From 45cb13914e19e813777c6ba383e99f485c6ee8f3 Mon Sep 17 00:00:00 2001 From: bigtea Date: Tue, 4 Mar 2025 17:17:12 +0800 Subject: [PATCH] Privacy manager idlization Signed-off-by: bigtea --- .../privacy/include/i_privacy_manager.h | 79 -- interfaces/innerkits/privacy/BUILD.gn | 9 +- .../privacy/src/privacy_manager_client.cpp | 81 +- .../privacy/src/privacy_manager_client.h | 4 +- .../privacy/src/privacy_manager_proxy.cpp | 609 -------------- .../privacy/src/privacy_manager_proxy.h | 67 -- interfaces/innerkits/privacy/test/BUILD.gn | 9 +- .../test/unittest/src/privacy_kit_test.cpp | 11 +- services/privacymanager/BUILD.gn | 97 ++- .../idl/normal/IPrivacyManager.idl | 41 + .../withseccompenhance/IPrivacyManager.idl | 46 + .../include/service/privacy_manager_service.h | 27 +- .../include/service/privacy_manager_stub.h | 77 -- .../src/record/permission_record_manager.cpp | 3 + .../src/service/privacy_manager_service.cpp | 226 ++++- .../src/service/privacy_manager_stub.cpp | 605 ------------- .../privacymanager/test/coverage/BUILD.gn | 15 +- .../privacymanager/test/unittest/BUILD.gn | 15 +- .../unittest/privacy_manager_service_test.cpp | 795 +++++++++++------- test/fuzztest/services/privacy/BUILD.gn | 3 +- .../BUILD.gn | 48 ++ ...ddpermissionusedrecordasyncstub_fuzzer.cpp | 67 ++ .../addpermissionusedrecordasyncstub_fuzzer.h | 39 +- .../corpus/init | 14 + .../project.xml | 25 + .../BUILD.gn | 7 +- .../addpermissionusedrecordstub_fuzzer.cpp | 6 +- .../BUILD.gn | 7 +- ...tpermissionusedrecordsasyncstub_fuzzer.cpp | 6 +- .../BUILD.gn | 7 +- .../getpermissionusedrecordsstub_fuzzer.cpp | 6 +- .../BUILD.gn | 5 +- ...ssionusedrecordtogglestatusstub_fuzzer.cpp | 4 +- .../BUILD.gn | 7 +- .../getpermissionusedtypeinfosstub_fuzzer.cpp | 6 +- .../getseccompenhancestub_fuzzer/BUILD.gn | 8 +- .../getseccompenhancestub_fuzzer.cpp | 6 +- .../BUILD.gn | 8 +- .../getspecialseccompenhancestub_fuzzer.cpp | 6 +- .../BUILD.gn | 7 +- .../isallowedusingpermissionstub_fuzzer.cpp | 6 +- .../services/privacy/privacy_service_fuzz.gni | 9 +- .../BUILD.gn | 7 +- ...terpermactivestatuscallbackstub_fuzzer.cpp | 6 +- .../BUILD.gn | 8 +- .../registerseccompenhancestub_fuzzer.cpp | 6 +- .../BUILD.gn | 7 +- ...removepermissionusedrecordsstub_fuzzer.cpp | 6 +- .../sethapwithfgreminderstub_fuzzer/BUILD.gn | 7 +- .../sethapwithfgreminderstub_fuzzer.cpp | 6 +- .../privacy/setmutepolicystub_fuzzer/BUILD.gn | 7 +- .../setmutepolicystub_fuzzer.cpp | 6 +- .../BUILD.gn | 5 +- ...ssionusedrecordtogglestatusstub_fuzzer.cpp | 4 +- .../BUILD.gn | 7 +- ...tartusingpermissioncallbackstub_fuzzer.cpp | 6 +- .../startusingpermissionstub_fuzzer/BUILD.gn | 7 +- .../startusingpermissionstub_fuzzer.cpp | 6 +- .../stopusingpermissionstub_fuzzer/BUILD.gn | 7 +- .../stopusingpermissionstub_fuzzer.cpp | 6 +- .../BUILD.gn | 7 +- ...terpermactivestatuscallbackstub_fuzzer.cpp | 6 +- .../updateseccompenhancestub_fuzzer/BUILD.gn | 8 +- .../updateseccompenhancestub_fuzzer.cpp | 6 +- 64 files changed, 1342 insertions(+), 1922 deletions(-) delete mode 100644 frameworks/privacy/include/i_privacy_manager.h delete mode 100644 interfaces/innerkits/privacy/src/privacy_manager_proxy.cpp delete mode 100644 interfaces/innerkits/privacy/src/privacy_manager_proxy.h create mode 100644 services/privacymanager/idl/normal/IPrivacyManager.idl create mode 100644 services/privacymanager/idl/withseccompenhance/IPrivacyManager.idl delete mode 100644 services/privacymanager/include/service/privacy_manager_stub.h delete mode 100644 services/privacymanager/src/service/privacy_manager_stub.cpp create mode 100644 test/fuzztest/services/privacy/addpermissionusedrecordasyncstub_fuzzer/BUILD.gn create mode 100644 test/fuzztest/services/privacy/addpermissionusedrecordasyncstub_fuzzer/addpermissionusedrecordasyncstub_fuzzer.cpp rename frameworks/privacy/include/privacy_service_ipc_interface_code.h => test/fuzztest/services/privacy/addpermissionusedrecordasyncstub_fuzzer/addpermissionusedrecordasyncstub_fuzzer.h (33%) create mode 100644 test/fuzztest/services/privacy/addpermissionusedrecordasyncstub_fuzzer/corpus/init create mode 100644 test/fuzztest/services/privacy/addpermissionusedrecordasyncstub_fuzzer/project.xml diff --git a/frameworks/privacy/include/i_privacy_manager.h b/frameworks/privacy/include/i_privacy_manager.h deleted file mode 100644 index 6c8cf6a2a..000000000 --- a/frameworks/privacy/include/i_privacy_manager.h +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Copyright (c) 2022-2023 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef I_PRIVACY_MANAGER_H -#define I_PRIVACY_MANAGER_H - -#include - -#include "access_token.h" -#include "add_perm_param_info_parcel.h" -#include "errors.h" -#include "iremote_broker.h" - -#include "on_permission_used_record_callback.h" -#include "privacy_service_ipc_interface_code.h" -#include "permission_used_request_parcel.h" -#include "permission_used_result_parcel.h" -#include "permission_used_type_info_parcel.h" -#include "privacy_param.h" -#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE -#include "sec_comp_enhance_data_parcel.h" -#endif - -/* SAID:3505 */ -namespace OHOS { -namespace Security { -namespace AccessToken { -class IPrivacyManager : public IRemoteBroker { -public: - static const int32_t SA_ID_PRIVACY_MANAGER_SERVICE = 3505; - - DECLARE_INTERFACE_DESCRIPTOR(u"ohos.security.accesstoken.IPrivacyManager"); - - virtual int32_t AddPermissionUsedRecord(const AddPermParamInfoParcel& infoParcel, bool asyncMode = false) = 0; - virtual int32_t SetPermissionUsedRecordToggleStatus(int32_t userID, bool status) = 0; - virtual int32_t GetPermissionUsedRecordToggleStatus(int32_t userID, bool& status) = 0; - virtual int32_t StartUsingPermission(const PermissionUsedTypeInfoParcel &infoParcel, - const sptr& anonyStub) = 0; - virtual int32_t StartUsingPermission(const PermissionUsedTypeInfoParcel &infoParcel, - const sptr& callback, const sptr& anonyStub) = 0; - virtual int32_t StopUsingPermission(AccessTokenID tokenID, int32_t pid, const std::string& permissionName) = 0; - virtual int32_t RemovePermissionUsedRecords(AccessTokenID tokenID) = 0; - virtual int32_t GetPermissionUsedRecords( - const PermissionUsedRequestParcel& request, PermissionUsedResultParcel& result) = 0; - virtual int32_t GetPermissionUsedRecords( - const PermissionUsedRequestParcel& request, const sptr& callback) = 0; - virtual int32_t RegisterPermActiveStatusCallback( - std::vector& permList, const sptr& callback) = 0; - virtual int32_t UnRegisterPermActiveStatusCallback(const sptr& callback) = 0; - virtual bool IsAllowedUsingPermission(AccessTokenID tokenID, const std::string& permissionName, int32_t pid) = 0; - virtual int32_t SetMutePolicy(uint32_t policyType, uint32_t callerType, bool isMute, AccessTokenID tokenID) = 0; - virtual int32_t SetHapWithFGReminder(uint32_t tokenId, bool isAllowed) = 0; -#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE - virtual int32_t RegisterSecCompEnhance(const SecCompEnhanceDataParcel& enhanceParcel) = 0; - virtual int32_t UpdateSecCompEnhance(int32_t pid, uint32_t seqNum) = 0; - virtual int32_t GetSecCompEnhance(int32_t pid, SecCompEnhanceDataParcel& enhanceParcel) = 0; - virtual int32_t GetSpecialSecCompEnhance(const std::string& bundleName, - std::vector& enhanceParcelList) = 0; -#endif - virtual int32_t GetPermissionUsedTypeInfos(const AccessTokenID tokenId, const std::string& permissionName, - std::vector& resultsParcel) = 0; -}; -} // namespace AccessToken -} // namespace Security -} // namespace OHOS - -#endif // I_PRIVACY_MANAGER_H diff --git a/interfaces/innerkits/privacy/BUILD.gn b/interfaces/innerkits/privacy/BUILD.gn index 1b1c41ad0..014dfce75 100644 --- a/interfaces/innerkits/privacy/BUILD.gn +++ b/interfaces/innerkits/privacy/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2022-2023 Huawei Device Co., Ltd. +# Copyright (c) 2022-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -36,7 +36,10 @@ if (is_standard_system) { output_name = "libprivacy_sdk" - public_configs = [ ":pricacy" ] + public_configs = [ + ":pricacy", + "${access_token_path}/services/privacymanager:privacy_manager_gen_config", + ] include_dirs = [ "${access_token_path}/frameworks/privacy/include", @@ -54,7 +57,6 @@ if (is_standard_system) { "src/privacy_death_recipient.cpp", "src/privacy_kit.cpp", "src/privacy_manager_client.cpp", - "src/privacy_manager_proxy.cpp", "src/state_change_callback.cpp", "src/state_change_callback_stub.cpp", "src/state_customized_cbk.cpp", @@ -64,6 +66,7 @@ if (is_standard_system) { "${access_token_path}/frameworks/common:accesstoken_common_cxx", "${access_token_path}/frameworks/privacy:privacy_communication_adapter_cxx", "${access_token_path}/services/common/proxy_death:proxy_death_stub", + "${access_token_path}/services/privacymanager:privacy_manager_proxy", ] configs = [ diff --git a/interfaces/innerkits/privacy/src/privacy_manager_client.cpp b/interfaces/innerkits/privacy/src/privacy_manager_client.cpp index b3ecd9fa4..386881c40 100644 --- a/interfaces/innerkits/privacy/src/privacy_manager_client.cpp +++ b/interfaces/innerkits/privacy/src/privacy_manager_client.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022-2023 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -30,6 +30,7 @@ namespace { const static int32_t MAX_CALLBACK_SIZE = 200; const static int32_t MAX_PERM_LIST_SIZE = 1024; constexpr const char* CAMERA_PERMISSION_NAME = "ohos.permission.CAMERA"; +static const int32_t SA_ID_PRIVACY_MANAGER_SERVICE = 3505; std::recursive_mutex g_instanceMutex; } // namespace @@ -56,6 +57,21 @@ PrivacyManagerClient::~PrivacyManagerClient() ReleaseProxy(); } +static int32_t ConvertResult(int32_t& ret) +{ + switch(ret) { + case ERR_INVALID_DATA: + ret = ERR_WRITE_PARCEL_FAILED; + break; + case ERR_TRANSACTION_FAILED: + ret = ERR_SERVICE_ABNORMAL; + break; + default: + return ret; + } + return ret; +} + int32_t PrivacyManagerClient::AddPermissionUsedRecord(const AddPermParamInfo& info, bool asyncMode) { auto proxy = GetProxy(); @@ -65,7 +81,13 @@ int32_t PrivacyManagerClient::AddPermissionUsedRecord(const AddPermParamInfo& in } AddPermParamInfoParcel infoParcel; infoParcel.info = info; - return proxy->AddPermissionUsedRecord(infoParcel, asyncMode); + int32_t ret; + if (asyncMode) { + ret = proxy->AddPermissionUsedRecordAsync(infoParcel); + } else { + ret = proxy->AddPermissionUsedRecord(infoParcel); + } + return ConvertResult(ret); } int32_t PrivacyManagerClient::SetPermissionUsedRecordToggleStatus(int32_t userID, bool status) @@ -76,7 +98,8 @@ int32_t PrivacyManagerClient::SetPermissionUsedRecordToggleStatus(int32_t userID return PrivacyError::ERR_SERVICE_ABNORMAL; } - return proxy->SetPermissionUsedRecordToggleStatus(userID, status); + int32_t ret = proxy->SetPermissionUsedRecordToggleStatus(userID, status); + return ConvertResult(ret); } int32_t PrivacyManagerClient::GetPermissionUsedRecordToggleStatus(int32_t userID, bool& status) @@ -87,7 +110,8 @@ int32_t PrivacyManagerClient::GetPermissionUsedRecordToggleStatus(int32_t userID return PrivacyError::ERR_SERVICE_ABNORMAL; } - return proxy->GetPermissionUsedRecordToggleStatus(userID, status); + int32_t ret = proxy->GetPermissionUsedRecordToggleStatus(userID, status); + return ConvertResult(ret); } int32_t PrivacyManagerClient::StartUsingPermission( @@ -110,7 +134,8 @@ int32_t PrivacyManagerClient::StartUsingPermission( LOGE(PRI_DOMAIN, PRI_TAG, "Proxy death recipent is null."); return PrivacyError::ERR_MALLOC_FAILED; } - return proxy->StartUsingPermission(parcel, anonyStub); + int32_t ret = proxy->StartUsingPermission(parcel, anonyStub); + return ConvertResult(ret); } int32_t PrivacyManagerClient::CreateStateChangeCbk(uint64_t id, @@ -161,13 +186,13 @@ int32_t PrivacyManagerClient::StartUsingPermission(AccessTokenID tokenId, int32_ LOGE(PRI_DOMAIN, PRI_TAG, "Proxy death recipent is null."); return PrivacyError::ERR_MALLOC_FAILED; } - result = proxy->StartUsingPermission(parcel, callbackWrap->AsObject(), anonyStub); + result = proxy->StartUsingPermissionCallback(parcel, callbackWrap->AsObject(), anonyStub); if (result == RET_SUCCESS) { std::lock_guard lock(stateCbkMutex_); stateChangeCallbackMap_[id] = callbackWrap; LOGI(PRI_DOMAIN, PRI_TAG, "CallbackObject added."); } - return result; + return ConvertResult(result); } int32_t PrivacyManagerClient::StopUsingPermission( @@ -187,7 +212,8 @@ int32_t PrivacyManagerClient::StopUsingPermission( } } - return proxy->StopUsingPermission(tokenID, pid, permissionName); + int32_t ret = proxy->StopUsingPermission(tokenID, pid, permissionName); + return ConvertResult(ret); } int32_t PrivacyManagerClient::RemovePermissionUsedRecords(AccessTokenID tokenID) @@ -197,7 +223,8 @@ int32_t PrivacyManagerClient::RemovePermissionUsedRecords(AccessTokenID tokenID) LOGE(PRI_DOMAIN, PRI_TAG, "Proxy is null."); return PrivacyError::ERR_SERVICE_ABNORMAL; } - return proxy->RemovePermissionUsedRecords(tokenID); + int32_t ret = proxy->RemovePermissionUsedRecords(tokenID); + return ConvertResult(ret); } int32_t PrivacyManagerClient::GetPermissionUsedRecords( @@ -214,7 +241,7 @@ int32_t PrivacyManagerClient::GetPermissionUsedRecords( requestParcel.request = request; int32_t ret = proxy->GetPermissionUsedRecords(requestParcel, resultParcel); result = resultParcel.result; - return ret; + return ConvertResult(ret); } int32_t PrivacyManagerClient::GetPermissionUsedRecords(const PermissionUsedRequest& request, @@ -228,7 +255,8 @@ int32_t PrivacyManagerClient::GetPermissionUsedRecords(const PermissionUsedReque PermissionUsedRequestParcel requestParcel; requestParcel.request = request; - return proxy->GetPermissionUsedRecords(requestParcel, callback); + int32_t ret = proxy->GetPermissionUsedRecordsAsync(requestParcel, callback); + return ConvertResult(ret); } int32_t PrivacyManagerClient::CreateActiveStatusChangeCbk( @@ -285,7 +313,7 @@ int32_t PrivacyManagerClient::RegisterPermActiveStatusCallback( activeCbkMap_[callback] = callbackWrap; LOGI(PRI_DOMAIN, PRI_TAG, "CallbackObject added."); } - return result; + return ConvertResult(result); } int32_t PrivacyManagerClient::UnRegisterPermActiveStatusCallback( @@ -308,7 +336,7 @@ int32_t PrivacyManagerClient::UnRegisterPermActiveStatusCallback( if (result == RET_SUCCESS) { activeCbkMap_.erase(goalCallback); } - return result; + return ConvertResult(result); } bool PrivacyManagerClient::IsAllowedUsingPermission(AccessTokenID tokenID, const std::string& permissionName, @@ -319,7 +347,9 @@ bool PrivacyManagerClient::IsAllowedUsingPermission(AccessTokenID tokenID, const LOGE(PRI_DOMAIN, PRI_TAG, "Proxy is null."); return false; } - return proxy->IsAllowedUsingPermission(tokenID, permissionName, pid); + bool isAllowed = false; + proxy->IsAllowedUsingPermission(tokenID, permissionName, pid, isAllowed); + return isAllowed; } #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE @@ -332,7 +362,8 @@ int32_t PrivacyManagerClient::RegisterSecCompEnhance(const SecCompEnhanceData& e } SecCompEnhanceDataParcel registerParcel; registerParcel.enhanceData = enhance; - return proxy->RegisterSecCompEnhance(registerParcel); + int32_t ret = proxy->RegisterSecCompEnhance(registerParcel); + return ConvertResult(ret); } int32_t PrivacyManagerClient::UpdateSecCompEnhance(int32_t pid, uint32_t seqNum) @@ -342,7 +373,8 @@ int32_t PrivacyManagerClient::UpdateSecCompEnhance(int32_t pid, uint32_t seqNum) LOGE(PRI_DOMAIN, PRI_TAG, "Proxy is null."); return PrivacyError::ERR_PARAM_INVALID; } - return proxy->UpdateSecCompEnhance(pid, seqNum); + int32_t ret = proxy->UpdateSecCompEnhance(pid, seqNum); + return ConvertResult(ret); } int32_t PrivacyManagerClient::GetSecCompEnhance(int32_t pid, SecCompEnhanceData& enhance) @@ -355,7 +387,7 @@ int32_t PrivacyManagerClient::GetSecCompEnhance(int32_t pid, SecCompEnhanceData& SecCompEnhanceDataParcel parcel; int32_t res = proxy->GetSecCompEnhance(pid, parcel); if (res != RET_SUCCESS) { - return res; + return ConvertResult(res); } enhance = parcel.enhanceData; return RET_SUCCESS; @@ -372,7 +404,7 @@ int32_t PrivacyManagerClient::GetSpecialSecCompEnhance(const std::string& bundle std::vector parcelList; int32_t res = proxy->GetSpecialSecCompEnhance(bundleName, parcelList); if (res != RET_SUCCESS) { - return res; + return ConvertResult(res); } std::transform(parcelList.begin(), parcelList.end(), std::back_inserter(enhanceList), @@ -393,7 +425,7 @@ int32_t PrivacyManagerClient::GetPermissionUsedTypeInfos(const AccessTokenID tok std::vector resultsParcel; int32_t res = proxy->GetPermissionUsedTypeInfos(tokenId, permissionName, resultsParcel); if (res != RET_SUCCESS) { - return res; + return ConvertResult(res); } std::transform(resultsParcel.begin(), resultsParcel.end(), std::back_inserter(results), @@ -409,7 +441,8 @@ int32_t PrivacyManagerClient::SetMutePolicy(uint32_t policyType, uint32_t caller LOGE(PRI_DOMAIN, PRI_TAG, "Proxy is null."); return PrivacyError::ERR_SERVICE_ABNORMAL; } - return proxy->SetMutePolicy(policyType, callerType, isMute, tokenID); + int32_t ret = proxy->SetMutePolicy(policyType, callerType, isMute, tokenID); + return ConvertResult(ret); } int32_t PrivacyManagerClient::SetHapWithFGReminder(uint32_t tokenId, bool isAllowed) @@ -419,7 +452,8 @@ int32_t PrivacyManagerClient::SetHapWithFGReminder(uint32_t tokenId, bool isAllo LOGE(PRI_DOMAIN, PRI_TAG, "Proxy is null."); return PrivacyError::ERR_SERVICE_ABNORMAL; } - return proxy->SetHapWithFGReminder(tokenId, isAllowed); + int32_t ret = proxy->SetHapWithFGReminder(tokenId, isAllowed); + return ConvertResult(ret); } uint64_t PrivacyManagerClient::GetUniqueId(uint32_t tokenId, int32_t pid) const @@ -436,10 +470,9 @@ void PrivacyManagerClient::InitProxy() LOGD(PRI_DOMAIN, PRI_TAG, "GetSystemAbilityManager is null"); return; } - auto privacySa = sam->CheckSystemAbility(IPrivacyManager::SA_ID_PRIVACY_MANAGER_SERVICE); + auto privacySa = sam->CheckSystemAbility(SA_ID_PRIVACY_MANAGER_SERVICE); if (privacySa == nullptr) { - LOGD(PRI_DOMAIN, PRI_TAG, "CheckSystemAbility %{public}d is null", - IPrivacyManager::SA_ID_PRIVACY_MANAGER_SERVICE); + LOGD(PRI_DOMAIN, PRI_TAG, "CheckSystemAbility %{public}d is null", SA_ID_PRIVACY_MANAGER_SERVICE); return; } diff --git a/interfaces/innerkits/privacy/src/privacy_manager_client.h b/interfaces/innerkits/privacy/src/privacy_manager_client.h index 9003ec57c..8dcca2149 100644 --- a/interfaces/innerkits/privacy/src/privacy_manager_client.h +++ b/interfaces/innerkits/privacy/src/privacy_manager_client.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022-2023 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #include #include -#include "i_privacy_manager.h" +#include "iprivacy_manager.h" #include "perm_active_status_change_callback.h" #include "perm_active_status_customized_cbk.h" #include "privacy_death_recipient.h" diff --git a/interfaces/innerkits/privacy/src/privacy_manager_proxy.cpp b/interfaces/innerkits/privacy/src/privacy_manager_proxy.cpp deleted file mode 100644 index 77f50a836..000000000 --- a/interfaces/innerkits/privacy/src/privacy_manager_proxy.cpp +++ /dev/null @@ -1,609 +0,0 @@ -/* - * Copyright (c) 2022-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "privacy_manager_proxy.h" - -#include "accesstoken_common_log.h" -#include "privacy_error.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { - -#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE -static const int MAX_SEC_COMP_ENHANCE_SIZE = 1000; -#endif -// if change this, copy value in privacy_kit_test.cpp should change together -static const uint32_t MAX_PERMISSION_USED_TYPE_SIZE = 2000; -} - -PrivacyManagerProxy::PrivacyManagerProxy(const sptr& impl) - : IRemoteProxy(impl) { -} - -PrivacyManagerProxy::~PrivacyManagerProxy() -{} - -int32_t PrivacyManagerProxy::AddPermissionUsedRecord(const AddPermParamInfoParcel& infoParcel, bool asyncMode) -{ - MessageParcel addData; - addData.WriteInterfaceToken(IPrivacyManager::GetDescriptor()); - if (!addData.WriteParcelable(&infoParcel)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteParcelable(infoParcel)"); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(PrivacyInterfaceCode::ADD_PERMISSION_USED_RECORD, addData, reply, asyncMode)) { - return PrivacyError::ERR_SERVICE_ABNORMAL; - } - int32_t result = reply.ReadInt32(); - LOGI(PRI_DOMAIN, PRI_TAG, "Result from server data = %{public}d", result); - return result; -} - -int32_t PrivacyManagerProxy::SetPermissionUsedRecordToggleStatus(int32_t userID, bool status) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write WriteInterfaceToken."); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteInt32(userID)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write userID"); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteBool(status)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write status"); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(PrivacyInterfaceCode::SET_PERMISSION_USED_RECORD_TOGGLE_STATUS, data, reply)) { - return PrivacyError::ERR_SERVICE_ABNORMAL; - } - - int32_t result = 0; - if (!reply.ReadInt32(result)) { - LOGI(PRI_DOMAIN, PRI_TAG, "Result from server (error=%{public}d)", result); - return ERR_READ_PARCEL_FAILED; - } - LOGI(PRI_DOMAIN, PRI_TAG, "Result from server data = %{public}d", result); - return result; -} - -int32_t PrivacyManagerProxy::GetPermissionUsedRecordToggleStatus(int32_t userID, bool& status) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write WriteInterfaceToken."); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteInt32(userID)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write userID"); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(PrivacyInterfaceCode::GET_PERMISSION_USED_RECORD_TOGGLE_STATUS, data, reply)) { - return PrivacyError::ERR_SERVICE_ABNORMAL; - } - - int32_t result = 0; - if (!reply.ReadInt32(result)) { - LOGI(PRI_DOMAIN, PRI_TAG, "Result from server (error=%{public}d)", result); - return ERR_READ_PARCEL_FAILED; - } - if (result != RET_SUCCESS) { - LOGE(PRI_DOMAIN, PRI_TAG, "Result from server data = %{public}d", result); - return result; - } - - if (!reply.ReadBool(status)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to read status"); - return ERR_READ_PARCEL_FAILED; - } - LOGI(PRI_DOMAIN, PRI_TAG, "Result from server data = %{public}d", result); - return result; -} - -int32_t PrivacyManagerProxy::StartUsingPermission( - const PermissionUsedTypeInfoParcel &infoParcel, const sptr& anonyStub) -{ - MessageParcel startData; - startData.WriteInterfaceToken(IPrivacyManager::GetDescriptor()); - if (!startData.WriteParcelable(&infoParcel)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write permission used info parcel."); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - if (!startData.WriteRemoteObject(anonyStub)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write remote object."); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(PrivacyInterfaceCode::START_USING_PERMISSION, startData, reply)) { - return PrivacyError::ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(PRI_DOMAIN, PRI_TAG, "Result from server data = %{public}d", result); - return result; -} - -int32_t PrivacyManagerProxy::StartUsingPermission( - const PermissionUsedTypeInfoParcel &infoParcel, - const sptr& callback, const sptr& anonyStub) -{ - MessageParcel data; - data.WriteInterfaceToken(IPrivacyManager::GetDescriptor()); - if (!data.WriteParcelable(&infoParcel)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write permission used info parcel."); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteRemoteObject(callback)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write remote object."); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - - if (!data.WriteRemoteObject(anonyStub)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write remote object."); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(PrivacyInterfaceCode::START_USING_PERMISSION_CALLBACK, data, reply)) { - LOGE(PRI_DOMAIN, PRI_TAG, "SendRequest fail"); - return PrivacyError::ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(PRI_DOMAIN, PRI_TAG, "Result from server data = %{public}d", result); - return result; -} - -int32_t PrivacyManagerProxy::StopUsingPermission( - AccessTokenID tokenID, int32_t pid, const std::string& permissionName) -{ - MessageParcel stopData; - stopData.WriteInterfaceToken(IPrivacyManager::GetDescriptor()); - if (!stopData.WriteUint32(tokenID)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write tokenID"); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - if (!stopData.WriteInt32(pid)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write pid"); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - if (!stopData.WriteString(permissionName)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write permissionName"); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(PrivacyInterfaceCode::STOP_USING_PERMISSION, stopData, reply)) { - return PrivacyError::ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(PRI_DOMAIN, PRI_TAG, "Result from server data = %{public}d", result); - return result; -} - -int32_t PrivacyManagerProxy::RemovePermissionUsedRecords(AccessTokenID tokenID) -{ - MessageParcel data; - data.WriteInterfaceToken(IPrivacyManager::GetDescriptor()); - if (!data.WriteUint32(tokenID)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteUint32(%{public}d)", tokenID); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(PrivacyInterfaceCode::DELETE_PERMISSION_USED_RECORDS, data, reply)) { - return PrivacyError::ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(PRI_DOMAIN, PRI_TAG, "Result from server data = %{public}d", result); - return result; -} - -int32_t PrivacyManagerProxy::GetPermissionUsedRecords(const PermissionUsedRequestParcel& request, - PermissionUsedResultParcel& result) -{ - MessageParcel data; - data.WriteInterfaceToken(IPrivacyManager::GetDescriptor()); - if (!data.WriteParcelable(&request)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteParcelable(request)"); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(PrivacyInterfaceCode::GET_PERMISSION_USED_RECORDS, data, reply)) { - return PrivacyError::ERR_SERVICE_ABNORMAL; - } - - int32_t ret = reply.ReadInt32(); - LOGI(PRI_DOMAIN, PRI_TAG, "Result from server data = %{public}d", ret); - if (ret != RET_SUCCESS) { - return ret; - } - sptr resultSptr = reply.ReadParcelable(); - if (resultSptr == nullptr) { - LOGE(PRI_DOMAIN, PRI_TAG, "ReadParcelable fail"); - return PrivacyError::ERR_READ_PARCEL_FAILED; - } - result = *resultSptr; - return ret; -} - -int32_t PrivacyManagerProxy::GetPermissionUsedRecords(const PermissionUsedRequestParcel& request, - const sptr& callback) -{ - MessageParcel data; - data.WriteInterfaceToken(IPrivacyManager::GetDescriptor()); - if (!data.WriteParcelable(&request)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteParcelable(request)"); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteRemoteObject(callback->AsObject())) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteRemoteObject(callback)"); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(PrivacyInterfaceCode::GET_PERMISSION_USED_RECORDS_ASYNC, data, reply)) { - return PrivacyError::ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(PRI_DOMAIN, PRI_TAG, "Result from server data = %{public}d", result); - return result; -} - -int32_t PrivacyManagerProxy::RegisterPermActiveStatusCallback( - std::vector& permList, const sptr& callback) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write WriteInterfaceToken."); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - - uint32_t listSize = permList.size(); - if (!data.WriteUint32(listSize)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write listSize"); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - for (uint32_t i = 0; i < listSize; i++) { - if (!data.WriteString(permList[i])) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write permList[%{public}d], %{public}s", i, permList[i].c_str()); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - } - - if (!data.WriteRemoteObject(callback)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write remote object."); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - MessageParcel reply; - if (!SendRequest(PrivacyInterfaceCode::REGISTER_PERM_ACTIVE_STATUS_CHANGE_CALLBACK, data, reply)) { - return PrivacyError::ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(PRI_DOMAIN, PRI_TAG, "Result from server data = %{public}d", result); - return result; -} - -int32_t PrivacyManagerProxy::UnRegisterPermActiveStatusCallback(const sptr& callback) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write WriteInterfaceToken."); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteRemoteObject(callback)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write remote object."); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - MessageParcel reply; - if (!SendRequest( - PrivacyInterfaceCode::UNREGISTER_PERM_ACTIVE_STATUS_CHANGE_CALLBACK, data, reply)) { - return PrivacyError::ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(PRI_DOMAIN, PRI_TAG, "Result from server data = %{public}d", result); - return result; -} - -bool PrivacyManagerProxy::IsAllowedUsingPermission(AccessTokenID tokenID, const std::string& permissionName, - int32_t pid) -{ - MessageParcel data; - MessageParcel reply; - if (!data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write WriteInterfaceToken."); - return false; - } - if (!data.WriteUint32(tokenID)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteUint32(%{public}d)", tokenID); - return false; - } - if (!data.WriteString(permissionName)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteString(%{public}s)", permissionName.c_str()); - return false; - } - if (!data.WriteInt32(pid)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteInt32(%{public}d)", pid); - return false; - } - if (!SendRequest(PrivacyInterfaceCode::IS_ALLOWED_USING_PERMISSION, data, reply)) { - return false; - } - - bool result = reply.ReadBool(); - LOGI(PRI_DOMAIN, PRI_TAG, "Result from server data = %{public}d", result); - return result; -} - -#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE -int32_t PrivacyManagerProxy::RegisterSecCompEnhance(const SecCompEnhanceDataParcel& enhance) -{ - MessageParcel data; - MessageParcel reply; - if (!data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write WriteInterfaceToken."); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - - if (!data.WriteParcelable(&enhance)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write parcel."); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - - if (!SendRequest(PrivacyInterfaceCode::REGISTER_SEC_COMP_ENHANCE, data, reply, true)) { - return PrivacyError::ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(PRI_DOMAIN, PRI_TAG, "Result from server data = %{public}d", result); - return result; -} - -int32_t PrivacyManagerProxy::UpdateSecCompEnhance(int32_t pid, uint32_t seqNum) -{ - MessageParcel data; - MessageParcel reply; - if (!data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write GetDescriptor."); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteInt32(pid)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write pid=%{public}d.", pid); - return false; - } - if (!data.WriteUint32(seqNum)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write seqNum=%{public}u.", seqNum); - return false; - } - if (!SendRequest(PrivacyInterfaceCode::UPDATE_SEC_COMP_ENHANCE, data, reply)) { - return PrivacyError::ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(PRI_DOMAIN, PRI_TAG, "Result=%{public}d", result); - return result; -} - -int32_t PrivacyManagerProxy::GetSecCompEnhance(int32_t pid, SecCompEnhanceDataParcel& enhanceParcel) -{ - MessageParcel data; - MessageParcel reply; - if (!data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write WriteInterfaceToken."); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteInt32(pid)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteInt32(%{public}d)", pid); - return false; - } - if (!SendRequest(PrivacyInterfaceCode::GET_SEC_COMP_ENHANCE, data, reply)) { - return PrivacyError::ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(PRI_DOMAIN, PRI_TAG, "Result from server data = %{public}d", result); - if (result != RET_SUCCESS) { - return result; - } - - sptr parcel = reply.ReadParcelable(); - if (parcel != nullptr) { - enhanceParcel = *parcel; - } - return result; -} - -int32_t PrivacyManagerProxy::GetSpecialSecCompEnhance(const std::string& bundleName, - std::vector& enhanceParcelList) -{ - MessageParcel data; - MessageParcel reply; - if (!data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write WriteInterfaceToken."); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - - if (!data.WriteString(bundleName)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write string."); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - - if (!SendRequest(PrivacyInterfaceCode::GET_SPECIAL_SEC_COMP_ENHANCE, data, reply)) { - return PrivacyError::ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(PRI_DOMAIN, PRI_TAG, "Result from server data = %{public}d", result); - if (result != RET_SUCCESS) { - return result; - } - - uint32_t size = reply.ReadUint32(); - if (size > MAX_SEC_COMP_ENHANCE_SIZE) { - LOGE(PRI_DOMAIN, PRI_TAG, "Size = %{public}d get from request is invalid", size); - return PrivacyError::ERR_OVERSIZE; - } - for (uint32_t i = 0; i < size; i++) { - sptr parcel = reply.ReadParcelable(); - if (parcel != nullptr) { - enhanceParcelList.emplace_back(*parcel); - } - } - return result; -} -#endif - -int32_t PrivacyManagerProxy::GetPermissionUsedTypeInfos(const AccessTokenID tokenId, const std::string& permissionName, - std::vector& resultsParcel) -{ - MessageParcel data; - MessageParcel reply; - if (!data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write WriteInterfaceToken."); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenId)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteUint32(%{public}d)", tokenId); - return false; - } - if (!data.WriteString(permissionName)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteString(%{public}s)", permissionName.c_str()); - return false; - } - - if (!SendRequest(PrivacyInterfaceCode::GET_PERMISSION_USED_TYPE_INFOS, data, reply)) { - return PrivacyError::ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(PRI_DOMAIN, PRI_TAG, "Result from server is %{public}d.", result); - if (result != RET_SUCCESS) { - return result; - } - - uint32_t size = reply.ReadUint32(); - if (size > MAX_PERMISSION_USED_TYPE_SIZE) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed, results oversize %{public}d, please add query params!", size); - return PrivacyError::ERR_OVERSIZE; - } - for (uint32_t i = 0; i < size; i++) { - sptr parcel = reply.ReadParcelable(); - if (parcel != nullptr) { - resultsParcel.emplace_back(*parcel); - } - } - return result; -} - -int32_t PrivacyManagerProxy::SetMutePolicy(uint32_t policyType, uint32_t callerType, bool isMute, AccessTokenID tokenID) -{ - MessageParcel data; - MessageParcel reply; - if (!data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write WriteInterfaceToken."); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - - if (!data.WriteUint32(policyType)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteUint32(%{public}d)", policyType); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(callerType)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteUint32(%{public}d)", callerType); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteBool(isMute)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteBool(%{public}d)", isMute); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteUint32(%{public}d)", tokenID); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - if (!SendRequest(PrivacyInterfaceCode::SET_MUTE_POLICY, data, reply)) { - return PrivacyError::ERR_SERVICE_ABNORMAL; - } - int32_t result = reply.ReadInt32(); - LOGI(PRI_DOMAIN, PRI_TAG, "result from server is %{public}d.", result); - return result; -} - -int32_t PrivacyManagerProxy::SetHapWithFGReminder(uint32_t tokenId, bool isAllowed) -{ - MessageParcel data; - MessageParcel reply; - if (!data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write WriteInterfaceToken."); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - - if (!data.WriteUint32(tokenId)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteUint32(%{public}d)", tokenId); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - - if (!data.WriteBool(isAllowed)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteBool(%{public}d)", isAllowed); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - if (!SendRequest(PrivacyInterfaceCode::SET_HAP_WITH_FOREGROUND_REMINDER, data, reply)) { - return PrivacyError::ERR_SERVICE_ABNORMAL; - } - int32_t result = reply.ReadInt32(); - LOGI(PRI_DOMAIN, PRI_TAG, "Result from server is %{public}d.", result); - return result; -} - -bool PrivacyManagerProxy::SendRequest( - PrivacyInterfaceCode code, MessageParcel& data, MessageParcel& reply, bool asyncMode) -{ - int flag = 0; - if (asyncMode) { - flag = static_cast(MessageOption::TF_ASYNC); - } else { - flag = static_cast(MessageOption::TF_SYNC); - } - MessageOption option(flag); - sptr remote = Remote(); - if (remote == nullptr) { - LOGE(PRI_DOMAIN, PRI_TAG, "Remote service null."); - return false; - } - - int32_t result = remote->SendRequest(static_cast(code), data, reply, option); - if (result != NO_ERROR) { - LOGE(PRI_DOMAIN, PRI_TAG, "SendRequest(code=%{public}d) fail, result: %{public}d", code, result); - return false; - } - return true; -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS diff --git a/interfaces/innerkits/privacy/src/privacy_manager_proxy.h b/interfaces/innerkits/privacy/src/privacy_manager_proxy.h deleted file mode 100644 index c9da62420..000000000 --- a/interfaces/innerkits/privacy/src/privacy_manager_proxy.h +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright (c) 2022-2023 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef PRIVACY_MANAGER_PROXY_H -#define PRIVACY_MANAGER_PROXY_H - -#include - -#include "i_privacy_manager.h" -#include "iremote_proxy.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -class PrivacyManagerProxy : public IRemoteProxy { -public: - explicit PrivacyManagerProxy(const sptr& impl); - ~PrivacyManagerProxy() override; - - int32_t AddPermissionUsedRecord(const AddPermParamInfoParcel& infoParcel, bool asyncMode = false) override; - int32_t SetPermissionUsedRecordToggleStatus(int32_t userID, bool status) override; - int32_t GetPermissionUsedRecordToggleStatus(int32_t userID, bool& status) override; - int32_t StartUsingPermission(const PermissionUsedTypeInfoParcel &infoParcel, - const sptr& anonyStub) override; - int32_t StartUsingPermission(const PermissionUsedTypeInfoParcel &infoParcel, - const sptr& callback, const sptr& anonyStub) override; - int32_t StopUsingPermission(AccessTokenID tokenID, int32_t pid, const std::string& permissionName) override; - int32_t RemovePermissionUsedRecords(AccessTokenID tokenID) override; - int32_t GetPermissionUsedRecords( - const PermissionUsedRequestParcel& request, PermissionUsedResultParcel& result) override; - int32_t GetPermissionUsedRecords(const PermissionUsedRequestParcel& request, - const sptr& callback) override; - int32_t RegisterPermActiveStatusCallback( - std::vector& permList, const sptr& callback) override; - int32_t UnRegisterPermActiveStatusCallback(const sptr& callback) override; - bool IsAllowedUsingPermission(AccessTokenID tokenID, const std::string& permissionName, int32_t pid) override; -#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE - int32_t RegisterSecCompEnhance(const SecCompEnhanceDataParcel& enhance) override; - int32_t UpdateSecCompEnhance(int32_t pid, uint32_t seqNum) override; - int32_t GetSecCompEnhance(int32_t pid, SecCompEnhanceDataParcel& enhanceParcel) override; - int32_t GetSpecialSecCompEnhance(const std::string& bundleName, - std::vector& enhanceParcelList) override; -#endif - int32_t GetPermissionUsedTypeInfos(const AccessTokenID tokenId, const std::string& permissionName, - std::vector& resultsParcel) override; - int32_t SetMutePolicy(uint32_t policyType, uint32_t callerType, bool isMute, AccessTokenID tokenID) override; - int32_t SetHapWithFGReminder(uint32_t tokenId, bool isAllowed) override; -private: - bool SendRequest(PrivacyInterfaceCode code, MessageParcel& data, MessageParcel& reply, bool asyncMode = false); - static inline BrokerDelegator delegator_; -}; -} // namespace AccessToken -} // namespace Security -} // namespace OHOS -#endif // PRIVACY_MANAGER_PROXY_H diff --git a/interfaces/innerkits/privacy/test/BUILD.gn b/interfaces/innerkits/privacy/test/BUILD.gn index e4a1974ae..512f457f3 100644 --- a/interfaces/innerkits/privacy/test/BUILD.gn +++ b/interfaces/innerkits/privacy/test/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2022-2024 Huawei Device Co., Ltd. +# Copyright (c) 2022-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -107,7 +107,6 @@ ohos_unittest("libprivacy_mock_test") { "../src/privacy_death_recipient.cpp", "../src/privacy_kit.cpp", "../src/privacy_manager_client.cpp", - "../src/privacy_manager_proxy.cpp", "../src/state_change_callback.cpp", "../src/state_change_callback_stub.cpp", "../src/state_customized_cbk.cpp", @@ -115,7 +114,10 @@ ohos_unittest("libprivacy_mock_test") { "unittest/privacy_mock_test/privacy_kit_test.cpp", ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/privacymanager:privacy_manager_gen_config", + ] deps = [ "${access_token_path}/frameworks/common:accesstoken_common_cxx", @@ -124,6 +126,7 @@ ohos_unittest("libprivacy_mock_test") { "${access_token_path}/interfaces/innerkits/nativetoken:libnativetoken_shared", "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", "${access_token_path}/services/common/proxy_death:proxy_death_stub", + "${access_token_path}/services/privacymanager:privacy_manager_proxy", ] external_deps = [ diff --git a/interfaces/innerkits/privacy/test/unittest/src/privacy_kit_test.cpp b/interfaces/innerkits/privacy/test/unittest/src/privacy_kit_test.cpp index 69e4db493..0a94315a4 100644 --- a/interfaces/innerkits/privacy/test/unittest/src/privacy_kit_test.cpp +++ b/interfaces/innerkits/privacy/test/unittest/src/privacy_kit_test.cpp @@ -2071,7 +2071,8 @@ HWTEST_F(PrivacyKitTest, RegisterSecCompEnhance001, TestSize.Level1) data.callback = nullptr; data.challenge = 0; data.seqNum = 0; - EXPECT_EQ(PrivacyError::ERR_WRITE_PARCEL_FAILED, PrivacyKit::RegisterSecCompEnhance(data)); + // write parcel failed, return ERR_INVALID_DATA 5 + EXPECT_NE(RET_SUCCESS, PrivacyKit::RegisterSecCompEnhance(data)); // StateChangeCallback is not the real callback of SecCompEnhance, but it does not effect the final result. auto callbackPtr = std::make_shared(); @@ -2534,7 +2535,7 @@ HWTEST_F(PrivacyKitTest, GetPermissionUsedTypeInfos006, TestSize.Level1) g_infoParmsC.bundleName = bundleName; AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoParmsC, g_policyPramsC); AccessTokenID tokenId = tokenIdEx.tokenIdExStruct.tokenID; - ASSERT_NE(tokenId, INVALID_TOKENID); + EXPECT_NE(tokenId, INVALID_TOKENID); tokenIdList.emplace_back(tokenId); AddPermParamInfo info; @@ -2542,18 +2543,18 @@ HWTEST_F(PrivacyKitTest, GetPermissionUsedTypeInfos006, TestSize.Level1) info.permissionName = "ohos.permission.READ_CONTACTS"; info.successCount = 1; info.failCount = 0; - ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); + EXPECT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); } AccessTokenID tokenId = 0; std::string permissionName; std::vector results; // record over size - ASSERT_EQ(PrivacyError::ERR_OVERSIZE, PrivacyKit::GetPermissionUsedTypeInfos(tokenId, permissionName, results)); + EXPECT_EQ(PrivacyError::ERR_OVERSIZE, PrivacyKit::GetPermissionUsedTypeInfos(tokenId, permissionName, results)); for (const auto& id : tokenIdList) { PrivacyKit::RemovePermissionUsedRecords(id); - ASSERT_EQ(0, AccessTokenKit::DeleteToken(id)); + EXPECT_EQ(0, AccessTokenKit::DeleteToken(id)); } g_infoParmsC.bundleName = tmpBundleName; diff --git a/services/privacymanager/BUILD.gn b/services/privacymanager/BUILD.gn index 24f932dbd..e577f2c5e 100644 --- a/services/privacymanager/BUILD.gn +++ b/services/privacymanager/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2022-2024 Huawei Device Co., Ltd. +# Copyright (c) 2022-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -11,9 +11,101 @@ # See the License for the specific language governing permissions and # limitations under the License. +import("//build/config/components/idl_tool/idl.gni") import("//build/ohos.gni") import("../../access_token.gni") +idl_gen_interface("privacy_manager_interface") { + sources = [] + if (security_component_enhance_enable) { + sources += [ "./idl/withseccompenhance/IPrivacyManager.idl" ] + } else { + sources += [ "./idl/normal/IPrivacyManager.idl" ] + } + log_domainid = "0xD005A02" + log_tag = "PRIVACY" + subsystem_name = "security" + part_name = "access_token" +} + +config("privacy_manager_gen_config") { + include_dirs = [ "${target_gen_dir}" ] +} + +ohos_source_set("privacy_manager_proxy") { + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + } + + output_values = get_target_outputs(":privacy_manager_interface") + + include_dirs = [ + "${access_token_path}/frameworks/privacy/include", + "${access_token_path}/frameworks/common/include", + "${access_token_path}/interfaces/innerkits/accesstoken/include", + "${access_token_path}/interfaces/innerkits/privacy/include", + "${access_token_path}/interfaces/innerkits/privacy/src", + "include", + "src", + ] + + sources = filter_include(output_values, [ "*_proxy.cpp" ]) + + deps = [ + ":privacy_manager_interface", + "${access_token_path}/frameworks/privacy:privacy_communication_adapter_cxx", + ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + "ipc:ipc_single", + "samgr:samgr_proxy", + ] + + subsystem_name = "security" + part_name = "access_token" +} + +ohos_source_set("privacy_manager_stub") { + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + } + + output_values = get_target_outputs(":privacy_manager_interface") + + include_dirs = [ + "${access_token_path}/frameworks/privacy/include", + "${access_token_path}/frameworks/common/include", + "${access_token_path}/interfaces/innerkits/accesstoken/include", + "${access_token_path}/interfaces/innerkits/privacy/include", + "${access_token_path}/interfaces/innerkits/privacy/src", + "include", + "src", + ] + + sources = filter_include(output_values, [ "*_stub.cpp" ]) + + deps = [ + ":privacy_manager_interface", + "${access_token_path}/frameworks/privacy:privacy_communication_adapter_cxx", + ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + "ipc:ipc_single", + "samgr:samgr_proxy", + ] + + subsystem_name = "security" + part_name = "access_token" +} + ohos_prebuilt_etc("privacy.rc") { source = "privacy.cfg" relative_install_dir = "init" @@ -88,7 +180,6 @@ if (is_standard_system && ability_base_enable == true) { "src/sensitive/audio_manager/audio_manager_adapter.cpp", "src/sensitive/camera_manager/camera_manager_adapter.cpp", "src/service/privacy_manager_service.cpp", - "src/service/privacy_manager_stub.cpp", ] cflags_cc = [ @@ -98,6 +189,7 @@ if (is_standard_system && ability_base_enable == true) { configs = [ "${access_token_path}/config:access_token_compile_flags", "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/privacymanager:privacy_manager_gen_config", ] defines = [ "FEATURE_DTMF_TONE" ] @@ -109,6 +201,7 @@ if (is_standard_system && ability_base_enable == true) { "${access_token_path}/services/common:accesstoken_service_common", "${access_token_path}/services/common/proxy_death:proxy_death_handler", "${access_token_path}/services/privacymanager:privacy.rc", + "${access_token_path}/services/privacymanager:privacy_manager_stub", ] external_deps = [ diff --git a/services/privacymanager/idl/normal/IPrivacyManager.idl b/services/privacymanager/idl/normal/IPrivacyManager.idl new file mode 100644 index 000000000..4a238fdf5 --- /dev/null +++ b/services/privacymanager/idl/normal/IPrivacyManager.idl @@ -0,0 +1,41 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package OHOS.Security.AccessToken; +interface OHOS.Security.AccessToken.OnPermissionUsedRecordCallback; +sequenceable OHOS.IRemoteObject; +sequenceable OHOS.Security.AccessToken.AddPermParamInfoParcel; +sequenceable OHOS.Security.AccessToken.PermissionUsedTypeInfoParcel; +sequenceable OHOS.Security.AccessToken.PermissionUsedRequestParcel; +sequenceable OHOS.Security.AccessToken.PermissionUsedResultParcel; + +interface OHOS.Security.AccessToken.IPrivacyManager { + [ipccode 1] void AddPermissionUsedRecord([in] AddPermParamInfoParcel infoParcel); + [ipccode 2, oneway] void AddPermissionUsedRecordAsync([in] AddPermParamInfoParcel infoParcel); + [ipccode 3] void StartUsingPermission([in] PermissionUsedTypeInfoParcel infoParcel, [in] IRemoteObject anonyStub); + [ipccode 4] void StartUsingPermissionCallback([in] PermissionUsedTypeInfoParcel infoParcel, [in] IRemoteObject cb, [in] IRemoteObject anonyStub); + [ipccode 5] void StopUsingPermission([in] unsigned int tokenID, [in] int pid, [in] String permissionName); + [ipccode 6] void RemovePermissionUsedRecords([in] unsigned int tokenID); + [ipccode 7] void GetPermissionUsedRecords([in] PermissionUsedRequestParcel request, [out] PermissionUsedResultParcel resultParcel); + [ipccode 8] void GetPermissionUsedRecordsAsync([in] PermissionUsedRequestParcel request, [in] OnPermissionUsedRecordCallback cb); + [ipccode 9] void RegisterPermActiveStatusCallback([in] List permList, [in] IRemoteObject cb); + [ipccode 10] void UnRegisterPermActiveStatusCallback([in] IRemoteObject cb); + [ipccode 11] boolean IsAllowedUsingPermission([in] unsigned int tokenID, [in] String permissionName, [in] int pid); + [ipccode 12] void GetPermissionUsedTypeInfos([in] unsigned int tokenId, [in] String permissionName, [out] List resultsParcel); + [ipccode 13] void SetMutePolicy([in] unsigned int policyType, [in] unsigned int callerType, [in] boolean isMute, [in] unsigned int tokenID); + [ipccode 14] void SetHapWithFGReminder([in] unsigned int tokenId, [in] boolean isAllowed); + [ipccode 15] void SetPermissionUsedRecordToggleStatus([in] int userID, [in] boolean status); + [ipccode 16] void GetPermissionUsedRecordToggleStatus([in] int userID, [out] boolean status); +} diff --git a/services/privacymanager/idl/withseccompenhance/IPrivacyManager.idl b/services/privacymanager/idl/withseccompenhance/IPrivacyManager.idl new file mode 100644 index 000000000..05d278777 --- /dev/null +++ b/services/privacymanager/idl/withseccompenhance/IPrivacyManager.idl @@ -0,0 +1,46 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package OHOS.Security.AccessToken; +interface OHOS.Security.AccessToken.OnPermissionUsedRecordCallback; +sequenceable OHOS.IRemoteObject; +sequenceable OHOS.Security.AccessToken.AddPermParamInfoParcel; +sequenceable OHOS.Security.AccessToken.PermissionUsedTypeInfoParcel; +sequenceable OHOS.Security.AccessToken.PermissionUsedRequestParcel; +sequenceable OHOS.Security.AccessToken.PermissionUsedResultParcel; +sequenceable OHOS.Security.AccessToken.SecCompEnhanceDataParcel; + +interface OHOS.Security.AccessToken.IPrivacyManager { + [ipccode 1] void AddPermissionUsedRecord([in] AddPermParamInfoParcel infoParcel); + [ipccode 2, oneway] void AddPermissionUsedRecordAsync([in] AddPermParamInfoParcel infoParcel); + [ipccode 3] void StartUsingPermission([in] PermissionUsedTypeInfoParcel infoParcel, [in] IRemoteObject anonyStub); + [ipccode 4] void StartUsingPermissionCallback([in] PermissionUsedTypeInfoParcel infoParcel, [in] IRemoteObject cb, [in] IRemoteObject anonyStub); + [ipccode 5] void StopUsingPermission([in] unsigned int tokenID, [in] int pid, [in] String permissionName); + [ipccode 6] void RemovePermissionUsedRecords([in] unsigned int tokenID); + [ipccode 7] void GetPermissionUsedRecords([in] PermissionUsedRequestParcel request, [out] PermissionUsedResultParcel resultParcel); + [ipccode 8] void GetPermissionUsedRecordsAsync([in] PermissionUsedRequestParcel request, [in] OnPermissionUsedRecordCallback cb); + [ipccode 9] void RegisterPermActiveStatusCallback([in] List permList, [in] IRemoteObject cb); + [ipccode 10] void UnRegisterPermActiveStatusCallback([in] IRemoteObject cb); + [ipccode 11] boolean IsAllowedUsingPermission([in] unsigned int tokenID, [in] String permissionName, [in] int pid); + [ipccode 12] void GetPermissionUsedTypeInfos([in] unsigned int tokenId, [in] String permissionName, [out] List resultsParcel); + [ipccode 13] void SetMutePolicy([in] unsigned int policyType, [in] unsigned int callerType, [in] boolean isMute, [in] unsigned int tokenID); + [ipccode 14] void SetHapWithFGReminder([in] unsigned int tokenId, [in] boolean isAllowed); + [ipccode 15] void SetPermissionUsedRecordToggleStatus([in] int userID, [in] boolean status); + [ipccode 16] void GetPermissionUsedRecordToggleStatus([in] int userID, [out] boolean status); + [ipccode 101, oneway] void RegisterSecCompEnhance([in] SecCompEnhanceDataParcel enhanceParcel); + [ipccode 102] void UpdateSecCompEnhance([in] int pid, [in] unsigned int seqNum); + [ipccode 103] void GetSecCompEnhance([in] int pid, [out] SecCompEnhanceDataParcel enhanceParcel); + [ipccode 104] void GetSpecialSecCompEnhance([in] String bundleName, [out] List enhanceParcelList); +} diff --git a/services/privacymanager/include/service/privacy_manager_service.h b/services/privacymanager/include/service/privacy_manager_service.h index 08a785cf7..ed4a70e44 100644 --- a/services/privacymanager/include/service/privacy_manager_service.h +++ b/services/privacymanager/include/service/privacy_manager_service.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022-2023 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -40,21 +40,22 @@ public: void OnStart() override; void OnStop() override; - int32_t AddPermissionUsedRecord(const AddPermParamInfoParcel& infoParcel, bool asyncMode = false) override; + int32_t AddPermissionUsedRecord(const AddPermParamInfoParcel& infoParcel) override; + int32_t AddPermissionUsedRecordAsync(const AddPermParamInfoParcel& infoParcel) override; int32_t SetPermissionUsedRecordToggleStatus(int32_t userID, bool status) override; int32_t GetPermissionUsedRecordToggleStatus(int32_t userID, bool& status) override; int32_t StartUsingPermission(const PermissionUsedTypeInfoParcel &infoParcel, const sptr& anonyStub) override; - int32_t StartUsingPermission(const PermissionUsedTypeInfoParcel &infoParcel, + int32_t StartUsingPermissionCallback(const PermissionUsedTypeInfoParcel &infoParcel, const sptr& callback, const sptr& anonyStub) override; int32_t StopUsingPermission(AccessTokenID tokenId, int32_t pid, const std::string& permissionName) override; int32_t RemovePermissionUsedRecords(AccessTokenID tokenId) override; int32_t GetPermissionUsedRecords( - const PermissionUsedRequestParcel& request, PermissionUsedResultParcel& result) override; - int32_t GetPermissionUsedRecords( + const PermissionUsedRequestParcel& request, PermissionUsedResultParcel& resultParcel) override; + int32_t GetPermissionUsedRecordsAsync( const PermissionUsedRequestParcel& request, const sptr& callback) override; int32_t RegisterPermActiveStatusCallback( - std::vector& permList, const sptr& callback) override; + const std::vector& permList, const sptr& callback) override; int32_t UnRegisterPermActiveStatusCallback(const sptr& callback) override; #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE int32_t RegisterSecCompEnhance(const SecCompEnhanceDataParcel& enhanceParcel) override; @@ -63,7 +64,8 @@ public: int32_t GetSpecialSecCompEnhance(const std::string& bundleName, std::vector& enhanceParcelList) override; #endif - bool IsAllowedUsingPermission(AccessTokenID tokenId, const std::string& permissionName, int32_t pid) override; + int32_t IsAllowedUsingPermission( + AccessTokenID tokenId, const std::string& permissionName, int32_t pid, bool& isAllowed) override; int32_t GetPermissionUsedTypeInfos(const AccessTokenID tokenId, const std::string& permissionName, std::vector& resultsParcel) override; int32_t Dump(int32_t fd, const std::vector& args) override; @@ -77,6 +79,17 @@ private: void ProcessProxyDeathStub(const sptr& anonyStub, int32_t callerPid); void ReleaseDeathStub(int32_t callerPid); +#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE + bool IsSecCompServiceCalling(); +#endif + bool IsPrivilegedCalling() const; + bool IsAccessTokenCalling() const; + bool IsSystemAppCalling() const; + bool VerifyPermission(const std::string& permission) const; + static const int32_t ACCESSTOKEN_UID = 3020; + AccessTokenID secCompTokenId_ = 0; + static const int32_t ROOT_UID = 0; + ServiceRunningState state_; #ifdef EVENTHANDLER_ENABLE diff --git a/services/privacymanager/include/service/privacy_manager_stub.h b/services/privacymanager/include/service/privacy_manager_stub.h deleted file mode 100644 index a79b423c7..000000000 --- a/services/privacymanager/include/service/privacy_manager_stub.h +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Copyright (c) 2022-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef PRIVACY_MANAGER_STUB_H -#define PRIVACY_MANAGER_STUB_H - -#include - -#include "i_privacy_manager.h" -#include "iremote_stub.h" -#include "nocopyable.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -class PrivacyManagerStub : public IRemoteStub { -public: - PrivacyManagerStub(); - virtual ~PrivacyManagerStub() = default; - - int32_t OnRemoteRequest(uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& option) override; - -private: - void AddPermissionUsedRecordInner(MessageParcel& data, MessageParcel& reply); - void SetPermissionUsedRecordToggleStatusInner(MessageParcel& data, MessageParcel& reply); - void GetPermissionUsedRecordToggleStatusInner(MessageParcel& data, MessageParcel& reply); - void StartUsingPermissionInner(MessageParcel& data, MessageParcel& reply); - void StartUsingPermissionCallbackInner(MessageParcel& data, MessageParcel& reply); - void StopUsingPermissionInner(MessageParcel& data, MessageParcel& reply); - void RemovePermissionUsedRecordsInner(MessageParcel& data, MessageParcel& reply); - void GetPermissionUsedRecordsInner(MessageParcel& data, MessageParcel& reply); - void GetPermissionUsedRecordsAsyncInner(MessageParcel& data, MessageParcel& reply); - void RegisterPermActiveStatusCallbackInner(MessageParcel& data, MessageParcel& reply); - void UnRegisterPermActiveStatusCallbackInner(MessageParcel& data, MessageParcel& reply); - void IsAllowedUsingPermissionInner(MessageParcel& data, MessageParcel& reply); -#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE - void RegisterSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply); - void UpdateSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply); - void GetSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply); - void GetSpecialSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply); - bool IsSecCompServiceCalling(); -#endif - void GetPermissionUsedTypeInfosInner(MessageParcel& data, MessageParcel& reply); - void SetMutePolicyInner(MessageParcel& data, MessageParcel& reply); - void SetHapWithFGReminderInner(MessageParcel& data, MessageParcel& reply); - bool IsPrivilegedCalling() const; - bool IsAccessTokenCalling() const; - bool IsSystemAppCalling() const; - bool VerifyPermission(const std::string& permission) const; - static const int32_t ACCESSTOKEN_UID = 3020; -#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE - AccessTokenID secCompTokenId_ = 0; -#endif - void SetPrivacyFuncInMap(); -#ifndef ATM_BUILD_VARIANT_USER_ENABLE - static const int32_t ROOT_UID = 0; -#endif - - using RequestType = void (PrivacyManagerStub::*)(MessageParcel &data, MessageParcel &reply); - std::map requestMap_; -}; -} // namespace AccessToken -} // namespace Security -} // namespace OHOS -#endif // PRIVACY_MANAGER_STUB_H diff --git a/services/privacymanager/src/record/permission_record_manager.cpp b/services/privacymanager/src/record/permission_record_manager.cpp index c4ab4f485..9dfd852a0 100644 --- a/services/privacymanager/src/record/permission_record_manager.cpp +++ b/services/privacymanager/src/record/permission_record_manager.cpp @@ -649,6 +649,9 @@ int32_t PermissionRecordManager::GetPermissionUsedRecords( int32_t PermissionRecordManager::GetPermissionUsedRecordsAsync( const PermissionUsedRequest& request, const sptr& callback) { + if (callback == nullptr) { + return PrivacyError::ERR_PARAM_INVALID; + } auto task = [request, callback]() { LOGI(PRI_DOMAIN, PRI_TAG, "GetPermissionUsedRecordsAsync task called"); PermissionUsedResult result; diff --git a/services/privacymanager/src/service/privacy_manager_service.cpp b/services/privacymanager/src/service/privacy_manager_service.cpp index 1eb81c9e7..b953cb250 100644 --- a/services/privacymanager/src/service/privacy_manager_service.cpp +++ b/services/privacymanager/src/service/privacy_manager_service.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022-2024 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -19,6 +19,7 @@ #include #include "access_token.h" +#include "accesstoken_kit.h" #include "accesstoken_common_log.h" #include "active_status_callback_manager.h" #include "ipc_skeleton.h" @@ -29,16 +30,27 @@ #include "constant.h" #include "ipc_skeleton.h" #include "permission_record_manager.h" +#include "privacy_error.h" #include "privacy_manager_proxy_death_param.h" #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE #include "privacy_sec_comp_enhance_agent.h" #endif #include "system_ability_definition.h" #include "string_ex.h" +#include "tokenid_kit.h" namespace OHOS { namespace Security { namespace AccessToken { +namespace { +constexpr const char* PERMISSION_USED_STATS = "ohos.permission.PERMISSION_USED_STATS"; +constexpr const char* PERMISSION_RECORD_TOGGLE = "ohos.permission.PERMISSION_RECORD_TOGGLE"; +constexpr const char* SET_FOREGROUND_HAP_REMINDER = "ohos.permission.SET_FOREGROUND_HAP_REMINDER"; +constexpr const char* SET_MUTE_POLICY = "ohos.permission.SET_MUTE_POLICY"; +static const int32_t SA_ID_PRIVACY_MANAGER_SERVICE = 3505; +static const uint32_t MAX_PERMISSION_USED_TYPE_SIZE = 2000; +static const uint32_t PERM_LIST_SIZE_MAX = 1024; +} const bool REGISTER_RESULT = SystemAbility::MakeAndRegisterAbility(DelayedSingleton::GetInstance().get()); @@ -87,9 +99,16 @@ void PrivacyManagerService::OnStop() state_ = ServiceRunningState::STATE_NOT_START; } -int32_t PrivacyManagerService::AddPermissionUsedRecord(const AddPermParamInfoParcel& infoParcel, - bool asyncMode) +int32_t PrivacyManagerService::AddPermissionUsedRecord(const AddPermParamInfoParcel& infoParcel) { + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return PrivacyError::ERR_NOT_SYSTEM_APP; + } + if (!VerifyPermission(PERMISSION_USED_STATS)) { + return PrivacyError::ERR_PERMISSION_DENIED; + } + LOGD(PRI_DOMAIN, PRI_TAG, "id: %{public}d, perm: %{public}s, succCnt: %{public}d," " failCnt: %{public}d, type: %{public}d", infoParcel.info.tokenId, infoParcel.info.permissionName.c_str(), infoParcel.info.successCount, infoParcel.info.failCount, infoParcel.info.type); @@ -97,14 +116,43 @@ int32_t PrivacyManagerService::AddPermissionUsedRecord(const AddPermParamInfoPar return PermissionRecordManager::GetInstance().AddPermissionUsedRecord(info); } +int32_t PrivacyManagerService::AddPermissionUsedRecordAsync(const AddPermParamInfoParcel& infoParcel) +{ + return AddPermissionUsedRecord(infoParcel); +} + int32_t PrivacyManagerService::SetPermissionUsedRecordToggleStatus(int32_t userID, bool status) { + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return PrivacyError::ERR_NOT_SYSTEM_APP; + } + if (!IsPrivilegedCalling() && !VerifyPermission(PERMISSION_RECORD_TOGGLE)) { + return PrivacyError::ERR_PERMISSION_DENIED; + } + if (userID != 0 && !IsPrivilegedCalling()) { + LOGE(PRI_DOMAIN, PRI_TAG, "User version only get calling userID."); + return PrivacyError::ERR_PERMISSION_DENIED; + } + LOGI(PRI_DOMAIN, PRI_TAG, "userID: %{public}d, status: %{public}d", userID, status ? 1 : 0); return PermissionRecordManager::GetInstance().SetPermissionUsedRecordToggleStatus(userID, status); } int32_t PrivacyManagerService::GetPermissionUsedRecordToggleStatus(int32_t userID, bool& status) { + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return PrivacyError::ERR_NOT_SYSTEM_APP; + } + if (!IsPrivilegedCalling() && !VerifyPermission(PERMISSION_USED_STATS)) { + return PrivacyError::ERR_PERMISSION_DENIED; + } + if (userID != 0 && !IsPrivilegedCalling()) { + LOGE(PRI_DOMAIN, PRI_TAG, "User version only get calling userID."); + return PrivacyError::ERR_PERMISSION_DENIED; + } + LOGD(PRI_DOMAIN, PRI_TAG, "userID: %{public}d, status: %{public}d", userID, status ? 1 : 0); return PermissionRecordManager::GetInstance().GetPermissionUsedRecordToggleStatus(userID, status); } @@ -155,15 +203,31 @@ void PrivacyManagerService::ReleaseDeathStub(int32_t callerPid) int32_t PrivacyManagerService::StartUsingPermission( const PermissionUsedTypeInfoParcel &infoParcel, const sptr& anonyStub) { + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return PrivacyError::ERR_NOT_SYSTEM_APP; + } + if (!VerifyPermission(PERMISSION_USED_STATS)) { + return PrivacyError::ERR_PERMISSION_DENIED; + } + int32_t callerPid = IPCSkeleton::GetCallingPid(); LOGI(PRI_DOMAIN, PRI_TAG, "Caller pid = %{public}d.", callerPid); ProcessProxyDeathStub(anonyStub, callerPid); return PermissionRecordManager::GetInstance().StartUsingPermission(infoParcel.info, callerPid); } -int32_t PrivacyManagerService::StartUsingPermission(const PermissionUsedTypeInfoParcel &infoParcel, +int32_t PrivacyManagerService::StartUsingPermissionCallback(const PermissionUsedTypeInfoParcel &infoParcel, const sptr& callback, const sptr& anonyStub) { + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return PrivacyError::ERR_NOT_SYSTEM_APP; + } + if (!VerifyPermission(PERMISSION_USED_STATS)) { + return PrivacyError::ERR_PERMISSION_DENIED; + } + int32_t callerPid = IPCSkeleton::GetCallingPid(); LOGI(PRI_DOMAIN, PRI_TAG, "Caller pid = %{public}d.", callerPid); ProcessProxyDeathStub(anonyStub, callerPid); @@ -173,6 +237,14 @@ int32_t PrivacyManagerService::StartUsingPermission(const PermissionUsedTypeInfo int32_t PrivacyManagerService::StopUsingPermission( AccessTokenID tokenId, int32_t pid, const std::string& permissionName) { + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return PrivacyError::ERR_NOT_SYSTEM_APP; + } + if (!VerifyPermission(PERMISSION_USED_STATS)) { + return PrivacyError::ERR_PERMISSION_DENIED; + } + LOGI(PRI_DOMAIN, PRI_TAG, "id: %{public}u, pid: %{public}d, perm: %{public}s", tokenId, pid, permissionName.c_str()); int32_t callerPid = IPCSkeleton::GetCallingPid(); @@ -189,14 +261,30 @@ int32_t PrivacyManagerService::StopUsingPermission( int32_t PrivacyManagerService::RemovePermissionUsedRecords(AccessTokenID tokenId) { + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return PrivacyError::ERR_NOT_SYSTEM_APP; + } + if (!IsAccessTokenCalling() && !VerifyPermission(PERMISSION_USED_STATS)) { + return PrivacyError::ERR_PERMISSION_DENIED; + } + LOGI(PRI_DOMAIN, PRI_TAG, "id: %{public}u", tokenId); PermissionRecordManager::GetInstance().RemovePermissionUsedRecords(tokenId); return Constant::SUCCESS; } int32_t PrivacyManagerService::GetPermissionUsedRecords( - const PermissionUsedRequestParcel& request, PermissionUsedResultParcel& result) + const PermissionUsedRequestParcel& request, PermissionUsedResultParcel& resultParcel) { + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return PrivacyError::ERR_NOT_SYSTEM_APP; + } + if (!VerifyPermission(PERMISSION_USED_STATS)) { + return PrivacyError::ERR_PERMISSION_DENIED; + } + std::string permissionList; for (const auto& perm : request.request.permissionList) { permissionList.append(perm); @@ -208,20 +296,41 @@ int32_t PrivacyManagerService::GetPermissionUsedRecords( PermissionUsedResult permissionRecord; int32_t ret = PermissionRecordManager::GetInstance().GetPermissionUsedRecords(request.request, permissionRecord); - result.result = permissionRecord; + resultParcel.result = permissionRecord; return ret; } -int32_t PrivacyManagerService::GetPermissionUsedRecords( +int32_t PrivacyManagerService::GetPermissionUsedRecordsAsync( const PermissionUsedRequestParcel& request, const sptr& callback) { + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return PrivacyError::ERR_NOT_SYSTEM_APP; + } + if (!VerifyPermission(PERMISSION_USED_STATS)) { + return PrivacyError::ERR_PERMISSION_DENIED; + } + LOGD(PRI_DOMAIN, PRI_TAG, "id: %{public}d", request.request.tokenId); return PermissionRecordManager::GetInstance().GetPermissionUsedRecordsAsync(request.request, callback); } int32_t PrivacyManagerService::RegisterPermActiveStatusCallback( - std::vector& permList, const sptr& callback) + const std::vector& permList, const sptr& callback) { + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return PrivacyError::ERR_NOT_SYSTEM_APP; + } + if (!VerifyPermission(PERMISSION_USED_STATS)) { + return PrivacyError::ERR_PERMISSION_DENIED; + } + + if (permList.size() > PERM_LIST_SIZE_MAX) { + LOGE(PRI_DOMAIN, PRI_TAG, "permList oversize"); + return PrivacyError::ERR_OVERSIZE; + } + return PermissionRecordManager::GetInstance().RegisterPermActiveStatusCallback( IPCSkeleton::GetCallingTokenID(), permList, callback); } @@ -235,11 +344,19 @@ int32_t PrivacyManagerService::RegisterSecCompEnhance(const SecCompEnhanceDataPa int32_t PrivacyManagerService::UpdateSecCompEnhance(int32_t pid, uint32_t seqNum) { + if (!IsSecCompServiceCalling()) { + return PrivacyError::ERR_PERMISSION_DENIED; + } + return PrivacySecCompEnhanceAgent::GetInstance().UpdateSecCompEnhance(pid, seqNum); } int32_t PrivacyManagerService::GetSecCompEnhance(int32_t pid, SecCompEnhanceDataParcel& enhanceParcel) { + if (!IsSecCompServiceCalling()) { + return PrivacyError::ERR_PERMISSION_DENIED; + } + SecCompEnhanceData enhanceData; int32_t res = PrivacySecCompEnhanceAgent::GetInstance().GetSecCompEnhance(pid, enhanceData); if (res != RET_SUCCESS) { @@ -254,6 +371,10 @@ int32_t PrivacyManagerService::GetSecCompEnhance(int32_t pid, SecCompEnhanceData int32_t PrivacyManagerService::GetSpecialSecCompEnhance(const std::string& bundleName, std::vector& enhanceParcelList) { + if (!IsSecCompServiceCalling()) { + return PrivacyError::ERR_PERMISSION_DENIED; + } + std::vector enhanceList; PrivacySecCompEnhanceAgent::GetInstance().GetSpecialSecCompEnhance(bundleName, enhanceList); for (const auto& enhance : enhanceList) { @@ -334,20 +455,42 @@ int32_t PrivacyManagerService::Dump(int32_t fd, const std::vector& callback) { + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return PrivacyError::ERR_NOT_SYSTEM_APP; + } + if (!VerifyPermission(PERMISSION_USED_STATS)) { + return PrivacyError::ERR_PERMISSION_DENIED; + } + return PermissionRecordManager::GetInstance().UnRegisterPermActiveStatusCallback(callback); } -bool PrivacyManagerService::IsAllowedUsingPermission(AccessTokenID tokenId, const std::string& permissionName, - int32_t pid) +int32_t PrivacyManagerService::IsAllowedUsingPermission(AccessTokenID tokenId, const std::string& permissionName, + int32_t pid, bool& isAllowed) { + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + LOGE(PRI_DOMAIN, PRI_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + return PrivacyError::ERR_NOT_SYSTEM_APP; + } + if (!VerifyPermission(PERMISSION_USED_STATS)) { + return PrivacyError::ERR_PERMISSION_DENIED; + } + LOGI(PRI_DOMAIN, PRI_TAG, "Id: %{public}d, perm: %{public}s, pid: %{public}d.", tokenId, permissionName.c_str(), pid); - return PermissionRecordManager::GetInstance().IsAllowedUsingPermission(tokenId, permissionName, pid); + isAllowed = PermissionRecordManager::GetInstance().IsAllowedUsingPermission(tokenId, permissionName, pid); + return ERR_OK; } int32_t PrivacyManagerService::SetMutePolicy(uint32_t policyType, uint32_t callerType, bool isMute, AccessTokenID tokenID) { + if (!VerifyPermission(SET_MUTE_POLICY)) { + return PrivacyError::ERR_PERMISSION_DENIED; + } + LOGI(PRI_DOMAIN, PRI_TAG, "PolicyType %{public}d, callerType %{public}d, isMute %{public}d, tokenId %{public}u", policyType, callerType, isMute, tokenID); return PermissionRecordManager::GetInstance().SetMutePolicy( @@ -356,6 +499,10 @@ int32_t PrivacyManagerService::SetMutePolicy(uint32_t policyType, uint32_t calle int32_t PrivacyManagerService::SetHapWithFGReminder(uint32_t tokenId, bool isAllowed) { + if (!VerifyPermission(SET_FOREGROUND_HAP_REMINDER)) { + return PrivacyError::ERR_PERMISSION_DENIED; + } + LOGI(PRI_DOMAIN, PRI_TAG, "id: %{public}d, isAllowed: %{public}d", tokenId, isAllowed); return PermissionRecordManager::GetInstance().SetHapWithFGReminder(tokenId, isAllowed); } @@ -363,14 +510,25 @@ int32_t PrivacyManagerService::SetHapWithFGReminder(uint32_t tokenId, bool isAll int32_t PrivacyManagerService::GetPermissionUsedTypeInfos(const AccessTokenID tokenId, const std::string& permissionName, std::vector& resultsParcel) { - LOGD(PRI_DOMAIN, PRI_TAG, "id: %{public}d, perm: %{public}s", tokenId, permissionName.c_str()); + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return PrivacyError::ERR_NOT_SYSTEM_APP; + } + if (!VerifyPermission(PERMISSION_USED_STATS)) { + return PrivacyError::ERR_PERMISSION_DENIED; + } + LOGD(PRI_DOMAIN, PRI_TAG, "id: %{public}d, perm: %{public}s", tokenId, permissionName.c_str()); std::vector results; int32_t res = PermissionRecordManager::GetInstance().GetPermissionUsedTypeInfos(tokenId, permissionName, results); if (res != RET_SUCCESS) { return res; } + if (results.size() > MAX_PERMISSION_USED_TYPE_SIZE) { + return PrivacyError::ERR_OVERSIZE; + } + for (const auto& result : results) { PermissionUsedTypeInfoParcel parcel; parcel.info = result; @@ -411,6 +569,50 @@ bool PrivacyManagerService::Initialize() #endif return true; } + +#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE +bool PrivacyManagerService::IsSecCompServiceCalling() +{ + uint32_t tokenCaller = IPCSkeleton::GetCallingTokenID(); + if (secCompTokenId_ == 0) { + secCompTokenId_ = AccessTokenKit::GetNativeTokenId("security_component_service"); + } + return tokenCaller == secCompTokenId_; +} +#endif + +bool PrivacyManagerService::IsPrivilegedCalling() const +{ + // shell process is root in debug mode. +#ifndef ATM_BUILD_VARIANT_USER_ENABLE + int32_t callingUid = IPCSkeleton::GetCallingUid(); + return callingUid == ROOT_UID; +#else + return false; +#endif +} + +bool PrivacyManagerService::IsAccessTokenCalling() const +{ + int32_t callingUid = IPCSkeleton::GetCallingUid(); + return callingUid == ACCESSTOKEN_UID; +} + +bool PrivacyManagerService::IsSystemAppCalling() const +{ + uint64_t fullTokenId = IPCSkeleton::GetCallingFullTokenID(); + return TokenIdKit::IsSystemAppByFullTokenID(fullTokenId); +} + +bool PrivacyManagerService::VerifyPermission(const std::string& permission) const +{ + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if (AccessTokenKit::VerifyAccessToken(callingTokenID, permission) == PERMISSION_DENIED) { + LOGE(PRI_DOMAIN, PRI_TAG, "Permission denied(callingTokenID=%{public}d)", callingTokenID); + return false; + } + return true; +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/privacymanager/src/service/privacy_manager_stub.cpp b/services/privacymanager/src/service/privacy_manager_stub.cpp deleted file mode 100644 index 2f16edfa5..000000000 --- a/services/privacymanager/src/service/privacy_manager_stub.cpp +++ /dev/null @@ -1,605 +0,0 @@ -/* - * Copyright (c) 2022-2023 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "privacy_manager_stub.h" - -#include "accesstoken_kit.h" -#include "accesstoken_common_log.h" -#include "ipc_skeleton.h" -#include "memory_guard.h" -#include "on_permission_used_record_callback_proxy.h" -#include "privacy_error.h" -#include "privacy_manager_proxy_death_param.h" -#include "string_ex.h" -#include "tokenid_kit.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -static const uint32_t PERM_LIST_SIZE_MAX = 1024; -constexpr const char* PERMISSION_USED_STATS = "ohos.permission.PERMISSION_USED_STATS"; -constexpr const char* PERMISSION_RECORD_TOGGLE = "ohos.permission.PERMISSION_RECORD_TOGGLE"; -constexpr const char* SET_FOREGROUND_HAP_REMINDER = "ohos.permission.SET_FOREGROUND_HAP_REMINDER"; -constexpr const char* SET_MUTE_POLICY = "ohos.permission.SET_MUTE_POLICY"; -} - -PrivacyManagerStub::PrivacyManagerStub() -{ - SetPrivacyFuncInMap(); -} - -void PrivacyManagerStub::SetPrivacyFuncInMap() -{ - requestMap_[static_cast(PrivacyInterfaceCode::ADD_PERMISSION_USED_RECORD)] = - &PrivacyManagerStub::AddPermissionUsedRecordInner; - requestMap_[static_cast(PrivacyInterfaceCode::START_USING_PERMISSION)] = - &PrivacyManagerStub::StartUsingPermissionInner; - requestMap_[static_cast(PrivacyInterfaceCode::START_USING_PERMISSION_CALLBACK)] = - &PrivacyManagerStub::StartUsingPermissionCallbackInner; - requestMap_[static_cast(PrivacyInterfaceCode::STOP_USING_PERMISSION)] = - &PrivacyManagerStub::StopUsingPermissionInner; - requestMap_[static_cast(PrivacyInterfaceCode::DELETE_PERMISSION_USED_RECORDS)] = - &PrivacyManagerStub::RemovePermissionUsedRecordsInner; - requestMap_[static_cast(PrivacyInterfaceCode::GET_PERMISSION_USED_RECORDS)] = - &PrivacyManagerStub::GetPermissionUsedRecordsInner; - requestMap_[static_cast(PrivacyInterfaceCode::GET_PERMISSION_USED_RECORDS_ASYNC)] = - &PrivacyManagerStub::GetPermissionUsedRecordsAsyncInner; - requestMap_[static_cast(PrivacyInterfaceCode::REGISTER_PERM_ACTIVE_STATUS_CHANGE_CALLBACK)] = - &PrivacyManagerStub::RegisterPermActiveStatusCallbackInner; - requestMap_[static_cast(PrivacyInterfaceCode::UNREGISTER_PERM_ACTIVE_STATUS_CHANGE_CALLBACK)] = - &PrivacyManagerStub::UnRegisterPermActiveStatusCallbackInner; - requestMap_[static_cast(PrivacyInterfaceCode::IS_ALLOWED_USING_PERMISSION)] = - &PrivacyManagerStub::IsAllowedUsingPermissionInner; -#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE - requestMap_[static_cast(PrivacyInterfaceCode::REGISTER_SEC_COMP_ENHANCE)] = - &PrivacyManagerStub::RegisterSecCompEnhanceInner; - requestMap_[static_cast(PrivacyInterfaceCode::UPDATE_SEC_COMP_ENHANCE)] = - &PrivacyManagerStub::UpdateSecCompEnhanceInner; - requestMap_[static_cast(PrivacyInterfaceCode::GET_SEC_COMP_ENHANCE)] = - &PrivacyManagerStub::GetSecCompEnhanceInner; - requestMap_[static_cast(PrivacyInterfaceCode::GET_SPECIAL_SEC_COMP_ENHANCE)] = - &PrivacyManagerStub::GetSpecialSecCompEnhanceInner; -#endif - requestMap_[static_cast(PrivacyInterfaceCode::GET_PERMISSION_USED_TYPE_INFOS)] = - &PrivacyManagerStub::GetPermissionUsedTypeInfosInner; - requestMap_[static_cast(PrivacyInterfaceCode::SET_MUTE_POLICY)] = - &PrivacyManagerStub::SetMutePolicyInner; - requestMap_[static_cast(PrivacyInterfaceCode::SET_HAP_WITH_FOREGROUND_REMINDER)] = - &PrivacyManagerStub::SetHapWithFGReminderInner; - requestMap_[static_cast(PrivacyInterfaceCode::SET_PERMISSION_USED_RECORD_TOGGLE_STATUS)] = - &PrivacyManagerStub::SetPermissionUsedRecordToggleStatusInner; - requestMap_[static_cast(PrivacyInterfaceCode::GET_PERMISSION_USED_RECORD_TOGGLE_STATUS)] = - &PrivacyManagerStub::GetPermissionUsedRecordToggleStatusInner; -} -int32_t PrivacyManagerStub::OnRemoteRequest( - uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& option) -{ - MemoryGuard cacheGuard; - std::u16string descriptor = data.ReadInterfaceToken(); - if (descriptor != IPrivacyManager::GetDescriptor()) { - LOGE(PRI_DOMAIN, PRI_TAG, "Get unexpect descriptor: %{public}s", Str16ToStr8(descriptor).c_str()); - return ERROR_IPC_REQUEST_FAIL; - } - - auto itFunc = requestMap_.find(code); - if (itFunc != requestMap_.end()) { - auto requestFunc = itFunc->second; - if (requestFunc != nullptr) { - (this->*requestFunc)(data, reply); - return NO_ERROR; - } - } - - return IPCObjectStub::OnRemoteRequest(code, data, reply, option); -} - -void PrivacyManagerStub::AddPermissionUsedRecordInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP); - return; - } - if (!VerifyPermission(PERMISSION_USED_STATS)) { - reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED); - return; - } - sptr infoParcel = data.ReadParcelable(); - if (infoParcel == nullptr) { - LOGE(PRI_DOMAIN, PRI_TAG, "ReadParcelable faild"); - reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); - return; - } - reply.WriteInt32(this->AddPermissionUsedRecord(*infoParcel)); -} - -void PrivacyManagerStub::SetPermissionUsedRecordToggleStatusInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP); - return; - } - if (!IsPrivilegedCalling() && !VerifyPermission(PERMISSION_RECORD_TOGGLE)) { - reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED); - return; - } - int32_t userID = 0; - if (!data.ReadInt32(userID)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to read userId."); - reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); - return; - } - if (userID != 0 && !IsPrivilegedCalling()) { - LOGE(PRI_DOMAIN, PRI_TAG, "User version only get calling userID."); - reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED); - return; - } - bool status = true; - if (!data.ReadBool(status)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to read status."); - reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); - return; - } - reply.WriteInt32(this->SetPermissionUsedRecordToggleStatus(userID, status)); -} - -void PrivacyManagerStub::GetPermissionUsedRecordToggleStatusInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP); - return; - } - if (!IsPrivilegedCalling() && !VerifyPermission(PERMISSION_USED_STATS)) { - reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED); - return; - } - int32_t userID = 0; - if (!data.ReadInt32(userID)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to read userId."); - reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); - return; - } - if (userID != 0 && !IsPrivilegedCalling()) { - LOGE(PRI_DOMAIN, PRI_TAG, "User version only get calling userID."); - reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED); - return; - } - bool status = true; - reply.WriteInt32(this->GetPermissionUsedRecordToggleStatus(userID, status)); - reply.WriteBool(status); -} - -void PrivacyManagerStub::StartUsingPermissionInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP); - return; - } - if (!VerifyPermission(PERMISSION_USED_STATS)) { - reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED); - return; - } - sptr info = data.ReadParcelable(); - if (info == nullptr) { - LOGE(PRI_DOMAIN, PRI_TAG, "Read parcel fail."); - reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); - return; - } - sptr anonyStub = data.ReadRemoteObject(); - if (anonyStub == nullptr) { - LOGE(PRI_DOMAIN, PRI_TAG, "Read ReadRemoteObject fail."); - reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); - return; - } - reply.WriteInt32(this->StartUsingPermission(*info, anonyStub)); -} - -void PrivacyManagerStub::StartUsingPermissionCallbackInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP); - return; - } - - if (!VerifyPermission(PERMISSION_USED_STATS)) { - reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED); - return; - } - sptr info = data.ReadParcelable(); - if (info == nullptr) { - reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); - return; - } - sptr callback = data.ReadRemoteObject(); - if (callback == nullptr) { - LOGE(PRI_DOMAIN, PRI_TAG, "Read ReadRemoteObject fail"); - reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); - return; - } - sptr anonyStub = data.ReadRemoteObject(); - if (anonyStub == nullptr) { - LOGE(PRI_DOMAIN, PRI_TAG, "Read ReadRemoteObject fail."); - reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); - return; - } - reply.WriteInt32(this->StartUsingPermission(*info, callback, anonyStub)); -} - -void PrivacyManagerStub::StopUsingPermissionInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP); - return; - } - if (!VerifyPermission(PERMISSION_USED_STATS)) { - reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED); - return; - } - AccessTokenID tokenId = data.ReadUint32(); - int32_t pid = data.ReadInt32(); - std::string permissionName = data.ReadString(); - reply.WriteInt32(this->StopUsingPermission(tokenId, pid, permissionName)); -} - -void PrivacyManagerStub::RemovePermissionUsedRecordsInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP); - return; - } - - if (!IsAccessTokenCalling() && !VerifyPermission(PERMISSION_USED_STATS)) { - reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED); - return; - } - - AccessTokenID tokenId = data.ReadUint32(); - reply.WriteInt32(this->RemovePermissionUsedRecords(tokenId)); -} - -void PrivacyManagerStub::GetPermissionUsedRecordsInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP); - return; - } - PermissionUsedResultParcel responseParcel; - if (!VerifyPermission(PERMISSION_USED_STATS)) { - reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED); - return; - } - sptr requestParcel = data.ReadParcelable(); - if (requestParcel == nullptr) { - LOGE(PRI_DOMAIN, PRI_TAG, "ReadParcelable faild"); - reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); - return; - } - int32_t result = this->GetPermissionUsedRecords(*requestParcel, responseParcel); - reply.WriteInt32(result); - if (result != RET_SUCCESS) { - LOGE(PRI_DOMAIN, PRI_TAG, "WriteInt32 faild"); - return; - } - reply.WriteParcelable(&responseParcel); -} - -void PrivacyManagerStub::GetPermissionUsedRecordsAsyncInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP); - return; - } - - if (!VerifyPermission(PERMISSION_USED_STATS)) { - reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED); - return; - } - sptr requestParcel = data.ReadParcelable(); - if (requestParcel == nullptr) { - LOGE(PRI_DOMAIN, PRI_TAG, "ReadParcelable failed"); - reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); - return; - } - sptr callback = new OnPermissionUsedRecordCallbackProxy(data.ReadRemoteObject()); - if (callback == nullptr) { - LOGE(PRI_DOMAIN, PRI_TAG, "Callback is null"); - reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); - return; - } - reply.WriteInt32(this->GetPermissionUsedRecords(*requestParcel, callback)); -} - -void PrivacyManagerStub::RegisterPermActiveStatusCallbackInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP); - return; - } - if (!VerifyPermission(PERMISSION_USED_STATS)) { - reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED); - return; - } - uint32_t permListSize = data.ReadUint32(); - if (permListSize > PERM_LIST_SIZE_MAX) { - LOGE(PRI_DOMAIN, PRI_TAG, "Read permListSize fail"); - reply.WriteInt32(PrivacyError::ERR_OVERSIZE); - return; - } - std::vector permList; - for (uint32_t i = 0; i < permListSize; i++) { - std::string perm = data.ReadString(); - permList.emplace_back(perm); - } - sptr callback = data.ReadRemoteObject(); - if (callback == nullptr) { - LOGE(PRI_DOMAIN, PRI_TAG, "Read ReadRemoteObject fail"); - reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); - return; - } - reply.WriteInt32(this->RegisterPermActiveStatusCallback(permList, callback)); -} - -void PrivacyManagerStub::UnRegisterPermActiveStatusCallbackInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP); - return; - } - if (!VerifyPermission(PERMISSION_USED_STATS)) { - reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED); - return; - } - sptr callback = data.ReadRemoteObject(); - if (callback == nullptr) { - LOGE(PRI_DOMAIN, PRI_TAG, "Read scopeParcel fail"); - reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); - return; - } - reply.WriteInt32(this->UnRegisterPermActiveStatusCallback(callback)); -} - -void PrivacyManagerStub::IsAllowedUsingPermissionInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - LOGE(PRI_DOMAIN, PRI_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); - reply.WriteBool(false); - return; - } - - if (!VerifyPermission(PERMISSION_USED_STATS)) { - reply.WriteBool(false); - return; - } - - AccessTokenID tokenId = data.ReadUint32(); - std::string permissionName = data.ReadString(); - int32_t pid = data.ReadInt32(); - - bool result = this->IsAllowedUsingPermission(tokenId, permissionName, pid); - if (!reply.WriteBool(result)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteBool(%{public}s)", permissionName.c_str()); - reply.WriteBool(false); - return; - } -} - -#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE -void PrivacyManagerStub::RegisterSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply) -{ - sptr requestParcel = data.ReadParcelable(); - if (requestParcel == nullptr) { - LOGE(PRI_DOMAIN, PRI_TAG, "ReadParcelable faild"); - reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); - return; - } - reply.WriteInt32(this->RegisterSecCompEnhance(*requestParcel)); -} - -void PrivacyManagerStub::UpdateSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsSecCompServiceCalling()) { - reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED); - return; - } - - int32_t pid = data.ReadInt32(); - uint32_t seqNum = data.ReadUint32(); - reply.WriteInt32(this->UpdateSecCompEnhance(pid, seqNum)); -} - -void PrivacyManagerStub::GetSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsSecCompServiceCalling()) { - reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED); - return; - } - - int32_t pid = data.ReadInt32(); - SecCompEnhanceDataParcel parcel; - int32_t result = this->GetSecCompEnhance(pid, parcel); - reply.WriteInt32(result); - if (result != RET_SUCCESS) { - return; - } - - reply.WriteParcelable(&parcel); -} - -void PrivacyManagerStub::GetSpecialSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsSecCompServiceCalling()) { - reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED); - return; - } - - std::string bundleName = data.ReadString(); - std::vector parcelList; - int32_t result = this->GetSpecialSecCompEnhance(bundleName, parcelList); - reply.WriteInt32(result); - if (result != RET_SUCCESS) { - return; - } - reply.WriteUint32(parcelList.size()); - for (const auto& parcel : parcelList) { - reply.WriteParcelable(&parcel); - } -} - -bool PrivacyManagerStub::IsSecCompServiceCalling() -{ - uint32_t tokenCaller = IPCSkeleton::GetCallingTokenID(); - if (secCompTokenId_ == 0) { - secCompTokenId_ = AccessTokenKit::GetNativeTokenId("security_component_service"); - } - return tokenCaller == secCompTokenId_; -} -#endif - -void PrivacyManagerStub::GetPermissionUsedTypeInfosInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP); - return; - } - if (!VerifyPermission(PERMISSION_USED_STATS)) { - reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED); - return; - } - AccessTokenID tokenId = data.ReadUint32(); - std::string permissionName = data.ReadString(); - std::vector resultsParcel; - int32_t result = this->GetPermissionUsedTypeInfos(tokenId, permissionName, resultsParcel); - if (!reply.WriteInt32(result)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteInt32(%{public}d-%{public}s)", tokenId, permissionName.c_str()); - return; - } - reply.WriteUint32(resultsParcel.size()); - for (const auto& parcel : resultsParcel) { - reply.WriteParcelable(&parcel); - } -} - -void PrivacyManagerStub::SetMutePolicyInner(MessageParcel& data, MessageParcel& reply) -{ - if (!VerifyPermission(SET_MUTE_POLICY)) { - reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED); - return; - } - uint32_t policyType; - if (!data.ReadUint32(policyType)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to read policyType."); - reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); - return; - } - uint32_t callerType; - if (!data.ReadUint32(callerType)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to read callerType."); - reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); - return; - } - bool isMute; - if (!data.ReadBool(isMute)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to read isMute."); - reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); - return; - } - uint32_t tokenID; - if (!data.ReadUint32(tokenID)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to read tokenID."); - reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); - return; - } - - int32_t result = this->SetMutePolicy(policyType, callerType, isMute, tokenID); - if (!reply.WriteInt32(result)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteInt32."); - return; - } -} - -void PrivacyManagerStub::SetHapWithFGReminderInner(MessageParcel& data, MessageParcel& reply) -{ - if (!VerifyPermission(SET_FOREGROUND_HAP_REMINDER)) { - reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED); - return; - } - uint32_t tokenId; - if (!data.ReadUint32(tokenId)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to read tokenId."); - reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); - return; - } - bool isAllowed; - if (!data.ReadBool(isAllowed)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to read isAllowed."); - reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); - return; - } - - int32_t result = this->SetHapWithFGReminder(tokenId, isAllowed); - if (!reply.WriteInt32(result)) { - LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteInt32."); - return; - } -} - -bool PrivacyManagerStub::IsPrivilegedCalling() const -{ - // shell process is root in debug mode. -#ifndef ATM_BUILD_VARIANT_USER_ENABLE - int32_t callingUid = IPCSkeleton::GetCallingUid(); - return callingUid == ROOT_UID; -#else - return false; -#endif -} - -bool PrivacyManagerStub::IsAccessTokenCalling() const -{ - int32_t callingUid = IPCSkeleton::GetCallingUid(); - return callingUid == ACCESSTOKEN_UID; -} - -bool PrivacyManagerStub::IsSystemAppCalling() const -{ - uint64_t fullTokenId = IPCSkeleton::GetCallingFullTokenID(); - return TokenIdKit::IsSystemAppByFullTokenID(fullTokenId); -} - -bool PrivacyManagerStub::VerifyPermission(const std::string& permission) const -{ - uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); - if (AccessTokenKit::VerifyAccessToken(callingTokenID, permission) == PERMISSION_DENIED) { - LOGE(PRI_DOMAIN, PRI_TAG, "Permission denied(callingTokenID=%{public}d)", callingTokenID); - return false; - } - return true; -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS diff --git a/services/privacymanager/test/coverage/BUILD.gn b/services/privacymanager/test/coverage/BUILD.gn index 36d7efa6b..98fe9f571 100644 --- a/services/privacymanager/test/coverage/BUILD.gn +++ b/services/privacymanager/test/coverage/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -67,14 +67,16 @@ if (is_standard_system && ability_base_enable == true) { "../../src/sensitive/audio_manager/audio_manager_adapter.cpp", "../../src/sensitive/camera_manager/camera_manager_adapter.cpp", "../../src/service/privacy_manager_service.cpp", - "../../src/service/privacy_manager_stub.cpp", "permission_record_manager_coverage_test.cpp", "sensitive_manager_coverage_test.cpp", ] cflags_cc = [ "-DHILOG_ENABLE" ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/privacymanager:privacy_manager_gen_config", + ] deps = [ "${access_token_path}/frameworks/common:accesstoken_common_cxx", @@ -86,6 +88,7 @@ if (is_standard_system && ability_base_enable == true) { "${access_token_path}/services/common:accesstoken_service_common", "${access_token_path}/services/common/proxy_death:proxy_death_handler", "${access_token_path}/services/privacymanager:privacy_manager_service", + "${access_token_path}/services/privacymanager:privacy_manager_stub", ] external_deps = [ @@ -148,5 +151,11 @@ if (is_standard_system && ability_base_enable == true) { include_dirs += [ "${access_token_path}/services/common/ability_manager/include" ] } + + if (security_component_enhance_enable == true) { + cflags_cc += [ "-DSECURITY_COMPONENT_ENHANCE_ENABLE" ] + include_dirs += [ "${access_token_path}/services/privacymanager/include/seccomp" ] + sources += [ "${access_token_path}/services/privacymanager/src/seccomp/privacy_sec_comp_enhance_agent.cpp" ] + } } } diff --git a/services/privacymanager/test/unittest/BUILD.gn b/services/privacymanager/test/unittest/BUILD.gn index 1520b904c..f4cb5e8a6 100644 --- a/services/privacymanager/test/unittest/BUILD.gn +++ b/services/privacymanager/test/unittest/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2022-2024 Huawei Device Co., Ltd. +# Copyright (c) 2022-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -68,7 +68,6 @@ if (is_standard_system && ability_base_enable == true) { "../../src/sensitive/audio_manager/audio_manager_adapter.cpp", "../../src/sensitive/camera_manager/camera_manager_adapter.cpp", "../../src/service/privacy_manager_service.cpp", - "../../src/service/privacy_manager_stub.cpp", "permission_record_db_test.cpp", "permission_record_manager_test.cpp", "permission_record_set_test.cpp", @@ -79,7 +78,10 @@ if (is_standard_system && ability_base_enable == true) { cflags_cc = [ "-DHILOG_ENABLE" ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/privacymanager:privacy_manager_gen_config", + ] deps = [ "${access_token_path}/frameworks/common:accesstoken_common_cxx", @@ -92,6 +94,7 @@ if (is_standard_system && ability_base_enable == true) { "${access_token_path}/services/common/proxy_death:proxy_death_handler", "${access_token_path}/services/common/proxy_death:proxy_death_stub", "${access_token_path}/services/privacymanager:privacy_manager_service", + "${access_token_path}/services/privacymanager:privacy_manager_stub", ] external_deps = [ @@ -155,5 +158,11 @@ if (is_standard_system && ability_base_enable == true) { include_dirs += [ "${access_token_path}/services/common/ability_manager/include" ] } + + if (security_component_enhance_enable == true) { + cflags_cc += [ "-DSECURITY_COMPONENT_ENHANCE_ENABLE" ] + include_dirs += [ "${access_token_path}/services/privacymanager/include/seccomp" ] + sources += [ "${access_token_path}/services/privacymanager/src/seccomp/privacy_sec_comp_enhance_agent.cpp" ] + } } } diff --git a/services/privacymanager/test/unittest/privacy_manager_service_test.cpp b/services/privacymanager/test/unittest/privacy_manager_service_test.cpp index 4c656c9eb..a683a6274 100644 --- a/services/privacymanager/test/unittest/privacy_manager_service_test.cpp +++ b/services/privacymanager/test/unittest/privacy_manager_service_test.