diff --git a/frameworks/accesstoken/BUILD.gn b/frameworks/accesstoken/BUILD.gn index 905cf97537af37433da66c892757cf3a9c615565..6730263a5d66077015e6b0c1d67272fa631c858e 100644 --- a/frameworks/accesstoken/BUILD.gn +++ b/frameworks/accesstoken/BUILD.gn @@ -55,11 +55,11 @@ ohos_shared_library("accesstoken_communication_adapter_cxx") { "src/hap_token_info_for_sync_parcel.cpp", "src/hap_token_info_parcel.cpp", "src/native_token_info_parcel.cpp", + "src/perm_state_change_scope_parcel.cpp", "src/permission_def_parcel.cpp", "src/permission_grant_info_parcel.cpp", "src/permission_list_state_parcel.cpp", "src/permission_state_change_info_parcel.cpp", - "src/permission_state_change_scope_parcel.cpp", "src/permission_status_parcel.cpp", ] diff --git a/frameworks/accesstoken/include/i_accesstoken_manager.h b/frameworks/accesstoken/include/i_accesstoken_manager.h deleted file mode 100644 index 22709473ae9dc8e916febd58dd587019534850fd..0000000000000000000000000000000000000000 --- a/frameworks/accesstoken/include/i_accesstoken_manager.h +++ /dev/null @@ -1,126 +0,0 @@ -/* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef I_ACCESSTOKEN_MANAGER_H -#define I_ACCESSTOKEN_MANAGER_H - -#include -#include - -#include "access_token.h" -#include "accesstoken_service_ipc_interface_code.h" -#include "atm_tools_param_info_parcel.h" -#include "errors.h" -#include "hap_base_info_parcel.h" -#include "hap_info_parcel.h" -#include "hap_policy_parcel.h" -#include "hap_token_info_for_sync_parcel.h" -#include "hap_token_info_parcel.h" -#include "iremote_broker.h" -#include "i_permission_state_callback.h" -#include "native_token_info_parcel.h" -#include "permission_def_parcel.h" -#include "permission_grant_info_parcel.h" -#include "permission_list_state_parcel.h" -#include "permission_status_parcel.h" -#include "permission_state_change_scope_parcel.h" -#include "system_ability_definition.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -class IAccessTokenManager : public IRemoteBroker { -public: - static const int SA_ID_ACCESSTOKEN_MANAGER_SERVICE = ACCESS_TOKEN_MANAGER_SERVICE_ID; - - DECLARE_INTERFACE_DESCRIPTOR(u"ohos.security.accesstoken.IAccessTokenManager"); - - virtual PermUsedTypeEnum GetPermissionUsedType( - AccessTokenID tokenID, const std::string& permissionName) = 0; - virtual int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) = 0; - virtual int VerifyAccessToken(AccessTokenID tokenID, - const std::vector& permissionList, std::vector& permStateList) = 0; - virtual int GetDefPermission(const std::string& permissionName, PermissionDefParcel& permissionDefResult) = 0; - virtual int GetReqPermissions( - AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) = 0; - virtual int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag) = 0; - virtual int32_t SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status, - int32_t userID = 0) = 0; - virtual int32_t GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status, - int32_t userID = 0) = 0; - virtual int32_t RequestAppPermOnSetting(AccessTokenID tokenID) = 0; - virtual PermissionOper GetSelfPermissionsState(std::vector& permListParcel, - PermissionGrantInfoParcel& infoParcel) = 0; - virtual int32_t GetPermissionsStatus( - AccessTokenID tokenID, std::vector& permListParcel) = 0; - virtual int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) = 0; - virtual int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) = 0; - virtual int GrantPermissionForSpecifiedTime( - AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime) = 0; - virtual int ClearUserGrantedPermissionState(AccessTokenID tokenID) = 0; - virtual AccessTokenIDEx AllocHapToken(const HapInfoParcel& hapInfo, const HapPolicyParcel& policyParcel) = 0; - virtual int32_t InitHapToken(const HapInfoParcel& info, HapPolicyParcel& policy, - AccessTokenIDEx& fullTokenId, HapInfoCheckResult& result) = 0; - virtual int DeleteToken(AccessTokenID tokenID) = 0; - virtual int GetTokenType(AccessTokenID tokenID) = 0; - virtual AccessTokenIDEx GetHapTokenID(int32_t userID, const std::string& bundleName, int32_t instIndex) = 0; - virtual AccessTokenID AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID) = 0; - virtual int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoParcel& nativeTokenInfoRes) = 0; - virtual int32_t GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenIdList) = 0; - virtual int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfoParcel& hapTokenInfoRes) = 0; - virtual int32_t UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, - const HapPolicyParcel& policyParcel, HapInfoCheckResult& result) = 0; - virtual int32_t RegisterPermStateChangeCallback( - const PermStateChangeScopeParcel& scope, const sptr& callback) = 0; - virtual int32_t UnRegisterPermStateChangeCallback(const sptr& callback) = 0; - virtual int32_t RegisterSelfPermStateChangeCallback(const PermStateChangeScopeParcel& scope, - const sptr& callback) = 0; - virtual int32_t UnRegisterSelfPermStateChangeCallback(const sptr& callback) = 0; -#ifndef ATM_BUILD_VARIANT_USER_ENABLE - virtual int32_t ReloadNativeTokenInfo() = 0; -#endif - virtual int GetHapTokenInfoExtension(AccessTokenID tokenID, - HapTokenInfoParcel& hapTokenInfoRes, std::string& appID) = 0; - virtual AccessTokenID GetNativeTokenId(const std::string& processName) = 0; - -#ifdef TOKEN_SYNC_ENABLE - virtual int GetHapTokenInfoFromRemote(AccessTokenID tokenID, - HapTokenInfoForSyncParcel& hapSyncParcel) = 0; - virtual int SetRemoteHapTokenInfo(const std::string& deviceID, - HapTokenInfoForSyncParcel& hapSyncParcel) = 0; - virtual int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) = 0; - virtual AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID) = 0; - virtual int DeleteRemoteDeviceTokens(const std::string& deviceID) = 0; - virtual int32_t RegisterTokenSyncCallback(const sptr& callback) = 0; - virtual int32_t UnRegisterTokenSyncCallback() = 0; -#endif - virtual int32_t GetKernelPermissions( - AccessTokenID tokenId, std::vector& kernelPermList) = 0; - virtual int32_t GetReqPermissionByName( - AccessTokenID tokenId, const std::string& permissionName, std::string& value) = 0; - virtual int SetPermDialogCap(const HapBaseInfoParcel& hapBaseInfoParcel, bool enable) = 0; - virtual int32_t InitUserPolicy( - const std::vector& userList, const std::vector& permList) = 0; - virtual int32_t UpdateUserPolicy(const std::vector& userList) = 0; - virtual int32_t ClearUserPolicy() = 0; - virtual void DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& tokenInfo) = 0; - virtual int32_t GetVersion(uint32_t& version) = 0; - virtual void GetPermissionManagerInfo(PermissionGrantInfoParcel& infoParcel) = 0; -}; -} // namespace AccessToken -} // namespace Security -} // namespace OHOS - -#endif // I_ACCESSTOKEN_MANAGER_H diff --git a/frameworks/accesstoken/include/permission_state_change_scope_parcel.h b/frameworks/accesstoken/include/perm_state_change_scope_parcel.h similarity index 95% rename from frameworks/accesstoken/include/permission_state_change_scope_parcel.h rename to frameworks/accesstoken/include/perm_state_change_scope_parcel.h index e1988a8f27bcc112fa80722991116954c28122eb..b6807c499cedbd072ea0d2fe7d59460991679cf6 100644 --- a/frameworks/accesstoken/include/permission_state_change_scope_parcel.h +++ b/frameworks/accesstoken/include/perm_state_change_scope_parcel.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at diff --git a/frameworks/accesstoken/src/permission_state_change_scope_parcel.cpp b/frameworks/accesstoken/src/perm_state_change_scope_parcel.cpp similarity index 96% rename from frameworks/accesstoken/src/permission_state_change_scope_parcel.cpp rename to frameworks/accesstoken/src/perm_state_change_scope_parcel.cpp index 8555df3533764777dee7971f36034edad0b48a5d..1d7345cd5b144d8acf890a1ee90e272d6c7b8f08 100644 --- a/frameworks/accesstoken/src/permission_state_change_scope_parcel.cpp +++ b/frameworks/accesstoken/src/perm_state_change_scope_parcel.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -13,7 +13,7 @@ * limitations under the License. */ -#include "permission_state_change_scope_parcel.h" +#include "perm_state_change_scope_parcel.h" #include "parcel_utils.h" namespace OHOS { diff --git a/frameworks/test/unittest/accesstoken_parcel_test.cpp b/frameworks/test/unittest/accesstoken_parcel_test.cpp index ebafe0eb737d453bd0fafb944f36f45a3fd75c48..aae920356b9496e2c396677b3dfc95440aab2fa0 100644 --- a/frameworks/test/unittest/accesstoken_parcel_test.cpp +++ b/frameworks/test/unittest/accesstoken_parcel_test.cpp @@ -27,7 +27,7 @@ #include "parcel.h" #include "parcel_utils.h" #include "permission_grant_info_parcel.h" -#include "permission_state_change_scope_parcel.h" +#include "perm_state_change_scope_parcel.h" #include "permission_state_change_info_parcel.h" #include "permission_status_parcel.h" diff --git a/interfaces/innerkits/accesstoken/BUILD.gn b/interfaces/innerkits/accesstoken/BUILD.gn index 72f24f1d600b94427e6e990ccc29233df29e3ee5..21fdd24ff3c228c7eada6ed1e7e52cb373d31173 100644 --- a/interfaces/innerkits/accesstoken/BUILD.gn +++ b/interfaces/innerkits/accesstoken/BUILD.gn @@ -41,7 +41,10 @@ if (is_standard_system) { output_name = "libaccesstoken_sdk" - public_configs = [ ":accesstoken" ] + public_configs = [ + ":accesstoken", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] include_dirs = [ "${access_token_path}/frameworks/accesstoken/include", @@ -55,7 +58,6 @@ if (is_standard_system) { "src/accesstoken_death_recipient.cpp", "src/accesstoken_kit.cpp", "src/accesstoken_manager_client.cpp", - "src/accesstoken_manager_proxy.cpp", "src/perm_state_change_callback_customize.cpp", ] @@ -63,6 +65,7 @@ if (is_standard_system) { "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", "${access_token_path}/frameworks/common:accesstoken_common_cxx", "${access_token_path}/interfaces/innerkits/token_setproc:libperm_setproc", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_proxy", ] external_deps = [ diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp index 2f7a6df29baf3251b059d14ce7dd0f8f69653356..e2d5ac4dd41ebce951744a4bb1e98fbd3268e833 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. + * Copyright (c) 2021-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -15,16 +15,18 @@ #include "accesstoken_manager_client.h" -#include "accesstoken_common_log.h" #include "access_token_error.h" -#include "accesstoken_manager_proxy.h" +#include "access_token_manager_proxy.h" +#include "accesstoken_callbacks.h" +#include "accesstoken_common_log.h" #include "atm_tools_param_info_parcel.h" #include "hap_token_info.h" #include "hap_token_info_for_sync_parcel.h" +#include "idl_common.h" #include "iservice_registry.h" #include "parameter.h" +#include "perm_state_change_scope_parcel.h" #include "permission_grant_info_parcel.h" -#include "accesstoken_callbacks.h" namespace OHOS { namespace Security { @@ -33,6 +35,11 @@ namespace { static constexpr int32_t VALUE_MAX_LEN = 32; static const char* ACCESS_TOKEN_SERVICE_INIT_KEY = "accesstoken.permission.init"; std::recursive_mutex g_instanceMutex; +static const int32_t SA_ID_ACCESSTOKEN_MANAGER_SERVICE = 3503; +static const int MAX_PERMISSION_SIZE = 1000; +static const int32_t MAX_USER_POLICY_SIZE = 1024; +static const int32_t MAX_EXTENDED_VALUE_LIST_SIZE = 512; +const size_t NUMBER_TWO = 2; } // namespace static const uint32_t MAX_CALLBACK_MAP_SIZE = 200; @@ -59,6 +66,21 @@ AccessTokenManagerClient::~AccessTokenManagerClient() ReleaseProxy(); } +static int32_t ConvertResult(int32_t ret) +{ + switch (ret) { + case ERR_INVALID_DATA: + ret = ERR_WRITE_PARCEL_FAILED; + break; + case ERR_TRANSACTION_FAILED: + ret = ERR_SERVICE_ABNORMAL; + break; + default: + return ret; + } + return ret; +} + PermUsedTypeEnum AccessTokenManagerClient::GetPermissionUsedType( AccessTokenID tokenID, const std::string &permissionName) { @@ -67,14 +89,28 @@ PermUsedTypeEnum AccessTokenManagerClient::GetPermissionUsedType( LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null."); return PermUsedTypeEnum::INVALID_USED_TYPE; } - return proxy->GetPermissionUsedType(tokenID, permissionName); + int32_t permUsedType; + int32_t errCode = proxy->GetPermissionUsedType(tokenID, permissionName, permUsedType); + if (errCode != RET_SUCCESS) { + errCode = ConvertResult(errCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + return PermUsedTypeEnum::INVALID_USED_TYPE; + } + PermUsedTypeEnum result = static_cast(permUsedType); + return result; } int AccessTokenManagerClient::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) { auto proxy = GetProxy(); if (proxy != nullptr) { - return proxy->VerifyAccessToken(tokenID, permissionName); + int32_t errCode = proxy->VerifyAccessToken(tokenID, permissionName); + if (errCode != RET_SUCCESS) { + errCode = ConvertResult(errCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + return PERMISSION_DENIED; + } + return errCode; } char value[VALUE_MAX_LEN] = {0}; int32_t ret = GetParameter(ACCESS_TOKEN_SERVICE_INIT_KEY, "", value, VALUE_MAX_LEN - 1); @@ -99,7 +135,12 @@ int AccessTokenManagerClient::VerifyAccessToken(AccessTokenID tokenID, LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->VerifyAccessToken(tokenID, permissionList, permStateList); + int32_t errCode = proxy->VerifyAccessToken(tokenID, permissionList, permStateList); + if (errCode != RET_SUCCESS) { + errCode = ConvertResult(errCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + } + return errCode; } int AccessTokenManagerClient::GetDefPermission( @@ -113,6 +154,10 @@ int AccessTokenManagerClient::GetDefPermission( PermissionDefParcel permissionDefParcel; int result = proxy->GetDefPermission(permissionName, permissionDefParcel); permissionDefResult = permissionDefParcel.permissionDef; + if (result != RET_SUCCESS) { + result = ConvertResult(result); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", result); + } return result; } @@ -126,6 +171,18 @@ int AccessTokenManagerClient::GetReqPermissions( } std::vector parcelList; int result = proxy->GetReqPermissions(tokenID, parcelList, isSystemGrant); + if (result != RET_SUCCESS) { + result = ConvertResult(result); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", result); + return result; + } + + uint32_t reqPermSize = parcelList.size(); + if (reqPermSize > MAX_PERMISSION_SIZE) { + LOGE(ATM_DOMAIN, ATM_TAG, "Size(%{public}u) is oversize.", reqPermSize); + return ERR_OVERSIZE; + } + for (const auto& permParcel : parcelList) { PermissionStateFull perm; perm.permissionName = permParcel.permState.permissionName; @@ -146,7 +203,12 @@ int AccessTokenManagerClient::GetPermissionFlag( LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->GetPermissionFlag(tokenID, permissionName, flag); + int32_t result = proxy->GetPermissionFlag(tokenID, permissionName, flag); + if (result != RET_SUCCESS) { + result = ConvertResult(result); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d, flag=%{public}d).", result, flag); + return result; } PermissionOper AccessTokenManagerClient::GetSelfPermissionsState(std::vector& permList, @@ -172,16 +234,33 @@ PermissionOper AccessTokenManagerClient::GetSelfPermissionsState(std::vectorGetSelfPermissionsState(parcelList, infoParcel); + int32_t permOper; + int32_t errCode = proxy->GetSelfPermissionsState(parcelList, infoParcel, permOper); + if (errCode != RET_SUCCESS) { + errCode = ConvertResult(errCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + return INVALID_OPER; + } + + size_t size = parcelList.size(); + if (size != (len * NUMBER_TWO)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Size(%{public}zu) from server is not equal inputSize(%{public}zu)!", + size, len); + return INVALID_OPER; + } + if (size > MAX_PERMISSION_SIZE) { + LOGE(ATM_DOMAIN, ATM_TAG, "Size(%{public}zu) is oversize.", size); + return INVALID_OPER; + } for (uint32_t i = 0; i < len; i++) { - PermissionListState perm = parcelList[i].permsState; + PermissionListState perm = parcelList[i + len].permsState; permList[i].state = perm.state; permList[i].errorReason = perm.errorReason; } info = infoParcel.info; - return result; + return static_cast(permOper); } int32_t AccessTokenManagerClient::GetPermissionsStatus( @@ -208,10 +287,20 @@ int32_t AccessTokenManagerClient::GetPermissionsStatus( } int32_t result = proxy->GetPermissionsStatus(tokenID, parcelList); if (result != RET_SUCCESS) { + result = ConvertResult(result); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", result); return result; } + + size_t size = parcelList.size(); + if (size != (len * NUMBER_TWO)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Size(%{public}zu) from server is not equal inputSize(%{public}zu)!", + size, len); + return ERR_SIZE_NOT_EQUAL; + } + for (uint32_t i = 0; i < len; i++) { - PermissionListState perm = parcelList[i].permsState; + PermissionListState perm = parcelList[i + len].permsState; permList[i].state = perm.state; } @@ -225,7 +314,12 @@ int AccessTokenManagerClient::GrantPermission(AccessTokenID tokenID, const std:: LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->GrantPermission(tokenID, permissionName, flag); + int32_t result = proxy->GrantPermission(tokenID, permissionName, flag); + if (result != RET_SUCCESS) { + result = ConvertResult(result); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); + return result; } int AccessTokenManagerClient::RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) @@ -235,7 +329,12 @@ int AccessTokenManagerClient::RevokePermission(AccessTokenID tokenID, const std: LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->RevokePermission(tokenID, permissionName, flag); + int32_t result = proxy->RevokePermission(tokenID, permissionName, flag); + if (result != RET_SUCCESS) { + result = ConvertResult(result); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); + return result; } int AccessTokenManagerClient::GrantPermissionForSpecifiedTime( @@ -246,7 +345,12 @@ int AccessTokenManagerClient::GrantPermissionForSpecifiedTime( LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->GrantPermissionForSpecifiedTime(tokenID, permissionName, onceTime); + int32_t result = proxy->GrantPermissionForSpecifiedTime(tokenID, permissionName, onceTime); + if (result != RET_SUCCESS) { + result = ConvertResult(result); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); + return result; } int AccessTokenManagerClient::ClearUserGrantedPermissionState(AccessTokenID tokenID) @@ -256,7 +360,12 @@ int AccessTokenManagerClient::ClearUserGrantedPermissionState(AccessTokenID toke LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->ClearUserGrantedPermissionState(tokenID); + int32_t result = proxy->ClearUserGrantedPermissionState(tokenID); + if (result != RET_SUCCESS) { + result = ConvertResult(result); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); + return result; } int32_t AccessTokenManagerClient::SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status, @@ -267,7 +376,12 @@ int32_t AccessTokenManagerClient::SetPermissionRequestToggleStatus(const std::st LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null."); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->SetPermissionRequestToggleStatus(permissionName, status, userID); + int32_t result = proxy->SetPermissionRequestToggleStatus(permissionName, status, userID); + if (result != RET_SUCCESS) { + result = ConvertResult(result); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); + return result; } int32_t AccessTokenManagerClient::GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status, @@ -278,7 +392,12 @@ int32_t AccessTokenManagerClient::GetPermissionRequestToggleStatus(const std::st LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null."); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->GetPermissionRequestToggleStatus(permissionName, status, userID); + int32_t result = proxy->GetPermissionRequestToggleStatus(permissionName, status, userID); + if (result != RET_SUCCESS) { + result = ConvertResult(result); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d, status=%{public}d).", result, status); + return result; } int32_t AccessTokenManagerClient::RequestAppPermOnSetting(AccessTokenID tokenID) @@ -288,7 +407,12 @@ int32_t AccessTokenManagerClient::RequestAppPermOnSetting(AccessTokenID tokenID) LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null."); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->RequestAppPermOnSetting(tokenID); + int32_t result = proxy->RequestAppPermOnSetting(tokenID); + if (result != RET_SUCCESS) { + result = ConvertResult(result); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); + return result; } int32_t AccessTokenManagerClient::CreatePermStateChangeCallback( @@ -358,6 +482,10 @@ int32_t AccessTokenManagerClient::RegisterPermStateChangeCallback( std::lock_guard lock(callbackMutex_); callbackMap_[customizedCb] = callback; } + if (result != RET_SUCCESS) { + result = ConvertResult(result); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); return result; } @@ -385,6 +513,10 @@ int32_t AccessTokenManagerClient::UnRegisterPermStateChangeCallback( if (result == RET_SUCCESS) { callbackMap_.erase(goalCallback); } + if (result != RET_SUCCESS) { + result = ConvertResult(result); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); return result; } @@ -401,7 +533,16 @@ AccessTokenIDEx AccessTokenManagerClient::AllocHapToken(const HapInfoParams& inf hapInfoParcel.hapInfoParameter = info; hapPolicyParcel.hapPolicy = policy; - return proxy->AllocHapToken(hapInfoParcel, hapPolicyParcel); + uint64_t fullTokenId; + int32_t errCode = proxy->AllocHapToken(hapInfoParcel, hapPolicyParcel, fullTokenId); + if (errCode != RET_SUCCESS) { + errCode = ConvertResult(errCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + return tokenIdEx; + } + tokenIdEx.tokenIDEx = fullTokenId; + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (id=%{public}llu).", tokenIdEx.tokenIDEx); + return tokenIdEx; } int32_t AccessTokenManagerClient::InitHapToken(const HapInfoParams& info, HapPolicy& policy, @@ -417,7 +558,24 @@ int32_t AccessTokenManagerClient::InitHapToken(const HapInfoParams& info, HapPol hapInfoParcel.hapInfoParameter = info; hapPolicyParcel.hapPolicy = policy; - return proxy->InitHapToken(hapInfoParcel, hapPolicyParcel, fullTokenId, result); + HapInfoCheckResultIdl resultInfoIdl; + uint64_t fullToken = 0; + int32_t res = proxy->InitHapToken(hapInfoParcel, hapPolicyParcel, fullToken, resultInfoIdl); + if (fullToken == 0 && res == RET_SUCCESS) { + res = AccessTokenError::ERR_PERM_REQUEST_CFG_FAILED; + PermissionInfoCheckResult permCheckResult; + permCheckResult.permissionName = resultInfoIdl.permissionName; + int32_t rule = static_cast(resultInfoIdl.rule); + permCheckResult.rule = static_cast(rule); + result.permCheckResult = permCheckResult; + } + fullTokenId.tokenIDEx = fullToken; + if (res != RET_SUCCESS) { + res = ConvertResult(res); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d, id=%{public}llu).", + res, fullTokenId.tokenIDEx); + return res; } int AccessTokenManagerClient::DeleteToken(AccessTokenID tokenID) @@ -427,7 +585,12 @@ int AccessTokenManagerClient::DeleteToken(AccessTokenID tokenID) LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->DeleteToken(tokenID); + int32_t result = proxy->DeleteToken(tokenID); + if (result != RET_SUCCESS) { + result = ConvertResult(result); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d, id=%{public}u).", result, tokenID); + return result; } ATokenTypeEnum AccessTokenManagerClient::GetTokenType(AccessTokenID tokenID) @@ -437,7 +600,13 @@ ATokenTypeEnum AccessTokenManagerClient::GetTokenType(AccessTokenID tokenID) LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return TOKEN_INVALID; } - return static_cast(proxy->GetTokenType(tokenID)); + int32_t tokenType = static_cast(TOKEN_INVALID); + int32_t result = proxy->GetTokenType(tokenID, tokenType); + if (result != RET_SUCCESS) { + result = ConvertResult(result); + LOGE(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); + } + return static_cast(tokenType); } AccessTokenIDEx AccessTokenManagerClient::GetHapTokenID( @@ -449,7 +618,15 @@ AccessTokenIDEx AccessTokenManagerClient::GetHapTokenID( LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return result; } - return proxy->GetHapTokenID(userID, bundleName, instIndex); + uint64_t fullTokenId; + int32_t errCode = proxy->GetHapTokenID(userID, bundleName, instIndex, fullTokenId); + if (errCode != RET_SUCCESS) { + errCode = ConvertResult(errCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + return result; + } + result.tokenIDEx = fullTokenId; + return result; } AccessTokenID AccessTokenManagerClient::AllocLocalTokenID( @@ -460,7 +637,15 @@ AccessTokenID AccessTokenManagerClient::AllocLocalTokenID( LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return INVALID_TOKENID; } - return proxy->AllocLocalTokenID(remoteDeviceID, remoteTokenID); + uint32_t tokenId; + int32_t errCode = proxy->AllocLocalTokenID(remoteDeviceID, remoteTokenID, tokenId); + if (errCode != RET_SUCCESS) { + errCode = ConvertResult(errCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + return INVALID_TOKENID; + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (id=%{public}d).", tokenId); + return tokenId; } int32_t AccessTokenManagerClient::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, @@ -473,7 +658,28 @@ int32_t AccessTokenManagerClient::UpdateHapToken(AccessTokenIDEx& tokenIdEx, con } HapPolicyParcel hapPolicyParcel; hapPolicyParcel.hapPolicy = policy; - return proxy->UpdateHapToken(tokenIdEx, info, hapPolicyParcel, result); + UpdateHapInfoParamsIdl infoIdl; + infoIdl.appIDDesc = info.appIDDesc; + infoIdl.apiVersion = info.apiVersion; + infoIdl.isSystemApp = info.isSystemApp; + infoIdl.appDistributionType = info.appDistributionType; + HapInfoCheckResultIdl resultInfoIdl; + uint64_t fullTokenId = tokenIdEx.tokenIDEx; + int32_t res = proxy->UpdateHapToken(fullTokenId, infoIdl, hapPolicyParcel, resultInfoIdl); + tokenIdEx.tokenIDEx = fullTokenId; + if (res == RET_SUCCESS && resultInfoIdl.realResult != RET_SUCCESS) { + res = AccessTokenError::ERR_PERM_REQUEST_CFG_FAILED; + PermissionInfoCheckResult permCheckResult; + permCheckResult.permissionName = resultInfoIdl.permissionName; + int32_t rule = static_cast(resultInfoIdl.rule); + permCheckResult.rule = static_cast(rule); + result.permCheckResult = permCheckResult; + } + if (res != RET_SUCCESS) { + res = ConvertResult(res); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", res); + return res; } int32_t AccessTokenManagerClient::GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenIdList) @@ -483,7 +689,15 @@ int32_t AccessTokenManagerClient::GetTokenIDByUserID(int32_t userID, std::unorde LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->GetTokenIDByUserID(userID, tokenIdList); + std::vector tokenIds; + auto result = proxy->GetTokenIDByUserID(userID, tokenIds); + if (result != RET_SUCCESS) { + result = ConvertResult(result); + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); + return result; + } + std::copy(tokenIds.begin(), tokenIds.end(), std::inserter(tokenIdList, tokenIdList.begin())); + return result; } int AccessTokenManagerClient::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& hapTokenInfoRes) @@ -495,6 +709,11 @@ int AccessTokenManagerClient::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInf } HapTokenInfoParcel hapTokenInfoParcel; int res = proxy->GetHapTokenInfo(tokenID, hapTokenInfoParcel); + if (res != RET_SUCCESS) { + res = ConvertResult(res); + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", res); + return res; + } hapTokenInfoRes = hapTokenInfoParcel.hapTokenInfoParams; return res; @@ -509,6 +728,11 @@ int AccessTokenManagerClient::GetNativeTokenInfo(AccessTokenID tokenID, NativeTo } NativeTokenInfoParcel nativeTokenInfoParcel; int res = proxy->GetNativeTokenInfo(tokenID, nativeTokenInfoParcel); + if (res != RET_SUCCESS) { + res = ConvertResult(res); + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", res); + return res; + } nativeTokenInfoRes = nativeTokenInfoParcel.nativeTokenInfoParams; return res; } @@ -521,7 +745,13 @@ int32_t AccessTokenManagerClient::ReloadNativeTokenInfo() LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->ReloadNativeTokenInfo(); + int32_t res = proxy->ReloadNativeTokenInfo(); + if (res != RET_SUCCESS) { + res = ConvertResult(res); + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", res); + return res; + } + return res; } #endif @@ -535,6 +765,11 @@ int AccessTokenManagerClient::GetHapTokenInfoExtension(AccessTokenID tokenID, Ha HapTokenInfoParcel hapTokenInfoParcel; int res = proxy->GetHapTokenInfoExtension(tokenID, hapTokenInfoParcel, info.appID); + if (res != RET_SUCCESS) { + res = ConvertResult(res); + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", res); + return res; + } info.baseInfo = hapTokenInfoParcel.hapTokenInfoParams; return res; } @@ -546,7 +781,14 @@ AccessTokenID AccessTokenManagerClient::GetNativeTokenId(const std::string& proc LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return INVALID_TOKENID; } - return proxy->GetNativeTokenId(processName); + uint32_t tokenID; + ErrCode errCode = proxy->GetNativeTokenId(processName, tokenID); + if (errCode != RET_SUCCESS) { + errCode = ConvertResult(errCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + return INVALID_TOKENID; + } + return tokenID; } #ifdef TOKEN_SYNC_ENABLE @@ -560,6 +802,11 @@ int AccessTokenManagerClient::GetHapTokenInfoFromRemote(AccessTokenID tokenID, H HapTokenInfoForSyncParcel hapSyncParcel; int res = proxy->GetHapTokenInfoFromRemote(tokenID, hapSyncParcel); + if (res != RET_SUCCESS) { + res = ConvertResult(res); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", res); + return res; + } hapSync = hapSyncParcel.hapTokenInfoForSyncParams; return res; } @@ -576,6 +823,10 @@ int AccessTokenManagerClient::SetRemoteHapTokenInfo(const std::string& deviceID, hapSyncParcel.hapTokenInfoForSyncParams = hapSync; int res = proxy->SetRemoteHapTokenInfo(deviceID, hapSyncParcel); + if (res != RET_SUCCESS) { + res = ConvertResult(res); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", res); return res; } @@ -588,6 +839,10 @@ int AccessTokenManagerClient::DeleteRemoteToken(const std::string& deviceID, Acc } int res = proxy->DeleteRemoteToken(deviceID, tokenID); + if (res != RET_SUCCESS) { + res = ConvertResult(res); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", res); return res; } @@ -599,8 +854,15 @@ AccessTokenID AccessTokenManagerClient::GetRemoteNativeTokenID(const std::string return INVALID_TOKENID; } - AccessTokenID res = proxy->GetRemoteNativeTokenID(deviceID, tokenID); - return res; + uint32_t tokenId; + ErrCode errCode = proxy->GetRemoteNativeTokenID(deviceID, tokenID, tokenId); + if (errCode != RET_SUCCESS) { + errCode = ConvertResult(errCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + return INVALID_TOKENID; + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (id=%{public}d).", tokenId); + return tokenId; } int AccessTokenManagerClient::DeleteRemoteDeviceTokens(const std::string& deviceID) @@ -612,6 +874,10 @@ int AccessTokenManagerClient::DeleteRemoteDeviceTokens(const std::string& device } int res = proxy->DeleteRemoteDeviceTokens(deviceID); + if (res != RET_SUCCESS) { + res = ConvertResult(res); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", res); return res; } @@ -637,6 +903,10 @@ int32_t