permission.SYNC_ASSET_BETWEEN_TRUSTED_ACCOUNT", false}, - {"ohos.permission.kernel.ALLOW_EXECUTABLE_FORT_MEMORY", false}, - {"ohos.permission.ACCESS_ACCOUNT_SERVICE_EXTENSION_ABILITY", false}, - {"ohos.permission.SET_LAUNCH_REASON_MESSAGE", false}, - {"ohos.permission.EXEMPT_CAPTURE_SCREEN_AUTHORIZE", false}, - {"ohos.permission.GET_DOMAIN_ACCOUNT_SERVER_CONFIGS", false}, - {"ohos.permission.MANAGE_DOMAIN_ACCOUNT_SERVER_CONFIGS", false}, - {"ohos.permission.MANAGE_DOMAIN_ACCOUNTS", false}, - {"ohos.permission.WATCH_READ_EMERGENCY_INFO", false}, - {"ohos.permission.WATCH_WRITE_EMERGENCY_INFO", false}, - {"ohos.permission.WATCH_START_SOS_SERVICE", false}, - {"ohos.permission.ANTI_FRAUD", false}, - {"ohos.permission.GET_SIGNATURE_INFO", false}, - {"ohos.permission.NDK_START_SELF_UI_ABILITY", false}, - {"ohos.permission.GET_ANIM_POLICY", false}, - {"ohos.permission.PRELOAD_FILE", false}, - {"ohos.permission.INPUT_KEYBOARD_CONTROLLER", false}, - {"ohos.permission.LOCATION_SWITCH_IGNORED", false}, - {"ohos.permission.SET_MUTE_POLICY", false}, - {"ohos.permission.SET_ABILITY_INSTANCE_INFO", false}, - {"ohos.permission.VIRTUAL_KEYBOARD_WINDOW", false}, - {"ohos.permission.ACCESS_DLP_HIDE_INFO", false}, - {"ohos.permission.DLP_GET_HIDE_STATUS", false}, - {"ohos.permission.CONNECT_ASSET_ACCELERATION_EXTENSION", false}, - {"ohos.permission.GET_FAMILY_INFO", false}, - {"ohos.permission.GET_PAGE_INFO", false}, - {"ohos.permission.ACCESS_ACCOUNT_RECOMMENDATION_DATA", false}, - {"ohos.permission.SET_PAC_URL", false}, - {"ohos.permission.ACCESS_DISK_PHY_INFO", false}, - {"ohos.permission.MANAGE_EDM_POLICY", false}, - {"ohos.permission.ACCESS_USER_ACCOUNT_INFO", false}, - {"ohos.permission.ACCESS_VIRTUAL_SCREEN", false}, - {"ohos.permission.ACCESS_CUSTOM_RINGTONE", false}, - {"ohos.permission.PERFORM_LOCAL_DEBUG", false}, - {"ohos.permission.ACCESS_APP_CLONE_DIR", false}, - {"ohos.permission.ACCESS_STARTUPGUIDE", false}, - {"ohos.permission.ANTIFRAUD_DETECT", false}, - {"ohos.permission.ANTIFRAUD_PICTURE_DETECT", false}, - {"ohos.permission.ANTIFRAUD_MODEL_DOWNLOAD", false}, - {"ohos.permission.CONTROL_SVC_CMD", false}, - {"ohos.permission.ACCESS_DEVAUTH_CRED_MGR", false}, - {"ohos.permission.ACCESS_DEVAUTH_CRED_PRIVILEGE", false}, - {"ohos.permission.ACCESS_DEVAUTH_CRED_AUTH", false}, - {"ohos.permission.INSTALL_PLUGIN_BUNDLE", false}, - {"ohos.permission.UNINSTALL_PLUGIN_BUNDLE", false}, - {"ohos.permission.kernel.SUPPORT_PLUGIN", false}, - {"ohos.permission.ACCESS_TRUST_LIST_OOBE_MANAGER", false}, - {"ohos.permission.VISIBLE_WINDOW_INFO", false} +namespace { +bool g_initedPermMap = false; +std::mutex g_lockPermMap; +} + +class CharArrayCompare { +public: + CharArrayCompare() {}; + + bool operator() (const char *str1, const char *str2) const + { + if (str1 == str2) { + return false; + } else { + return (strcmp(str1, str2) < 0); + } + } }; +std::map g_permMap; -bool TransferPermissionToOpcode(const std::string& permission, uint32_t& opCode) +static void InitMap() { - size_t size = g_permMap.size(); - for (size_t i = 0; i < size; i++) { - std::pair it = g_permMap[i]; - if (permission == it.first) { - opCode = i; - return true; - } + std::lock_guard lock(g_lockPermMap); + if (g_initedPermMap) { + return; + } + for (uint32_t i = 0; i < MAX_PERM_SIZE; i++) { + g_permMap[g_permList[i].permissionName] = i; } - return false; + g_initedPermMap = true; } -bool TransferOpcodeToPermission(uint32_t opCode, std::string& permission) +bool TransferPermissionToOpcode(const std::string& permissionName, uint32_t& opCode) { - if (opCode >= MAX_PERM_SIZE || opCode >= g_permMap.size()) { + if (!g_initedPermMap) { + InitMap(); + } + auto it = g_permMap.find(permissionName.c_str()); + if (it == g_permMap.end()) { return false; } - permission = g_permMap[opCode].first; + opCode = it->second; return true; } -bool IsUserGrantPermission(const std::string& permission) +bool TransferOpcodeToPermission(uint32_t opCode, std::string& permissionName) { - for (const auto& perm : g_permMap) { - if (permission == perm.first) { - return perm.second; - } + if ((opCode >= MAX_PERM_SIZE)) { + return false; } - return false; + + permissionName = std::string(g_permList[opCode].permissionName); + return true; +} + +bool IsUserGrantPermission(const std::string& permissionName) +{ + uint32_t opCode; + if (!TransferPermissionToOpcode(permissionName, opCode)) { + return false; // default is false + } + + return g_permList[opCode].grantMode == GrantMode::USER_GRANT; +} + +bool IsDefinedPermission(const std::string& permissionName) +{ + if (!g_initedPermMap) { + InitMap(); + } + auto it = g_permMap.find(permissionName.c_str()); + if (it == g_permMap.end()) { + return false; + } + return true; +} + +bool GetPermissionBriefDef(const std::string& permissionName, PermissionBriefDef& briefDef) +{ + uint32_t opCode; + if (!TransferPermissionToOpcode(permissionName, opCode)) { + return false; // default is false + } + briefDef = g_permList[opCode]; + return true; +} + +bool IsPermissionValidForHap(const std::string& permissionName) +{ + uint32_t opCode; + if (!TransferPermissionToOpcode(permissionName, opCode)) { + return false; + } + + return g_permList[opCode].availableType != ATokenAvailableTypeEnum::SERVICE; +} + +void ConvertPermissionBriefToDef(const PermissionBriefDef& briefDef, PermissionDef &def) +{ + def.permissionName = std::string(briefDef.permissionName); + def.grantMode = static_cast(briefDef.grantMode); + def.availableLevel = briefDef.availableLevel; + def.provisionEnable = briefDef.provisionEnable; + def.distributedSceneEnable = briefDef.distributedSceneEnable; + def.availableType = briefDef.availableType; + def.isKernelEffect = briefDef.isKernelEffect; + def.hasValue = briefDef.hasValue; +} + +bool IsKernelPermission(const std::string& permissionName) +{ + uint32_t opCode; + if (!TransferPermissionToOpcode(permissionName, opCode)) { + return false; + } + + return g_permList[opCode].isKernelEffect; +} + +bool IsPermissionHasValue(const std::string& permissionName) +{ + uint32_t opCode; + if (!TransferPermissionToOpcode(permissionName, opCode)) { + return false; + } + + return g_permList[opCode].hasValue; +} + +size_t GetDefPermissionsSize() +{ + return MAX_PERM_SIZE; } } // namespace AccessToken } // namespace Security diff --git a/frameworks/test/unittest/common_test.cpp b/frameworks/test/unittest/common_test.cpp index 0ab1a2fbd..435d2212c 100644 --- a/frameworks/test/unittest/common_test.cpp +++ b/frameworks/test/unittest/common_test.cpp @@ -75,7 +75,7 @@ HWTEST_F(CommonTest, TransferOpcodeToPermission001, TestSize.Level1) { std::string permissionName; EXPECT_TRUE(TransferOpcodeToPermission(0, permissionName)); - EXPECT_EQ(permissionName, "ohos.permission.ANSWER_CALL"); + EXPECT_NE(permissionName, ""); } /* diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp index 0c1636d7d..b3c17a015 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp @@ -112,10 +112,13 @@ int32_t AccessTokenKit::InitHapToken(const HapInfoParams& info, HapPolicyParams& int32_t AccessTokenKit::InitHapToken(const HapInfoParams& info, HapPolicyParams& policy, AccessTokenIDEx& fullTokenId, HapInfoCheckResult& result) { - LOGI(ATM_DOMAIN, ATM_TAG, "UserID: %{public}d, bundleName :%{public}s, \ -permList: %{public}zu, stateList: %{public}zu, aclExtendedMap: %{public}zu, checkIgnore: %{public}d", + LOGI(ATM_DOMAIN, ATM_TAG, "UserID: %{public}d, bundleName :%{public}s, permList: %{public}zu, " + "stateList: %{public}zu, aclExtendedMap: %{public}zu, apl: %{public}d, checkIgnore: %{public}d", info.userID, info.bundleName.c_str(), policy.permList.size(), policy.permStateList.size(), - policy.aclExtendedMap.size(), policy.checkIgnore); + policy.aclExtendedMap.size(), policy.apl, policy.checkIgnore); + for (const auto& permission : policy.aclRequestedList) { + LOGI(ATM_DOMAIN, ATM_TAG, "acl permission is %{public}s.", permission.c_str()); + } if ((!DataValidator::IsUserIdValid(info.userID)) || !DataValidator::IsAppIDDescValid(info.appIDDesc) || !DataValidator::IsBundleNameValid(info.bundleName) || !DataValidator::IsAplNumValid(policy.apl) || !DataValidator::IsDomainValid(policy.domain) || !DataValidator::IsDlpTypeValid(info.dlpType) || @@ -416,10 +419,18 @@ int AccessTokenKit::GetDefPermission(const std::string& permissionName, Permissi return AccessTokenError::ERR_PARAM_INVALID; } - int ret = AccessTokenManagerClient::GetInstance().GetDefPermission(permissionName, permissionDefResult); - LOGD(ATM_DOMAIN, ATM_TAG, "GetDefPermission bundleName = %{public}s", permissionDefResult.bundleName.c_str()); + PermissionBriefDef briefDef; + if (!GetPermissionBriefDef(permissionName, briefDef)) { + return AccessTokenError::ERR_PERMISSION_NOT_EXIST; + } + + ConvertPermissionBriefToDef(briefDef, permissionDefResult); + + if (briefDef.grantMode == GrantMode::SYSTEM_GRANT) { + return 0; + } - return ret; + return AccessTokenManagerClient::GetInstance().GetDefPermission(permissionName, permissionDefResult); } int AccessTokenKit::GetReqPermissions( diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/delete_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/delete_token_test.cpp index 1a8a7a942..2bb5f3e85 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/delete_token_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/delete_token_test.cpp @@ -115,16 +115,14 @@ HWTEST_F(DeleteTokenTest, DeleteTokenFuncTest001, TestSize.Level1) ASSERT_NE(INVALID_TOKENID, tokenID); PermissionDef permDefResultAlpha; - int ret = AccessTokenKit::GetDefPermission("ohos.permission.ALPHA", permDefResultAlpha); - ASSERT_EQ("ohos.permission.ALPHA", permDefResultAlpha.permissionName); - ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, AccessTokenKit::GetDefPermission( + "ohos.permission.ALPHA", permDefResultAlpha)); - ret = AccessTokenKit::DeleteToken(tokenID); - ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); PermissionDef defResult; - ret = AccessTokenKit::GetDefPermission("ohos.permission.ALPHA", defResult); - ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, AccessTokenKit::GetDefPermission( + "ohos.permission.ALPHA", defResult)); } /** diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/get_permission_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/get_permission_test.cpp index 58fcf15fc..c58a3cff1 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/get_permission_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/get_permission_test.cpp @@ -200,55 +200,28 @@ HWTEST_F(GetPermissionTest, GetDefPermissionFuncTest001, TestSize.Level1) { LOGI(ATM_DOMAIN, ATM_TAG, "GetDefPermissionFuncTest001"); - PermissionDef permDefResultAlpha; - int ret = AccessTokenKit::GetDefPermission("ohos.permission.ALPHA", permDefResultAlpha); - ASSERT_EQ(RET_SUCCESS, ret); - ASSERT_EQ("ohos.permission.ALPHA", permDefResultAlpha.permissionName); - - PermissionDef permDefResultBeta; - ret = AccessTokenKit::GetDefPermission("ohos.permission.BETA", permDefResultBeta); - ASSERT_EQ(RET_SUCCESS, ret); - ASSERT_EQ("ohos.permission.BETA", permDefResultBeta.permissionName); -} - -/** - * @tc.name: GetDefPermissionAbnormalTest001 - * @tc.desc: Get permission definition info that permission is invalid. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(GetPermissionTest, GetDefPermissionAbnormalTest001, TestSize.Level1) -{ - LOGI(ATM_DOMAIN, ATM_TAG, "GetDefPermissionAbnormalTest001"); - - PermissionDef permDefResult; - int ret = AccessTokenKit::GetDefPermission("ohos.permission.GAMMA", permDefResult); - ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret); - - ret = AccessTokenKit::GetDefPermission("", permDefResult); - ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); + PermissionDef permDef; + // permission name is empty + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, AccessTokenKit::GetDefPermission("", permDef)); + // permission name oversize std::string invalidPerm(INVALID_PERMNAME_LEN, 'a'); - ret = AccessTokenKit::GetDefPermission(invalidPerm, permDefResult); - ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); -} - -/** - * @tc.name: GetDefPermissionSpecTest001 - * @tc.desc: GetDefPermission is invoked multiple times. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(GetPermissionTest, GetDefPermissionSpecTest001, TestSize.Level0) -{ - LOGI(ATM_DOMAIN, ATM_TAG, "GetDefPermissionSpecTest001"); - - for (int j = 0; j < CYCLE_TIMES; j++) { - PermissionDef permDefResultAlpha; - int32_t ret = AccessTokenKit::GetDefPermission("ohos.permission.ALPHA", permDefResultAlpha); - ASSERT_EQ(RET_SUCCESS, ret); - ASSERT_EQ("ohos.permission.ALPHA", permDefResultAlpha.permissionName); - } + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, AccessTokenKit::GetDefPermission(invalidPerm, permDef)); + + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, AccessTokenKit::GetDefPermission( + "ohos.permission.ALPHA", permDef)); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, AccessTokenKit::GetDefPermission( + "ohos.permission.BETA", permDef)); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, AccessTokenKit::GetDefPermission( + "ohos.permission.GAMMA", permDef)); + + // get user grant permission define + ASSERT_EQ(0, AccessTokenKit::GetDefPermission("ohos.permission.CAMERA", permDef)); + ASSERT_EQ("ohos.permission.CAMERA", permDef.permissionName); + + // get system grant permission define + ASSERT_EQ(0, AccessTokenKit::GetDefPermission("ohos.permission.PERMISSION_USED_STATS", permDef)); + ASSERT_EQ("ohos.permission.PERMISSION_USED_STATS", permDef.permissionName); } /** diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_extension_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_extension_test.cpp index 860186d2a..d15891066 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_extension_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_extension_test.cpp @@ -786,7 +786,6 @@ HWTEST_F(AccessTokenKitExtensionTest, RegisterSelfPermStateChangeCallback004, Te static HapPolicyParams infoManagerTestPolicyPrams1 = { .apl = APL_NORMAL, .domain = "test.domain2", - .permList = {}, .permStateList = {infoManagerTestStateA, infoManagerTestStateB} }; AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams1); @@ -816,6 +815,7 @@ HWTEST_F(AccessTokenKitExtensionTest, RegisterSelfPermStateChangeCallback004, Te callbackPtr->ready_ = false; ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GrantPermission(tokenID, "ohos.permission.GET_BUNDLE_INFO", 2)); + usleep(500000); // 500000us = 0.5s EXPECT_EQ(true, callbackPtr->ready_); callbackPtr->ready_ = false; diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp index 59e483f85..84222e770 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp @@ -390,61 +390,6 @@ HWTEST_F(AccessTokenKitTest, GetPermissionUsedType002, TestSize.Level1) ASSERT_EQ(0, SetSelfTokenID(selfTokenId_)); } -/** - * @tc.name: GetDefPermission001 - * @tc.desc: Get permission definition info after AllocHapToken function has been invoked. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(AccessTokenKitTest, GetDefPermission001, TestSize.Level1) -{ - PermissionDef permDefResultAlpha; - int ret = AccessTokenKit::GetDefPermission(TEST_PERMISSION_NAME_ALPHA, permDefResultAlpha); - ASSERT_EQ(RET_SUCCESS, ret); - ASSERT_EQ(TEST_PERMISSION_NAME_ALPHA, permDefResultAlpha.permissionName); - - PermissionDef permDefResultBeta; - ret = AccessTokenKit::GetDefPermission(TEST_PERMISSION_NAME_BETA, permDefResultBeta); - ASSERT_EQ(RET_SUCCESS, ret); - ASSERT_EQ(TEST_PERMISSION_NAME_BETA, permDefResultBeta.permissionName); -} - -/** - * @tc.name: GetDefPermission002 - * @tc.desc: Get permission definition info that permission is invalid. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(AccessTokenKitTest, GetDefPermission002, TestSize.Level1) -{ - PermissionDef permDefResult; - int ret = AccessTokenKit::GetDefPermission(TEST_PERMISSION_NAME_GAMMA, permDefResult); - ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret); - - ret = AccessTokenKit::GetDefPermission("", permDefResult); - ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); - - std::string invalidPerm(INVALID_PERMNAME_LEN, 'a'); - ret = AccessTokenKit::GetDefPermission(invalidPerm, permDefResult); - ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); -} - -/** - * @tc.name: GetDefPermission003 - * @tc.desc: GetDefPermission is invoked multiple times. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(AccessTokenKitTest, GetDefPermission003, TestSize.Level0) -{ - for (int j = 0; j < CYCLE_TIMES; j++) { - PermissionDef permDefResultAlpha; - int32_t ret = AccessTokenKit::GetDefPermission(TEST_PERMISSION_NAME_ALPHA, permDefResultAlpha); - ASSERT_EQ(RET_SUCCESS, ret); - ASSERT_EQ(TEST_PERMISSION_NAME_ALPHA, permDefResultAlpha.permissionName); - } -} - /** * @tc.name: GetReqPermissions001 * @tc.desc: Get user granted permission state info. @@ -1650,28 +1595,6 @@ HWTEST_F(AccessTokenKitTest, GetHapTokenInfo002, TestSize.Level0) ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); } -/** - * @tc.name: DeleteToken001 - * @tc.desc: Cannot get permission definition info after DeleteToken function has been invoked. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(AccessTokenKitTest, DeleteToken001, TestSize.Level1) -{ - AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); - PermissionDef permDefResultAlpha; - int ret = AccessTokenKit::GetDefPermission(TEST_PERMISSION_NAME_ALPHA, permDefResultAlpha); - ASSERT_EQ(TEST_PERMISSION_NAME_ALPHA, permDefResultAlpha.permissionName); - ASSERT_EQ(RET_SUCCESS, ret); - - ret = AccessTokenKit::DeleteToken(tokenID); - ASSERT_EQ(RET_SUCCESS, ret); - - PermissionDef defResult; - ret = AccessTokenKit::GetDefPermission(TEST_PERMISSION_NAME_ALPHA, defResult); - ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret); -} - /** * @tc.name: DeleteToken002 * @tc.desc: Delete invalid tokenID. @@ -2007,7 +1930,6 @@ HWTEST_F(AccessTokenKitTest, AllocHapToken003, TestSize.Level1) std::string invalidBundleName (INVALID_BUNDLENAME_LEN, 'x'); std::string bundle = g_infoManagerTestInfoParms.bundleName; - DeleteTestToken(); GTEST_LOG_(INFO) << "get hap token info:" << invalidBundleName.length(); g_infoManagerTestInfoParms.bundleName = invalidBundleName; @@ -2021,8 +1943,6 @@ HWTEST_F(AccessTokenKitTest, AllocHapToken003, TestSize.Level1) ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, AccessTokenKit::DeleteToken(tokenID)); g_infoManagerTestInfoParms.bundleName = bundle; - - DeleteTestToken(); } /** @@ -2033,9 +1953,6 @@ HWTEST_F(AccessTokenKitTest, AllocHapToken003, TestSize.Level1) */ HWTEST_F(AccessTokenKitTest, AllocHapToken004, TestSize.Level1) { - ATokenAplEnum typeBackUp = g_infoManagerTestPolicyPrams.apl; - DeleteTestToken(); - g_infoManagerTestPolicyPrams.apl = (ATokenAplEnum)5; AccessTokenID tokenID = AllocTestToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); ASSERT_EQ(INVALID_TOKENID, tokenID); @@ -2046,9 +1963,6 @@ HWTEST_F(AccessTokenKitTest, AllocHapToken004, TestSize.Level1) ASSERT_EQ(INVALID_TOKENID, tokenID); ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, AccessTokenKit::DeleteToken(tokenID)); - g_infoManagerTestPolicyPrams.apl = typeBackUp; - - DeleteTestToken(); } /** @@ -2059,11 +1973,6 @@ HWTEST_F(AccessTokenKitTest, AllocHapToken004, TestSize.Level1) */ HWTEST_F(AccessTokenKitTest, AllocHapToken005, TestSize.Level1) { - std::string backUpPermission = g_infoManagerTestPolicyPrams.permList[INDEX_ONE].permissionName; - std::string bundleNameBackUp = g_infoManagerTestPolicyPrams.permList[INDEX_ONE].bundleName; - ATokenAvailableTypeEnum typeBakup = g_infoManagerTestPolicyPrams.permList[INDEX_ONE].availableType; - DeleteTestToken(); - g_infoManagerTestPolicyPrams.permList[INDEX_ONE].bundleName = "invalid_bundleName"; g_infoManagerTestPolicyPrams.permList[INDEX_ONE].permissionName = "ohos.permission.testtmp01"; g_infoManagerTestPolicyPrams.permList[INDEX_ONE].availableType = MDM; @@ -2071,18 +1980,8 @@ HWTEST_F(AccessTokenKitTest, AllocHapToken005, TestSize.Level1) ASSERT_NE(INVALID_TOKENID, tokenID); PermissionDef permDefResult; - int ret = AccessTokenKit::GetDefPermission( - g_infoManagerTestPolicyPrams.permList[INDEX_ONE].permissionName, permDefResult); - ASSERT_EQ(RET_SUCCESS, ret); - ASSERT_EQ(permDefResult.availableType, MDM); - ret = AccessTokenKit::GetDefPermission( - g_infoManagerTestPolicyPrams.permList[INDEX_ONE].permissionName, permDefResult); - ASSERT_EQ(RET_SUCCESS, ret); - g_infoManagerTestPolicyPrams.permList[INDEX_ONE].bundleName = bundleNameBackUp; - g_infoManagerTestPolicyPrams.permList[INDEX_ONE].permissionName = backUpPermission; - g_infoManagerTestPolicyPrams.permList[INDEX_ONE].availableType = typeBakup; - - DeleteTestToken(); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, AccessTokenKit::GetDefPermission( + g_infoManagerTestPolicyPrams.permList[INDEX_ONE].permissionName, permDefResult)); } /** @@ -2093,23 +1992,16 @@ HWTEST_F(AccessTokenKitTest, AllocHapToken005, TestSize.Level1) */ HWTEST_F(AccessTokenKitTest, AllocHapToken006, TestSize.Level1) { - std::string backUp = g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName; - DeleteTestToken(); - const std::string invalidPermissionName (INVALID_PERMNAME_LEN, 'x'); g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = invalidPermissionName; AccessTokenID tokenID = AllocTestToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); ASSERT_NE(INVALID_TOKENID, tokenID); PermissionDef permDefResultBeta; - int ret = AccessTokenKit::GetDefPermission(invalidPermissionName, permDefResultBeta); - ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); - ret = AccessTokenKit::GetDefPermission( - g_infoManagerTestPolicyPrams.permList[INDEX_ONE].permissionName, permDefResultBeta); - ASSERT_EQ(RET_SUCCESS, ret); - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = backUp; - - DeleteTestToken(); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, AccessTokenKit::GetDefPermission( + invalidPermissionName, permDefResultBeta)); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, AccessTokenKit::GetDefPermission( + g_infoManagerTestPolicyPrams.permList[INDEX_ONE].permissionName, permDefResultBeta)); } /** @@ -2120,10 +2012,6 @@ HWTEST_F(AccessTokenKitTest, AllocHapToken006, TestSize.Level1) */ HWTEST_F(AccessTokenKitTest, AllocHapToken007, TestSize.Level1) { - std::string backUp = g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].bundleName; - std::string backUpPermission = g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName; - DeleteTestToken(); - const std::string invalidBundleName (INVALID_BUNDLENAME_LEN, 'x'); g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = "ohos.permission.testtmp02"; @@ -2132,16 +2020,10 @@ HWTEST_F(AccessTokenKitTest, AllocHapToken007, TestSize.Level1) ASSERT_NE(INVALID_TOKENID, tokenID); PermissionDef permDefResultBeta; - int ret = AccessTokenKit::GetDefPermission( - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName, permDefResultBeta); - ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret); - ret = AccessTokenKit::GetDefPermission( - g_infoManagerTestPolicyPrams.permList[INDEX_ONE].permissionName, permDefResultBeta); - ASSERT_EQ(RET_SUCCESS, ret); - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].bundleName = backUp; - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = backUpPermission; - - DeleteTestToken(); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, AccessTokenKit::GetDefPermission( + g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName, permDefResultBeta)); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, AccessTokenKit::GetDefPermission( + g_infoManagerTestPolicyPrams.permList[INDEX_ONE].permissionName, permDefResultBeta)); } /** @@ -2152,10 +2034,6 @@ HWTEST_F(AccessTokenKitTest, AllocHapToken007, TestSize.Level1) */ HWTEST_F(AccessTokenKitTest, AllocHapToken008, TestSize.Level1) { - std::string backUp = g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].label; - std::string backUpPermission = g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName; - DeleteTestToken(); - const std::string invalidLabel (INVALID_LABEL_LEN, 'x'); g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = "ohos.permission.testtmp03"; g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].label = invalidLabel; @@ -2163,16 +2041,10 @@ HWTEST_F(AccessTokenKitTest, AllocHapToken008, TestSize.Level1) ASSERT_NE(INVALID_TOKENID, tokenID); PermissionDef permDefResultBeta; - int ret = AccessTokenKit::GetDefPermission( - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName, permDefResultBeta); - ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret); - ret = AccessTokenKit::GetDefPermission( - g_infoManagerTestPolicyPrams.permList[INDEX_ONE].permissionName, permDefResultBeta); - ASSERT_EQ(RET_SUCCESS, ret); - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].label = backUp; - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = backUpPermission; - - DeleteTestToken(); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, AccessTokenKit::GetDefPermission( + g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName, permDefResultBeta)); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, AccessTokenKit::GetDefPermission( + g_infoManagerTestPolicyPrams.permList[INDEX_ONE].permissionName, permDefResultBeta)); } /** @@ -2183,10 +2055,6 @@ HWTEST_F(AccessTokenKitTest, AllocHapToken008, TestSize.Level1) */ HWTEST_F(AccessTokenKitTest, AllocHapToken009, TestSize.Level1) { - std::string backUp = g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].description; - std::string backUpPermission = g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName; - DeleteTestToken(); - const std::string invalidDescription (INVALID_DESCRIPTION_LEN, 'x'); g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = "ohos.permission.testtmp04"; @@ -2195,17 +2063,10 @@ HWTEST_F(AccessTokenKitTest, AllocHapToken009, TestSize.Level1) ASSERT_NE(INVALID_TOKENID, tokenID); PermissionDef permDefResultBeta; - int ret = AccessTokenKit::GetDefPermission( - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName, permDefResultBeta); - ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret); - ret = AccessTokenKit::GetDefPermission( - g_infoManagerTestPolicyPrams.permList[INDEX_ONE].permissionName, permDefResultBeta); - ASSERT_EQ(RET_SUCCESS, ret); - - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].description = backUp; - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = backUpPermission; - - DeleteTestToken(); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, AccessTokenKit::GetDefPermission( + g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName, permDefResultBeta)); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, AccessTokenKit::GetDefPermission( + g_infoManagerTestPolicyPrams.permList[INDEX_ONE].permissionName, permDefResultBeta)); } static bool ExistInVector(vector array, unsigned int value) @@ -2303,25 +2164,6 @@ HWTEST_F(AccessTokenKitTest, AllocHapToken013, TestSize.Level1) g_infoManagerTestInfoParms.appIDDesc = backup; } -/** - * @tc.name: AllocHapToken014 - * @tc.desc: can alloc a tokenId with permList permissionName as "". - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(AccessTokenKitTest, AllocHapToken014, TestSize.Level1) -{ - std::string backup = g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName; - - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = ""; - AllocTestToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); - PermissionDef permDefResultBeta; - ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, AccessTokenKit::GetDefPermission("", permDefResultBeta)); - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = backup; - - DeleteTestToken(); -} - /** * @tc.name: AllocHapToken015 * @tc.desc: can alloc a tokenId with permList bundleName as "". @@ -2330,74 +2172,17 @@ HWTEST_F(AccessTokenKitTest, AllocHapToken014, TestSize.Level1) */ HWTEST_F(AccessTokenKitTest, AllocHapToken015, TestSize.Level1) { - std::string backup = g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].bundleName; - std::string backUpPermission = g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName; - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].bundleName = ""; g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = "ohos.permission.testtmp05"; - AllocTestToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); - - PermissionDef permDefResultBeta; - int ret = AccessTokenKit::GetDefPermission( - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName, permDefResultBeta); - ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret); - ret = AccessTokenKit::GetDefPermission( - g_infoManagerTestPolicyPrams.permList[INDEX_ONE].permissionName, permDefResultBeta); - ASSERT_EQ(RET_SUCCESS, ret); - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].bundleName = backup; - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = backUpPermission; - - DeleteTestToken(); -} - -/** - * @tc.name: AllocHapToken016 - * @tc.desc: can alloc a tokenId with label as "". - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(AccessTokenKitTest, AllocHapToken016, TestSize.Level1) -{ - std::string backup = g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].label; - std::string backUpPermission = g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName; - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].label = ""; - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = "ohos.permission.testtmp06"; - AllocTestToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); - - PermissionDef permDefResult; - int ret = AccessTokenKit::GetDefPermission( - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName, permDefResult); - ASSERT_EQ(ret, RET_SUCCESS); - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].label = backup; - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = backUpPermission; - - DeleteTestToken(); -} - -/** - * @tc.name: AllocHapToken017 - * @tc.desc: cannot alloc a tokenId with invalid permdef. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(AccessTokenKitTest, AllocHapToken017, TestSize.Level1) -{ - std::string backUpPermission = g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName; - std::string backupDec = g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].description; - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].description = ""; - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = "ohos.permission.testtmp07"; AllocTestToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); - PermissionDef permDefResult; - int ret = AccessTokenKit::GetDefPermission( - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName, permDefResult); - ASSERT_EQ(ret, RET_SUCCESS); - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].description = backupDec; - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = backUpPermission; - - DeleteTestToken(); + PermissionDef permDefResultBeta; + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, AccessTokenKit::GetDefPermission( + g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName, permDefResultBeta)); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, AccessTokenKit::GetDefPermission( + g_infoManagerTestPolicyPrams.permList[INDEX_ONE].permissionName, permDefResultBeta)); } void AccessTokenKitTest::GetDlpFlagTest(HapInfoParams info, HapPolicyParams policy, int flag) @@ -2504,22 +2289,15 @@ HWTEST_F(AccessTokenKitTest, AllocHapToken019, TestSize.Level1) */ HWTEST_F(AccessTokenKitTest, AvailableType001, TestSize.Level1) { - AccessTokenID tokenID = AllocTestToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); - ASSERT_NE(INVALID_TOKENID, tokenID); + PermissionDef permDef; - // test MDM permission - std::string permission = g_infoManagerTestPermDef1.permissionName; - ATokenAvailableTypeEnum type = g_infoManagerTestPermDef1.availableType; - PermissionDef permDef1; - ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetDefPermission(permission, permDef1)); - ASSERT_EQ(permDef1.availableType, type); + // test NORMAL permission + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetDefPermission("ohos.permission.CAMERA", permDef)); + ASSERT_EQ(permDef.availableType, ATokenAvailableTypeEnum::NORMAL); - // test NORMAL permission(default) - permission = g_infoManagerTestPermDef2.permissionName; - type = g_infoManagerTestPermDef2.availableType; - PermissionDef permDef2; - ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetDefPermission(permission, permDef2)); - ASSERT_EQ(permDef2.availableType, type); + // test MDM permission + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetDefPermission("ohos.permission.ENTERPRISE_MANAGE_WIFI", permDef)); + ASSERT_EQ(permDef.availableType, ATokenAvailableTypeEnum::MDM); } /** @@ -2564,10 +2342,9 @@ HWTEST_F(AccessTokenKitTest, UpdateHapToken001, TestSize.Level1) */ HWTEST_F(AccessTokenKitTest, UpdateHapToken002, TestSize.Level1) { - AccessTokenIDEx tokenIdEx = { - .tokenIdExStruct.tokenID = TEST_TOKENID_INVALID, - .tokenIdExStruct.tokenAttr = 0, - }; + AccessTokenIDEx tokenIdEx = {}; + tokenIdEx.tokenIdExStruct.tokenID = TEST_TOKENID_INVALID; + tokenIdEx.tokenIdExStruct.tokenAttr = 0; UpdateHapInfoParams info; info.appIDDesc = "appIDDesc"; info.apiVersion = DEFAULT_API_VERSION; @@ -2657,41 +2434,35 @@ HWTEST_F(AccessTokenKitTest, UpdateHapToken005, TestSize.Level1) std::string backup = g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName; g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = ""; - int ret = AccessTokenKit::UpdateHapToken(tokenIdEx, info, g_infoManagerTestPolicyPrams); - ret = AccessTokenKit::GetDefPermission( - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName, permDefResult); - ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(tokenIdEx, info, g_infoManagerTestPolicyPrams)); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, AccessTokenKit::GetDefPermission( + g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName, permDefResult)); g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = backup; g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = "ohos.permission.testtmp11"; backup = g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].bundleName; g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].bundleName = ""; - ret = AccessTokenKit::UpdateHapToken(tokenIdEx, info, g_infoManagerTestPolicyPrams); - ret = AccessTokenKit::GetDefPermission( - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName, permDefResult); - ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(tokenIdEx, info, g_infoManagerTestPolicyPrams)); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, AccessTokenKit::GetDefPermission( + g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName, permDefResult)); g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].bundleName = backup; g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = backUpPermission; g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = "ohos.permission.testtmp12"; backup = g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].label; g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].label = ""; - ret = AccessTokenKit::UpdateHapToken(tokenIdEx, info, g_infoManagerTestPolicyPrams); - ASSERT_EQ(RET_SUCCESS, ret); - ret = AccessTokenKit::GetDefPermission( - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName, permDefResult); - ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(tokenIdEx, info, g_infoManagerTestPolicyPrams)); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, AccessTokenKit::GetDefPermission( + g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName, permDefResult)); g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].label = backup; g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = backUpPermission; g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = "ohos.permission.testtmp13"; backup = g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].description; g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].description = ""; - ret = AccessTokenKit::UpdateHapToken(tokenIdEx, info, g_infoManagerTestPolicyPrams); - ASSERT_EQ(RET_SUCCESS, ret); - ret = AccessTokenKit::GetDefPermission( - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName, permDefResult); - ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(tokenIdEx, info, g_infoManagerTestPolicyPrams)); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, AccessTokenKit::GetDefPermission( + g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName, permDefResult)); g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].description = backup; g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = backUpPermission; @@ -2736,10 +2507,9 @@ HWTEST_F(AccessTokenKitTest, UpdateHapToken006, TestSize.Level1) info.appDistributionType = "enterprise_mdm"; info.isSystemApp = false; for (size_t i = 0; i < obj.size(); i++) { - AccessTokenIDEx idEx = { - .tokenIdExStruct.tokenID = obj[i], - .tokenIdExStruct.tokenAttr = 0, - }; + AccessTokenIDEx idEx = {}; + idEx.tokenIdExStruct.tokenID = obj[i]; + idEx.tokenIdExStruct.tokenAttr = 0; int ret = AccessTokenKit::UpdateHapToken(idEx, info, g_infoManagerTestPolicyPrams); if (RET_SUCCESS != ret) { updateFlag = 1; @@ -2767,7 +2537,6 @@ HWTEST_F(AccessTokenKitTest, UpdateHapToken006, TestSize.Level1) */ HWTEST_F(AccessTokenKitTest, UpdateHapToken007, TestSize.Level1) { - int ret; DeleteTestToken(); AccessTokenIDEx tokenIdEx = {0}; @@ -2777,8 +2546,8 @@ HWTEST_F(AccessTokenKitTest, UpdateHapToken007, TestSize.Level1) PermissionDef permDefResult; /* check permission define before update */ - ret = AccessTokenKit::GetDefPermission("ohos.permission.test3", permDefResult); - ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, AccessTokenKit::GetDefPermission( + "ohos.permission.test3", permDefResult)); std::string backUp = g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName; g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = "ohos.permission.test3"; @@ -2787,19 +2556,13 @@ HWTEST_F(AccessTokenKitTest, UpdateHapToken007, TestSize.Level1) info.apiVersion = DEFAULT_API_VERSION; info.isSystemApp = false; info.appDistributionType = "enterprise_mdm"; - ret = AccessTokenKit::UpdateHapToken(tokenIdEx, info, g_infoManagerTestPolicyPrams); - ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(tokenIdEx, info, g_infoManagerTestPolicyPrams)); g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName = backUp; GTEST_LOG_(INFO) << "permissionName :" << g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName; - ret = AccessTokenKit::GetDefPermission("ohos.permission.test3", permDefResult); - if (ret != RET_SUCCESS) { - ret = AccessTokenKit::DeleteToken(tokenID); - ASSERT_EQ(RET_SUCCESS, ret); - } - ASSERT_EQ(RET_SUCCESS, ret); - ASSERT_EQ("ohos.permission.test3", permDefResult.permissionName); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, AccessTokenKit::GetDefPermission( + "ohos.permission.test3", permDefResult)); ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); } @@ -2811,7 +2574,6 @@ HWTEST_F(AccessTokenKitTest, UpdateHapToken007, TestSize.Level1) */ HWTEST_F(AccessTokenKitTest, UpdateHapToken008, TestSize.Level1) { - int ret; const std::string appIDDesc = g_infoManagerTestInfoParms.appIDDesc; int backupMode = g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].grantMode; std::string backupLable = g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].label; @@ -2824,12 +2586,8 @@ HWTEST_F(AccessTokenKitTest, UpdateHapToken008, TestSize.Level1) PermissionDef permDefResult; /* check permission define before update */ - ret = AccessTokenKit::GetDefPermission( - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName, permDefResult); - ASSERT_EQ(RET_SUCCESS, ret); - ASSERT_EQ(g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName, permDefResult.permissionName); - ASSERT_EQ(g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].label, permDefResult.label); - ASSERT_EQ(g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].grantMode, permDefResult.grantMode); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, AccessTokenKit::GetDefPermission( + g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName, permDefResult)); g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].grantMode = 0; g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].label = "updated label"; @@ -2838,16 +2596,11 @@ HWTEST_F(AccessTokenKitTest, UpdateHapToken008, TestSize.Level1) info.apiVersion = DEFAULT_API_VERSION; info.isSystemApp = false; info.appDistributionType = "enterprise_mdm"; - ret = AccessTokenKit::UpdateHapToken(tokenIdEx, info, g_infoManagerTestPolicyPrams); - ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(tokenIdEx, info, g_infoManagerTestPolicyPrams)); /* check permission define after update */ - ret = AccessTokenKit::GetDefPermission( - g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName, permDefResult); - ASSERT_EQ(RET_SUCCESS, ret); - ASSERT_EQ(g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName, permDefResult.permissionName); - ASSERT_EQ(g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].label, permDefResult.label); - ASSERT_EQ(g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].grantMode, permDefResult.grantMode); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, AccessTokenKit::GetDefPermission( + g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].permissionName, permDefResult)); g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].label = backupLable; g_infoManagerTestPolicyPrams.permList[INDEX_ZERO].grantMode = backupMode; @@ -3070,16 +2823,7 @@ HWTEST_F(AccessTokenKitTest, GetNativeTokenInfo001, TestSize.Level1) NativeTokenInfo findInfo; int ret = AccessTokenKit::GetNativeTokenInfo(tokenID, findInfo); ASSERT_EQ(ret, AccessTokenError::ERR_PARAM_INVALID); -} -/** - * @tc.name: GetNativeTokenInfo002 - * @tc.desc: cannot get native token with invalid tokenID. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(AccessTokenKitTest, GetNativeTokenInfo002, TestSize.Level1) -{ AccessTokenID tokenHap = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); ASSERT_NE(INVALID_TOKENID, tokenHap); diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/app_installation_optimized_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/app_installation_optimized_test.cpp index f41836405..ed01608c5 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/app_installation_optimized_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/app_installation_optimized_test.cpp @@ -354,7 +354,7 @@ HWTEST_F(AppInstallationOptimizedTest, InitHapToken007, TestSize.Level1) g_testHapInfoParams.appDistributionType = ""; AccessTokenIDEx fullTokenId; int32_t res = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParam, fullTokenId); - EXPECT_EQ(ERR_PERM_REQUEST_CFG_FAILED, res); + EXPECT_EQ(RET_SUCCESS, res); } /** @@ -725,8 +725,7 @@ HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken006, TestSize.Level1) .permStateList = {g_infoManagerCameraState} }; AccessTokenIDEx fullTokenId; - int32_t res = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParam, fullTokenId); - EXPECT_EQ(RET_SUCCESS, res); + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParam, fullTokenId)); HapPolicyParams testPolicyParam2 = { .apl = APL_SYSTEM_BASIC, @@ -739,8 +738,7 @@ HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken006, TestSize.Level1) .isSystemApp = false }; info.appDistributionType = ""; - res = AccessTokenKit::UpdateHapToken(fullTokenId, info, testPolicyParam2); - EXPECT_EQ(ERR_PERM_REQUEST_CFG_FAILED, res); + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, info, testPolicyParam2)); ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID)); } diff --git a/interfaces/innerkits/privacy/test/unittest/src/privacy_kit_test.cpp b/interfaces/innerkits/privacy/test/unittest/src/privacy_kit_test.cpp index 69e4db493..8aec9013b 100644 --- a/interfaces/innerkits/privacy/test/unittest/src/privacy_kit_test.cpp +++ b/interfaces/innerkits/privacy/test/unittest/src/privacy_kit_test.cpp @@ -1118,12 +1118,12 @@ HWTEST_F(PrivacyKitTest, RegisterPermActiveStatusCallback001, TestSize.Level1) ASSERT_EQ(RET_NO_ERROR, PrivacyKit::StartUsingPermission(g_tokenIdE, "ohos.permission.CAMERA")); - usleep(500000); // 500000us = 0.5s + usleep(1000000); // 1000000us = 1s ASSERT_EQ(PERM_ACTIVE_IN_BACKGROUND, callbackPtr->type_); ASSERT_EQ(RET_NO_ERROR, PrivacyKit::StopUsingPermission(g_tokenIdE, "ohos.permission.CAMERA")); - usleep(500000); // 500000us = 0.5s + usleep(1000000); // 1000000us = 1s ASSERT_EQ(PERM_INACTIVE, callbackPtr->type_); ASSERT_EQ(RET_NO_ERROR, PrivacyKit::UnRegisterPermActiveStatusCallback(callbackPtr)); @@ -1170,11 +1170,11 @@ public: */ HWTEST_F(PrivacyKitTest, RegisterPermActiveStatusCallback002, TestSize.Level1) { - std::vector permList1 = {"ohos.permission.CAMERA"}; + std::vector permList1 = {"ohos.permission.READ_CONTACTS"}; auto callbackPtr1 = std::make_shared(permList1); callbackPtr1->type_ = PERM_INACTIVE; - std::vector permList2 = {"ohos.permission.MICROPHONE"}; + std::vector permList2 = {"ohos.permission.READ_MEDIA"}; auto callbackPtr2 = std::make_shared(permList2); callbackPtr2->type_ = PERM_INACTIVE; @@ -1186,29 +1186,29 @@ HWTEST_F(PrivacyKitTest, RegisterPermActiveStatusCallback002, TestSize.Level1) ASSERT_EQ(RET_NO_ERROR, PrivacyKit::RegisterPermActiveStatusCallback(callbackPtr2)); ASSERT_EQ(RET_NO_ERROR, PrivacyKit::RegisterPermActiveStatusCallback(callbackPtr3)); - ASSERT_EQ(RET_NO_ERROR, PrivacyKit::StartUsingPermission(g_tokenIdE, "ohos.permission.CAMERA")); + ASSERT_EQ(RET_NO_ERROR, PrivacyKit::StartUsingPermission(g_tokenIdE, "ohos.permission.READ_CONTACTS")); - usleep(500000); // 500000us = 0.5s - ASSERT_EQ(PERM_ACTIVE_IN_BACKGROUND, callbackPtr1->type_); - ASSERT_EQ(PERM_INACTIVE, callbackPtr2->type_); - ASSERT_EQ(PERM_ACTIVE_IN_BACKGROUND, callbackPtr3->type_); + usleep(1000000); // 1000000us = 1s + EXPECT_EQ(PERM_ACTIVE_IN_BACKGROUND, callbackPtr1->type_); + EXPECT_EQ(PERM_INACTIVE, callbackPtr2->type_); + EXPECT_EQ(PERM_ACTIVE_IN_BACKGROUND, callbackPtr3->type_); - ASSERT_EQ(RET_NO_ERROR, PrivacyKit::StopUsingPermission(g_tokenIdE, "ohos.permission.CAMERA")); + ASSERT_EQ(RET_NO_ERROR, PrivacyKit::StopUsingPermission(g_tokenIdE, "ohos.permission.READ_CONTACTS")); - usleep(500000); // 500000us = 0.5s - ASSERT_EQ(PERM_INACTIVE, callbackPtr1->type_); - ASSERT_EQ(PERM_INACTIVE, callbackPtr3->type_); + usleep(1000000); // 1000000us = 1s + EXPECT_EQ(PERM_INACTIVE, callbackPtr1->type_); + EXPECT_EQ(PERM_INACTIVE, callbackPtr3->type_); - ASSERT_EQ(RET_NO_ERROR, PrivacyKit::StartUsingPermission(g_tokenIdE, "ohos.permission.MICROPHONE")); + ASSERT_EQ(RET_NO_ERROR, PrivacyKit::StartUsingPermission(g_tokenIdE, "ohos.permission.READ_MEDIA")); - usleep(500000); // 500000us = 0.5s - ASSERT_EQ(PERM_INACTIVE, callbackPtr1->type_); - ASSERT_EQ(PERM_ACTIVE_IN_BACKGROUND, callbackPtr2->type_); + usleep(1000000); // 1000000us = 1s + EXPECT_EQ(PERM_INACTIVE, callbackPtr1->type_); + EXPECT_EQ(PERM_ACTIVE_IN_BACKGROUND, callbackPtr2->type_); - ASSERT_EQ(RET_NO_ERROR, PrivacyKit::StopUsingPermission(g_tokenIdE, "ohos.permission.MICROPHONE")); + ASSERT_EQ(RET_NO_ERROR, PrivacyKit::StopUsingPermission(g_tokenIdE, "ohos.permission.READ_MEDIA")); - usleep(500000); // 500000us = 0.5s - ASSERT_EQ(PERM_INACTIVE, callbackPtr2->type_); + usleep(1000000); // 1000000us = 1s + EXPECT_EQ(PERM_INACTIVE, callbackPtr2->type_); ASSERT_EQ(RET_NO_ERROR, PrivacyKit::UnRegisterPermActiveStatusCallback(callbackPtr1)); ASSERT_EQ(RET_NO_ERROR, PrivacyKit::UnRegisterPermActiveStatusCallback(callbackPtr2)); @@ -1433,17 +1433,17 @@ HWTEST_F(PrivacyKitTest, RegisterPermActiveStatusCallback012, TestSize.Level1) ASSERT_EQ(RET_NO_ERROR, PrivacyKit::StartUsingPermission(g_tokenIdE, "ohos.permission.READ_CALL_LOG")); - usleep(500000); // 500000us = 0.5s + usleep(1000000); // 1000000us = 1s ASSERT_NE(INVALID_TOKENID, callbackPtr->callingTokenID_); ASSERT_NE(INVALID_USED_TYPE, callbackPtr->usedType_); ASSERT_NE(NOT_EXSIT_PID, callbackPtr->pid_); ASSERT_EQ(RET_NO_ERROR, PrivacyKit::StopUsingPermission(g_tokenIdE, "ohos.permission.READ_CALL_LOG")); - usleep(500000); // 500000us = 0.5s + usleep(1000000); // 1000000us = 1s ASSERT_EQ(RET_NO_ERROR, PrivacyKit::StartUsingPermission( g_tokenIdE, "ohos.permission.READ_CALL_LOG", NOT_EXSIT_PID)); - usleep(500000); // 500000us = 0.5s + usleep(1000000); // 1000000us = 1s ASSERT_EQ(NOT_EXSIT_PID, callbackPtr->pid_); @@ -1537,7 +1537,7 @@ HWTEST_F(PrivacyKitTest, StartUsingPermission003, TestSize.Level1) ASSERT_EQ(RET_NO_ERROR, PrivacyKit::StartUsingPermission(g_tokenIdE, permissionName)); ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(g_tokenIdE, permissionName, 1, 0)); - usleep(500000); // 500000us = 0.5s + usleep(1000000); // 1000000us = 1s ASSERT_EQ(RET_NO_ERROR, PrivacyKit::StopUsingPermission(g_tokenIdE, permissionName)); PermissionUsedRequest request; @@ -1840,7 +1840,7 @@ HWTEST_F(PrivacyKitTest, StopUsingPermission007, TestSize.Level1) ASSERT_EQ(RET_NO_ERROR, PrivacyKit::StartUsingPermission(g_tokenIdE, permissionName)); ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(g_tokenIdE, permissionName, 1, 0)); - usleep(500000); // 500000us = 0.5s + usleep(1000000); // 1000000us = 1s ASSERT_EQ(RET_NO_ERROR, PrivacyKit::StopUsingPermission(g_tokenIdE, permissionName)); PermissionUsedRequest request; diff --git a/services/accesstokenmanager/BUILD.gn b/services/accesstokenmanager/BUILD.gn index becae31e7..9fa2fc93c 100644 --- a/services/accesstokenmanager/BUILD.gn +++ b/services/accesstokenmanager/BUILD.gn @@ -85,7 +85,6 @@ if (is_standard_system) { "main/cpp/src/form_manager/form_manager_death_recipient.cpp", "main/cpp/src/form_manager/form_status_change_callback.cpp", "main/cpp/src/permission/permission_data_brief.cpp", - "main/cpp/src/permission/permission_definition_cache.cpp", "main/cpp/src/permission/permission_grant_event.cpp", "main/cpp/src/permission/permission_manager.cpp", "main/cpp/src/permission/permission_validator.cpp", diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h b/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h deleted file mode 100644 index 951460a1f..000000000 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Copyright (c) 2021-2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef PERMISSION_DEFINITION_CACHE_H -#define PERMISSION_DEFINITION_CACHE_H - -#include -#include - -#include "data_translator.h" -#include "permission_def.h" - -#include "rwlock.h" -#include "nocopyable.