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -18,6 +18,7 @@ #include "accesstoken_kit.h" #include "constant.h" +#include "iprivacy_manager.h" #include "on_permission_used_record_callback_stub.h" #define private public #include "permission_record_manager.h" @@ -42,6 +43,7 @@ static constexpr int32_t PERMISSION_USAGE_RECORDS_MAX_NUM = 10; constexpr const char* CAMERA_PERMISSION_NAME = "ohos.permission.CAMERA"; constexpr const char* MICROPHONE_PERMISSION_NAME = "ohos.permission.MICROPHONE"; constexpr const char* LOCATION_PERMISSION_NAME = "ohos.permission.LOCATION"; +static const uint32_t PERM_LIST_SIZE_MAX = 1024; static AccessTokenIDEx g_tokenID = {0}; static PermissionStateFull g_testState = { .permissionName = "ohos.permission.CAMERA", @@ -220,18 +222,24 @@ HWTEST_F(PrivacyManagerServiceTest, IsAllowedUsingPermission001, TestSize.Level1 tokenId = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, g_InfoParms1.instIndex); ASSERT_NE(INVALID_TOKENID, tokenId); - ASSERT_EQ(false, privacyManagerService_->IsAllowedUsingPermission(tokenId, MICROPHONE_PERMISSION_NAME, -1)); - ASSERT_EQ(false, privacyManagerService_->IsAllowedUsingPermission(tokenId, LOCATION_PERMISSION_NAME, -1)); - ASSERT_EQ(false, privacyManagerService_->IsAllowedUsingPermission(tokenId, CAMERA_PERMISSION_NAME, -1)); + bool isAllowed = false; + privacyManagerService_->IsAllowedUsingPermission(tokenId, MICROPHONE_PERMISSION_NAME, -1, isAllowed); + ASSERT_EQ(false, isAllowed); + privacyManagerService_->IsAllowedUsingPermission(tokenId, LOCATION_PERMISSION_NAME, -1, isAllowed); + ASSERT_EQ(false, isAllowed); + privacyManagerService_->IsAllowedUsingPermission(tokenId, CAMERA_PERMISSION_NAME, -1, isAllowed); + ASSERT_EQ(false, isAllowed); #ifdef CAMERA_FLOAT_WINDOW_ENABLE // not pip PermissionRecordManager::GetInstance().NotifyCameraWindowChange(false, tokenId, false); - ASSERT_EQ(false, privacyManagerService_->IsAllowedUsingPermission(tokenId, CAMERA_PERMISSION_NAME, -1)); + privacyManagerService_->IsAllowedUsingPermission(tokenId, CAMERA_PERMISSION_NAME, -1, isAllowed); + ASSERT_EQ(false, isAllowed); PermissionRecordManager::GetInstance().NotifyCameraWindowChange(false, tokenId, false); // pip PermissionRecordManager::GetInstance().NotifyCameraWindowChange(true, tokenId, false); - ASSERT_EQ(false, privacyManagerService_->IsAllowedUsingPermission(tokenId, CAMERA_PERMISSION_NAME, -1)); + privacyManagerService_->IsAllowedUsingPermission(tokenId, CAMERA_PERMISSION_NAME, -1, isAllowed); + ASSERT_EQ(false, isAllowed); #endif } @@ -245,16 +253,20 @@ HWTEST_F(PrivacyManagerServiceTest, IsAllowedUsingPermission002, TestSize.Level1 { AccessTokenID tokenId = AccessTokenKit::GetNativeTokenId("privacy_service"); // invalid tokenId - ASSERT_EQ(false, privacyManagerService_->IsAllowedUsingPermission(0, CAMERA_PERMISSION_NAME, -1)); + bool isAllowed = false; + privacyManagerService_->IsAllowedUsingPermission(0, CAMERA_PERMISSION_NAME, -1, isAllowed); + ASSERT_EQ(false, isAllowed); // native tokenId - ASSERT_EQ(false, privacyManagerService_->IsAllowedUsingPermission(tokenId, CAMERA_PERMISSION_NAME, -1)); + privacyManagerService_->IsAllowedUsingPermission(tokenId, CAMERA_PERMISSION_NAME, -1, isAllowed); + ASSERT_EQ(false, isAllowed); // invalid permission tokenId = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, g_InfoParms1.instIndex); ASSERT_NE(INVALID_TOKENID, tokenId); - ASSERT_EQ(false, privacyManagerService_->IsAllowedUsingPermission(tokenId, "test", -1)); + privacyManagerService_->IsAllowedUsingPermission(tokenId, "test", -1, isAllowed); + ASSERT_EQ(false, isAllowed); } /* @@ -270,95 +282,11 @@ HWTEST_F(PrivacyManagerServiceTest, IsAllowedUsingPermission003, TestSize.Level1 tokenId = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, g_InfoParms1.instIndex); ASSERT_NE(INVALID_TOKENID, tokenId); - ASSERT_EQ(false, privacyManagerService_->IsAllowedUsingPermission(tokenId, CAMERA_PERMISSION_NAME, -1)); + bool isAllowed = false; + privacyManagerService_->IsAllowedUsingPermission(tokenId, CAMERA_PERMISSION_NAME, -1, isAllowed); + ASSERT_EQ(false, isAllowed); } -class TestPrivacyManagerStub : public PrivacyManagerStub { -public: - TestPrivacyManagerStub() = default; - virtual ~TestPrivacyManagerStub() = default; - - int32_t AddPermissionUsedRecord(const AddPermParamInfoParcel& infoParcel, bool asyncMode = false) - { - return RET_SUCCESS; - } - int32_t SetPermissionUsedRecordToggleStatus(int32_t userID, bool status) - { - return RET_SUCCESS; - } - int32_t GetPermissionUsedRecordToggleStatus(int32_t userID, bool& status) - { - return RET_SUCCESS; - } - int32_t StartUsingPermission(const PermissionUsedTypeInfoParcel& info, const sptr& anonyStub) - { - return RET_SUCCESS; - } - int32_t StartUsingPermission(const PermissionUsedTypeInfoParcel& info, - const sptr& callback, const sptr& anonyStub) - { - return RET_SUCCESS; - } - int32_t StopUsingPermission(AccessTokenID tokenID, int32_t pid, const std::string& permissionName) - { - return RET_SUCCESS; - } - int32_t RemovePermissionUsedRecords(AccessTokenID tokenID) - { - return RET_SUCCESS; - } - int32_t GetPermissionUsedRecords( - const PermissionUsedRequestParcel& request, PermissionUsedResultParcel& result) - { - return RET_SUCCESS; - } - int32_t GetPermissionUsedRecords( - const PermissionUsedRequestParcel& request, const sptr& callback) - { - return RET_SUCCESS; - } - int32_t RegisterPermActiveStatusCallback( - std::vector& permList, const sptr& callback) - { - return RET_SUCCESS; - } - int32_t UnRegisterPermActiveStatusCallback(const sptr& callback) - { - return RET_SUCCESS; - } - bool IsAllowedUsingPermission(AccessTokenID tokenID, const std::string& permissionName, int32_t pid) - { - return true; - } - int32_t GetPermissionUsedTypeInfos(const AccessTokenID tokenId, const std::string& permissionName, - std::vector& resultsParcel) - { - return RET_SUCCESS; - } - int32_t SetMutePolicy(uint32_t policyType, uint32_t callerType, bool isMute, uint32_t tokenID) - { - return RET_SUCCESS; - } - int32_t SetHapWithFGReminder(uint32_t tokenId, bool isAllowed) - { - return RET_SUCCESS; - } -#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE - int32_t RegisterSecCompEnhance(const SecCompEnhanceDataParcel& enhanceParcel) - { - return RET_SUCCESS; - } - int32_t DepositSecCompEnhance(const std::vector& enhanceParcelList) - { - return RET_SUCCESS; - } - int32_t RecoverSecCompEnhance(std::vector& enhanceParcelList) - { - return RET_SUCCESS; - } -#endif -}; - /** * @tc.name: OnRemoteRequest001 * @tc.desc: OnRemoteRequest test. @@ -367,20 +295,20 @@ public: */ HWTEST_F(PrivacyManagerServiceTest, OnRemoteRequest001, TestSize.Level1) { - TestPrivacyManagerStub testSub; MessageParcel data; std::string descriptor = "I don't know"; data.WriteInterfaceToken(OHOS::Str8ToStr16(descriptor)); MessageParcel reply; MessageOption option(MessageOption::TF_SYNC); - // descriptor error - ASSERT_EQ(PrivacyError::ERROR_IPC_REQUEST_FAIL, testSub.OnRemoteRequest( - static_cast(PrivacyInterfaceCode::ADD_PERMISSION_USED_RECORD), data, reply, option)); + // descriptor error return 1 + ASSERT_EQ(ERR_TRANSACTION_FAILED, privacyManagerService_->OnRemoteRequest( + static_cast(IPrivacyManagerIpcCode::COMMAND_ADD_PERMISSION_USED_RECORD), data, reply, option)); uint32_t code = 99999999; // code not exsit ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); - ASSERT_NE(RET_SUCCESS, testSub.OnRemoteRequest(code, data, reply, option)); // descriptor true + error msgCode + // descriptor true + error msgCode + ASSERT_NE(RET_SUCCESS, privacyManagerService_->OnRemoteRequest(code, data, reply, option)); } /** @@ -392,11 +320,10 @@ HWTEST_F(PrivacyManagerServiceTest, OnRemoteRequest001, TestSize.Level1) HWTEST_F(PrivacyManagerServiceTest, AddPermissionUsedRecordInner001, TestSize.Level1) { AccessTokenID tokenID = 123; // 123 is random input - std::string permissionName = "ohos.permission.test"; + std::string permissionName = "ohos.permission.test"; // is invalid permission int32_t successCount = 1; // number 1 int32_t failCount = 1; // number 1 - TestPrivacyManagerStub testSub; MessageParcel data; MessageParcel reply; MessageOption option(MessageOption::TF_SYNC); @@ -408,10 +335,12 @@ HWTEST_F(PrivacyManagerServiceTest, AddPermissionUsedRecordInner001, TestSize.Le infoParcel.info.successCount = successCount; infoParcel.info.failCount = failCount; ASSERT_EQ(true, data.WriteParcelable(&infoParcel)); - ASSERT_EQ(RET_SUCCESS, testSub.OnRemoteRequest( - static_cast(PrivacyInterfaceCode::ADD_PERMISSION_USED_RECORD), data, reply, option)); + ASSERT_EQ(RET_SUCCESS, privacyManagerService_->OnRemoteRequest( + static_cast(IPrivacyManagerIpcCode::COMMAND_ADD_PERMISSION_USED_RECORD), data, reply, option)); // callingTokenID is native token hdcd with need permission, but input tokenID is not a real hap - ASSERT_EQ(RET_SUCCESS, reply.ReadInt32()); + int32_t ret = reply.ReadInt32(); + EXPECT_NE(PrivacyError::ERR_NOT_SYSTEM_APP, ret); + EXPECT_NE(PrivacyError::ERR_PERMISSION_DENIED, ret); } /** @@ -423,11 +352,10 @@ HWTEST_F(PrivacyManagerServiceTest, AddPermissionUsedRecordInner001, TestSize.Le HWTEST_F(PrivacyManagerServiceTest, AddPermissionUsedRecordInner002, TestSize.Level1) { AccessTokenID tokenID = 123; // 123 is random input - std::string permissionName = "ohos.permission.test"; + std::string permissionName = "ohos.permission.test"; // is invalid permission int32_t successCount = 1; // number 1 int32_t failCount = 1; // number 1 - TestPrivacyManagerStub testSub; MessageParcel data; MessageParcel reply; MessageOption option(MessageOption::TF_SYNC); @@ -444,8 +372,8 @@ HWTEST_F(PrivacyManagerServiceTest, AddPermissionUsedRecordInner002, TestSize.Le infoParcel.info.successCount = successCount; infoParcel.info.failCount = failCount; ASSERT_EQ(true, data.WriteParcelable(&infoParcel)); - ASSERT_EQ(RET_SUCCESS, testSub.OnRemoteRequest( - static_cast(PrivacyInterfaceCode::ADD_PERMISSION_USED_RECORD), data, reply, option)); + ASSERT_EQ(RET_SUCCESS, privacyManagerService_->OnRemoteRequest( + static_cast(IPrivacyManagerIpcCode::COMMAND_ADD_PERMISSION_USED_RECORD), data, reply, option)); // callingTokenID is normal hap without need permission ASSERT_EQ(PrivacyError::ERR_NOT_SYSTEM_APP, reply.ReadInt32()); } @@ -457,13 +385,112 @@ HWTEST_F(PrivacyManagerServiceTest, AddPermissionUsedRecordInner002, TestSize.Le * @tc.require: */ HWTEST_F(PrivacyManagerServiceTest, AddPermissionUsedRecordInner003, TestSize.Level1) +{ + AccessTokenID tokenID = 123; // 123 is invalid tokenID + std::string permissionName = "ohos.permission.test"; // is invalid permission + int32_t successCount = 1; // number 1 + int32_t failCount = 1; // number 1 + + MessageParcel data; + MessageParcel reply; + MessageOption option(MessageOption::TF_SYNC); + + ASSERT_NE(g_tokenID.tokenIDEx, static_cast(0)); + SetSelfTokenID(g_tokenID.tokenIDEx); // set self tokenID to system app + + ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); + AddPermParamInfoParcel infoParcel; + infoParcel.info.tokenId = tokenID; + infoParcel.info.permissionName = permissionName; + infoParcel.info.successCount = successCount; + infoParcel.info.failCount = failCount; + ASSERT_EQ(true, data.WriteParcelable(&infoParcel)); + ASSERT_EQ(RET_SUCCESS, privacyManagerService_->OnRemoteRequest( + static_cast(IPrivacyManagerIpcCode::COMMAND_ADD_PERMISSION_USED_RECORD), data, reply, option)); + // callingTokenID is system hap without need permission + ASSERT_EQ(PrivacyError::ERR_PERMISSION_DENIED, reply.ReadInt32()); +} + +/** + * @tc.name: AddPermissionUsedRecordAsyncInner001 + * @tc.desc: AddPermissionUsedRecordAsyncInner test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PrivacyManagerServiceTest, AddPermissionUsedRecordAsyncInner001, TestSize.Level1) { AccessTokenID tokenID = 123; // 123 is random input - std::string permissionName = "ohos.permission.test"; + std::string permissionName = "ohos.permission.test"; // is invalid permission + int32_t successCount = 1; // number 1 + int32_t failCount = 1; // number 1 + + MessageParcel data; + MessageParcel reply; + MessageOption option(MessageOption::TF_SYNC); + + ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); + AddPermParamInfoParcel infoParcel; + infoParcel.info.tokenId = tokenID; + infoParcel.info.permissionName = permissionName; + infoParcel.info.successCount = successCount; + infoParcel.info.failCount = failCount; + ASSERT_EQ(true, data.WriteParcelable(&infoParcel)); + ASSERT_EQ(RET_SUCCESS, privacyManagerService_->OnRemoteRequest( + static_cast(IPrivacyManagerIpcCode::COMMAND_ADD_PERMISSION_USED_RECORD_ASYNC), data, reply, option)); + // callingTokenID is native token hdcd with need permission, but input tokenID is not a real hap + int32_t ret = reply.ReadInt32(); + EXPECT_NE(PrivacyError::ERR_NOT_SYSTEM_APP, ret); + EXPECT_NE(PrivacyError::ERR_PERMISSION_DENIED, ret); +} + +/** + * @tc.name: AddPermissionUsedRecordAsyncInner002 + * @tc.desc: AddPermissionUsedRecordAsyncInner test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PrivacyManagerServiceTest, AddPermissionUsedRecordAsyncInner002, TestSize.Level1) +{ + AccessTokenID tokenID = 123; // 123 is random input + std::string permissionName = "ohos.permission.test"; // is invalid permission + int32_t successCount = 1; // number 1 + int32_t failCount = 1; // number 1 + + MessageParcel data; + MessageParcel reply; + MessageOption option(MessageOption::TF_SYNC); + + AccessTokenID hapTokenID = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, + g_InfoParms1.instIndex); + ASSERT_NE(hapTokenID, static_cast(0)); + SetSelfTokenID(hapTokenID); // set self tokenID to hapTokenID + + ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); + AddPermParamInfoParcel infoParcel; + infoParcel.info.tokenId = tokenID; + infoParcel.info.permissionName = permissionName; + infoParcel.info.successCount = successCount; + infoParcel.info.failCount = failCount; + ASSERT_EQ(true, data.WriteParcelable(&infoParcel)); + ASSERT_EQ(RET_SUCCESS, privacyManagerService_->OnRemoteRequest( + static_cast(IPrivacyManagerIpcCode::COMMAND_ADD_PERMISSION_USED_RECORD_ASYNC), data, reply, option)); + // callingTokenID is normal hap without need permission + ASSERT_EQ(PrivacyError::ERR_NOT_SYSTEM_APP, reply.ReadInt32()); +} + +/** + * @tc.name: AddPermissionUsedRecordAsyncInner003 + * @tc.desc: AddPermissionUsedRecordAsyncInner test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PrivacyManagerServiceTest, AddPermissionUsedRecordAsyncInner003, TestSize.Level1) +{ + AccessTokenID tokenID = 123; // 123 is invalid tokenID + std::string permissionName = "ohos.permission.test"; // is invalid permission int32_t successCount = 1; // number 1 int32_t failCount = 1; // number 1 - TestPrivacyManagerStub testSub; MessageParcel data; MessageParcel reply; MessageOption option(MessageOption::TF_SYNC); @@ -478,8 +505,8 @@ HWTEST_F(PrivacyManagerServiceTest, AddPermissionUsedRecordInner003, TestSize.Le infoParcel.info.successCount = successCount; infoParcel.info.failCount = failCount; ASSERT_EQ(true, data.WriteParcelable(&infoParcel)); - ASSERT_EQ(RET_SUCCESS, testSub.OnRemoteRequest( - static_cast(PrivacyInterfaceCode::ADD_PERMISSION_USED_RECORD), data, reply, option)); + ASSERT_EQ(RET_SUCCESS, privacyManagerService_->OnRemoteRequest( + static_cast(IPrivacyManagerIpcCode::COMMAND_ADD_PERMISSION_USED_RECORD_ASYNC), data, reply, option)); // callingTokenID is system hap without need permission ASSERT_EQ(PrivacyError::ERR_PERMISSION_DENIED, reply.ReadInt32()); } @@ -495,7 +522,6 @@ HWTEST_F(PrivacyManagerServiceTest, SetPermissionUsedRecordToggleStatusInner001, int32_t userID = 1; bool status = true; - TestPrivacyManagerStub testStub; MessageParcel data; MessageParcel reply; MessageOption option(MessageOption::TF_SYNC); @@ -503,8 +529,8 @@ HWTEST_F(PrivacyManagerServiceTest, SetPermissionUsedRecordToggleStatusInner001, ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); ASSERT_EQ(true, data.WriteInt32(userID)); ASSERT_EQ(true, data.WriteBool(status)); - ASSERT_EQ(RET_SUCCESS, testStub.OnRemoteRequest( - static_cast(PrivacyInterfaceCode::SET_PERMISSION_USED_RECORD_TOGGLE_STATUS), data, reply, option)); + ASSERT_EQ(RET_SUCCESS, privacyManagerService_->OnRemoteRequest(static_cast( + IPrivacyManagerIpcCode::COMMAND_SET_PERMISSION_USED_RECORD_TOGGLE_STATUS), data, reply, option)); ASSERT_EQ(RET_SUCCESS, reply.ReadInt32()); } @@ -519,7 +545,6 @@ HWTEST_F(PrivacyManagerServiceTest, SetPermissionUsedRecordToggleStatusInner002, int32_t userID = 1; bool status = true; - TestPrivacyManagerStub testStub; MessageParcel data; MessageParcel reply; MessageOption option(MessageOption::TF_SYNC); @@ -532,8 +557,8 @@ HWTEST_F(PrivacyManagerServiceTest, SetPermissionUsedRecordToggleStatusInner002, ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); ASSERT_EQ(true, data.WriteInt32(userID)); ASSERT_EQ(true, data.WriteBool(status)); - ASSERT_EQ(RET_SUCCESS, testStub.OnRemoteRequest( - static_cast(PrivacyInterfaceCode::SET_PERMISSION_USED_RECORD_TOGGLE_STATUS), data, reply, option)); + ASSERT_EQ(RET_SUCCESS, privacyManagerService_->OnRemoteRequest(static_cast( + IPrivacyManagerIpcCode::COMMAND_SET_PERMISSION_USED_RECORD_TOGGLE_STATUS), data, reply, option)); ASSERT_EQ(PrivacyError::ERR_NOT_SYSTEM_APP, reply.ReadInt32()); } @@ -548,7 +573,6 @@ HWTEST_F(PrivacyManagerServiceTest, GetPermissionUsedRecordToggleStatusInner001, int32_t userID = 1; bool status = true; - TestPrivacyManagerStub testStub; MessageParcel data; MessageParcel reply; MessageOption option(MessageOption::TF_SYNC); @@ -556,8 +580,8 @@ HWTEST_F(PrivacyManagerServiceTest, GetPermissionUsedRecordToggleStatusInner001, ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); ASSERT_EQ(true, data.WriteInt32(userID)); ASSERT_EQ(true, data.WriteBool(status)); - ASSERT_EQ(RET_SUCCESS, testStub.OnRemoteRequest( - static_cast(PrivacyInterfaceCode::GET_PERMISSION_USED_RECORD_TOGGLE_STATUS), data, reply, option)); + ASSERT_EQ(RET_SUCCESS, privacyManagerService_->OnRemoteRequest(static_cast( + IPrivacyManagerIpcCode::COMMAND_GET_PERMISSION_USED_RECORD_TOGGLE_STATUS), data, reply, option)); ASSERT_EQ(RET_SUCCESS, reply.ReadInt32()); } @@ -572,7 +596,6 @@ HWTEST_F(PrivacyManagerServiceTest, GetPermissionUsedRecordToggleStatusInner002, int32_t userID = 1; bool status = true; - TestPrivacyManagerStub testStub; MessageParcel data; MessageParcel reply; MessageOption option(MessageOption::TF_SYNC); @@ -585,8 +608,8 @@ HWTEST_F(PrivacyManagerServiceTest, GetPermissionUsedRecordToggleStatusInner002, ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); ASSERT_EQ(true, data.WriteInt32(userID)); ASSERT_EQ(true, data.WriteBool(status)); - ASSERT_EQ(RET_SUCCESS, testStub.OnRemoteRequest( - static_cast(PrivacyInterfaceCode::GET_PERMISSION_USED_RECORD_TOGGLE_STATUS), data, reply, option)); + ASSERT_EQ(RET_SUCCESS, privacyManagerService_->OnRemoteRequest(static_cast( + IPrivacyManagerIpcCode::COMMAND_GET_PERMISSION_USED_RECORD_TOGGLE_STATUS), data, reply, option)); ASSERT_EQ(PrivacyError::ERR_NOT_SYSTEM_APP, reply.ReadInt32()); } @@ -598,12 +621,11 @@ HWTEST_F(PrivacyManagerServiceTest, GetPermissionUsedRecordToggleStatusInner002, */ HWTEST_F(PrivacyManagerServiceTest, StartUsingPermissionInner001, TestSize.Level1) { - AccessTokenID tokenID = 123; // 123 is random input - std::string permissionName = "ohos.permission.test"; + AccessTokenID tokenID = 123; // 123 is invalid tokenID + std::string permissionName = "ohos.permission.test"; // is invalid permission int32_t pid = 456; // 456 is random input auto anonystub = new (std::nothrow) ProxyDeathCallBackStub(); - TestPrivacyManagerStub testSub; MessageParcel data; MessageParcel reply; MessageOption option(MessageOption::TF_SYNC); @@ -615,10 +637,12 @@ HWTEST_F(PrivacyManagerServiceTest, StartUsingPermissionInner001, TestSize.Level parcel.info.permissionName = permissionName; ASSERT_EQ(true, data.WriteParcelable(&parcel)); ASSERT_EQ(true, data.WriteRemoteObject(anonystub->AsObject())); - ASSERT_EQ(RET_SUCCESS, testSub.OnRemoteRequest( - static_cast(PrivacyInterfaceCode::START_USING_PERMISSION), data, reply, option)); - // callingTokenID is native token hdcd with need permission, but input tokenID is not a real hap - ASSERT_EQ(RET_SUCCESS, reply.ReadInt32()); + ASSERT_EQ(RET_SUCCESS, privacyManagerService_->OnRemoteRequest( + static_cast(IPrivacyManagerIpcCode::COMMAND_START_USING_PERMISSION), data, reply, option)); + // callingTokenID is native token hdcd with need permission, but input tokenID & perm are invalid + int32_t ret = reply.ReadInt32(); + EXPECT_NE(PrivacyError::ERR_NOT_SYSTEM_APP, ret); + EXPECT_NE(PrivacyError::ERR_PERMISSION_DENIED, ret); } /** @@ -629,29 +653,20 @@ HWTEST_F(PrivacyManagerServiceTest, StartUsingPermissionInner001, TestSize.Level */ HWTEST_F(PrivacyManagerServiceTest, StartUsingPermissionInner002, TestSize.Level1) { - AccessTokenID tokenID = 123; // 123 is random input - std::string permissionName = "ohos.permission.test"; - - TestPrivacyManagerStub testSub; - MessageParcel data; - MessageParcel reply; - MessageOption option(MessageOption::TF_SYNC); + AccessTokenID tokenID = 123; // 123 is invalid tokenID + std::string permissionName = "ohos.permission.test"; // is invalid permission AccessTokenID hapTokenID = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, g_InfoParms1.instIndex); ASSERT_NE(hapTokenID, static_cast(0)); SetSelfTokenID(hapTokenID); // set self tokenID to hapTokenID - ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); PermissionUsedTypeInfoParcel parcel; parcel.info.tokenId = tokenID; parcel.info.pid = -1; parcel.info.permissionName = permissionName; - ASSERT_EQ(true, data.WriteParcelable(&parcel)); - ASSERT_EQ(RET_SUCCESS, testSub.OnRemoteRequest( - static_cast(PrivacyInterfaceCode::START_USING_PERMISSION), data, reply, option)); // callingTokenID is normal hap without need permission - ASSERT_EQ(PrivacyError::ERR_NOT_SYSTEM_APP, reply.ReadInt32()); + ASSERT_EQ(PrivacyError::ERR_NOT_SYSTEM_APP, privacyManagerService_->StartUsingPermission(parcel, nullptr)); } /** @@ -662,27 +677,18 @@ HWTEST_F(PrivacyManagerServiceTest, StartUsingPermissionInner002, TestSize.Level */ HWTEST_F(PrivacyManagerServiceTest, StartUsingPermissionInner003, TestSize.Level1) { - AccessTokenID tokenID = 123; // 123 is random input - std::string permissionName = "ohos.permission.test"; - - TestPrivacyManagerStub testSub; - MessageParcel data; - MessageParcel reply; - MessageOption option(MessageOption::TF_SYNC); + AccessTokenID tokenID = 123; // 123 is invalid tokenID + std::string permissionName = "ohos.permission.test"; // is invalid permission ASSERT_NE(g_tokenID.tokenIDEx, static_cast(0)); SetSelfTokenID(g_tokenID.tokenIDEx); // set self tokenID to system app - ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); PermissionUsedTypeInfoParcel parcel; parcel.info.tokenId = tokenID; parcel.info.pid = -1; parcel.info.permissionName = permissionName; - ASSERT_EQ(true, data.WriteParcelable(&parcel)); - ASSERT_EQ(RET_SUCCESS, testSub.OnRemoteRequest( - static_cast(PrivacyInterfaceCode::START_USING_PERMISSION), data, reply, option)); // callingTokenID is system hap without need permission - ASSERT_EQ(PrivacyError::ERR_PERMISSION_DENIED, reply.ReadInt32()); + ASSERT_EQ(PrivacyError::ERR_PERMISSION_DENIED, privacyManagerService_->StartUsingPermission(parcel, nullptr)); } class PrivacyManagerServiceTestCb1 : public StateCustomizedCbk { @@ -705,22 +711,44 @@ public: */ HWTEST_F(PrivacyManagerServiceTest, StartUsingPermissionCallbackInner001, TestSize.Level1) { - AccessTokenID tokenID = 123; // 123 is random input + AccessTokenID tokenID = 123; // 123 is invalid tokenID + std::string permissionName = "ohos.permission.test"; // is invalid permission int32_t pid = 111; - std::string permissionName = "ohos.permission.test"; + + ASSERT_NE(g_tokenID.tokenIDEx, static_cast(0)); + SetSelfTokenID(g_tokenID.tokenIDEx); // set self tokenID to system app + + PermissionUsedTypeInfoParcel parcel; + parcel.info.tokenId = tokenID; + parcel.info.pid = pid; + parcel.info.permissionName = permissionName; + // callingTokenID has no request permission + ASSERT_EQ(PrivacyError::ERR_PERMISSION_DENIED, + privacyManagerService_->StartUsingPermissionCallback(parcel, nullptr, nullptr)); +} + +/** + * @tc.name: StartUsingPermissionCallbackInner002 + * @tc.desc: StartUsingPermissionCallbackInner test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PrivacyManagerServiceTest, StartUsingPermissionCallbackInner002, TestSize.Level1) +{ + AccessTokenID tokenID = 123; // 123 is invalid tokenID + std::string permissionName = "ohos.permission.test"; // is invalid permission + int32_t pid = 11; + auto callbackPtr = std::make_shared(); ASSERT_NE(nullptr, callbackPtr); auto callbackWrap = new (std::nothrow) StateChangeCallback(callbackPtr); ASSERT_NE(nullptr, callbackWrap); + auto anonystub = new (std::nothrow) ProxyDeathCallBackStub(); - TestPrivacyManagerStub testSub; MessageParcel data; MessageParcel reply; MessageOption option(MessageOption::TF_SYNC); - ASSERT_NE(g_tokenID.tokenIDEx, static_cast(0)); - SetSelfTokenID(g_tokenID.tokenIDEx); // set self tokenID to system app - ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); PermissionUsedTypeInfoParcel parcel; parcel.info.tokenId = tokenID; @@ -728,30 +756,38 @@ HWTEST_F(PrivacyManagerServiceTest, StartUsingPermissionCallbackInner001, TestSi parcel.info.permissionName = permissionName; ASSERT_EQ(true, data.WriteParcelable(&parcel)); ASSERT_EQ(true, data.WriteRemoteObject(callbackWrap->AsObject())); - ASSERT_EQ(RET_SUCCESS, testSub.OnRemoteRequest(static_cast( - PrivacyInterfaceCode::START_USING_PERMISSION_CALLBACK), data, reply, option)); - // callingTokenID has no request permission - ASSERT_EQ(PrivacyError::ERR_PERMISSION_DENIED, reply.ReadInt32()); + ASSERT_EQ(true, data.WriteRemoteObject(anonystub->AsObject())); + ASSERT_EQ(RET_SUCCESS, privacyManagerService_->OnRemoteRequest(static_cast( + IPrivacyManagerIpcCode::COMMAND_START_USING_PERMISSION_CALLBACK), data, reply, option)); + // callingTokenID is native token hdcd with request permission + int32_t ret = reply.ReadInt32(); + EXPECT_NE(PrivacyError::ERR_NOT_SYSTEM_APP, ret); + EXPECT_NE(PrivacyError::ERR_PERMISSION_DENIED, ret); } /** - * @tc.name: StartUsingPermissionCallbackInner002 + * @tc.name: StartUsingPermissionCallbackInner003 * @tc.desc: StartUsingPermissionCallbackInner test. * @tc.type: FUNC * @tc.require: */ -HWTEST_F(PrivacyManagerServiceTest, StartUsingPermissionCallbackInner002, TestSize.Level1) +HWTEST_F(PrivacyManagerServiceTest, StartUsingPermissionCallbackInner003, TestSize.Level1) { - AccessTokenID tokenID = 123; // 123 is random input + AccessTokenID tokenID = 123; // 123 is invalid tokenID + std::string permissionName = "ohos.permission.test"; // is invalid permission int32_t pid = 11; - std::string permissionName = "ohos.permission.test"; + + AccessTokenID hapTokenID = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, + g_InfoParms1.instIndex); + ASSERT_NE(hapTokenID, static_cast(0)); + SetSelfTokenID(hapTokenID); // set self tokenID to hapTokenID + auto callbackPtr = std::make_shared(); ASSERT_NE(nullptr, callbackPtr); auto callbackWrap = new (std::nothrow) StateChangeCallback(callbackPtr); ASSERT_NE(nullptr, callbackWrap); auto anonystub = new (std::nothrow) ProxyDeathCallBackStub(); - TestPrivacyManagerStub testSub; MessageParcel data; MessageParcel reply; MessageOption option(MessageOption::TF_SYNC); @@ -764,10 +800,9 @@ HWTEST_F(PrivacyManagerServiceTest, StartUsingPermissionCallbackInner002, TestSi ASSERT_EQ(true, data.WriteParcelable(&parcel)); ASSERT_EQ(true, data.WriteRemoteObject(callbackWrap->AsObject())); ASSERT_EQ(true, data.WriteRemoteObject(anonystub->AsObject())); - ASSERT_EQ(RET_SUCCESS, testSub.OnRemoteRequest(static_cast( - PrivacyInterfaceCode::START_USING_PERMISSION_CALLBACK), data, reply, option)); - // callingTokenID is native token hdcd with request permission - ASSERT_EQ(RET_SUCCESS, reply.ReadInt32()); + ASSERT_EQ(RET_SUCCESS, privacyManagerService_->OnRemoteRequest(static_cast( + IPrivacyManagerIpcCode::COMMAND_START_USING_PERMISSION_CALLBACK), data, reply, option)); + ASSERT_EQ(PrivacyError::ERR_NOT_SYSTEM_APP, reply.ReadInt32()); } /** @@ -778,11 +813,10 @@ HWTEST_F(PrivacyManagerServiceTest, StartUsingPermissionCallbackInner002, TestSi */ HWTEST_F(PrivacyManagerServiceTest, StopUsingPermissionInner001, TestSize.Level1) { - AccessTokenID tokenID = 123; // 123 is random input + AccessTokenID tokenID = 123; // 123 is invalid tokenID + std::string permissionName = "ohos.permission.test"; // is invalid permission int32_t pid = 11; - std::string permissionName = "ohos.permission.test"; - TestPrivacyManagerStub testSub; MessageParcel data; MessageParcel reply; MessageOption option(MessageOption::TF_SYNC); @@ -791,10 +825,12 @@ HWTEST_F(PrivacyManagerServiceTest, StopUsingPermissionInner001, TestSize.Level1 ASSERT_EQ(true, data.WriteUint32(tokenID)); ASSERT_EQ(true, data.WriteInt32(pid)); ASSERT_EQ(true, data.WriteString(permissionName)); - ASSERT_EQ(RET_SUCCESS, testSub.OnRemoteRequest( - static_cast(PrivacyInterfaceCode::STOP_USING_PERMISSION), data, reply, option)); + ASSERT_EQ(RET_SUCCESS, privacyManagerService_->OnRemoteRequest( + static_cast(IPrivacyManagerIpcCode::COMMAND_STOP_USING_PERMISSION), data, reply, option)); // callingTokenID is native token hdcd with need permission, but input tokenID is not a real hap - ASSERT_EQ(RET_SUCCESS, reply.ReadInt32()); + int32_t ret = reply.ReadInt32(); + EXPECT_NE(PrivacyError::ERR_NOT_SYSTEM_APP, ret); + EXPECT_NE(PrivacyError::ERR_PERMISSION_DENIED, ret); } /** @@ -805,10 +841,10 @@ HWTEST_F(PrivacyManagerServiceTest, StopUsingPermissionInner001, TestSize.Level1 */ HWTEST_F(PrivacyManagerServiceTest, StopUsingPermissionInner002, TestSize.Level1) { - AccessTokenID tokenID = 123; // 123 is random input - std::string permissionName = "ohos.permission.test"; + AccessTokenID tokenID = 123; // 123 is invalid tokenID + std::string permissionName = "ohos.permission.test"; // is invalid permission + int32_t pid = 11; - TestPrivacyManagerStub testSub; MessageParcel data; MessageParcel reply; MessageOption option(MessageOption::TF_SYNC); @@ -820,9 +856,10 @@ HWTEST_F(PrivacyManagerServiceTest, StopUsingPermissionInner002, TestSize.Level1 ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); ASSERT_EQ(true, data.WriteUint32(tokenID)); + ASSERT_EQ(true, data.WriteInt32(pid)); ASSERT_EQ(true, data.WriteString(permissionName)); - ASSERT_EQ(RET_SUCCESS, testSub.OnRemoteRequest( - static_cast(PrivacyInterfaceCode::STOP_USING_PERMISSION), data, reply, option)); + ASSERT_EQ(RET_SUCCESS, privacyManagerService_->OnRemoteRequest( + static_cast(IPrivacyManagerIpcCode::COMMAND_STOP_USING_PERMISSION), data, reply, option)); // callingTokenID is normal hap without need permission ASSERT_EQ(PrivacyError::ERR_NOT_SYSTEM_APP, reply.ReadInt32()); } @@ -835,10 +872,10 @@ HWTEST_F(PrivacyManagerServiceTest, StopUsingPermissionInner002, TestSize.Level1 */ HWTEST_F(PrivacyManagerServiceTest, StopUsingPermissionInner003, TestSize.Level1) { - AccessTokenID tokenID = 123; // 123 is random input - std::string permissionName = "ohos.permission.test"; + AccessTokenID tokenID = 123; // 123 is invalid tokenID + std::string permissionName = "ohos.permission.test"; // is invalid permission + int32_t pid = 11; - TestPrivacyManagerStub testSub; MessageParcel data; MessageParcel reply; MessageOption option(MessageOption::TF_SYNC); @@ -848,9 +885,10 @@ HWTEST_F(PrivacyManagerServiceTest, StopUsingPermissionInner003, TestSize.Level1 ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); ASSERT_EQ(true, data.WriteUint32(tokenID)); + ASSERT_EQ(true, data.WriteInt32(pid)); ASSERT_EQ(true, data.WriteString(permissionName)); - ASSERT_EQ(RET_SUCCESS, testSub.OnRemoteRequest( - static_cast(PrivacyInterfaceCode::STOP_USING_PERMISSION), data, reply, option)); + ASSERT_EQ(RET_SUCCESS, privacyManagerService_->OnRemoteRequest( + static_cast(IPrivacyManagerIpcCode::COMMAND_STOP_USING_PERMISSION), data, reply, option)); // callingTokenID is system hap without need permission ASSERT_EQ(PrivacyError::ERR_PERMISSION_DENIED, reply.ReadInt32()); } @@ -863,17 +901,16 @@ HWTEST_F(PrivacyManagerServiceTest, StopUsingPermissionInner003, TestSize.Level1 */ HWTEST_F(PrivacyManagerServiceTest, RemovePermissionUsedRecordsInner001, TestSize.Level1) { - AccessTokenID tokenID = 123; // 123 is random input + AccessTokenID tokenID = 123; // 123 is invalid tokenID - TestPrivacyManagerStub testSub; MessageParcel data; MessageParcel reply; MessageOption option(MessageOption::TF_SYNC); ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); ASSERT_EQ(true, data.WriteUint32(tokenID)); - ASSERT_EQ(RET_SUCCESS, testSub.OnRemoteRequest(static_cast( - PrivacyInterfaceCode::DELETE_PERMISSION_USED_RECORDS), data, reply, option)); + ASSERT_EQ(RET_SUCCESS, privacyManagerService_->OnRemoteRequest(static_cast( + IPrivacyManagerIpcCode::COMMAND_REMOVE_PERMISSION_USED_RECORDS), data, reply, option)); // callingTokenID is native token hdcd with need permission, but input tokenID is not a real hap ASSERT_EQ(RET_SUCCESS, reply.ReadInt32()); } @@ -886,9 +923,8 @@ HWTEST_F(PrivacyManagerServiceTest, RemovePermissionUsedRecordsInner001, TestSiz */ HWTEST_F(PrivacyManagerServiceTest, RemovePermissionUsedRecordsInner002, TestSize.Level1) { - AccessTokenID tokenID = 123; // 123 is random input + AccessTokenID tokenID = 123; // 123 is invalid tokenID - TestPrivacyManagerStub testSub; MessageParcel data; MessageParcel reply; MessageOption option(MessageOption::TF_SYNC); @@ -899,12 +935,39 @@ HWTEST_F(PrivacyManagerServiceTest, RemovePermissionUsedRecordsInner002, TestSiz ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); ASSERT_EQ(true, data.WriteUint32(tokenID)); - ASSERT_EQ(RET_SUCCESS, testSub.OnRemoteRequest(static_cast( - PrivacyInterfaceCode::DELETE_PERMISSION_USED_RECORDS), data, reply, option)); + ASSERT_EQ(RET_SUCCESS, privacyManagerService_->OnRemoteRequest(static_cast( + IPrivacyManagerIpcCode::COMMAND_REMOVE_PERMISSION_USED_RECORDS), data, reply, option)); // native token device_manager don't have request permission ASSERT_EQ(PrivacyError::ERR_PERMISSION_DENIED, reply.ReadInt32()); } +/** + * @tc.name: RemovePermissionUsedRecordsInner003 + * @tc.desc: RemovePermissionUsedRecordsInner test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PrivacyManagerServiceTest, RemovePermissionUsedRecordsInner003, TestSize.Level1) +{ + AccessTokenID tokenID = 123; // 123 is invalid tokenID + + MessageParcel data; + MessageParcel reply; + MessageOption option(MessageOption::TF_SYNC); + + AccessTokenID hapTokenID = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, + g_InfoParms1.instIndex); + ASSERT_NE(hapTokenID, static_cast(0)); + SetSelfTokenID(hapTokenID); // set self tokenID to hapTokenID + + ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); + ASSERT_EQ(true, data.WriteUint32(tokenID)); + ASSERT_EQ(RET_SUCCESS, privacyManagerService_->OnRemoteRequest(static_cast( + IPrivacyManagerIpcCode::COMMAND_REMOVE_PERMISSION_USED_RECORDS), data, reply, option)); + // callingTokenID is normal hap without need permission + ASSERT_EQ(PrivacyError::ERR_NOT_SYSTEM_APP, reply.ReadInt32()); +} + /** * @tc.name: GetPermissionUsedRecordsInner001 * @tc.desc: GetPermissionUsedRecordsInner test. @@ -916,16 +979,15 @@ HWTEST_F(PrivacyManagerServiceTest, GetPermissionUsedRecordsInner001, TestSize.L PermissionUsedRequestParcel request; request.request.isRemote = true; - TestPrivacyManagerStub testSub; MessageParcel data; MessageParcel reply; MessageOption option(MessageOption::TF_SYNC); ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); ASSERT_EQ(true, data.WriteParcelable(&request)); - ASSERT_EQ(RET_SUCCESS, testSub.OnRemoteRequest(static_cast( - PrivacyInterfaceCode::GET_PERMISSION_USED_RECORDS), data, reply, option)); - // callingTokenID is native token hdcd with need permission, remote is true return ERR_PARAM_INVALID + ASSERT_EQ(RET_SUCCESS, privacyManagerService_->OnRemoteRequest(static_cast( + IPrivacyManagerIpcCode::COMMAND_GET_PERMISSION_USED_RECORDS), data, reply, option)); + // callingTokenID is native token hdcd with need permission ASSERT_EQ(RET_SUCCESS, reply.ReadInt32()); } @@ -940,7 +1002,6 @@ HWTEST_F(PrivacyManagerServiceTest, GetPermissionUsedRecordsInner002, TestSize.L PermissionUsedRequestParcel request; request.request.isRemote = true; - TestPrivacyManagerStub testSub; MessageParcel data; MessageParcel reply; MessageOption option(MessageOption::TF_SYNC); @@ -952,8 +1013,8 @@ HWTEST_F(PrivacyManagerServiceTest, GetPermissionUsedRecordsInner002, TestSize.L ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); ASSERT_EQ(true, data.WriteParcelable(&request)); - ASSERT_EQ(RET_SUCCESS, testSub.OnRemoteRequest(static_cast( - PrivacyInterfaceCode::GET_PERMISSION_USED_RECORDS), data, reply, option)); + ASSERT_EQ(RET_SUCCESS, privacyManagerService_->OnRemoteRequest(static_cast( + IPrivacyManagerIpcCode::COMMAND_GET_PERMISSION_USED_RECORDS), data, reply, option)); // callingTokenID is normal hap without need permission ASSERT_EQ(PrivacyError::ERR_NOT_SYSTEM_APP, reply.ReadInt32()); } @@ -969,7 +1030,6 @@ HWTEST_F(PrivacyManagerServiceTest, GetPermissionUsedRecordsInner003, TestSize.L PermissionUsedRequestParcel request; request.request.isRemote = true; - TestPrivacyManagerStub testSub; MessageParcel data; MessageParcel reply; MessageOption option(MessageOption::TF_SYNC); @@ -979,22 +1039,68 @@ HWTEST_F(PrivacyManagerServiceTest, GetPermissionUsedRecordsInner003, TestSize.L ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); ASSERT_EQ(true, data.WriteParcelable(&request)); - ASSERT_EQ(RET_SUCCESS, testSub.OnRemoteRequest(static_cast( - PrivacyInterfaceCode::GET_PERMISSION_USED_RECORDS), data, reply, option)); + ASSERT_EQ(RET_SUCCESS, privacyManagerService_->OnRemoteRequest(static_cast( + IPrivacyManagerIpcCode::COMMAND_GET_PERMISSION_USED_RECORDS), data, reply, option)); // callingTokenID is system hap without need permission ASSERT_EQ(PrivacyError::ERR_PERMISSION_DENIED, reply.ReadInt32()); } -class TestCallBack : public OnPermissionUsedRecordCallbackStub { -public: - TestCallBack() = default; - virtual ~TestCallBack() = default; +/** + * @tc.name: GetPermissionUsedRecordsAsyncInner001 + * @tc.desc: GetPermissionUsedRecordsAsyncInner test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PrivacyManagerServiceTest, GetPermissionUsedRecordsAsyncInner001, TestSize.Level1) +{ + PermissionUsedRequestParcel request; + request.request.isRemote = true; - void OnQueried(ErrCode code, PermissionUsedResult& result) - { - GTEST_LOG_(INFO) << "TestCallBack, code :" << code << ", bundleSize :" << result.bundleRecords.size(); - } -}; + int32_t ret = privacyManagerService_->GetPermissionUsedRecordsAsync(request, nullptr); + // callingTokenID is native token hdcd with need permission + EXPECT_NE(PrivacyError::ERR_NOT_SYSTEM_APP, ret); + EXPECT_NE(PrivacyError::ERR_PERMISSION_DENIED, ret); +} + +/** + * @tc.name: GetPermissionUsedRecordsAsyncInner002 + * @tc.desc: GetPermissionUsedRecordsAsyncInner test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PrivacyManagerServiceTest, GetPermissionUsedRecordsAsyncInner002, TestSize.Level1) +{ + PermissionUsedRequestParcel request; + request.request.isRemote = true; + + AccessTokenID hapTokenID = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, + g_InfoParms1.instIndex); + ASSERT_NE(hapTokenID, static_cast(0)); + SetSelfTokenID(hapTokenID); // set self tokenID to hapTokenID + + int32_t ret = privacyManagerService_->GetPermissionUsedRecordsAsync(request, nullptr); + // callingTokenID is normal hap without need permission + ASSERT_EQ(PrivacyError::ERR_NOT_SYSTEM_APP, ret); +} + +/** + * @tc.name: GetPermissionUsedRecordsAsyncInner003 + * @tc.desc: GetPermissionUsedRecordsAsyncInner test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PrivacyManagerServiceTest, GetPermissionUsedRecordsAsyncInner003, TestSize.Level1) +{ + PermissionUsedRequestParcel request; + request.request.isRemote = true; + + ASSERT_NE(g_tokenID.tokenIDEx, static_cast(0)); + SetSelfTokenID(g_tokenID.tokenIDEx); // set self tokenID to system app + + int32_t ret = privacyManagerService_->GetPermissionUsedRecordsAsync(request, nullptr); + // callingTokenID is system hap without need permission + ASSERT_EQ(PrivacyError::ERR_PERMISSION_DENIED, ret); +} /** * @tc.name: RegisterPermActiveStatusCallbackInner001 @@ -1004,19 +1110,11 @@ public: */ HWTEST_F(PrivacyManagerServiceTest, RegisterPermActiveStatusCallbackInner001, TestSize.Level1) { - std::vector permList = {}; + std::vector permList(PERM_LIST_SIZE_MAX + 1); - TestPrivacyManagerStub testSub; - MessageParcel data; - MessageParcel reply; - MessageOption option(MessageOption::TF_SYNC); - - ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); - ASSERT_EQ(true, data.WriteUint32(permList.size())); - ASSERT_EQ(RET_SUCCESS, testSub.OnRemoteRequest(static_cast( - PrivacyInterfaceCode::REGISTER_PERM_ACTIVE_STATUS_CHANGE_CALLBACK), data, reply, option)); - // callingTokenID is native token hdcd with need permission - ASSERT_EQ(PrivacyError::ERR_READ_PARCEL_FAILED, reply.ReadInt32()); + // permList size oversize + ASSERT_EQ(PrivacyError::ERR_OVERSIZE, + privacyManagerService_->RegisterPermActiveStatusCallback(permList, nullptr)); } /** @@ -1028,22 +1126,15 @@ HWTEST_F(PrivacyManagerServiceTest, RegisterPermActiveStatusCallbackInner001, Te HWTEST_F(PrivacyManagerServiceTest, RegisterPermActiveStatusCallbackInner002, TestSize.Level1) { std::vector permList = {}; - TestPrivacyManagerStub testSub; - MessageParcel data; - MessageParcel reply; - MessageOption option(MessageOption::TF_SYNC); AccessTokenID hapTokenID = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, g_InfoParms1.instIndex); ASSERT_NE(hapTokenID, static_cast(0)); SetSelfTokenID(hapTokenID); // set self tokenID to hapTokenID - ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); - ASSERT_EQ(true, data.WriteUint32(permList.size())); - ASSERT_EQ(RET_SUCCESS, testSub.OnRemoteRequest(static_cast( - PrivacyInterfaceCode::REGISTER_PERM_ACTIVE_STATUS_CHANGE_CALLBACK), data, reply, option)); // callingTokenID is normal hap without need permission - ASSERT_EQ(PrivacyError::ERR_NOT_SYSTEM_APP, reply.ReadInt32()); + ASSERT_EQ(PrivacyError::ERR_NOT_SYSTEM_APP, + privacyManagerService_->RegisterPermActiveStatusCallback(permList, nullptr)); } /** @@ -1054,20 +1145,30 @@ HWTEST_F(PrivacyManagerServiceTest, RegisterPermActiveStatusCallbackInner002, Te */ HWTEST_F(PrivacyManagerServiceTest, RegisterPermActiveStatusCallbackInner003, TestSize.Level1) { - TestPrivacyManagerStub testSub; - MessageParcel data; - MessageParcel reply; - MessageOption option(MessageOption::TF_SYNC); + std::vector permList = {}; ASSERT_NE(g_tokenID.tokenIDEx, static_cast(0)); SetSelfTokenID(g_tokenID.tokenIDEx); // set self tokenID to system app - ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); - ASSERT_EQ(true, data.WriteUint32(0)); - ASSERT_EQ(RET_SUCCESS, testSub.OnRemoteRequest(static_cast( - PrivacyInterfaceCode::REGISTER_PERM_ACTIVE_STATUS_CHANGE_CALLBACK), data, reply, option)); // callingTokenID is system hap without need permission - ASSERT_EQ(PrivacyError::ERR_PERMISSION_DENIED, reply.ReadInt32()); + ASSERT_EQ(PrivacyError::ERR_PERMISSION_DENIED, + privacyManagerService_->RegisterPermActiveStatusCallback(permList, nullptr)); +} + +/** + * @tc.name: RegisterPermActiveStatusCallbackInner004 + * @tc.desc: RegisterPermActiveStatusCallbackInner test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PrivacyManagerServiceTest, RegisterPermActiveStatusCallbackInner004, TestSize.Level1) +{ + std::vector permList; + + // systemapp with need permission + int32_t ret = privacyManagerService_->RegisterPermActiveStatusCallback(permList, nullptr); + EXPECT_NE(PrivacyError::ERR_NOT_SYSTEM_APP, ret); + EXPECT_NE(PrivacyError::ERR_PERMISSION_DENIED, ret); } /** @@ -1078,15 +1179,10 @@ HWTEST_F(PrivacyManagerServiceTest, RegisterPermActiveStatusCallbackInner003, Te */ HWTEST_F(PrivacyManagerServiceTest, UnRegisterPermActiveStatusCallbackInner001, TestSize.Level1) { - TestPrivacyManagerStub testSub; - MessageParcel data; - MessageParcel reply; - MessageOption option(MessageOption::TF_SYNC); - ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); - ASSERT_EQ(RET_SUCCESS, testSub.OnRemoteRequest(static_cast( - PrivacyInterfaceCode::UNREGISTER_PERM_ACTIVE_STATUS_CHANGE_CALLBACK), data, reply, option)); - // callingTokenID is native token hdcd with need permission - ASSERT_EQ(PrivacyError::ERR_READ_PARCEL_FAILED, reply.ReadInt32()); + // systemapp with need permission + int32_t ret = privacyManagerService_->UnRegisterPermActiveStatusCallback(nullptr); + EXPECT_NE(PrivacyError::ERR_NOT_SYSTEM_APP, ret); + EXPECT_NE(PrivacyError::ERR_PERMISSION_DENIED, ret); } /** @@ -1097,21 +1193,14 @@ HWTEST_F(PrivacyManagerServiceTest, UnRegisterPermActiveStatusCallbackInner001, */ HWTEST_F(PrivacyManagerServiceTest, UnRegisterPermActiveStatusCallbackInner002, TestSize.Level1) { - TestPrivacyManagerStub testSub; - MessageParcel data; - MessageParcel reply; - MessageOption option(MessageOption::TF_SYNC); - AccessTokenID hapTokenID = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, g_InfoParms1.instIndex); ASSERT_NE(hapTokenID, static_cast(0)); SetSelfTokenID(hapTokenID); // set self tokenID to hapTokenID - ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); - ASSERT_EQ(RET_SUCCESS, testSub.OnRemoteRequest(static_cast( - PrivacyInterfaceCode::UNREGISTER_PERM_ACTIVE_STATUS_CHANGE_CALLBACK), data, reply, option)); // callingTokenID is normal hap without need permission - ASSERT_EQ(PrivacyError::ERR_NOT_SYSTEM_APP, reply.ReadInt32()); + ASSERT_EQ(PrivacyError::ERR_NOT_SYSTEM_APP, + privacyManagerService_->UnRegisterPermActiveStatusCallback(nullptr)); } /** @@ -1122,19 +1211,12 @@ HWTEST_F(PrivacyManagerServiceTest, UnRegisterPermActiveStatusCallbackInner002, */ HWTEST_F(PrivacyManagerServiceTest, UnRegisterPermActiveStatusCallbackInner003, TestSize.Level1) { - TestPrivacyManagerStub testSub; - MessageParcel data; - MessageParcel reply; - MessageOption