AccessTokenManagerClient::RegisterTokenSyncCallback( tokenSyncCallback_ = callback; syncCallbackImpl_ = syncCallback; } + if (res != RET_SUCCESS) { + res = ConvertResult(res); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", res); return res; } @@ -653,6 +923,10 @@ int32_t AccessTokenManagerClient::UnRegisterTokenSyncCallback() tokenSyncCallback_ = nullptr; syncCallbackImpl_ = nullptr; } + if (res != RET_SUCCESS) { + res = ConvertResult(res); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", res); return res; } #endif @@ -667,7 +941,11 @@ void AccessTokenManagerClient::DumpTokenInfo(const AtmToolsParamInfo& info, std: AtmToolsParamInfoParcel infoParcel; infoParcel.info = info; - proxy->DumpTokenInfo(infoParcel, dumpInfo); + int32_t errCode = proxy->DumpTokenInfo(infoParcel, dumpInfo); + if (errCode != RET_SUCCESS) { + errCode = ConvertResult(errCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + } } int32_t AccessTokenManagerClient::GetVersion(uint32_t& version) @@ -678,7 +956,12 @@ int32_t AccessTokenManagerClient::GetVersion(uint32_t& version) return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->GetVersion(version); + int32_t errCode = proxy->GetVersion(version); + if (errCode != RET_SUCCESS) { + errCode = ConvertResult(errCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + } + return errCode; } void AccessTokenManagerClient::InitProxy() @@ -690,10 +973,10 @@ void AccessTokenManagerClient::InitProxy() return; } sptr accesstokenSa = - sam->GetSystemAbility(IAccessTokenManager::SA_ID_ACCESSTOKEN_MANAGER_SERVICE); + sam->GetSystemAbility(SA_ID_ACCESSTOKEN_MANAGER_SERVICE); if (accesstokenSa == nullptr) { LOGE(ATM_DOMAIN, ATM_TAG, "GetSystemAbility %{public}d is null", - IAccessTokenManager::SA_ID_ACCESSTOKEN_MANAGER_SERVICE); + SA_ID_ACCESSTOKEN_MANAGER_SERVICE); return; } @@ -741,7 +1024,12 @@ int32_t AccessTokenManagerClient::SetPermDialogCap(const HapBaseInfo& hapBaseInf } HapBaseInfoParcel hapBaseInfoParcel; hapBaseInfoParcel.hapBaseInfo = hapBaseInfo; - return proxy->SetPermDialogCap(hapBaseInfoParcel, enable); + int32_t errCode = proxy->SetPermDialogCap(hapBaseInfoParcel, enable); + if (errCode != RET_SUCCESS) { + errCode = ConvertResult(errCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + } + return errCode; } void AccessTokenManagerClient::GetPermissionManagerInfo(PermissionGrantInfo& info) @@ -752,7 +1040,12 @@ void AccessTokenManagerClient::GetPermissionManagerInfo(PermissionGrantInfo& inf return; } PermissionGrantInfoParcel infoParcel; - proxy->GetPermissionManagerInfo(infoParcel); + int32_t errorCode = proxy->GetPermissionManagerInfo(infoParcel); + if (errorCode != RET_SUCCESS) { + errorCode = ConvertResult(errorCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errorCode); + return; + } info = infoParcel.info; } @@ -764,7 +1057,27 @@ int32_t AccessTokenManagerClient::InitUserPolicy( LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->InitUserPolicy(userList, permList); + + size_t userLen = userList.size(); + size_t permLen = permList.size(); + if ((userLen == 0) || (userLen > MAX_USER_POLICY_SIZE) || (permLen == 0) || (permLen > MAX_USER_POLICY_SIZE)) { + LOGE(ATM_DOMAIN, ATM_TAG, "UserLen %{public}zu or permLen %{public}zu is invalid", userLen, permLen); + return AccessTokenError::ERR_PARAM_INVALID; + } + + std::vector userIdlList; + for (const auto& userSate : userList) { + UserStateIdl userIdl; + userIdl.userId = userSate.userId; + userIdl.isActive = userSate.isActive; + userIdlList.emplace_back(userIdl); + } + int32_t errCode = proxy->InitUserPolicy(userIdlList, permList); + if (errCode != RET_SUCCESS) { + errCode = ConvertResult(errCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + } + return errCode; } int32_t AccessTokenManagerClient::ClearUserPolicy() @@ -774,7 +1087,12 @@ int32_t AccessTokenManagerClient::ClearUserPolicy() LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->ClearUserPolicy(); + int32_t errCode = proxy->ClearUserPolicy(); + if (errCode != RET_SUCCESS) { + errCode = ConvertResult(errCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + } + return errCode; } int32_t AccessTokenManagerClient::UpdateUserPolicy(const std::vector& userList) @@ -784,7 +1102,26 @@ int32_t AccessTokenManagerClient::UpdateUserPolicy(const std::vector& LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->UpdateUserPolicy(userList); + + size_t userLen = userList.size(); + if ((userLen == 0) || (userLen > MAX_USER_POLICY_SIZE)) { + LOGE(ATM_DOMAIN, ATM_TAG, "UserLen %{public}zu is invalid.", userLen); + return AccessTokenError::ERR_PARAM_INVALID; + } + + std::vector userIdlList; + for (const auto& userSate : userList) { + UserStateIdl userIdl; + userIdl.userId = userSate.userId; + userIdl.isActive = userSate.isActive; + userIdlList.emplace_back(userIdl); + } + int32_t errCode = proxy->UpdateUserPolicy(userIdlList); + if (errCode != RET_SUCCESS) { + errCode = ConvertResult(errCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + } + return errCode; } void AccessTokenManagerClient::ReleaseProxy() @@ -804,7 +1141,29 @@ int32_t AccessTokenManagerClient::GetKernelPermissions( LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->GetKernelPermissions(tokenId, kernelPermList); + std::vector kernelPermIdlList; + int32_t errCode = proxy->GetKernelPermissions(tokenId, kernelPermIdlList); + if (errCode != RET_SUCCESS) { + errCode = ConvertResult(errCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + return errCode; + } + + if (kernelPermIdlList.size() > MAX_EXTENDED_VALUE_LIST_SIZE) { + return AccessTokenError::ERR_OVERSIZE; + } + + for (const auto& item : kernelPermIdlList) { + PermissionWithValue tmp; + tmp.permissionName = item.permissionName; + tmp.value = item.value; + if (tmp.value == "true") { + tmp.value.clear(); + } + kernelPermList.emplace_back(tmp); + } + + return errCode; } int32_t AccessTokenManagerClient::GetReqPermissionByName( @@ -815,7 +1174,12 @@ int32_t AccessTokenManagerClient::GetReqPermissionByName( LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->GetReqPermissionByName(tokenId, permissionName, value); + int32_t errCode = proxy->GetReqPermissionByName(tokenId, permissionName, value); + if (errCode != RET_SUCCESS) { + errCode = ConvertResult(errCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + } + return errCode; } } // namespace AccessToken } // namespace Security diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h index b5a4d09849c09855d7c0f021f1f5f9312dc80531..df0ed58159917301bf98b2a5bb5cc815b8ba0230 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. + * Copyright (c) 2021-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -19,6 +19,7 @@ #include #include #include +#include #include #include "access_token.h" @@ -28,7 +29,7 @@ #include "hap_info_parcel.h" #include "hap_policy_parcel.h" #include "hap_token_info.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" #include "nocopyable.h" #include "permission_def.h" #include "permission_grant_info.h" diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp deleted file mode 100644 index 767678b542b194dfd1acbaf5e85142555f2600f5..0000000000000000000000000000000000000000 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp +++ /dev/null @@ -1,1578 +0,0 @@ -/* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "accesstoken_manager_proxy.h" - -#include "accesstoken_log.h" -#include "accesstoken_common_log.h" -#include "access_token_error.h" - -#include "parcel.h" -#include "string_ex.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "ATMProxy"}; -static const int MAX_PERMISSION_SIZE = 1000; -static const int32_t MAX_USER_POLICY_SIZE = 1024; -static const int32_t MAX_EXTENDED_VALUE_LIST_SIZE = 512; -} - -AccessTokenManagerProxy::AccessTokenManagerProxy(const sptr& impl) - : IRemoteProxy(impl) { -} - -AccessTokenManagerProxy::~AccessTokenManagerProxy() -{} - -bool AccessTokenManagerProxy::SendRequest( - AccessTokenInterfaceCode code, MessageParcel& data, MessageParcel& reply) -{ - MessageOption option(MessageOption::TF_SYNC); - - sptr remote = Remote(); - if (remote == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Code: %{public}d remote service null.", code); - return false; - } - int32_t requestResult = remote->SendRequest( - static_cast(code), data, reply, option); - if (requestResult != NO_ERROR) { - LOGE(ATM_DOMAIN, ATM_TAG, "Code: %{public}d request fail, result: %{public}d", code, requestResult); - return false; - } - return true; -} - -PermUsedTypeEnum AccessTokenManagerProxy::GetPermissionUsedType( - AccessTokenID tokenID, const std::string &permissionName) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return PermUsedTypeEnum::INVALID_USED_TYPE; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return PermUsedTypeEnum::INVALID_USED_TYPE; - } - if (!data.WriteString(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); - return PermUsedTypeEnum::INVALID_USED_TYPE; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_USER_GRANTED_PERMISSION_USED_TYPE, data, reply)) { - return PermUsedTypeEnum::INVALID_USED_TYPE; - } - - int32_t ret; - if (!reply.ReadInt32(ret)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32t failed."); - return PermUsedTypeEnum::INVALID_USED_TYPE; - } - PermUsedTypeEnum result = static_cast(ret); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (type=%{public}d).", result); - return result; -} - -int AccessTokenManagerProxy::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return PERMISSION_DENIED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return PERMISSION_DENIED; - } - if (!data.WriteString(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); - return PERMISSION_DENIED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::VERIFY_ACCESSTOKEN, data, reply)) { - return PERMISSION_DENIED; - } - - int32_t result = reply.ReadInt32(); - LOGD(ATM_DOMAIN, ATM_TAG, "Result from server (status=%{public}d).", result); - return result; -} - -int AccessTokenManagerProxy::VerifyAccessToken(AccessTokenID tokenID, - const std::vector& permissionList, std::vector& permStateList) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteStringVector(permissionList)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteStringVector failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::VERIFY_ACCESSTOKEN_WITH_LIST, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - if (!reply.ReadInt32Vector(&permStateList)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32Vector failed."); - return ERR_READ_PARCEL_FAILED; - } - - return ERR_OK; -} - -int AccessTokenManagerProxy::GetDefPermission( - const std::string& permissionName, PermissionDefParcel& permissionDefResult) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteString(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_DEF_PERMISSION, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - if (result != RET_SUCCESS) { - return result; - } - sptr resultSptr = reply.ReadParcelable(); - if (resultSptr == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable failed."); - return ERR_READ_PARCEL_FAILED; - } - permissionDefResult = *resultSptr; - return result; -} - -int AccessTokenManagerProxy::GetReqPermissions( - AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteInt32(isSystemGrant)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInt32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_REQ_PERMISSIONS, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGD(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - if (result != RET_SUCCESS) { - return result; - } - uint32_t reqPermSize = reply.ReadUint32(); - if (reqPermSize > MAX_PERMISSION_SIZE) { - LOGE(ATM_DOMAIN, ATM_TAG, "Size(%{public}u) is oversize.", reqPermSize); - return ERR_OVERSIZE; - } - for (uint32_t i = 0; i < reqPermSize; i++) { - sptr permissionReq = reply.ReadParcelable(); - if (permissionReq != nullptr) { - reqPermList.emplace_back(*permissionReq); - } - } - return result; -} - -int32_t AccessTokenManagerProxy::SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status, - int32_t userID = 0) -{ - MessageParcel sendData; - if (!sendData.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!sendData.WriteString(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!sendData.WriteUint32(status)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!sendData.WriteInt32(userID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInt32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::SET_PERMISSION_REQUEST_TOGGLE_STATUS, sendData, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -int32_t AccessTokenManagerProxy::GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status, - int32_t userID = 0) -{ - MessageParcel sendData; - if (!sendData.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!sendData.WriteString(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!sendData.WriteInt32(userID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInt32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_PERMISSION_REQUEST_TOGGLE_STATUS, sendData, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - if (result == RET_SUCCESS) { - status = reply.ReadUint32(); - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d, status=%{public}d).", result, status); - return result; -} - -int32_t AccessTokenManagerProxy::RequestAppPermOnSetting(AccessTokenID tokenID) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInt32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::REQUEST_APP_PERM_ON_SETTING, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); - return ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (result=%{public}d).", result); - return result; -} - -int AccessTokenManagerProxy::GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag) -{ - MessageParcel sendData; - if (!sendData.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!sendData.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!sendData.WriteString(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_PERMISSION_FLAG, sendData, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - if (result == RET_SUCCESS) { - flag = reply.ReadUint32(); - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d, flag=%{public}d).", result, flag); - return result; -} - -PermissionOper AccessTokenManagerProxy::GetSelfPermissionsState(std::vector& permListParcel, - PermissionGrantInfoParcel& infoParcel) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return INVALID_OPER; - } - if (!data.WriteUint32(permListParcel.size())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return INVALID_OPER; - } - for (const auto& permission : permListParcel) { - if (!data.WriteParcelable(&permission)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteParcelable failed."); - return INVALID_OPER; - } - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_PERMISSION_OPER_STATE, data, reply)) { - return INVALID_OPER; - } - - PermissionOper result = static_cast(reply.ReadInt32()); - size_t size = reply.ReadUint32(); - if (size != permListParcel.size()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Size(%{public}zu) from server is not equal inputSize(%{public}zu)!", - size, permListParcel.size()); - return INVALID_OPER; - } - if (size > MAX_PERMISSION_SIZE) { - LOGE(ATM_DOMAIN, ATM_TAG, "Size(%{public}zu) is oversize.", size); - return INVALID_OPER; - } - for (uint32_t i = 0; i < size; i++) { - sptr permissionReq = reply.ReadParcelable(); - if (permissionReq != nullptr) { - permListParcel[i].permsState.state = permissionReq->permsState.state; - permListParcel[i].permsState.errorReason = permissionReq->permsState.errorReason; - } - } - - sptr resultSptr = reply.ReadParcelable(); - if (resultSptr == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable failed."); - return INVALID_OPER; - } - infoParcel = *resultSptr; - - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (status=%{public}d).", result); - return result; -} - -int32_t AccessTokenManagerProxy::GetPermissionsStatus(AccessTokenID tokenID, - std::vector& permListParcel) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed"); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(permListParcel.size())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - for (const auto& permission : permListParcel) { - if (!data.WriteParcelable(&permission)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteParcelable failed."); - return ERR_WRITE_PARCEL_FAILED; - } - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_PERMISSIONS_STATUS, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - if (result != RET_SUCCESS) { - return result; - } - size_t size = reply.ReadUint32(); - if (size != permListParcel.size()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Size(%{public}zu) from server is not equal inputSize(%{public}zu)!", - size, permListParcel.size()); - return ERR_SIZE_NOT_EQUAL; - } - for (uint32_t i = 0; i < size; i++) { - sptr permissionReq = reply.ReadParcelable(); - if (permissionReq != nullptr) { - permListParcel[i].permsState.state = permissionReq->permsState.state; - } - } - return result; -} - -int AccessTokenManagerProxy::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) -{ - MessageParcel inData; - if (!inData.