diff --git a/frameworks/accesstoken/BUILD.gn b/frameworks/accesstoken/BUILD.gn index 905cf97537af37433da66c892757cf3a9c615565..522a1c0235cc553ba5d82c47f513b4b0de0adfd1 100644 --- a/frameworks/accesstoken/BUILD.gn +++ b/frameworks/accesstoken/BUILD.gn @@ -50,6 +50,7 @@ ohos_shared_library("accesstoken_communication_adapter_cxx") { sources = [ "src/atm_tools_param_info_parcel.cpp", "src/hap_base_info_parcel.cpp", + "src/hap_info_check_result_parcel.cpp", "src/hap_info_parcel.cpp", "src/hap_policy_parcel.cpp", "src/hap_token_info_for_sync_parcel.cpp", @@ -61,6 +62,9 @@ ohos_shared_library("accesstoken_communication_adapter_cxx") { "src/permission_state_change_info_parcel.cpp", "src/permission_state_change_scope_parcel.cpp", "src/permission_status_parcel.cpp", + "src/permission_with_value_parcel.cpp", + "src/update_hap_info_parcel.cpp", + "src/user_state_parcel.cpp", ] external_deps = [ "c_utils:utils" ] diff --git a/frameworks/accesstoken/include/accesstoken_service_ipc_interface_code.h b/frameworks/accesstoken/include/accesstoken_service_ipc_interface_code.h deleted file mode 100644 index 07d0e107b261d2a3c78b13f9a124d622e8ffc1c1..0000000000000000000000000000000000000000 --- a/frameworks/accesstoken/include/accesstoken_service_ipc_interface_code.h +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Copyright (c) 2023-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef ACCESSTOKEN_SERVICE_IPC_INTERFACE_CODE_H -#define ACCESSTOKEN_SERVICE_IPC_INTERFACE_CODE_H - -namespace OHOS { -namespace Security { -namespace AccessToken { -/* SAID:3503 */ -enum class AccessTokenInterfaceCode { - VERIFY_ACCESSTOKEN = 0x0000, - GET_DEF_PERMISSION, - GET_REQ_PERMISSIONS, - GET_PERMISSION_FLAG, - GRANT_PERMISSION, - REVOKE_PERMISSION, - CLEAR_USER_GRANT_PERMISSION, - ALLOC_TOKEN_HAP, - TOKEN_DELETE, - INIT_TOKEN_HAP, - SET_PERMISSION_REQUEST_TOGGLE_STATUS, - GET_PERMISSION_REQUEST_TOGGLE_STATUS, - GRANT_PERMISSION_FOR_SPECIFIEDTIME, - REQUEST_APP_PERM_ON_SETTING, - - GET_TOKEN_TYPE = 0x0010, - CHECK_NATIVE_DCAP, - GET_HAP_TOKEN_ID, - ALLOC_LOCAL_TOKEN_ID, - GET_NATIVE_TOKENINFO, - GET_HAP_TOKENINFO, - UPDATE_HAP_TOKEN, - GET_TOKEN_ID_BY_USER_ID, - - GET_HAP_TOKEN_FROM_REMOTE = 0x0020, - GET_ALL_NATIVE_TOKEN_FROM_REMOTE, - SET_REMOTE_HAP_TOKEN_INFO, - SET_REMOTE_NATIVE_TOKEN_INFO, - DELETE_REMOTE_TOKEN_INFO, - DELETE_REMOTE_DEVICE_TOKEN, - GET_NATIVE_REMOTE_TOKEN, - REGISTER_TOKEN_SYNC_CALLBACK, - UNREGISTER_TOKEN_SYNC_CALLBACK, - - DUMP_TOKENINFO = 0x0030, - GET_PERMISSION_OPER_STATE, - GET_PERMISSIONS_STATUS, - REGISTER_PERM_STATE_CHANGE_CALLBACK, - UNREGISTER_PERM_STATE_CHANGE_CALLBACK, - RELOAD_NATIVE_TOKEN_INFO, - GET_NATIVE_TOKEN_ID, - SET_PERM_DIALOG_CAPABILITY, - GET_USER_GRANTED_PERMISSION_USED_TYPE, - DUMP_PERM_DEFINITION_INFO, - GET_VERSION, - GET_PERMISSION_MANAGER_INFO, - GET_NATIVE_TOKEN_NAME, - INIT_USER_POLICY, - UPDATE_USER_POLICY, - CLEAR_USER_POLICY, - GET_HAP_TOKENINFO_EXT, - REGISTER_SELF_PERM_STATE_CHANGE_CALLBACK, - UNREGISTER_SELF_PERM_STATE_CHANGE_CALLBACK, - GET_KERNEL_PERMISSIONS, - GET_PERMISSION_BY_NAME, - - VERIFY_ACCESSTOKEN_WITH_LIST = 0x0050, -}; -} // namespace AccessToken -} // namespace Security -} // namespace OHOS - -#endif // ACCESSTOKEN_SERVICE_IPC_INTERFACE_CODE_H diff --git a/frameworks/accesstoken/include/hap_info_check_result_parcel.h b/frameworks/accesstoken/include/hap_info_check_result_parcel.h new file mode 100644 index 0000000000000000000000000000000000000000..6ddb4d6bacac56bc04745fedb204ac00b6ed7f0d --- /dev/null +++ b/frameworks/accesstoken/include/hap_info_check_result_parcel.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HAP_INFO_CHECK_RESULT_PARCEL_H +#define HAP_INFO_CHECK_RESULT_PARCEL_H + +#include "hap_token_info.h" +#include "parcel.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +struct HapInfoCheckResultParcel final : public Parcelable { + HapInfoCheckResultParcel() = default; + + ~HapInfoCheckResultParcel() override = default; + + bool Marshalling(Parcel &out) const override; + + static HapInfoCheckResultParcel *Unmarshalling(Parcel &in); + + HapInfoCheckResult hapInfoCheckResult; +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // HAP_INFO_CHECK_RESULT_PARCEL_H diff --git a/frameworks/accesstoken/include/i_accesstoken_manager.h b/frameworks/accesstoken/include/i_accesstoken_manager.h deleted file mode 100644 index 22709473ae9dc8e916febd58dd587019534850fd..0000000000000000000000000000000000000000 --- a/frameworks/accesstoken/include/i_accesstoken_manager.h +++ /dev/null @@ -1,126 +0,0 @@ -/* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef I_ACCESSTOKEN_MANAGER_H -#define I_ACCESSTOKEN_MANAGER_H - -#include -#include - -#include "access_token.h" -#include "accesstoken_service_ipc_interface_code.h" -#include "atm_tools_param_info_parcel.h" -#include "errors.h" -#include "hap_base_info_parcel.h" -#include "hap_info_parcel.h" -#include "hap_policy_parcel.h" -#include "hap_token_info_for_sync_parcel.h" -#include "hap_token_info_parcel.h" -#include "iremote_broker.h" -#include "i_permission_state_callback.h" -#include "native_token_info_parcel.h" -#include "permission_def_parcel.h" -#include "permission_grant_info_parcel.h" -#include "permission_list_state_parcel.h" -#include "permission_status_parcel.h" -#include "permission_state_change_scope_parcel.h" -#include "system_ability_definition.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -class IAccessTokenManager : public IRemoteBroker { -public: - static const int SA_ID_ACCESSTOKEN_MANAGER_SERVICE = ACCESS_TOKEN_MANAGER_SERVICE_ID; - - DECLARE_INTERFACE_DESCRIPTOR(u"ohos.security.accesstoken.IAccessTokenManager"); - - virtual PermUsedTypeEnum GetPermissionUsedType( - AccessTokenID tokenID, const std::string& permissionName) = 0; - virtual int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) = 0; - virtual int VerifyAccessToken(AccessTokenID tokenID, - const std::vector& permissionList, std::vector& permStateList) = 0; - virtual int GetDefPermission(const std::string& permissionName, PermissionDefParcel& permissionDefResult) = 0; - virtual int GetReqPermissions( - AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) = 0; - virtual int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag) = 0; - virtual int32_t SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status, - int32_t userID = 0) = 0; - virtual int32_t GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status, - int32_t userID = 0) = 0; - virtual int32_t RequestAppPermOnSetting(AccessTokenID tokenID) = 0; - virtual PermissionOper GetSelfPermissionsState(std::vector& permListParcel, - PermissionGrantInfoParcel& infoParcel) = 0; - virtual int32_t GetPermissionsStatus( - AccessTokenID tokenID, std::vector& permListParcel) = 0; - virtual int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) = 0; - virtual int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) = 0; - virtual int GrantPermissionForSpecifiedTime( - AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime) = 0; - virtual int ClearUserGrantedPermissionState(AccessTokenID tokenID) = 0; - virtual AccessTokenIDEx AllocHapToken(const HapInfoParcel& hapInfo, const HapPolicyParcel& policyParcel) = 0; - virtual int32_t InitHapToken(const HapInfoParcel& info, HapPolicyParcel& policy, - AccessTokenIDEx& fullTokenId, HapInfoCheckResult& result) = 0; - virtual int DeleteToken(AccessTokenID tokenID) = 0; - virtual int GetTokenType(AccessTokenID tokenID) = 0; - virtual AccessTokenIDEx GetHapTokenID(int32_t userID, const std::string& bundleName, int32_t instIndex) = 0; - virtual AccessTokenID AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID) = 0; - virtual int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoParcel& nativeTokenInfoRes) = 0; - virtual int32_t GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenIdList) = 0; - virtual int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfoParcel& hapTokenInfoRes) = 0; - virtual int32_t UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, - const HapPolicyParcel& policyParcel, HapInfoCheckResult& result) = 0; - virtual int32_t RegisterPermStateChangeCallback( - const PermStateChangeScopeParcel& scope, const sptr& callback) = 0; - virtual int32_t UnRegisterPermStateChangeCallback(const sptr& callback) = 0; - virtual int32_t RegisterSelfPermStateChangeCallback(const PermStateChangeScopeParcel& scope, - const sptr& callback) = 0; - virtual int32_t UnRegisterSelfPermStateChangeCallback(const sptr& callback) = 0; -#ifndef ATM_BUILD_VARIANT_USER_ENABLE - virtual int32_t ReloadNativeTokenInfo() = 0; -#endif - virtual int GetHapTokenInfoExtension(AccessTokenID tokenID, - HapTokenInfoParcel& hapTokenInfoRes, std::string& appID) = 0; - virtual AccessTokenID GetNativeTokenId(const std::string& processName) = 0; - -#ifdef TOKEN_SYNC_ENABLE - virtual int GetHapTokenInfoFromRemote(AccessTokenID tokenID, - HapTokenInfoForSyncParcel& hapSyncParcel) = 0; - virtual int SetRemoteHapTokenInfo(const std::string& deviceID, - HapTokenInfoForSyncParcel& hapSyncParcel) = 0; - virtual int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) = 0; - virtual AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID) = 0; - virtual int DeleteRemoteDeviceTokens(const std::string& deviceID) = 0; - virtual int32_t RegisterTokenSyncCallback(const sptr& callback) = 0; - virtual int32_t UnRegisterTokenSyncCallback() = 0; -#endif - virtual int32_t GetKernelPermissions( - AccessTokenID tokenId, std::vector& kernelPermList) = 0; - virtual int32_t GetReqPermissionByName( - AccessTokenID tokenId, const std::string& permissionName, std::string& value) = 0; - virtual int SetPermDialogCap(const HapBaseInfoParcel& hapBaseInfoParcel, bool enable) = 0; - virtual int32_t InitUserPolicy( - const std::vector& userList, const std::vector& permList) = 0; - virtual int32_t UpdateUserPolicy(const std::vector& userList) = 0; - virtual int32_t ClearUserPolicy() = 0; - virtual void DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& tokenInfo) = 0; - virtual int32_t GetVersion(uint32_t& version) = 0; - virtual void GetPermissionManagerInfo(PermissionGrantInfoParcel& infoParcel) = 0; -}; -} // namespace AccessToken -} // namespace Security -} // namespace OHOS - -#endif // I_ACCESSTOKEN_MANAGER_H diff --git a/frameworks/accesstoken/include/perm_state_change_scope_parcel.h b/frameworks/accesstoken/include/perm_state_change_scope_parcel.h new file mode 100644 index 0000000000000000000000000000000000000000..1a7505fd59cddd0daa2ddd1adb3e83d3623012b8 --- /dev/null +++ b/frameworks/accesstoken/include/perm_state_change_scope_parcel.h @@ -0,0 +1,20 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef PERM_STATE_CHANGE_SCOPE_PARCEL_H +#define PERM_STATE_CHANGE_SCOPE_PARCEL_H + +#include "permission_state_change_scope_parcel.h" + +#endif // PERM_STATE_CHANGE_SCOPE_PARCEL_H \ No newline at end of file diff --git a/frameworks/accesstoken/include/permission_with_value_parcel.h b/frameworks/accesstoken/include/permission_with_value_parcel.h new file mode 100644 index 0000000000000000000000000000000000000000..bfad0f92b69df6c9a93c4522e096eb6cdee3b072 --- /dev/null +++ b/frameworks/accesstoken/include/permission_with_value_parcel.h @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PERMISSION_WITH_VALUE_PARCEL_H +#define PERMISSION_WITH_VALUE_PARCEL_H + +#include "hap_token_info.h" + +#include "parcel.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +struct PermissionWithValueParcel final : public Parcelable { + PermissionWithValueParcel() = default; + + ~PermissionWithValueParcel() override = default; + + bool Marshalling(Parcel &out) const override; + + static PermissionWithValueParcel *Unmarshalling(Parcel &in); + + PermissionWithValue permissionWithValue; +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // PERMISSION_WITH_VALUE_PARCEL_H diff --git a/frameworks/accesstoken/include/update_hap_info_parcel.h b/frameworks/accesstoken/include/update_hap_info_parcel.h new file mode 100644 index 0000000000000000000000000000000000000000..82adcbb16ea0cdabc4bd509682990bda0fc1e2fb --- /dev/null +++ b/frameworks/accesstoken/include/update_hap_info_parcel.h @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef UPATTE_HAP_INFO_PARCEL_H +#define UPATTE_HAP_INFO_PARCEL_H + +#include "hap_token_info.h" + +#include "parcel.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +struct UpdateHapInfoParcel final : public Parcelable { + UpdateHapInfoParcel() = default; + + ~UpdateHapInfoParcel() override = default; + + bool Marshalling(Parcel &out) const override; + + static UpdateHapInfoParcel *Unmarshalling(Parcel &in); + + UpdateHapInfoParams hapInfoParameter; +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // UPATTE_HAP_INFO_PARCEL_H diff --git a/frameworks/accesstoken/include/user_state_parcel.h b/frameworks/accesstoken/include/user_state_parcel.h new file mode 100644 index 0000000000000000000000000000000000000000..52972664a9f534f9f145c5ff39e82fc166477964 --- /dev/null +++ b/frameworks/accesstoken/include/user_state_parcel.h @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef USER_STATE_PARCEL_H +#define USER_STATE_PARCEL_H + +#include "hap_token_info.h" + +#include "parcel.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +struct UserStateParcel final : public Parcelable { + UserStateParcel() = default; + + ~UserStateParcel() override = default; + + bool Marshalling(Parcel &out) const override; + + static UserStateParcel *Unmarshalling(Parcel &in); + + UserState userState; +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // USER_STATE_PARCEL_H diff --git a/frameworks/accesstoken/src/hap_info_check_result_parcel.cpp b/frameworks/accesstoken/src/hap_info_check_result_parcel.cpp new file mode 100644 index 0000000000000000000000000000000000000000..99ebabe4ef32a8a3d7ce71cddcfcb2a2e52532bb --- /dev/null +++ b/frameworks/accesstoken/src/hap_info_check_result_parcel.cpp @@ -0,0 +1,47 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "hap_info_check_result_parcel.h" +#include "access_token.h" +#include "parcel_utils.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +bool HapInfoCheckResultParcel::Marshalling(Parcel& out) const +{ + RETURN_IF_FALSE(out.WriteInt32(this->hapInfoCheckResult.permCheckResult.rule)); + RETURN_IF_FALSE(out.WriteString(this->hapInfoCheckResult.permCheckResult.permissionName)); + return true; +} + +HapInfoCheckResultParcel* HapInfoCheckResultParcel::Unmarshalling(Parcel& in) +{ + auto* hapInfoCheckResultParcel = new (std::nothrow) HapInfoCheckResultParcel(); + if (hapInfoCheckResultParcel == nullptr) { + return nullptr; + } + + int32_t rule; + RELEASE_IF_FALSE(in.ReadInt32(rule), hapInfoCheckResultParcel); + hapInfoCheckResultParcel->hapInfoCheckResult.permCheckResult.rule = PermissionRulesEnum(rule); + + hapInfoCheckResultParcel->hapInfoCheckResult.permCheckResult.permissionName = in.ReadString(); + + return hapInfoCheckResultParcel; +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/frameworks/accesstoken/src/permission_with_value_parcel.cpp b/frameworks/accesstoken/src/permission_with_value_parcel.cpp new file mode 100644 index 0000000000000000000000000000000000000000..e290a98f84eeab61a38d369cdad4f5851ddc9fcd --- /dev/null +++ b/frameworks/accesstoken/src/permission_with_value_parcel.cpp @@ -0,0 +1,41 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "permission_with_value_parcel.h" +#include "parcel_utils.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +bool PermissionWithValueParcel::Marshalling(Parcel& out) const +{ + RETURN_IF_FALSE(out.WriteString(this->permissionWithValue.permissionName)); + RETURN_IF_FALSE(out.WriteString(this->permissionWithValue.value)); + return true; +} + +PermissionWithValueParcel* PermissionWithValueParcel::Unmarshalling(Parcel& in) +{ + auto* permWithValueParcel = new (std::nothrow) PermissionWithValueParcel(); + if (permWithValueParcel == nullptr) { + return nullptr; + } + RELEASE_IF_FALSE(in.ReadString(permWithValueParcel->permissionWithValue.permissionName), permWithValueParcel); + RELEASE_IF_FALSE(in.ReadString(permWithValueParcel->permissionWithValue.value), permWithValueParcel); + return permWithValueParcel; +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/frameworks/accesstoken/src/update_hap_info_parcel.cpp b/frameworks/accesstoken/src/update_hap_info_parcel.cpp new file mode 100644 index 0000000000000000000000000000000000000000..36bc57b20af65d228d995321115acfe3edd6db8b --- /dev/null +++ b/frameworks/accesstoken/src/update_hap_info_parcel.cpp @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "update_hap_info_parcel.h" +#include "parcel_utils.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +bool UpdateHapInfoParcel::Marshalling(Parcel& out) const +{ + RETURN_IF_FALSE(out.WriteString(this->hapInfoParameter.appIDDesc)); + RETURN_IF_FALSE(out.WriteInt32(this->hapInfoParameter.apiVersion)); + RETURN_IF_FALSE(out.WriteBool(this->hapInfoParameter.isSystemApp)); + RETURN_IF_FALSE(out.WriteString(this->hapInfoParameter.appDistributionType)); + return true; +} + +UpdateHapInfoParcel* UpdateHapInfoParcel::Unmarshalling(Parcel& in) +{ + auto* hapInfoParcel = new (std::nothrow) UpdateHapInfoParcel(); + if (hapInfoParcel == nullptr) { + return nullptr; + } + hapInfoParcel->hapInfoParameter.appIDDesc = in.ReadString(); + RELEASE_IF_FALSE(in.ReadInt32(hapInfoParcel->hapInfoParameter.apiVersion), hapInfoParcel); + RELEASE_IF_FALSE(in.ReadBool(hapInfoParcel->hapInfoParameter.isSystemApp), hapInfoParcel); + RELEASE_IF_FALSE(in.ReadString(hapInfoParcel->hapInfoParameter.appDistributionType), hapInfoParcel); + return hapInfoParcel; +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/frameworks/accesstoken/src/user_state_parcel.cpp b/frameworks/accesstoken/src/user_state_parcel.cpp new file mode 100644 index 0000000000000000000000000000000000000000..7225e9ea644520f72e33f8d7814ff18f351534c2 --- /dev/null +++ b/frameworks/accesstoken/src/user_state_parcel.cpp @@ -0,0 +1,41 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "user_state_parcel.h" +#include "parcel_utils.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +bool UserStateParcel::Marshalling(Parcel& out) const +{ + RETURN_IF_FALSE(out.WriteInt32(this->userState.userId)); + RETURN_IF_FALSE(out.WriteBool(this->userState.isActive)); + return true; +} + +UserStateParcel* UserStateParcel::Unmarshalling(Parcel& in) +{ + auto* userStateParcel = new (std::nothrow) UserStateParcel(); + if (userStateParcel == nullptr) { + return nullptr; + } + RELEASE_IF_FALSE(in.ReadInt32(userStateParcel->userState.userId), userStateParcel); + RELEASE_IF_FALSE(in.ReadBool(userStateParcel->userState.isActive), userStateParcel); + return userStateParcel; +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/BUILD.gn b/interfaces/innerkits/accesstoken/BUILD.gn index 72f24f1d600b94427e6e990ccc29233df29e3ee5..68886e7fd981adb25ef56b0cbc027c8830067ba7 100644 --- a/interfaces/innerkits/accesstoken/BUILD.gn +++ b/interfaces/innerkits/accesstoken/BUILD.gn @@ -41,7 +41,10 @@ if (is_standard_system) { output_name = "libaccesstoken_sdk" - public_configs = [ ":accesstoken" ] + public_configs = [ + ":accesstoken", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] include_dirs = [ "${access_token_path}/frameworks/accesstoken/include", @@ -55,7 +58,6 @@ if (is_standard_system) { "src/accesstoken_death_recipient.cpp", "src/accesstoken_kit.cpp", "src/accesstoken_manager_client.cpp", - "src/accesstoken_manager_proxy.cpp", "src/perm_state_change_callback_customize.cpp", ] @@ -63,6 +65,7 @@ if (is_standard_system) { "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", "${access_token_path}/frameworks/common:accesstoken_common_cxx", "${access_token_path}/interfaces/innerkits/token_setproc:libperm_setproc", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_proxy", ] external_deps = [ diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp index 2f7a6df29baf3251b059d14ce7dd0f8f69653356..b7a9aded95f53fe3bd46fdcf9ac05235aca3e0d4 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. + * Copyright (c) 2021-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -25,6 +25,10 @@ #include "parameter.h" #include "permission_grant_info_parcel.h" #include "accesstoken_callbacks.h" +#include "hap_info_check_result_parcel.h" +#include "permission_with_value_parcel.h" +#include "update_hap_info_parcel.h" +#include "user_state_parcel.h" namespace OHOS { namespace Security { @@ -33,6 +37,10 @@ namespace { static constexpr int32_t VALUE_MAX_LEN = 32; static const char* ACCESS_TOKEN_SERVICE_INIT_KEY = "accesstoken.permission.init"; std::recursive_mutex g_instanceMutex; +static const int32_t SA_ID_ACCESSTOKEN_MANAGER_SERVICE = 3503; +static const int MAX_PERMISSION_SIZE = 1000; +static const int32_t MAX_USER_POLICY_SIZE = 1024; +static const int32_t MAX_EXTENDED_VALUE_LIST_SIZE = 512; } // namespace static const uint32_t MAX_CALLBACK_MAP_SIZE = 200; @@ -67,7 +75,14 @@ PermUsedTypeEnum AccessTokenManagerClient::GetPermissionUsedType( LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null."); return PermUsedTypeEnum::INVALID_USED_TYPE; } - return proxy->GetPermissionUsedType(tokenID, permissionName); + int32_t ret; + int32_t errCode = proxy->GetPermissionUsedType(tokenID, permissionName, ret); + if (errCode != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + return PermUsedTypeEnum::INVALID_USED_TYPE; + } + PermUsedTypeEnum result = static_cast(ret); + return result; } int AccessTokenManagerClient::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) @@ -126,6 +141,13 @@ int AccessTokenManagerClient::GetReqPermissions( } std::vector parcelList; int result = proxy->GetReqPermissions(tokenID, parcelList, isSystemGrant); + + uint32_t reqPermSize = parcelList.size(); + if (reqPermSize > MAX_PERMISSION_SIZE) { + LOGE(ATM_DOMAIN, ATM_TAG, "Size(%{public}u) is oversize.", reqPermSize); + return ERR_OVERSIZE; + } + for (const auto& permParcel : parcelList) { PermissionStateFull perm; perm.permissionName = permParcel.permState.permissionName; @@ -172,16 +194,33 @@ PermissionOper AccessTokenManagerClient::GetSelfPermissionsState(std::vectorGetSelfPermissionsState(parcelList, infoParcel); + int32_t ret; + int32_t errCode = proxy->GetSelfPermissionsState(parcelList, infoParcel, ret); + + size_t size = parcelList.size() / 2; + if (size != len) { + LOGE(ATM_DOMAIN, ATM_TAG, "Size(%{public}zu) from server is not equal inputSize(%{public}zu)!", + size, len); + return INVALID_OPER; + } + if (size > MAX_PERMISSION_SIZE) { + LOGE(ATM_DOMAIN, ATM_TAG, "Size(%{public}zu) is oversize.", size); + return INVALID_OPER; + } + + if (errCode != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + return INVALID_OPER; + } for (uint32_t i = 0; i < len; i++) { - PermissionListState perm = parcelList[i].permsState; + PermissionListState perm = parcelList[i+len].permsState; permList[i].state = perm.state; permList[i].errorReason = perm.errorReason; } info = infoParcel.info; - return result; + return static_cast(ret); } int32_t AccessTokenManagerClient::GetPermissionsStatus( @@ -210,8 +249,16 @@ int32_t AccessTokenManagerClient::GetPermissionsStatus( if (result != RET_SUCCESS) { return result; } + + size_t size = parcelList.size() / 2; + if (size != len) { + LOGE(ATM_DOMAIN, ATM_TAG, "Size(%{public}zu) from server is not equal inputSize(%{public}zu)!", + size, len); + return ERR_SIZE_NOT_EQUAL; + } + for (uint32_t i = 0; i < len; i++) { - PermissionListState perm = parcelList[i].permsState; + PermissionListState perm = parcelList[i+len].permsState; permList[i].state = perm.state; } @@ -401,7 +448,14 @@ AccessTokenIDEx AccessTokenManagerClient::AllocHapToken(const HapInfoParams& inf hapInfoParcel.hapInfoParameter = info; hapPolicyParcel.hapPolicy = policy; - return proxy->AllocHapToken(hapInfoParcel, hapPolicyParcel); + uint64_t ret; + int32_t errCode = proxy->AllocHapToken(hapInfoParcel, hapPolicyParcel, ret); + if (errCode != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + return tokenIdEx; + } + tokenIdEx.tokenIDEx = ret; + return tokenIdEx; } int32_t AccessTokenManagerClient::InitHapToken(const HapInfoParams& info, HapPolicy& policy, @@ -417,7 +471,15 @@ int32_t AccessTokenManagerClient::InitHapToken(const HapInfoParams& info, HapPol hapInfoParcel.hapInfoParameter = info; hapPolicyParcel.hapPolicy = policy; - return proxy->InitHapToken(hapInfoParcel, hapPolicyParcel, fullTokenId, result); + HapInfoCheckResultParcel resultInfoParcel; + uint64_t fullToken = 0; + int32_t res = proxy->InitHapToken(hapInfoParcel, hapPolicyParcel, fullToken, resultInfoParcel); + if (fullToken == 0 && res == RET_SUCCESS) { + res = AccessTokenError::ERR_PERM_REQUEST_CFG_FAILED; + result = resultInfoParcel.hapInfoCheckResult; + } + fullTokenId.tokenIDEx = fullToken; + return res; } int AccessTokenManagerClient::DeleteToken(AccessTokenID tokenID) @@ -449,7 +511,14 @@ AccessTokenIDEx AccessTokenManagerClient::GetHapTokenID( LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return result; } - return proxy->GetHapTokenID(userID, bundleName, instIndex); + uint64_t ret; + int32_t errCode = proxy->GetHapTokenID(userID, bundleName, instIndex, ret); + if (errCode != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + return result; + } + result.tokenIDEx = ret; + return result; } AccessTokenID AccessTokenManagerClient::AllocLocalTokenID( @@ -460,7 +529,14 @@ AccessTokenID AccessTokenManagerClient::AllocLocalTokenID( LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return INVALID_TOKENID; } - return proxy->AllocLocalTokenID(remoteDeviceID, remoteTokenID); + uint32_t ret; + int32_t errCode = proxy->AllocLocalTokenID(remoteDeviceID, remoteTokenID, ret); + if (errCode != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + return INVALID_TOKENID; + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (id=%{public}d).", ret); + return ret; } int32_t AccessTokenManagerClient::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, @@ -473,7 +549,19 @@ int32_t AccessTokenManagerClient::UpdateHapToken(AccessTokenIDEx& tokenIdEx, con } HapPolicyParcel hapPolicyParcel; hapPolicyParcel.hapPolicy = policy; - return proxy->UpdateHapToken(tokenIdEx, info, hapPolicyParcel, result); + UpdateHapInfoParcel infoParcel; + infoParcel.hapInfoParameter = info; + HapInfoCheckResultParcel resultInfoParcel; + uint64_t fullTokenId = tokenIdEx.tokenIDEx; + int32_t res = proxy->UpdateHapToken(fullTokenId, infoParcel, hapPolicyParcel, resultInfoParcel); + tokenIdEx.tokenIDEx = fullTokenId; + if (res == RET_SUCCESS) { + if (resultInfoParcel.hapInfoCheckResult.permCheckResult.permissionName != "") { + result = resultInfoParcel.hapInfoCheckResult; + res = AccessTokenError::ERR_PERM_REQUEST_CFG_FAILED; + } + } + return res; } int32_t AccessTokenManagerClient::GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenIdList) @@ -483,7 +571,10 @@ int32_t AccessTokenManagerClient::GetTokenIDByUserID(int32_t userID, std::unorde LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->GetTokenIDByUserID(userID, tokenIdList); + std::vector tokenIds; + auto result = proxy->GetTokenIDByUserID(userID, tokenIds); + std::copy(tokenIds.begin(), tokenIds.end(), std::inserter(tokenIdList, tokenIdList.begin())); + return result; } int AccessTokenManagerClient::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& hapTokenInfoRes) @@ -546,7 +637,13 @@ AccessTokenID AccessTokenManagerClient::GetNativeTokenId(const std::string& proc LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return INVALID_TOKENID; } - return proxy->GetNativeTokenId(processName); + uint32_t tokenID; + ErrCode errCode = proxy->GetNativeTokenId(processName, tokenID); + if (errCode != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + return INVALID_TOKENID; + } + return tokenID; } #ifdef TOKEN_SYNC_ENABLE @@ -599,8 +696,13 @@ AccessTokenID AccessTokenManagerClient::GetRemoteNativeTokenID(const std::string return INVALID_TOKENID; } - AccessTokenID res = proxy->GetRemoteNativeTokenID(deviceID, tokenID); - return res; + uint32_t ret; + ErrCode errCode = proxy->GetRemoteNativeTokenID(deviceID, tokenID, ret); + if (errCode != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + return INVALID_TOKENID; + } + return ret; } int AccessTokenManagerClient::DeleteRemoteDeviceTokens(const std::string& deviceID) @@ -690,10 +792,10 @@ void AccessTokenManagerClient::InitProxy() return; } sptr accesstokenSa = - sam->GetSystemAbility(IAccessTokenManager::SA_ID_ACCESSTOKEN_MANAGER_SERVICE); + sam->GetSystemAbility(SA_ID_ACCESSTOKEN_MANAGER_SERVICE); if (accesstokenSa == nullptr) { LOGE(ATM_DOMAIN, ATM_TAG, "GetSystemAbility %{public}d is null", - IAccessTokenManager::SA_ID_ACCESSTOKEN_MANAGER_SERVICE); + SA_ID_ACCESSTOKEN_MANAGER_SERVICE); return; } @@ -701,7 +803,7 @@ void AccessTokenManagerClient::InitProxy() if (serviceDeathObserver_ != nullptr) { accesstokenSa->AddDeathRecipient(serviceDeathObserver_); } - proxy_ = new AccessTokenManagerProxy(accesstokenSa); + proxy_ = new AccesstokenManagerProxy(accesstokenSa); if (proxy_ == nullptr || proxy_->AsObject() == nullptr || proxy_->AsObject()->IsObjectDead()) { LOGE(ATM_DOMAIN, ATM_TAG, "Iface_cast get null"); } @@ -723,7 +825,7 @@ void AccessTokenManagerClient::OnRemoteDiedHandle() #endif // TOKEN_SYNC_ENABLE } -sptr AccessTokenManagerClient::GetProxy() +sptr AccessTokenManagerClient::GetProxy() { std::lock_guard lock(proxyMutex_); if (proxy_ == nullptr || proxy_->AsObject() == nullptr || proxy_->AsObject()->IsObjectDead()) { @@ -764,7 +866,21 @@ int32_t AccessTokenManagerClient::InitUserPolicy( LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->InitUserPolicy(userList, permList); + + size_t userLen = userList.size(); + size_t permLen = permList.size(); + if ((userLen == 0) || (userLen > MAX_USER_POLICY_SIZE) || (permLen == 0) || (permLen > MAX_USER_POLICY_SIZE)) { + LOGE(ATM_DOMAIN, ATM_TAG, "UserLen %{public}zu or permLen %{public}zu is invalid", userLen, permLen); + return AccessTokenError::ERR_PARAM_INVALID; + } + + std::vector userParcelList; + for (const auto& userSate : userList) { + UserStateParcel userParcel; + userParcel.userState = userSate; + userParcelList.emplace_back(userParcel); + } + return proxy->InitUserPolicy(userParcelList, permList); } int32_t AccessTokenManagerClient::ClearUserPolicy() @@ -784,7 +900,20 @@ int32_t AccessTokenManagerClient::UpdateUserPolicy(const std::vector& LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->UpdateUserPolicy(userList); + + size_t userLen = userList.size(); + if ((userLen == 0) || (userLen > MAX_USER_POLICY_SIZE)) { + LOGE(ATM_DOMAIN, ATM_TAG, "UserLen %{public}zu is invalid.", userLen); + return AccessTokenError::ERR_PARAM_INVALID; + } + + std::vector userParcelList; + for (const auto& userSate : userList) { + UserStateParcel userParcel; + userParcel.userState = userSate; + userParcelList.emplace_back(userParcel); + } + return proxy->UpdateUserPolicy(userParcelList); } void AccessTokenManagerClient::ReleaseProxy() @@ -804,7 +933,22 @@ int32_t AccessTokenManagerClient::GetKernelPermissions( LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->GetKernelPermissions(tokenId, kernelPermList); + std::vector kernelPermParcelList; + auto result = proxy->GetKernelPermissions(tokenId, kernelPermParcelList); + + if (kernelPermParcelList.size() > MAX_EXTENDED_VALUE_LIST_SIZE) { + return AccessTokenError::ERR_OVERSIZE; + } + + for (const auto& kernelPermParcel : kernelPermParcelList) { + PermissionWithValue perm = kernelPermParcel.permissionWithValue; + if (perm.value == "true") { + perm.value.clear(); + } + kernelPermList.emplace_back(perm); + } + + return result; } int32_t AccessTokenManagerClient::GetReqPermissionByName( diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h index b5a4d09849c09855d7c0f021f1f5f9312dc80531..36d927677da737d02d0ad3ccf64311b2021c2842 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. + * Copyright (c) 2021-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -19,6 +19,7 @@ #include #include #include +#include #include #include "access_token.h" @@ -28,7 +29,7 @@ #include "hap_info_parcel.h" #include "hap_policy_parcel.h" #include "hap_token_info.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" #include "nocopyable.h" #include "permission_def.h" #include "permission_grant_info.h" @@ -120,10 +121,10 @@ private: DISALLOW_COPY_AND_MOVE(AccessTokenManagerClient); std::mutex proxyMutex_; - sptr proxy_ = nullptr; + sptr proxy_ = nullptr; sptr serviceDeathObserver_ = nullptr; void InitProxy(); - sptr GetProxy(); + sptr GetProxy(); void ReleaseProxy(); std::mutex callbackMutex_; std::map, sptr> callbackMap_; diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp deleted file mode 100644 index 767678b542b194dfd1acbaf5e85142555f2600f5..0000000000000000000000000000000000000000 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp +++ /dev/null @@ -1,1578 +0,0 @@ -/* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "accesstoken_manager_proxy.h" - -#include "accesstoken_log.h" -#include "accesstoken_common_log.h" -#include "access_token_error.h" - -#include "parcel.h" -#include "string_ex.