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -class PermissionDefinitionCache final { -public: - static PermissionDefinitionCache& GetInstance(); - - virtual ~PermissionDefinitionCache(); - - bool Insert(const PermissionDef& info, AccessTokenID tokenId); - - bool Update(const PermissionDef& info, AccessTokenID tokenId); - - void DeleteByToken(AccessTokenID tokenId); - - int FindByPermissionName(const std::string& permissionName, PermissionDef& info); - - bool IsSystemGrantedPermission(const std::string& permissionName); - - bool IsUserGrantedPermission(const std::string& permissionName); - - bool HasDefinition(const std::string& permissionName); - - bool IsHapPermissionDefEmpty(); - - void StorePermissionDef(std::vector& valueList); - - void StorePermissionDef(AccessTokenID tokenID, std::vector& valueList); - - int32_t RestorePermDefInfo(std::vector& permDefRes); - - bool HasHapPermissionDefinitionForHap(const std::string& permissionName); - - uint32_t GetDefPermissionsSize(); - - bool IsKernelPermission(const std::string& permissionName); - - bool IsPermissionHasValue(const std::string& permissionName); - -private: - PermissionDefinitionCache(); - - bool IsGrantedModeEqualInner(const std::string& permissionName, int grantMode) const; - - DISALLOW_COPY_AND_MOVE(PermissionDefinitionCache); - - /** - * key: the permission name. - * value: the object of PermissionDefData. - */ - std::map permissionDefinitionMap_; - - bool hasHapPermissionDefinition_ = false; - - OHOS::Utils::RWLock cacheLock_; -}; -} // namespace AccessToken -} // namespace Security -} // namespace OHOS -#endif // PERMISSION_DEFINITION_CACHE_H diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h index 47d4a51f9..e0b4eb58c 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h @@ -58,12 +58,8 @@ public: void RegisterApplicationCallback(); void RegisterAppManagerDeathCallback(); - void AddDefPermissions(const std::vector& permList, AccessTokenID tokenId, - bool updateFlag); - void RemoveDefPermissions(AccessTokenID tokenID); int VerifyHapAccessToken(AccessTokenID tokenID, const std::string& permissionName); PermUsedTypeEnum GetPermissionUsedType(AccessTokenID tokenID, const std::string& permissionName); - int GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult); int GetReqPermissions( AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant); int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag); diff --git a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h index ecb31e947..e2819047c 100644 --- a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h +++ b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h @@ -110,7 +110,7 @@ private: std::string GetHapUniqueStr(const int& userID, const std::string& bundleName, const int& instIndex) const; int AddHapTokenInfoToDb(const std::shared_ptr& hapInfo, const std::string& appId, const HapPolicy& policy, bool isUpdate); - int RemoveHapTokenInfoFromDb(AccessTokenID tokenID); + int RemoveHapTokenInfoFromDb(const std::shared_ptr& info); int CreateRemoteHapTokenInfo(AccessTokenID mapID, HapTokenInfoForSync& hapSync); int UpdateRemoteHapTokenInfo(AccessTokenID mapID, HapTokenInfoForSync& hapSync); void PermissionStateNotify(const std::shared_ptr& info, AccessTokenID id); @@ -135,6 +135,7 @@ private: bool IsPermissionReqValid(int32_t tokenApl, const std::string& permissionName, const std::vector& nativeAcls); int32_t GetNativeCfgInfo(std::vector& tokenInfos); + void NativeTokenStateToString(const NativeTokenInfoBase& native, std::string& info, std::string& invalidPermString); void NativeTokenToString(AccessTokenID tokenID, std::string& info); int32_t CheckHapInfoParam(const HapInfoParams& info, const HapPolicy& policy); void UpdateHapToKernel(AccessTokenID tokenID, int32_t userId); diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp index bcf40f07f..0d429b80d 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp @@ -30,7 +30,6 @@ #include "data_validator.h" #include "token_field_const.h" #include "data_translator.h" -#include "permission_definition_cache.h" namespace OHOS { namespace Security { @@ -63,14 +62,14 @@ bool PermissionDataBrief::GetPermissionBriefData( briefPermData.status = static_cast(permState.grantStatus); briefPermData.permCode = code; briefPermData.flag = permState.grantFlag; - if (PermissionDefinitionCache::GetInstance().IsKernelPermission(permState.permissionName)) { + if (IsKernelPermission(permState.permissionName)) { briefPermData.type = IS_KERNEL_EFFECT; } else { briefPermData.type = 0; } uint64_t key = (static_cast(tokenID) << 32) | briefPermData.permCode; - if (PermissionDefinitionCache::GetInstance().IsPermissionHasValue(permState.permissionName)) { + if (IsPermissionHasValue(permState.permissionName)) { auto iter = aclExtendedMap.find(permState.permissionName); if (iter != aclExtendedMap.end()) { extendedValue_[key] = iter->second; diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp deleted file mode 100644 index da0545f30..000000000 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp +++ /dev/null @@ -1,220 +0,0 @@ -/* - * Copyright (c) 2021-2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "permission_definition_cache.h" - -#include -#include "access_token.h" -#include "access_token_error.h" -#include "accesstoken_common_log.h" -#include "generic_values.h" -#include "token_field_const.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -static const int32_t EXTENSION_PERMISSION_ID = 0; -std::recursive_mutex g_instanceMutex; -} - -PermissionDefinitionCache& PermissionDefinitionCache::GetInstance() -{ - static PermissionDefinitionCache* instance = nullptr; - if (instance == nullptr) { - std::lock_guard lock(g_instanceMutex); - if (instance == nullptr) { - PermissionDefinitionCache* tmp = new PermissionDefinitionCache(); - instance = std::move(tmp); - } - } - return *instance; -} - -PermissionDefinitionCache::PermissionDefinitionCache() -{} - -PermissionDefinitionCache::~PermissionDefinitionCache() -{} - -bool PermissionDefinitionCache::Insert(const PermissionDef& info, AccessTokenID tokenId) -{ - Utils::UniqueWriteGuard cacheGuard(this->cacheLock_); - auto it = permissionDefinitionMap_.find(info.permissionName); - if (it != permissionDefinitionMap_.end()) { - LOGD(ATM_DOMAIN, ATM_TAG, "Info for permission: %{public}s has been insert, please check!", - info.permissionName.c_str()); - return false; - } - permissionDefinitionMap_[info.permissionName].permDef = info; - permissionDefinitionMap_[info.permissionName].tokenId = tokenId; - if (!hasHapPermissionDefinition_ && (tokenId != EXTENSION_PERMISSION_ID)) { - hasHapPermissionDefinition_ = true; - } - return true; -} - -bool PermissionDefinitionCache::Update(const PermissionDef& info, AccessTokenID tokenId) -{ - Utils::UniqueWriteGuard cacheGuard(this->cacheLock_); - permissionDefinitionMap_[info.permissionName].permDef = info; - permissionDefinitionMap_[info.permissionName].tokenId = tokenId; - return true; -} - -void PermissionDefinitionCache::DeleteByToken(AccessTokenID tokenId) -{ - Utils::UniqueWriteGuard cacheGuard(this->cacheLock_); - auto it = permissionDefinitionMap_.begin(); - while (it != permissionDefinitionMap_.end()) { - if (tokenId == it->second.tokenId) { - it = permissionDefinitionMap_.erase(it); - } else { - ++it; - } - } -} - -int PermissionDefinitionCache::FindByPermissionName(const std::string& permissionName, PermissionDef& info) -{ - Utils::UniqueReadGuard cacheGuard(this->cacheLock_); - auto it = permissionDefinitionMap_.find(permissionName); - if (it == permissionDefinitionMap_.end()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Can not find definition info for permission: %{public}s", - permissionName.c_str()); - return AccessTokenError::ERR_PERMISSION_NOT_EXIST; - } - info = it->second.permDef; - return RET_SUCCESS; -} - -bool PermissionDefinitionCache::IsSystemGrantedPermission(const std::string& permissionName) -{ - Utils::UniqueReadGuard cacheGuard(this->cacheLock_); - return IsGrantedModeEqualInner(permissionName, SYSTEM_GRANT); -} - -bool PermissionDefinitionCache::IsUserGrantedPermission(const std::string& permissionName) -{ - Utils::UniqueReadGuard cacheGuard(this->cacheLock_); - return IsGrantedModeEqualInner(permissionName, USER_GRANT); -} - -bool PermissionDefinitionCache::IsGrantedModeEqualInner(const std::string& permissionName, int grantMode) const -{ - auto it = permissionDefinitionMap_.find(permissionName); - if (it == permissionDefinitionMap_.end()) { - return false; - } - return it->second.permDef.grantMode == grantMode; -} - -bool PermissionDefinitionCache::HasDefinition(const std::string& permissionName) -{ - Utils::UniqueReadGuard cacheGuard(this->cacheLock_); - auto it = permissionDefinitionMap_.find(permissionName); - if (it != permissionDefinitionMap_.end()) { - return true; - } - return false; -} - -bool PermissionDefinitionCache::HasHapPermissionDefinitionForHap(const std::string& permissionName) -{ - Utils::UniqueReadGuard cacheGuard(this->cacheLock_); - auto it = permissionDefinitionMap_.find(permissionName); - if ((it != permissionDefinitionMap_.end()) && (it->second.tokenId != EXTENSION_PERMISSION_ID)) { - return true; - } - return false; -} - -bool PermissionDefinitionCache::IsHapPermissionDefEmpty() -{ - Utils::UniqueReadGuard cacheGuard(this->cacheLock_); - return !hasHapPermissionDefinition_; -} - -void PermissionDefinitionCache::StorePermissionDef(std::vector& valueList) -{ - Utils::UniqueReadGuard cacheGuard(this->cacheLock_); - auto it = permissionDefinitionMap_.begin(); - while (it != permissionDefinitionMap_.end()) { - GenericValues genericValues; - genericValues.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(it->second.tokenId)); - DataTranslator::TranslationIntoGenericValues(it->second.permDef, genericValues); - valueList.emplace_back(genericValues); - ++it; - } -} - -void PermissionDefinitionCache::StorePermissionDef(AccessTokenID tokenID, std::vector& valueList) -{ - Utils::UniqueReadGuard cacheGuard(this->cacheLock_); - auto it = permissionDefinitionMap_.begin(); - while (it != permissionDefinitionMap_.end()) { - if (tokenID == it->second.tokenId) { - GenericValues genericValues; - genericValues.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(it->second.tokenId)); - DataTranslator::TranslationIntoGenericValues(it->second.permDef, genericValues); - valueList.emplace_back(genericValues); - } - ++it; - } -} - -int32_t PermissionDefinitionCache::RestorePermDefInfo(std::vector& permDefRes) -{ - for (const GenericValues& defValue : permDefRes) { - PermissionDef def; - AccessTokenID tokenId = (AccessTokenID)defValue.GetInt(TokenFiledConst::FIELD_TOKEN_ID); - int32_t ret = DataTranslator::TranslationIntoPermissionDef(defValue, def); - if (ret != RET_SUCCESS) { - LOGE(ATM_DOMAIN, ATM_TAG, "TokenId 0x%{public}x permDef is wrong.", tokenId); - return ret; - } - Insert(def, tokenId); - } - return RET_SUCCESS; -} - -uint32_t PermissionDefinitionCache::GetDefPermissionsSize() -{ - Utils::UniqueReadGuard cacheGuard(this->cacheLock_); - return static_cast(permissionDefinitionMap_.size()); -} - -bool PermissionDefinitionCache::IsKernelPermission(const std::string& permissionName) -{ - Utils::UniqueReadGuard cacheGuard(this->cacheLock_); - auto it = permissionDefinitionMap_.find(permissionName); - if ((it == permissionDefinitionMap_.end())) { - return false; - } - return it->second.permDef.isKernelEffect; -} - -bool PermissionDefinitionCache::IsPermissionHasValue(const std::string& permissionName) -{ - Utils::UniqueReadGuard cacheGuard(this->cacheLock_); - auto it = permissionDefinitionMap_.find(permissionName); - if ((it == permissionDefinitionMap_.end())) { - return false; - } - return it->second.permDef.hasValue; -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index a9add0e9c..5cc65a675 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -35,7 +35,6 @@ #include "ipc_skeleton.h" #include "hisysevent_adapter.h" #include "parameter.h" -#include "permission_definition_cache.h" #include "short_grant_manager.h" #include "permission_map.h" #include "permission_validator.h" @@ -100,32 +99,6 @@ PermissionManager::PermissionManager() PermissionManager::~PermissionManager() {} -void PermissionManager::AddDefPermissions(const std::vector& permList, AccessTokenID tokenId, - bool updateFlag) -{ - std::vector permFilterList; - PermissionValidator::FilterInvalidPermissionDef(permList, permFilterList); - for (const auto& perm : permFilterList) { - if (updateFlag) { - PermissionDefinitionCache::GetInstance().Update(perm, tokenId); - continue; - } - - if (!PermissionDefinitionCache::GetInstance().HasDefinition(perm.permissionName)) { - PermissionDefinitionCache::GetInstance().Insert(perm, tokenId); - } else { - PermissionDefinitionCache::GetInstance().Update(perm, tokenId); - LOGI(ATM_DOMAIN, ATM_TAG, "Permission %{public}s has define", perm.permissionName.c_str()); - } - } -} - -void PermissionManager::RemoveDefPermissions(AccessTokenID tokenID) -{ - LOGI(ATM_DOMAIN, ATM_TAG, "tokenID: %{public}u", tokenID); - PermissionDefinitionCache::GetInstance().DeleteByToken(tokenID); -} - int PermissionManager::VerifyHapAccessToken(AccessTokenID tokenID, const std::string& permissionName) { return HapTokenInfoInner::VerifyPermissionStatus(tokenID, permissionName); // 从data获取 @@ -145,20 +118,10 @@ PermUsedTypeEnum PermissionManager::GetPermissionUsedType( return ret; } -int PermissionManager::GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult) -{ - if (!PermissionValidator::IsPermissionNameValid(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Invalid params!"); - return AccessTokenError::ERR_PARAM_INVALID; - } - return PermissionDefinitionCache::GetInstance().FindByPermissionName(permissionName, permissionDefResult); -} - int PermissionManager::GetReqPermissions( AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) { - LOGD(ATM_DOMAIN, ATM_TAG, "%{public}s called, tokenID: %{public}u, isSystemGrant: %{public}d", - __func__, tokenID, isSystemGrant); + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}u, isSystemGrant: %{public}d", tokenID, isSystemGrant); std::shared_ptr infoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenID); if (infoPtr == nullptr) { LOGE(ATM_DOMAIN, ATM_TAG, "Token %{public}u is invalid.", tokenID); @@ -172,9 +135,12 @@ int PermissionManager::GetReqPermissions( return ret; } for (const auto& perm : tmpList) { - PermissionDef permDef; - GetDefPermission(perm.permissionName, permDef); - if (permDef.grantMode == mode) { + PermissionBriefDef briefDef; + if (!GetPermissionBriefDef(perm.permissionName, briefDef)) { + continue; + } + + if (briefDef.grantMode == mode) { reqPermList.emplace_back(perm); } } @@ -185,7 +151,7 @@ static bool IsPermissionRequestedInHap(const std::vector& perm PermissionListState& permState, int32_t& status, uint32_t& flag) { const std::string permission = permState.permissionName; - if (!PermissionDefinitionCache::GetInstance().HasHapPermissionDefinitionForHap(permission)) { + if (!IsPermissionValidForHap(permission)) { LOGE(ATM_DOMAIN, ATM_TAG, "No definition for hap permission: %{public}s!", permission.c_str()); permState.errorReason = PERM_INVALID; return false; @@ -279,13 +245,12 @@ void PermissionManager::GetSelfPermissionState(const std::vector infoGuard(this->permParamSetLock_); - if (filtered || (PermissionDefinitionCache::GetInstance().IsUserGrantedPermission(permissionName) && + if (filtered || (IsUserGrantPermission(permissionName) && ((flag != PERMISSION_GRANTED_BY_POLICY) && (flag != PERMISSION_SYSTEM_FIXED)))) { paramValue_++; LOGD(ATM_DOMAIN, ATM_TAG, @@ -481,7 +446,7 @@ int32_t PermissionManager::CheckAndUpdatePermission(AccessTokenID tokenID, const LOGE(ATM_DOMAIN, ATM_TAG, "permissionName: %{public}s, Invalid params!", permissionName.c_str()); return AccessTokenError::ERR_PARAM_INVALID; } - if (!PermissionDefinitionCache::GetInstance().HasDefinition(permissionName)) { + if (!IsDefinedPermission(permissionName)) { LOGE(ATM_DOMAIN, ATM_TAG, "No