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!inData.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!inData.WriteString(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!inData.WriteUint32(flag)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GRANT_PERMISSION, inData, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -int AccessTokenManagerProxy::RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteString(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(flag)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::REVOKE_PERMISSION, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -int AccessTokenManagerProxy::GrantPermissionForSpecifiedTime( - AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteString(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(onceTime)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GRANT_PERMISSION_FOR_SPECIFIEDTIME, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); - return ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (result=%{public}d).", result); - return result; -} - -int AccessTokenManagerProxy::ClearUserGrantedPermissionState(AccessTokenID tokenID) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::CLEAR_USER_GRANT_PERMISSION, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -int32_t AccessTokenManagerProxy::RegisterPermStateChangeCallback( - const PermStateChangeScopeParcel& scope, const sptr& callback) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteParcelable(&scope)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteParcelable failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteRemoteObject(callback)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteRemoteObject failed."); - return ERR_WRITE_PARCEL_FAILED; - } - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::REGISTER_PERM_STATE_CHANGE_CALLBACK, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t ret; - if (!reply.ReadInt32(ret)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); - return ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", ret); - return ret; -} - -int32_t AccessTokenManagerProxy::UnRegisterPermStateChangeCallback(const sptr& callback) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteRemoteObject(callback)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteRemoteObject failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest( - AccessTokenInterfaceCode::UNREGISTER_PERM_STATE_CHANGE_CALLBACK, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); - return ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -int32_t AccessTokenManagerProxy::RegisterSelfPermStateChangeCallback( - const PermStateChangeScopeParcel& scope, const sptr& callback) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteParcelable(&scope)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteParcelable failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteRemoteObject(callback)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteRemoteObject failed."); - return ERR_WRITE_PARCEL_FAILED; - } - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::REGISTER_SELF_PERM_STATE_CHANGE_CALLBACK, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t ret; - if (!reply.ReadInt32(ret)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); - return ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", ret); - return ret; -} - -int32_t AccessTokenManagerProxy::UnRegisterSelfPermStateChangeCallback(const sptr& callback) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteRemoteObject(callback)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteRemoteObject failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest( - AccessTokenInterfaceCode::UNREGISTER_SELF_PERM_STATE_CHANGE_CALLBACK, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); - return ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -AccessTokenIDEx AccessTokenManagerProxy::AllocHapToken( - const HapInfoParcel& hapInfo, const HapPolicyParcel& policyParcel) -{ - MessageParcel data; - AccessTokenIDEx res = { 0 }; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return res; - } - - if (!data.WriteParcelable(&hapInfo)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteParcelable failed."); - return res; - } - if (!data.WriteParcelable(&policyParcel)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteParcelable failed."); - return res; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::ALLOC_TOKEN_HAP, data, reply)) { - return res; - } - - unsigned long long result = reply.ReadUint64(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (id=%{public}llu).", result); - res.tokenIDEx = result; - return res; -} - -int32_t AccessTokenManagerProxy::InitHapToken(const HapInfoParcel& hapInfoParcel, HapPolicyParcel& policyParcel, - AccessTokenIDEx& fullTokenId, HapInfoCheckResult& resultInfo) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - if (!data.WriteParcelable(&hapInfoParcel)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteParcelable failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteParcelable(&policyParcel)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteParcelable failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::INIT_TOKEN_HAP, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - int32_t result = 0; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); - return ERR_READ_PARCEL_FAILED; - } - if (result == RET_SUCCESS) { - uint64_t tokenId = 0; - if (!reply.ReadUint64(tokenId)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadUint64 faild."); - return ERR_READ_PARCEL_FAILED; - } - fullTokenId.tokenIDEx = tokenId; - } else { - if (reply.GetDataSize() > reply.GetReadPosition()) { - IF_FALSE_RETURN_VALUE_LOG(LABEL, reply.ReadString(resultInfo.permCheckResult.permissionName), - ERR_READ_PARCEL_FAILED, "ReadString faild."); - - int32_t rule; - IF_FALSE_RETURN_VALUE_LOG(LABEL, reply.ReadInt32(rule), - ERR_READ_PARCEL_FAILED, "ReadString faild."); - resultInfo.permCheckResult.rule = static_cast(rule); - } - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d, id=%{public}llu).", - result, fullTokenId.tokenIDEx); - return result; -} - -int AccessTokenManagerProxy::DeleteToken(AccessTokenID tokenID) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::TOKEN_DELETE, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d, id=%{public}u).", result, tokenID); - return result; -} - -int AccessTokenManagerProxy::GetTokenType(AccessTokenID tokenID) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write tokenID"); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_TOKEN_TYPE, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int result = reply.ReadInt32(); - LOGD(ATM_DOMAIN, ATM_TAG, "Result from server (type=%{public}d).", result); - return result; -} - -AccessTokenIDEx AccessTokenManagerProxy::GetHapTokenID(int32_t userID, const std::string& bundleName, int32_t instIndex) -{ - AccessTokenIDEx tokenIdEx = {0}; - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return tokenIdEx; - } - - if (!data.WriteInt32(userID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write tokenID"); - return tokenIdEx; - } - if (!data.WriteString(bundleName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write dcap"); - return tokenIdEx; - } - if (!data.WriteInt32(instIndex)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write dcap"); - return tokenIdEx; - } - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_HAP_TOKEN_ID, data, reply)) { - return tokenIdEx; - } - - tokenIdEx.tokenIDEx = reply.ReadUint64(); - LOGD(ATM_DOMAIN, ATM_TAG, "Result from server (id=%{public}llu).", tokenIdEx.tokenIDEx); - return tokenIdEx; -} - -AccessTokenID AccessTokenManagerProxy::AllocLocalTokenID( - const std::string& remoteDeviceID, AccessTokenID remoteTokenID) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return 0; - } - - if (!data.WriteString(remoteDeviceID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write dcap"); - return 0; - } - if (!data.WriteUint32(remoteTokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write dcap"); - return 0; - } - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::ALLOC_LOCAL_TOKEN_ID, data, reply)) { - return 0; - } - - AccessTokenID result = reply.ReadUint32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (id=%{public}d).", result); - return result; -} - -int AccessTokenManagerProxy::GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoParcel& nativeTokenInfoRes) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_NATIVE_TOKENINFO, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGD(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - if (result != RET_SUCCESS) { - return result; - } - sptr resultSptr = reply.ReadParcelable(); - if (resultSptr == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable fail"); - return ERR_READ_PARCEL_FAILED; - } - nativeTokenInfoRes = *resultSptr; - return result; -} - -int32_t AccessTokenManagerProxy::GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenIdList) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteInt32(userID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInt32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_TOKEN_ID_BY_USER_ID, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = 0; - if (!reply.ReadInt32(result)) { - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return ERR_READ_PARCEL_FAILED; - } - if (result != RET_SUCCESS) { - return result; - } - - uint32_t tokenIDListSize = 0; - if (!reply.ReadUint32(tokenIDListSize)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadUint32 failed."); - return ERR_READ_PARCEL_FAILED; - } - for (uint32_t i = 0; i < tokenIDListSize; i++) { - AccessTokenID tokenId = 0; - if (!reply.ReadUint32(tokenId)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadUint32 failed."); - return ERR_READ_PARCEL_FAILED; - } - tokenIdList.emplace(tokenId); - } - return result; -} - -int AccessTokenManagerProxy::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfoParcel& hapTokenInfoRes) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_HAP_TOKENINFO, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGD(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - if (result != RET_SUCCESS) { - return result; - } - sptr resultSptr = reply.ReadParcelable(); - if (resultSptr == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable failed."); - return ERR_READ_PARCEL_FAILED; - } - hapTokenInfoRes = *resultSptr; - return result; -} - -int32_t AccessTokenManagerProxy::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, - const HapPolicyParcel& policyParcel, HapInfoCheckResult& resultInfo) -{ - AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write tokenID failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteBool(info.isSystemApp)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write isSystemApp failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteString(info.appIDDesc)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write appIDDesc failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteInt32(info.apiVersion)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write apiVersion failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteString(info.appDistributionType)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write appDistributionType failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteParcelable(&policyParcel)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write policyParcel failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::UPDATE_HAP_TOKEN, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - int32_t result = reply.ReadInt32(); - tokenIdEx.tokenIdExStruct.tokenAttr = reply.ReadUint32(); - if (result != RET_SUCCESS && reply.GetDataSize() > reply.GetReadPosition()) { - IF_FALSE_RETURN_VALUE_LOG(LABEL, reply.ReadString(resultInfo.permCheckResult.permissionName), - ERR_READ_PARCEL_FAILED, "ReadString faild."); - - int32_t rule; - IF_FALSE_RETURN_VALUE_LOG(LABEL, reply.ReadInt32(rule), - ERR_READ_PARCEL_FAILED, "ReadString faild."); - resultInfo.permCheckResult.rule = static_cast(rule); - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -#ifndef ATM_BUILD_VARIANT_USER_ENABLE -int32_t AccessTokenManagerProxy::ReloadNativeTokenInfo() -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::RELOAD_NATIVE_TOKEN_INFO, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -#endif - -int AccessTokenManagerProxy::GetHapTokenInfoExtension(AccessTokenID tokenID, - HapTokenInfoParcel& hapTokenInfoRes, std::string& appID) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 fail"); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_HAP_TOKENINFO_EXT, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - if (result != RET_SUCCESS) { - return result; - } - sptr hapResult = reply.ReadParcelable(); - if (hapResult == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable fail."); - return ERR_READ_PARCEL_FAILED; - } - hapTokenInfoRes = *hapResult; - if (!reply.ReadString(appID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadString fail."); - return ERR_READ_PARCEL_FAILED; - } - - return result; -} - -AccessTokenID AccessTokenManagerProxy::GetNativeTokenId(const std::string& processName) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return INVALID_TOKENID; - } - - if (!data.WriteString(processName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); - return INVALID_TOKENID; - } - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_NATIVE_TOKEN_ID, data, reply)) { - return INVALID_TOKENID; - } - AccessTokenID id; - if (!reply.ReadUint32(id)) { - LOGI(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); - return INVALID_TOKENID; - } - LOGD(ATM_DOMAIN, ATM_TAG, "Result from server (process=%{public}s, id=%{public}d).", processName.c_str(), id); - return id; -} - -#ifdef TOKEN_SYNC_ENABLE -int AccessTokenManagerProxy::GetHapTokenInfoFromRemote(AccessTokenID tokenID, - HapTokenInfoForSyncParcel& hapSyncParcel) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_HAP_TOKEN_FROM_REMOTE, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - if (result != RET_SUCCESS) { - return result; - } - sptr hapResult = reply.ReadParcelable(); - if (hapResult == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable fail"); - return ERR_READ_PARCEL_FAILED; - } - hapSyncParcel = *hapResult; - return result; -} - -int AccessTokenManagerProxy::SetRemoteHapTokenInfo(const std::string& deviceID, - HapTokenInfoForSyncParcel& hapSyncParcel) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteString(deviceID)) { - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteParcelable(&hapSyncParcel)) { - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::SET_REMOTE_HAP_TOKEN_INFO, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -int AccessTokenManagerProxy::DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) -{ - MessageParcel data; - data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); - if (!data.WriteString(deviceID)) { - return ERR_WRITE_PARCEL_FAILED; - } - - if (!data.WriteUint32(tokenID)) { - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::DELETE_REMOTE_TOKEN_INFO, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -AccessTokenID AccessTokenManagerProxy::GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return 0; - } - if (!data.WriteString(deviceID)) { - return 0; - } - - if (!data.WriteUint32(tokenID)) { - return 0; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_NATIVE_REMOTE_TOKEN, data, reply)) { - return 0; - } - - AccessTokenID id = reply.ReadUint32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (id=%{public}d).", id); - return id; -} - -int AccessTokenManagerProxy::DeleteRemoteDeviceTokens(const std::string& deviceID) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteString(deviceID)) { - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::DELETE_REMOTE_DEVICE_TOKEN, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -int32_t AccessTokenManagerProxy::RegisterTokenSyncCallback(const sptr& callback) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteRemoteObject(callback)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteRemoteObject failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest( - AccessTokenInterfaceCode::REGISTER_TOKEN_SYNC_CALLBACK, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); - return ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -int32_t AccessTokenManagerProxy::UnRegisterTokenSyncCallback() -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest( - AccessTokenInterfaceCode::UNREGISTER_TOKEN_SYNC_CALLBACK, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); - return ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} -#endif - -void AccessTokenManagerProxy::DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& dumpInfo) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return; - } - - if (!data.WriteParcelable(&infoParcel)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write infoParcel failed."); - return; - } - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::DUMP_TOKENINFO, data, reply)) { - return; - } - if (!reply.ReadString(dumpInfo)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadString failed."); - } -} - -int32_t AccessTokenManagerProxy::GetVersion(uint32_t& version) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write interface token failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_VERSION, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - if (result != RET_SUCCESS) { - return result; - } - if (!reply.ReadUint32(version)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadUint32 failed."); - return ERR_READ_PARCEL_FAILED; - } - return result; -} - -int32_t AccessTokenManagerProxy::SetPermDialogCap(const HapBaseInfoParcel& hapBaseInfo, bool enable) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - if (!data.WriteParcelable(&hapBaseInfo)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteParcelable failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteBool(enable)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteBool failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::SET_PERM_DIALOG_CAPABILITY, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - return reply.ReadInt32(); -} - -void AccessTokenManagerProxy::GetPermissionManagerInfo(PermissionGrantInfoParcel& infoParcel) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_PERMISSION_MANAGER_INFO, data, reply)) { - return; - } - - sptr parcel = reply.ReadParcelable(); - if (parcel == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable failed."); - return; - } - infoParcel = *parcel; -} - -int32_t AccessTokenManagerProxy::InitUserPolicy( - const std::vector& userList, const std::vector& permList) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write interface token failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - size_t userLen = userList.size(); - size_t permLen = permList.size(); - if ((userLen == 0) || (userLen > MAX_USER_POLICY_SIZE) || (permLen == 0) || (permLen > MAX_USER_POLICY_SIZE)) { - LOGE(ATM_DOMAIN, ATM_TAG, "UserLen %{public}zu or permLen %{public}zu is invalid", userLen, permLen); - return ERR_PARAM_INVALID; - } - - if (!data.WriteUint32(userLen)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write userLen size."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(permLen)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write permLen size."); - return ERR_WRITE_PARCEL_FAILED; - } - for (const auto& userInfo : userList) { - if (!data.WriteInt32(userInfo.userId)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write userId."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteBool(userInfo.isActive)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write isActive."); - return ERR_WRITE_PARCEL_FAILED; - } - } - for (const auto& permission : permList) { - if (!data.WriteString(permission)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write permission."); - return ERR_WRITE_PARCEL_FAILED; - } - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::INIT_USER_POLICY, data, reply)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read replay failed"); - return ERR_SERVICE_ABNORMAL; - } - int32_t result; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read Int32 failed"); - return AccessTokenError::ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server data = %{public}d", result); - return result; -} - -int32_t AccessTokenManagerProxy::ClearUserPolicy() -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write interface token failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::CLEAR_USER_POLICY, data, reply)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read replay failed"); - return ERR_SERVICE_ABNORMAL; - } - int32_t result; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read Int32 failed"); - return AccessTokenError::ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server data = %{public}d", result); - return result; -} - -int32_t AccessTokenManagerProxy::UpdateUserPolicy(const std::vector& userList) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write interface token failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - size_t userLen = userList.size(); - if ((userLen == 0) || (userLen > MAX_USER_POLICY_SIZE)) { - LOGE(ATM_DOMAIN, ATM_TAG, "UserLen %{public}zu is invalid.", userLen); - return ERR_PARAM_INVALID; - } - - if (!data.WriteUint32(userLen)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write userLen size."); - return ERR_WRITE_PARCEL_FAILED; - } - - for (const auto& userInfo : userList) { - if (!data.WriteInt32(userInfo.userId)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write userId."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteBool(userInfo.isActive)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write isActive."); - return ERR_WRITE_PARCEL_FAILED; - } - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::UPDATE_USER_POLICY, data, reply)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read replay failed"); - return ERR_SERVICE_ABNORMAL; - } - int32_t result; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read Int32 failed"); - return AccessTokenError::ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server data = %{public}d", result); - return result; -} - -int32_t AccessTokenManagerProxy::GetKernelPermissions( - AccessTokenID tokenID, std::vector& kernelPermList) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write interface token failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write tokenID."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_KERNEL_PERMISSIONS, data, reply)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read replay failed"); - return ERR_SERVICE_ABNORMAL; - } - int32_t result; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read result failed"); - return AccessTokenError::ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server data = %{public}d", result); - if (result != RET_SUCCESS) { - return result; - } - uint32_t size; - if (!reply.ReadUint32(size)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read size failed"); - return AccessTokenError::ERR_READ_PARCEL_FAILED; - } - if (size > MAX_EXTENDED_VALUE_LIST_SIZE) { - return AccessTokenError::ERR_OVERSIZE; - } - for (uint32_t i = 0; i < size; ++i) { - PermissionWithValue perm; - if (!reply.ReadString(perm.permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read permission name failed."); - return AccessTokenError::ERR_READ_PARCEL_FAILED; - } - if (!reply.ReadString(perm.value)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read value failed."); - return AccessTokenError::ERR_READ_PARCEL_FAILED; - } - if (perm.value == "true") { - perm.value.clear(); - } - kernelPermList.emplace_back(perm); - } - return RET_SUCCESS; -} - -int32_t AccessTokenManagerProxy::GetReqPermissionByName( - AccessTokenID tokenID, const std::string& permissionName, std::string& value) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write interface token failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write tokenID."); - return ERR_WRITE_PARCEL_FAILED; - } - - if (!data.WriteString(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write tokenID."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_PERMISSION_BY_NAME, data, reply)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read replay failed"); - return ERR_SERVICE_ABNORMAL; - } - int32_t result; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read result failed"); - return AccessTokenError::ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server data = %{public}d", result); - if (result != RET_SUCCESS) { - return result; - } - if (!reply.ReadString(value)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read value failed"); - return AccessTokenError::ERR_READ_PARCEL_FAILED; - } - - return RET_SUCCESS; -} - -} // namespace AccessToken -} // namespace Security -} // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h deleted file mode 100644 index 99ff5740f4f0fa71c9ea0f4091d9f8ba4fee7ef3..0000000000000000000000000000000000000000 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h +++ /dev/null @@ -1,122 +0,0 @@ -/* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef ACCESSTOKEN_MANAGER_PROXY_H -#define ACCESSTOKEN_MANAGER_PROXY_H - -#include -#include - -#include "access_token.h" -#include "atm_tools_param_info_parcel.h" -#include "hap_info_parcel.h" -#include "hap_base_info_parcel.h" -#include "hap_policy_parcel.h" -#include "hap_token_info_parcel.h" -#include "hap_token_info_for_sync_parcel.h" -#include "i_accesstoken_manager.h" -#include "iremote_proxy.h" -#include "native_token_info_parcel.h" -#include "permission_def_parcel.h" -#include "permission_grant_info_parcel.h" -#include "permission_list_state_parcel.h" -#include "permission_status_parcel.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -class AccessTokenManagerProxy : public IRemoteProxy { -public: - explicit AccessTokenManagerProxy(const sptr& impl); - ~AccessTokenManagerProxy() override; - - PermUsedTypeEnum GetPermissionUsedType( - AccessTokenID tokenID, const std::string& permissionName) override; - int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) override; - int VerifyAccessToken(AccessTokenID tokenID, - const std::vector& permissionList, std::vector& permStateList) override; - int GetDefPermission(const std::string& permissionName, PermissionDefParcel& permissionDefResult) override; - int GetReqPermissions( - AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) override; - int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag) override; - int32_t SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status, - int32_t userID) override; - int32_t GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status, - int32_t userID) override; - int32_t RequestAppPermOnSetting(AccessTokenID tokenID) override; - int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) override; - int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) override; - int GrantPermissionForSpecifiedTime( - AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime) override; - PermissionOper GetSelfPermissionsState(std::vector& permListParcel, - PermissionGrantInfoParcel& infoParcel) override; - int32_t GetPermissionsStatus( - AccessTokenID tokenID, std::vector& permListParcel) override; - int ClearUserGrantedPermissionState(AccessTokenID tokenID) override; - int GetTokenType(AccessTokenID tokenID) override; - AccessTokenIDEx GetHapTokenID(int32_t userID, const std::string& bundleName, int32_t instIndex) override; - AccessTokenID AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID) override; - AccessTokenIDEx AllocHapToken(const HapInfoParcel& hapInfo, const HapPolicyParcel& policyParcel) override; - int32_t InitHapToken(const HapInfoParcel& hapInfoParcel, HapPolicyParcel& policyParcel, - AccessTokenIDEx& fullTokenId, HapInfoCheckResult& resultInfo) override; - int DeleteToken(AccessTokenID tokenID) override; - int32_t UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, - const HapPolicyParcel& policyParcel, HapInfoCheckResult& resultInfo) override; - int32_t GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenIdList) override; - int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfoParcel& hapTokenInfoRes) override; - int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoParcel& nativeTokenInfoRes) override; -#ifndef ATM_BUILD_VARIANT_USER_ENABLE - int32_t ReloadNativeTokenInfo() override; -#endif - int32_t RegisterPermStateChangeCallback(const PermStateChangeScopeParcel& scope, - const sptr& callback) override; - int32_t UnRegisterPermStateChangeCallback(const sptr& callback) override; - int32_t RegisterSelfPermStateChangeCallback(const PermStateChangeScopeParcel& scope, - const sptr& callback) override; - int32_t UnRegisterSelfPermStateChangeCallback(const sptr& callback) override; - AccessTokenID GetNativeTokenId(const std::string& processName) override; - int GetHapTokenInfoExtension(AccessTokenID tokenID, - HapTokenInfoParcel& hapTokenInfoRes, std::string& appID) override; - int32_t InitUserPolicy(const std::vector& userList, const std::vector& permList) override; - int32_t UpdateUserPolicy(const std::vector& userList) override; - int32_t ClearUserPolicy() override; - -#ifdef TOKEN_SYNC_ENABLE - int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSyncParcel& hapSyncParcel) override; - int SetRemoteHapTokenInfo(const std::string& deviceID, HapTokenInfoForSyncParcel& hapSyncParcel) override; - int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) override; - AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID) override; - int DeleteRemoteDeviceTokens(const std::string& deviceID) override; - int32_t RegisterTokenSyncCallback(const sptr& callback) override; - int32_t UnRegisterTokenSyncCallback() override; -#endif - - int32_t GetKernelPermissions( - AccessTokenID