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "ATMProxy"}; -static const int MAX_PERMISSION_SIZE = 1000; -static const int32_t MAX_USER_POLICY_SIZE = 1024; -static const int32_t MAX_EXTENDED_VALUE_LIST_SIZE = 512; -} - -AccessTokenManagerProxy::AccessTokenManagerProxy(const sptr& impl) - : IRemoteProxy(impl) { -} - -AccessTokenManagerProxy::~AccessTokenManagerProxy() -{} - -bool AccessTokenManagerProxy::SendRequest( - AccessTokenInterfaceCode code, MessageParcel& data, MessageParcel& reply) -{ - MessageOption option(MessageOption::TF_SYNC); - - sptr remote = Remote(); - if (remote == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Code: %{public}d remote service null.", code); - return false; - } - int32_t requestResult = remote->SendRequest( - static_cast(code), data, reply, option); - if (requestResult != NO_ERROR) { - LOGE(ATM_DOMAIN, ATM_TAG, "Code: %{public}d request fail, result: %{public}d", code, requestResult); - return false; - } - return true; -} - -PermUsedTypeEnum AccessTokenManagerProxy::GetPermissionUsedType( - AccessTokenID tokenID, const std::string &permissionName) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return PermUsedTypeEnum::INVALID_USED_TYPE; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return PermUsedTypeEnum::INVALID_USED_TYPE; - } - if (!data.WriteString(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); - return PermUsedTypeEnum::INVALID_USED_TYPE; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_USER_GRANTED_PERMISSION_USED_TYPE, data, reply)) { - return PermUsedTypeEnum::INVALID_USED_TYPE; - } - - int32_t ret; - if (!reply.ReadInt32(ret)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32t failed."); - return PermUsedTypeEnum::INVALID_USED_TYPE; - } - PermUsedTypeEnum result = static_cast(ret); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (type=%{public}d).", result); - return result; -} - -int AccessTokenManagerProxy::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return PERMISSION_DENIED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return PERMISSION_DENIED; - } - if (!data.WriteString(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); - return PERMISSION_DENIED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::VERIFY_ACCESSTOKEN, data, reply)) { - return PERMISSION_DENIED; - } - - int32_t result = reply.ReadInt32(); - LOGD(ATM_DOMAIN, ATM_TAG, "Result from server (status=%{public}d).", result); - return result; -} - -int AccessTokenManagerProxy::VerifyAccessToken(AccessTokenID tokenID, - const std::vector& permissionList, std::vector& permStateList) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteStringVector(permissionList)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteStringVector failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::VERIFY_ACCESSTOKEN_WITH_LIST, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - if (!reply.ReadInt32Vector(&permStateList)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32Vector failed."); - return ERR_READ_PARCEL_FAILED; - } - - return ERR_OK; -} - -int AccessTokenManagerProxy::GetDefPermission( - const std::string& permissionName, PermissionDefParcel& permissionDefResult) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteString(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_DEF_PERMISSION, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - if (result != RET_SUCCESS) { - return result; - } - sptr resultSptr = reply.ReadParcelable(); - if (resultSptr == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable failed."); - return ERR_READ_PARCEL_FAILED; - } - permissionDefResult = *resultSptr; - return result; -} - -int AccessTokenManagerProxy::GetReqPermissions( - AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteInt32(isSystemGrant)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInt32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_REQ_PERMISSIONS, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGD(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - if (result != RET_SUCCESS) { - return result; - } - uint32_t reqPermSize = reply.ReadUint32(); - if (reqPermSize > MAX_PERMISSION_SIZE) { - LOGE(ATM_DOMAIN, ATM_TAG, "Size(%{public}u) is oversize.", reqPermSize); - return ERR_OVERSIZE; - } - for (uint32_t i = 0; i < reqPermSize; i++) { - sptr permissionReq = reply.ReadParcelable(); - if (permissionReq != nullptr) { - reqPermList.emplace_back(*permissionReq); - } - } - return result; -} - -int32_t AccessTokenManagerProxy::SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status, - int32_t userID = 0) -{ - MessageParcel sendData; - if (!sendData.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!sendData.WriteString(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!sendData.WriteUint32(status)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!sendData.WriteInt32(userID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInt32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::SET_PERMISSION_REQUEST_TOGGLE_STATUS, sendData, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -int32_t AccessTokenManagerProxy::GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status, - int32_t userID = 0) -{ - MessageParcel sendData; - if (!sendData.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!sendData.WriteString(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!sendData.WriteInt32(userID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInt32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_PERMISSION_REQUEST_TOGGLE_STATUS, sendData, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - if (result == RET_SUCCESS) { - status = reply.ReadUint32(); - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d, status=%{public}d).", result, status); - return result; -} - -int32_t AccessTokenManagerProxy::RequestAppPermOnSetting(AccessTokenID tokenID) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInt32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::REQUEST_APP_PERM_ON_SETTING, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); - return ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (result=%{public}d).", result); - return result; -} - -int AccessTokenManagerProxy::GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag) -{ - MessageParcel sendData; - if (!sendData.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!sendData.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!sendData.WriteString(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_PERMISSION_FLAG, sendData, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - if (result == RET_SUCCESS) { - flag = reply.ReadUint32(); - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d, flag=%{public}d).", result, flag); - return result; -} - -PermissionOper AccessTokenManagerProxy::GetSelfPermissionsState(std::vector& permListParcel, - PermissionGrantInfoParcel& infoParcel) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return INVALID_OPER; - } - if (!data.WriteUint32(permListParcel.size())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return INVALID_OPER; - } - for (const auto& permission : permListParcel) { - if (!data.WriteParcelable(&permission)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteParcelable failed."); - return INVALID_OPER; - } - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_PERMISSION_OPER_STATE, data, reply)) { - return INVALID_OPER; - } - - PermissionOper result = static_cast(reply.ReadInt32()); - size_t size = reply.ReadUint32(); - if (size != permListParcel.size()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Size(%{public}zu) from server is not equal inputSize(%{public}zu)!", - size, permListParcel.size()); - return INVALID_OPER; - } - if (size > MAX_PERMISSION_SIZE) { - LOGE(ATM_DOMAIN, ATM_TAG, "Size(%{public}zu) is oversize.", size); - return INVALID_OPER; - } - for (uint32_t i = 0; i < size; i++) { - sptr permissionReq = reply.ReadParcelable(); - if (permissionReq != nullptr) { - permListParcel[i].permsState.state = permissionReq->permsState.state; - permListParcel[i].permsState.errorReason = permissionReq->permsState.errorReason; - } - } - - sptr resultSptr = reply.ReadParcelable(); - if (resultSptr == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable failed."); - return INVALID_OPER; - } - infoParcel = *resultSptr; - - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (status=%{public}d).", result); - return result; -} - -int32_t AccessTokenManagerProxy::GetPermissionsStatus(AccessTokenID tokenID, - std::vector& permListParcel) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed"); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(permListParcel.size())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - for (const auto& permission : permListParcel) { - if (!data.WriteParcelable(&permission)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteParcelable failed."); - return ERR_WRITE_PARCEL_FAILED; - } - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_PERMISSIONS_STATUS, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - if (result != RET_SUCCESS) { - return result; - } - size_t size = reply.ReadUint32(); - if (size != permListParcel.size()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Size(%{public}zu) from server is not equal inputSize(%{public}zu)!", - size, permListParcel.size()); - return ERR_SIZE_NOT_EQUAL; - } - for (uint32_t i = 0; i < size; i++) { - sptr permissionReq = reply.ReadParcelable(); - if (permissionReq != nullptr) { - permListParcel[i].permsState.state = permissionReq->permsState.state; - } - } - return result; -} - -int AccessTokenManagerProxy::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) -{ - MessageParcel inData; - if (!inData.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!inData.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!inData.WriteString(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!inData.WriteUint32(flag)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GRANT_PERMISSION, inData, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -int AccessTokenManagerProxy::RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteString(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(flag)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::REVOKE_PERMISSION, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -int AccessTokenManagerProxy::GrantPermissionForSpecifiedTime( - AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteString(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(onceTime)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GRANT_PERMISSION_FOR_SPECIFIEDTIME, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); - return ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (result=%{public}d).", result); - return result; -} - -int AccessTokenManagerProxy::ClearUserGrantedPermissionState(AccessTokenID tokenID) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::CLEAR_USER_GRANT_PERMISSION, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -int32_t AccessTokenManagerProxy::RegisterPermStateChangeCallback( - const PermStateChangeScopeParcel& scope, const sptr& callback) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteParcelable(&scope)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteParcelable failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteRemoteObject(callback)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteRemoteObject failed."); - return ERR_WRITE_PARCEL_FAILED; - } - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::REGISTER_PERM_STATE_CHANGE_CALLBACK, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t ret; - if (!reply.ReadInt32(ret)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); - return ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", ret); - return ret; -} - -int32_t AccessTokenManagerProxy::UnRegisterPermStateChangeCallback(const sptr& callback) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteRemoteObject(callback)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteRemoteObject failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest( - AccessTokenInterfaceCode::UNREGISTER_PERM_STATE_CHANGE_CALLBACK, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); - return ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -int32_t AccessTokenManagerProxy::RegisterSelfPermStateChangeCallback( - const PermStateChangeScopeParcel& scope, const sptr& callback) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteParcelable(&scope)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteParcelable failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteRemoteObject(callback)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteRemoteObject failed."); - return ERR_WRITE_PARCEL_FAILED; - } - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::REGISTER_SELF_PERM_STATE_CHANGE_CALLBACK, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t ret; - if (!reply.ReadInt32(ret)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); - return ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", ret); - return ret; -} - -int32_t AccessTokenManagerProxy::UnRegisterSelfPermStateChangeCallback(const sptr& callback) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteRemoteObject(callback)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteRemoteObject failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest( - AccessTokenInterfaceCode::UNREGISTER_SELF_PERM_STATE_CHANGE_CALLBACK, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); - return ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -AccessTokenIDEx AccessTokenManagerProxy::AllocHapToken( - const HapInfoParcel& hapInfo, const HapPolicyParcel& policyParcel) -{ - MessageParcel data; - AccessTokenIDEx res = { 0 }; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return res; - } - - if (!data.WriteParcelable(&hapInfo)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteParcelable failed."); - return res; - } - if (!data.WriteParcelable(&policyParcel)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteParcelable failed."); - return res; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::ALLOC_TOKEN_HAP, data, reply)) { - return res; - } - - unsigned long long result = reply.ReadUint64(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (id=%{public}llu).", result); - res.tokenIDEx = result; - return res; -} - -int32_t AccessTokenManagerProxy::InitHapToken(const HapInfoParcel& hapInfoParcel, HapPolicyParcel& policyParcel, - AccessTokenIDEx& fullTokenId, HapInfoCheckResult& resultInfo) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - if (!data.WriteParcelable(&hapInfoParcel)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteParcelable failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteParcelable(&policyParcel)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteParcelable failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::INIT_TOKEN_HAP, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - int32_t result = 0; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); - return ERR_READ_PARCEL_FAILED; - } - if (result == RET_SUCCESS) { - uint64_t tokenId = 0; - if (!reply.ReadUint64(tokenId)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadUint64 faild."); - return ERR_READ_PARCEL_FAILED; - } - fullTokenId.tokenIDEx = tokenId; - } else { - if (reply.GetDataSize() > reply.GetReadPosition()) { - IF_FALSE_RETURN_VALUE_LOG(LABEL, reply.ReadString(resultInfo.permCheckResult.permissionName), - ERR_READ_PARCEL_FAILED, "ReadString faild."); - - int32_t rule; - IF_FALSE_RETURN_VALUE_LOG(LABEL, reply.ReadInt32(rule), - ERR_READ_PARCEL_FAILED, "ReadString faild."); - resultInfo.permCheckResult.rule = static_cast(rule); - } - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d, id=%{public}llu).", - result, fullTokenId.tokenIDEx); - return result; -} - -int AccessTokenManagerProxy::DeleteToken(AccessTokenID tokenID) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::TOKEN_DELETE, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d, id=%{public}u).", result, tokenID); - return result; -} - -int AccessTokenManagerProxy::GetTokenType(AccessTokenID tokenID) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write tokenID"); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_TOKEN_TYPE, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int result = reply.ReadInt32(); - LOGD(ATM_DOMAIN, ATM_TAG, "Result from server (type=%{public}d).", result); - return result; -} - -AccessTokenIDEx AccessTokenManagerProxy::GetHapTokenID(int32_t userID, const std::string& bundleName, int32_t instIndex) -{ - AccessTokenIDEx tokenIdEx = {0}; - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return tokenIdEx; - } - - if (!data.WriteInt32(userID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write tokenID"); - return tokenIdEx; - } - if (!data.WriteString(bundleName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write dcap"); - return tokenIdEx; - } - if (!data.WriteInt32(instIndex)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write dcap"); - return tokenIdEx; - } - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_HAP_TOKEN_ID, data, reply)) { - return tokenIdEx; - } - - tokenIdEx.tokenIDEx = reply.ReadUint64(); - LOGD(ATM_DOMAIN, ATM_TAG, "Result from server (id=%{public}llu).", tokenIdEx.tokenIDEx); - return tokenIdEx; -} - -AccessTokenID AccessTokenManagerProxy::AllocLocalTokenID( - const std::string& remoteDeviceID, AccessTokenID remoteTokenID) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return 0; - } - - if (!data.WriteString(remoteDeviceID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write dcap"); - return 0; - } - if (!data.WriteUint32(remoteTokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write dcap"); - return 0; - } - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::ALLOC_LOCAL_TOKEN_ID, data, reply)) { - return 0; - } - - AccessTokenID result = reply.ReadUint32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (id=%{public}d).", result); - return result; -} - -int AccessTokenManagerProxy::GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoParcel& nativeTokenInfoRes) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_NATIVE_TOKENINFO, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGD(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - if (result != RET_SUCCESS) { - return result; - } - sptr resultSptr = reply.ReadParcelable(); - if (resultSptr == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable fail"); - return ERR_READ_PARCEL_FAILED; - } - nativeTokenInfoRes = *resultSptr; - return result; -} - -int32_t AccessTokenManagerProxy::GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenIdList) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteInt32(userID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInt32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_TOKEN_ID_BY_USER_ID, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = 0; - if (!reply.ReadInt32(result)) { - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return ERR_READ_PARCEL_FAILED; - } - if (result != RET_SUCCESS) { - return result; - } - - uint32_t tokenIDListSize = 0; - if (!reply.ReadUint32(tokenIDListSize)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadUint32 failed."); - return ERR_READ_PARCEL_FAILED; - } - for (uint32_t i = 0; i < tokenIDListSize; i++) { - AccessTokenID tokenId = 0; - if (!reply.ReadUint32(tokenId)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadUint32 failed."); - return ERR_READ_PARCEL_FAILED; - } - tokenIdList.emplace(tokenId); - } - return result; -} - -int AccessTokenManagerProxy::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfoParcel& hapTokenInfoRes) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_HAP_TOKENINFO, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGD(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - if (result != RET_SUCCESS) { - return result; - } - sptr resultSptr = reply.ReadParcelable(); - if (resultSptr == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable failed."); - return ERR_READ_PARCEL_FAILED; - } - hapTokenInfoRes = *resultSptr; - return result; -} - -int32_t AccessTokenManagerProxy::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, - const HapPolicyParcel& policyParcel, HapInfoCheckResult& resultInfo) -{ - AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write tokenID failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteBool(info.isSystemApp)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write isSystemApp failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteString(info.appIDDesc)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write appIDDesc failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteInt32(info.apiVersion)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write apiVersion failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteString(info.appDistributionType)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write appDistributionType failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteParcelable(&policyParcel)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write policyParcel failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::UPDATE_HAP_TOKEN, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - int32_t result = reply.ReadInt32(); - tokenIdEx.tokenIdExStruct.tokenAttr = reply.ReadUint32(); - if (result != RET_SUCCESS && reply.GetDataSize() > reply.GetReadPosition()) { - IF_FALSE_RETURN_VALUE_LOG(LABEL, reply.ReadString(resultInfo.permCheckResult.permissionName), - ERR_READ_PARCEL_FAILED, "ReadString faild."); - - int32_t rule; - IF_FALSE_RETURN_VALUE_LOG(LABEL, reply.ReadInt32(rule), - ERR_READ_PARCEL_FAILED, "ReadString faild."); - resultInfo.permCheckResult.rule = static_cast(rule); - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -#ifndef ATM_BUILD_VARIANT_USER_ENABLE -int32_t AccessTokenManagerProxy::ReloadNativeTokenInfo() -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::RELOAD_NATIVE_TOKEN_INFO, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -#endif - -int AccessTokenManagerProxy::GetHapTokenInfoExtension(AccessTokenID tokenID, - HapTokenInfoParcel& hapTokenInfoRes, std::string& appID) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 fail"); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_HAP_TOKENINFO_EXT, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - if (result != RET_SUCCESS) { - return result; - } - sptr hapResult = reply.ReadParcelable(); - if (hapResult == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable fail."); - return ERR_READ_PARCEL_FAILED; - } - hapTokenInfoRes = *hapResult; - if (!reply.ReadString(appID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadString fail."); - return ERR_READ_PARCEL_FAILED; - } - - return result; -} - -AccessTokenID AccessTokenManagerProxy::GetNativeTokenId(const std::string& processName) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return INVALID_TOKENID; - } - - if (!data.WriteString(processName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); - return INVALID_TOKENID; - } - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_NATIVE_TOKEN_ID, data, reply)) { - return INVALID_TOKENID; - } - AccessTokenID id; - if (!reply.ReadUint32(id)) { - LOGI(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); - return INVALID_TOKENID; - } - LOGD(ATM_DOMAIN, ATM_TAG, "Result from server (process=%{public}s, id=%{public}d).", processName.c_str(), id); - return id; -} - -#ifdef TOKEN_SYNC_ENABLE -int AccessTokenManagerProxy::GetHapTokenInfoFromRemote(AccessTokenID tokenID, - HapTokenInfoForSyncParcel& hapSyncParcel) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_HAP_TOKEN_FROM_REMOTE, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - if (result != RET_SUCCESS) { - return result; - } - sptr hapResult = reply.ReadParcelable(); - if (hapResult == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable fail"); - return ERR_READ_PARCEL_FAILED; - } - hapSyncParcel = *hapResult; - return result; -} - -int AccessTokenManagerProxy::SetRemoteHapTokenInfo(const std::string& deviceID, - HapTokenInfoForSyncParcel& hapSyncParcel) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteString(deviceID)) { - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteParcelable(&hapSyncParcel)) { - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::SET_REMOTE_HAP_TOKEN_INFO, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -int AccessTokenManagerProxy::DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) -{ - MessageParcel data; - data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); - if (!data.WriteString(deviceID)) { - return ERR_WRITE_PARCEL_FAILED; - } - - if (!data.WriteUint32(tokenID)) { - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::DELETE_REMOTE_TOKEN_INFO, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -AccessTokenID AccessTokenManagerProxy::GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return 0; - } - if (!data.WriteString(deviceID)) { - return 0; - } - - if (!data.WriteUint32(tokenID)) { - return 0; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_NATIVE_REMOTE_TOKEN, data, reply)) { - return 0; - } - - AccessTokenID id = reply.ReadUint32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (id=%{public}d).", id); - return id; -} - -int AccessTokenManagerProxy::DeleteRemoteDeviceTokens(const std::string& deviceID) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteString(deviceID)) { - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::DELETE_REMOTE_DEVICE_TOKEN, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -int32_t AccessTokenManagerProxy::RegisterTokenSyncCallback(const sptr& callback) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteRemoteObject(callback)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteRemoteObject failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest( - AccessTokenInterfaceCode::REGISTER_TOKEN_SYNC_CALLBACK, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); - return ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -int32_t AccessTokenManagerProxy::UnRegisterTokenSyncCallback() -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest( - AccessTokenInterfaceCode::UNREGISTER_TOKEN_SYNC_CALLBACK, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); - return ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} -#endif - -void AccessTokenManagerProxy::DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& dumpInfo) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return; - } - - if (!data.WriteParcelable(&infoParcel)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write infoParcel failed."); - return; - } - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::DUMP_TOKENINFO, data, reply)) { - return; - } - if (!reply.ReadString(dumpInfo)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadString failed."); - } -} - -int32_t AccessTokenManagerProxy::GetVersion(uint32_t& version) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write interface token failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_VERSION, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - if (result != RET_SUCCESS) { - return result; - } - if (!reply.ReadUint32(version)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadUint32 failed."); - return ERR_READ_PARCEL_FAILED; - } - return result; -} - -int32_t AccessTokenManagerProxy::SetPermDialogCap(const HapBaseInfoParcel& hapBaseInfo, bool enable) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - if (!data.WriteParcelable(&hapBaseInfo)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteParcelable failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteBool(enable)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteBool failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::SET_PERM_DIALOG_CAPABILITY, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - return reply.ReadInt32(); -} - -void AccessTokenManagerProxy::GetPermissionManagerInfo(PermissionGrantInfoParcel& infoParcel) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_PERMISSION_MANAGER_INFO, data, reply)) { - return; - } - - sptr parcel = reply.ReadParcelable(); - if (parcel == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable failed."); - return; - } - infoParcel = *parcel; -} - -int32_t AccessTokenManagerProxy::InitUserPolicy( - const std::vector& userList, const std::vector& permList) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write interface token failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - size_t userLen = userList.size(); - size_t permLen = permList.size(); - if ((userLen == 0) || (userLen > MAX_USER_POLICY_SIZE) || (permLen == 0) || (permLen > MAX_USER_POLICY_SIZE)) { - LOGE(ATM_DOMAIN, ATM_TAG, "UserLen %{public}zu or permLen %{public}zu is invalid", userLen, permLen); - return ERR_PARAM_INVALID; - } - - if (!data.WriteUint32(userLen)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write userLen size."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(permLen)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write permLen size."); - return ERR_WRITE_PARCEL_FAILED; - } - for (const auto& userInfo : userList) { - if (!data.WriteInt32(userInfo.userId)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write userId."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteBool(userInfo.isActive)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write isActive."); - return ERR_WRITE_PARCEL_FAILED; - } - } - for (const auto& permission : permList) { - if (!data.WriteString(permission)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write permission."); - return ERR_WRITE_PARCEL_FAILED; - } - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::INIT_USER_POLICY, data, reply)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read replay failed"); - return ERR_SERVICE_ABNORMAL; - } - int32_t result; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read Int32 failed"); - return AccessTokenError::ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server data = %{public}d", result); - return result; -} - -int32_t AccessTokenManagerProxy::ClearUserPolicy() -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write interface token failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::CLEAR_USER_POLICY, data, reply)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read replay failed"); - return ERR_SERVICE_ABNORMAL; - } - int32_t result; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read Int32 failed"); - return AccessTokenError::ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server data = %{public}d", result); - return result; -} - -int32_t AccessTokenManagerProxy::UpdateUserPolicy(const std::vector& userList) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write interface token failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - size_t userLen = userList.size(); - if ((userLen == 0) || (userLen > MAX_USER_POLICY_SIZE)) { - LOGE(ATM_DOMAIN, ATM_TAG, "UserLen %{public}zu is invalid.", userLen); - return ERR_PARAM_INVALID; - } - - if (!data.WriteUint32(userLen)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write userLen size."); - return ERR_WRITE_PARCEL_FAILED; - } - - for (const auto& userInfo : userList) { - if (!data.WriteInt32(userInfo.userId)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write userId."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteBool(userInfo.isActive)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write isActive."); - return ERR_WRITE_PARCEL_FAILED; - } - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::UPDATE_USER_POLICY, data, reply)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read replay failed"); - return ERR_SERVICE_ABNORMAL; - } - int32_t result; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read Int32 failed"); - return AccessTokenError::ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server data = %{public}d", result); - return result; -} - -int32_t AccessTokenManagerProxy::GetKernelPermissions( - AccessTokenID tokenID, std::vector& kernelPermList) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write interface token failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write tokenID."