definition for permission: %{public}s!", permissionName.c_str()); return AccessTokenError::ERR_PERMISSION_NOT_EXIST; } @@ -502,26 +467,23 @@ int32_t PermissionManager::CheckAndUpdatePermission(AccessTokenID tokenID, const int32_t PermissionManager::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) { - LOGI(ATM_DOMAIN, ATM_TAG, - "%{public}s called, tokenID: %{public}u, permissionName: %{public}s, flag: %{public}d", - __func__, tokenID, permissionName.c_str(), flag); + LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}u, permissionName: %{public}s, flag: %{public}d", + tokenID, permissionName.c_str(), flag); return CheckAndUpdatePermission(tokenID, permissionName, true, flag); } int32_t PermissionManager::RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) { - LOGI(ATM_DOMAIN, ATM_TAG, - "%{public}s called, tokenID: %{public}u, permissionName: %{public}s, flag: %{public}d", - __func__, tokenID, permissionName.c_str(), flag); + LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}u, permissionName: %{public}s, flag: %{public}d", + tokenID, permissionName.c_str(), flag); return CheckAndUpdatePermission(tokenID, permissionName, false, flag); } int32_t PermissionManager::GrantPermissionForSpecifiedTime( AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime) { - LOGI(ATM_DOMAIN, ATM_TAG, - "%{public}s called, tokenID: %{public}u, permissionName: %{public}s, onceTime: %{public}d", - __func__, tokenID, permissionName.c_str(), onceTime); + LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}u, permissionName: %{public}s, onceTime: %{public}d", + tokenID, permissionName.c_str(), onceTime); return ShortGrantManager::GetInstance().RefreshPermission(tokenID, permissionName, onceTime); } @@ -553,7 +515,7 @@ int32_t PermissionManager::ScopeFilter(const PermStateChangeScope& scopeSrc, Per } std::set permSet; for (const auto& permissionName : scopeSrc.permList) { - if (PermissionDefinitionCache::GetInstance().HasDefinition(permissionName) && + if (IsDefinedPermission(permissionName) && permSet.count(permissionName) == 0) { scopeRes.permList.emplace_back(permissionName); permSet.insert(permissionName); @@ -619,7 +581,7 @@ bool PermissionManager::IsPermissionVaild(const std::string& permissionName) return false; } - if (!PermissionDefinitionCache::GetInstance().HasDefinition(permissionName)) { + if (!IsDefinedPermission(permissionName)) { LOGW(ATM_DOMAIN, ATM_TAG, "Permission %{public}s has no definition ", permissionName.c_str()); return false; } @@ -832,50 +794,53 @@ void PermissionManager::SetPermToKernel( tokenID, permissionName.c_str(), ret); } -bool IsAclSatisfied(const PermissionDef& permDef, const HapPolicy& policy) +bool IsAclSatisfied(const PermissionBriefDef& briefDef, const HapPolicy& policy) { + LOGI(ATM_DOMAIN, ATM_TAG, "permission %{public}s apl is %{public}d, policy apl is %{public}d.", + briefDef.permissionName, briefDef.availableLevel, policy.apl); if (policy.checkIgnore == HapPolicyCheckIgnore::ACL_IGNORE_CHECK) { - LOGI(ATM_DOMAIN, ATM_TAG, "%{public}s ignore acl check.", permDef.permissionName.c_str()); + LOGI(ATM_DOMAIN, ATM_TAG, "%{public}s ignore acl check.", briefDef.permissionName); return true; } - if (policy.apl < permDef.availableLevel) { - if (!permDef.provisionEnable) { - LOGE(ATM_DOMAIN, ATM_TAG, "%{public}s provisionEnable is false.", permDef.permissionName.c_str()); + if (policy.apl < briefDef.availableLevel) { + if (!briefDef.provisionEnable) { + LOGE(ATM_DOMAIN, ATM_TAG, "%{public}s provisionEnable is false.", briefDef.permissionName); return false; } bool isAclExist = false; - if (permDef.hasValue) { + if (briefDef.hasValue) { isAclExist = std::any_of( - policy.aclExtendedMap.begin(), policy.aclExtendedMap.end(), [permDef](const auto &perm) { - return permDef.permissionName == perm.first; + policy.aclExtendedMap.begin(), policy.aclExtendedMap.end(), [briefDef](const auto &perm) { + return std::string(briefDef.permissionName) == perm.first; }); } else { isAclExist = std::any_of( - policy.aclRequestedList.begin(), policy.aclRequestedList.end(), [permDef](const auto &perm) { - return permDef.permissionName == perm; + policy.aclRequestedList.begin(), policy.aclRequestedList.end(), [briefDef](const auto &perm) { + LOGI(ATM_DOMAIN, ATM_TAG, "perm is %{public}s", perm.c_str()); + return std::string(briefDef.permissionName) == perm; }); } if (!isAclExist) { - LOGE(ATM_DOMAIN, ATM_TAG, "%{public}s need acl.", permDef.permissionName.c_str()); + LOGE(ATM_DOMAIN, ATM_TAG, "%{public}s need acl.", briefDef.permissionName); return false; } } return true; } -bool IsPermAvailableRangeSatisfied(const PermissionDef& permDef, const std::string& appDistributionType) +bool IsPermAvailableRangeSatisfied(const PermissionBriefDef& briefDef, const std::string& appDistributionType) { - if (permDef.availableType == ATokenAvailableTypeEnum::MDM) { + if (briefDef.availableType == ATokenAvailableTypeEnum::MDM) { if (appDistributionType == "none") { LOGI(ATM_DOMAIN, ATM_TAG, "Debug app use permission: %{public}s.", - permDef.permissionName.c_str()); + briefDef.permissionName); return true; } if (appDistributionType != APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM) { LOGE(ATM_DOMAIN, ATM_TAG, "%{public}s is a mdm permission, the hap is not a mdm application.", - permDef.permissionName.c_str()); + briefDef.permissionName); return false; } } @@ -920,32 +885,31 @@ bool PermissionManager::InitPermissionList(const std::string& appDistributionTyp policy.permStateList.size(), policy.preAuthorizationInfo.size(), policy.aclRequestedList.size()); for (auto state : policy.permStateList) { - PermissionDef permDef; - int32_t ret = PermissionManager::GetInstance().GetDefPermission( - state.permissionName, permDef); - if (ret != AccessToken::AccessTokenKitRet::RET_SUCCESS) { - LOGE(ATM_DOMAIN, ATM_TAG, "Get definition of %{public}s failed, ret = %{public}d.", - state.permissionName.c_str(), ret); + PermissionBriefDef briefDef; + if (!GetPermissionBriefDef(state.permissionName, briefDef)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Get definition of %{public}s failed.", + state.permissionName.c_str()); continue; } - if (!IsAclSatisfied(permDef, policy)) { + + if (!IsAclSatisfied(briefDef, policy)) { result.permCheckResult.permissionName = state.permissionName; result.permCheckResult.rule = PERMISSION_ACL_RULE; - LOGE(ATM_DOMAIN, ATM_TAG, "Acl of %{public}s is invalid.", permDef.permissionName.c_str()); + LOGE(ATM_DOMAIN, ATM_TAG, "Acl of %{public}s is invalid.", briefDef.permissionName); return false; } // edm check - if (!IsPermAvailableRangeSatisfied(permDef, appDistributionType)) { + if (!IsPermAvailableRangeSatisfied(briefDef, appDistributionType)) { result.permCheckResult.permissionName = state.permissionName; result.permCheckResult.rule = PERMISSION_EDM_RULE; - LOGE(ATM_DOMAIN, ATM_TAG, "Available range of %{public}s is invalid.", permDef.permissionName.c_str()); + LOGE(ATM_DOMAIN, ATM_TAG, "Available range of %{public}s is invalid.", briefDef.permissionName); return false; } state.grantFlag = PERMISSION_DEFAULT_FLAG; state.grantStatus = PERMISSION_DENIED; - if (permDef.grantMode == AccessToken::GrantMode::SYSTEM_GRANT) { + if (briefDef.grantMode == AccessToken::GrantMode::SYSTEM_GRANT) { state.grantFlag = PERMISSION_SYSTEM_FIXED; state.grantStatus = PERMISSION_GRANTED; initializedList.emplace_back(state); diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp index 9e21164a8..941fafe1f 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp @@ -19,7 +19,7 @@ #include "access_token.h" #include "accesstoken_common_log.h" #include "data_validator.h" -#include "permission_definition_cache.h" +#include "permission_map.h" namespace OHOS { namespace Security { @@ -92,7 +92,7 @@ bool PermissionValidator::IsPermissionAvailable(ATokenTypeEnum tokenType, const { LOGD(ATM_DOMAIN, ATM_TAG, "TokenType is %{public}d.", tokenType); if (tokenType == TOKEN_HAP) { - if (!PermissionDefinitionCache::GetInstance().HasHapPermissionDefinitionForHap(permissionName)) { + if (!IsPermissionValidForHap(permissionName)) { LOGE(ATM_DOMAIN, ATM_TAG, "%{public}s is not defined for hap.", permissionName.c_str()); return false; } diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index 55bea95e5..75a36e66a 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -19,11 +19,13 @@ #include "access_token.h" #include "access_token_error.h" +#include "access_token_db.h" #include "accesstoken_dfx_define.h" #include "accesstoken_id_manager.h" #include "accesstoken_info_manager.h" #include "accesstoken_common_log.h" #include "constant_common.h" +#include "data_validator.h" #include "hap_token_info.h" #include "hap_token_info_inner.h" #include "hisysevent_adapter.h" @@ -36,9 +38,12 @@ #include "parameter.h" #include "permission_list_state.h" #include "permission_manager.h" +#include "permission_map.h" +#include "permission_validator.h" #include "short_grant_manager.h" #include "string_ex.h" #include "system_ability_definition.h" +#include "token_field_const.h" #ifdef TOKEN_SYNC_ENABLE #include "token_modify_notifier.h" #endif // TOKEN_SYNC_ENABLE @@ -161,7 +166,42 @@ int AccessTokenManagerService::GetDefPermission( const std::string& permissionName, PermissionDefParcel& permissionDefResult) { LOGI(ATM_DOMAIN, ATM_TAG, "Permission: %{public}s", permissionName.c_str()); - return PermissionManager::GetInstance().GetDefPermission(permissionName, permissionDefResult.permissionDef); + + // for ipc call not by accesstoken client + if (!DataValidator::IsPermissionNameValid(permissionName)) { + LOGE(ATM_DOMAIN, ATM_TAG, "PermissionName is invalid"); + return AccessTokenError::ERR_PARAM_INVALID; + } + + PermissionBriefDef briefDef; + if (!GetPermissionBriefDef(permissionName, briefDef)) { + return AccessTokenError::ERR_PERMISSION_NOT_EXIST; + } + + ConvertPermissionBriefToDef(briefDef, permissionDefResult.permissionDef); + + if (briefDef.grantMode == GrantMode::SYSTEM_GRANT) { + return 0; + } + + GenericValues conditionValue; + conditionValue.Put(TokenFiledConst::FIELD_PERMISSION_NAME, permissionName); + + std::vector results; + int32_t res = AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_PERMISSION_DEF, conditionValue, results); + if (res != 0) { + return res; + } + + if (results.empty()) { + // user grant permission has define in map, not exsit in db + return AccessTokenError::ERR_SERVICE_ABNORMAL; + } + + permissionDefResult.permissionDef.labelId = results[0].GetInt(TokenFiledConst::FIELD_LABEL_ID); + permissionDefResult.permissionDef.descriptionId = results[0].GetInt(TokenFiledConst::FIELD_DESCRIPTION_ID); + + return 0; } int AccessTokenManagerService::GetReqPermissions( diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index 26dfb2044..bb5da2f72 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -40,7 +40,6 @@ #include "hisysevent_adapter.h" #include "ipc_skeleton.h" #include "json_parse_loader.h" -#include "permission_definition_cache.h" #include "permission_manager.h" #include "permission_map.h" #include "permission_validator.h" @@ -63,7 +62,7 @@ static const int MAX_PTHREAD_NAME_LEN = 15; // pthread name max length static const char* ACCESS_TOKEN_PACKAGE_NAME = "ohos.security.distributed_token_sync"; #endif static const char* DUMP_JSON_PATH = "/data/service/el1/public/access_token/nativetoken.log"; -static const int32_t EXTENSION_PERMISSION_ID = 0; +static const char* SYSTEM_RESOURCE_BUNDLE_NAME = "ohos.global.systemres"; } AccessTokenInfoManager::AccessTokenInfoManager() : hasInited_(false) {} @@ -108,7 +107,7 @@ void AccessTokenInfoManager::Init() uint32_t nativeSize = tokenInfos.size(); InitHapTokenInfos(hapSize); InitNativeTokenInfos(tokenInfos); - uint32_t pefDefSize = PermissionDefinitionCache::GetInstance().GetDefPermissionsSize(); + uint32_t pefDefSize = GetDefPermissionsSize(); ReportSysEventServiceStart(getpid(), hapSize, nativeSize, pefDefSize); LOGI(ATM_DOMAIN, ATM_TAG, "InitTokenInfo end, hapSize %{public}d, nativeSize %{public}d, pefDefSize %{public}d.", hapSize, nativeSize, pefDefSize); @@ -121,18 +120,15 @@ void AccessTokenInfoManager::Init() DlpPermissionSetManager::GetInstance().ProcessDlpPermInfos(dlpPerms); } #endif - std::vector permDefList; - ret = policy->GetAllPermissionDef(permDefList); - if (ret != RET_SUCCESS) { - ReportSysEventServiceStartError(INIT_PERM_DEF_JSON_ERROR, "GetAllPermissionDef from json fail.", ret); - } - for (const auto& perm : permDefList) { - PermissionDefinitionCache::GetInstance().Insert(perm, EXTENSION_PERMISSION_ID); - } hasInited_ = true; LOGI(ATM_DOMAIN, ATM_TAG, "Init success"); } +static bool IsSystemResource(const std::string& bundleName) +{ + return std::string(SYSTEM_RESOURCE_BUNDLE_NAME) == bundleName; +} + #ifdef TOKEN_SYNC_ENABLE void AccessTokenInfoManager::InitDmCallback(void) { @@ -157,17 +153,12 @@ void AccessTokenInfoManager::InitHapTokenInfos(uint32_t& hapSize) { GenericValues conditionValue; std::vector hapTokenRes; - std::vector permDefRes; std::vector permStateRes; std::vector extendedPermRes; int32_t ret = AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_HAP_INFO, conditionValue, hapTokenRes); if (ret != RET_SUCCESS || hapTokenRes.empty()) { ReportSysEventServiceStartError(INIT_HAP_TOKENINFO_ERROR, "Load hap from db fail.", ret); } - ret = AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_PERMISSION_DEF, conditionValue, permDefRes); - if (ret != RET_SUCCESS || permDefRes.empty()) { - ReportSysEventServiceStartError(INIT_HAP_TOKENINFO_ERROR, "Load perm def from db fail.", ret); - } ret = AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_PERMISSION_STATE, conditionValue, permStateRes); if (ret != RET_SUCCESS || permStateRes.empty()) { ReportSysEventServiceStartError(INIT_HAP_TOKENINFO_ERROR, "Load perm state from db fail.", ret); @@ -177,7 +168,6 @@ void AccessTokenInfoManager::InitHapTokenInfos(uint32_t& hapSize) if (ret != RET_SUCCESS) { // extendedPermRes may be empty ReportSysEventServiceStartError(INIT_HAP_TOKENINFO_ERROR, "Load exetended value from db fail.", ret); } - PermissionDefinitionCache::GetInstance().RestorePermDefInfo(permDefRes); for (const GenericValues& tokenValue : hapTokenRes) { AccessTokenID tokenId = (AccessTokenID)tokenValue.GetInt(TokenFiledConst::FIELD_TOKEN_ID); std::string bundle = tokenValue.GetString(TokenFiledConst::FIELD_BUNDLE_NAME); @@ -287,14 +277,6 @@ std::shared_ptr AccessTokenInfoManager::GetHapTokenInfoInner( Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); GenericValues conditionValue; - if (PermissionDefinitionCache::GetInstance().IsHapPermissionDefEmpty()) { - std::vector permDefRes; - AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_PERMISSION_DEF, conditionValue, permDefRes); - PermissionDefinitionCache::GetInstance().RestorePermDefInfo(permDefRes); // restore all permission definition - LOGI(ATM_DOMAIN, ATM_TAG, "Restore perm def size: %{public}zu, mapSize: %{public}zu.", - permDefRes.size(), hapTokenInfoMap_.size()); - } - conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(id)); std::vector hapTokenResults; int32_t ret = AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_HAP_INFO, conditionValue, hapTokenResults); @@ -420,11 +402,8 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id) return ERR_PARAM_INVALID; } std::shared_ptr info; - // make sure that RemoveDefPermissions is called outside of the lock to avoid deadlocks. - PermissionManager::GetInstance().RemoveDefPermissions(id); { Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); - RemoveHapTokenInfoFromDb(id); // remove hap to kernel PermissionManager::GetInstance().RemovePermFromKernel(id); AccessTokenIDManager::GetInstance().ReleaseTokenId(id); @@ -450,6 +429,7 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id) } hapTokenInfoMap_.erase(id); } + RemoveHapTokenInfoFromDb(info); LOGI(ATM_DOMAIN, ATM_TAG, "Remove hap token %{public}u ok!", id); PermissionStateNotify(info, id); @@ -500,7 +480,7 @@ int32_t AccessTokenInfoManager::CheckHapInfoParam(const HapInfoParams& info, con } for (const auto& extendValue : policy.aclExtendedMap) { - if (!PermissionDefinitionCache::GetInstance().HasDefinition(extendValue.first)) { + if (!IsDefinedPermission(extendValue.first)) { continue; } if (!DataValidator::IsAclExtendedMapContentValid(extendValue.first, extendValue.second)) { @@ -534,7 +514,7 @@ int AccessTokenInfoManager::CreateHapTokenInfo( return ERR_TOKENID_CREATE_FAILED; } } - PermissionManager::GetInstance().AddDefPermissions(policy.permList, tokenId, false); + #ifdef SUPPORT_SANDBOX_APP std::shared_ptr tokenInfo; HapPolicy policyNew = policy; @@ -550,8 +530,7 @@ int AccessTokenInfoManager::CreateHapTokenInfo( if (ret != RET_SUCCESS) { LOGE(ATM_DOMAIN, ATM_TAG, "%{public}s add token info failed", info.bundleName.c_str()); AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); - PermissionManager::GetInstance().RemoveDefPermissions(tokenId); - RemoveHapTokenInfoFromDb(tokenId); + RemoveHapTokenInfoFromDb(tokenInfo); return ret; } LOGI(ATM_DOMAIN, ATM_TAG, @@ -663,7 +642,6 @@ int32_t AccessTokenInfoManager::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const } else { tokenIdEx.tokenIdExStruct.tokenAttr &= ~SYSTEM_APP_FLAG; } - PermissionManager::GetInstance().AddDefPermissions(hapPolicy.permList, tokenID, true); { Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); infoPtr->Update(info, permStateList, hapPolicy); @@ -962,6 +940,20 @@ static void GeneratePermExtendValues(AccessTokenID tokenID, const std::vector& permList, AccessTokenID tokenID, + std::vector& permDefValues) +{ + for (const auto& def : permList) { + if (def.grantMode == GrantMode::SYSTEM_GRANT) { + continue; + } + GenericValues value; + value.