tokenId, std::vector& kernelPermList) override; - int32_t GetReqPermissionByName( - AccessTokenID tokenId, const std::string& permissionName, std::string& value) override; - int32_t SetPermDialogCap(const HapBaseInfoParcel& hapBaseInfo, bool enable) override; - void DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& dumpInfo) override; - int32_t GetVersion(uint32_t& version) override; - void GetPermissionManagerInfo(PermissionGrantInfoParcel& infoParcel) override; - -private: - bool SendRequest(AccessTokenInterfaceCode code, MessageParcel& data, MessageParcel& reply); - static inline BrokerDelegator delegator_; -}; -} // namespace AccessToken -} // namespace Security -} // namespace OHOS -#endif // ACCESSTOKEN_MANAGER_PROXY_H diff --git a/interfaces/innerkits/accesstoken/test/unittest/BUILD.gn b/interfaces/innerkits/accesstoken/test/unittest/BUILD.gn index 1727ef9f3394b47041c7ca9fc760caf7f07d9d2a..39bdcaf01fee2d345d0a2e9de6ef8c86813a90c8 100755 --- a/interfaces/innerkits/accesstoken/test/unittest/BUILD.gn +++ b/interfaces/innerkits/accesstoken/test/unittest/BUILD.gn @@ -143,14 +143,16 @@ ohos_unittest("accesstoken_mock_test") { "${access_token_innerkit_path}/src/accesstoken_death_recipient.cpp", "${access_token_innerkit_path}/src/accesstoken_kit.cpp", "${access_token_innerkit_path}/src/accesstoken_manager_client.cpp", - "${access_token_innerkit_path}/src/accesstoken_manager_proxy.cpp", "${access_token_innerkit_path}/src/perm_state_change_callback_customize.cpp", "../mock/src/iservice_registry.cpp", "ProxyMockTest/accesstoken_mock_test.cpp", ] cflags_cc = [ "-DHILOG_ENABLE" ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] deps = [ "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", @@ -158,6 +160,7 @@ ohos_unittest("accesstoken_mock_test") { "${access_token_path}/interfaces/innerkits/accesstoken:libtokenid_sdk", "${access_token_path}/interfaces/innerkits/token_setproc:libperm_setproc", "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_proxy", ] external_deps = [ diff --git a/interfaces/innerkits/accesstoken/test/unittest/Coverage/accesstoken_kit_coverage_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/Coverage/accesstoken_kit_coverage_test.cpp index 0a225086dfcdb9cccc4358303c53253923fd4af8..5e3274cab11fa37b08ba5a598d2cbcbf6f364fcd 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/Coverage/accesstoken_kit_coverage_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/Coverage/accesstoken_kit_coverage_test.cpp @@ -19,7 +19,6 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" #include "hap_token_info.h" #include "nativetoken_kit.h" #include "permission_grant_info.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_hap_dlp_flag_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_hap_dlp_flag_test.cpp index 8800bdfa9bd5d4f0cb403097846e0e702dbfa2a0..f55615cce94181ee7339914eb3b0a6bc7886c12a 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_hap_dlp_flag_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_hap_dlp_flag_test.cpp @@ -21,7 +21,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permission_flag_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permission_flag_test.cpp index e9eb03f38288b229d9beaafb38fbf15725c86c81..5236a9c8e89d9047f6e38b2272ff0b973ae39cbe 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permission_flag_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permission_flag_test.cpp @@ -21,7 +21,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permissions_status_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permissions_status_test.cpp index 2174649a0dadbe3eb3cd18de9d5a1547b5f27ea5..4a25e0bd31be3e5ff39cd720da4ea3db60ba2517 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permissions_status_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permissions_status_test.cpp @@ -21,7 +21,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/permission_request_toggle_status_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/permission_request_toggle_status_test.cpp index 8e70c9307096d2d8087d43d9b7d02fb474c91b07..cf2d74ba355e29c6f9007bbc2fa7f78cf6cba577 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/permission_request_toggle_status_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/permission_request_toggle_status_test.cpp @@ -21,7 +21,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/alloc_hap_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/alloc_hap_token_test.cpp index d8d286e83d25df1cffc761d38408da31afae104f..75d8794af2d7c67d1cf07997b9707d80ea853f50 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/alloc_hap_token_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/alloc_hap_token_test.cpp @@ -20,7 +20,6 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" #include "nativetoken_kit.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/app_installation_optimized_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/app_installation_optimized_test.cpp index a53385c714c6b50f9d82072d56f401bbf38a961c..cd31758cf4a61c27f2ebc334ff946b5b29b893e2 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/app_installation_optimized_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/app_installation_optimized_test.cpp @@ -18,7 +18,7 @@ #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "nativetoken_kit.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/delete_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/delete_token_test.cpp index 68281ff829b04ca035ab8b28a46fce806b700fd4..654954664bb9e75ea017c26e96a9dc6a9a5cc648 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/delete_token_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/delete_token_test.cpp @@ -21,7 +21,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_hap_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_hap_token_test.cpp index f91a414542ff126e2fe1002ba8898a0e071f0b20..22156a78f9993ed0a3afab3cafd3c8471f8a0be5 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_hap_token_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_hap_token_test.cpp @@ -20,7 +20,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_token_type_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_token_type_test.cpp index b6b81fb803aeef015e26cc3a8a59dbd133761114..85bc3e63fe91d58631572fcdacec554f4f73f3b4 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_token_type_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_token_type_test.cpp @@ -20,7 +20,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp index 8ce8e5dd89ef07aad98ca7c16840fc7081946516..6f1c998883a8be0e9417733cda20b3c8d6e1aa87 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp @@ -20,7 +20,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "nativetoken_kit.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" @@ -855,12 +855,12 @@ HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest011, TestSize.Level1) policyParams.aclExtendedMap["ohos.permission.ACCESS_CERT_MANAGER"] = testValue; ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); ASSERT_EQ(RET_SUCCESS, ret); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; testValue.push_back('1'); policyParams.aclExtendedMap["ohos.permission.ACCESS_CERT_MANAGER"] = testValue; ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); - AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; ret = AccessTokenKit::DeleteToken(tokenID); EXPECT_EQ(RET_SUCCESS, ret); diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp index 54ff953bae2defd8aa23ce4e336e769b18d31730..ab697988f553197e999911c611740be49e79d6b3 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp @@ -20,7 +20,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "nativetoken_kit.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermisionDialogTest/set_perm_dialog_cap_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/PermisionDialogTest/set_perm_dialog_cap_test.cpp index de1cf2d96fd12a96fc727b7ae4b1ab52a5280585..abcfeb50a77f0d8d2c31b5129edef434f0adb679 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/PermisionDialogTest/set_perm_dialog_cap_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/PermisionDialogTest/set_perm_dialog_cap_test.cpp @@ -21,7 +21,6 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/clear_user_granted__permission_state_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/clear_user_granted__permission_state_test.cpp index 636cbcb4231dfc08b323bf09e4544e9b530e32cb..bc84fa973db4ea8670e09a6c45c7e8736922d938 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/clear_user_granted__permission_state_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/clear_user_granted__permission_state_test.cpp @@ -20,7 +20,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "test_common.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/get_permission_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/get_permission_test.cpp index a7c19f175fcc834e4a842f9d8124e9948384480a..78a6073662a0a2ae4fe239eaffde6caf5b9e3d62 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/get_permission_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/get_permission_test.cpp @@ -20,7 +20,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/grant_permission_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/grant_permission_test.cpp index 6cf38323b929c726233bf22ff54ba448daf43a1d..7676a7f0b0a42facd3bb2e9da16ee3d30331c11c 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/grant_permission_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/grant_permission_test.cpp @@ -20,7 +20,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/revoke_permission_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/revoke_permission_test.cpp index bb24a2e784e5b4686d005ddd30bc19d1a8e131c4..3e3c794eb4006f134477ea012dadf645350747d4 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/revoke_permission_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/revoke_permission_test.cpp @@ -20,7 +20,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/verify_access_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/verify_access_token_test.cpp index 262d7ca2df0fbe5e5b80b0d19ef1f71fcb7d2fc9..2bf298ec3cb18a6a83cd24977ddd685500e57a88 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/verify_access_token_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/verify_access_token_test.cpp @@ -20,7 +20,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/register_perm_state_change_callback_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/register_perm_state_change_callback_test.cpp index c58a3429ae866db28a5aaaa8f94333116072c609..d7c7d250ddabef71c7287274215fcef9b628351f 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/register_perm_state_change_callback_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/register_perm_state_change_callback_test.cpp @@ -19,7 +19,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "hap_token_info.h" #include "nativetoken_kit.h" #include "permission_grant_info.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/un_register_perm_state_change_callback_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/un_register_perm_state_change_callback_test.cpp index 0331e7b96ddb5ac2ba1627d1b53b445520e375dc..d56b32c8a6932e341aa502f6099a69ca4490c0dc 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/un_register_perm_state_change_callback_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/un_register_perm_state_change_callback_test.cpp @@ -19,7 +19,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "hap_token_info.h" #include "nativetoken_kit.h" #include "permission_grant_info.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/SaTest/dump_token_info_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/SaTest/dump_token_info_test.cpp index 83424dac680dacecb3773b0f4cd39bc187d6c9b3..5f7ff2fbaf0a428940571cbf811db123431fc7d9 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/SaTest/dump_token_info_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/SaTest/dump_token_info_test.cpp @@ -21,7 +21,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_id_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_id_test.cpp index 2f910f59b997db3f68a093197c08857f9af05169..5c945a18321815599d52a5e6cb3769420d3576c3 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_id_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_id_test.cpp @@ -21,7 +21,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_info_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_info_test.cpp index ada8b705aa8a63d017b6d2809b8a3c79a3d1d1e9..9ad51d8f1bb1da3c1c27ce03afbdff5bb142505d 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_info_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_info_test.cpp @@ -21,7 +21,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_version_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_version_test.cpp index eb6c1343d7857bdd0a6abafecab8de5be25736fa..c0b9c2d5da3457f50f4c8eb7bc6aa6e2879133bd 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_version_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_version_test.cpp @@ -19,7 +19,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "hap_token_info.h" #include "nativetoken_kit.h" #include "permission_grant_info.h" diff --git a/services/accesstokenmanager/BUILD.gn b/services/accesstokenmanager/BUILD.gn index 9fa2fc93c36ee54fa5a756d11e694c6c0dd6690e..6ef24671421e08cdcf8761d3655ed07c502d3019 100644 --- a/services/accesstokenmanager/BUILD.gn +++ b/services/accesstokenmanager/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021-2024 Huawei Device Co., Ltd. +# Copyright (c) 2021-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -91,7 +91,6 @@ if (is_standard_system) { "main/cpp/src/permission/short_grant_manager.cpp", "main/cpp/src/permission/temp_permission_observer.cpp", "main/cpp/src/service/accesstoken_manager_service.cpp", - "main/cpp/src/service/accesstoken_manager_stub.cpp", "main/cpp/src/token/accesstoken_id_manager.cpp", "main/cpp/src/token/accesstoken_info_manager.cpp", "main/cpp/src/token/hap_token_info_inner.cpp", @@ -105,6 +104,7 @@ if (is_standard_system) { configs = [ "${access_token_path}/config:access_token_compile_flags", "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", ] if (dlp_permission_enable == true) { @@ -125,6 +125,7 @@ if (is_standard_system) { "${access_token_path}/interfaces/innerkits/token_setproc:libtoken_setproc", "${access_token_path}/services/accesstokenmanager:access_token.rc", "${access_token_path}/services/accesstokenmanager:permission_definition_config", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_stub", "${access_token_path}/services/common:accesstoken_service_common", ] diff --git a/services/accesstokenmanager/idl/BUILD.gn b/services/accesstokenmanager/idl/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..1b08e66a797170812322571dc211d32be7784708 --- /dev/null +++ b/services/accesstokenmanager/idl/BUILD.gn @@ -0,0 +1,125 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/components/idl_tool/idl.gni") +import("//build/ohos.gni") +import("../../../access_token.gni") + +idl_gen_interface("access_token_manager_interface") { + sources = [ "IAccessTokenManager.idl" ] + sources_common = [ "IdlCommon.idl" ] + log_domainid = "0xD005A01" + log_tag = "ATM" + subsystem_name = "security" + part_name = "access_token" +} + +config("access_token_manager_gen_config") { + include_dirs = [ "${target_gen_dir}" ] +} + +ohos_source_set("access_token_manager_proxy") { + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + } + + cflags_cc = [] + if (build_variant == "user") { + cflags_cc += [ "-DATM_BUILD_VARIANT_USER_ENABLE" ] + } + if (token_sync_enable == true) { + cflags_cc += [ "-DTOKEN_SYNC_ENABLE" ] + } + + output_values = get_target_outputs(":access_token_manager_interface") + + include_dirs = [ + "${access_token_path}/frameworks/accesstoken/include", + "${access_token_path}/frameworks/common/include", + "src", + ] + + sources = filter_include(output_values, + [ + "*_proxy.cpp", + "*idl_common.cpp", + ]) + + deps = [ + ":access_token_manager_interface", + "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", + "${access_token_path}/frameworks/common:accesstoken_common_cxx", + "${access_token_path}/interfaces/innerkits/token_setproc:libperm_setproc", + ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + "init:libbegetutil", + "ipc:ipc_single", + "samgr:samgr_proxy", + ] + + subsystem_name = "security" + part_name = "access_token" +} + +ohos_source_set("access_token_manager_stub") { + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + } + + cflags_cc = [] + if (build_variant == "user") { + cflags_cc += [ "-DATM_BUILD_VARIANT_USER_ENABLE" ] + } + if (token_sync_enable == true) { + cflags_cc += [ "-DTOKEN_SYNC_ENABLE" ] + } + + output_values = get_target_outputs(":access_token_manager_interface") + + include_dirs = [ + "${access_token_path}/frameworks/accesstoken/include", + "${access_token_path}/frameworks/common/include", + "src", + ] + + sources = filter_include(output_values, + [ + "*_stub.cpp", + "*idl_common.cpp", + ]) + + deps = [ + ":access_token_manager_interface", + "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", + "${access_token_path}/frameworks/common:accesstoken_common_cxx", + "${access_token_path}/interfaces/innerkits/token_setproc:libperm_setproc", + ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + "init:libbegetutil", + "ipc:ipc_single", + "samgr:samgr_proxy", + ] + + subsystem_name = "security" + part_name = "access_token" +} diff --git a/services/accesstokenmanager/idl/IAccessTokenManager.idl b/services/accesstokenmanager/idl/IAccessTokenManager.idl new file mode 100644 index 0000000000000000000000000000000000000000..31da0d22520ae5509129c772d607a409230cbf8e --- /dev/null +++ b/services/accesstokenmanager/idl/IAccessTokenManager.idl @@ -0,0 +1,89 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package OHOS.Security.AccessToken; +sequenceable OHOS.Security.AccessToken.PermissionDefParcel; +sequenceable OHOS.Security.AccessToken.PermissionStatusParcel; +sequenceable OHOS.Security.AccessToken.PermissionListStateParcel; +sequenceable OHOS.Security.AccessToken.PermissionGrantInfoParcel; +sequenceable OHOS.Security.AccessToken.HapInfoParcel; +sequenceable OHOS.Security.AccessToken.HapPolicyParcel; +sequenceable OHOS.Security.AccessToken.NativeTokenInfoParcel; +sequenceable OHOS.Security.AccessToken.HapTokenInfoParcel; +sequenceable OHOS.Security.AccessToken.PermStateChangeScopeParcel; +sequenceable OHOS.IRemoteObject; +sequenceable OHOS.Security.AccessToken.HapTokenInfoForSyncParcel; +sequenceable OHOS.Security.AccessToken.HapBaseInfoParcel; +sequenceable OHOS.Security.AccessToken.AtmToolsParamInfoParcel; + +import IdlCommon; + +option_stub_hooks on; + +interface OHOS.Security.AccessToken.IAccessTokenManager{ + [ipccode 1] void VerifyAccessToken([in] unsigned int tokenID, [in] String permissionName); + [ipccode 2] void GetDefPermission([in] String permissionName, [out] PermissionDefParcel permissionDefResult); + [ipccode 3] void GetReqPermissions([in] unsigned int tokenID, [out] List reqPermList, [in] boolean isSystemGrant); + [ipccode 4] void GetPermissionFlag([in] unsigned int tokenID, [in] String permissionName, [out] unsigned int flag); + [ipccode 5] void GrantPermission([in] unsigned int tokenID, [in] String permissionName, [in] unsigned int flag); + [ipccode 6] void RevokePermission([in] unsigned int tokenID, [in] String permissionName, [in] unsigned int flag); + [ipccode 7] void ClearUserGrantedPermissionState([in] unsigned int tokenID); + [ipccode 8] void AllocHapToken([in] HapInfoParcel hapInfo, [in] HapPolicyParcel policyParcel, [out] unsigned long fullTokenId); + [ipccode 9] void DeleteToken([in] unsigned int tokenID); + [ipccode 10] void InitHapToken([in] HapInfoParcel info, [in] HapPolicyParcel policy, [out] unsigned long fullTokenId, [out] HapInfoCheckResultIdl resultInfoIdl); + [ipccode 11] void SetPermissionRequestToggleStatus([in] String permissionName, [in] unsigned int status, [in] int userID); + [ipccode 12] void GetPermissionRequestToggleStatus([in] String permissionName, [out] unsigned int status, [in] int userID); + [ipccode 13] void GrantPermissionForSpecifiedTime([in] unsigned int tokenID, [in] String permissionName, [in] unsigned int onceTime); + [ipccode 14] void RequestAppPermOnSetting([in] unsigned int tokenID); + [ipccode 16] void GetTokenType([in] unsigned int tokenID, [out] int tokenType); + + [ipccode 18] void GetHapTokenID([in] int userID, [in] String bundleName, [in] int instIndex, [out] unsigned long fullTokenId); + [ipccode 19] void AllocLocalTokenID([in] String remoteDeviceID, [in] unsigned int remoteTokenID, [out] unsigned int tokenId); + [ipccode 20] void GetNativeTokenInfo([in] unsigned int tokenID, [out] NativeTokenInfoParcel nativeTokenInfoRes); + [ipccode 21] void GetHapTokenInfo([in] unsigned int tokenID, [out] HapTokenInfoParcel hapTokenInfoRes); + [ipccode 22] void UpdateHapToken([inout] unsigned long fullTokenId, [in] UpdateHapInfoParamsIdl infoIdl, [in] HapPolicyParcel policyParcel, [out] HapInfoCheckResultIdl resultInfoIdl); + [ipccode 23] void GetTokenIDByUserID([in] int userID, [out] List tokenIdList); + [macrodef TOKEN_SYNC_ENABLE, ipccode 32] void GetHapTokenInfoFromRemote([in] unsigned int tokenID, [out] HapTokenInfoForSyncParcel hapSyncParcel); + + [macrodef TOKEN_SYNC_ENABLE, ipccode 34] void SetRemoteHapTokenInfo([in] String deviceID, [in] HapTokenInfoForSyncParcel hapSyncParcel); + + [macrodef TOKEN_SYNC_ENABLE, ipccode 36] void DeleteRemoteToken([in] String deviceID, [in] unsigned int tokenID); + [macrodef TOKEN_SYNC_ENABLE, ipccode 37] void DeleteRemoteDeviceTokens([in] String deviceID); + [macrodef TOKEN_SYNC_ENABLE, ipccode 38] void GetRemoteNativeTokenID([in] String deviceID, [in] unsigned int tokenID, [out] unsigned int tokenId); + [macrodef TOKEN_SYNC_ENABLE, ipccode 39] void RegisterTokenSyncCallback([in] IRemoteObject cb); + [macrodef TOKEN_SYNC_ENABLE, ipccode 40] void UnRegisterTokenSyncCallback(); + [ipccode 48, ipcoutcapacity 2000] void DumpTokenInfo([in] AtmToolsParamInfoParcel infoParcel, [out] String tokenInfo); + [ipccode 49] void GetSelfPermissionsState([inout] List permListParcel, [out] PermissionGrantInfoParcel infoParcel, [out] int permOper); + [ipccode 50] void GetPermissionsStatus([in] unsigned int tokenID, [inout] ListpermListParcel); + [ipccode 51] void RegisterPermStateChangeCallback([in] PermStateChangeScopeParcel scope, [in] IRemoteObject cb); + [ipccode 52] void UnRegisterPermStateChangeCallback([in] IRemoteObject cb); + [ipccode 53, macrondef ATM_BUILD_VARIANT_USER_ENABLE] void ReloadNativeTokenInfo(); + [ipccode 54] void GetNativeTokenId([in] String processName, [out] unsigned int tokenID); + [ipccode 55] void SetPermDialogCap([in] HapBaseInfoParcel hapBaseInfoParcel, [in] boolean enable); + [ipccode 56] void GetPermissionUsedType([in] unsigned int tokenID, [in] String permissionName, [out] int permUsedType); + + [ipccode 58] void GetVersion([out] unsigned int version); + [ipccode 59] void GetPermissionManagerInfo([out] PermissionGrantInfoParcel infoParcel); + + [ipccode 61] void InitUserPolicy([in] List userIdlList, [in] List permList); + [ipccode 62] void UpdateUserPolicy([in] List userIdlList); + [ipccode 63] void ClearUserPolicy(); + [ipccode 64] void GetHapTokenInfoExtension([in] unsigned int tokenID, [out] HapTokenInfoParcel hapTokenInfoRes, [out] String appID); + [ipccode 65] void RegisterSelfPermStateChangeCallback([in] PermStateChangeScopeParcel scope, [in] IRemoteObject cb); + [ipccode 66] void UnRegisterSelfPermStateChangeCallback([in] IRemoteObject cb); + [ipccode 67] void GetKernelPermissions([in] unsigned int tokenId, [out] List kernelPermIdlList); + [ipccode 68] void GetReqPermissionByName([in] unsigned int tokenId, [in] String permissionName, [out] String value); + [ipccode 80] void VerifyAccessToken([in] unsigned int tokenID, [in] List permissionList, [out] List permStateList); +} \ No newline at end of file diff --git a/services/accesstokenmanager/idl/IdlCommon.idl b/services/accesstokenmanager/idl/IdlCommon.idl new file mode 100644 index 0000000000000000000000000000000000000000..a95766a4e1728be9abb1ded8abaf319360d41fa9 --- /dev/null +++ b/services/accesstokenmanager/idl/IdlCommon.idl @@ -0,0 +1,49 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package OHOS.Security.AccessToken; + +struct UserStateIdl { + /** user id */ + int userId; + /** active status */ + boolean isActive; +}; + +struct PermissionWithValueIdl { + String permissionName; + String value; +}; + +struct UpdateHapInfoParamsIdl { + String appIDDesc; + /** which version of the SDK is used to develop the hap */ + int apiVersion; + /** indicates whether the hap is a system app */ + boolean isSystemApp; + /* app type */ + String appDistributionType; +}; + +enum PermissionRulesEnumIdl { + PERMISSION_EDM_RULE = 0, + PERMISSION_ACL_RULE +}; + +struct HapInfoCheckResultIdl { + String permissionName; + PermissionRulesEnumIdl rule; + int realResult +}; \ No newline at end of file diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h index befb3df1bcf8fc6344b1f543c97d2ae639eac167..c90a9a26ba4972b494f2d25ea8b99234ca6697e8 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h @@ -18,8 +18,9 @@ #include #include +#include -#include "accesstoken_manager_stub.h" +#include "access_token_manager_stub.h" #ifdef EVENTHANDLER_ENABLE #include "access_event_handler.h" #endif @@ -45,19 +46,19 @@ public: void OnAddSystemAbility(int32_t systemAbilityId, const std::string& deviceId) override; void OnRemoveSystemAbility(int32_t systemAbilityId, const std::string& deviceId) override; - AccessTokenIDEx AllocHapToken(const HapInfoParcel& info, const HapPolicyParcel& policy) override; - PermUsedTypeEnum GetPermissionUsedType( - AccessTokenID tokenID, const std::string& permissionName) override; - int32_t InitHapToken(const HapInfoParcel& info, HapPolicyParcel& policy, - AccessTokenIDEx& fullTokenId, HapInfoCheckResult& result) override; + int32_t AllocHapToken(const HapInfoParcel& info, const HapPolicyParcel& policy, uint64_t& fullTokenId) override; + int32_t GetPermissionUsedType( + AccessTokenID tokenID, const std::string& permissionName, int32_t& permUsedType) override; + int32_t InitHapToken(const HapInfoParcel& info, const HapPolicyParcel& policy, + uint64_t& fullTokenId, HapInfoCheckResultIdl& resultInfoIdl) override; int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) override; int VerifyAccessToken(AccessTokenID tokenID, const std::vector& permissionList, std::vector& permStateList) override; int GetDefPermission(const std::string& permissionName, PermissionDefParcel& permissionDefResult) override; int GetReqPermissions( AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) override; - PermissionOper GetSelfPermissionsState(std::vector& reqPermList, - PermissionGrantInfoParcel& infoParcel) override; + int32_t GetSelfPermissionsState(std::vector& reqPermList, + PermissionGrantInfoParcel& infoParcel, int32_t& permOper) override; int32_t GetPermissionsStatus(AccessTokenID tokenID, std::vector& reqPermList) override; int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag) override; int32_t SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status, @@ -71,14 +72,17 @@ public: AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime) override; int ClearUserGrantedPermissionState(AccessTokenID tokenID) override; int DeleteToken(AccessTokenID tokenID) override; - int GetTokenType(AccessTokenID tokenID) override; - AccessTokenIDEx GetHapTokenID(int32_t userID, const std::string& bundleName, int32_t instIndex) override; - AccessTokenID AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID) override; + int GetTokenType(AccessTokenID tokenID); + int GetTokenType(AccessTokenID tokenID, int32_t& tokenType) override; + int32_t GetHapTokenID( + int32_t userID, const std::string& bundleName, int32_t instIndex, uint64_t& fullTokenId) override; + int32_t AllocLocalTokenID( + const std::string& remoteDeviceID, AccessTokenID remoteTokenID, AccessTokenID& tokenId) override; int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoParcel& infoParcel) override; - int32_t GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenIdList) override; + int32_t GetTokenIDByUserID(int32_t userID, std::vector& tokenIds) override; int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfoParcel& infoParcel) override; - int32_t UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, - const HapPolicyParcel& policyParcel, HapInfoCheckResult& result) override; + int32_t UpdateHapToken(uint64_t& fullTokenId, const UpdateHapInfoParamsIdl& infoIdl, + const HapPolicyParcel& policyParcel, HapInfoCheckResultIdl& resultInfoIdl) override; int32_t RegisterPermStateChangeCallback( const PermStateChangeScopeParcel& scope, const sptr& callback) override; int32_t UnRegisterPermStateChangeCallback(const sptr& callback) override; @@ -90,30 +94,34 @@ public: #endif int GetHapTokenInfoExtension(AccessTokenID tokenID, HapTokenInfoParcel& hapTokenInfoRes, std::string& appID) override; - AccessTokenID GetNativeTokenId(const std::string& processName) override; + int32_t GetNativeTokenId(const std::string& processName, AccessTokenID& tokenID) override; #ifdef TOKEN_SYNC_ENABLE int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSyncParcel& hapSyncParcel) override; - int SetRemoteHapTokenInfo(const std::string& deviceID, HapTokenInfoForSyncParcel& hapSyncParcel) override; + int SetRemoteHapTokenInfo(const std::string& deviceID, const HapTokenInfoForSyncParcel& hapSyncParcel) override; int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) override; - AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID) override; + int32_t GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID, AccessTokenID& tokenId) override; int DeleteRemoteDeviceTokens(const std::string& deviceID) override; int32_t RegisterTokenSyncCallback(const sptr& callback) override; int32_t UnRegisterTokenSyncCallback() override; #endif int32_t GetKernelPermissions( - AccessTokenID tokenId, std::vector& kernelPermList) override; + AccessTokenID tokenId, std::vector& kernelPermIdlList) override; int32_t GetReqPermissionByName( AccessTokenID tokenId, const std::string& permissionName, std::string& value) override; int SetPermDialogCap(const HapBaseInfoParcel& hapBaseInfoParcel, bool enable) override; - void GetPermissionManagerInfo(PermissionGrantInfoParcel& infoParcel) override; - int32_t InitUserPolicy(const std::vector& userList, const std::vector& permList) override; - int32_t UpdateUserPolicy(const std::vector& userList) override; + int32_t GetPermissionManagerInfo(PermissionGrantInfoParcel& infoParcel) override; + int32_t InitUserPolicy( + const std::vector& userIdlList, const std::vector& permList) override; + int32_t UpdateUserPolicy(const std::vector& userIdlList) override; int32_t ClearUserPolicy() override; - void DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& dumpInfo) override; + int32_t DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& dumpInfo) override; int32_t GetVersion(uint32_t& version) override; int Dump(int fd, const std::vector& args) override; + int32_t CallbackEnter(uint32_t code) override; + int32_t CallbackExit(uint32_t code, int32_t result) override; + private: void GetValidConfigFilePathList(std::vector& pathList); bool GetConfigGrantValueFromFile(std::string& fileContent); @@ -128,6 +136,18 @@ private: std::string permStateAbilityName_; std::string globalSwitchAbilityName_; std::string applicationSettingAbilityName_; + + bool IsPrivilegedCalling() const; + bool IsAccessTokenCalling(); + bool IsNativeProcessCalling(); + bool IsSystemAppCalling() const; + bool IsShellProcessCalling(); +#ifndef ATM_BUILD_VARIANT_USER_ENABLE + static const int32_t ROOT_UID = 0; +#endif + static const int32_t ACCESSTOKEN_UID = 3020; + + AccessTokenID tokenSyncId_ = 0; }; } // namespace AccessToken } // namespace Security diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h deleted file mode 100644 index 03647a2e53455f54d9065aad8f0582b0de3e25a5..0000000000000000000000000000000000000000 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h +++ /dev/null @@ -1,113 +0,0 @@ -/* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef ACCESSTOKEN_MANAGER_STUB_H -#define ACCESSTOKEN_MANAGER_STUB_H - -#include - -#include "i_accesstoken_manager.h" - -#include "iremote_stub.h" -#include "nocopyable.