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_KERNEL_PERMISSIONS, data, reply)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read replay failed"); - return ERR_SERVICE_ABNORMAL; - } - int32_t result; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read result failed"); - return AccessTokenError::ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server data = %{public}d", result); - if (result != RET_SUCCESS) { - return result; - } - uint32_t size; - if (!reply.ReadUint32(size)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read size failed"); - return AccessTokenError::ERR_READ_PARCEL_FAILED; - } - if (size > MAX_EXTENDED_VALUE_LIST_SIZE) { - return AccessTokenError::ERR_OVERSIZE; - } - for (uint32_t i = 0; i < size; ++i) { - PermissionWithValue perm; - if (!reply.ReadString(perm.permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read permission name failed."); - return AccessTokenError::ERR_READ_PARCEL_FAILED; - } - if (!reply.ReadString(perm.value)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read value failed."); - return AccessTokenError::ERR_READ_PARCEL_FAILED; - } - if (perm.value == "true") { - perm.value.clear(); - } - kernelPermList.emplace_back(perm); - } - return RET_SUCCESS; -} - -int32_t AccessTokenManagerProxy::GetReqPermissionByName( - AccessTokenID tokenID, const std::string& permissionName, std::string& value) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write interface token failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write tokenID."); - return ERR_WRITE_PARCEL_FAILED; - } - - if (!data.WriteString(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write tokenID."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_PERMISSION_BY_NAME, data, reply)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read replay failed"); - return ERR_SERVICE_ABNORMAL; - } - int32_t result; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read result failed"); - return AccessTokenError::ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server data = %{public}d", result); - if (result != RET_SUCCESS) { - return result; - } - if (!reply.ReadString(value)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read value failed"); - return AccessTokenError::ERR_READ_PARCEL_FAILED; - } - - return RET_SUCCESS; -} - -} // namespace AccessToken -} // namespace Security -} // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h deleted file mode 100644 index 99ff5740f4f0fa71c9ea0f4091d9f8ba4fee7ef3..0000000000000000000000000000000000000000 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h +++ /dev/null @@ -1,122 +0,0 @@ -/* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef ACCESSTOKEN_MANAGER_PROXY_H -#define ACCESSTOKEN_MANAGER_PROXY_H - -#include -#include - -#include "access_token.h" -#include "atm_tools_param_info_parcel.h" -#include "hap_info_parcel.h" -#include "hap_base_info_parcel.h" -#include "hap_policy_parcel.h" -#include "hap_token_info_parcel.h" -#include "hap_token_info_for_sync_parcel.h" -#include "i_accesstoken_manager.h" -#include "iremote_proxy.h" -#include "native_token_info_parcel.h" -#include "permission_def_parcel.h" -#include "permission_grant_info_parcel.h" -#include "permission_list_state_parcel.h" -#include "permission_status_parcel.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -class AccessTokenManagerProxy : public IRemoteProxy { -public: - explicit AccessTokenManagerProxy(const sptr& impl); - ~AccessTokenManagerProxy() override; - - PermUsedTypeEnum GetPermissionUsedType( - AccessTokenID tokenID, const std::string& permissionName) override; - int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) override; - int VerifyAccessToken(AccessTokenID tokenID, - const std::vector& permissionList, std::vector& permStateList) override; - int GetDefPermission(const std::string& permissionName, PermissionDefParcel& permissionDefResult) override; - int GetReqPermissions( - AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) override; - int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag) override; - int32_t SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status, - int32_t userID) override; - int32_t GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status, - int32_t userID) override; - int32_t RequestAppPermOnSetting(AccessTokenID tokenID) override; - int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) override; - int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) override; - int GrantPermissionForSpecifiedTime( - AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime) override; - PermissionOper GetSelfPermissionsState(std::vector& permListParcel, - PermissionGrantInfoParcel& infoParcel) override; - int32_t GetPermissionsStatus( - AccessTokenID tokenID, std::vector& permListParcel) override; - int ClearUserGrantedPermissionState(AccessTokenID tokenID) override; - int GetTokenType(AccessTokenID tokenID) override; - AccessTokenIDEx GetHapTokenID(int32_t userID, const std::string& bundleName, int32_t instIndex) override; - AccessTokenID AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID) override; - AccessTokenIDEx AllocHapToken(const HapInfoParcel& hapInfo, const HapPolicyParcel& policyParcel) override; - int32_t InitHapToken(const HapInfoParcel& hapInfoParcel, HapPolicyParcel& policyParcel, - AccessTokenIDEx& fullTokenId, HapInfoCheckResult& resultInfo) override; - int DeleteToken(AccessTokenID tokenID) override; - int32_t UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, - const HapPolicyParcel& policyParcel, HapInfoCheckResult& resultInfo) override; - int32_t GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenIdList) override; - int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfoParcel& hapTokenInfoRes) override; - int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoParcel& nativeTokenInfoRes) override; -#ifndef ATM_BUILD_VARIANT_USER_ENABLE - int32_t ReloadNativeTokenInfo() override; -#endif - int32_t RegisterPermStateChangeCallback(const PermStateChangeScopeParcel& scope, - const sptr& callback) override; - int32_t UnRegisterPermStateChangeCallback(const sptr& callback) override; - int32_t RegisterSelfPermStateChangeCallback(const PermStateChangeScopeParcel& scope, - const sptr& callback) override; - int32_t UnRegisterSelfPermStateChangeCallback(const sptr& callback) override; - AccessTokenID GetNativeTokenId(const std::string& processName) override; - int GetHapTokenInfoExtension(AccessTokenID tokenID, - HapTokenInfoParcel& hapTokenInfoRes, std::string& appID) override; - int32_t InitUserPolicy(const std::vector& userList, const std::vector& permList) override; - int32_t UpdateUserPolicy(const std::vector& userList) override; - int32_t ClearUserPolicy() override; - -#ifdef TOKEN_SYNC_ENABLE - int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSyncParcel& hapSyncParcel) override; - int SetRemoteHapTokenInfo(const std::string& deviceID, HapTokenInfoForSyncParcel& hapSyncParcel) override; - int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) override; - AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID) override; - int DeleteRemoteDeviceTokens(const std::string& deviceID) override; - int32_t RegisterTokenSyncCallback(const sptr& callback) override; - int32_t UnRegisterTokenSyncCallback() override; -#endif - - int32_t GetKernelPermissions( - AccessTokenID tokenId, std::vector& kernelPermList) override; - int32_t GetReqPermissionByName( - AccessTokenID tokenId, const std::string& permissionName, std::string& value) override; - int32_t SetPermDialogCap(const HapBaseInfoParcel& hapBaseInfo, bool enable) override; - void DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& dumpInfo) override; - int32_t GetVersion(uint32_t& version) override; - void GetPermissionManagerInfo(PermissionGrantInfoParcel& infoParcel) override; - -private: - bool SendRequest(AccessTokenInterfaceCode code, MessageParcel& data, MessageParcel& reply); - static inline BrokerDelegator delegator_; -}; -} // namespace AccessToken -} // namespace Security -} // namespace OHOS -#endif // ACCESSTOKEN_MANAGER_PROXY_H diff --git a/interfaces/innerkits/accesstoken/test/unittest/BUILD.gn b/interfaces/innerkits/accesstoken/test/unittest/BUILD.gn index 1808c7cde1dcf74a546af5b86da723c837cc7102..0a047e26cf3153b376b022f83f346927ee0df663 100755 --- a/interfaces/innerkits/accesstoken/test/unittest/BUILD.gn +++ b/interfaces/innerkits/accesstoken/test/unittest/BUILD.gn @@ -146,14 +146,16 @@ ohos_unittest("accesstoken_mock_test") { "${access_token_innerkit_path}/src/accesstoken_death_recipient.cpp", "${access_token_innerkit_path}/src/accesstoken_kit.cpp", "${access_token_innerkit_path}/src/accesstoken_manager_client.cpp", - "${access_token_innerkit_path}/src/accesstoken_manager_proxy.cpp", "${access_token_innerkit_path}/src/perm_state_change_callback_customize.cpp", "../mock/src/iservice_registry.cpp", "ProxyMockTest/accesstoken_mock_test.cpp", ] cflags_cc = [ "-DHILOG_ENABLE" ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] deps = [ "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", @@ -161,6 +163,7 @@ ohos_unittest("accesstoken_mock_test") { "${access_token_path}/interfaces/innerkits/accesstoken:libtokenid_sdk", "${access_token_path}/interfaces/innerkits/token_setproc:libperm_setproc", "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_proxy", ] external_deps = [ diff --git a/interfaces/innerkits/accesstoken/test/unittest/Coverage/accesstoken_kit_coverage_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/Coverage/accesstoken_kit_coverage_test.cpp index 1f1c76a04026ffa3af42ba262a4d44c4472dd265..0cd96877a22008ffae0b52f74f18533d8c0b4d66 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/Coverage/accesstoken_kit_coverage_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/Coverage/accesstoken_kit_coverage_test.cpp @@ -19,7 +19,6 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" #include "hap_token_info.h" #include "nativetoken_kit.h" #include "permission_grant_info.h" @@ -205,7 +204,7 @@ HWTEST_F(AccessTokenCoverageTest, CreatePermStateChangeCallback001, TestSize.Lev HWTEST_F(AccessTokenCoverageTest, InitProxy001, TestSize.Level1) { ASSERT_NE(nullptr, AccessTokenManagerClient::GetInstance().proxy_); - OHOS::sptr proxy = AccessTokenManagerClient::GetInstance().proxy_; // backup + OHOS::sptr proxy = AccessTokenManagerClient::GetInstance().proxy_; // backup AccessTokenManagerClient::GetInstance().proxy_ = nullptr; ASSERT_EQ(nullptr, AccessTokenManagerClient::GetInstance().proxy_); AccessTokenManagerClient::GetInstance().InitProxy(); // proxy_ is null diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_hap_dlp_flag_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_hap_dlp_flag_test.cpp index 8800bdfa9bd5d4f0cb403097846e0e702dbfa2a0..ba4dd683a56e1ff0d5c83185ac4835b8b3ced1a1 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_hap_dlp_flag_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_hap_dlp_flag_test.cpp @@ -21,7 +21,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccesstoken_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permission_flag_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permission_flag_test.cpp index e9eb03f38288b229d9beaafb38fbf15725c86c81..fef03c26fc5778e8e41d6859966d6aec79c2ed61 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permission_flag_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permission_flag_test.cpp @@ -21,7 +21,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccesstoken_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permissions_status_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permissions_status_test.cpp index 2174649a0dadbe3eb3cd18de9d5a1547b5f27ea5..73c939c4f018e2ccbd71719cbbd08bada825bea9 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permissions_status_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permissions_status_test.cpp @@ -21,7 +21,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccesstoken_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/permission_request_toggle_status_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/permission_request_toggle_status_test.cpp index 6f5452f5eb7a2a1331df0307f7740042fb43cd97..d438f65335f3096990e14070b50c3780df809a91 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/permission_request_toggle_status_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/permission_request_toggle_status_test.cpp @@ -21,7 +21,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccesstoken_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/alloc_hap_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/alloc_hap_token_test.cpp index d8d286e83d25df1cffc761d38408da31afae104f..75d8794af2d7c67d1cf07997b9707d80ea853f50 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/alloc_hap_token_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/alloc_hap_token_test.cpp @@ -20,7 +20,6 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" #include "nativetoken_kit.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/app_installation_optimized_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/app_installation_optimized_test.cpp index a53385c714c6b50f9d82072d56f401bbf38a961c..f73f6d6433528a5d69d030bfff470bb86f5d6f19 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/app_installation_optimized_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/app_installation_optimized_test.cpp @@ -18,7 +18,7 @@ #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccesstoken_manager.h" #include "nativetoken_kit.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/delete_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/delete_token_test.cpp index 68281ff829b04ca035ab8b28a46fce806b700fd4..e07019129929fd78ccfa12d84acc7e6c632e0bf2 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/delete_token_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/delete_token_test.cpp @@ -21,7 +21,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccesstoken_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_hap_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_hap_token_test.cpp index 91c471ad1e13840c38ceb54f42a34cfd0ef7f8c1..1a4b09fcc05b617b062ffd99479c261e79fd718d 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_hap_token_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_hap_token_test.cpp @@ -20,7 +20,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccesstoken_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_token_type_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_token_type_test.cpp index b6b81fb803aeef015e26cc3a8a59dbd133761114..5e2612ccce6e42e9726f0c7ebb107833b2cd435b 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_token_type_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_token_type_test.cpp @@ -20,7 +20,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccesstoken_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp index bb12067561635c05773935cdab0e971a3c570d07..3f103b3ba006b194bba6a7aae63dd21d711e117f 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp @@ -20,7 +20,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccesstoken_manager.h" #include "nativetoken_kit.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" @@ -855,12 +855,12 @@ HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest011, TestSize.Level1) policyParams.aclExtendedMap["ohos.permission.ACCESS_CERT_MANAGER"] = testValue; ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); ASSERT_EQ(RET_SUCCESS, ret); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; testValue.push_back('1'); policyParams.aclExtendedMap["ohos.permission.ACCESS_CERT_MANAGER"] = testValue; ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); - AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; ret = AccessTokenKit::DeleteToken(tokenID); EXPECT_EQ(RET_SUCCESS, ret); diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp index 68b2b36fa12fd2a512079fab04e749101df3cbe6..7049b29b0e9bebbbf55350f38f182113634ed4f4 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp @@ -20,7 +20,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccesstoken_manager.h" #include "nativetoken_kit.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermisionDialogTest/set_perm_dialog_cap_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/PermisionDialogTest/set_perm_dialog_cap_test.cpp index 3d6bab78ea08f30334c159604fc5322baaafc774..e177633318fe969edf30de99fc94727c3f9c0955 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/PermisionDialogTest/set_perm_dialog_cap_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/PermisionDialogTest/set_perm_dialog_cap_test.cpp @@ -21,7 +21,6 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/clear_user_granted__permission_state_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/clear_user_granted__permission_state_test.cpp index 636cbcb4231dfc08b323bf09e4544e9b530e32cb..c8c7a20bbc4f4f9cb2a6427cc38adf3a9b8eb0a2 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/clear_user_granted__permission_state_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/clear_user_granted__permission_state_test.cpp @@ -20,7 +20,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccesstoken_manager.h" #include "test_common.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/get_permission_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/get_permission_test.cpp index 69aa3bb99bc01e1dcf641daf73b585fd51fd599f..85d07ce7436cab83ece41154a46b7387d93cffd2 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/get_permission_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/get_permission_test.cpp @@ -20,7 +20,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccesstoken_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/grant_permission_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/grant_permission_test.cpp index f9b5774fb101680003ba35440a3f84ef14e331f4..3a50c75a39eeb32d86d1ddb0bd8887403b673609 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/grant_permission_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/grant_permission_test.cpp @@ -20,7 +20,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccesstoken_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/revoke_permission_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/revoke_permission_test.cpp index de702225e79e36b2033ae7008753dccbeb8c17c0..3197e07dffdf74e028f920f5bf859a8cbf857482 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/revoke_permission_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/revoke_permission_test.cpp @@ -20,7 +20,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccesstoken_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/verify_access_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/verify_access_token_test.cpp index 262d7ca2df0fbe5e5b80b0d19ef1f71fcb7d2fc9..d16a8aae9bc10f38876e7865d3e31ba9b22a645f 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/verify_access_token_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/verify_access_token_test.cpp @@ -20,7 +20,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccesstoken_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/register_perm_state_change_callback_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/register_perm_state_change_callback_test.cpp index 0e1383786f4d58ab9fcd9e9eb4e2b1e19add6061..058aab10e15fd24975df1a07277357739edd0cdf 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/register_perm_state_change_callback_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/register_perm_state_change_callback_test.cpp @@ -19,7 +19,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccesstoken_manager.h" #include "hap_token_info.h" #include "nativetoken_kit.h" #include "permission_grant_info.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/un_register_perm_state_change_callback_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/un_register_perm_state_change_callback_test.cpp index d3338ef368881f63e0b81766a2249fa60e8e5313..1b8f2f1258e1ae4c1d750fa6bc1a5bb8ae235c94 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/un_register_perm_state_change_callback_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/un_register_perm_state_change_callback_test.cpp @@ -19,7 +19,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccesstoken_manager.h" #include "hap_token_info.h" #include "nativetoken_kit.h" #include "permission_grant_info.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/SaTest/dump_token_info_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/SaTest/dump_token_info_test.cpp index 7a32f46603fa2a0061f498829a2f04d236bac080..3b11824f8085a78e97c64ab7b08bf66618cb6952 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/SaTest/dump_token_info_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/SaTest/dump_token_info_test.cpp @@ -21,7 +21,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccesstoken_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_id_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_id_test.cpp index 2f910f59b997db3f68a093197c08857f9af05169..4bcd076fb35b35bcab74d886f9d74f94f9160595 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_id_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_id_test.cpp @@ -21,7 +21,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccesstoken_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_info_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_info_test.cpp index ada8b705aa8a63d017b6d2809b8a3c79a3d1d1e9..8b7fc526fe9983333a79ce63d77306d8dc324e2d 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_info_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_info_test.cpp @@ -21,7 +21,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccesstoken_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_version_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_version_test.cpp index eb6c1343d7857bdd0a6abafecab8de5be25736fa..d9461eec813524f8490506182fd105750ff18bdf 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_version_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_version_test.cpp @@ -19,7 +19,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccesstoken_manager.h" #include "hap_token_info.h" #include "nativetoken_kit.h" #include "permission_grant_info.h" diff --git a/services/accesstokenmanager/BUILD.gn b/services/accesstokenmanager/BUILD.gn index 9fa2fc93c36ee54fa5a756d11e694c6c0dd6690e..7da2de6b11b30fd628e0914e11c763aef9184e83 100644 --- a/services/accesstokenmanager/BUILD.gn +++ b/services/accesstokenmanager/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021-2024 Huawei Device Co., Ltd. +# Copyright (c) 2021-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -11,9 +11,110 @@ # See the License for the specific language governing permissions and # limitations under the License. +import("//build/config/components/idl_tool/idl.gni") import("//build/ohos.gni") import("../../access_token.gni") +idl_gen_interface("accesstoken_manager_interface") { + sources = [ "./idl/IAccesstokenManager.idl" ] + log_domainid = "0xD005A01" + log_tag = "ATM" + subsystem_name = "security" + part_name = "access_token" +} + +config("accesstoken_manager_gen_config") { + include_dirs = [ "${target_gen_dir}" ] +} + +ohos_source_set("accesstoken_manager_proxy") { + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + } + + cflags_cc = [] + if (build_variant == "user") { + cflags_cc += [ "-DATM_BUILD_VARIANT_USER_ENABLE" ] + } + if (token_sync_enable == true) { + cflags_cc += [ "-DTOKEN_SYNC_ENABLE" ] + } + + output_values = get_target_outputs(":accesstoken_manager_interface") + + include_dirs = [ + "${access_token_path}/frameworks/accesstoken/include", + "${access_token_path}/frameworks/common/include", + "src", + ] + + sources = filter_include(output_values, [ "*_proxy.cpp" ]) + + deps = [ + ":accesstoken_manager_interface", + "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", + "${access_token_path}/frameworks/common:accesstoken_common_cxx", + "${access_token_path}/interfaces/innerkits/token_setproc:libperm_setproc", + ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + "init:libbegetutil", + "ipc:ipc_single", + "samgr:samgr_proxy", + ] + + subsystem_name = "security" + part_name = "access_token" +} + +ohos_source_set("accesstoken_manager_stub") { + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + } + + cflags_cc = [] + if (build_variant == "user") { + cflags_cc += [ "-DATM_BUILD_VARIANT_USER_ENABLE" ] + } + if (token_sync_enable == true) { + cflags_cc += [ "-DTOKEN_SYNC_ENABLE" ] + } + + output_values = get_target_outputs(":accesstoken_manager_interface") + + include_dirs = [ + "${access_token_path}/frameworks/accesstoken/include", + "${access_token_path}/frameworks/common/include", + "src", + ] + + sources = filter_include(output_values, [ "*_stub.cpp" ]) + + deps = [ + ":accesstoken_manager_interface", + "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", + "${access_token_path}/frameworks/common:accesstoken_common_cxx", + "${access_token_path}/interfaces/innerkits/token_setproc:libperm_setproc", + ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + "init:libbegetutil", + "ipc:ipc_single", + "samgr:samgr_proxy", + ] + + subsystem_name = "security" + part_name = "access_token" +} + ohos_prebuilt_etc("access_token.rc") { source = "access_token.cfg" relative_install_dir = "init" @@ -91,7 +192,6 @@ if (is_standard_system) { "main/cpp/src/permission/short_grant_manager.cpp", "main/cpp/src/permission/temp_permission_observer.cpp", "main/cpp/src/service/accesstoken_manager_service.cpp", - "main/cpp/src/service/accesstoken_manager_stub.cpp", "main/cpp/src/token/accesstoken_id_manager.cpp", "main/cpp/src/token/accesstoken_info_manager.cpp", "main/cpp/src/token/hap_token_info_inner.cpp", @@ -105,6 +205,7 @@ if (is_standard_system) { configs = [ "${access_token_path}/config:access_token_compile_flags", "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", ] if (dlp_permission_enable == true) { @@ -124,6 +225,7 @@ if (is_standard_system) { "${access_token_path}/interfaces/innerkits/token_setproc:libperm_setproc", "${access_token_path}/interfaces/innerkits/token_setproc:libtoken_setproc", "${access_token_path}/services/accesstokenmanager:access_token.rc", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_stub", "${access_token_path}/services/accesstokenmanager:permission_definition_config", "${access_token_path}/services/common:accesstoken_service_common", ] diff --git a/services/accesstokenmanager/idl/IAccesstokenManager.idl b/services/accesstokenmanager/idl/IAccesstokenManager.idl new file mode 100644 index 0000000000000000000000000000000000000000..f68c6ee0b5b1c2ff7e791bc1b0fa1541f6abfbe6 --- /dev/null +++ b/services/accesstokenmanager/idl/IAccesstokenManager.idl @@ -0,0 +1,91 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package OHOS.Security.AccessToken; +sequenceable OHOS.Security.AccessToken.PermissionDefParcel; +sequenceable OHOS.Security.AccessToken.PermissionStatusParcel; +sequenceable OHOS.Security.AccessToken.PermissionListStateParcel; +sequenceable OHOS.Security.AccessToken.PermissionGrantInfoParcel; +sequenceable OHOS.Security.AccessToken.HapInfoParcel; +sequenceable OHOS.Security.AccessToken.HapPolicyParcel; +sequenceable OHOS.Security.AccessToken.NativeTokenInfoParcel; +sequenceable OHOS.Security.AccessToken.HapTokenInfoParcel; +sequenceable OHOS.Security.AccessToken.PermStateChangeScopeParcel; +sequenceable OHOS.IRemoteObject; +sequenceable OHOS.Security.AccessToken.HapTokenInfoForSyncParcel; +sequenceable OHOS.Security.AccessToken.HapBaseInfoParcel; +sequenceable OHOS.Security.AccessToken.AtmToolsParamInfoParcel; +sequenceable OHOS.Security.AccessToken.UpdateHapInfoParcel; +sequenceable OHOS.Security.AccessToken.UserStateParcel; +sequenceable OHOS.Security.AccessToken.PermissionWithValueParcel; +sequenceable OHOS.Security.AccessToken.HapInfoCheckResultParcel; + +option_stub_hooks on; + +interface OHOS.Security.AccessToken.IAccesstokenManager{ + [ipccode 1] void VerifyAccessToken([in] unsigned int tokenID, [in] String permissionName); + [ipccode 2] void GetDefPermission([in] String permissionName, [out] PermissionDefParcel permissionDefResult); + [ipccode 3] void GetReqPermissions([in] unsigned int tokenID, [out] List reqPermList, [in] boolean isSystemGrant); + [ipccode 4] void GetPermissionFlag([in] unsigned int tokenID, [in] String permissionName, [out] unsigned int flag); + [ipccode 5] void GrantPermission([in] unsigned int tokenID, [in] String permissionName, [in] unsigned int flag); + [ipccode 6] void RevokePermission([in] unsigned int tokenID, [in] String permissionName, [in] unsigned int flag); + [ipccode 7] void ClearUserGrantedPermissionState([in] unsigned int tokenID); + [ipccode 8] void AllocHapToken([in] HapInfoParcel hapInfo, [in] HapPolicyParcel policyParcel, [out] unsigned long fullTokenId); + [ipccode 9] void DeleteToken([in] unsigned int tokenID); + [ipccode 10] void InitHapToken([in] HapInfoParcel info, [in] HapPolicyParcel policy, [out] unsigned long fullTokenId, [out] HapInfoCheckResultParcel resultInfoParcel); + [ipccode 11] void SetPermissionRequestToggleStatus([in] String permissionName, [in] unsigned int status, [in] int userID); + [ipccode 12] void GetPermissionRequestToggleStatus([in] String permissionName, [out] unsigned int status, [in] int userID); + [ipccode 13] void GrantPermissionForSpecifiedTime([in] unsigned int tokenID, [in] String permissionName, [in] unsigned int onceTime); + [ipccode 14] void RequestAppPermOnSetting([in] unsigned int tokenID); + [ipccode 16] void GetTokenType([in] unsigned int tokenID); + + [ipccode 18] void GetHapTokenID([in] int userID, [in] String bundleName, [in] int instIndex, [out] unsigned long ret); + [ipccode 19] void AllocLocalTokenID([in] String remoteDeviceID, [in] unsigned int remoteTokenID, [out] unsigned int ret); + [ipccode 20] void GetNativeTokenInfo([in] unsigned int tokenID, [out] NativeTokenInfoParcel nativeTokenInfoRes); + [ipccode 21] void GetHapTokenInfo([in] unsigned int tokenID, [out] HapTokenInfoParcel hapTokenInfoRes); + [ipccode 22] void UpdateHapToken([inout] unsigned long fullTokenId, [in] UpdateHapInfoParcel infoParcel, [in] HapPolicyParcel policyParcel, [out] HapInfoCheckResultParcel resultInfoParcel); + [ipccode 23] void GetTokenIDByUserID([in] int userID, [out] List tokenIdList); + [macrodef TOKEN_SYNC_ENABLE, ipccode 32] void GetHapTokenInfoFromRemote([in] unsigned int tokenID, [out] HapTokenInfoForSyncParcel hapSyncParcel); + + [macrodef TOKEN_SYNC_ENABLE, ipccode 34] void SetRemoteHapTokenInfo([in] String deviceID, [in] HapTokenInfoForSyncParcel hapSyncParcel); + + [macrodef TOKEN_SYNC_ENABLE, ipccode 36] void DeleteRemoteToken([in] String deviceID, [in] unsigned int tokenID); + [macrodef TOKEN_SYNC_ENABLE, ipccode 37] void DeleteRemoteDeviceTokens([in] String deviceID); + [macrodef TOKEN_SYNC_ENABLE, ipccode 38] void GetRemoteNativeTokenID([in] String deviceID, [in] unsigned int tokenID, [out] unsigned int ret); + [macrodef TOKEN_SYNC_ENABLE, ipccode 39] void RegisterTokenSyncCallback([in] IRemoteObject cb); + [macrodef TOKEN_SYNC_ENABLE, ipccode 40] void UnRegisterTokenSyncCallback(); + [ipccode 48, ipcoutcapacity 2000] void DumpTokenInfo([in] AtmToolsParamInfoParcel infoParcel, [out] String tokenInfo); + [ipccode 49] void GetSelfPermissionsState([inout] List permListParcel, [out] PermissionGrantInfoParcel infoParcel, [out] int ret); + [ipccode 50] void GetPermissionsStatus([in] unsigned int tokenID, [inout] ListpermListParcel); + [ipccode 51] void RegisterPermStateChangeCallback([in] PermStateChangeScopeParcel scope, [in] IRemoteObject cb); + [ipccode 52] void UnRegisterPermStateChangeCallback([in] IRemoteObject cb); + [ipccode 53, macrondef ATM_BUILD_VARIANT_USER_ENABLE] void ReloadNativeTokenInfo(); + [ipccode 54] void GetNativeTokenId([in] String processName, [out] unsigned int tokenID); + [ipccode 55] void SetPermDialogCap([in] HapBaseInfoParcel hapBaseInfoParcel, [in] boolean enable); + [ipccode 56] void GetPermissionUsedType([in] unsigned int tokenID, [in] String permissionName, [out] int ret); + + [ipccode 58] void GetVersion([out] unsigned int version); + [ipccode 59] void GetPermissionManagerInfo([out] PermissionGrantInfoParcel infoParcel); + + [ipccode 61] void InitUserPolicy([in] List userParcelList, [in] List permList); + [ipccode 62] void UpdateUserPolicy([in] List userParcelList); + [ipccode 63] void ClearUserPolicy(); + [ipccode 64] void GetHapTokenInfoExtension([in] unsigned int tokenID, [out] HapTokenInfoParcel hapTokenInfoRes, [out] String appID); + [ipccode 65] void RegisterSelfPermStateChangeCallback([in] PermStateChangeScopeParcel scope, [in] IRemoteObject cb); + [ipccode 66] void UnRegisterSelfPermStateChangeCallback([in] IRemoteObject cb); + [ipccode 67] void GetKernelPermissions([in] unsigned int tokenId, [out] List kernelPermParcelList); + [ipccode 68] void GetReqPermissionByName([in] unsigned int tokenId, [in] String permissionName, [out] String value); + [ipccode 80] void VerifyAccessToken([in] unsigned int tokenID, [in] List permissionList, [out] List permStateList); +} \ No newline at end of file diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h index befb3df1bcf8fc6344b1f543c97d2ae639eac167..e1ea4d863ee8c163f6563808d20bc3b9ae3257c1 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h @@ -18,6 +18,7 @@ #include #include +#include #include "accesstoken_manager_stub.h" #ifdef EVENTHANDLER_ENABLE @@ -35,7 +36,7 @@ namespace OHOS { namespace Security { namespace AccessToken { enum class ServiceRunningState { STATE_NOT_START, STATE_RUNNING }; -class AccessTokenManagerService final : public SystemAbility, public AccessTokenManagerStub { +class AccessTokenManagerService final : public SystemAbility, public AccesstokenManagerStub { DECLARE_DELAYED_SINGLETON(AccessTokenManagerService); DECLEAR_SYSTEM_ABILITY(AccessTokenManagerService); @@ -45,19 +46,19 @@ public: void OnAddSystemAbility(int32_t systemAbilityId, const std::string& deviceId) override; void OnRemoveSystemAbility(int32_t systemAbilityId, const std::string& deviceId) override; - AccessTokenIDEx AllocHapToken(const HapInfoParcel& info, const HapPolicyParcel& policy) override; - PermUsedTypeEnum GetPermissionUsedType( - AccessTokenID tokenID, const std::string& permissionName) override; - int32_t InitHapToken(const HapInfoParcel& info, HapPolicyParcel& policy, - AccessTokenIDEx& fullTokenId, HapInfoCheckResult& result) override; + int32_t AllocHapToken(const HapInfoParcel& info, const HapPolicyParcel& policy, uint64_t& fullTokenId) override; + int32_t GetPermissionUsedType( + AccessTokenID tokenID, const std::string& permissionName, int32_t& ret) override; + int32_t InitHapToken(const HapInfoParcel& info, const HapPolicyParcel& policy, + uint64_t& fullTokenId, HapInfoCheckResultParcel& resultInfoParcel) override; int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) override; int VerifyAccessToken(AccessTokenID tokenID, const std::vector& permissionList, std::vector& permStateList) override; int GetDefPermission(const std::string& permissionName, PermissionDefParcel& permissionDefResult) override; int GetReqPermissions( AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) override; - PermissionOper GetSelfPermissionsState(std::vector& reqPermList, - PermissionGrantInfoParcel& infoParcel) override; + int32_t GetSelfPermissionsState(std::vector& reqPermList, + PermissionGrantInfoParcel& infoParcel, int32_t& ret) override; int32_t GetPermissionsStatus(AccessTokenID tokenID, std::vector& reqPermList) override; int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag) override; int32_t SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status, @@ -72,13 +73,14 @@ public: int ClearUserGrantedPermissionState(AccessTokenID tokenID) override; int DeleteToken(AccessTokenID tokenID) override; int GetTokenType(AccessTokenID tokenID) override; - AccessTokenIDEx GetHapTokenID(int32_t userID, const std::string& bundleName, int32_t instIndex) override; - AccessTokenID AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID) override; + int32_t GetHapTokenID(int32_t userID, const std::string& bundleName, int32_t instIndex, uint64_t& ret) override; + int32_t AllocLocalTokenID( + const std::string& remoteDeviceID, AccessTokenID remoteTokenID, AccessTokenID& ret) override; int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoParcel& infoParcel) override; - int32_t GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenIdList) override; + int32_t GetTokenIDByUserID(int32_t userID, std::vector& tokenIds) override; int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfoParcel& infoParcel) override; - int32_t UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, - const HapPolicyParcel& policyParcel, HapInfoCheckResult& result) override; + int32_t UpdateHapToken(uint64_t& fullTokenId, const UpdateHapInfoParcel& infoParcel, + const HapPolicyParcel& policyParcel, HapInfoCheckResultParcel& resultInfoParcel) override; int32_t RegisterPermStateChangeCallback( const PermStateChangeScopeParcel& scope, const sptr& callback) override; int32_t UnRegisterPermStateChangeCallback(const sptr& callback) override; @@ -90,30 +92,34 @@ public: #endif int GetHapTokenInfoExtension(AccessTokenID tokenID, HapTokenInfoParcel& hapTokenInfoRes, std::string& appID) override; - AccessTokenID GetNativeTokenId(const std::string& processName) override; + int32_t GetNativeTokenId(const std::string& processName, AccessTokenID& tokenID) override; #ifdef TOKEN_SYNC_ENABLE int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSyncParcel& hapSyncParcel) override; - int SetRemoteHapTokenInfo(const std::string& deviceID, HapTokenInfoForSyncParcel& hapSyncParcel) override; + int SetRemoteHapTokenInfo(const std::string& deviceID, const HapTokenInfoForSyncParcel& hapSyncParcel) override; int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) override; - AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID) override; + int32_t GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID, AccessTokenID& ret) override; int DeleteRemoteDeviceTokens(const std::string& deviceID) override; int32_t RegisterTokenSyncCallback(const sptr& callback) override; int32_t UnRegisterTokenSyncCallback() override; #endif int32_t GetKernelPermissions( - AccessTokenID tokenId, std::vector& kernelPermList) override; + AccessTokenID tokenId, std::vector& kernelPermParcelList) override; int32_t GetReqPermissionByName( AccessTokenID tokenId, const std::string& permissionName, std::string& value) override; int SetPermDialogCap(const HapBaseInfoParcel& hapBaseInfoParcel, bool enable) override; - void GetPermissionManagerInfo(PermissionGrantInfoParcel& infoParcel) override; - int32_t InitUserPolicy(const std::vector& userList, const std::vector& permList) override; - int32_t UpdateUserPolicy(const std::vector& userList) override; + int32_t GetPermissionManagerInfo(PermissionGrantInfoParcel& infoParcel) override; + int32_t InitUserPolicy( + const std::vector& userParcelList, const std::vector& permList) override; + int32_t UpdateUserPolicy(const std::vector& userParcelList) override; int32_t ClearUserPolicy() override; - void DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& dumpInfo) override; + int32_t DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& dumpInfo) override; int32_t GetVersion(uint32_t& version) override; int Dump(int fd, const std::vector& args) override; + int32_t CallbackEnter(uint32_t code) override; + int32_t CallbackExit(uint32_t code, int32_t result) override; + private: void GetValidConfigFilePathList(std::vector& pathList); bool GetConfigGrantValueFromFile(std::string& fileContent); @@ -128,6 +134,18 @@ private: std::string permStateAbilityName_; std::string globalSwitchAbilityName_; std::string applicationSettingAbilityName_; + + bool IsPrivilegedCalling() const; + bool IsAccessTokenCalling(); + bool IsNativeProcessCalling(); + bool IsSystemAppCalling() const; + bool IsShellProcessCalling(); +#ifndef ATM_BUILD_VARIANT_USER_ENABLE + static const int32_t ROOT_UID = 0; +#endif + static const int32_t ACCESSTOKEN_UID = 3020; + + AccessTokenID tokenSyncId_ = 0; }; } // namespace AccessToken } // namespace Security diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h deleted file mode 100644 index 03647a2e53455f54d9065aad8f0582b0de3e25a5..0000000000000000000000000000000000000000 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h +++ /dev/null @@ -1,113 +0,0 @@ -/* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef ACCESSTOKEN_MANAGER_STUB_H -#define ACCESSTOKEN_MANAGER_STUB_H - -#include - -#include "i_accesstoken_manager.h" - -#include "iremote_stub.h" -#include "nocopyable.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -class AccessTokenManagerStub : public IRemoteStub { -public: - AccessTokenManagerStub(); - virtual ~AccessTokenManagerStub(); - - int OnRemoteRequest(uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& options) override; - -private: - void GetPermissionUsedTypeInner(MessageParcel& data, MessageParcel& reply); - void VerifyAccessTokenInner(MessageParcel& data, MessageParcel& reply); - void VerifyAccessTokenWithListInner(MessageParcel& data, MessageParcel& reply); - void GetDefPermissionInner(MessageParcel& data, MessageParcel& reply); - void GetReqPermissionsInner(MessageParcel& data, MessageParcel& reply); - void GetSelfPermissionsStateInner(MessageParcel& data, MessageParcel& reply); - void GetPermissionsStatusInner(MessageParcel& data, MessageParcel& reply); - void GetPermissionFlagInner(MessageParcel& data, MessageParcel& reply); - void SetPermissionRequestToggleStatusInner(MessageParcel& data, MessageParcel& reply); - void GetPermissionRequestToggleStatusInner(MessageParcel& data, MessageParcel& reply); - void RequestAppPermOnSettingInner(MessageParcel& data, MessageParcel& reply); - void GrantPermissionInner(MessageParcel& data, MessageParcel& reply); - void RevokePermissionInner(MessageParcel& data, MessageParcel& reply); - void GrantPermissionForSpecifiedTimeInner(MessageParcel& data, MessageParcel& reply); - void ClearUserGrantedPermissionStateInner(MessageParcel& data, MessageParcel& reply); - void AllocHapTokenInner(MessageParcel& data, MessageParcel& reply); - void InitHapTokenInner(MessageParcel& data, MessageParcel& reply); - void DeleteTokenInfoInner(MessageParcel& data, MessageParcel& reply); - void UpdateHapTokenInner(MessageParcel& data, MessageParcel& reply); - void GetTokenIDByUserIDInner(MessageParcel& data, MessageParcel& reply); - void GetHapTokenInfoInner(MessageParcel& data, MessageParcel& reply); - void GetNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply); - void AllocLocalTokenIDInner(MessageParcel& data, MessageParcel& reply); - void GetHapTokenIDInner(MessageParcel& data, MessageParcel& reply); - void GetTokenTypeInner(MessageParcel& data, MessageParcel& reply); - void RegisterPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply); - void UnRegisterPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply); - void RegisterSelfPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply); - void UnRegisterSelfPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply); -#ifndef ATM_BUILD_VARIANT_USER_ENABLE - void ReloadNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply); - void DumpPermDefInfoInner(MessageParcel& data, MessageParcel& reply); -#endif - void GetHapTokenInfoExtensionInner(MessageParcel& data, MessageParcel& reply); - void GetNativeTokenIdInner(MessageParcel& data, MessageParcel& reply); - -#ifdef TOKEN_SYNC_ENABLE - void GetHapTokenInfoFromRemoteInner(MessageParcel& data, MessageParcel& reply); - void SetRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply); - void DeleteRemoteTokenInner(MessageParcel& data, MessageParcel& reply); - void DeleteRemoteDeviceTokensInner(MessageParcel& data, MessageParcel& reply); - void GetRemoteNativeTokenIDInner(MessageParcel& data, MessageParcel& reply); - void RegisterTokenSyncCallbackInner(MessageParcel& data, MessageParcel& reply); - void UnRegisterTokenSyncCallbackInner(MessageParcel& data, MessageParcel& reply); - void SetTokenSyncFuncInMap(); -#endif - void SetPermissionOpFuncInMap(); - void SetLocalTokenOpFuncInMap(); - void DumpTokenInfoInner(MessageParcel& data, MessageParcel& reply); - void GetVersionInner(MessageParcel& data, MessageParcel& reply); - void SetPermDialogCapInner(MessageParcel& data, MessageParcel& reply); - void GetPermissionManagerInfoInner(MessageParcel& data, MessageParcel& reply); - void InitUserPolicyInner(MessageParcel& data, MessageParcel& reply); - void UpdateUserPolicyInner(MessageParcel& data, MessageParcel& reply); - void ClearUserPolicyInner(MessageParcel& data, MessageParcel& reply); - void GetReqPermissionByNameInner(MessageParcel& data, MessageParcel& reply); - void GetKernelPermissionsInner(MessageParcel& data, MessageParcel& reply); - - bool IsPrivilegedCalling() const; - bool IsAccessTokenCalling(); - bool IsNativeProcessCalling(); - bool IsSystemAppCalling() const; - bool IsShellProcessCalling(); -#ifndef ATM_BUILD_VARIANT_USER_ENABLE - static const int32_t ROOT_UID = 0; -#endif - static const int32_t ACCESSTOKEN_UID = 3020; - - AccessTokenID tokenSyncId_ = 0; - - using RequestFuncType = void (AccessTokenManagerStub::*)(MessageParcel &data, MessageParcel &reply); - std::map requestFuncMap_; -}; -} // namespace AccessToken -} // namespace Security -} // namespace OHOS -#endif // ACCESSTOKEN_MANAGER_STUB_H diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index f25826362a6e2a631ff5f16e7138320ce3d673bb..40074a7c124827483f9ec2f93cdfb49fd2636403 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -49,6 +49,10 @@ #ifdef TOKEN_SYNC_ENABLE #include "token_modify_notifier.h" #endif // TOKEN_SYNC_ENABLE +#include "tokenid_kit.h" +#ifdef HICOLLIE_ENABLE +#include "xcollie/xcollie.h" +#endif // HICOLLIE_ENABLE namespace OHOS { namespace Security { @@ -63,6 +67,23 @@ const char* PERMISSION_STATE_SHEET_ABILITY_NAME = "com.ohos.permissionmanager.Pe const char* GLOBAL_SWITCH_SHEET_ABILITY_NAME = "com.ohos.permissionmanager.GlobalSwitchSheetAbility"; const char* APPLICATION_SETTING_ABILITY_NAME = "com.ohos.permissionmanager.MainAbility"; const char* DEVELOPER_MODE_STATE = "const.security.developermode.state"; + +const std::string MANAGE_HAP_TOKENID_PERMISSION = "ohos.permission.MANAGE_HAP_TOKENID"; +// static const int32_t DUMP_CAPACITY_SIZE = 2 * 1024 * 1000; +static const int MAX_PERMISSION_SIZE = 1000; +static const int32_t MAX_USER_POLICY_SIZE = 1024; +const std::string GRANT_SENSITIVE_PERMISSIONS = "ohos.permission.GRANT_SENSITIVE_PERMISSIONS"; +const std::string REVOKE_SENSITIVE_PERMISSIONS = "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS"; +const std::string GET_SENSITIVE_PERMISSIONS = "ohos.permission.GET_SENSITIVE_PERMISSIONS"; +const std::string DISABLE_PERMISSION_DIALOG = "ohos.permission.DISABLE_PERMISSION_DIALOG"; +const std::string GRANT_SHORT_TERM_WRITE_MEDIAVIDEO = "ohos.permission.GRANT_SHORT_TERM_WRITE_MEDIAVIDEO"; + +static const int32_t SA_ID_ACCESSTOKEN_MANAGER_SERVICE = 3503; + +#ifdef HICOLLIE_ENABLE +constexpr uint32_t TIMEOUT = 40; // 40s +thread_local int32_t timerId = 0; +#endif // HICOLLIE_ENABLE } const bool REGISTER_RESULT = @@ -128,11 +149,18 @@ void AccessTokenManagerService::OnRemoveSystemAbility(int32_t systemAbilityId, c } } -PermUsedTypeEnum AccessTokenManagerService::GetPermissionUsedType( - AccessTokenID tokenID, const std::string& permissionName) +// PermUsedTypeEnum AccessTokenManagerService::GetPermissionUsedType( +int32_t AccessTokenManagerService::GetPermissionUsedType( + AccessTokenID tokenID, const std::string& permissionName, int32_t& ret) { LOGI(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d, permission=%{public}s", tokenID, permissionName.c_str()); - return PermissionManager::GetInstance().GetPermissionUsedType(tokenID, permissionName); + if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + ret = static_cast(PermUsedTypeEnum::INVALID_USED_TYPE); + return ERR_OK; + } + ret = static_cast(PermissionManager::GetInstance().GetPermissionUsedType(tokenID, permissionName)); + return ERR_OK; } int AccessTokenManagerService::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) @@ -210,6 +238,16 @@ int AccessTokenManagerService::GetDefPermission( int AccessTokenManagerService::GetReqPermissions( AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) { + unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } + if (!IsPrivilegedCalling() && + VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + std::vector permList; int ret = PermissionManager::GetInstance().GetReqPermissions(tokenID, permList, isSystemGrant); @@ -221,19 +259,41 @@ int AccessTokenManagerService::GetReqPermissions( return ret; } -PermissionOper AccessTokenManagerService::GetSelfPermissionsState(std::vector& reqPermList, - PermissionGrantInfoParcel& infoParcel) +int32_t AccessTokenManagerService::GetSelfPermissionsState(std::vector& reqPermList, + PermissionGrantInfoParcel& infoParcel, int32_t& ret) { + uint32_t size = reqPermList.size(); + if (size > MAX_PERMISSION_SIZE) { + LOGE(ATM_DOMAIN, ATM_TAG, "PermList size %{public}d is invalid", size); + return INVALID_OPER; + } infoParcel.info.grantBundleName = grantBundleName_; infoParcel.info.grantAbilityName = grantAbilityName_; infoParcel.info.grantServiceAbilityName = grantServiceAbilityName_; AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID(); - return GetPermissionsState(callingTokenID, reqPermList); + ret = GetPermissionsState(callingTokenID, reqPermList); + return ERR_OK; } int32_t AccessTokenManagerService::GetPermissionsStatus(AccessTokenID tokenID, std::vector& reqPermList) { + unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } + if (!IsPrivilegedCalling() && + VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + + uint32_t size = reqPermList.size(); + if (size > MAX_PERMISSION_SIZE) { + LOGE(ATM_DOMAIN, ATM_TAG, "PermList size %{public}d is invalid", size); + return INVALID_OPER; + } + if (!AccessTokenInfoManager::GetInstance().IsTokenIdExist(tokenID)) { LOGE(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d does not exist", tokenID); return ERR_TOKENID_NOT_EXIST; @@ -306,23 +366,65 @@ PermissionOper AccessTokenManagerService::GetPermissionsState(AccessTokenID toke int AccessTokenManagerService::GetPermissionFlag( AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag) { + unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } + + if (!IsPrivilegedCalling() && + VerifyAccessToken(callingTokenID, GRANT_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED && + VerifyAccessToken(callingTokenID, REVOKE_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED && + VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + return AccessTokenError::ERR_PERMISSION_DENIED; + } return PermissionManager::GetInstance().GetPermissionFlag(tokenID, permissionName, flag); } int32_t AccessTokenManagerService::SetPermissionRequestToggleStatus( const std::string& permissionName, uint32_t status, int32_t userID = 0) { + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } + + if (!IsPrivilegedCalling() && VerifyAccessToken(callingTokenID, DISABLE_PERMISSION_DIALOG) == PERMISSION_DENIED) { + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", + HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, "CALLER_TOKENID", + callingTokenID, "PERMISSION_NAME", permissionName, "INTERFACE", "SetToggleStatus"); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d).", callingTokenID); + + return AccessTokenError::ERR_PERMISSION_DENIED; + } return AccessTokenInfoManager::GetInstance().SetPermissionRequestToggleStatus(permissionName, status, userID); } int32_t AccessTokenManagerService::GetPermissionRequestToggleStatus( const std::string& permissionName, uint32_t& status, int32_t userID = 0) { + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } + + if (!IsShellProcessCalling() && !IsPrivilegedCalling() && + VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", + HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, "CALLER_TOKENID", + callingTokenID, "PERMISSION_NAME", permissionName, "INTERFACE", "GetToggleStatus"); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d).", callingTokenID); + return AccessTokenError::ERR_PERMISSION_DENIED; + } return AccessTokenInfoManager::GetInstance().GetPermissionRequestToggleStatus(permissionName, status, userID); } int32_t AccessTokenManagerService::RequestAppPermOnSetting(AccessTokenID tokenID) { + if (!IsSystemAppCalling()) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } + HapTokenInfo hapInfo; int32_t ret = AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenID, hapInfo); if (ret != ERR_OK) { @@ -335,18 +437,59 @@ int32_t AccessTokenManagerService::RequestAppPermOnSetting(AccessTokenID tokenID int AccessTokenManagerService::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) { + unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } + + if (!IsPrivilegedCalling() && + VerifyAccessToken(callingTokenID, GRANT_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", + HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, + "CALLER_TOKENID", callingTokenID, "PERMISSION_NAME", permissionName); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + int32_t ret = PermissionManager::GetInstance().GrantPermission(tokenID, permissionName, flag); return ret; } int AccessTokenManagerService::RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) { + unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } + + if (!IsPrivilegedCalling() && + VerifyAccessToken(callingTokenID, REVOKE_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", + HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, + "CALLER_TOKENID", callingTokenID, "PERMISSION_NAME", permissionName); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + return AccessTokenError::ERR_PERMISSION_DENIED; + } return PermissionManager::GetInstance().RevokePermission(tokenID, permissionName, flag); } int AccessTokenManagerService::GrantPermissionForSpecifiedTime( AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime) { + unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } + + if (!IsPrivilegedCalling() && + VerifyAccessToken(callingTokenID, GRANT_SHORT_TERM_WRITE_MEDIAVIDEO) == PERMISSION_DENIED) { + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", + HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, + "CALLER_TOKENID", callingTokenID, "PERMISSION_NAME", permissionName); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + int32_t ret = PermissionManager::GetInstance().GrantPermissionForSpecifiedTime(tokenID, permissionName, onceTime); return ret; } @@ -354,6 +497,16 @@ int AccessTokenManagerService::GrantPermissionForSpecifiedTime( int AccessTokenManagerService::ClearUserGrantedPermissionState(AccessTokenID tokenID) { LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenID); + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if (!IsPrivilegedCalling() && + VerifyAccessToken(callingTokenID, REVOKE_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", + HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, + "CALLER_TOKENID", callingTokenID); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + AccessTokenInfoManager::GetInstance().ClearUserGrantedPermissionState(tokenID); AccessTokenInfoManager::GetInstance().SetPermDialogCap(tokenID, false); return RET_SUCCESS; @@ -362,48 +515,117 @@ int AccessTokenManagerService::ClearUserGrantedPermissionState(AccessTokenID tok int32_t AccessTokenManagerService::RegisterPermStateChangeCallback( const PermStateChangeScopeParcel& scope, const sptr& callback) { + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } + if (VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + + return AccessTokenError::ERR_PERMISSION_DENIED; + } return PermissionManager::GetInstance().AddPermStateChangeCallback(scope.scope, callback); } int32_t AccessTokenManagerService::UnRegisterPermStateChangeCallback(const sptr& callback) { + uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingToken) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } + if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); + + return AccessTokenError::ERR_PERMISSION_DENIED; + } return PermissionManager::GetInstance().RemovePermStateChangeCallback(callback); } int32_t AccessTokenManagerService::RegisterSelfPermStateChangeCallback( const PermStateChangeScopeParcel& scope, const sptr& callback) { + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if (this->GetTokenType(callingTokenID) != TOKEN_HAP) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is not hap."); + + return AccessTokenError::ERR_PARAM_INVALID; + } return PermissionManager::GetInstance().AddPermStateChangeCallback(scope.scope, callback); } int32_t AccessTokenManagerService::UnRegisterSelfPermStateChangeCallback(const sptr& callback) { + uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); + if (this->GetTokenType(callingToken) != TOKEN_HAP) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is not hap."); + + return AccessTokenError::ERR_PARAM_INVALID; + } return PermissionManager::GetInstance().RemovePermStateChangeCallback(callback); } -AccessTokenIDEx AccessTokenManagerService::AllocHapToken(const HapInfoParcel& info, const HapPolicyParcel& policy) +int32_t AccessTokenManagerService::AllocHapToken(const HapInfoParcel& info, const HapPolicyParcel& policy, + uint64_t& fullTokenId) { LOGI(ATM_DOMAIN, ATM_TAG, "BundleName: %{public}s", info.hapInfoParameter.bundleName.c_str()); AccessTokenIDEx tokenIdEx; tokenIdEx.tokenIDEx = 0LL; + AccessTokenID tokenID = IPCSkeleton::GetCallingTokenID(); + if (!IsPrivilegedCalling() && + (VerifyAccessToken(tokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", tokenID); + fullTokenId = static_cast(tokenIdEx.tokenIDEx); + return ERR_OK; + } + int ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo( info.hapInfoParameter, policy.hapPolicy, tokenIdEx); if (ret != RET_SUCCESS) { LOGE(ATM_DOMAIN, ATM_TAG, "Hap token info create failed"); } - return tokenIdEx; + fullTokenId = static_cast(tokenIdEx.tokenIDEx); + return ERR_OK; +} + +static void TransferHapPolicy(const HapPolicy& policyIn, HapPolicy& policyOut) +{ + policyOut.apl = policyIn.apl; + policyOut.domain = policyIn.domain; + policyOut.permList.assign(policyIn.permList.begin(), policyIn.permList.end()); + policyOut.aclRequestedList.assign(policyIn.aclRequestedList.begin(), policyIn.aclRequestedList.end()); + policyOut.preAuthorizationInfo.assign(policyIn.preAuthorizationInfo.begin(), policyIn.preAuthorizationInfo.end()); + for (const auto& perm : policyIn.permStateList) { + PermissionStatus tmp; + tmp.permissionName = perm.permissionName; + tmp.grantStatus = perm.grantStatus; + tmp.grantFlag = perm.grantFlag; + policyOut.permStateList.emplace_back(tmp); + } + policyOut.checkIgnore = policyIn.checkIgnore; + policyOut.aclExtendedMap = policyIn.aclExtendedMap; } -int32_t AccessTokenManagerService::InitHapToken(const HapInfoParcel& info, HapPolicyParcel& policy, - AccessTokenIDEx& fullTokenId, HapInfoCheckResult& result) +int32_t AccessTokenManagerService::InitHapToken(const HapInfoParcel& info, const HapPolicyParcel& policy, + uint64_t& fullTokenId, HapInfoCheckResultParcel& resultInfoParcel) { LOGI(ATM_DOMAIN, ATM_TAG, "Init hap %{public}s.", info.hapInfoParameter.bundleName.c_str()); + AccessTokenID tokenID = IPCSkeleton::GetCallingTokenID(); + if (!IsPrivilegedCalling() && + (VerifyAccessToken(tokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", tokenID); + + return AccessTokenError::ERR_PERMISSION_DENIED; + } + + HapPolicyParcel policyCopy; + TransferHapPolicy(policy.hapPolicy, policyCopy.hapPolicy); + std::vector initializedList; if (info.hapInfoParameter.dlpType == DLP_COMMON) { if (!PermissionManager::GetInstance().InitPermissionList(info.hapInfoParameter.appDistributionType, - policy.hapPolicy, initializedList, result)) { - return ERR_PERM_REQUEST_CFG_FAILED; + policyCopy.hapPolicy, initializedList, resultInfoParcel.hapInfoCheckResult)) { + return ERR_OK; } } else { if (!PermissionManager::GetInstance().InitDlpPermissionList( @@ -411,10 +633,12 @@ int32_t AccessTokenManagerService::InitHapToken(const HapInfoParcel& info, HapPo return ERR_PERM_REQUEST_CFG_FAILED; } } - policy.hapPolicy.permStateList = initializedList; + policyCopy.hapPolicy.permStateList = initializedList; + AccessTokenIDEx tokenIdEx; int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo( - info.hapInfoParameter, policy.hapPolicy, fullTokenId); + info.hapInfoParameter, policyCopy.hapPolicy, tokenIdEx); + fullTokenId = tokenIdEx.tokenIDEx; if (ret != RET_SUCCESS) { return ret; } @@ -425,6 +649,15 @@ int32_t AccessTokenManagerService::InitHapToken(const HapInfoParcel& info, HapPo int AccessTokenManagerService::DeleteToken(AccessTokenID tokenID) { LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenID); + AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID(); + if (!IsPrivilegedCalling() && + (VerifyAccessToken(callingTokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + if (this->GetTokenType(tokenID) != TOKEN_HAP) { + return AccessTokenError::ERR_PARAM_INVALID; + } // only support hap token deletion return AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); } @@ -435,47 +668,87 @@ int AccessTokenManagerService::GetTokenType(AccessTokenID tokenID) return AccessTokenIDManager::GetInstance().GetTokenIdType(tokenID); } -AccessTokenIDEx AccessTokenManagerService::GetHapTokenID( - int32_t userID, const std::string& bundleName, int32_t instIndex) +int32_t AccessTokenManagerService::GetHapTokenID( + int32_t userID, const std::string& bundleName, int32_t instIndex, uint64_t& ret) { LOGD(ATM_DOMAIN, ATM_TAG, "UserID: %{public}d, bundle: %{public}s, instIndex: %{public}d", userID, bundleName.c_str(), instIndex); - return AccessTokenInfoManager::GetInstance().GetHapTokenID(userID, bundleName, instIndex); + if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + + AccessTokenIDEx tokenIdEx = {0}; + ret = tokenIdEx.tokenIDEx; + return ERR_OK; + } + AccessTokenIDEx tokenIdEx = AccessTokenInfoManager::GetInstance().GetHapTokenID(userID, bundleName, instIndex); + ret = tokenIdEx.tokenIDEx; + return ERR_OK; } -AccessTokenID AccessTokenManagerService::AllocLocalTokenID( - const std::string& remoteDeviceID, AccessTokenID remoteTokenID) +int32_t AccessTokenManagerService::AllocLocalTokenID( + const std::string& remoteDeviceID, AccessTokenID remoteTokenID, AccessTokenID& ret) { LOGI(ATM_DOMAIN, ATM_TAG, "RemoteDeviceID: %{public}s, remoteTokenID: %{public}d", ConstantCommon::EncryptDevId(remoteDeviceID).c_str(), remoteTokenID); + if ((!IsNativeProcessCalling()) && !IsPrivilegedCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + ret = INVALID_TOKENID; + return ERR_OK; + } AccessTokenID tokenID = AccessTokenInfoManager::GetInstance().AllocLocalTokenID(remoteDeviceID, remoteTokenID); - return tokenID; + ret = tokenID; + return ERR_OK; } -int32_t AccessTokenManagerService::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, - const HapPolicyParcel& policyParcel, HapInfoCheckResult& result) +int32_t AccessTokenManagerService::UpdateHapToken(uint64_t& fullTokenId, const UpdateHapInfoParcel& infoParcel, + const HapPolicyParcel& policyParcel, HapInfoCheckResultParcel& resultInfoParcel) { + AccessTokenIDEx tokenIdEx; + tokenIdEx.tokenIDEx = fullTokenId; LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenIdEx.tokenIdExStruct.tokenID); + AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID(); + if (!IsPrivilegedCalling() && + (VerifyAccessToken(callingTokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + + return AccessTokenError::ERR_PERMISSION_DENIED; + } + UpdateHapInfoParams info = infoParcel.hapInfoParameter; std::vector InitializedList; if (!PermissionManager::GetInstance().InitPermissionList( - info.appDistributionType, policyParcel.hapPolicy, InitializedList, result)) { - return ERR_PERM_REQUEST_CFG_FAILED; + info.appDistributionType, policyParcel.hapPolicy, InitializedList, resultInfoParcel.hapInfoCheckResult)) { + return ERR_OK; } int32_t ret = AccessTokenInfoManager::GetInstance().UpdateHapToken(tokenIdEx, info, InitializedList, policyParcel.hapPolicy); + fullTokenId = tokenIdEx.tokenIDEx; return ret; } -int32_t AccessTokenManagerService::GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenIdList) +int32_t AccessTokenManagerService::GetTokenIDByUserID(int32_t userID, std::vector& tokenIds) { LOGD(ATM_DOMAIN, ATM_TAG, "UserID: %{public}d", userID); - return AccessTokenInfoManager::GetInstance().GetTokenIDByUserID(userID, tokenIdList); + if (!IsNativeProcessCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + + return AccessTokenError::ERR_PERMISSION_DENIED; + } + std::unordered_set tokenIdList; + + auto result = AccessTokenInfoManager::GetInstance().GetTokenIDByUserID(userID, tokenIdList); + std::copy(tokenIdList.begin(), tokenIdList.end(), std::back_inserter(tokenIds)); + return result; } int AccessTokenManagerService::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfoParcel& infoParcel) { LOGD(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenID); + if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + return AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenID, infoParcel.hapTokenInfoParams); } @@ -483,6 +756,12 @@ int AccessTokenManagerService::GetHapTokenInfoExtension(AccessTokenID tokenID, HapTokenInfoParcel& hapTokenInfoRes, std::string& appID) { LOGD(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d.", tokenID); + if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + + return AccessTokenError::ERR_PERMISSION_DENIED; + } + int ret = AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenID, hapTokenInfoRes.hapTokenInfoParams); if (ret != RET_SUCCESS) { LOGE(ATM_DOMAIN, ATM_TAG, "Get hap token info extenstion failed, ret is %{public}d.", ret); @@ -495,6 +774,12 @@ int AccessTokenManagerService::GetHapTokenInfoExtension(AccessTokenID tokenID, int AccessTokenManagerService::GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoParcel& infoParcel) { LOGD(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenID); + + if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d).", IPCSkeleton::GetCallingTokenID()); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + NativeTokenInfoBase baseInfo; int32_t ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(tokenID, baseInfo); infoParcel.nativeTokenInfoParams.apl = baseInfo.apl; @@ -505,6 +790,11 @@ int