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenID)); + DataTranslator::TranslationIntoGenericValues(def, value); + permDefValues.emplace_back(value); + } +} + int AccessTokenInfoManager::AddHapTokenInfoToDb(const std::shared_ptr& hapInfo, const std::string& appId, const HapPolicy& policy, bool isUpdate) { @@ -974,33 +966,40 @@ int AccessTokenInfoManager::AddHapTokenInfoToDb(const std::shared_ptrGetTokenID(); + bool isSystemRes = IsSystemResource(hapInfo->GetBundleName()); - // get new hap token info from cache - std::vector hapInfoValues; + std::vector hapInfoValues; // get new hap token info from cache hapInfo->StoreHapInfo(hapInfoValues, appId, policy.apl); - // get new permission def from cache if exist - std::vector permDefValues; - PermissionDefinitionCache::GetInstance().StorePermissionDef(tokenID, permDefValues); - - // get new permission status from cache if exist - std::vector permStateValues; + std::vector permStateValues; // get new permission status from cache if exist hapInfo->StorePermissionPolicy(permStateValues); - // get new extend permission value - std::vector permExtendValues; + + std::vector permExtendValues; // get new extend permission value std::vector extendedPermList; PermissionDataBrief::GetInstance().GetExetendedValueList(tokenID, extendedPermList); GeneratePermExtendValues(tokenID, extendedPermList, permExtendValues); std::vector addDataTypes; - std::vector delDataTypes; addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_HAP_INFO); - addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_DEF); addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_STATE); addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_EXTEND_VALUE); + std::vector> addValues; + addValues.emplace_back(hapInfoValues); + addValues.emplace_back(permStateValues); + addValues.emplace_back(permExtendValues); + + if (isSystemRes) { + std::vector permDefValues; + GetUserGrantPermFromDef(policy.permList, tokenID, permDefValues); + addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_DEF); + addValues.emplace_back(permDefValues); + } + + std::vector delDataTypes; std::vector deleteValues; + if (isUpdate) { // udapte: delete and add; otherwise add only delDataTypes.assign(addDataTypes.begin(), addDataTypes.end()); GenericValues conditionValue; @@ -1008,38 +1007,34 @@ int AccessTokenInfoManager::AddHapTokenInfoToDb(const std::shared_ptr> addValues; - addValues.emplace_back(hapInfoValues); - addValues.emplace_back(permDefValues); - addValues.emplace_back(permStateValues); - addValues.emplace_back(permExtendValues); - - int32_t ret = AccessTokenDb::GetInstance().DeleteAndInsertValues( - delDataTypes, deleteValues, addDataTypes, addValues); - if (ret != RET_SUCCESS) { - LOGE(ATM_DOMAIN, ATM_TAG, "Id %{public}d DeleteAndInsertHap failed, ret %{public}d.", tokenID, ret); - return ret; - } - return RET_SUCCESS; + return AccessTokenDb::GetInstance().DeleteAndInsertValues(delDataTypes, deleteValues, addDataTypes, addValues); } -int AccessTokenInfoManager::RemoveHapTokenInfoFromDb(AccessTokenID tokenID) +int AccessTokenInfoManager::RemoveHapTokenInfoFromDb(const std::shared_ptr& info) { + AccessTokenID tokenID = info->GetTokenID(); GenericValues condition; condition.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenID)); + std::vector deleteDataTypes; - std::vector deleteValues; deleteDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_HAP_INFO); - deleteDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_DEF); deleteDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_STATE); deleteDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_EXTEND_VALUE); + + std::vector deleteValues; deleteValues.emplace_back(condition); deleteValues.emplace_back(condition); deleteValues.emplace_back(condition); - deleteValues.emplace_back(condition); + + if (IsSystemResource(info->GetBundleName())) { + deleteDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_DEF); + deleteValues.emplace_back(condition); + } std::vector addDataTypes; std::vector> addValues; @@ -1575,15 +1570,7 @@ bool AccessTokenInfoManager::UpdateCapStateToDatabase(AccessTokenID tokenID, boo int AccessTokenInfoManager::VerifyNativeAccessToken(AccessTokenID tokenID, const std::string& permissionName) { - if (!PermissionDefinitionCache::GetInstance().HasDefinition(permissionName)) { - if (PermissionDefinitionCache::GetInstance().IsHapPermissionDefEmpty()) { - LOGI(ATM_DOMAIN, ATM_TAG, "Permission definition set has not been installed!"); - if (AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(tokenID) == TOKEN_NATIVE) { - return PERMISSION_GRANTED; - } - LOGE(ATM_DOMAIN, ATM_TAG, "Token: %{public}d type error!", tokenID); - return PERMISSION_DENIED; - } + if (!IsDefinedPermission(permissionName)) { LOGE(ATM_DOMAIN, ATM_TAG, "No definition for permission: %{public}s!", permissionName.c_str()); return PERMISSION_DENIED; } @@ -1680,11 +1667,11 @@ int32_t AccessTokenInfoManager::SetPermissionRequestToggleStatus(const std::stri userID, permissionName.c_str(), status); return AccessTokenError::ERR_PARAM_INVALID; } - if (!PermissionDefinitionCache::GetInstance().HasDefinition(permissionName)) { + if (!IsDefinedPermission(permissionName)) { LOGE(ATM_DOMAIN, ATM_TAG, "Permission=%{public}s is not defined.", permissionName.c_str()); return AccessTokenError::ERR_PERMISSION_NOT_EXIST; } - if (PermissionDefinitionCache::GetInstance().IsSystemGrantedPermission(permissionName)) { + if (!IsUserGrantPermission(permissionName)) { LOGE(ATM_DOMAIN, ATM_TAG, "Only support permissions of user_grant to set."); return AccessTokenError::ERR_PARAM_INVALID; } @@ -1733,11 +1720,11 @@ int32_t AccessTokenInfoManager::GetPermissionRequestToggleStatus(const std::stri userID, permissionName.c_str()); return AccessTokenError::ERR_PARAM_INVALID; } - if (!PermissionDefinitionCache::GetInstance().HasDefinition(permissionName)) { + if (!IsDefinedPermission(permissionName)) { LOGE(ATM_DOMAIN, ATM_TAG, "Permission=%{public}s is not defined.", permissionName.c_str()); return AccessTokenError::ERR_PERMISSION_NOT_EXIST; } - if (PermissionDefinitionCache::GetInstance().IsSystemGrantedPermission(permissionName)) { + if (!IsUserGrantPermission(permissionName)) { LOGE(ATM_DOMAIN, ATM_TAG, "Only support permissions of user_grant to get."); return AccessTokenError::ERR_PARAM_INVALID; } @@ -1750,13 +1737,12 @@ int32_t AccessTokenInfoManager::GetPermissionRequestToggleStatus(const std::stri bool AccessTokenInfoManager::IsPermissionReqValid(int32_t tokenApl, const std::string& permissionName, const std::vector& nativeAcls) { - PermissionDef permissionDef; - int ret = PermissionDefinitionCache::GetInstance().FindByPermissionName( - permissionName, permissionDef); - if (ret != RET_SUCCESS) { + PermissionBriefDef briefDef; + if (GetPermissionBriefDef(permissionName, briefDef)) { return false; } - if (tokenApl >= permissionDef.availableLevel) { + + if (tokenApl >= briefDef.availableLevel) { return true; } @@ -1799,6 +1785,26 @@ int32_t AccessTokenInfoManager::GetNativeCfgInfo(std::vectorpermissionName, native.nativeAcls)) { + invalidPermString.append(R"( "permissionName": ")" + iter->permissionName + R"(")" + ",\n"); + continue; + } + info.append(R"( {)"); + info.append("\n"); + info.append(R"( "permissionName": ")" + iter->permissionName + R"(")" + ",\n"); + info.append(R"( "grantStatus": )" + std::to_string(iter->grantStatus) + ",\n"); + info.append(R"( "grantFlag": )" + std::to_string(iter->grantFlag) + ",\n"); + info.append(R"( })"); + if (iter != (native.permStateList.end() - 1)) { + info.append(",\n"); + } + } +} + void AccessTokenInfoManager::NativeTokenToString(AccessTokenID tokenID, std::string& info) { std::vector tokenInfos; @@ -1820,27 +1826,14 @@ void AccessTokenInfoManager::NativeTokenToString(AccessTokenID tokenID, std::str } NativeTokenInfoBase native = *iter; std::string invalidPermString = ""; - info.append(R"({\n)"); + info.append(R"({)"); + info.append("\n"); info.append(R"( "tokenID": )" + std::to_string(native.tokenID) + ",\n"); info.append(R"( "processName": ")" + native.processName + R"(")" + ",\n"); info.append(R"( "apl": )" + std::to_string(native.apl) + ",\n"); info.append(R"( "permStateList": [)"); info.append("\n"); - for (auto iter = native.permStateList.begin(); iter != native.permStateList.end(); iter++) { - if (!IsPermissionReqValid(native.apl, iter->permissionName, native.nativeAcls)) { - invalidPermString.append(R"( "permissionName": ")" + iter->permissionName + R"(")" + ",\n"); - continue; - } - info.append(R"( {)"); - info.append("\n"); - info.append(R"( "permissionName": ")" + iter->permissionName + R"(")" + ",\n"); - info.append(R"( "grantStatus": )" + std::to_string(iter->grantStatus) + ",\n"); - info.append(R"( "grantFlag": )" + std::to_string(iter->grantFlag) + ",\n"); - info.append(R"( })"); - if (iter != (native.permStateList.end() - 1)) { - info.append(",\n"); - } - } + NativeTokenStateToString(native, info, invalidPermString); info.append("\n ]\n"); if (invalidPermString.empty()) { diff --git a/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp b/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp index eecb9e023..7133f2a21 100644 --- a/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp @@ -24,7 +24,6 @@ #include "data_validator.h" #include "short_grant_manager.h" #include "token_field_const.h" -#include "permission_definition_cache.h" #include "permission_map.h" #include "permission_data_brief.h" #ifdef SUPPORT_SANDBOX_APP diff --git a/services/accesstokenmanager/permission_definitions.json b/services/accesstokenmanager/permission_definitions.json index a39e9fd23..fc0226934 100644 --- a/services/accesstokenmanager/permission_definitions.json +++ b/services/accesstokenmanager/permission_definitions.json @@ -1123,7 +1123,7 @@ { "name": "ohos.permission.ACCESS_CERT_MANAGER_INTERNAL", "grantMode": "system_grant", - "availableLevel": "system_core", + "availableLevel": "system_basic", "availableType": "SYSTEM", "since": 9, "deprecated": "", diff --git a/services/accesstokenmanager/test/coverage/BUILD.gn b/services/accesstokenmanager/test/coverage/BUILD.gn index 931d3fc59..15c858e9c 100644 --- a/services/accesstokenmanager/test/coverage/BUILD.gn +++ b/services/accesstokenmanager/test/coverage/BUILD.gn @@ -30,7 +30,6 @@ accesstoken_manager_service_source = [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/form_manager/form_manager_death_recipient.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/form_manager/form_status_change_callback.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_grant_event.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/short_grant_manager.cpp", diff --git a/services/accesstokenmanager/test/coverage/permission_manager_coverage_test.cpp b/services/accesstokenmanager/test/coverage/permission_manager_coverage_test.cpp index e349be265..783f919fa 100644 --- a/services/accesstokenmanager/test/coverage/permission_manager_coverage_test.cpp +++ b/services/accesstokenmanager/test/coverage/permission_manager_coverage_test.cpp @@ -22,7 +22,6 @@ #define private public #include "accesstoken_id_manager.h" #include "accesstoken_info_manager.h" -#include "permission_definition_cache.h" #include "form_manager_access_client.h" #undef private #include "accesstoken_callback_stubs.h" diff --git a/services/accesstokenmanager/test/mock/BUILD.gn b/services/accesstokenmanager/test/mock/BUILD.gn index 57814bd33..f52d369b6 100644 --- a/services/accesstokenmanager/test/mock/BUILD.gn +++ b/services/accesstokenmanager/test/mock/BUILD.gn @@ -30,7 +30,6 @@ accesstoken_manager_service_source = [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/form_manager/form_manager_death_recipient.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/form_manager/form_status_change_callback.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_grant_event.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/short_grant_manager.cpp", diff --git a/services/accesstokenmanager/test/unittest/BUILD.gn b/services/accesstokenmanager/test/unittest/BUILD.gn index b83852af6..fa9d0c2c6 100644 --- a/services/accesstokenmanager/test/unittest/BUILD.gn +++ b/services/accesstokenmanager/test/unittest/BUILD.gn @@ -30,7 +30,6 @@ accesstoken_manager_service_source = [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/form_manager/form_manager_death_recipient.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/form_manager/form_status_change_callback.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_grant_event.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/short_grant_manager.cpp", diff --git a/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp b/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp index 0e71375cd..a27e8b26c 100644 --- a/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp +++ b/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp @@ -29,7 +29,6 @@ #ifdef TOKEN_SYNC_ENABLE #include "token_sync_kit_loader.h" #endif -#include "permission_definition_cache.h" #include "permission_manager.h" #include "token_modify_notifier.h" #undef private @@ -44,8 +43,6 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { -static std::map g_permissionDefinitionMap; -static bool g_hasHapPermissionDefinition; static constexpr int32_t DEFAULT_API_VERSION = 8; static constexpr int USER_ID = 100; static constexpr int INST_INDEX = 0; @@ -135,32 +132,10 @@ void AccessTokenInfoManagerTest::SetUp() { atManagerService_ = DelayedSingleton::GetInstance(); EXPECT_NE(nullptr, atManagerService_); - PermissionDef infoManagerPermDefA = { - .permissionName = "ohos.permission.CAMERA", - .bundleName = "accesstoken_test", - .grantMode = USER_GRANT, - .availableLevel = APL_NORMAL, - .provisionEnable = false, - .distributedSceneEnable = false, - }; - PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDefA, 1); - PermissionDef infoManagerPermDefB = { - .permissionName = "ohos.permission.LOCATION", - .bundleName = "accesstoken_test", - .grantMode = USER_GRANT, - .availableLevel = APL_NORMAL, - .provisionEnable = false, - .distributedSceneEnable = false, - }; - PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDefB, 1); - g_permissionDefinitionMap = PermissionDefinitionCache::GetInstance().permissionDefinitionMap_; - g_hasHapPermissionDefinition = PermissionDefinitionCache::GetInstance().hasHapPermissionDefinition_; } void AccessTokenInfoManagerTest::TearDown() { - PermissionDefinitionCache::GetInstance().permissionDefinitionMap_ = g_permissionDefinitionMap; // recovery - PermissionDefinitionCache::GetInstance().hasHapPermissionDefinition_ = g_hasHapPermissionDefinition; atManagerService_ = nullptr; } @@ -244,10 +219,6 @@ HWTEST_F(AccessTokenInfoManagerTest, CreateHapTokenInfo002, TestSize.Level1) ASSERT_EQ(RET_SUCCESS, ret); ASSERT_NE(tokenIdEx.tokenIdExStruct.tokenID, tokenIdEx1.tokenIdExStruct.tokenID); GTEST_LOG_(INFO) << "add same hap token"; - PermissionDef permDef; - ASSERT_EQ(RET_SUCCESS, - PermissionManager::GetInstance().GetDefPermission(g_infoManagerTestPermDef1.permissionName, permDef)); - ASSERT_EQ(permDef.permissionName, g_infoManagerTestPermDef1.permissionName); std::shared_ptr tokenInfo; tokenInfo = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenIdEx1.tokenIdExStruct.tokenID); @@ -1402,68 +1373,6 @@ HWTEST_F(AccessTokenInfoManagerTest, GetHapTokenID002, TestSize.Level1) ASSERT_EQ(static_cast(0), tokenIdEx.tokenIDEx); } -/** - * @tc.name: Insert001 - * @tc.desc: PermissionDefinitionCache::Insert function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenInfoManagerTest, Insert001, TestSize.Level1) -{ - PermissionDef info = { - .permissionName = "ohos.permission.CAMERA", - .bundleName = "com.ohos.test", - .grantMode = 0, - .availableLevel = ATokenAplEnum::APL_NORMAL, - .provisionEnable = false, - .distributedSceneEnable = false, - .label = "buzhidao", - .labelId = 100, // 100 is random input - .description = "buzhidao", - .descriptionId = 100 // 100 is random input - }; - AccessTokenID tokenId = 123; // 123 is random input - - ASSERT_EQ(false, PermissionDefinitionCache::GetInstance().Insert(info, tokenId)); // permission has insert -} - -/** - * @tc.name: IsGrantedModeEqualInner001 - * @tc.desc: PermissionDefinitionCache::IsGrantedModeEqualInner function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenInfoManagerTest, IsGrantedModeEqualInner001, TestSize.Level1) -{ - std::string permissionName = "ohos.permission.CAMERA"; - int grantMode = 0; - - // find permission not reach end - ASSERT_EQ(true, PermissionDefinitionCache::GetInstance().IsGrantedModeEqualInner(permissionName, grantMode)); - - permissionName = "ohos.permission.INVALID"; - // can't find permission - ASSERT_EQ(false, PermissionDefinitionCache::GetInstance().IsGrantedModeEqualInner(permissionName, grantMode)); -} - -/** - * @tc.name: RestorePermDefInfo001 - * @tc.desc: PermissionDefinitionCache::RestorePermDefInfo function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenInfoManagerTest, RestorePermDefInfo001, TestSize.Level1) -{ - GenericValues value; - value.Put(TokenFiledConst::FIELD_AVAILABLE_LEVEL, ATokenAplEnum::APL_INVALID); - - std::vector values; - values.emplace_back(value); - - // ret not RET_SUCCESS - ASSERT_NE(RET_SUCCESS, PermissionDefinitionCache::GetInstance().RestorePermDefInfo(values)); -} - /** * @tc.name: IsPermissionDefValid001 * @tc.desc: PermissionValidator::IsPermissionDefValid function test @@ -1565,18 +1474,6 @@ HWTEST_F(AccessTokenInfoManagerTest, FilterInvalidPermissionDef001, TestSize.Lev */ HWTEST_F(AccessTokenInfoManagerTest, QueryPermissionFlag001, TestSize.Level1) { - PermissionDef def = { - .permissionName = "ohos.permission.TEST", - .bundleName = "QueryPermissionFlag001", - .grantMode = 1, - .availableLevel = APL_NORMAL, - .provisionEnable = false, - .distributedSceneEnable = false, - .label = "label", - .labelId = 1, - .description = "description", - .descriptionId = 1 - }; PermissionStatus perm = { .permissionName = "ohos.permission.TEST", .grantStatus = PermissionState::PERMISSION_DENIED, @@ -1584,7 +1481,6 @@ HWTEST_F(AccessTokenInfoManagerTest, QueryPermissionFlag001, TestSize.Level1) }; AccessTokenID tokenId = 0x280bc140; // 0x280bc140 is random native - PermissionDefinitionCache::GetInstance().Insert(def, tokenId); std::vector permStateList; permStateList.emplace_back(perm); @@ -2056,25 +1952,12 @@ HWTEST_F(AccessTokenInfoManagerTest, VerifyNativeAccessToken001, TestSize.Level1 ASSERT_EQ(PermissionState::PERMISSION_DENIED, AccessTokenInfoManager::GetInstance().VerifyNativeAccessToken(tokenId, permissionName)); - // permission is not defined and permissionHap is not installed - PermissionDefinitionCache::GetInstance().hasHapPermissionDefinition_ = false; - ASSERT_EQ(PermissionState::PERMISSION_GRANTED, - AccessTokenInfoManager::GetInstance().VerifyNativeAccessToken(tokenId1, permissionName)); - - // permission is not defined and permissionHap is installed - PermissionDefinitionCache::GetInstance().hasHapPermissionDefinition_ = true; - ASSERT_EQ(PermissionState::PERMISSION_DENIED, - AccessTokenInfoManager::GetInstance().VerifyNativeAccessToken(tokenId1, permissionName)); - permissionName = "ohos.permission.CAMERA"; // permission is not request ASSERT_EQ(PermissionState::PERMISSION_DENIED, AccessTokenInfoManager::GetInstance().VerifyNativeAccessToken(tokenId1, permissionName)); // tokenId is native token, and permission is defined - PermissionDefinitionCache::GetInstance().permissionDefinitionMap_ = g_permissionDefinitionMap; // recovery - PermissionDefinitionCache::GetInstance().hasHapPermissionDefinition_ = true; - ASSERT_EQ(PermissionDefinitionCache::GetInstance().IsHapPermissionDefEmpty(), false); ASSERT_EQ(PermissionState::PERMISSION_DENIED, AccessTokenInfoManager::GetInstance().VerifyNativeAccessToken(tokenId1, permissionName)); diff --git a/services/accesstokenmanager/test/unittest/native_token_receptor_test.cpp b/services/accesstokenmanager/test/unittest/native_token_receptor_test.cpp index aac2855c1..02ec98245 100644 --- a/services/accesstokenmanager/test/unittest/native_token_receptor_test.cpp +++ b/services/accesstokenmanager/test/unittest/native_token_receptor_test.cpp @@ -29,7 +29,6 @@ #include "accesstoken_kit.h" #include "access_token_db.h" #include "access_token_error.h" -#include "permission_definition_cache.h" #include "permission_manager.h" #include "permission_status.h" #include "token_field_const.h" @@ -48,23 +47,6 @@ void NativeTokenReceptorTest::SetUpTestCase() for (unsigned int i = 0x28100000; i <= 0x28100007; i++) { AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(i); } - PermissionDef infoManagerPermDef = { - .permissionName = "ohos.permission.DISCOVER_BLUETOOTH", - .bundleName = "accesstoken_test", - .grantMode = USER_GRANT, - .availableLevel = APL_NORMAL, - .provisionEnable = false, - .distributedSceneEnable = false, - .label = "label", - .labelId = 1, - .description = "CAMERA", - .descriptionId = 1 - }; - PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDef, 1); - infoManagerPermDef.permissionName = "ohos.permission.MANAGE_USER_IDM"; - PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDef, 1); - infoManagerPermDef.permissionName = "ohos.permission.ACCELEROMETER"; - PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDef, 1); } void NativeTokenReceptorTest::TearDownTestCase() diff --git a/services/accesstokenmanager/test/unittest/permission_manager_test.cpp b/services/accesstokenmanager/test/unittest/permission_manager_test.cpp index f2f33ceb4..8e63c6dfa 100644 --- a/services/accesstokenmanager/test/unittest/permission_manager_test.cpp +++ b/services/accesstokenmanager/test/unittest/permission_manager_test.cpp @@ -25,7 +25,6 @@ #endif #define private public #include "accesstoken_info_manager.h" -#include "permission_definition_cache.h" #undef private #include "accesstoken_callback_stubs.h" #include "callback_death_recipients.h" @@ -235,32 +234,6 @@ void PermissionManagerTest::SetUp() return; } formStateObserver_ = std::make_shared(); - - PermissionDef infoManagerPermDef = { - .permissionName = "ohos.permission.CAMERA", - .bundleName = "accesstoken_test", - .grantMode = USER_GRANT, - .availableLevel = APL_NORMAL, - .provisionEnable = false, - .distributedSceneEnable = false, - .label = "label", - .labelId = 1, - .description = "CAMERA", - .descriptionId = 1 - }; - PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDef, 1); - infoManagerPermDef.permissionName = "ohos.permission.APPROXIMATELY_LOCATION"; - PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDef, 1); - infoManagerPermDef.permissionName = "ohos.permission.LOCATION"; - PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDef, 1); - infoManagerPermDef.permissionName = "ohos.permission.CAPTURE_SCREEN"; - PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDef, 1); - infoManagerPermDef.permissionName = "ohos.permission.CHANGE_ABILITY_ENABLED_STATE"; - PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDef, 1); - infoManagerPermDef.permissionName = "ohos.permission.CLEAN_APPLICATION_DATA"; - PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDef, 1); - infoManagerPermDef.permissionName = "ohos.permission.COMMONEVENT_STICKY"; - PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDef, 1); } void PermissionManagerTest::TearDown() @@ -467,42 +440,6 @@ HWTEST_F(PermissionManagerTest, RevokePermission001, TestSize.Level1) ASSERT_EQ(ERR_PARAM_INVALID, ret); } -/** - * @tc.name: GetDefPermission001 - * @tc.desc: GetDefPermission with invalid permission - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(PermissionManagerTest, GetDefPermission001, TestSize.Level1) -{ - std::string permissionName; - PermissionDef permissionDefResult; - - // permissionName is empty - ASSERT_EQ( - ERR_PARAM_INVALID, PermissionManager::GetInstance().GetDefPermission(permissionName, permissionDefResult)); - - // permissionName is not tmpty, but invalid - permissionName = "invalid permisiion"; - ASSERT_EQ(ERR_PERMISSION_NOT_EXIST, - PermissionManager::GetInstance().GetDefPermission(permissionName, permissionDefResult)); -} - -/** - * @tc.name: GetDefPermission002 - * @tc.desc: GetDefPermission with valid permission - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(PermissionManagerTest, GetDefPermission002, TestSize.Level1) -{ - std::string permissionName = "ohos.permission.CAMERA"; - PermissionDef permissionDefResult; - - // permissionName invalid - ASSERT_EQ(RET_SUCCESS, PermissionManager::GetInstance().GetDefPermission(permissionName, permissionDefResult)); -} - /** * @tc.name: GetReqPermissions001 * @tc.desc: GetReqPermissions with invalid tokenid diff --git a/services/accesstokenmanager/test/unittest/short_grant_manager_test.cpp b/services/accesstokenmanager/test/unittest/short_grant_manager_test.cpp index d2e4b1165..3c79b55d3 100644 --- a/services/accesstokenmanager/test/unittest/short_grant_manager_test.cpp +++ b/services/accesstokenmanager/test/unittest/short_grant_manager_test.cpp @@ -18,7 +18,6 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_info_manager.h" -#include "permission_definition_cache.h" #define private public #include "short_grant_manager.h" @@ -66,18 +65,6 @@ void ShortGrantManagerTest::SetUp() #ifdef EVENTHANDLER_ENABLE ShortGrantManager::GetInstance().InitEventHandler(); #endif - - PermissionDef permDefAlpha = { - .permissionName = "ohos.permission.SHORT_TERM_WRITE_IMAGEVIDEO", - .bundleName = "accesstoken_test", - .grantMode = 1, - .availableLevel = APL_NORMAL, - .label = "label", - .labelId = 1, - .description = "annoying", - .descriptionId = 1 - }; - PermissionDefinitionCache::GetInstance().Insert(permDefAlpha, 537719865); // 537719865 means a tokenId. } void ShortGrantManagerTest::TearDown() diff --git a/services/common/json_parse/include/json_parse_loader.h b/services/common/json_parse/include/json_parse_loader.h index 9ea7ad619..4af857e66 100644 --- a/services/common/json_parse/include/json_parse_loader.h +++ b/services/common/json_parse/include/json_parse_loader.h @@ -71,14 +71,12 @@ public: virtual bool GetConfigValue(const ServiceType& type, AccessTokenConfigValue& config); virtual int32_t GetAllNativeTokenInfo(std::vector& tokenInfos); virtual int32_t GetDlpPermissions(std::vector& dlpPerms); - virtual int32_t GetAllPermissionDef(std::vector& permDefList); }; class ConfigPolicLoader final: public ConfigPolicyLoaderInterface { bool GetConfigValue(const ServiceType& type, AccessTokenConfigValue& config); int32_t GetAllNativeTokenInfo(std::vector& tokenInfos); int32_t GetDlpPermissions(std::vector& dlpPerms); - int32_t GetAllPermissionDef(std::vector& permDefList); private: #ifdef CUSTOMIZATION_CONFIG_POLICY_ENABLE void GetConfigFilePathList(std::vector& pathList); @@ -86,7 +84,6 @@ private: AccessTokenConfigValue& config); #endif // CUSTOMIZATION_CONFIG_POLICY_ENABLE bool ParserNativeRawData(const std::string& nativeRawData, std::vector& tokenInfos); - bool ParserPermDefRawData(const std::string& permsRawData, std::vector& permDefList); bool ParserDlpPermsRawData(const std::string& dlpPermsRawData, std::vector& dlpPerms); int32_t ReadCfgFile(const std::string& file, std::string& rawData); bool IsDirExsit(const std::string& file); diff --git a/services/common/json_parse/src/json_parse_loader.cpp b/services/common/json_parse/src/json_parse_loader.cpp index dee10afe2..117529629 100644 --- a/services/common/json_parse/src/json_parse_loader.cpp +++ b/services/common/json_parse/src/json_parse_loader.cpp @@ -69,31 +69,6 @@ static const int32_t MAX_REQ_PERM_NUM = 10 * 1024; // dlp json static const char* CLONE_PERMISSION_CONFIG_FILE = "/system/etc/dlp_permission/clone_app_permission.json"; - -// permission_define json -static const char* DEFINE_PERMISSION_FILE = "/system/etc/access_token/permission_definitions.json"; -static const char* PERMISSION_NAME = "name"; -static const char* PERMISSION_GRANT_MODE = "grantMode"; -static const char* PERMISSION_AVAILABLE_LEVEL = "availableLevel"; -static const char* PERMISSION_AVAILABLE_TYPE = "availableType"; -static const char* PERMISSION_PROVISION_ENABLE = "provisionEnable"; -static const char* PERMISSION_DISTRIBUTED_SCENE_ENABLE = "distributedSceneEnable"; -static const std::string PERMISSION_IS_KERNEL_EFFECT = "isKernelEffect"; -static const std::string PERMISSION_HAS_VALUE = "hasValue"; -static const char* PERMISSION_LABEL = "label"; -static const char* PERMISSION_DESCRIPTION = "description"; -static const char* AVAILABLE_TYPE_NORMAL_HAP = "NORMAL"; -static const char* AVAILABLE_TYPE_SYSTEM_HAP = "SYSTEM"; -static const char* AVAILABLE_TYPE_MDM = "MDM"; -static const char* AVAILABLE_TYPE_SYSTEM_AND_MDM = "SYSTEM_AND_MDM"; -static const char* AVAILABLE_TYPE_SERVICE = "SERVICE"; -static const char* AVAILABLE_TYPE_ENTERPRISE_NORMAL = "ENTERPRISE_NORMAL"; -static const char* AVAILABLE_LEVEL_NORMAL = "normal"; -static const char* AVAILABLE_LEVEL_SYSTEM_BASIC = "system_basic"; -static const char* AVAILABLE_LEVEL_SYSTEM_CORE = "system_core"; -static const char* PERMISSION_GRANT_MODE_SYSTEM_GRANT = "system_grant"; -static const char* SYSTEM_GRANT_DEFINE_PERMISSION = "systemGrantPermissions"; -static const char* USER_GRANT_DEFINE_PERMISSION = "userGrantPermissions"; } int32_t ConfigPolicLoader::ReadCfgFile(const std::string& file, std::string& rawData) @@ -471,196 +446,6 @@ int32_t ConfigPolicLoader::GetDlpPermissions(std::vector& dlp return RET_SUCCESS; } -static bool GetPermissionApl(const std::string &apl, AccessToken::ATokenAplEnum& aplNum) -{ - if (apl == AVAILABLE_LEVEL_SYSTEM_CORE) { - aplNum = AccessToken::ATokenAplEnum::APL_SYSTEM_CORE; - return true; - } - if (apl == AVAILABLE_LEVEL_SYSTEM_BASIC) { - aplNum = AccessToken::ATokenAplEnum::APL_SYSTEM_BASIC; - return true; - } - if (apl == AVAILABLE_LEVEL_NORMAL) { - aplNum = AccessToken::ATokenAplEnum::APL_NORMAL; - return true; - } - LOGE(ATM_DOMAIN, ATM_TAG, "Apl: %{public}s is invalid.", apl.c_str()); - return false; -} - -static bool GetPermissionAvailableType( - const std::string& availableType, AccessToken::ATokenAvailableTypeEnum& typeNum) -{ - if (availableType == AVAILABLE_TYPE_NORMAL_HAP) { - typeNum = AccessToken::ATokenAvailableTypeEnum::NORMAL; - return true; - } - if (availableType == AVAILABLE_TYPE_SYSTEM_HAP) { - typeNum = AccessToken::ATokenAvailableTypeEnum::SYSTEM; - return true; - } - if (availableType == AVAILABLE_TYPE_MDM) { - typeNum = AccessToken::ATokenAvailableTypeEnum::MDM; - return true; - } - if (availableType == AVAILABLE_TYPE_SYSTEM_AND_MDM) { - typeNum = AccessToken::ATokenAvailableTypeEnum::SYSTEM_AND_MDM; - return true; - } - if (availableType == AVAILABLE_TYPE_SERVICE) { - typeNum = AccessToken::ATokenAvailableTypeEnum::SERVICE; - return true; - } - if (availableType == AVAILABLE_TYPE_ENTERPRISE_NORMAL) { - typeNum = AccessToken::ATokenAvailableTypeEnum::ENTERPRISE_NORMAL; - return true; - } - typeNum = AccessToken::ATokenAvailableTypeEnum::INVALID; - LOGE(ATM_DOMAIN, ATM_TAG, "AvailableType: %{public}s is invalid.", availableType.c_str()); - return false; -} - -static int32_t GetPermissionGrantMode(const std::string& mode) -{ - if (mode == PERMISSION_GRANT_MODE_SYSTEM_GRANT) { - return AccessToken::GrantMode::SYSTEM_GRANT; - } - return AccessToken::GrantMode::USER_GRANT; -} - -static void FromJsonPermissionDefParseRet(const CJson *j, PermissionDefParseRet& result) -{ - result.isSuccessful = false; - PermissionDef permDef; - if (!GetStringFromJson(j, PERMISSION_NAME, permDef.permissionName) || - !DataValidator::IsProcessNameValid(permDef.permissionName)) { - return; - } - std::string grantModeStr; - if (!GetStringFromJson(j, PERMISSION_GRANT_MODE, grantModeStr)) { - return; - } - permDef.grantMode = GetPermissionGrantMode(grantModeStr); - - std::string availableLevelStr; - if (!GetStringFromJson(j, PERMISSION_AVAILABLE_LEVEL, availableLevelStr)) { - return; - } - if (!GetPermissionApl(availableLevelStr, permDef.availableLevel)) { - return; - } - - std::string availableTypeStr; - if (!GetStringFromJson(j, PERMISSION_AVAILABLE_TYPE, availableTypeStr)) { - return; - } - if (!GetPermissionAvailableType(availableTypeStr, permDef.availableType)) { - return; - } - - if (!GetBoolFromJson(j, PERMISSION_PROVISION_ENABLE, permDef.provisionEnable)) { - return; - } - if (!GetBoolFromJson(j, PERMISSION_DISTRIBUTED_SCENE_ENABLE, permDef.distributedSceneEnable)) { - return; - } - - GetBoolFromJson(j, PERMISSION_IS_KERNEL_EFFECT, permDef.isKernelEffect); // if not exsit default false - GetBoolFromJson(j, PERMISSION_HAS_VALUE, permDef.hasValue); // if not exsit default false - - permDef.bundleName = "system_ability"; - if (permDef.grantMode == AccessToken::GrantMode::SYSTEM_GRANT) { - result.permDef = permDef; - result.isSuccessful = true; - return; - } - if (!GetStringFromJson(j, PERMISSION_LABEL, permDef.label)) { - return; - } - if (!GetStringFromJson(j, PERMISSION_DESCRIPTION, permDef.description)) { - return; - } - result.permDef = permDef; - result.isSuccessful = true; - return; -} - -static bool CheckPermissionDefRules(const PermissionDef& permDef) -{ - // Extension permission support permission for service only. - if (permDef.availableType != AccessToken::ATokenAvailableTypeEnum::SERVICE) { - LOGD(ATM_DOMAIN, ATM_TAG, "%{public}s is for hap.", permDef.permissionName.c_str()); - return false; - } - return true; -} - -static int32_t GetPermissionDefList(const CJsonUnique &json, const std::string& permsRawData, - const std::string& type, std::vector& permDefList) -{ - cJSON *JsonData = GetArrayFromJson(json.get(), type); - if (JsonData == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Json is null."); - return ERR_PARAM_INVALID; - } - CJson *j = nullptr; - cJSON_ArrayForEach(j, JsonData) { - PermissionDefParseRet result; - FromJsonPermissionDefParseRet(j, result); - if (!result.isSuccessful) { - LOGE(ATM_DOMAIN, ATM_TAG, "Get permission def failed."); - return ERR_PERM_REQUEST_CFG_FAILED; - } - if (!CheckPermissionDefRules(result.permDef)) { - continue; - } - LOGD(ATM_DOMAIN, ATM_TAG, "%{public}s insert.", result.permDef.permissionName.c_str()); - permDefList.emplace_back(result.permDef); - } - return RET_SUCCESS; -} - -bool ConfigPolicLoader::ParserPermDefRawData( - const std::string& permsRawData, std::vector& permDefList) -{ - CJsonUnique jsonRes = CreateJsonFromString(permsRawData); - if (jsonRes == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "JsonRes is invalid."); - return false; - } - - int32_t ret = GetPermissionDefList(jsonRes, permsRawData, SYSTEM_GRANT_DEFINE_PERMISSION, permDefList); - if (ret != RET_SUCCESS) { - LOGE(ATM_DOMAIN, ATM_TAG, "Get system_grant permission def list failed, err = %{public}d.", ret); - return false; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Get system_grant permission size=%{public}zu.", permDefList.size()); - ret = GetPermissionDefList(jsonRes, permsRawData, USER_GRANT_DEFINE_PERMISSION, permDefList); - if (ret != RET_SUCCESS) { - LOGE(ATM_DOMAIN, ATM_TAG, "Get user_grant permission def list failed, err = %{public}d.", ret); - return false; - } - return true; -} - -int32_t ConfigPolicLoader::GetAllPermissionDef(std::vector& permDefList) -{ - std::string permsRawData; - int32_t ret = ReadCfgFile(DEFINE_PERMISSION_FILE, permsRawData); - if (ret != RET_SUCCESS) { - LOGE(ATM_DOMAIN, ATM_TAG, - "Read(%{public}s) failed, err = %{public}d.", DEFINE_PERMISSION_FILE, ret); - return ret; - } - if (!ParserPermDefRawData(permsRawData, permDefList)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ParserPermDefRawData failed."); - return ERR_PRASE_RAW_DATA_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Get permission size=%{public}zu.", permDefList.size()); - return RET_SUCCESS; -} - extern "C" { void* Create() { diff --git a/services/common/json_parse/unittest/json_parse_test.cpp b/services/common/json_parse/unittest/json_parse_test.cpp index aecbf2aac..e361ba345 100644 --- a/services/common/json_parse/unittest/json_parse_test.cpp +++ b/services/common/json_parse/unittest/json_parse_test.cpp @@ -277,326 +277,6 @@ HWTEST_F(JsonParseTest, init001, TestSize.Level1) ASSERT_EQ(ret, RET_SUCCESS); } -/** - * @tc.name: ParserPermsRawDataTest001 - * @tc.desc: Parse permission definition information. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(JsonParseTest, ParserPermsRawDataTest001, TestSize.Level1) -{ - std::string permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestB","grantMode":"user_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false,)"\ - R"("label":"$string:test_label_B","description":"$string:test_description_B"}]})"; - ConfigPolicLoader loader; - std::vector permDefList; - ASSERT_TRUE(loader.ParserPermsRawData(testStr, tokenInfos)); - EXPECT_EQ(2, permDefList.size()); - - for (const auto& perm : permDefList) { - GTEST_LOG_(INFO) << perm.permissionName.c_str(); - PermissionDefinitionCache::GetInstance().Insert(perm, EXTENSION_PERMISSION_ID); - } - - EXPECT_TRUE(PermissionDefinitionCache::GetInstance().HasDefinition(SYSTEM_PERMISSION_A)); - EXPECT_TRUE(PermissionDefinitionCache::GetInstance().HasDefinition(USER_PERMISSION_B)); - PermissionDef permissionDefResult; - PermissionManager::GetInstance().GetDefPermission(SYSTEM_PERMISSION_A, permissionDefResult); - EXPECT_EQ(SYSTEM_GRANT, permissionDefResult.grantMode); - EXPECT_EQ(APL_SYSTEM_BASIC, permissionDefResult.availableLevel); - EXPECT_EQ(SERVICE, permissionDefResult.availableType); - EXPECT_EQ(true, permissionDefResult.provisionEnable); - EXPECT_EQ(false, permissionDefResult.distributedSceneEnable); - EXPECT_EQ("", permissionDefResult.label); - EXPECT_EQ("", permissionDefResult.description); - - PermissionManager::GetInstance().GetDefPermission(USER_PERMISSION_B, permissionDefResult); - EXPECT_EQ(USER_GRANT, permissionDefResult.grantMode); - EXPECT_EQ(APL_SYSTEM_BASIC, permissionDefResult.availableLevel); - EXPECT_EQ(SERVICE, permissionDefResult.availableType); - EXPECT_EQ(true, permissionDefResult.provisionEnable); - EXPECT_EQ(false, permissionDefResult.distributedSceneEnable); - EXPECT_EQ("$string:test_label_B", permissionDefResult.label); - EXPECT_EQ("$string:test_description_B", permissionDefResult.description); -} - -/** - * @tc.name: ParserPermsRawDataTest002 - * @tc.desc: Invalid file. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(JsonParseTest, ParserPermsRawDataTest002, TestSize.Level1) -{ - std::string permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.xxxxxxxxxxxxxxxxxxxxxxxxxx",)"\ - R"("xxxxxxxxxxxxxxxxxxxxxxxxxx":"$string:test_description_B"}]})"; - ConfigPolicLoader loader; - std::vector permDefList; - ASSERT_FALSE(loader.ParserPermsRawData(testStr, tokenInfos)); -} - -/** - * @tc.name: ParserPermsRawDataTest003 - * @tc.desc: Permission definition file missing. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(JsonParseTest, ParserPermsRawDataTest003, TestSize.Level1) -{ - EXPECT_FALSE(PermissionDefinitionCache::GetInstance().HasDefinition(SYSTEM_PERMISSION_A)); - EXPECT_FALSE(PermissionDefinitionCache::GetInstance().HasDefinition(USER_PERMISSION_B)); - std::string permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}]})"; - ConfigPolicLoader loader; - std::vector permDefList; - ASSERT_FALSE(loader.ParserPermsRawData(permsRawData, permDefList)); - - permsRawData = R"({"userGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestB","grantMode":"user_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false,)"\ - R"("label":"$string:test_label_B","description":"$string:test_description_B"}]})"; - ret = parser.ParserPermsRawData(permsRawData, permDefList); - ASSERT_FALSE(loader.ParserPermsRawData(permsRawData, permDefList)); -} - -/** - * @tc.name: ParserPermsRawDataTest004 - * @tc.desc: Test property value is missing - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(JsonParseTest, ParserPermsRawDataTest004, TestSize.Level1) -{ - std::string permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"grantMode":"system_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[]})"; - ConfigPolicLoader loader; - std::vector permDefList; - ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); - EXPECT_EQ(0, permDefList.size()); - - permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[]})"; - ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); - EXPECT_EQ(0, permDefList.size()); - - permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[]})"; - ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); - EXPECT_EQ(0, permDefList.size()); - - permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ - R"("provisionEnable":true,"distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[]})"; - ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); - EXPECT_EQ(0, permDefList.size()); -} - -/** - * @tc.name: ParserPermsRawDataTest005 - * @tc.desc: Test property value is missing - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(JsonParseTest, ParserPermsRawDataTest005, TestSize.Level1) -{ - std::string permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[]})"; - ConfigPolicLoader loader; - std::vector permDefList; - ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); - EXPECT_EQ(0, permDefList.size()); - - permsRawData = R"({"systemGrantPermissions":[],)"\ - R"("userGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestB","grantMode":"user_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false,)"\ - R"("description":"$string:test_description_B"}]})"; - ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); - EXPECT_EQ(0, permDefList.size()); - - permsRawData = R"({"systemGrantPermissions":[],)"\ - R"("userGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestB","grantMode":"user_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false,})"\ - R"("label":"$string:test_label_B"]})"; - ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); - EXPECT_EQ(0, permDefList.size()); -} - -/** - * @tc.name: ParserPermsRawDataTest006 - * @tc.desc: Invalid param - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(JsonParseTest, ParserPermsRawDataTest006, TestSize.Level1) -{ - std::string permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":123,"grantMode":"system_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[]})"; - ConfigPolicLoader loader; - std::vector permDefList; - ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); - EXPECT_EQ(0, permDefList.size()); - - permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":123,"availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[]})"; - ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); - EXPECT_EQ(0, permDefList.size()); - - permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":123,)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[]})"; - ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); - EXPECT_EQ(0, permDefList.size()); - - permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ - R"("availableType":SERVICE,"provisionEnable":true,"distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[]})"; - ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); - EXPECT_EQ(0, permDefList.size()); -} - -/** - * @tc.name: ParserPermsRawDataTest007 - * @tc.desc: Invalid param - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(JsonParseTest, ParserPermsRawDataTest007, TestSize.Level1) -{ - std::string permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":"true","distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[]})"; - ConfigPolicLoader loader; - std::vector permDefList; - ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); - EXPECT_EQ(0, permDefList.size()); - - permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":"false"}],)"\ - R"("userGrantPermissions":[]})"; - ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); - EXPECT_EQ(0, permDefList.size()); - - permsRawData = R"({"systemGrantPermissions":[],)"\ - R"("userGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestB","grantMode":"user_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false,"label":123,)"\ - R"("description":"$string:test_description_B"}]})"; - ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); - EXPECT_EQ(0, permDefList.size()); - - permsRawData = R"({"systemGrantPermissions":[],)"\ - R"("userGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestB","grantMode":"user_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false,)"\ - R"("label":"$string:test_label_B","description":123}]})"; - ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); - EXPECT_EQ(0, permDefList.size()); -} - -/** - * @tc.name: ParserPermsRawDataTest008 - * @tc.desc: Invalid param - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(JsonParseTest, ParserPermsRawDataTest008, TestSize.Level1) -{ - std::string permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"","grantMode":"system_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[]})"; - ConfigPolicLoader loader; - std::vector permDefList; - ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); - EXPECT_EQ(0, permDefList.size()); - - permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"test",)"\ - R"("availableType":TEST,"provisionEnable":true,"distributedSceneEnable":"false"}],)"\ - R"("userGrantPermissions":[]})"; - ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); - EXPECT_EQ(0, permDefList.size()); -} - -/** - * @tc.name: ParserPermsRawDataTest009 - * @tc.desc: Invalid param - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(PermissionDefinitionParserTest, ParserPermsRawDataTest009, TestSize.Level1) -{ - PermissionDefinitionParser& instance = PermissionDefinitionParser::GetInstance(); - std::string permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[]})"; - std::vector permDefList; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(1, permDefList.size()); - EXPECT_EQ(false, permDefList[0].isKernelEffect); - EXPECT_EQ(false, permDefList[0].hasValue); - permDefList.clear(); - - permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false,)"\ - R"("isKernelEffect":true}],)"\ - R"("userGrantPermissions":[]})"; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(1, permDefList.size()); - EXPECT_EQ(true, permDefList[0].isKernelEffect); - EXPECT_EQ(false, permDefList[0].hasValue); - permDefList.clear(); - - permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false,)"\ - R"("hasValue":true}],)"\ - R"("userGrantPermissions":[]})"; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(1, permDefList.size()); - EXPECT_EQ(false, permDefList[0].isKernelEffect); - EXPECT_EQ(true, permDefList[0].hasValue); - permDefList.clear(); - - permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false,)"\ - R"("isKernelEffect":true, "hasValue":true}],)"\ - R"("userGrantPermissions":[]})"; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(1, permDefList.size()); - EXPECT_EQ(true, permDefList[0].isKernelEffect); - EXPECT_EQ(true, permDefList[0].hasValue); - permDefList.clear(); -} - #ifdef SUPPORT_SANDBOX_APP static void PrepareJsonData1() { diff --git a/services/privacymanager/test/unittest/permission_record_manager_test.cpp b/services/privacymanager/test/unittest/permission_record_manager_test.cpp index e35ce4354..4aff268c7 100644 --- a/services/privacymanager/test/unittest/permission_record_manager_test.cpp +++ b/services/privacymanager/test/unittest/permission_record_manager_test.cpp @@ -410,7 +410,7 @@ HWTEST_F(PermissionRecordManagerTest, StartUsingPermissionTest004, TestSize.Leve PermissionRecordManager::GetInstance().StartUsingPermission( MakeInfo(tokenId, PID, permissionName), CALLER_PID)); - usleep(500000); // 500000us = 0.5s + usleep(1000000); // 1000000us = 1s ASSERT_EQ(PERM_ACTIVE_IN_BACKGROUND, callback->type_); ASSERT_EQ(Constant::SUCCESS, PermissionRecordManager::GetInstance().StopUsingPermission(tokenId, PID, permissionName, CALLER_PID)); @@ -451,7 +451,7 @@ HWTEST_F(PermissionRecordManagerTest, StartUsingPermissionTest005, TestSize.Leve PermissionRecordManager::GetInstance().StartUsingPermission( MakeInfo(tokenId, PID, permissionName), CALLER_PID)); - usleep(500000); // 500000us = 0.5s + usleep(1000000); // 1000000us = 1s ASSERT_EQ(PERM_ACTIVE_IN_BACKGROUND, callback->type_); ASSERT_EQ(Constant::SUCCESS, PermissionRecordManager::GetInstance().StopUsingPermission(tokenId, PID, permissionName, CALLER_PID)); diff --git a/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni b/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni index 9555e69e1..e48ac73d9 100644 --- a/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni +++ b/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni @@ -94,7 +94,6 @@ access_token_sources = [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/form_manager/form_manager_death_recipient.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/form_manager/form_status_change_callback.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_grant_event.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp", -- Gitee