option(MessageOption::TF_SYNC); - ASSERT_NE(g_tokenID.tokenIDEx, static_cast(0)); SetSelfTokenID(g_tokenID.tokenIDEx); // set self tokenID to system app - ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); - ASSERT_EQ(RET_SUCCESS, testSub.OnRemoteRequest(static_cast( - PrivacyInterfaceCode::UNREGISTER_PERM_ACTIVE_STATUS_CHANGE_CALLBACK), data, reply, option)); // callingTokenID is system hap without need permission - ASSERT_EQ(PrivacyError::ERR_PERMISSION_DENIED, reply.ReadInt32()); + ASSERT_EQ(PrivacyError::ERR_PERMISSION_DENIED, + privacyManagerService_->UnRegisterPermActiveStatusCallback(nullptr)); } /** @@ -1145,10 +1227,10 @@ HWTEST_F(PrivacyManagerServiceTest, UnRegisterPermActiveStatusCallbackInner003, */ HWTEST_F(PrivacyManagerServiceTest, IsAllowedUsingPermissionInner001, TestSize.Level1) { - AccessTokenID tokenID = 123; // 123 is random input - std::string permissionName = "ohos.permission.test"; + AccessTokenID tokenID = 123; // 123 is invalid tokenID + std::string permissionName = "ohos.permission.test"; // is invalid permission + int32_t pid = 11; - TestPrivacyManagerStub testSub; MessageParcel data; MessageParcel reply; MessageOption option(MessageOption::TF_SYNC); @@ -1156,10 +1238,14 @@ HWTEST_F(PrivacyManagerServiceTest, IsAllowedUsingPermissionInner001, TestSize.L ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); ASSERT_EQ(true, data.WriteUint32(tokenID)); ASSERT_EQ(true, data.WriteString(permissionName)); - ASSERT_EQ(RET_SUCCESS, testSub.OnRemoteRequest(static_cast( - PrivacyInterfaceCode::IS_ALLOWED_USING_PERMISSION), data, reply, option)); - // callingTokenID is native token hdcd with need permission, remote is true return ERR_PARAM_INVALID - ASSERT_EQ(true, reply.ReadBool()); + ASSERT_EQ(true, data.WriteInt32(pid)); + ASSERT_EQ(RET_SUCCESS, privacyManagerService_->OnRemoteRequest(static_cast( + IPrivacyManagerIpcCode::COMMAND_IS_ALLOWED_USING_PERMISSION), data, reply, option)); + // callingTokenID is native token hdcd with need permission, but tokenID is invalid + int32_t result; + reply.ReadInt32(result); + ASSERT_EQ(result, RET_SUCCESS); + ASSERT_EQ(false, reply.ReadBool()); } /** @@ -1170,10 +1256,10 @@ HWTEST_F(PrivacyManagerServiceTest, IsAllowedUsingPermissionInner001, TestSize.L */ HWTEST_F(PrivacyManagerServiceTest, IsAllowedUsingPermissionInner002, TestSize.Level1) { - AccessTokenID tokenID = 123; // 123 is random input - std::string permissionName = "ohos.permission.test"; + AccessTokenID tokenID = 123; // 123 is invalid tokenID + std::string permissionName = "ohos.permission.test"; // is invalid permission + int32_t pid = 11; - TestPrivacyManagerStub testSub; MessageParcel data; MessageParcel reply; MessageOption option(MessageOption::TF_SYNC); @@ -1186,10 +1272,141 @@ HWTEST_F(PrivacyManagerServiceTest, IsAllowedUsingPermissionInner002, TestSize.L ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); ASSERT_EQ(true, data.WriteUint32(tokenID)); ASSERT_EQ(true, data.WriteString(permissionName)); - ASSERT_EQ(RET_SUCCESS, testSub.OnRemoteRequest(static_cast( - PrivacyInterfaceCode::IS_ALLOWED_USING_PERMISSION), data, reply, option)); + ASSERT_EQ(true, data.WriteInt32(pid)); + ASSERT_EQ(RET_SUCCESS, privacyManagerService_->OnRemoteRequest(static_cast( + IPrivacyManagerIpcCode::COMMAND_IS_ALLOWED_USING_PERMISSION), data, reply, option)); // callingTokenID is normal hap without need permission - ASSERT_EQ(false, reply.ReadBool()); + int32_t result; + reply.ReadInt32(result); + ASSERT_EQ(result, PrivacyError::ERR_NOT_SYSTEM_APP); +} + +/** + * @tc.name: IsAllowedUsingPermissionInner003 + * @tc.desc: IsAllowedUsingPermissionInner test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PrivacyManagerServiceTest, IsAllowedUsingPermissionInner003, TestSize.Level1) +{ + AccessTokenID tokenID = 123; // 123 is invalid tokenID + std::string permissionName = "ohos.permission.test"; // is invalid permission + int32_t pid = 11; + + MessageParcel data; + MessageParcel reply; + MessageOption option(MessageOption::TF_SYNC); + + ASSERT_NE(g_tokenID.tokenIDEx, static_cast(0)); + SetSelfTokenID(g_tokenID.tokenIDEx); // set self tokenID to system app + + ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); + ASSERT_EQ(true, data.WriteUint32(tokenID)); + ASSERT_EQ(true, data.WriteString(permissionName)); + ASSERT_EQ(true, data.WriteInt32(pid)); + ASSERT_EQ(RET_SUCCESS, privacyManagerService_->OnRemoteRequest(static_cast( + IPrivacyManagerIpcCode::COMMAND_IS_ALLOWED_USING_PERMISSION), data, reply, option)); + // callingTokenID is normal hap without need permission + int32_t result; + reply.ReadInt32(result); + ASSERT_EQ(result, PrivacyError::ERR_PERMISSION_DENIED); +} + +/** + * @tc.name: GetPermissionUsedTypeInfosInner001 + * @tc.desc: GetPermissionUsedTypeInfosInner test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PrivacyManagerServiceTest, GetPermissionUsedTypeInfosInner001, TestSize.Level1) +{ + AccessTokenID tokenID = 123; // 123 is invalid tokenID + std::string permissionName = "ohos.permission.test"; // is invalid permission + std::vector resultsParcel; + + // systemapp with need permission + int32_t ret = privacyManagerService_->GetPermissionUsedTypeInfos(tokenID, permissionName, resultsParcel); + EXPECT_NE(PrivacyError::ERR_NOT_SYSTEM_APP, ret); + EXPECT_NE(PrivacyError::ERR_PERMISSION_DENIED, ret); +} + +/** + * @tc.name: GetPermissionUsedTypeInfosInner002 + * @tc.desc: GetPermissionUsedTypeInfosInner test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PrivacyManagerServiceTest, GetPermissionUsedTypeInfosInner002, TestSize.Level1) +{ + AccessTokenID tokenID = 123; // 123 is invalid tokenID + std::string permissionName = "ohos.permission.test"; // is invalid permission + std::vector resultsParcel; + + AccessTokenID hapTokenID = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, + g_InfoParms1.instIndex); + ASSERT_NE(hapTokenID, static_cast(0)); + SetSelfTokenID(hapTokenID); // set self tokenID to hapTokenID + + int32_t ret = privacyManagerService_->GetPermissionUsedTypeInfos(tokenID, permissionName, resultsParcel); + EXPECT_EQ(PrivacyError::ERR_NOT_SYSTEM_APP, ret); +} + +/** + * @tc.name: GetPermissionUsedTypeInfosInner003 + * @tc.desc: GetPermissionUsedTypeInfosInner test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PrivacyManagerServiceTest, GetPermissionUsedTypeInfosInner003, TestSize.Level1) +{ + AccessTokenID tokenID = 123; // 123 is invalid tokenID + std::string permissionName = "ohos.permission.test"; // is invalid permission + std::vector resultsParcel; + + ASSERT_NE(g_tokenID.tokenIDEx, static_cast(0)); + SetSelfTokenID(g_tokenID.tokenIDEx); // set self tokenID to system app + + int32_t ret = privacyManagerService_->GetPermissionUsedTypeInfos(tokenID, permissionName, resultsParcel); + EXPECT_EQ(PrivacyError::ERR_PERMISSION_DENIED, ret); +} + +/** + * @tc.name: SetMutePolicyInner001 + * @tc.desc: SetMutePolicyInner test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PrivacyManagerServiceTest, SetMutePolicyInner001, TestSize.Level1) +{ + AccessTokenID tokenID = 123; // 123 is invalid tokenID + uint32_t policyType = 0; + uint32_t callerType = 0; + bool isMute = false; + + ASSERT_NE(g_tokenID.tokenIDEx, static_cast(0)); + SetSelfTokenID(g_tokenID.tokenIDEx); // set self tokenID to system app + + int32_t ret = privacyManagerService_->SetMutePolicy(policyType, callerType, isMute, tokenID); + EXPECT_EQ(PrivacyError::ERR_PERMISSION_DENIED, ret); +} + +/** + * @tc.name: SetHapWithFGReminderInner001 + * @tc.desc: SetHapWithFGReminderInner test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PrivacyManagerServiceTest, SetHapWithFGReminderInner001, TestSize.Level1) +{ + AccessTokenID tokenID = 123; // 123 is invalid tokenID + bool isAllowed = true; + + ASSERT_NE(g_tokenID.tokenIDEx, static_cast(0)); + SetSelfTokenID(g_tokenID.tokenIDEx); // set self tokenID to system app + + // systemapp with need permission + int32_t ret = privacyManagerService_->SetHapWithFGReminder(tokenID, isAllowed); + EXPECT_EQ(PrivacyError::ERR_PERMISSION_DENIED, ret); } } // namespace AccessToken } // namespace Security diff --git a/test/fuzztest/services/privacy/BUILD.gn b/test/fuzztest/services/privacy/BUILD.gn index c27efe960..a978c1437 100644 --- a/test/fuzztest/services/privacy/BUILD.gn +++ b/test/fuzztest/services/privacy/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023-2024 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -18,6 +18,7 @@ group("fuzztest") { if (is_standard_system && ability_base_enable == true) { deps += [ + "addpermissionusedrecordasyncstub_fuzzer:AddPermissionUsedRecordAsyncStubFuzzTest", "addpermissionusedrecordstub_fuzzer:AddPermissionUsedRecordStubFuzzTest", "getpermissionusedrecordsasyncstub_fuzzer:GetPermissionUsedRecordsAsyncStubFuzzTest", "getpermissionusedrecordsstub_fuzzer:GetPermissionUsedRecordsStubFuzzTest", diff --git a/test/fuzztest/services/privacy/addpermissionusedrecordasyncstub_fuzzer/BUILD.gn b/test/fuzztest/services/privacy/addpermissionusedrecordasyncstub_fuzzer/BUILD.gn new file mode 100644 index 000000000..d88ba72f2 --- /dev/null +++ b/test/fuzztest/services/privacy/addpermissionusedrecordasyncstub_fuzzer/BUILD.gn @@ -0,0 +1,48 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../access_token.gni") +import("../privacy_service_fuzz.gni") + +ohos_fuzztest("AddPermissionUsedRecordAsyncStubFuzzTest") { + module_out_path = module_output_path_service_privacy + fuzz_config_file = "." + + sources = [ "addpermissionusedrecordasyncstub_fuzzer.cpp" ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/privacymanager:privacy_manager_gen_config", + ] + + include_dirs = privacy_include_dirs + + sources += privacy_sources + + defines = privacy_defines + + cflags_cc = privacy_cflags_cc + + deps = privacy_deps + + external_deps = privacy_external_deps +} diff --git a/test/fuzztest/services/privacy/addpermissionusedrecordasyncstub_fuzzer/addpermissionusedrecordasyncstub_fuzzer.cpp b/test/fuzztest/services/privacy/addpermissionusedrecordasyncstub_fuzzer/addpermissionusedrecordasyncstub_fuzzer.cpp new file mode 100644 index 000000000..9e570a493 --- /dev/null +++ b/test/fuzztest/services/privacy/addpermissionusedrecordasyncstub_fuzzer/addpermissionusedrecordasyncstub_fuzzer.cpp @@ -0,0 +1,67 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "addpermissionusedrecordasyncstub_fuzzer.h" + +#include +#include +#include + +#include "accesstoken_fuzzdata.h" +#undef private +#include "iprivacy_manager.h" +#include "privacy_manager_service.h" + +using namespace std; +using namespace OHOS::Security::AccessToken; + +namespace OHOS { + bool AddPermissionUsedRecordAsyncStubFuzzTest(const uint8_t* data, size_t size) + { + if ((data == nullptr) || (size == 0)) { + return false; + } + + AccessTokenFuzzData fuzzData(data, size); + + MessageParcel datas; + datas.WriteInterfaceToken(IPrivacyManager::GetDescriptor()); + + AddPermParamInfoParcel infoParcel; + infoParcel.info.tokenId = static_cast(fuzzData.GetData()); + infoParcel.info.permissionName = fuzzData.GenerateStochasticString(); + infoParcel.info.successCount = fuzzData.GetData(); + infoParcel.info.failCount = fuzzData.GetData(); + if (!datas.WriteParcelable(&infoParcel)) { + return false; + } + + uint32_t code = static_cast(IPrivacyManagerIpcCode::COMMAND_ADD_PERMISSION_USED_RECORD_ASYNC); + + MessageParcel reply; + MessageOption option; + DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); + + return true; + } +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::AddPermissionUsedRecordAsyncStubFuzzTest(data, size); + return 0; +} diff --git a/frameworks/privacy/include/privacy_service_ipc_interface_code.h b/test/fuzztest/services/privacy/addpermissionusedrecordasyncstub_fuzzer/addpermissionusedrecordasyncstub_fuzzer.h similarity index 33% rename from frameworks/privacy/include/privacy_service_ipc_interface_code.h rename to test/fuzztest/services/privacy/addpermissionusedrecordasyncstub_fuzzer/addpermissionusedrecordasyncstub_fuzzer.h index db02228f2..1ca1b1bd1 100644 --- a/frameworks/privacy/include/privacy_service_ipc_interface_code.h +++ b/test/fuzztest/services/privacy/addpermissionusedrecordasyncstub_fuzzer/addpermissionusedrecordasyncstub_fuzzer.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -13,38 +13,9 @@ * limitations under the License. */ -#ifndef PRIVACY_SERVICE_IPC_INTERFACE_CODE_H -#define PRIVACY_SERVICE_IPC_INTERFACE_CODE_H +#ifndef TEST_FUZZTEST_ADDPERMISSIONUSEDRECORDASYNCSTUB_FUZZER_H +#define TEST_FUZZTEST_ADDPERMISSIONUSEDRECORDASYNCSTUB_FUZZER_H -namespace OHOS { -namespace Security { -namespace AccessToken { -/* SAID:3505 */ -enum class PrivacyInterfaceCode { - ADD_PERMISSION_USED_RECORD = 0x0000, - START_USING_PERMISSION, - START_USING_PERMISSION_CALLBACK, - STOP_USING_PERMISSION, - DELETE_PERMISSION_USED_RECORDS, - GET_PERMISSION_USED_RECORDS, - GET_PERMISSION_USED_RECORDS_ASYNC, - REGISTER_PERM_ACTIVE_STATUS_CHANGE_CALLBACK, - UNREGISTER_PERM_ACTIVE_STATUS_CHANGE_CALLBACK, - IS_ALLOWED_USING_PERMISSION, -#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE - REGISTER_SEC_COMP_ENHANCE, - UPDATE_SEC_COMP_ENHANCE, - GET_SEC_COMP_ENHANCE, - GET_SPECIAL_SEC_COMP_ENHANCE, -#endif - GET_PERMISSION_USED_TYPE_INFOS, - SET_MUTE_POLICY, - SET_HAP_WITH_FOREGROUND_REMINDER, - SET_PERMISSION_USED_RECORD_TOGGLE_STATUS, - GET_PERMISSION_USED_RECORD_TOGGLE_STATUS -}; -} // namespace AccessToken -} // namespace Security -} // namespace OHOS +#define FUZZ_PROJECT_NAME "addpermissionusedrecordasyncstub_fuzzer" -#endif // PRIVACY_SERVICE_IPC_INTERFACE_CODE_H +#endif // TEST_FUZZTEST_ADDPERMISSIONUSEDRECORDASYNCSTUB_FUZZER_H diff --git a/test/fuzztest/services/privacy/addpermissionusedrecordasyncstub_fuzzer/corpus/init b/test/fuzztest/services/privacy/addpermissionusedrecordasyncstub_fuzzer/corpus/init new file mode 100644 index 000000000..65af8ee8d --- /dev/null +++ b/test/fuzztest/services/privacy/addpermissionusedrecordasyncstub_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/services/privacy/addpermissionusedrecordasyncstub_fuzzer/project.xml b/test/fuzztest/services/privacy/addpermissionusedrecordasyncstub_fuzzer/project.xml new file mode 100644 index 000000000..66e1dcac4 --- /dev/null +++ b/test/fuzztest/services/privacy/addpermissionusedrecordasyncstub_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/services/privacy/addpermissionusedrecordstub_fuzzer/BUILD.gn b/test/fuzztest/services/privacy/addpermissionusedrecordstub_fuzzer/BUILD.gn index 66d310651..0c0e2b7ed 100644 --- a/test/fuzztest/services/privacy/addpermissionusedrecordstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/privacy/addpermissionusedrecordstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023-2024 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -29,7 +29,10 @@ ohos_fuzztest("AddPermissionUsedRecordStubFuzzTest") { "-fno-omit-frame-pointer", ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/privacymanager:privacy_manager_gen_config", + ] include_dirs = privacy_include_dirs diff --git a/test/fuzztest/services/privacy/addpermissionusedrecordstub_fuzzer/addpermissionusedrecordstub_fuzzer.cpp b/test/fuzztest/services/privacy/addpermissionusedrecordstub_fuzzer/addpermissionusedrecordstub_fuzzer.cpp index 37db718d6..046452e7e 100644 --- a/test/fuzztest/services/privacy/addpermissionusedrecordstub_fuzzer/addpermissionusedrecordstub_fuzzer.cpp +++ b/test/fuzztest/services/privacy/addpermissionusedrecordstub_fuzzer/addpermissionusedrecordstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #include "accesstoken_fuzzdata.h" #undef private -#include "i_privacy_manager.h" +#include "iprivacy_manager.h" #include "privacy_manager_service.h" using namespace std; @@ -48,7 +48,7 @@ namespace OHOS { return false; } - uint32_t code = static_cast(PrivacyInterfaceCode::ADD_PERMISSION_USED_RECORD); + uint32_t code = static_cast(IPrivacyManagerIpcCode::COMMAND_ADD_PERMISSION_USED_RECORD); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/privacy/getpermissionusedrecordsasyncstub_fuzzer/BUILD.gn b/test/fuzztest/services/privacy/getpermissionusedrecordsasyncstub_fuzzer/BUILD.gn index b9182bd33..98d751a77 100644 --- a/test/fuzztest/services/privacy/getpermissionusedrecordsasyncstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/privacy/getpermissionusedrecordsasyncstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023-2024 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -29,7 +29,10 @@ ohos_fuzztest("GetPermissionUsedRecordsAsyncStubFuzzTest") { "-fno-omit-frame-pointer", ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/privacymanager:privacy_manager_gen_config", + ] include_dirs = privacy_include_dirs diff --git a/test/fuzztest/services/privacy/getpermissionusedrecordsasyncstub_fuzzer/getpermissionusedrecordsasyncstub_fuzzer.cpp b/test/fuzztest/services/privacy/getpermissionusedrecordsasyncstub_fuzzer/getpermissionusedrecordsasyncstub_fuzzer.cpp index 61b96f648..298f6418d 100644 --- a/test/fuzztest/services/privacy/getpermissionusedrecordsasyncstub_fuzzer/getpermissionusedrecordsasyncstub_fuzzer.cpp +++ b/test/fuzztest/services/privacy/getpermissionusedrecordsasyncstub_fuzzer/getpermissionusedrecordsasyncstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -22,7 +22,7 @@ #include "accesstoken_fuzzdata.h" #undef private #include "errors.h" -#include "i_privacy_manager.h" +#include "iprivacy_manager.h" #include "on_permission_used_record_callback_stub.h" #include "permission_used_request.h" #include "permission_used_request_parcel.h" @@ -75,7 +75,7 @@ namespace OHOS { return false; } - uint32_t code = static_cast(PrivacyInterfaceCode::GET_PERMISSION_USED_RECORDS_ASYNC); + uint32_t code = static_cast(IPrivacyManagerIpcCode::COMMAND_GET_PERMISSION_USED_RECORDS_ASYNC); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/privacy/getpermissionusedrecordsstub_fuzzer/BUILD.gn b/test/fuzztest/services/privacy/getpermissionusedrecordsstub_fuzzer/BUILD.gn index 1467b5e9f..709384a18 100644 --- a/test/fuzztest/services/privacy/getpermissionusedrecordsstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/privacy/getpermissionusedrecordsstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023-2024 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -29,7 +29,10 @@ ohos_fuzztest("GetPermissionUsedRecordsStubFuzzTest") { "-fno-omit-frame-pointer", ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/privacymanager:privacy_manager_gen_config", + ] include_dirs = privacy_include_dirs diff --git a/test/fuzztest/services/privacy/getpermissionusedrecordsstub_fuzzer/getpermissionusedrecordsstub_fuzzer.cpp b/test/fuzztest/services/privacy/getpermissionusedrecordsstub_fuzzer/getpermissionusedrecordsstub_fuzzer.cpp index 3565d7b11..74dfdf1d3 100644 --- a/test/fuzztest/services/privacy/getpermissionusedrecordsstub_fuzzer/getpermissionusedrecordsstub_fuzzer.cpp +++ b/test/fuzztest/services/privacy/getpermissionusedrecordsstub_fuzzer/getpermissionusedrecordsstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #include "accesstoken_fuzzdata.h" #undef private -#include "i_privacy_manager.h" +#include "iprivacy_manager.h" #include "permission_used_request.h" #include "permission_used_request_parcel.h" #include "privacy_manager_service.h" @@ -60,7 +60,7 @@ namespace OHOS { return false; } - uint32_t code = static_cast(PrivacyInterfaceCode::GET_PERMISSION_USED_RECORDS); + uint32_t code = static_cast(IPrivacyManagerIpcCode::COMMAND_GET_PERMISSION_USED_RECORDS); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/privacy/getpermissionusedrecordtogglestatusstub_fuzzer/BUILD.gn b/test/fuzztest/services/privacy/getpermissionusedrecordtogglestatusstub_fuzzer/BUILD.gn index 3990a43f5..774cdd846 100644 --- a/test/fuzztest/services/privacy/getpermissionusedrecordtogglestatusstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/privacy/getpermissionusedrecordtogglestatusstub_fuzzer/BUILD.gn @@ -28,7 +28,10 @@ ohos_fuzztest("GetPermissionUsedRecordToggleStatusStubFuzzTest") { "-fno-omit-frame-pointer", ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/privacymanager:privacy_manager_gen_config", + ] include_dirs = privacy_include_dirs diff --git a/test/fuzztest/services/privacy/getpermissionusedrecordtogglestatusstub_fuzzer/getpermissionusedrecordtogglestatusstub_fuzzer.cpp b/test/fuzztest/services/privacy/getpermissionusedrecordtogglestatusstub_fuzzer/getpermissionusedrecordtogglestatusstub_fuzzer.cpp index e9609ed9c..bd2846939 100644 --- a/test/fuzztest/services/privacy/getpermissionusedrecordtogglestatusstub_fuzzer/getpermissionusedrecordtogglestatusstub_fuzzer.cpp +++ b/test/fuzztest/services/privacy/getpermissionusedrecordtogglestatusstub_fuzzer/getpermissionusedrecordtogglestatusstub_fuzzer.cpp @@ -17,7 +17,7 @@ #include "accesstoken_fuzzdata.h" #undef private -#include "i_privacy_manager.h" +#include "iprivacy_manager.h" #include "privacy_manager_service.h" using namespace std; @@ -42,7 +42,7 @@ namespace OHOS { return false; } - uint32_t code = static_cast(PrivacyInterfaceCode::GET_PERMISSION_USED_RECORD_TOGGLE_STATUS); + uint32_t code = static_cast(IPrivacyManagerIpcCode::COMMAND_GET_PERMISSION_USED_RECORD_TOGGLE_STATUS); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/privacy/getpermissionusedtypeinfosstub_fuzzer/BUILD.gn b/test/fuzztest/services/privacy/getpermissionusedtypeinfosstub_fuzzer/BUILD.gn index e4361c0a2..e91375f35 100644 --- a/test/fuzztest/services/privacy/getpermissionusedtypeinfosstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/privacy/getpermissionusedtypeinfosstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -29,7 +29,10 @@ ohos_fuzztest("GetPermissionUsedTypeInfosStubFuzzTest") { "-fno-omit-frame-pointer", ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/privacymanager:privacy_manager_gen_config", + ] include_dirs = privacy_include_dirs diff --git a/test/fuzztest/services/privacy/getpermissionusedtypeinfosstub_fuzzer/getpermissionusedtypeinfosstub_fuzzer.cpp b/test/fuzztest/services/privacy/getpermissionusedtypeinfosstub_fuzzer/getpermissionusedtypeinfosstub_fuzzer.cpp index 3b50ce603..c243b50d4 100644 --- a/test/fuzztest/services/privacy/getpermissionusedtypeinfosstub_fuzzer/getpermissionusedtypeinfosstub_fuzzer.cpp +++ b/test/fuzztest/services/privacy/getpermissionusedtypeinfosstub_fuzzer/getpermissionusedtypeinfosstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #include "accesstoken_fuzzdata.h" #undef private -#include "i_privacy_manager.h" +#include "iprivacy_manager.h" #include "privacy_manager_service.h" using namespace std; @@ -45,7 +45,7 @@ namespace OHOS { return false; } - uint32_t code = static_cast(PrivacyInterfaceCode::GET_PERMISSION_USED_TYPE_INFOS); + uint32_t code = static_cast(IPrivacyManagerIpcCode::COMMAND_GET_PERMISSION_USED_TYPE_INFOS); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/privacy/getseccompenhancestub_fuzzer/BUILD.gn b/test/fuzztest/services/privacy/getseccompenhancestub_fuzzer/BUILD.gn index 058d96bbd..8182ccfeb 100644 --- a/test/fuzztest/services/privacy/getseccompenhancestub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/privacy/getseccompenhancestub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -29,12 +29,14 @@ ohos_fuzztest("GetSecCompEnhanceStubFuzzTest") { "-fno-omit-frame-pointer", ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/privacymanager:privacy_manager_gen_config", + ] include_dirs = privacy_include_dirs sources += privacy_sources - sources += [ "${access_token_path}/services/privacymanager/src/seccomp/privacy_sec_comp_enhance_agent.cpp" ] defines = privacy_defines diff --git a/test/fuzztest/services/privacy/getseccompenhancestub_fuzzer/getseccompenhancestub_fuzzer.cpp b/test/fuzztest/services/privacy/getseccompenhancestub_fuzzer/getseccompenhancestub_fuzzer.cpp index 3a5e4e063..fb6b46af6 100644 --- a/test/fuzztest/services/privacy/getseccompenhancestub_fuzzer/getseccompenhancestub_fuzzer.cpp +++ b/test/fuzztest/services/privacy/getseccompenhancestub_fuzzer/getseccompenhancestub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -22,7 +22,7 @@ #include "accesstoken_fuzzdata.h" #undef private #include "errors.h" -#include "i_privacy_manager.h" +#include "iprivacy_manager.h" #include "on_permission_used_record_callback_stub.h" #include "permission_used_request.h" #include "permission_used_request_parcel.h" @@ -46,7 +46,7 @@ namespace OHOS { return false; } - uint32_t code = static_cast(PrivacyInterfaceCode::GET_SEC_COMP_ENHANCE); + uint32_t code = static_cast(IPrivacyManagerIpcCode::COMMAND_GET_SEC_COMP_ENHANCE); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/privacy/getspecialseccompenhancestub_fuzzer/BUILD.gn b/test/fuzztest/services/privacy/getspecialseccompenhancestub_fuzzer/BUILD.gn index f9454c81c..cb3dbe655 100644 --- a/test/fuzztest/services/privacy/getspecialseccompenhancestub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/privacy/getspecialseccompenhancestub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -29,12 +29,14 @@ ohos_fuzztest("GetSpecialSecCompEnhanceStubFuzzTest") { "-fno-omit-frame-pointer", ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/privacymanager:privacy_manager_gen_config", + ] include_dirs = privacy_include_dirs sources += privacy_sources - sources += [ "${access_token_path}/services/privacymanager/src/seccomp/privacy_sec_comp_enhance_agent.cpp" ] defines = privacy_defines diff --git a/test/fuzztest/services/privacy/getspecialseccompenhancestub_fuzzer/getspecialseccompenhancestub_fuzzer.cpp b/test/fuzztest/services/privacy/getspecialseccompenhancestub_fuzzer/getspecialseccompenhancestub_fuzzer.cpp index 542ab9e67..aaf7a81bc 100644 --- a/test/fuzztest/services/privacy/getspecialseccompenhancestub_fuzzer/getspecialseccompenhancestub_fuzzer.cpp +++ b/test/fuzztest/services/privacy/getspecialseccompenhancestub_fuzzer/getspecialseccompenhancestub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -22,7 +22,7 @@ #include "accesstoken_fuzzdata.h" #undef private #include "errors.h" -#include "i_privacy_manager.h" +#include "iprivacy_manager.h" #include "on_permission_used_record_callback_stub.h" #include "permission_used_request.h" #include "permission_used_request_parcel.h" @@ -46,7 +46,7 @@ namespace OHOS { return false; } - uint32_t code = static_cast(PrivacyInterfaceCode::GET_SPECIAL_SEC_COMP_ENHANCE); + uint32_t code = static_cast(IPrivacyManagerIpcCode::COMMAND_GET_SPECIAL_SEC_COMP_ENHANCE); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/privacy/isallowedusingpermissionstub_fuzzer/BUILD.gn b/test/fuzztest/services/privacy/isallowedusingpermissionstub_fuzzer/BUILD.gn index 94e5f22c1..7a2238e4c 100644 --- a/test/fuzztest/services/privacy/isallowedusingpermissionstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/privacy/isallowedusingpermissionstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023-2024 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -29,7 +29,10 @@ ohos_fuzztest("IsAllowedUsingPermissionStubFuzzTest") { "-fno-omit-frame-pointer", ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/privacymanager:privacy_manager_gen_config", + ] include_dirs = privacy_include_dirs diff --git a/test/fuzztest/services/privacy/isallowedusingpermissionstub_fuzzer/isallowedusingpermissionstub_fuzzer.cpp b/test/fuzztest/services/privacy/isallowedusingpermissionstub_fuzzer/isallowedusingpermissionstub_fuzzer.cpp index 1eca6c5a8..e26b26f1b 100644 --- a/test/fuzztest/services/privacy/isallowedusingpermissionstub_fuzzer/isallowedusingpermissionstub_fuzzer.cpp +++ b/test/fuzztest/services/privacy/isallowedusingpermissionstub_fuzzer/isallowedusingpermissionstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #include "accesstoken_fuzzdata.h" #undef private -#include "i_privacy_manager.h" +#include "iprivacy_manager.h" #include "privacy_manager_service.h" using namespace std; @@ -49,7 +49,7 @@ namespace OHOS { } uint32_t code = static_cast( - PrivacyInterfaceCode::IS_ALLOWED_USING_PERMISSION); + IPrivacyManagerIpcCode::COMMAND_IS_ALLOWED_USING_PERMISSION); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/privacy/privacy_service_fuzz.gni b/test/fuzztest/services/privacy/privacy_service_fuzz.gni index 1e574a97e..5588b953b 100644 --- a/test/fuzztest/services/privacy/privacy_service_fuzz.gni +++ b/test/fuzztest/services/privacy/privacy_service_fuzz.gni @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -49,6 +49,7 @@ privacy_deps = [ "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", "${access_token_path}/services/common:accesstoken_service_common", "${access_token_path}/services/common/proxy_death:proxy_death_handler", + "${access_token_path}/services/privacymanager:privacy_manager_stub", ] privacy_external_deps = [ @@ -85,7 +86,6 @@ privacy_sources = [ "${access_token_path}/services/privacymanager/src/sensitive/audio_manager/audio_manager_adapter.cpp", "${access_token_path}/services/privacymanager/src/sensitive/camera_manager/camera_manager_adapter.cpp", "${access_token_path}/services/privacymanager/src/service/privacy_manager_service.cpp", - "${access_token_path}/services/privacymanager/src/service/privacy_manager_stub.cpp", ] privacy_cflags_cc = [ @@ -93,6 +93,11 @@ privacy_cflags_cc = [ "-DFUZZ_ENABLE", ] +if (security_component_enhance_enable == true) { + privacy_cflags_cc += [ "-DSECURITY_COMPONENT_ENHANCE_ENABLE" ] + privacy_sources += [ "${access_token_path}/services/privacymanager/src/seccomp/privacy_sec_comp_enhance_agent.cpp" ] +} + privacy_defines = [] if (use_musl) { diff --git a/test/fuzztest/services/privacy/registerpermactivestatuscallbackstub_fuzzer/BUILD.gn b/test/fuzztest/services/privacy/registerpermactivestatuscallbackstub_fuzzer/BUILD.gn index e6457ef8f..b4a541307 100644 --- a/test/fuzztest/services/privacy/registerpermactivestatuscallbackstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/privacy/registerpermactivestatuscallbackstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023-2024 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -29,7 +29,10 @@ ohos_fuzztest("RegisterPermActiveStatusCallbackStubFuzzTest") { "-fno-omit-frame-pointer", ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/privacymanager:privacy_manager_gen_config", + ] include_dirs = privacy_include_dirs diff --git a/test/fuzztest/services/privacy/registerpermactivestatuscallbackstub_fuzzer/registerpermactivestatuscallbackstub_fuzzer.cpp b/test/fuzztest/services/privacy/registerpermactivestatuscallbackstub_fuzzer/registerpermactivestatuscallbackstub_fuzzer.cpp index 47fc2f21d..7ae82265a 100644 --- a/test/fuzztest/services/privacy/registerpermactivestatuscallbackstub_fuzzer/registerpermactivestatuscallbackstub_fuzzer.cpp +++ b/test/fuzztest/services/privacy/registerpermactivestatuscallbackstub_fuzzer/registerpermactivestatuscallbackstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #include "accesstoken_fuzzdata.h" #undef private -#include "i_privacy_manager.h" +#include "iprivacy_manager.h" #include "perm_active_status_change_callback.h" #include "perm_active_status_customized_cbk.h" #include "privacy_manager_service.h" @@ -74,7 +74,7 @@ namespace OHOS { return false; } - uint32_t code = static_cast(PrivacyInterfaceCode::REGISTER_PERM_ACTIVE_STATUS_CHANGE_CALLBACK); + uint32_t code = static_cast(IPrivacyManagerIpcCode::COMMAND_REGISTER_PERM_ACTIVE_STATUS_CALLBACK); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/privacy/registerseccompenhancestub_fuzzer/BUILD.gn b/test/fuzztest/services/privacy/registerseccompenhancestub_fuzzer/BUILD.gn index 7e2be9f5b..18a001071 100644 --- a/test/fuzztest/services/privacy/registerseccompenhancestub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/privacy/registerseccompenhancestub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -29,12 +29,14 @@ ohos_fuzztest("RegisterSecCompEnhanceStubFuzzTest") { "-fno-omit-frame-pointer", ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/privacymanager:privacy_manager_gen_config", + ] include_dirs = privacy_include_dirs sources += privacy_sources - sources += [ "${access_token_path}/services/privacymanager/src/seccomp/privacy_sec_comp_enhance_agent.cpp" ] defines = privacy_defines diff --git a/test/fuzztest/services/privacy/registerseccompenhancestub_fuzzer/registerseccompenhancestub_fuzzer.cpp b/test/fuzztest/services/privacy/registerseccompenhancestub_fuzzer/registerseccompenhancestub_fuzzer.cpp index 79a248074..de6cfaee5 100644 --- a/test/fuzztest/services/privacy/registerseccompenhancestub_fuzzer/registerseccompenhancestub_fuzzer.cpp +++ b/test/fuzztest/services/privacy/registerseccompenhancestub_fuzzer/registerseccompenhancestub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -24,7 +24,7 @@ #undef private #include "errors.h" #include "hap_token_info.h" -#include "i_privacy_manager.h" +#include "iprivacy_manager.h" #include "on_permission_used_record_callback_stub.h" #include "permission_used_request.h" #include "permission_used_request_parcel.h" @@ -91,7 +91,7 @@ public: return false; } - uint32_t code = static_cast(PrivacyInterfaceCode::REGISTER_SEC_COMP_ENHANCE); + uint32_t code = static_cast(IPrivacyManagerIpcCode::COMMAND_REGISTER_SEC_COMP_ENHANCE); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/privacy/removepermissionusedrecordsstub_fuzzer/BUILD.gn b/test/fuzztest/services/privacy/removepermissionusedrecordsstub_fuzzer/BUILD.gn index f9e87ddda..dc2bdf02f 100644 --- a/test/fuzztest/services/privacy/removepermissionusedrecordsstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/privacy/removepermissionusedrecordsstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023-2024 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -29,7 +29,10 @@ ohos_fuzztest("RemovePermissionUsedRecordsStubFuzzTest") { "-fno-omit-frame-pointer", ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/privacymanager:privacy_manager_gen_config", + ] include_dirs = privacy_include_dirs diff --git a/test/fuzztest/services/privacy/removepermissionusedrecordsstub_fuzzer/removepermissionusedrecordsstub_fuzzer.cpp b/test/fuzztest/services/privacy/removepermissionusedrecordsstub_fuzzer/removepermissionusedrecordsstub_fuzzer.cpp index d3c3b8510..67d6b8546 100644 --- a/test/fuzztest/services/privacy/removepermissionusedrecordsstub_fuzzer/removepermissionusedrecordsstub_fuzzer.cpp +++ b/test/fuzztest/services/privacy/removepermissionusedrecordsstub_fuzzer/removepermissionusedrecordsstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #include "accesstoken_fuzzdata.h" #undef private -#include "i_privacy_manager.h" +#include "iprivacy_manager.h" #include "privacy_manager_service.h" using namespace std; @@ -46,7 +46,7 @@ namespace OHOS { } uint32_t code = static_cast( - PrivacyInterfaceCode::DELETE_PERMISSION_USED_RECORDS); + IPrivacyManagerIpcCode::COMMAND_REMOVE_PERMISSION_USED_RECORDS); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/privacy/sethapwithfgreminderstub_fuzzer/BUILD.gn b/test/fuzztest/services/privacy/sethapwithfgreminderstub_fuzzer/BUILD.gn index b6c38befc..3c9a0ba27 100644 --- a/test/fuzztest/services/privacy/sethapwithfgreminderstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/privacy/sethapwithfgreminderstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -29,7 +29,10 @@ ohos_fuzztest("SetHapWithFGReminderStubFuzzTest") { "-fno-omit-frame-pointer", ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/privacymanager:privacy_manager_gen_config", + ] include_dirs = privacy_include_dirs diff --git a/test/fuzztest/services/privacy/sethapwithfgreminderstub_fuzzer/sethapwithfgreminderstub_fuzzer.cpp b/test/fuzztest/services/privacy/sethapwithfgreminderstub_fuzzer/sethapwithfgreminderstub_fuzzer.cpp index f06a4c5a9..1d4096eaa 100644 --- a/test/fuzztest/services/privacy/sethapwithfgreminderstub_fuzzer/sethapwithfgreminderstub_fuzzer.cpp +++ b/test/fuzztest/services/privacy/sethapwithfgreminderstub_fuzzer/sethapwithfgreminderstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -22,7 +22,7 @@ #include "accesstoken_fuzzdata.h" #undef private #include "accesstoken_kit.h" -#include "i_privacy_manager.h" +#include "iprivacy_manager.h" #include "privacy_manager_service.h" #include "nativetoken_kit.h" #include "token_setproc.h" @@ -81,7 +81,7 @@ size_t g_baseFuzzPos = 0; } uint32_t code = static_cast( - PrivacyInterfaceCode::SET_HAP_WITH_FOREGROUND_REMINDER); + IPrivacyManagerIpcCode::COMMAND_SET_HAP_WITH_F_G_REMINDER); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/privacy/setmutepolicystub_fuzzer/BUILD.gn b/test/fuzztest/services/privacy/setmutepolicystub_fuzzer/BUILD.gn index f278054a8..fe53ed0ff 100644 --- a/test/fuzztest/services/privacy/setmutepolicystub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/privacy/setmutepolicystub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023-2024 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -29,7 +29,10 @@ ohos_fuzztest("SetMutePolicyStubFuzzTest") { "-fno-omit-frame-pointer", ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/privacymanager:privacy_manager_gen_config", + ] include_dirs = privacy_include_dirs diff --git a/test/fuzztest/services/privacy/setmutepolicystub_fuzzer/setmutepolicystub_fuzzer.cpp b/test/fuzztest/services/privacy/setmutepolicystub_fuzzer/setmutepolicystub_fuzzer.cpp index 69c220f55..56b6b8760 100644 --- a/test/fuzztest/services/privacy/setmutepolicystub_fuzzer/setmutepolicystub_fuzzer.cpp +++ b/test/fuzztest/services/privacy/setmutepolicystub_fuzzer/setmutepolicystub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -22,7 +22,7 @@ #include "accesstoken_fuzzdata.h" #undef private #include "accesstoken_kit.h" -#include "i_privacy_manager.h" +#include "iprivacy_manager.h" #include "privacy_manager_service.h" #include "nativetoken_kit.h" #include "token_setproc.h" @@ -89,7 +89,7 @@ size_t g_baseFuzzPos = 0; } uint32_t code = static_cast( - PrivacyInterfaceCode::SET_MUTE_POLICY); + IPrivacyManagerIpcCode::COMMAND_SET_MUTE_POLICY); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/privacy/setpermissionusedrecordtogglestatusstub_fuzzer/BUILD.gn b/test/fuzztest/services/privacy/setpermissionusedrecordtogglestatusstub_fuzzer/BUILD.gn index 6feddd9ac..4b68e6395 100644 --- a/test/fuzztest/services/privacy/setpermissionusedrecordtogglestatusstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/privacy/setpermissionusedrecordtogglestatusstub_fuzzer/BUILD.gn @@ -28,7 +28,10 @@ ohos_fuzztest("SetPermissionUsedRecordToggleStatusStubFuzzTest") { "-fno-omit-frame-pointer", ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/privacymanager:privacy_manager_gen_config", + ] include_dirs = privacy_include_dirs diff --git a/test/fuzztest/services/privacy/setpermissionusedrecordtogglestatusstub_fuzzer/setpermissionusedrecordtogglestatusstub_fuzzer.cpp b/test/fuzztest/services/privacy/setpermissionusedrecordtogglestatusstub_fuzzer/setpermissionusedrecordtogglestatusstub_fuzzer.cpp index 9b5c47a88..25292163b 100644 --- a/test/fuzztest/services/privacy/setpermissionusedrecordtogglestatusstub_fuzzer/setpermissionusedrecordtogglestatusstub_fuzzer.cpp +++ b/test/fuzztest/services/privacy/setpermissionusedrecordtogglestatusstub_fuzzer/setpermissionusedrecordtogglestatusstub_fuzzer.cpp @@ -17,7 +17,7 @@ #include "accesstoken_fuzzdata.h" #undef private -#include "i_privacy_manager.h" +#include "iprivacy_manager.h" #include "privacy_manager_service.h" using namespace std; @@ -43,7 +43,7 @@ namespace OHOS { return false; } - uint32_t code = static_cast(PrivacyInterfaceCode::SET_PERMISSION_USED_RECORD_TOGGLE_STATUS); + uint32_t code = static_cast(IPrivacyManagerIpcCode::COMMAND_SET_PERMISSION_USED_RECORD_TOGGLE_STATUS); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/privacy/startusingpermissioncallbackstub_fuzzer/BUILD.gn b/test/fuzztest/services/privacy/startusingpermissioncallbackstub_fuzzer/BUILD.gn index bdbc691db..e61cf194d 100644 --- a/test/fuzztest/services/privacy/startusingpermissioncallbackstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/privacy/startusingpermissioncallbackstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023-2024 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -29,7 +29,10 @@ ohos_fuzztest("StartUsingPermissionCallbackStubFuzzTest") { "-fno-omit-frame-pointer", ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/privacymanager:privacy_manager_gen_config", + ] include_dirs = privacy_include_dirs diff --git a/test/fuzztest/services/privacy/startusingpermissioncallbackstub_fuzzer/startusingpermissioncallbackstub_fuzzer.cpp b/test/fuzztest/services/privacy/startusingpermissioncallbackstub_fuzzer/startusingpermissioncallbackstub_fuzzer.cpp index 85b7bfcf6..66b6c2c71 100644 --- a/test/fuzztest/services/privacy/startusingpermissioncallbackstub_fuzzer/startusingpermissioncallbackstub_fuzzer.cpp +++ b/test/fuzztest/services/privacy/startusingpermissioncallbackstub_fuzzer/startusingpermissioncallbackstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #include "accesstoken_fuzzdata.h" #undef private -#include "i_privacy_manager.h" +#include "iprivacy_manager.h" #include "state_change_callback.h" #include "state_customized_cbk.h" #include "privacy_manager_service.h" @@ -74,7 +74,7 @@ namespace OHOS { return false; } - uint32_t code = static_cast(PrivacyInterfaceCode::START_USING_PERMISSION_CALLBACK); + uint32_t code = static_cast(IPrivacyManagerIpcCode::COMMAND_START_USING_PERMISSION_CALLBACK); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/privacy/startusingpermissionstub_fuzzer/BUILD.gn b/test/fuzztest/services/privacy/startusingpermissionstub_fuzzer/BUILD.gn index 1b1ee0ad0..ed318f6e2 100644 --- a/test/fuzztest/services/privacy/startusingpermissionstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/privacy/startusingpermissionstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023-2024 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -29,7 +29,10 @@ ohos_fuzztest("StartUsingPermissionStubFuzzTest") { "-fno-omit-frame-pointer", ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/privacymanager:privacy_manager_gen_config", + ] include_dirs = privacy_include_dirs diff --git a/test/fuzztest/services/privacy/startusingpermissionstub_fuzzer/startusingpermissionstub_fuzzer.cpp b/test/fuzztest/services/privacy/startusingpermissionstub_fuzzer/startusingpermissionstub_fuzzer.cpp index e9fb147ff..42181dd68 100644 --- a/test/fuzztest/services/privacy/startusingpermissionstub_fuzzer/startusingpermissionstub_fuzzer.cpp +++ b/test/fuzztest/services/privacy/startusingpermissionstub_fuzzer/startusingpermissionstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #include "accesstoken_fuzzdata.h" #undef private -#include "i_privacy_manager.h" +#include "iprivacy_manager.h" #include "privacy_manager_service.h" using namespace std; @@ -48,7 +48,7 @@ namespace OHOS { return false; } - uint32_t code = static_cast(PrivacyInterfaceCode::START_USING_PERMISSION); + uint32_t code = static_cast(IPrivacyManagerIpcCode::COMMAND_START_USING_PERMISSION); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/privacy/stopusingpermissionstub_fuzzer/BUILD.gn b/test/fuzztest/services/privacy/stopusingpermissionstub_fuzzer/BUILD.gn index 982e60386..44b6b6990 100644 --- a/test/fuzztest/services/privacy/stopusingpermissionstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/privacy/stopusingpermissionstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023-2024 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -29,7 +29,10 @@ ohos_fuzztest("StopUsingPermissionStubFuzzTest") { "-fno-omit-frame-pointer", ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/privacymanager:privacy_manager_gen_config", + ] include_dirs = privacy_include_dirs diff --git a/test/fuzztest/services/privacy/stopusingpermissionstub_fuzzer/stopusingpermissionstub_fuzzer.cpp b/test/fuzztest/services/privacy/stopusingpermissionstub_fuzzer/stopusingpermissionstub_fuzzer.cpp index afce9afa0..74183f9e3 100644 --- a/test/fuzztest/services/privacy/stopusingpermissionstub_fuzzer/stopusingpermissionstub_fuzzer.cpp +++ b/test/fuzztest/services/privacy/stopusingpermissionstub_fuzzer/stopusingpermissionstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #include "accesstoken_fuzzdata.h" #undef private -#include "i_privacy_manager.h" +#include "iprivacy_manager.h" #include "privacy_manager_service.h" using namespace std; @@ -48,7 +48,7 @@ namespace OHOS { return false; } - uint32_t code = static_cast(PrivacyInterfaceCode::STOP_USING_PERMISSION); + uint32_t code = static_cast(IPrivacyManagerIpcCode::COMMAND_STOP_USING_PERMISSION); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/privacy/unregisterpermactivestatuscallbackstub_fuzzer/BUILD.gn b/test/fuzztest/services/privacy/unregisterpermactivestatuscallbackstub_fuzzer/BUILD.gn index 4933d084e..585a8e2a7 100644 --- a/test/fuzztest/services/privacy/unregisterpermactivestatuscallbackstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/privacy/unregisterpermactivestatuscallbackstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023-2024 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -29,7 +29,10 @@ ohos_fuzztest("UnRegisterPermActiveStatusCallbackStubFuzzTest") { "-fno-omit-frame-pointer", ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/privacymanager:privacy_manager_gen_config", + ] include_dirs = privacy_include_dirs diff --git a/test/fuzztest/services/privacy/unregisterpermactivestatuscallbackstub_fuzzer/unregisterpermactivestatuscallbackstub_fuzzer.cpp b/test/fuzztest/services/privacy/unregisterpermactivestatuscallbackstub_fuzzer/unregisterpermactivestatuscallbackstub_fuzzer.cpp index 14d23c014..6e08e8862 100644 --- a/test/fuzztest/services/privacy/unregisterpermactivestatuscallbackstub_fuzzer/unregisterpermactivestatuscallbackstub_fuzzer.cpp +++ b/test/fuzztest/services/privacy/unregisterpermactivestatuscallbackstub_fuzzer/unregisterpermactivestatuscallbackstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #include "accesstoken_fuzzdata.h" #undef private -#include "i_privacy_manager.h" +#include "iprivacy_manager.h" #include "perm_active_status_change_callback.h" #include "perm_active_status_customized_cbk.h" #include "privacy_manager_service.h" @@ -69,7 +69,7 @@ namespace OHOS { return false; } - uint32_t code = static_cast(PrivacyInterfaceCode::UNREGISTER_PERM_ACTIVE_STATUS_CHANGE_CALLBACK); + uint32_t code = static_cast(IPrivacyManagerIpcCode::COMMAND_UN_REGISTER_PERM_ACTIVE_STATUS_CALLBACK); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/privacy/updateseccompenhancestub_fuzzer/BUILD.gn b/test/fuzztest/services/privacy/updateseccompenhancestub_fuzzer/BUILD.gn index d97ec3ca2..d2712288c 100644 --- a/test/fuzztest/services/privacy/updateseccompenhancestub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/privacy/updateseccompenhancestub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -29,12 +29,14 @@ ohos_fuzztest("UpdateSecCompEnhanceStubFuzzTest") { "-fno-omit-frame-pointer", ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/privacymanager:privacy_manager_gen_config", + ] include_dirs = privacy_include_dirs sources += privacy_sources - sources += [ "${access_token_path}/services/privacymanager/src/seccomp/privacy_sec_comp_enhance_agent.cpp" ] defines = privacy_defines diff --git a/test/fuzztest/services/privacy/updateseccompenhancestub_fuzzer/updateseccompenhancestub_fuzzer.cpp b/test/fuzztest/services/privacy/updateseccompenhancestub_fuzzer/updateseccompenhancestub_fuzzer.cpp index 28b460006..c203ebb84 100644 --- a/test/fuzztest/services/privacy/updateseccompenhancestub_fuzzer/updateseccompenhancestub_fuzzer.cpp +++ b/test/fuzztest/services/privacy/updateseccompenhancestub_fuzzer/updateseccompenhancestub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -22,7 +22,7 @@ #include "accesstoken_fuzzdata.h" #undef private #include "errors.h" -#include "i_privacy_manager.h" +#include "iprivacy_manager.h" #include "on_permission_used_record_callback_stub.h" #include "permission_used_request.h" #include "permission_used_request_parcel.h" @@ -50,7 +50,7 @@ namespace OHOS { return false; } - uint32_t code = static_cast(PrivacyInterfaceCode::UPDATE_SEC_COMP_ENHANCE); + uint32_t code = static_cast(IPrivacyManagerIpcCode::COMMAND_UPDATE_SEC_COMP_ENHANCE); MessageParcel reply; MessageOption option; -- Gitee