AccessTokenManagerService::GetNativeTokenInfo(AccessTokenID tokenID, NativeT #ifndef ATM_BUILD_VARIANT_USER_ENABLE int32_t AccessTokenManagerService::ReloadNativeTokenInfo() { + if (!IsPrivilegedCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + + return AccessTokenError::ERR_PERMISSION_DENIED; + } LibraryLoader loader(CONFIG_PARSE_LIBPATH); ConfigPolicyLoaderInterface* policy = loader.GetObject(); if (policy == nullptr) { @@ -523,9 +813,15 @@ int32_t AccessTokenManagerService::ReloadNativeTokenInfo() } #endif -AccessTokenID AccessTokenManagerService::GetNativeTokenId(const std::string& processName) +int32_t AccessTokenManagerService::GetNativeTokenId(const std::string& processName, AccessTokenID& tokenID) { - return AccessTokenInfoManager::GetInstance().GetNativeTokenId(processName); + if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + tokenID = INVALID_TOKENID; + return ERR_OK; + } + tokenID = AccessTokenInfoManager::GetInstance().GetNativeTokenId(processName); + return ERR_OK; } #ifdef TOKEN_SYNC_ENABLE @@ -534,16 +830,49 @@ int AccessTokenManagerService::GetHapTokenInfoFromRemote(AccessTokenID tokenID, { LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenID); + if (!IsAccessTokenCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + + return AccessTokenError::ERR_PERMISSION_DENIED; + } return AccessTokenInfoManager::GetInstance().GetHapTokenInfoFromRemote(tokenID, hapSyncParcel.hapTokenInfoForSyncParams); } +static void TransferHapTokenInfoForSync(const HapTokenInfoForSync& policyIn, HapTokenInfoForSync& policyOut) +{ + policyOut.baseInfo.ver = policyIn.baseInfo.ver; + policyOut.baseInfo.userID = policyIn.baseInfo.userID; + policyOut.baseInfo.bundleName = policyIn.baseInfo.bundleName; + policyOut.baseInfo.apiVersion = policyIn.baseInfo.apiVersion; + policyOut.baseInfo.instIndex = policyIn.baseInfo.instIndex; + policyOut.baseInfo.dlpType = policyIn.baseInfo.dlpType; + policyOut.baseInfo.tokenID = policyIn.baseInfo.tokenID; + policyOut.baseInfo.tokenAttr = policyIn.baseInfo.tokenAttr; + for (const auto& item : policyIn.permStateList) { + PermissionStatus tmp; + tmp.permissionName = item.permissionName; + tmp.grantStatus = item.grantStatus; + tmp.grantFlag = item.grantFlag; + policyOut.permStateList.emplace_back(tmp); + } +} + int AccessTokenManagerService::SetRemoteHapTokenInfo(const std::string& deviceID, - HapTokenInfoForSyncParcel& hapSyncParcel) + const HapTokenInfoForSyncParcel& hapSyncParcel) { LOGI(ATM_DOMAIN, ATM_TAG, "DeviceID: %{public}s", ConstantCommon::EncryptDevId(deviceID).c_str()); + + if (!IsAccessTokenCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + + return AccessTokenError::ERR_PERMISSION_DENIED; + } + HapTokenInfoForSyncParcel hapSyncParcelCopy; + TransferHapTokenInfoForSync(hapSyncParcel.hapTokenInfoForSyncParams, hapSyncParcelCopy.hapTokenInfoForSyncParams); + int ret = AccessTokenInfoManager::GetInstance().SetRemoteHapTokenInfo(deviceID, - hapSyncParcel.hapTokenInfoForSyncParams); + hapSyncParcelCopy.hapTokenInfoForSyncParams); return ret; } @@ -551,58 +880,107 @@ int AccessTokenManagerService::DeleteRemoteToken(const std::string& deviceID, Ac { LOGI(ATM_DOMAIN, ATM_TAG, "DeviceID: %{public}s, token id %{public}d", ConstantCommon::EncryptDevId(deviceID).c_str(), tokenID); + + if (!IsAccessTokenCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + + return AccessTokenError::ERR_PERMISSION_DENIED; + } return AccessTokenInfoManager::GetInstance().DeleteRemoteToken(deviceID, tokenID); } -AccessTokenID AccessTokenManagerService::GetRemoteNativeTokenID(const std::string& deviceID, - AccessTokenID tokenID) +int32_t AccessTokenManagerService::GetRemoteNativeTokenID(const std::string& deviceID, + AccessTokenID tokenID, AccessTokenID& ret) { LOGI(ATM_DOMAIN, ATM_TAG, "DeviceID: %{public}s, token id %{public}d", ConstantCommon::EncryptDevId(deviceID).c_str(), tokenID); - return AccessTokenInfoManager::GetInstance().GetRemoteNativeTokenID(deviceID, tokenID); + if (!IsAccessTokenCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + + ret = INVALID_TOKENID; + return ERR_OK; + } + ret = AccessTokenInfoManager::GetInstance().GetRemoteNativeTokenID(deviceID, tokenID); + return ERR_OK; } int AccessTokenManagerService::DeleteRemoteDeviceTokens(const std::string& deviceID) { LOGI(ATM_DOMAIN, ATM_TAG, "DeviceID: %{public}s", ConstantCommon::EncryptDevId(deviceID).c_str()); + + if (!IsAccessTokenCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + + return AccessTokenError::ERR_PERMISSION_DENIED; + } return AccessTokenInfoManager::GetInstance().DeleteRemoteDeviceTokens(deviceID); } int32_t AccessTokenManagerService::RegisterTokenSyncCallback(const sptr& callback) { LOGI(ATM_DOMAIN, ATM_TAG, "Call token sync callback registed."); + + if (!IsAccessTokenCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied, tokenID=%{public}d", IPCSkeleton::GetCallingTokenID()); + + return AccessTokenError::ERR_PERMISSION_DENIED; + } return TokenModifyNotifier::GetInstance().RegisterTokenSyncCallback(callback); } int32_t AccessTokenManagerService::UnRegisterTokenSyncCallback() { LOGI(ATM_DOMAIN, ATM_TAG, "Call token sync callback unregisted."); + + if (!IsAccessTokenCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied, tokenID=%{public}d", IPCSkeleton::GetCallingTokenID()); + + return AccessTokenError::ERR_PERMISSION_DENIED; + } return TokenModifyNotifier::GetInstance().UnRegisterTokenSyncCallback(); } #endif -void AccessTokenManagerService::DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& dumpInfo) +int32_t AccessTokenManagerService::DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& dumpInfo) { LOGI(ATM_DOMAIN, ATM_TAG, "Called"); + if (!IsShellProcessCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + dumpInfo = ""; + return ERR_OK; + } + bool isDeveloperMode = OHOS::system::GetBoolParameter(DEVELOPER_MODE_STATE, false); if (!isDeveloperMode) { dumpInfo = "Developer mode not support."; - return; + return ERR_OK; } AccessTokenInfoManager::GetInstance().DumpTokenInfo(infoParcel.info, dumpInfo); + return ERR_OK; } int32_t AccessTokenManagerService::GetVersion(uint32_t& version) { LOGI(ATM_DOMAIN, ATM_TAG, "Called"); + uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingToken) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } version = DEFAULT_TOKEN_VERSION; return RET_SUCCESS; } int32_t AccessTokenManagerService::SetPermDialogCap(const HapBaseInfoParcel& hapBaseInfoParcel, bool enable) { + uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); + if (VerifyAccessToken(callingToken, DISABLE_PERMISSION_DIALOG) == PERMISSION_DENIED) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); + + return AccessTokenError::ERR_PERMISSION_DENIED; + } + AccessTokenIDEx tokenIdEx = AccessTokenInfoManager::GetInstance().GetHapTokenID( hapBaseInfoParcel.hapBaseInfo.userID, hapBaseInfoParcel.hapBaseInfo.bundleName, @@ -616,28 +994,71 @@ int32_t AccessTokenManagerService::SetPermDialogCap(const HapBaseInfoParcel& hap return ret; } -void AccessTokenManagerService::GetPermissionManagerInfo(PermissionGrantInfoParcel& infoParcel) +int32_t AccessTokenManagerService::GetPermissionManagerInfo(PermissionGrantInfoParcel& infoParcel) { infoParcel.info.grantBundleName = grantBundleName_; infoParcel.info.grantAbilityName = grantAbilityName_; infoParcel.info.grantServiceAbilityName = grantServiceAbilityName_; infoParcel.info.permStateAbilityName = permStateAbilityName_; infoParcel.info.globalSwitchAbilityName = globalSwitchAbilityName_; + return ERR_OK; } int32_t AccessTokenManagerService::InitUserPolicy( - const std::vector& userList, const std::vector& permList) + const std::vector& userParcelList, const std::vector& permList) { + uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); + if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); + + return AccessTokenError::ERR_PERMISSION_DENIED; + } + + uint32_t userSize = userParcelList.size(); + uint32_t permSize = permList.size(); + if ((userSize > MAX_USER_POLICY_SIZE) || (permSize > MAX_USER_POLICY_SIZE)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Size %{public}u is invalid", userSize); + return AccessTokenError::ERR_OVERSIZE; + } + + std::vector userList; + for (const auto& userParcel : userParcelList) { + userList.emplace_back(userParcel.userState); + } return AccessTokenInfoManager::GetInstance().InitUserPolicy(userList, permList); } -int32_t AccessTokenManagerService::UpdateUserPolicy(const std::vector& userList) +int32_t AccessTokenManagerService::UpdateUserPolicy(const std::vector& userParcelList) { + uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); + if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); + + return AccessTokenError::ERR_PERMISSION_DENIED; + } + + uint32_t userSize = userParcelList.size(); + if (userSize > MAX_USER_POLICY_SIZE) { + LOGE(ATM_DOMAIN, ATM_TAG, "Size %{public}u is invalid", userSize); + return AccessTokenError::ERR_OVERSIZE; + } + + std::vector userList; + for (const auto& userParcel : userParcelList) { + userList.emplace_back(userParcel.userState); + } return AccessTokenInfoManager::GetInstance().UpdateUserPolicy(userList); } int32_t AccessTokenManagerService::ClearUserPolicy() { + uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); + if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); + + return AccessTokenError::ERR_PERMISSION_DENIED; + } + return AccessTokenInfoManager::GetInstance().ClearUserPolicy(); } @@ -733,14 +1154,30 @@ void AccessTokenManagerService::GetConfigValue() } int32_t AccessTokenManagerService::GetKernelPermissions( - AccessTokenID tokenId, std::vector& kernelPermList) + AccessTokenID tokenId, std::vector& kernelPermParcelList) { + auto callingToken = IPCSkeleton::GetCallingTokenID(); + if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); + + return AccessTokenError::ERR_PERMISSION_DENIED; + } + + std::vector kernelPermList; + for (const auto& item : kernelPermParcelList) { + kernelPermList.emplace_back(item.permissionWithValue); + } return AccessTokenInfoManager::GetInstance().GetKernelPermissions(tokenId, kernelPermList); } int32_t AccessTokenManagerService::GetReqPermissionByName( AccessTokenID tokenId, const std::string& permissionName, std::string& value) { + if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + + return AccessTokenError::ERR_PERMISSION_DENIED; + } return AccessTokenInfoManager::GetInstance().GetReqPermissionByName( tokenId, permissionName, value); } @@ -759,6 +1196,62 @@ bool AccessTokenManagerService::Initialize() LOGI(ATM_DOMAIN, ATM_TAG, "Initialize success"); return true; } + +bool AccessTokenManagerService::IsPrivilegedCalling() const +{ + // shell process is root in debug mode. +#ifndef ATM_BUILD_VARIANT_USER_ENABLE + int32_t callingUid = IPCSkeleton::GetCallingUid(); + return callingUid == ROOT_UID; +#else + return false; +#endif +} + +bool AccessTokenManagerService::IsAccessTokenCalling() +{ + uint32_t tokenCaller = IPCSkeleton::GetCallingTokenID(); + if (tokenSyncId_ == 0) { + this->GetNativeTokenId("token_sync_service", tokenSyncId_); + } + return tokenCaller == tokenSyncId_; +} + +bool AccessTokenManagerService::IsNativeProcessCalling() +{ + AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); + return this->GetTokenType(tokenCaller) == TOKEN_NATIVE; +} + +bool AccessTokenManagerService::IsShellProcessCalling() +{ + AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); + return this->GetTokenType(tokenCaller) == TOKEN_SHELL; +} + +bool AccessTokenManagerService::IsSystemAppCalling() const +{ + uint64_t fullTokenId = IPCSkeleton::GetCallingFullTokenID(); + return TokenIdKit::IsSystemAppByFullTokenID(fullTokenId); +} + +int32_t AccessTokenManagerService::CallbackEnter(uint32_t code) +{ +#ifdef HICOLLIE_ENABLE + std::string name = "AtmTimer"; + timerId = HiviewDFX::XCollie::GetInstance().SetTimer(name, TIMEOUT, nullptr, nullptr, + HiviewDFX::XCOLLIE_FLAG_LOG); +#endif // HICOLLIE_ENABLE + return ERR_OK; +} + +int32_t AccessTokenManagerService::CallbackExit(uint32_t code, int32_t result) +{ +#ifdef HICOLLIE_ENABLE + HiviewDFX::XCollie::GetInstance().CancelTimer(timerId); +#endif // HICOLLIE_ENABLE + return ERR_OK; +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp deleted file mode 100644 index c1341cd00e9d685e1ea5afe442891059e43c034a..0000000000000000000000000000000000000000 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp +++ /dev/null @@ -1,1333 +0,0 @@ -/* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "accesstoken_manager_stub.h" - -#include -#include "accesstoken_dfx_define.h" -#include "accesstoken_common_log.h" -#include "access_token_error.h" -#include "ipc_skeleton.h" -#include "memory_guard.h" -#include "string_ex.h" -#include "tokenid_kit.h" -#ifdef HICOLLIE_ENABLE -#include "xcollie/xcollie.h" -#endif // HICOLLIE_ENABLE - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -const std::string MANAGE_HAP_TOKENID_PERMISSION = "ohos.permission.MANAGE_HAP_TOKENID"; -static const int32_t DUMP_CAPACITY_SIZE = 2 * 1024 * 1000; -static const int MAX_PERMISSION_SIZE = 1000; -static const int32_t MAX_USER_POLICY_SIZE = 1024; -const std::string GRANT_SENSITIVE_PERMISSIONS = "ohos.permission.GRANT_SENSITIVE_PERMISSIONS"; -const std::string REVOKE_SENSITIVE_PERMISSIONS = "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS"; -const std::string GET_SENSITIVE_PERMISSIONS = "ohos.permission.GET_SENSITIVE_PERMISSIONS"; -const std::string DISABLE_PERMISSION_DIALOG = "ohos.permission.DISABLE_PERMISSION_DIALOG"; -const std::string GRANT_SHORT_TERM_WRITE_MEDIAVIDEO = "ohos.permission.GRANT_SHORT_TERM_WRITE_MEDIAVIDEO"; - -#ifdef HICOLLIE_ENABLE -constexpr uint32_t TIMEOUT = 40; // 40s -#endif // HICOLLIE_ENABLE -} - -int32_t AccessTokenManagerStub::OnRemoteRequest( - uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& option) -{ - MemoryGuard guard; - - uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); - LOGD(ATM_DOMAIN, ATM_TAG, "Code %{public}u token %{public}u", code, callingTokenID); - std::u16string descriptor = data.ReadInterfaceToken(); - if (descriptor != IAccessTokenManager::GetDescriptor()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Get unexpect descriptor: %{public}s", Str16ToStr8(descriptor).c_str()); - return ERROR_IPC_REQUEST_FAIL; - } - -#ifdef HICOLLIE_ENABLE - std::string name = "AtmTimer"; - int timerId = HiviewDFX::XCollie::GetInstance().SetTimer(name, TIMEOUT, nullptr, nullptr, - HiviewDFX::XCOLLIE_FLAG_LOG); -#endif // HICOLLIE_ENABLE - - auto itFunc = requestFuncMap_.find(code); - if (itFunc != requestFuncMap_.end()) { - auto requestFunc = itFunc->second; - if (requestFunc != nullptr) { - (this->*requestFunc)(data, reply); - -#ifdef HICOLLIE_ENABLE - HiviewDFX::XCollie::GetInstance().CancelTimer(timerId); -#endif // HICOLLIE_ENABLE - - return NO_ERROR; - } - } - -#ifdef HICOLLIE_ENABLE - HiviewDFX::XCollie::GetInstance().CancelTimer(timerId); -#endif // HICOLLIE_ENABLE - - return IPCObjectStub::OnRemoteRequest(code, data, reply, option); // when code invalid -} - -void AccessTokenManagerStub::DeleteTokenInfoInner(MessageParcel& data, MessageParcel& reply) -{ - AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID(); - if (!IsPrivilegedCalling() && - (VerifyAccessToken(callingTokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - AccessTokenID tokenID = data.ReadUint32(); - if (this->GetTokenType(tokenID) != TOKEN_HAP) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PARAM_INVALID), "WriteInt32 failed."); - return; - } - int result = this->DeleteToken(tokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::GetPermissionUsedTypeInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(static_cast(PermUsedTypeEnum::INVALID_USED_TYPE)), - "WriteInt32 failed."); - return; - } - uint32_t tokenID; - if (!data.ReadUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to read tokenID."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(static_cast(PermUsedTypeEnum::INVALID_USED_TYPE)), - "WriteInt32 failed."); - return; - } - std::string permissionName; - if (!data.ReadString(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to read permissionName."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32( - static_cast(PermUsedTypeEnum::INVALID_USED_TYPE)), "WriteInt32 failed."); - return; - } - PermUsedTypeEnum result = this->GetPermissionUsedType(tokenID, permissionName); - int32_t type = static_cast(result); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(type), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::VerifyAccessTokenInner(MessageParcel& data, MessageParcel& reply) -{ - AccessTokenID tokenID = data.ReadUint32(); - std::string permissionName = data.ReadString(); - int result = this->VerifyAccessToken(tokenID, permissionName); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::VerifyAccessTokenWithListInner(MessageParcel& data, MessageParcel& reply) -{ - AccessTokenID tokenID; - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, data.ReadUint32(tokenID), "ReadUint32 failed."); - - std::vector permissionList; - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, data.ReadStringVector(&permissionList), "ReadStringVector failed."); - - std::vector permStateList; - this->VerifyAccessToken(tokenID, permissionList, permStateList); - - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32Vector(permStateList), "WriteInt32Vector failed."); -} - -void AccessTokenManagerStub::GetDefPermissionInner(MessageParcel& data, MessageParcel& reply) -{ - std::string permissionName = data.ReadString(); - PermissionDefParcel permissionDefParcel; - int result = this->GetDefPermission(permissionName, permissionDefParcel); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteParcelable(&permissionDefParcel), "Write PermissionDefParcel fail."); -} - -void AccessTokenManagerStub::GetReqPermissionsInner(MessageParcel& data, MessageParcel& reply) -{ - unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - if (!IsPrivilegedCalling() && - VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - - AccessTokenID tokenID = data.ReadUint32(); - int isSystemGrant = data.ReadInt32(); - std::vector permList; - - int result = this->GetReqPermissions(tokenID, permList, isSystemGrant); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - LOGD(ATM_DOMAIN, ATM_TAG, "PermList size: %{public}zu", permList.size()); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(permList.size()), "WriteInt32 failed."); - for (const auto& permDef : permList) { - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&permDef), "WriteParcelable fail."); - } -} - -void AccessTokenManagerStub::GetSelfPermissionsStateInner(MessageParcel& data, MessageParcel& reply) -{ - std::vector permList; - uint32_t size = 0; - if (!data.ReadUint32(size)) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(INVALID_OPER), "WriteInt32 failed."); - return; - } - LOGD(ATM_DOMAIN, ATM_TAG, "PermList size read from client data is %{public}d.", size); - if (size > MAX_PERMISSION_SIZE) { - LOGE(ATM_DOMAIN, ATM_TAG, "PermList size %{public}d is invalid", size); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(INVALID_OPER), "WriteInt32 failed."); - return; - } - for (uint32_t i = 0; i < size; i++) { - sptr permissionParcel = data.ReadParcelable(); - if (permissionParcel != nullptr) { - permList.emplace_back(*permissionParcel); - } - } - PermissionGrantInfoParcel infoParcel; - PermissionOper result = this->GetSelfPermissionsState(permList, infoParcel); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(permList.size()), "WriteUint32 failed."); - for (const auto& perm : permList) { - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&perm), "WriteParcelable failed."); - } - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&infoParcel), "WriteParcelable failed."); -} - -void AccessTokenManagerStub::GetPermissionsStatusInner(MessageParcel& data, MessageParcel& reply) -{ - unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - if (!IsPrivilegedCalling() && - VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - - AccessTokenID tokenID = data.ReadUint32(); - std::vector permList; - uint32_t size = 0; - if (!data.ReadUint32(size)) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(INVALID_OPER), "WriteInt32 failed."); - return; - } - LOGD(ATM_DOMAIN, ATM_TAG, "PermList size read from client data is %{public}d.", size); - if (size > MAX_PERMISSION_SIZE) { - LOGE(ATM_DOMAIN, ATM_TAG, "PermList size %{public}d is oversize", size); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(INVALID_OPER), "WriteInt32 failed."); - return; - } - for (uint32_t i = 0; i < size; i++) { - sptr permissionParcel = data.ReadParcelable(); - if (permissionParcel != nullptr) { - permList.emplace_back(*permissionParcel); - } - } - int32_t result = this->GetPermissionsStatus(tokenID, permList); - - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(permList.size()), "WriteUint32 failed."); - for (const auto& perm : permList) { - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&perm), "WriteParcelable failed."); - } -} - -void AccessTokenManagerStub::GetPermissionFlagInner(MessageParcel& data, MessageParcel& reply) -{ - unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - AccessTokenID tokenID = data.ReadUint32(); - std::string permissionName = data.ReadString(); - if (!IsPrivilegedCalling() && - VerifyAccessToken(callingTokenID, GRANT_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED && - VerifyAccessToken(callingTokenID, REVOKE_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED && - VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - uint32_t flag; - int result = this->GetPermissionFlag(tokenID, permissionName, flag); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(flag), "WriteUint32 failed."); -} - -void AccessTokenManagerStub::SetPermissionRequestToggleStatusInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - - std::string permissionName = data.ReadString(); - uint32_t status = data.ReadUint32(); - int32_t userID = data.ReadInt32(); - if (!IsPrivilegedCalling() && VerifyAccessToken(callingTokenID, DISABLE_PERMISSION_DIALOG) == PERMISSION_DENIED) { - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, "CALLER_TOKENID", - callingTokenID, "PERMISSION_NAME", permissionName, "INTERFACE", "SetToggleStatus"); - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d).", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - int32_t result = this->SetPermissionRequestToggleStatus(permissionName, status, userID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::GetPermissionRequestToggleStatusInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - - std::string permissionName = data.ReadString(); - int32_t userID = data.ReadInt32(); - if (!IsShellProcessCalling() && !IsPrivilegedCalling() && - VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, "CALLER_TOKENID", - callingTokenID, "PERMISSION_NAME", permissionName, "INTERFACE", "GetToggleStatus"); - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d).", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - uint32_t status; - int32_t result = this->GetPermissionRequestToggleStatus(permissionName, status, userID); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(status), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::RequestAppPermOnSettingInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsSystemAppCalling()) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - - AccessTokenID tokenID; - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, data.ReadUint32(tokenID), "ReadUint32 failed."); - - int result = this->RequestAppPermOnSetting(tokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::GrantPermissionInner(MessageParcel& data, MessageParcel& reply) -{ - unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - AccessTokenID tokenID = data.ReadUint32(); - std::string permissionName = data.ReadString(); - uint32_t flag = data.ReadUint32(); - if (!IsPrivilegedCalling() && - VerifyAccessToken(callingTokenID, GRANT_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, - "CALLER_TOKENID", callingTokenID, "PERMISSION_NAME", permissionName); - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - int result = this->GrantPermission(tokenID, permissionName, flag); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::RevokePermissionInner(MessageParcel& data, MessageParcel& reply) -{ - unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - AccessTokenID tokenID = data.ReadUint32(); - std::string permissionName = data.ReadString(); - uint32_t flag = data.ReadUint32(); - if (!IsPrivilegedCalling() && - VerifyAccessToken(callingTokenID, REVOKE_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, - "CALLER_TOKENID", callingTokenID, "PERMISSION_NAME", permissionName); - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - int result = this->RevokePermission(tokenID, permissionName, flag); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::GrantPermissionForSpecifiedTimeInner(MessageParcel& data, MessageParcel& reply) -{ - unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - AccessTokenID tokenID = data.ReadUint32(); - std::string permissionName = data.ReadString(); - uint32_t onceTime = data.ReadUint32(); - if (!IsPrivilegedCalling() && - VerifyAccessToken(callingTokenID, GRANT_SHORT_TERM_WRITE_MEDIAVIDEO) == PERMISSION_DENIED) { - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, - "CALLER_TOKENID", callingTokenID, "PERMISSION_NAME", permissionName); - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - int result = this->GrantPermissionForSpecifiedTime(tokenID, permissionName, onceTime); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::ClearUserGrantedPermissionStateInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); - if (!IsPrivilegedCalling() && - VerifyAccessToken(callingTokenID, REVOKE_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, - "CALLER_TOKENID", callingTokenID); - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - AccessTokenID tokenID = data.ReadUint32(); - int result = this->ClearUserGrantedPermissionState(tokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::AllocHapTokenInner(MessageParcel& data, MessageParcel& reply) -{ - AccessTokenIDEx res = {0}; - AccessTokenID tokenID = IPCSkeleton::GetCallingTokenID(); - if (!IsPrivilegedCalling() && - (VerifyAccessToken(tokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", tokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - - sptr hapInfoParcel = data.ReadParcelable(); - sptr hapPolicyParcel = data.ReadParcelable(); - if (hapInfoParcel == nullptr || hapPolicyParcel == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read hapPolicyParcel or hapInfoParcel fail"); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - res = this->AllocHapToken(*hapInfoParcel, *hapPolicyParcel); - reply.WriteUint64(res.tokenIDEx); -} - -void AccessTokenManagerStub::InitHapTokenInner(MessageParcel& data, MessageParcel& reply) -{ - AccessTokenID tokenID = IPCSkeleton::GetCallingTokenID(); - if (!IsPrivilegedCalling() && - (VerifyAccessToken(tokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", tokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - - sptr hapInfoParcel = data.ReadParcelable(); - sptr hapPolicyParcel = data.ReadParcelable(); - if (hapInfoParcel == nullptr || hapPolicyParcel == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read hapPolicyParcel or hapInfoParcel fail"); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - int32_t res; - AccessTokenIDEx fullTokenId = { 0 }; - HapInfoCheckResult result; - res = this->InitHapToken(*hapInfoParcel, *hapPolicyParcel, fullTokenId, result); - if (!reply.WriteInt32(res)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInt32 fail"); - } - - if (res != RET_SUCCESS) { - if (!result.permCheckResult.permissionName.empty()) { - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteString(result.permCheckResult.permissionName), "WriteString failed."); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(result.permCheckResult.rule), "WriteInt32 failed."); - } - LOGE(ATM_DOMAIN, ATM_TAG, "Res error %{public}d.", res); - return; - } - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint64(fullTokenId.tokenIDEx), "WriteUint64 failed."); -} - -void AccessTokenManagerStub::GetTokenTypeInner(MessageParcel& data, MessageParcel& reply) -{ - AccessTokenID tokenID = data.ReadUint32(); - int result = this->GetTokenType(tokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::GetHapTokenIDInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(INVALID_TOKENID), "WriteInt32 failed."); - return; - } - int userID = data.ReadInt32(); - std::string bundleName = data.ReadString(); - int instIndex = data.ReadInt32(); - AccessTokenIDEx tokenIdEx = this->GetHapTokenID(userID, bundleName, instIndex); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint64(tokenIdEx.tokenIDEx), "WriteUint64 failed."); -} - -void AccessTokenManagerStub::AllocLocalTokenIDInner(MessageParcel& data, MessageParcel& reply) -{ - if ((!IsNativeProcessCalling()) && !IsPrivilegedCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(INVALID_TOKENID), "WriteInt32 failed."); - return; - } - std::string remoteDeviceID = data.ReadString(); - AccessTokenID remoteTokenID = data.ReadUint32(); - AccessTokenID result = this->AllocLocalTokenID(remoteDeviceID, remoteTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(result), "WriteUint32 failed."); -} - -void AccessTokenManagerStub::UpdateHapTokenInner(MessageParcel& data, MessageParcel& reply) -{ - AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID(); - if (!IsPrivilegedCalling() && - (VerifyAccessToken(callingTokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - UpdateHapInfoParams info; - AccessTokenID tokenID = data.ReadUint32(); - info.isSystemApp = data.ReadBool(); - info.appIDDesc = data.ReadString(); - info.apiVersion = data.ReadInt32(); - info.appDistributionType = data.ReadString(); - AccessTokenIDEx tokenIdEx; - tokenIdEx.tokenIdExStruct.tokenID = tokenID; - sptr policyParcel = data.ReadParcelable(); - if (policyParcel == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "PolicyParcel read faild"); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - HapInfoCheckResult resultInfo; - int32_t result = this->UpdateHapToken(tokenIdEx, info, *policyParcel, resultInfo); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteUint32(tokenIdEx.tokenIdExStruct.tokenAttr), "WriteUint32 failed."); - if (result != RET_SUCCESS) { - if (!resultInfo.permCheckResult.permissionName.empty()) { - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteString(resultInfo.permCheckResult.permissionName), "WriteString failed."); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(resultInfo.permCheckResult.rule), "WriteInt32 failed."); - } - LOGE(ATM_DOMAIN, ATM_TAG, "Res error %{public}d", result); - return; - } -} - -void AccessTokenManagerStub::GetTokenIDByUserIDInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsNativeProcessCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - std::unordered_set tokenIdList; - int32_t userID = 0; - if (!data.ReadInt32(userID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to read userId."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - int32_t result = this->GetTokenIDByUserID(userID, tokenIdList); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(tokenIdList.size()), "WriteUint32 failed."); - for (const auto& tokenId : tokenIdList) { - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(tokenId), "WriteUint32 failed."); - } -} - -void AccessTokenManagerStub::GetHapTokenInfoInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - HapTokenInfoParcel hapTokenInfoParcel; - AccessTokenID tokenID = data.ReadUint32(); - int result = this->GetHapTokenInfo(tokenID, hapTokenInfoParcel); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&hapTokenInfoParcel), "Write parcel failed."); -} - -void AccessTokenManagerStub::GetHapTokenInfoExtensionInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - HapTokenInfoParcel hapTokenInfoParcel; - std::string appID; - AccessTokenID tokenID = data.ReadUint32(); - int result = this->GetHapTokenInfoExtension(tokenID, hapTokenInfoParcel, appID); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&hapTokenInfoParcel), "Write parcel failed."); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteString(appID), "Write string failed."); -} - -void AccessTokenManagerStub::GetNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d).", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - AccessTokenID tokenID = data.ReadUint32(); - NativeTokenInfoParcel nativeTokenInfoParcel; - int result = this->GetNativeTokenInfo(tokenID, nativeTokenInfoParcel); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&nativeTokenInfoParcel), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::RegisterPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - if (VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - sptr scopeParcel = data.ReadParcelable(); - if (scopeParcel == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read scopeParcel fail"); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - sptr callback = data.ReadRemoteObject(); - if (callback == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read callback fail"); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - int32_t result = this->RegisterPermStateChangeCallback(*scopeParcel, callback); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::UnRegisterPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); - if ((this->GetTokenType(callingToken) == TOKEN_HAP) && (!IsSystemAppCalling())) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - sptr callback = data.ReadRemoteObject(); - if (callback == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read callback fail"); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - int32_t result = this->UnRegisterPermStateChangeCallback(callback); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::RegisterSelfPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); - if (this->GetTokenType(callingTokenID) != TOKEN_HAP) { - LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is not hap."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PARAM_INVALID), "WriteInt32 failed."); - return; - } - sptr scopeParcel = data.ReadParcelable(); - if (scopeParcel == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read scopeParcel fail"); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - sptr callback = data.ReadRemoteObject(); - if (callback == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read callback fail"); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - int32_t result = this->RegisterSelfPermStateChangeCallback(*scopeParcel, callback); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::UnRegisterSelfPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); - if (this->GetTokenType(callingToken) != TOKEN_HAP) { - LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is not hap."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PARAM_INVALID), "WriteInt32 failed."); - return; - } - sptr callback = data.ReadRemoteObject(); - if (callback == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read callback fail"); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - int32_t result = this->UnRegisterSelfPermStateChangeCallback(callback); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -#ifndef ATM_BUILD_VARIANT_USER_ENABLE -void AccessTokenManagerStub::ReloadNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsPrivilegedCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteUint32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - int32_t result = this->ReloadNativeTokenInfo(); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} -#endif - -void AccessTokenManagerStub::GetNativeTokenIdInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(INVALID_TOKENID), "WriteUint32 failed."); - return; - } - std::string processName; - if (!data.ReadString(processName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadString fail, processName=%{public}s", processName.c_str()); - return; - } - AccessTokenID result = this->GetNativeTokenId(processName); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::GetKernelPermissionsInner(MessageParcel& data, MessageParcel& reply) -{ - auto callingToken = IPCSkeleton::GetCallingTokenID(); - if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteUint32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteUint32 failed."); - return; - } - - AccessTokenID tokenID; - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, data.ReadUint32(tokenID), "ReadUint32 failed."); - std::vector kernelPermList; - int32_t result = this->GetKernelPermissions(tokenID, kernelPermList); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(kernelPermList.size()), "WriteUint32 failed."); - for (const auto& perm : kernelPermList) { - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteString(perm.permissionName), "WriteString failed."); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteString(perm.value), "WriteString failed."); - } -} - -void AccessTokenManagerStub::GetReqPermissionByNameInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteUint32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteUint32 failed."); - return; - } - - AccessTokenID tokenID; - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, data.ReadUint32(tokenID), "ReadUint32 failed."); - std::string permissionName; - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, data.ReadString(permissionName), "ReadUint32 failed."); - std::string resultValue; - int32_t result = this->GetReqPermissionByName(tokenID, permissionName, resultValue); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteString(resultValue), "WriteString failed."); -} - -#ifdef TOKEN_SYNC_ENABLE -void AccessTokenManagerStub::GetHapTokenInfoFromRemoteInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsAccessTokenCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - AccessTokenID tokenID = data.ReadUint32(); - HapTokenInfoForSyncParcel hapTokenParcel; - - int result = this->GetHapTokenInfoFromRemote(tokenID, hapTokenParcel); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&hapTokenParcel), "WriteParcelable failed."); -} - -void AccessTokenManagerStub::SetRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsAccessTokenCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - std::string deviceID = data.ReadString(); - sptr hapTokenParcel = data.ReadParcelable(); - if (hapTokenParcel == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "HapTokenParcel read faild"); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - int result = this->SetRemoteHapTokenInfo(deviceID, *hapTokenParcel); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::DeleteRemoteTokenInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsAccessTokenCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - std::string deviceID = data.ReadString(); - AccessTokenID tokenID = data.ReadUint32(); - - int result = this->DeleteRemoteToken(deviceID, tokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::GetRemoteNativeTokenIDInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsAccessTokenCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(INVALID_TOKENID), "WriteInt32 failed."); - return; - } - std::string deviceID = data.ReadString(); - AccessTokenID tokenID = data.ReadUint32(); - - AccessTokenID result = this->GetRemoteNativeTokenID(deviceID, tokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::DeleteRemoteDeviceTokensInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsAccessTokenCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - std::string deviceID = data.ReadString(); - - int result = this->DeleteRemoteDeviceTokens(deviceID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::RegisterTokenSyncCallbackInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsAccessTokenCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied, tokenID=%{public}d", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - - sptr callback = data.ReadRemoteObject(); - if (callback == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Callback read failed."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - int32_t result = this->RegisterTokenSyncCallback(callback); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::UnRegisterTokenSyncCallbackInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsAccessTokenCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied, tokenID=%{public}d", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - - int32_t result = this->UnRegisterTokenSyncCallback(); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} -#endif - -void AccessTokenManagerStub::GetVersionInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); - if ((this->GetTokenType(callingToken) == TOKEN_HAP) && (!IsSystemAppCalling())) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - uint32_t version; - int32_t result = this->GetVersion(version); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(version), "WriteUint32 failed."); -} - -void AccessTokenManagerStub::DumpTokenInfoInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsShellProcessCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - reply.WriteString(""); - return; - } - sptr infoParcel = data.ReadParcelable(); - if (infoParcel == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read infoParcel fail"); - reply.WriteString("read infoParcel fail"); - return; - } - std::string dumpInfo = ""; - this->DumpTokenInfo(*infoParcel, dumpInfo); - if (!reply.SetDataCapacity(DUMP_CAPACITY_SIZE)) { - LOGW(ATM_DOMAIN, ATM_TAG, "SetDataCapacity failed"); - } - if (!reply.WriteString(dumpInfo)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed"); - } -} - -void AccessTokenManagerStub::SetPermDialogCapInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); - if (VerifyAccessToken(callingToken, DISABLE_PERMISSION_DIALOG) == PERMISSION_DENIED) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - - sptr hapBaseInfoParcel = data.ReadParcelable(); - if (hapBaseInfoParcel == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read hapBaseInfoParcel fail"); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - bool enable = data.ReadBool(); - int32_t res = this->SetPermDialogCap(*hapBaseInfoParcel, enable); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(res), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::GetPermissionManagerInfoInner(MessageParcel& data, MessageParcel& reply) -{ - PermissionGrantInfoParcel infoParcel; - this->GetPermissionManagerInfo(infoParcel); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&infoParcel), "WriteParcelable failed."); -} - -void AccessTokenManagerStub::InitUserPolicyInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); - if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - std::vector userList; - std::vector permList; - uint32_t userSize = data.ReadUint32(); - uint32_t permSize = data.ReadUint32(); - if ((userSize > MAX_USER_POLICY_SIZE) || (permSize > MAX_USER_POLICY_SIZE)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Size %{public}u is invalid", userSize); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_OVERSIZE), "WriteParcelable failed."); - return; - } - for (uint32_t i = 0; i < userSize; i++) { - UserState userInfo; - if (!data.ReadInt32(userInfo.userId)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to read userId."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - if (!data.ReadBool(userInfo.isActive)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to read isActive."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - userList.emplace_back(userInfo); - } - for (uint32_t i = 0; i < permSize; i++) { - std::string permission; - if (!data.ReadString(permission)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to read permission."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - permList.emplace_back(permission); - } - int32_t res = this->InitUserPolicy(userList, permList); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(res), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::UpdateUserPolicyInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); - if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - std::vector userList; - uint32_t userSize = data.ReadUint32(); - if (userSize > MAX_USER_POLICY_SIZE) { - LOGE(ATM_DOMAIN, ATM_TAG, "Size %{public}u is invalid", userSize); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(AccessTokenError::ERR_OVERSIZE), "WriteInt32 failed."); - return; - } - for (uint32_t i = 0; i < userSize; i++) { - UserState userInfo; - if (!data.ReadInt32(userInfo.userId)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to read userId."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - if (!data.ReadBool(userInfo.isActive)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to read isActive."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - userList.emplace_back(userInfo); - } - int32_t res = this->UpdateUserPolicy(userList); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(res), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::ClearUserPolicyInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); - if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - - int32_t res = this->ClearUserPolicy(); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(res), "WriteInt32 failed."); -} - -bool AccessTokenManagerStub::IsPrivilegedCalling() const -{ - // shell process is root in debug mode. -#ifndef ATM_BUILD_VARIANT_USER_ENABLE - int32_t callingUid = IPCSkeleton::GetCallingUid(); - return callingUid == ROOT_UID; -#else - return false; -#endif -} - -bool AccessTokenManagerStub::IsAccessTokenCalling() -{ - uint32_t tokenCaller = IPCSkeleton::GetCallingTokenID(); - if (tokenSyncId_ == 0) { - tokenSyncId_ = this->GetNativeTokenId("token_sync_service"); - } - return tokenCaller == tokenSyncId_; -} - -bool AccessTokenManagerStub::IsNativeProcessCalling() -{ - AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); - return this->GetTokenType(tokenCaller) == TOKEN_NATIVE; -} - -bool AccessTokenManagerStub::IsShellProcessCalling() -{ - AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); - return this->GetTokenType(tokenCaller) == TOKEN_SHELL; -} - -bool AccessTokenManagerStub::IsSystemAppCalling() const -{ - uint64_t fullTokenId = IPCSkeleton::GetCallingFullTokenID(); - return TokenIdKit::IsSystemAppByFullTokenID(fullTokenId); -} - -#ifdef TOKEN_SYNC_ENABLE -void AccessTokenManagerStub::SetTokenSyncFuncInMap() -{ - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_HAP_TOKEN_FROM_REMOTE)] = - &AccessTokenManagerStub::GetHapTokenInfoFromRemoteInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::SET_REMOTE_HAP_TOKEN_INFO)] = - &AccessTokenManagerStub::SetRemoteHapTokenInfoInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::DELETE_REMOTE_TOKEN_INFO)] = - &AccessTokenManagerStub::DeleteRemoteTokenInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::DELETE_REMOTE_DEVICE_TOKEN)] = - &AccessTokenManagerStub::DeleteRemoteDeviceTokensInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_NATIVE_REMOTE_TOKEN)] = - &AccessTokenManagerStub::GetRemoteNativeTokenIDInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::REGISTER_TOKEN_SYNC_CALLBACK)] = - &AccessTokenManagerStub::RegisterTokenSyncCallbackInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::UNREGISTER_TOKEN_SYNC_CALLBACK)] = - &AccessTokenManagerStub::UnRegisterTokenSyncCallbackInner; -} -#endif - -void AccessTokenManagerStub::SetLocalTokenOpFuncInMap() -{ - requestFuncMap_[static_cast(AccessTokenInterfaceCode::ALLOC_TOKEN_HAP)] = - &AccessTokenManagerStub::AllocHapTokenInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::INIT_TOKEN_HAP)] = - &AccessTokenManagerStub::InitHapTokenInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::TOKEN_DELETE)] = - &AccessTokenManagerStub::DeleteTokenInfoInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_TOKEN_TYPE)] = - &AccessTokenManagerStub::GetTokenTypeInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_HAP_TOKEN_ID)] = - &AccessTokenManagerStub::GetHapTokenIDInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::ALLOC_LOCAL_TOKEN_ID)] = - &AccessTokenManagerStub::AllocLocalTokenIDInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_NATIVE_TOKENINFO)] = - &AccessTokenManagerStub::GetNativeTokenInfoInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_TOKEN_ID_BY_USER_ID)] = - &AccessTokenManagerStub::GetTokenIDByUserIDInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_HAP_TOKENINFO)] = - &AccessTokenManagerStub::GetHapTokenInfoInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::UPDATE_HAP_TOKEN)] = - &AccessTokenManagerStub::UpdateHapTokenInner; -#ifndef ATM_BUILD_VARIANT_USER_ENABLE - requestFuncMap_[static_cast(AccessTokenInterfaceCode::RELOAD_NATIVE_TOKEN_INFO)] = - &AccessTokenManagerStub::ReloadNativeTokenInfoInner; -#endif - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_NATIVE_TOKEN_ID)] = - &AccessTokenManagerStub::GetNativeTokenIdInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::SET_PERM_DIALOG_CAPABILITY)] = - &AccessTokenManagerStub::SetPermDialogCapInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_PERMISSION_MANAGER_INFO)] = - &AccessTokenManagerStub::GetPermissionManagerInfoInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::INIT_USER_POLICY)] = - &AccessTokenManagerStub::InitUserPolicyInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::UPDATE_USER_POLICY)] = - &AccessTokenManagerStub::UpdateUserPolicyInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::CLEAR_USER_POLICY)] = - &AccessTokenManagerStub::ClearUserPolicyInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_HAP_TOKENINFO_EXT)] = - &AccessTokenManagerStub::GetHapTokenInfoExtensionInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_KERNEL_PERMISSIONS)] = - &AccessTokenManagerStub::GetKernelPermissionsInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_PERMISSION_BY_NAME)] = - &AccessTokenManagerStub::GetReqPermissionByNameInner; -} - -void AccessTokenManagerStub::SetPermissionOpFuncInMap() -{ - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_USER_GRANTED_PERMISSION_USED_TYPE)] = - &AccessTokenManagerStub::GetPermissionUsedTypeInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::VERIFY_ACCESSTOKEN)] = - &AccessTokenManagerStub::VerifyAccessTokenInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::VERIFY_ACCESSTOKEN_WITH_LIST)] = - &AccessTokenManagerStub::VerifyAccessTokenWithListInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_DEF_PERMISSION)] = - &AccessTokenManagerStub::GetDefPermissionInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_REQ_PERMISSIONS)] = - &AccessTokenManagerStub::GetReqPermissionsInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_PERMISSION_FLAG)] = - &AccessTokenManagerStub::GetPermissionFlagInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GRANT_PERMISSION)] = - &AccessTokenManagerStub::GrantPermissionInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::REVOKE_PERMISSION)] = - &AccessTokenManagerStub::RevokePermissionInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GRANT_PERMISSION_FOR_SPECIFIEDTIME)] = - &AccessTokenManagerStub::GrantPermissionForSpecifiedTimeInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::CLEAR_USER_GRANT_PERMISSION)] = - &AccessTokenManagerStub::ClearUserGrantedPermissionStateInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_PERMISSION_OPER_STATE)] = - &AccessTokenManagerStub::GetSelfPermissionsStateInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_PERMISSIONS_STATUS)] = - &AccessTokenManagerStub::GetPermissionsStatusInner; - requestFuncMap_[ - static_cast(AccessTokenInterfaceCode::REGISTER_PERM_STATE_CHANGE_CALLBACK)] = - &AccessTokenManagerStub::RegisterPermStateChangeCallbackInner; - requestFuncMap_[ - static_cast(AccessTokenInterfaceCode::UNREGISTER_PERM_STATE_CHANGE_CALLBACK)] = - &AccessTokenManagerStub::UnRegisterPermStateChangeCallbackInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::DUMP_TOKENINFO)] = - &AccessTokenManagerStub::DumpTokenInfoInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_VERSION)] = - &AccessTokenManagerStub::GetVersionInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::SET_PERMISSION_REQUEST_TOGGLE_STATUS)] = - &AccessTokenManagerStub::SetPermissionRequestToggleStatusInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_PERMISSION_REQUEST_TOGGLE_STATUS)] = - &AccessTokenManagerStub::GetPermissionRequestToggleStatusInner; - requestFuncMap_[ - static_cast(AccessTokenInterfaceCode::REGISTER_SELF_PERM_STATE_CHANGE_CALLBACK)] = - &AccessTokenManagerStub::RegisterSelfPermStateChangeCallbackInner; - requestFuncMap_[ - static_cast(AccessTokenInterfaceCode::UNREGISTER_SELF_PERM_STATE_CHANGE_CALLBACK)] = - &AccessTokenManagerStub::UnRegisterSelfPermStateChangeCallbackInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::REQUEST_APP_PERM_ON_SETTING)] = - &AccessTokenManagerStub::RequestAppPermOnSettingInner; -} - -AccessTokenManagerStub::AccessTokenManagerStub() -{ - SetPermissionOpFuncInMap(); - SetLocalTokenOpFuncInMap(); -#ifdef TOKEN_SYNC_ENABLE - SetTokenSyncFuncInMap(); -#endif -} - -AccessTokenManagerStub::~AccessTokenManagerStub() -{ - requestFuncMap_.clear(); -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS diff --git a/services/accesstokenmanager/test/coverage/BUILD.gn b/services/accesstokenmanager/test/coverage/BUILD.gn index 15c858e9c3fd3f323d05f25944b7dcf6cb3ac648..a98dc05e9016af58dbc012fd95ca0dbe76f9f01b 100644 --- a/services/accesstokenmanager/test/coverage/BUILD.gn +++ b/services/accesstokenmanager/test/coverage/BUILD.gn @@ -36,7 +36,6 @@ accesstoken_manager_service_source = [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp", @@ -88,7 +87,10 @@ ohos_unittest("libaccesstoken_manager_service_coverage_test") { cflags_cc = [ "-DHILOG_ENABLE" ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] deps = [ "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", @@ -99,6 +101,7 @@ ohos_unittest("libaccesstoken_manager_service_coverage_test") { "${access_token_path}/interfaces/innerkits/privacy:libprivacy_sdk", "${access_token_path}/interfaces/innerkits/token_setproc:libperm_setproc", "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_stub", "${access_token_path}/services/common:accesstoken_service_common", ] diff --git a/services/accesstokenmanager/test/mock/BUILD.gn b/services/accesstokenmanager/test/mock/BUILD.gn index f52d369b6fbc762b7c5dea80f3645840755977ac..cdfbd1081c1ee6cc3e5d2955969a14a5a9ae40bc 100644 --- a/services/accesstokenmanager/test/mock/BUILD.gn +++ b/services/accesstokenmanager/test/mock/BUILD.gn @@ -36,7 +36,6 @@ accesstoken_manager_service_source = [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp", @@ -89,7 +88,10 @@ ohos_unittest("libpermission_manager_mock_test") { cflags_cc = [ "-DHILOG_ENABLE" ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] deps = [ "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", @@ -100,6 +102,7 @@ ohos_unittest("libpermission_manager_mock_test") { "${access_token_path}/interfaces/innerkits/privacy:libprivacy_sdk", "${access_token_path}/interfaces/innerkits/token_setproc:libperm_setproc", "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_stub", "${access_token_path}/services/common:accesstoken_service_common", ] diff --git a/services/accesstokenmanager/test/unittest/BUILD.gn b/services/accesstokenmanager/test/unittest/BUILD.gn index 812c0a2a1915dbd31d4f2c30d63e29cae4f56407..4ad711c0f6d43f04426a64639c70b6ca67ac1481 100644 --- a/services/accesstokenmanager/test/unittest/BUILD.gn +++ b/services/accesstokenmanager/test/unittest/BUILD.gn @@ -36,7 +36,6 @@ accesstoken_manager_service_source = [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp", @@ -102,7 +101,10 @@ ohos_unittest("libaccesstoken_manager_service_standard_test") { sources += [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/dlp_permission_set_manager.cpp" ] } - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] deps = [ "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", @@ -113,6 +115,7 @@ ohos_unittest("libaccesstoken_manager_service_standard_test") { "${access_token_path}/interfaces/innerkits/privacy:libprivacy_sdk", "${access_token_path}/interfaces/innerkits/token_setproc:libperm_setproc", "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_stub", "${access_token_path}/services/common:accesstoken_service_common", ] diff --git a/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp b/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp index a600335873a2a9082459a31129bb4f25d9aabb8d..56cff645e20d31ee4aa025236e3999b80ec9f250 100644 --- a/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp +++ b/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp @@ -35,6 +35,7 @@ #include "permission_validator.h" #include "string_ex.h" #include "token_setproc.h" +#include "system_ability_definition.h" using namespace testing::ext; using namespace OHOS; @@ -48,6 +49,7 @@ static constexpr int USER_ID = 100; static constexpr int INST_INDEX = 0; static constexpr int32_t MAX_EXTENDED_MAP_SIZE = 512; static constexpr int32_t MAX_VALUE_LENGTH = 1024; +static AccessTokenID g_selfTokenId = 0; static PermissionDef g_infoManagerTestPermDef1 = { .permissionName = "open the door", .bundleName = "accesstoken_test", @@ -107,6 +109,7 @@ static PermissionStatus g_permState = { }; #ifdef TOKEN_SYNC_ENABLE +static uint32_t tokenSyncId_ = 0; static const int32_t FAKE_SYNC_RET = 0xabcdef; class TokenSyncCallbackMock : public TokenSyncCallbackStub { public: @@ -122,12 +125,14 @@ public: void AccessTokenInfoManagerTest::SetUpTestCase() { + g_selfTokenId = GetSelfTokenID(); AccessTokenInfoManager::GetInstance().Init(); } void AccessTokenInfoManagerTest::TearDownTestCase() { sleep(3); // delay 3 minutes + SetSelfTokenID(g_selfTokenId); } void AccessTokenInfoManagerTest::SetUp() @@ -387,9 +392,10 @@ HWTEST_F(AccessTokenInfoManagerTest, InitHapToken001, TestSize.Level1) HapPolicyParcel hapPolicyParcel; hapPolicyParcel.hapPolicy.apl = ATokenAplEnum::APL_NORMAL; hapPolicyParcel.hapPolicy.domain = "test.domain"; - AccessTokenIDEx tokenIdEx; - HapInfoCheckResult result; - ASSERT_EQ(ERR_PARAM_INVALID, atManagerService_->InitHapToken(hapinfoParcel, hapPolicyParcel, tokenIdEx, result)); + uint64_t fullTokenId; + HapInfoCheckResultParcel result; + ASSERT_EQ(ERR_PARAM_INVALID, + atManagerService_->InitHapToken(hapinfoParcel, hapPolicyParcel, fullTokenId, result)); } /** @@ -413,10 +419,10 @@ HWTEST_F(AccessTokenInfoManagerTest, InitHapToken002, TestSize.Level1) HapPolicyParcel hapPolicyParcel; hapPolicyParcel.hapPolicy.apl = ATokenAplEnum::APL_NORMAL; hapPolicyParcel.hapPolicy.domain = "test.domain"; - AccessTokenIDEx tokenIdEx; - HapInfoCheckResult result; + uint64_t fullTokenId; + HapInfoCheckResultParcel result; ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, - atManagerService_->InitHapToken(hapinfoParcel, hapPolicyParcel, tokenIdEx, result)); + atManagerService_->InitHapToken(hapinfoParcel, hapPolicyParcel, fullTokenId, result)); } /** @@ -454,16 +460,23 @@ HWTEST_F(AccessTokenInfoManagerTest, InitHapToken003, TestSize.Level1) .permList = {}, .permStateList = { permissionStateA, permissionStateB } }; - AccessTokenIDEx fullTokenId = {0}; + uint64_t fullTokenId;; + HapInfoCheckResultParcel resultParcel; HapInfoCheckResult result; - ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, atManagerService_->InitHapToken(info, policy, fullTokenId, result)); + ASSERT_EQ(0, + atManagerService_->InitHapToken(info, policy, fullTokenId, resultParcel)); + + result = resultParcel.hapInfoCheckResult; ASSERT_EQ(result.permCheckResult.permissionName, "ohos.permission.GET_ALL_APP_ACCOUNTS"); ASSERT_EQ(result.permCheckResult.rule, PERMISSION_ACL_RULE); permissionStateA.permissionName = "ohos.permission.ENTERPRISE_MANAGE_SETTINGS"; policy.hapPolicy.aclRequestedList = { "ohos.permission.ENTERPRISE_MANAGE_SETTINGS" }; policy.hapPolicy.permStateList = { permissionStateA, permissionStateB }; - ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, atManagerService_->InitHapToken(info, policy, fullTokenId, result)); + ASSERT_EQ(0, + atManagerService_->InitHapToken(info, policy, fullTokenId, resultParcel)); + + result = resultParcel.hapInfoCheckResult; ASSERT_EQ(result.permCheckResult.permissionName, "ohos.permission.ENTERPRISE_MANAGE_SETTINGS"); ASSERT_EQ(result.permCheckResult.rule, PERMISSION_EDM_RULE); } @@ -546,8 +559,8 @@ HWTEST_F(AccessTokenInfoManagerTest, InitHapToken004, TestSize.Level1) HapPolicyParcel policy; GetHapParams(info.hapInfoParameter, policy.hapPolicy); - AccessTokenIDEx fullTokenId; - HapInfoCheckResult result; + uint64_t fullTokenId;; + HapInfoCheckResultParcel result; int32_t ret = atManagerService_->InitHapToken(info, policy, fullTokenId, result); ASSERT_EQ(RET_SUCCESS, ret); @@ -561,12 +574,14 @@ HWTEST_F(AccessTokenInfoManagerTest, InitHapToken004, TestSize.Level1) std::to_string(MAX_EXTENDED_MAP_SIZE - 1); ret = atManagerService_->InitHapToken(info, policy, fullTokenId, result); ASSERT_EQ(RET_SUCCESS, ret); + AccessTokenIDEx tokenIDEx = {fullTokenId}; + AccessTokenID tokenID = tokenIDEx.tokenIdExStruct.tokenID; policy.hapPolicy.aclExtendedMap[std::to_string(MAX_EXTENDED_MAP_SIZE)] = std::to_string(MAX_EXTENDED_MAP_SIZE); ret = atManagerService_->InitHapToken(info, policy, fullTokenId, result); ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); - AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ret = atManagerService_->DeleteToken(tokenID); EXPECT_EQ(RET_SUCCESS, ret); } @@ -583,8 +598,8 @@ HWTEST_F(AccessTokenInfoManagerTest, InitHapToken005, TestSize.Level1) HapPolicyParcel policy; GetHapParams(info.hapInfoParameter, policy.hapPolicy); - AccessTokenIDEx fullTokenId; - HapInfoCheckResult result; + uint64_t fullTokenId; + HapInfoCheckResultParcel result; policy.hapPolicy.aclExtendedMap["ohos.permission.ACCESS_CERT_MANAGER"] = ""; int32_t ret = atManagerService_->InitHapToken(info, policy, fullTokenId, result); ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); @@ -598,12 +613,13 @@ HWTEST_F(AccessTokenInfoManagerTest, InitHapToken005, TestSize.Level1) policy.hapPolicy.aclExtendedMap["ohos.permission.ACCESS_CERT_MANAGER"] = testValue; ret = atManagerService_->InitHapToken(info, policy, fullTokenId, result); ASSERT_EQ(RET_SUCCESS, ret); + AccessTokenIDEx tokenIDEx = {fullTokenId}; + AccessTokenID tokenID = tokenIDEx.tokenIdExStruct.tokenID; testValue.push_back('1'); policy.hapPolicy.aclExtendedMap["ohos.permission.ACCESS_CERT_MANAGER"] = testValue; ret = atManagerService_->InitHapToken(info, policy, fullTokenId, result); ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); - AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; ret = atManagerService_->DeleteToken(tokenID); EXPECT_EQ(RET_SUCCESS, ret); @@ -621,18 +637,18 @@ HWTEST_F(AccessTokenInfoManagerTest, InitHapToken006, TestSize.Level1) HapPolicyParcel policy; GetHapParams(info.hapInfoParameter, policy.hapPolicy); TestPrepareKernelPermissionDefinition(info.hapInfoParameter, policy.hapPolicy); - AccessTokenIDEx fullTokenId; - HapInfoCheckResult result; + uint64_t fullTokenId; + HapInfoCheckResultParcel result; // update permission definition int32_t ret = atManagerService_->InitHapToken(info, policy, fullTokenId, result); ASSERT_EQ(RET_SUCCESS, ret); TestPrepareKernelPermissionStatus(policy.hapPolicy); ret = atManagerService_->InitHapToken(info, policy, fullTokenId, result); - AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + AccessTokenID tokenID = static_cast(fullTokenId); ASSERT_EQ(RET_SUCCESS, ret); - std::vector kernelPermList; + std::vector kernelPermList; ret = atManagerService_->GetKernelPermissions(tokenID, kernelPermList); ASSERT_EQ(RET_SUCCESS, ret); ASSERT_EQ(0, kernelPermList.size()); @@ -859,15 +875,15 @@ HWTEST_F(AccessTokenInfoManagerTest, UpdateHapToken004, TestSize.Level1) HapPolicyParcel policy; GetHapParams(info.hapInfoParameter, policy.hapPolicy); TestPrepareKernelPermissionDefinition(info.hapInfoParameter, policy.hapPolicy); - AccessTokenIDEx fullTokenId; - HapInfoCheckResult result; + uint64_t fullTokenId; + HapInfoCheckResultParcel result; // update permission definition int32_t ret = atManagerService_->InitHapToken(info, policy, fullTokenId, result); ASSERT_EQ(RET_SUCCESS, ret); TestPrepareKernelPermissionStatus(policy.hapPolicy); ret = atManagerService_->InitHapToken(info, policy, fullTokenId, result); - AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + AccessTokenID tokenID = static_cast(fullTokenId); ASSERT_EQ(RET_SUCCESS, ret); policy.hapPolicy.aclExtendedMap["ohos.permission.kernel.ALLOW_WRITABLE_CODE_MEMORY"] = "1"; // modified value @@ -887,10 +903,12 @@ HWTEST_F(AccessTokenInfoManagerTest, UpdateHapToken004, TestSize.Level1) .isSystemApp = true, .appDistributionType = "", }; - ret = atManagerService_->UpdateHapToken(fullTokenId, updateInfoParams, policy, result); + UpdateHapInfoParcel updateInfoParamsParcel; + updateInfoParamsParcel.hapInfoParameter = updateInfoParams; + ret = atManagerService_->UpdateHapToken(fullTokenId, updateInfoParamsParcel, policy, result); ASSERT_EQ(RET_SUCCESS, ret); - std::vector kernelPermList; + std::vector kernelPermList; ret = atManagerService_->GetKernelPermissions(tokenID, kernelPermList); ASSERT_EQ(RET_SUCCESS, ret); ASSERT_EQ(0, kernelPermList.size()); @@ -1143,6 +1161,15 @@ HWTEST_F(AccessTokenInfoManagerTest, NotifyTokenSyncTask001, TestSize.Level1) TokenModifyNotifier::GetInstance().modifiedTokenList_ = modifiedTokenList; // recovery } +void setPermission() +{ + setuid(0); + if (tokenSyncId_ == 0) { + tokenSyncId_ = AccessTokenInfoManager::GetInstance().GetNativeTokenId("token_sync_service"); + } + SetSelfTokenID(tokenSyncId_); +} + /** * @tc.name: RegisterTokenSyncCallback001 * @tc.desc: TokenModifyNotifier::RegisterTokenSyncCallback function test @@ -1151,7 +1178,7 @@ HWTEST_F(AccessTokenInfoManagerTest, NotifyTokenSyncTask001, TestSize.Level1) */ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenSyncCallback001, TestSize.Level1) { - setuid(3020); + setPermission(); sptr callback = new (std::nothrow) TokenSyncCallbackMock(); ASSERT_NE(nullptr, callback); EXPECT_EQ(RET_SUCCESS, @@ -1159,6 +1186,7 @@ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenSyncCallback001, TestSize.Leve EXPECT_NE(nullptr, TokenModifyNotifier::GetInstance().tokenSyncCallbackObject_); EXPECT_NE(nullptr, TokenModifyNotifier::GetInstance().tokenSyncCallbackDeathRecipient_); + setuid(3020); EXPECT_CALL(*callback, GetRemoteHapTokenInfo(testing::_, testing::_)).WillOnce(testing::Return(FAKE_SYNC_RET)); EXPECT_EQ(FAKE_SYNC_RET, TokenModifyNotifier::GetInstance().tokenSyncCallbackObject_->GetRemoteHapTokenInfo("", 0)); @@ -1169,6 +1197,7 @@ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenSyncCallback001, TestSize.Leve EXPECT_CALL(*callback, UpdateRemoteHapTokenInfo(testing::_)).WillOnce(testing::Return(FAKE_SYNC_RET)); EXPECT_EQ(FAKE_SYNC_RET, TokenModifyNotifier::GetInstance().tokenSyncCallbackObject_->UpdateRemoteHapTokenInfo(tokenInfo)); + setPermission(); EXPECT_EQ(RET_SUCCESS, atManagerService_->UnRegisterTokenSyncCallback()); EXPECT_EQ(nullptr, TokenModifyNotifier::GetInstance().tokenSyncCallbackObject_); @@ -1184,12 +1213,13 @@ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenSyncCallback001, TestSize.Leve */ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenSyncCallback002, TestSize.Level1) { - setuid(3020); + setPermission(); sptr callback = new (std::nothrow) TokenSyncCallbackMock(); ASSERT_NE(nullptr, callback); EXPECT_EQ(RET_SUCCESS, atManagerService_->RegisterTokenSyncCallback(callback->AsObject())); EXPECT_NE(nullptr, TokenModifyNotifier::GetInstance().tokenSyncCallbackObject_); + setuid(3020); EXPECT_CALL(*callback, GetRemoteHapTokenInfo(testing::_, testing::_)) .WillOnce(testing::Return(FAKE_SYNC_RET)); EXPECT_EQ(FAKE_SYNC_RET, TokenModifyNotifier::GetInstance().GetRemoteHapTokenInfo("", 0)); @@ -1225,6 +1255,7 @@ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenSyncCallback002, TestSize.Leve TokenModifyNotifier::GetInstance().modifiedTokenList_ = modifiedTokenList; // recovery TokenModifyNotifier::GetInstance().deleteTokenList_ = deleteTokenList; + setPermission(); EXPECT_EQ(RET_SUCCESS, atManagerService_->UnRegisterTokenSyncCallback()); setuid(0); @@ -1238,10 +1269,11 @@ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenSyncCallback002, TestSize.Leve */ HWTEST_F(AccessTokenInfoManagerTest, GetRemoteHapTokenInfo001, TestSize.Level1) { - setuid(3020); + setPermission(); sptr callback = new (std::nothrow) TokenSyncCallbackMock(); ASSERT_NE(nullptr, callback); EXPECT_EQ(RET_SUCCESS, atManagerService_->RegisterTokenSyncCallback(callback->AsObject())); + setuid(3020); EXPECT_CALL(*callback, GetRemoteHapTokenInfo(testing::_, testing::_)) .WillOnce(testing::Return(FAKE_SYNC_RET)); EXPECT_EQ(FAKE_SYNC_RET, TokenModifyNotifier::GetInstance() @@ -1251,6 +1283,7 @@ HWTEST_F(AccessTokenInfoManagerTest, GetRemoteHapTokenInfo001, TestSize.Level1) .WillOnce(testing::Return(TOKEN_SYNC_OPENSOURCE_DEVICE)); EXPECT_EQ(TOKEN_SYNC_IPC_ERROR, TokenModifyNotifier::GetInstance() .GetRemoteHapTokenInfo("invalid_id", 0)); // this is a test input + setPermission(); EXPECT_EQ(RET_SUCCESS, atManagerService_->UnRegisterTokenSyncCallback()); setuid(0); @@ -2107,8 +2140,9 @@ HWTEST_F(AccessTokenInfoManagerTest, AllocHapToken001, TestSize.Level1) hapPolicyParcel.hapPolicy.apl = ATokenAplEnum::APL_NORMAL; hapPolicyParcel.hapPolicy.domain = "test.domain"; - AccessTokenIDEx tokenIDEx = atManagerService_->AllocHapToken(hapinfoParcel, hapPolicyParcel); - ASSERT_EQ(INVALID_TOKENID, tokenIDEx.tokenIDEx); + uint64_t tokenIDEx; + atManagerService_->AllocHapToken(hapinfoParcel, hapPolicyParcel, tokenIDEx); + ASSERT_EQ(INVALID_TOKENID, tokenIDEx); } /** @@ -2158,34 +2192,6 @@ HWTEST_F(AccessTokenInfoManagerTest, Dlopen002, TestSize.Level1) } #endif -/** - * @tc.name: OnRemoteRequest001 - * @tc.desc: Test OnRemoteRequest - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenInfoManagerTest, OnRemoteRequest001, TestSize.Level1) -{ - uint32_t code = 0; - MessageParcel data; - MessageParcel reply; - MessageOption option; - data.WriteInterfaceToken(u"this is a test interface"); - EXPECT_EQ(ERROR_IPC_REQUEST_FAIL, atManagerService_->OnRemoteRequest(code, data, reply, option)); - - std::map oldMap = atManagerService_->requestFuncMap_; - atManagerService_->requestFuncMap_.clear(); - atManagerService_->requestFuncMap_[1] = nullptr; - - data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); - EXPECT_NE(NO_ERROR, atManagerService_->OnRemoteRequest(code, data, reply, option)); - - data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); - EXPECT_NE(NO_ERROR, atManagerService_->OnRemoteRequest(1, data, reply, option)); - - atManagerService_->requestFuncMap_ = oldMap; -} - /** * @tc.name: VerifyNativeAccessToken001 * @tc.desc: AccessTokenInfoManagerTest::VerifyNativeAccessToken function test @@ -2393,4 +2399,4 @@ HWTEST_F(AccessTokenInfoManagerTest, GetPermissionRequestToggleStatus002, TestSi } } // namespace AccessToken } // namespace Security -} // namespace OHOS +} // namespace OHOS \ No newline at end of file diff --git a/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni b/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni index e48ac73d97a4ec3ac926316416cea23a4cbb56cf..fe1d53b7a46f098bbdee053b9027b983ae99de8e 100644 --- a/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni +++ b/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -55,6 +55,7 @@ access_token_deps = [ "${access_token_path}/interfaces/innerkits/token_setproc:libperm_setproc", "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", "${access_token_path}/services/accesstokenmanager:access_token.rc", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_stub", "${access_token_path}/services/accesstokenmanager/etc:param_files", "${access_token_path}/services/common:accesstoken_service_common", "${access_token_path}/services/common/json_parse:accesstoken_cjson_utils", @@ -100,7 +101,6 @@ access_token_sources = [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/short_grant_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp", diff --git a/test/fuzztest/services/accesstoken/allochaptokenstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/allochaptokenstub_fuzzer/BUILD.gn index 72c33dd1538932bc77bf79c8deb6faa49be13624..1f39ccfefec1703ad7b411e779ab2e2193c4d709 100644 --- a/test/fuzztest/services/accesstoken/allochaptokenstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/allochaptokenstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("AllocHapTokenStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/allochaptokenstub_fuzzer/allochaptokenstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/allochaptokenstub_fuzzer/allochaptokenstub_fuzzer.cpp index 15da22d9aecf7f7a433a461a56de1e9006523ed7..25a2b792bcf7bdcee5557484224fe87b758e25d2 100644 --- a/test/fuzztest/services/accesstoken/allochaptokenstub_fuzzer/allochaptokenstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/allochaptokenstub_fuzzer/allochaptokenstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023-2024 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -24,7 +24,7 @@ #undef private #include "accesstoken_manager_service.h" #include "hap_info_parcel.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -84,7 +84,7 @@ namespace OHOS { ConstructorParam(fuzzData, hapInfoParcel, hapPolicyParcel); MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + datas.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!datas.WriteParcelable(&hapInfoParcel)) { return false; } @@ -93,7 +93,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::ALLOC_TOKEN_HAP); + IAccesstokenManagerIpcCode::COMMAND_ALLOC_HAP_TOKEN); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/alloclocaltokenidstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/alloclocaltokenidstub_fuzzer/BUILD.gn index 16c34223efd86b6027ff11074f406a92569c2954..ef4e85f2a0997569d3b85bcfe5ec1255123a4bac 100644 --- a/test/fuzztest/services/accesstoken/alloclocaltokenidstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/alloclocaltokenidstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("AllocLocalTokenIDStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/alloclocaltokenidstub_fuzzer/alloclocaltokenidstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/alloclocaltokenidstub_fuzzer/alloclocaltokenidstub_fuzzer.cpp index afca023e194c3574d01d56261c9f14892046d9df..66c39c7c2b253fd6e9a4b14cf88ef37237d62421 100644 --- a/test/fuzztest/services/accesstoken/alloclocaltokenidstub_fuzzer/alloclocaltokenidstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/alloclocaltokenidstub_fuzzer/alloclocaltokenidstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #include "accesstoken_fuzzdata.h" #undef private #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -42,13 +42,13 @@ namespace OHOS { std::string testName(fuzzData.GenerateStochasticString()); MessageParcel inData; - inData.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + inData.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!inData.WriteUint32(tokenId) || !inData.WriteString(testName)) { return false; } uint32_t code = static_cast( - AccessTokenInterfaceCode::ALLOC_LOCAL_TOKEN_ID); + IAccesstokenManagerIpcCode::COMMAND_ALLOC_LOCAL_TOKEN_I_D); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/clearusergrantedpermissionstatestub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/clearusergrantedpermissionstatestub_fuzzer/BUILD.gn index 8e0863d3bf64db66ec16a10a40eb6b2257c0dedc..eb322e7499a3ebbdf28453a4db4e201a4912228a 100644 --- a/test/fuzztest/services/accesstoken/clearusergrantedpermissionstatestub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/clearusergrantedpermissionstatestub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("ClearUserGrantedPermissionStateStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/clearusergrantedpermissionstatestub_fuzzer/clearusergrantedpermissionstatestub_fuzzer.cpp b/test/fuzztest/services/accesstoken/clearusergrantedpermissionstatestub_fuzzer/clearusergrantedpermissionstatestub_fuzzer.cpp index 74b20b9536af374e0a4de7d7428984ef9c8230c2..818e9d841026da89ad9c36997a60601b42212d21 100644 --- a/test/fuzztest/services/accesstoken/clearusergrantedpermissionstatestub_fuzzer/clearusergrantedpermissionstatestub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/clearusergrantedpermissionstatestub_fuzzer/clearusergrantedpermissionstatestub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #include "accesstoken_fuzzdata.h" #undef private #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -40,13 +40,13 @@ namespace OHOS { AccessTokenFuzzData fuzzData(data, size); AccessTokenID tokenId = fuzzData.GetData(); MessageParcel sendData; - sendData.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + sendData.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!sendData.WriteUint32(tokenId)) { return false; } uint32_t code = static_cast( - AccessTokenInterfaceCode::CLEAR_USER_GRANT_PERMISSION); + IAccesstokenManagerIpcCode::COMMAND_CLEAR_USER_GRANTED_PERMISSION_STATE); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/BUILD.gn index 03a4a1ceb2f7a5dec93427e71b6f6dd1e4d34019..89322c78e3cd2a2c79c7fe870b6122493d970140 100644 --- a/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("DeleteRemoteDeviceTokensStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/deleteremotedevicetokensstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/deleteremotedevicetokensstub_fuzzer.cpp index cd02f2da0bcae6cb5ea89da5fee57793b417bc00..6fde919b97fd5622889b07e51845152466a8bf0c 100644 --- a/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/deleteremotedevicetokensstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/deleteremotedevicetokensstub_fuzzer.cpp @@ -23,7 +23,7 @@ #include "accesstoken_info_manager.h" #include "accesstoken_kit.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" #include "token_setproc.h" using namespace std; @@ -44,13 +44,13 @@ namespace OHOS { std::string testName(fuzzData.GenerateStochasticString()); MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + datas.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!datas.WriteString(testName)) { return false; } uint32_t code = static_cast( - AccessTokenInterfaceCode::DELETE_REMOTE_DEVICE_TOKEN); + IAccesstokenManagerIpcCode::COMMAND_DELETE_REMOTE_DEVICE_TOKENS); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/BUILD.gn index 9985da7f89581a0ef03509da721cabb08c22780e..dd7879a031d54ab447efa47ecc48407becebbc15 100644 --- a/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("DeleteRemoteTokenStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/deleteremotetokenstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/deleteremotetokenstub_fuzzer.cpp index 86ef252ac2bf449ecb1906e048655decae7fee26..31f0983c577387674f78c3e321dc878083f8883c 100644 --- a/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/deleteremotetokenstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/deleteremotetokenstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #include "accesstoken_info_manager.h" #include "accesstoken_kit.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" #include "token_setproc.h" using namespace std; @@ -45,7 +45,7 @@ namespace OHOS { AccessTokenID tokenId = fuzzData.GetData(); MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + datas.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!datas.WriteString(testName)) { return false; } @@ -54,7 +54,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::DELETE_REMOTE_TOKEN_INFO); + IAccesstokenManagerIpcCode::COMMAND_DELETE_REMOTE_TOKEN); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/deletetokenstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/deletetokenstub_fuzzer/BUILD.gn index f64cc370ef3958938468e4e73bbb06c99088d2bf..e6f4582bc93ef6fdd19b01e2a09f3d02d17323de 100644 --- a/test/fuzztest/services/accesstoken/deletetokenstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/deletetokenstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("DeleteTokenStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/deletetokenstub_fuzzer/deletetokenstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/deletetokenstub_fuzzer/deletetokenstub_fuzzer.cpp index 2048eeedce20d301f1dd10de65d64c6b20ca7b0c..92c96c0b5f84e45cab74dd152625b880dc9827df 100644 --- a/test/fuzztest/services/accesstoken/deletetokenstub_fuzzer/deletetokenstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/deletetokenstub_fuzzer/deletetokenstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #include "accesstoken_fuzzdata.h" #undef private #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -41,13 +41,13 @@ namespace OHOS { AccessTokenID tokenId = fuzzData.GetData(); MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + datas.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!datas.WriteUint32(tokenId)) { return false; } uint32_t code = static_cast( - AccessTokenInterfaceCode::TOKEN_DELETE); + IAccesstokenManagerIpcCode::COMMAND_DELETE_TOKEN); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/dumptokeninfostub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/dumptokeninfostub_fuzzer/BUILD.gn index c2446867e34138d6eb6fc48e8fbb184294870bf9..18993e0907a2ca239f1c9900bf15bee8f8774b11 100644 --- a/test/fuzztest/services/accesstoken/dumptokeninfostub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/dumptokeninfostub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("DumpTokenInfoStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/dumptokeninfostub_fuzzer/dumptokeninfostub_fuzzer.cpp b/test/fuzztest/services/accesstoken/dumptokeninfostub_fuzzer/dumptokeninfostub_fuzzer.cpp index b60d7399638346d48f1b66873d7a0a6afade1c57..9a68ca24bbf0b7d38215367ba0db37b0b9d3a37a 100644 --- a/test/fuzztest/services/accesstoken/dumptokeninfostub_fuzzer/dumptokeninfostub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/dumptokeninfostub_fuzzer/dumptokeninfostub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #include "accesstoken_fuzzdata.h" #undef private #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -37,13 +37,13 @@ namespace OHOS { AccessTokenID tokenId = fuzzData.GetData(); MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + datas.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!datas.WriteUint32(tokenId)) { return false; } uint32_t code = static_cast( - AccessTokenInterfaceCode::DUMP_TOKENINFO); + IAccesstokenManagerIpcCode::COMMAND_DUMP_TOKEN_INFO); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/getdefpermissionstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getdefpermissionstub_fuzzer/BUILD.gn index ded95af835e952c36675ea146e57ae02bc33b4c6..f86e07e9347237075eeb0ed272339e029efc1ace 100644 --- a/test/fuzztest/services/accesstoken/getdefpermissionstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getdefpermissionstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetDefPermissionStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getdefpermissionstub_fuzzer/getdefpermissionstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getdefpermissionstub_fuzzer/getdefpermissionstub_fuzzer.cpp index f16a5736629b4e13fc253191cea83f4c5321538f..5c40c9c70ced2d9f407896fbe98b4556032637d2 100644 --- a/test/fuzztest/services/accesstoken/getdefpermissionstub_fuzzer/getdefpermissionstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getdefpermissionstub_fuzzer/getdefpermissionstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #include "accesstoken_fuzzdata.h" #undef private #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" #include "permission_def_parcel.h" using namespace std; @@ -39,13 +39,13 @@ namespace OHOS { std::string testName(fuzzData.GenerateStochasticString()); MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + datas.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!datas.WriteString(testName)) { return false; } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_DEF_PERMISSION); + IAccesstokenManagerIpcCode::COMMAND_GET_DEF_PERMISSION); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/gethaptokenidstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/gethaptokenidstub_fuzzer/BUILD.gn index feff7b531501d6976882ef0859152f37ac82cb72..8cb70d4702e560cd3f94ef3ef41c833fa26fa53e 100644 --- a/test/fuzztest/services/accesstoken/gethaptokenidstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/gethaptokenidstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetHapTokenIDStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/gethaptokenidstub_fuzzer/gethaptokenidstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/gethaptokenidstub_fuzzer/gethaptokenidstub_fuzzer.cpp index c2e0560eee018d51665fa1917f963227e151de2d..804403b0d35b7af63329c863fbb5570fa44ed90a 100644 --- a/test/fuzztest/services/accesstoken/gethaptokenidstub_fuzzer/gethaptokenidstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/gethaptokenidstub_fuzzer/gethaptokenidstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #include "accesstoken_fuzzdata.h" #undef private #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -44,14 +44,14 @@ namespace OHOS { int instIndex = static_cast(size); MessageParcel sendData; - sendData.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + sendData.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!sendData.WriteUint32(tokenId) || !sendData.WriteInt32(userID) || !sendData.WriteString(bundleName) || !sendData.WriteInt32(instIndex)) { return false; } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_HAP_TOKEN_ID); + IAccesstokenManagerIpcCode::COMMAND_GET_HAP_TOKEN_I_D); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/gethaptokeninfoextstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/gethaptokeninfoextstub_fuzzer/BUILD.gn index 96c90b59db1084e3ffab3ae2ebb033a5cc00c9b7..8c7e542de26bb988f90118c27afc44a265ed3ba8 100644 --- a/test/fuzztest/services/accesstoken/gethaptokeninfoextstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/gethaptokeninfoextstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetHapTokenInfoExtStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/gethaptokeninfoextstub_fuzzer/gethaptokeninfoextstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/gethaptokeninfoextstub_fuzzer/gethaptokeninfoextstub_fuzzer.cpp index 2f2c8dfc706cb2d0e9cd194697181658af504c54..ec4129617abb152791829c30289c8462c362c37b 100644 --- a/test/fuzztest/services/accesstoken/gethaptokeninfoextstub_fuzzer/gethaptokeninfoextstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/gethaptokeninfoextstub_fuzzer/gethaptokeninfoextstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -24,7 +24,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" #include "permission_def_parcel.h" #include "accesstoken_kit.h" #include "access_token.h" @@ -128,13 +128,13 @@ namespace OHOS { } MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + datas.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!datas.WriteUint32(tokenId)) { return false; } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_HAP_TOKENINFO_EXT); + IAccesstokenManagerIpcCode::COMMAND_GET_HAP_TOKEN_INFO_EXTENSION); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/BUILD.gn index 6cebda6d47d62bdc158c0599ca974e0fa08375d7..e13481a3abf9d11dededc45afef7c4eb402ad736 100644 --- a/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetHapTokenInfoFromRemoteStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/gethaptokeninfofromremotestub_fuzzer.cpp b/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/gethaptokeninfofromremotestub_fuzzer.cpp index 747adab6e8572712cb91c810f0b86561e5d6721b..b3fc52d04bb6a6f258490e01406fd39dc8f1faf2 100644 --- a/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/gethaptokeninfofromremotestub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/gethaptokeninfofromremotestub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #include "accesstoken_info_manager.h" #include "accesstoken_kit.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" #include "token_setproc.h" using namespace std; @@ -43,13 +43,13 @@ namespace OHOS { AccessTokenID tokenId = fuzzData.GetData(); MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + datas.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!datas.WriteUint32(tokenId)) { return false; } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_HAP_TOKEN_FROM_REMOTE); + IAccesstokenManagerIpcCode::COMMAND_GET_HAP_TOKEN_INFO_FROM_REMOTE); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/gethaptokeninfostub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/gethaptokeninfostub_fuzzer/BUILD.gn index 3780e4e29bb6abd2133078547cda3472a6e18020..b55707225e29bfedc5394b6c586674a62cb8f0a4 100644 --- a/test/fuzztest/services/accesstoken/gethaptokeninfostub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/gethaptokeninfostub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetHapTokenInfoStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/gethaptokeninfostub_fuzzer/gethaptokeninfostub_fuzzer.cpp b/test/fuzztest/services/accesstoken/gethaptokeninfostub_fuzzer/gethaptokeninfostub_fuzzer.cpp index 234dcdd9ca48dec47939f94f7cc9e6d89b3aefef..31a9a56406fbad0f4375243f9c6b3a2574f21c81 100644 --- a/test/fuzztest/services/accesstoken/gethaptokeninfostub_fuzzer/gethaptokeninfostub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/gethaptokeninfostub_fuzzer/gethaptokeninfostub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" #include "permission_def_parcel.h" using namespace std; @@ -42,13 +42,13 @@ namespace OHOS { AccessTokenID tokenId = fuzzData.GetData(); MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + datas.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!datas.WriteUint32(tokenId)) { return false; } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_HAP_TOKENINFO); + IAccesstokenManagerIpcCode::COMMAND_GET_HAP_TOKEN_INFO); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/BUILD.gn index 5a0763a72fb4c1d4acffd9960562d869281cd5fb..26ceab56b8d019fa5d149e9a199b161ab9064e51 100644 --- a/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetKernelPermissionsStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/getkernelpermissionsstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/getkernelpermissionsstub_fuzzer.cpp index 5d18288f5acc58338dbd4d16f8a36df504c5bf72..a9b9d36f7be479bf8a3f75ca61ea598b18112079 100644 --- a/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/getkernelpermissionsstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/getkernelpermissionsstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -37,12 +37,12 @@ namespace OHOS { AccessTokenID tokenId = fuzzData.GetData(); MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + datas.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!datas.WriteUint32(tokenId)) { return false; } - uint32_t code = static_cast(AccessTokenInterfaceCode::GET_KERNEL_PERMISSIONS); + uint32_t code = static_cast(IAccesstokenManagerIpcCode::COMMAND_GET_KERNEL_PERMISSIONS); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/getnativetokenidstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getnativetokenidstub_fuzzer/BUILD.gn index 88f5a33e366d54da371b2d6ede1fe5de628803f0..5073a1bd1dc0aa786cf91c12e42170e77f8b9224 100644 --- a/test/fuzztest/services/accesstoken/getnativetokenidstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getnativetokenidstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetNativeTokenIdStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getnativetokenidstub_fuzzer/getnativetokenidstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getnativetokenidstub_fuzzer/getnativetokenidstub_fuzzer.cpp index a6ba9c6ec197c2627fba158b5c8a20083369926b..c6209c11bb7e435896f42e08b3e7a225977f63bc 100644 --- a/test/fuzztest/services/accesstoken/getnativetokenidstub_fuzzer/getnativetokenidstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getnativetokenidstub_fuzzer/getnativetokenidstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" #include "permission_def_parcel.h" using namespace std; @@ -42,13 +42,13 @@ namespace OHOS { std::string testName(fuzzData.GenerateStochasticString()); MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + datas.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!datas.WriteString(testName)) { return false; } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_NATIVE_TOKEN_ID); + IAccesstokenManagerIpcCode::COMMAND_GET_NATIVE_TOKEN_ID); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/getnativetokeninfostub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getnativetokeninfostub_fuzzer/BUILD.gn index bf1c570cd13430ae34a81819a02b5895ff5f8a84..edb8d280a89679caf74ddc0180ed26ffd9b1aadc 100644 --- a/test/fuzztest/services/accesstoken/getnativetokeninfostub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getnativetokeninfostub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetNativeTokenInfoStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getnativetokeninfostub_fuzzer/getnativetokeninfostub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getnativetokeninfostub_fuzzer/getnativetokeninfostub_fuzzer.cpp index aae9deef479833fc0511507e9362bfdd32dd9ae0..b12d4427db3fba7db53a6cf5f738dd97b92474dc 100644 --- a/test/fuzztest/services/accesstoken/getnativetokeninfostub_fuzzer/getnativetokeninfostub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getnativetokeninfostub_fuzzer/getnativetokeninfostub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -39,13 +39,13 @@ namespace OHOS { AccessTokenFuzzData fuzzData(data, size); AccessTokenID tokenId = fuzzData.GetData(); MessageParcel inData; - inData.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + inData.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!inData.WriteUint32(tokenId)) { return false; } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_NATIVE_TOKENINFO); + IAccesstokenManagerIpcCode::COMMAND_GET_NATIVE_TOKEN_INFO); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/getpermissionflagstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getpermissionflagstub_fuzzer/BUILD.gn index bd20c6515a44dba36067fdd94b204d1bab9d2d06..42ea8371c4faa5fa56c007bd34059a44c25b5607 100644 --- a/test/fuzztest/services/accesstoken/getpermissionflagstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getpermissionflagstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetPermissionFlagStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getpermissionflagstub_fuzzer/getpermissionflagstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getpermissionflagstub_fuzzer/getpermissionflagstub_fuzzer.cpp index 1a568a539a14ffbdaa1e67f1c2c2b2a5671138b7..e736059a06d2d34038c044be70b924d44ae81c1c 100644 --- a/test/fuzztest/services/accesstoken/getpermissionflagstub_fuzzer/getpermissionflagstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getpermissionflagstub_fuzzer/getpermissionflagstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -40,13 +40,13 @@ namespace OHOS { AccessTokenID tokenId = fuzzData.GetData(); std::string testName(fuzzData.GenerateStochasticString()); MessageParcel sendData; - sendData.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + sendData.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!sendData.WriteUint32(tokenId) || !sendData.WriteString(testName)) { return false; } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_PERMISSION_FLAG); + IAccesstokenManagerIpcCode::COMMAND_GET_PERMISSION_FLAG); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/getpermissionrequesttogglestatusstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getpermissionrequesttogglestatusstub_fuzzer/BUILD.gn index 07a60bedb24857339047cf812e441c73096c1e09..f0e2610ee6742c4b255090d7dfd503109f080f94 100644 --- a/test/fuzztest/services/accesstoken/getpermissionrequesttogglestatusstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getpermissionrequesttogglestatusstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetPermissionRequestToggleStatusStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getpermissionrequesttogglestatusstub_fuzzer/getpermissionrequesttogglestatusstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getpermissionrequesttogglestatusstub_fuzzer/getpermissionrequesttogglestatusstub_fuzzer.cpp index 841934814bc644260af981c2a5d2e22021ce2767..47d9050e299f30d837eb4ca230705e2b4b746c29 100644 --- a/test/fuzztest/services/accesstoken/getpermissionrequesttogglestatusstub_fuzzer/getpermissionrequesttogglestatusstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getpermissionrequesttogglestatusstub_fuzzer/getpermissionrequesttogglestatusstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -40,13 +40,13 @@ namespace OHOS { std::string testName(fuzzData.GenerateStochasticString()); int32_t userID = fuzzData.GetData(); MessageParcel sendData; - if (!sendData.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()) || + if (!sendData.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()) || !sendData.WriteString(testName) || !sendData.WriteInt32(userID)) { return false; } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_PERMISSION_REQUEST_TOGGLE_STATUS); + IAccesstokenManagerIpcCode::COMMAND_GET_PERMISSION_REQUEST_TOGGLE_STATUS); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/getpermissionsstatusstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getpermissionsstatusstub_fuzzer/BUILD.gn index 389e032db381b0c39dfcaca7b3f2d345963dd3fa..a23684432dda35a459f28ee481c6684b7e36565f 100644 --- a/test/fuzztest/services/accesstoken/getpermissionsstatusstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getpermissionsstatusstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -34,7 +34,10 @@ ohos_fuzztest("GetPermissionsStatusStubFuzzTest") { deps = access_token_deps deps += [ "${access_token_path}/interfaces/innerkits/nativetoken:libnativetoken_shared" ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getpermissionsstatusstub_fuzzer/getpermissionsstatusstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getpermissionsstatusstub_fuzzer/getpermissionsstatusstub_fuzzer.cpp index 472fcc4808d963d1e5cdd4936405f69cc2f16d20..d42343522d9ec830a2592b390806caa94c974375 100644 --- a/test/fuzztest/services/accesstoken/getpermissionsstatusstub_fuzzer/getpermissionsstatusstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getpermissionsstatusstub_fuzzer/getpermissionsstatusstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -24,7 +24,7 @@ #include "access_token.h" #include "accesstoken_kit.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" #include "nativetoken_kit.h" #include "securec.h" #include "token_setproc.h" @@ -111,7 +111,7 @@ size_t g_baseFuzzPos = 0; PermissionListStateParcel permParcel; permParcel.permsState = perm; MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + datas.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!datas.WriteUint32(tokenId)) { return false; } @@ -120,7 +120,7 @@ size_t g_baseFuzzPos = 0; } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_PERMISSIONS_STATUS); + IAccesstokenManagerIpcCode::COMMAND_GET_PERMISSIONS_STATUS); MessageParcel reply; MessageOption option; bool enable = ((size % CONSTANTS_NUMBER_TWO) == 0); diff --git a/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/BUILD.gn index 81e50ab0ae6d39754ca54140d1456bbe76314d14..7dd5fa2d0a96925f92e63a735ed100e566f29837 100644 --- a/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetPermissionUsedTypeStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/getpermissionusedtypestub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/getpermissionusedtypestub_fuzzer.cpp index 5c8a672deff002860635be02480145956391f1ba..2be9e644ee3e95ddc6ec0c3b7e021fc6d89bf237 100644 --- a/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/getpermissionusedtypestub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/getpermissionusedtypestub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -24,7 +24,7 @@ #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" #include "hap_info_parcel.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -43,7 +43,7 @@ bool GetPermissionUsedTypeStubFuzzTest(const uint8_t* data, size_t size) std::string permissionName(fuzzData.GenerateStochasticString()); MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + datas.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!datas.WriteUint32(tokenId)) { return false; } @@ -52,7 +52,7 @@ bool GetPermissionUsedTypeStubFuzzTest(const uint8_t* data, size_t size) } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_USER_GRANTED_PERMISSION_USED_TYPE); + IAccesstokenManagerIpcCode::COMMAND_GET_PERMISSION_USED_TYPE); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/BUILD.gn index d3ce3d6fc1078c32a209a1d62c83e62e35ac3287..927cfccaf33cb7fd7bfb088731fcc88f00c6aa52 100644 --- a/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetRemoteNativeTokenIDStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/getremotenativetokenidstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/getremotenativetokenidstub_fuzzer.cpp index 2b823907860ca6d8f828c08702053217b66fbcdb..7a5e52a04db35734ca15df0576cda2aad7e5218e 100644 --- a/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/getremotenativetokenidstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/getremotenativetokenidstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #include "accesstoken_info_manager.h" #include "accesstoken_kit.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" #include "token_setproc.h" using namespace std; @@ -45,7 +45,7 @@ namespace OHOS { AccessTokenID tokenId = fuzzData.GetData(); MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + datas.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!datas.WriteString(testName)) { return false; } @@ -54,7 +54,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_NATIVE_REMOTE_TOKEN); + IAccesstokenManagerIpcCode::COMMAND_GET_REMOTE_NATIVE_TOKEN_I_D); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/BUILD.gn index f2de773f08d93df3eeaef2b965bc0b52949d1224..33b23bf92c110a7d690f846a1b27898b01d0f6fa 100644 --- a/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetReqPermissionByNameStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/getreqpermissionbynamestub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/getreqpermissionbynamestub_fuzzer.cpp index d9f021801db41f5c66041eae2c9258f1d923dddf..1bf0b30d5cfa8d0021b6dcff3fa4392015bf44b7 100644 --- a/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/getreqpermissionbynamestub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/getreqpermissionbynamestub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -37,12 +37,12 @@ namespace OHOS { AccessTokenID tokenId = fuzzData.GetData(); std::string permissionName = fuzzData.GenerateStochasticString(); MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + datas.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!datas.WriteUint32(tokenId) || !datas.WriteString(permissionName)) { return false; } - uint32_t code = static_cast(AccessTokenInterfaceCode::GET_PERMISSION_BY_NAME); + uint32_t code = static_cast(IAccesstokenManagerIpcCode::COMMAND_GET_REQ_PERMISSION_BY_NAME); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/getreqpermissionsstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getreqpermissionsstub_fuzzer/BUILD.gn index 225390f68a30b67d7e3832f902c3136659971b18..91783b32dde6ee86ea59b1c67d5105568aa8f860 100644 --- a/test/fuzztest/services/accesstoken/getreqpermissionsstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getreqpermissionsstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetReqPermissionsStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getreqpermissionsstub_fuzzer/getreqpermissionsstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getreqpermissionsstub_fuzzer/getreqpermissionsstub_fuzzer.cpp index d8db10cb1445a6f88461f731798dc3d11b90cd01..d35d88ba89ad3c0a16d5832e17140553aaadafec 100644 --- a/test/fuzztest/services/accesstoken/getreqpermissionsstub_fuzzer/getreqpermissionsstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getreqpermissionsstub_fuzzer/getreqpermissionsstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" #include "permission_def_parcel.h" using namespace std; @@ -38,7 +38,7 @@ namespace OHOS { AccessTokenID tokenId = fuzzData.GetData(); MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + datas.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!datas.WriteUint32(tokenId)) { return false; } @@ -47,7 +47,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_REQ_PERMISSIONS); + IAccesstokenManagerIpcCode::COMMAND_GET_REQ_PERMISSIONS); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/getselfpermissionsstatestub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getselfpermissionsstatestub_fuzzer/BUILD.gn index 6e0b50f044ff59713ba3fa10696fbc639ea066c0..68c8e51ba31c7e26795c70bd05067f1111d8649d 100644 --- a/test/fuzztest/services/accesstoken/getselfpermissionsstatestub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getselfpermissionsstatestub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetSelfPermissionsStateStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getselfpermissionsstatestub_fuzzer/getselfpermissionsstatestub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getselfpermissionsstatestub_fuzzer/getselfpermissionsstatestub_fuzzer.cpp index bb35c40c439a50bbb56aafd5a7adc7c3fb3b0dac..8784dbf02e66815daeede061e1c358870f5c83ad 100644 --- a/test/fuzztest/services/accesstoken/getselfpermissionsstatestub_fuzzer/getselfpermissionsstatestub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getselfpermissionsstatestub_fuzzer/getselfpermissionsstatestub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" using namespace std; using namespace OHOS; @@ -42,7 +42,7 @@ namespace OHOS { permParcel.permsState = perm; MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + datas.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!datas.WriteUint32(1)) { return false; } @@ -51,7 +51,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_PERMISSION_OPER_STATE); + IAccesstokenManagerIpcCode::COMMAND_GET_SELF_PERMISSIONS_STATE); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/gettokenidbyuseridstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/gettokenidbyuseridstub_fuzzer/BUILD.gn index e3bcbfcedb7ec3732c562212b29fd84cbb7c576e..1da03f614e367e11a6540cc21a08f688ce321379 100644 --- a/test/fuzztest/services/accesstoken/gettokenidbyuseridstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/gettokenidbyuseridstub_fuzzer/BUILD.gn @@ -32,7 +32,10 @@ ohos_fuzztest("GetTokenIDByUserIDStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/gettokenidbyuseridstub_fuzzer/gettokenidbyuseridstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/gettokenidbyuseridstub_fuzzer/gettokenidbyuseridstub_fuzzer.cpp index 3345a3bd2c06071a6546bb784f8b86ea5c126cbe..7d94c4f379f76575a82d1897fa0783b6f9d3006a 100644 --- a/test/fuzztest/services/accesstoken/gettokenidbyuseridstub_fuzzer/gettokenidbyuseridstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/gettokenidbyuseridstub_fuzzer/gettokenidbyuseridstub_fuzzer.cpp @@ -18,7 +18,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -33,7 +33,7 @@ namespace OHOS { AccessTokenFuzzData fuzzData(data, size); MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + datas.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); int32_t userID = fuzzData.GetData(); if (!datas.WriteInt32(userID)) { @@ -41,7 +41,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_TOKEN_ID_BY_USER_ID); + IAccesstokenManagerIpcCode::COMMAND_GET_TOKEN_I_D_BY_USER_I_D); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/gettokentypestub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/gettokentypestub_fuzzer/BUILD.gn index 1a167b063f285f4acb09e4c15d0dcf7efc564bec..9bbbfbdafc9625df8ec1912e0f098f48e7dc8d4d 100644 --- a/test/fuzztest/services/accesstoken/gettokentypestub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/gettokentypestub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetTokenTypeStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/gettokentypestub_fuzzer/gettokentypestub_fuzzer.cpp b/test/fuzztest/services/accesstoken/gettokentypestub_fuzzer/gettokentypestub_fuzzer.cpp index f98c2ddc8309e806233fef0e6ca4453a5eab9632..ddd9bed3cccf5b296683d923c135ef19dbb142a8 100644 --- a/test/fuzztest/services/accesstoken/gettokentypestub_fuzzer/gettokentypestub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/gettokentypestub_fuzzer/gettokentypestub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -36,13 +36,13 @@ namespace OHOS { AccessTokenFuzzData fuzzData(data, size); AccessTokenID tokenId = fuzzData.GetData(); MessageParcel in; - in.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + in.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!in.WriteUint32(tokenId)) { return false; } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_TOKEN_TYPE); + IAccesstokenManagerIpcCode::COMMAND_GET_TOKEN_TYPE); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/BUILD.gn index 5416997fc165c653ee5a109fb8556e6b740e7c66..342d93346cdbb130174fe71843bb321955e7fc33 100644 --- a/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GrantPermissionForSpecifiedTimeStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/grantpermissionforspecifiedtimestub_fuzzer.cpp b/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/grantpermissionforspecifiedtimestub_fuzzer.cpp index 73e4bb6959a41afd8bef0e17cff40fda3cb114df..b905e264c90e080594757e83fc4986874e0667a1 100644 --- a/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/grantpermissionforspecifiedtimestub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/grantpermissionforspecifiedtimestub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -24,7 +24,7 @@ #undef private #include "accesstoken_manager_service.h" #include "hap_info_parcel.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -43,13 +43,13 @@ namespace OHOS { std::string permissionName(fuzzData.GenerateStochasticString()); uint32_t onceTime = fuzzData.GetData(); MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + datas.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!datas.WriteUint32(tokenId) || !datas.WriteString(permissionName) || !datas.WriteUint32(onceTime)) { return false; } uint32_t code = static_cast( - AccessTokenInterfaceCode::GRANT_PERMISSION_FOR_SPECIFIEDTIME); + IAccesstokenManagerIpcCode::COMMAND_ALLOC_HAP_TOKEN); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/BUILD.gn index c8b6142db311fd4fa683130129a54e02501a9e95..97fb8478a6e936f1b56a14279c4dd91b44a596ce 100644 --- a/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GrantPermissionStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/grantpermissionstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/grantpermissionstub_fuzzer.cpp index f7f3dff303ea71bdadfe143fec73b69c93f55874..2446380b6157811c4afc88aef3d886759e89d658 100644 --- a/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/grantpermissionstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/grantpermissionstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -26,7 +26,7 @@ #include "accesstoken_info_manager.h" #include "accesstoken_kit.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" #include "token_setproc.h" using namespace std; @@ -58,14 +58,14 @@ namespace OHOS { AccessTokenID tokenId = fuzzData.GetData(); std::string testName(fuzzData.GenerateStochasticString()); MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + datas.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!datas.WriteUint32(tokenId) || !datas.WriteString(testName) || !datas.WriteInt32(PERMISSION_USER_SET)) { return false; } uint32_t code = static_cast( - AccessTokenInterfaceCode::GRANT_PERMISSION); + IAccesstokenManagerIpcCode::COMMAND_GRANT_PERMISSION); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/inithaptokenstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/inithaptokenstub_fuzzer/BUILD.gn index 5b707634a7b65fa386bc0b7478983a39480f73ed..8f3bb8d5a090851ae1d86d6b6e78ce84eb2830b2 100644 --- a/test/fuzztest/services/accesstoken/inithaptokenstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/inithaptokenstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("InitHapTokenStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/inithaptokenstub_fuzzer/inithaptokenstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/inithaptokenstub_fuzzer/inithaptokenstub_fuzzer.cpp index 13fa49d2a6d74711f38502f802ef4fce46e935a8..1c55e44b1081dfb09b4438da0b87b2d3eaf673ab 100644 --- a/test/fuzztest/services/accesstoken/inithaptokenstub_fuzzer/inithaptokenstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/inithaptokenstub_fuzzer/inithaptokenstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -24,7 +24,7 @@ #undef private #include "accesstoken_manager_service.h" #include "hap_info_parcel.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -84,7 +84,7 @@ namespace OHOS { ConstructorParam(fuzzData, hapInfoParcel, hapPolicyParcel); MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + datas.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!datas.WriteParcelable(&hapInfoParcel)) { return false; } @@ -93,7 +93,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::INIT_TOKEN_HAP); + IAccesstokenManagerIpcCode::COMMAND_INIT_HAP_TOKEN); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/BUILD.gn index ac370e1470d1cf836016e8874f98dd016eb1c678..fc77b8c79904de9accff537e13aac8132d26d5c2 100644 --- a/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/BUILD.gn @@ -34,7 +34,10 @@ ohos_fuzztest("InitUserPolicyStubFuzzTest") { deps = access_token_deps deps += [ "${access_token_path}/interfaces/innerkits/nativetoken:libnativetoken_shared" ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/inituserpolicystub_fuzzer.cpp b/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/inituserpolicystub_fuzzer.cpp index 1184c309aad13fde07a8a13900a9de0c3e0b5778..f69815131d165aee77b85069119f83e24be93d17 100644 --- a/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/inituserpolicystub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/inituserpolicystub_fuzzer.cpp @@ -23,7 +23,7 @@ #include "accesstoken_fuzzdata.h" #include "accesstoken_kit.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" #include "nativetoken_kit.h" #include "token_setproc.h" @@ -75,7 +75,7 @@ namespace OHOS { userList.isActive = fuzzData.GenerateStochasticBool(); MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + datas.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!datas.WriteUint32(1)) { return false; } @@ -93,7 +93,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::INIT_USER_POLICY); + IAccesstokenManagerIpcCode::COMMAND_INIT_USER_POLICY); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/registerpermstatechangecallbackstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/registerpermstatechangecallbackstub_fuzzer/BUILD.gn index 155806b6908103192c78b4c3cc10cf00b66376ba..c87f955e3c05a066ed0379cce6fd7c14396c831e 100644 --- a/test/fuzztest/services/accesstoken/registerpermstatechangecallbackstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/registerpermstatechangecallbackstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("RegisterPermStateChangeCallbackStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/registerpermstatechangecallbackstub_fuzzer/registerpermstatechangecallbackstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/registerpermstatechangecallbackstub_fuzzer/registerpermstatechangecallbackstub_fuzzer.cpp index 251cfd7d90fbb90a31252ad2ae1ce5ae917e2e98..010f99ec53b76b6f52fa4c4d30c3f5e9add8bbbe 100644 --- a/test/fuzztest/services/accesstoken/registerpermstatechangecallbackstub_fuzzer/registerpermstatechangecallbackstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/registerpermstatechangecallbackstub_fuzzer/registerpermstatechangecallbackstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -22,7 +22,7 @@ #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_client.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -68,7 +68,7 @@ namespace OHOS { callback = new (std::nothrow) PermissionStateChangeCallback(callbackPtr); MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + datas.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!datas.WriteParcelable(&scopeParcel)) { return false; } @@ -77,7 +77,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::REGISTER_PERM_STATE_CHANGE_CALLBACK); + IAccesstokenManagerIpcCode::COMMAND_REGISTER_PERM_STATE_CHANGE_CALLBACK); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/BUILD.gn index cdb19e0afb3eaa63eee042980cbc88ff762e4be1..928bffcb5c3062c74ccc43202981f03b4c95b698 100644 --- a/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/BUILD.gn @@ -34,7 +34,10 @@ ohos_fuzztest("RegisterSelfPermStateChangeCallbackStubFuzzTest") { deps = access_token_deps deps += [ "${access_token_path}/interfaces/innerkits/nativetoken:libnativetoken_shared" ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/registerselfpermstatechangecallbackstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/registerselfpermstatechangecallbackstub_fuzzer.cpp index 946e7fa59c3976efa2b6236405742a702ca7e315..2b0922587ab5c44ccd4a694809746c01b947f4d1 100644 --- a/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/registerselfpermstatechangecallbackstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/registerselfpermstatechangecallbackstub_fuzzer.cpp @@ -26,7 +26,7 @@ #include "accesstoken_kit.h" #include "accesstoken_manager_client.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" #include "token_setproc.h" using namespace std; @@ -101,7 +101,7 @@ namespace OHOS { callback = new (std::nothrow) PermissionStateChangeCallback(callbackPtr); MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + datas.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!datas.WriteParcelable(&scopeParcel)) { return false; } @@ -110,7 +110,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::REGISTER_SELF_PERM_STATE_CHANGE_CALLBACK); + IAccesstokenManagerIpcCode::COMMAND_REGISTER_SELF_PERM_STATE_CHANGE_CALLBACK); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/BUILD.gn index 7972f3712181095e28fa4ef5e5d80b53663ff13a..0b53689369069004afe58c1d25dde47e7ce3e3f5 100644 --- a/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("RequestAppPermOnSettingStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/requestapppermonsettingstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/requestapppermonsettingstub_fuzzer.cpp index 4c65417afa86030ece0cec5ba6ee0d4a04639713..7a8493e06bf3f48f1e31be9ff410b48078362353 100644 --- a/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/requestapppermonsettingstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/requestapppermonsettingstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -37,12 +37,12 @@ namespace OHOS { AccessTokenID tokenId = fuzzData.GetData(); MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + datas.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!datas.WriteUint32(tokenId)) { return false; } - uint32_t code = static_cast(AccessTokenInterfaceCode::REQUEST_APP_PERM_ON_SETTING); + uint32_t code = static_cast(IAccesstokenManagerIpcCode::COMMAND_REQUEST_APP_PERM_ON_SETTING); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/revokepermissionstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/revokepermissionstub_fuzzer/BUILD.gn index de933d784862cd1a9b3a940aad24f101b6644e99..f37c53864696320b9ad812bd848d8d190e7640b8 100644 --- a/test/fuzztest/services/accesstoken/revokepermissionstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/revokepermissionstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("RevokePermissionStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/revokepermissionstub_fuzzer/revokepermissionstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/revokepermissionstub_fuzzer/revokepermissionstub_fuzzer.cpp index aab7e2a752c3a758ded5c089ec32d3c86892abeb..317f34cc992d36dc7164ea426f59d9c1608456e6 100644 --- a/test/fuzztest/services/accesstoken/revokepermissionstub_fuzzer/revokepermissionstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/revokepermissionstub_fuzzer/revokepermissionstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -42,13 +42,13 @@ namespace OHOS { std::string testName(fuzzData.GenerateStochasticString()); MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + datas.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!datas.WriteUint32(tokenId) || !datas.WriteString(testName) || !datas.WriteInt32(PERMISSION_DEFAULT_FLAG)) { return false; } uint32_t code = static_cast( - AccessTokenInterfaceCode::REVOKE_PERMISSION); + IAccesstokenManagerIpcCode::COMMAND_REVOKE_PERMISSION); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/setpermdialogcap_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/setpermdialogcap_fuzzer/BUILD.gn index 81f75417dd0323cfded1a32ec707f5cd8c85d430..cfaf66d14ba373ba8c98c7078752c1b417656c0b 100644 --- a/test/fuzztest/services/accesstoken/setpermdialogcap_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/setpermdialogcap_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("SetPermDialogCapFuzzTest") { deps = access_token_deps deps += [ "${access_token_path}/interfaces/innerkits/nativetoken:libnativetoken_shared" ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/setpermdialogcap_fuzzer/setpermdialogcap_fuzzer.cpp b/test/fuzztest/services/accesstoken/setpermdialogcap_fuzzer/setpermdialogcap_fuzzer.cpp index 153e3bbd22af5ec34ce1b0757348a9fc8d87b288..299d45e129eac5f2ad9b89506b8794c88a8fd535 100644 --- a/test/fuzztest/services/accesstoken/setpermdialogcap_fuzzer/setpermdialogcap_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/setpermdialogcap_fuzzer/setpermdialogcap_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #include "accesstoken_fuzzdata.h" #include "accesstoken_kit.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" #include "nativetoken_kit.h" #include "securec.h" #include "token_setproc.h" @@ -68,11 +68,11 @@ namespace OHOS { baseInfoParcel.hapBaseInfo.instIndex = fuzzData.GetData(); MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + datas.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!datas.WriteParcelable(&baseInfoParcel)) { return false; } - uint32_t code = static_cast(AccessTokenInterfaceCode::SET_PERM_DIALOG_CAPABILITY); + uint32_t code = static_cast(IAccesstokenManagerIpcCode::COMMAND_SET_PERM_DIALOG_CAP); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/setpermissionrequesttogglestatusstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/setpermissionrequesttogglestatusstub_fuzzer/BUILD.gn index 7a7623c5f96775c1f17b978c742ac0d326785f22..4aad08b8bcd382f41514a8f9ff1356fc10f66977 100644 --- a/test/fuzztest/services/accesstoken/setpermissionrequesttogglestatusstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/setpermissionrequesttogglestatusstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("SetPermissionRequestToggleStatusStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/setpermissionrequesttogglestatusstub_fuzzer/setpermissionrequesttogglestatusstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/setpermissionrequesttogglestatusstub_fuzzer/setpermissionrequesttogglestatusstub_fuzzer.cpp index c2934d01648a974c8cb78b5da67847a07de8758b..f7bed0279ffa4a0f05194b5c5775d96d98bda81b 100644 --- a/test/fuzztest/services/accesstoken/setpermissionrequesttogglestatusstub_fuzzer/setpermissionrequesttogglestatusstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/setpermissionrequesttogglestatusstub_fuzzer/setpermissionrequesttogglestatusstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -42,14 +42,14 @@ namespace OHOS { uint32_t status = fuzzData.GetData(); int32_t userID = fuzzData.GetData(); MessageParcel sendData; - if (!sendData.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()) || + if (!sendData.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()) || !sendData.WriteString(testName) || !sendData.WriteUint32(status) || !sendData.WriteInt32(userID)) { return false; } uint32_t code = static_cast( - AccessTokenInterfaceCode::SET_PERMISSION_REQUEST_TOGGLE_STATUS); + IAccesstokenManagerIpcCode::COMMAND_SET_PERMISSION_REQUEST_TOGGLE_STATUS); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/BUILD.gn index 35fa2dfe5376b32b27024681bc8c20e8efe5b712..99f603922a4575e7b45440602210e5f56acd79f1 100644 --- a/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("SetRemoteHapTokenInfoStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/setremotehaptokeninfostub_fuzzer.cpp b/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/setremotehaptokeninfostub_fuzzer.cpp index 8cda4c996b4890eaa1120f6087f36ebc238a9ad0..28b95166b7a08637a0ece9170f5799f19ac2b929 100644 --- a/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/setremotehaptokeninfostub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/setremotehaptokeninfostub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -24,7 +24,7 @@ #include "accesstoken_info_manager.h" #include "accesstoken_kit.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" #include "permission_state_full.h" #include "token_setproc.h" @@ -79,7 +79,7 @@ namespace OHOS { ConstructorParam(fuzzData, tokenId, hapSyncParcel); MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + datas.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!datas.WriteString(fuzzData.GenerateStochasticString())) { return false; } @@ -88,7 +88,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::SET_REMOTE_HAP_TOKEN_INFO); + IAccesstokenManagerIpcCode::COMMAND_SET_REMOTE_HAP_TOKEN_INFO); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/updatehaptokenstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/updatehaptokenstub_fuzzer/BUILD.gn index 7b73bb9b50bb9a01fedade3060f04f44139eb644..d56eac7a50eae24618121a02efa2e1d00cb23438 100644 --- a/test/fuzztest/services/accesstoken/updatehaptokenstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/updatehaptokenstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("UpdateHapTokenStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/updatehaptokenstub_fuzzer/updatehaptokenstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/updatehaptokenstub_fuzzer/updatehaptokenstub_fuzzer.cpp index 939f5f390799ccbce13b60cb6b3fca280a81c7af..436bdbd6d77022c2c546ead12a6b23fdaaa61e11 100644 --- a/test/fuzztest/services/accesstoken/updatehaptokenstub_fuzzer/updatehaptokenstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/updatehaptokenstub_fuzzer/updatehaptokenstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -64,7 +64,7 @@ namespace OHOS { ConstructorParam(fuzzData, hapPolicyParcel); MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + datas.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!datas.WriteUint32(tokenId)) { return false; } @@ -80,7 +80,7 @@ namespace OHOS { if (!datas.WriteParcelable(&hapPolicyParcel)) { return false; } - uint32_t code = static_cast(AccessTokenInterfaceCode::UPDATE_HAP_TOKEN); + uint32_t code = static_cast(IAccesstokenManagerIpcCode::COMMAND_UPDATE_HAP_TOKEN); MessageParcel reply; MessageOption option; bool enable = ((size % CONSTANTS_NUMBER_TWO) == 0); diff --git a/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/BUILD.gn index 3d21d687f7d335c0a2e445b1ce8a8cba0985a484..72f3d60d32d55a3a5572ba056cda2536853fe156 100644 --- a/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/BUILD.gn @@ -34,7 +34,10 @@ ohos_fuzztest("UpdateUserPolicyStubFuzzTest") { deps = access_token_deps deps += [ "${access_token_path}/interfaces/innerkits/nativetoken:libnativetoken_shared" ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/updateuserpolicystub_fuzzer.cpp b/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/updateuserpolicystub_fuzzer.cpp index c0a8edc5d11725c62c29741e9c52847ce803943f..7e870bf12726f714c5b057e7b1140d40e612257b 100644 --- a/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/updateuserpolicystub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/updateuserpolicystub_fuzzer.cpp @@ -23,7 +23,7 @@ #include "accesstoken_fuzzdata.h" #include "accesstoken_kit.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" #include "nativetoken_kit.h" #include "token_setproc.h" @@ -73,7 +73,7 @@ namespace OHOS { userList.isActive = fuzzData.GenerateStochasticBool(); MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + datas.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!datas.WriteUint32(1)) { return false; } @@ -85,7 +85,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::UPDATE_USER_POLICY); + IAccesstokenManagerIpcCode::COMMAND_UPDATE_USER_POLICY); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/verifyaccesstokenstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/verifyaccesstokenstub_fuzzer/BUILD.gn index 3187a41a1b91fa20f4e3087308557e6207a485c4..dfe0c4ea028bc58ab28a4d91bf6f439b7ff5e58d 100644 --- a/test/fuzztest/services/accesstoken/verifyaccesstokenstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/verifyaccesstokenstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("VerifyAccessTokenStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/verifyaccesstokenstub_fuzzer/verifyaccesstokenstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/verifyaccesstokenstub_fuzzer/verifyaccesstokenstub_fuzzer.cpp index d0c51459545a6a64387e88e9f89c9db129c2e8f3..f599d9cf326b4a9e57763d7ff58002572d707f7b 100644 --- a/test/fuzztest/services/accesstoken/verifyaccesstokenstub_fuzzer/verifyaccesstokenstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/verifyaccesstokenstub_fuzzer/verifyaccesstokenstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -38,13 +38,13 @@ namespace OHOS { std::string testName(fuzzData.GenerateStochasticString()); MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + datas.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!datas.WriteUint32(tokenId) || !datas.WriteString(testName)) { return false; } uint32_t code = static_cast( - AccessTokenInterfaceCode::VERIFY_ACCESSTOKEN); + IAccesstokenManagerIpcCode::COMMAND_VERIFY_ACCESS_TOKEN); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/BUILD.gn index 1d6648b8f3d42ce858ead87907d451001ede81b2..69644893e7cc540bebf37e9cfd19bb254fce80d6 100644 --- a/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("VerifyAccessTokenWithListStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager:accesstoken_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/verifyaccesstokenwithliststub_fuzzer.cpp b/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/verifyaccesstokenwithliststub_fuzzer.cpp index af153efffd06dae2c5b37cfed1f0c2086787c84c..ec663fa2b5acfc1506e0c43e326b9454ca27bffb 100644 --- a/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/verifyaccesstokenwithliststub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/verifyaccesstokenwithliststub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccesstoken_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -43,12 +43,13 @@ namespace OHOS { permissionList.emplace_back(fuzzData.GenerateStochasticString()); } MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + datas.WriteInterfaceToken(IAccesstokenManager::GetDescriptor()); if (!datas.WriteUint32(tokenId) || !datas.WriteStringVector(permissionList)) { return false; } - uint32_t code = static_cast(AccessTokenInterfaceCode::VERIFY_ACCESSTOKEN_WITH_LIST); + uint32_t code = static_cast( + IAccesstokenManagerIpcCode::COMMAND_VERIFY_ACCESS_TOKEN_IN_UNSIGNED_INT_IN_LIST_STRING_OUT_LIST_INT); MessageParcel reply; MessageOption option;