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -class AccessTokenManagerStub : public IRemoteStub { -public: - AccessTokenManagerStub(); - virtual ~AccessTokenManagerStub(); - - int OnRemoteRequest(uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& options) override; - -private: - void GetPermissionUsedTypeInner(MessageParcel& data, MessageParcel& reply); - void VerifyAccessTokenInner(MessageParcel& data, MessageParcel& reply); - void VerifyAccessTokenWithListInner(MessageParcel& data, MessageParcel& reply); - void GetDefPermissionInner(MessageParcel& data, MessageParcel& reply); - void GetReqPermissionsInner(MessageParcel& data, MessageParcel& reply); - void GetSelfPermissionsStateInner(MessageParcel& data, MessageParcel& reply); - void GetPermissionsStatusInner(MessageParcel& data, MessageParcel& reply); - void GetPermissionFlagInner(MessageParcel& data, MessageParcel& reply); - void SetPermissionRequestToggleStatusInner(MessageParcel& data, MessageParcel& reply); - void GetPermissionRequestToggleStatusInner(MessageParcel& data, MessageParcel& reply); - void RequestAppPermOnSettingInner(MessageParcel& data, MessageParcel& reply); - void GrantPermissionInner(MessageParcel& data, MessageParcel& reply); - void RevokePermissionInner(MessageParcel& data, MessageParcel& reply); - void GrantPermissionForSpecifiedTimeInner(MessageParcel& data, MessageParcel& reply); - void ClearUserGrantedPermissionStateInner(MessageParcel& data, MessageParcel& reply); - void AllocHapTokenInner(MessageParcel& data, MessageParcel& reply); - void InitHapTokenInner(MessageParcel& data, MessageParcel& reply); - void DeleteTokenInfoInner(MessageParcel& data, MessageParcel& reply); - void UpdateHapTokenInner(MessageParcel& data, MessageParcel& reply); - void GetTokenIDByUserIDInner(MessageParcel& data, MessageParcel& reply); - void GetHapTokenInfoInner(MessageParcel& data, MessageParcel& reply); - void GetNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply); - void AllocLocalTokenIDInner(MessageParcel& data, MessageParcel& reply); - void GetHapTokenIDInner(MessageParcel& data, MessageParcel& reply); - void GetTokenTypeInner(MessageParcel& data, MessageParcel& reply); - void RegisterPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply); - void UnRegisterPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply); - void RegisterSelfPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply); - void UnRegisterSelfPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply); -#ifndef ATM_BUILD_VARIANT_USER_ENABLE - void ReloadNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply); - void DumpPermDefInfoInner(MessageParcel& data, MessageParcel& reply); -#endif - void GetHapTokenInfoExtensionInner(MessageParcel& data, MessageParcel& reply); - void GetNativeTokenIdInner(MessageParcel& data, MessageParcel& reply); - -#ifdef TOKEN_SYNC_ENABLE - void GetHapTokenInfoFromRemoteInner(MessageParcel& data, MessageParcel& reply); - void SetRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply); - void DeleteRemoteTokenInner(MessageParcel& data, MessageParcel& reply); - void DeleteRemoteDeviceTokensInner(MessageParcel& data, MessageParcel& reply); - void GetRemoteNativeTokenIDInner(MessageParcel& data, MessageParcel& reply); - void RegisterTokenSyncCallbackInner(MessageParcel& data, MessageParcel& reply); - void UnRegisterTokenSyncCallbackInner(MessageParcel& data, MessageParcel& reply); - void SetTokenSyncFuncInMap(); -#endif - void SetPermissionOpFuncInMap(); - void SetLocalTokenOpFuncInMap(); - void DumpTokenInfoInner(MessageParcel& data, MessageParcel& reply); - void GetVersionInner(MessageParcel& data, MessageParcel& reply); - void SetPermDialogCapInner(MessageParcel& data, MessageParcel& reply); - void GetPermissionManagerInfoInner(MessageParcel& data, MessageParcel& reply); - void InitUserPolicyInner(MessageParcel& data, MessageParcel& reply); - void UpdateUserPolicyInner(MessageParcel& data, MessageParcel& reply); - void ClearUserPolicyInner(MessageParcel& data, MessageParcel& reply); - void GetReqPermissionByNameInner(MessageParcel& data, MessageParcel& reply); - void GetKernelPermissionsInner(MessageParcel& data, MessageParcel& reply); - - bool IsPrivilegedCalling() const; - bool IsAccessTokenCalling(); - bool IsNativeProcessCalling(); - bool IsSystemAppCalling() const; - bool IsShellProcessCalling(); -#ifndef ATM_BUILD_VARIANT_USER_ENABLE - static const int32_t ROOT_UID = 0; -#endif - static const int32_t ACCESSTOKEN_UID = 3020; - - AccessTokenID tokenSyncId_ = 0; - - using RequestFuncType = void (AccessTokenManagerStub::*)(MessageParcel &data, MessageParcel &reply); - std::map requestFuncMap_; -}; -} // namespace AccessToken -} // namespace Security -} // namespace OHOS -#endif // ACCESSTOKEN_MANAGER_STUB_H diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index ff56b39ddf41e54724253db8e4d1d577931953ac..353ad782c7815e6a610d6a0d8a1be7b50f4fb239 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -18,12 +18,12 @@ #include #include "access_token.h" -#include "access_token_error.h" #include "access_token_db.h" +#include "access_token_error.h" +#include "accesstoken_common_log.h" #include "accesstoken_dfx_define.h" #include "accesstoken_id_manager.h" #include "accesstoken_info_manager.h" -#include "accesstoken_common_log.h" #include "constant_common.h" #include "data_validator.h" #include "hap_token_info.h" @@ -49,6 +49,10 @@ #ifdef TOKEN_SYNC_ENABLE #include "token_modify_notifier.h" #endif // TOKEN_SYNC_ENABLE +#include "tokenid_kit.h" +#ifdef HICOLLIE_ENABLE +#include "xcollie/xcollie.h" +#endif // HICOLLIE_ENABLE namespace OHOS { namespace Security { @@ -63,6 +67,22 @@ const char* PERMISSION_STATE_SHEET_ABILITY_NAME = "com.ohos.permissionmanager.Pe const char* GLOBAL_SWITCH_SHEET_ABILITY_NAME = "com.ohos.permissionmanager.GlobalSwitchSheetAbility"; const char* APPLICATION_SETTING_ABILITY_NAME = "com.ohos.permissionmanager.MainAbility"; const char* DEVELOPER_MODE_STATE = "const.security.developermode.state"; + +const std::string MANAGE_HAP_TOKENID_PERMISSION = "ohos.permission.MANAGE_HAP_TOKENID"; +static constexpr int MAX_PERMISSION_SIZE = 1000; +static constexpr int32_t MAX_USER_POLICY_SIZE = 1024; +const std::string GRANT_SENSITIVE_PERMISSIONS = "ohos.permission.GRANT_SENSITIVE_PERMISSIONS"; +const std::string REVOKE_SENSITIVE_PERMISSIONS = "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS"; +const std::string GET_SENSITIVE_PERMISSIONS = "ohos.permission.GET_SENSITIVE_PERMISSIONS"; +const std::string DISABLE_PERMISSION_DIALOG = "ohos.permission.DISABLE_PERMISSION_DIALOG"; +const std::string GRANT_SHORT_TERM_WRITE_MEDIAVIDEO = "ohos.permission.GRANT_SHORT_TERM_WRITE_MEDIAVIDEO"; + +static constexpr int32_t SA_ID_ACCESSTOKEN_MANAGER_SERVICE = 3503; + +#ifdef HICOLLIE_ENABLE +constexpr uint32_t TIMEOUT = 40; // 40s +thread_local int32_t g_timerId = 0; +#endif // HICOLLIE_ENABLE } const bool REGISTER_RESULT = @@ -128,11 +148,18 @@ void AccessTokenManagerService::OnRemoveSystemAbility(int32_t systemAbilityId, c } } -PermUsedTypeEnum AccessTokenManagerService::GetPermissionUsedType( - AccessTokenID tokenID, const std::string& permissionName) +int32_t AccessTokenManagerService::GetPermissionUsedType( + AccessTokenID tokenID, const std::string& permissionName, int32_t& permUsedType) { LOGI(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d, permission=%{public}s", tokenID, permissionName.c_str()); - return PermissionManager::GetInstance().GetPermissionUsedType(tokenID, permissionName); + if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + permUsedType = static_cast(PermUsedTypeEnum::INVALID_USED_TYPE); + return permUsedType; + } + permUsedType = static_cast( + PermissionManager::GetInstance().GetPermissionUsedType(tokenID, permissionName)); + return ERR_OK; } int AccessTokenManagerService::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) @@ -210,6 +237,16 @@ int AccessTokenManagerService::GetDefPermission( int AccessTokenManagerService::GetReqPermissions( AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) { + AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } + if (!IsPrivilegedCalling() && + VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + std::vector permList; int ret = PermissionManager::GetInstance().GetReqPermissions(tokenID, permList, isSystemGrant); @@ -221,19 +258,41 @@ int AccessTokenManagerService::GetReqPermissions( return ret; } -PermissionOper AccessTokenManagerService::GetSelfPermissionsState(std::vector& reqPermList, - PermissionGrantInfoParcel& infoParcel) +int32_t AccessTokenManagerService::GetSelfPermissionsState(std::vector& reqPermList, + PermissionGrantInfoParcel& infoParcel, int32_t& permOper) { + uint32_t size = reqPermList.size(); + if (size > MAX_PERMISSION_SIZE) { + LOGE(ATM_DOMAIN, ATM_TAG, "PermList size %{public}d is invalid", size); + return INVALID_OPER; + } infoParcel.info.grantBundleName = grantBundleName_; infoParcel.info.grantAbilityName = grantAbilityName_; infoParcel.info.grantServiceAbilityName = grantServiceAbilityName_; AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID(); - return GetPermissionsState(callingTokenID, reqPermList); + permOper = GetPermissionsState(callingTokenID, reqPermList); + return ERR_OK; } int32_t AccessTokenManagerService::GetPermissionsStatus(AccessTokenID tokenID, std::vector& reqPermList) { + AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } + if (!IsPrivilegedCalling() && + VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + + uint32_t size = reqPermList.size(); + if (size > MAX_PERMISSION_SIZE) { + LOGE(ATM_DOMAIN, ATM_TAG, "PermList size %{public}d is invalid", size); + return INVALID_OPER; + } + if (!AccessTokenInfoManager::GetInstance().IsTokenIdExist(tokenID)) { LOGE(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d does not exist", tokenID); return ERR_TOKENID_NOT_EXIST; @@ -314,23 +373,64 @@ PermissionOper AccessTokenManagerService::GetPermissionsState(AccessTokenID toke int AccessTokenManagerService::GetPermissionFlag( AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag) { + AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } + + if (!IsPrivilegedCalling() && + VerifyAccessToken(callingTokenID, GRANT_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED && + VerifyAccessToken(callingTokenID, REVOKE_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED && + VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + return AccessTokenError::ERR_PERMISSION_DENIED; + } return PermissionManager::GetInstance().GetPermissionFlag(tokenID, permissionName, flag); } int32_t AccessTokenManagerService::SetPermissionRequestToggleStatus( const std::string& permissionName, uint32_t status, int32_t userID = 0) { + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } + + if (!IsPrivilegedCalling() && VerifyAccessToken(callingTokenID, DISABLE_PERMISSION_DIALOG) == PERMISSION_DENIED) { + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", + HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, "CALLER_TOKENID", + callingTokenID, "PERMISSION_NAME", permissionName, "INTERFACE", "SetToggleStatus"); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d).", callingTokenID); + return AccessTokenError::ERR_PERMISSION_DENIED; + } return AccessTokenInfoManager::GetInstance().SetPermissionRequestToggleStatus(permissionName, status, userID); } int32_t AccessTokenManagerService::GetPermissionRequestToggleStatus( const std::string& permissionName, uint32_t& status, int32_t userID = 0) { + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } + + if (!IsShellProcessCalling() && !IsPrivilegedCalling() && + VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", + HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, "CALLER_TOKENID", + callingTokenID, "PERMISSION_NAME", permissionName, "INTERFACE", "GetToggleStatus"); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d).", callingTokenID); + return AccessTokenError::ERR_PERMISSION_DENIED; + } return AccessTokenInfoManager::GetInstance().GetPermissionRequestToggleStatus(permissionName, status, userID); } int32_t AccessTokenManagerService::RequestAppPermOnSetting(AccessTokenID tokenID) { + if (!IsSystemAppCalling()) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } + HapTokenInfo hapInfo; int32_t ret = AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenID, hapInfo); if (ret != ERR_OK) { @@ -343,18 +443,59 @@ int32_t AccessTokenManagerService::RequestAppPermOnSetting(AccessTokenID tokenID int AccessTokenManagerService::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) { + AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } + + if (!IsPrivilegedCalling() && + VerifyAccessToken(callingTokenID, GRANT_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", + HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, + "CALLER_TOKENID", callingTokenID, "PERMISSION_NAME", permissionName); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + int32_t ret = PermissionManager::GetInstance().GrantPermission(tokenID, permissionName, flag); return ret; } int AccessTokenManagerService::RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) { + AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } + + if (!IsPrivilegedCalling() && + VerifyAccessToken(callingTokenID, REVOKE_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", + HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, + "CALLER_TOKENID", callingTokenID, "PERMISSION_NAME", permissionName); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + return AccessTokenError::ERR_PERMISSION_DENIED; + } return PermissionManager::GetInstance().RevokePermission(tokenID, permissionName, flag); } int AccessTokenManagerService::GrantPermissionForSpecifiedTime( AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime) { + AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } + + if (!IsPrivilegedCalling() && + VerifyAccessToken(callingTokenID, GRANT_SHORT_TERM_WRITE_MEDIAVIDEO) == PERMISSION_DENIED) { + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", + HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, + "CALLER_TOKENID", callingTokenID, "PERMISSION_NAME", permissionName); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + int32_t ret = PermissionManager::GetInstance().GrantPermissionForSpecifiedTime(tokenID, permissionName, onceTime); return ret; } @@ -362,6 +503,16 @@ int AccessTokenManagerService::GrantPermissionForSpecifiedTime( int AccessTokenManagerService::ClearUserGrantedPermissionState(AccessTokenID tokenID) { LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenID); + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if (!IsPrivilegedCalling() && + VerifyAccessToken(callingTokenID, REVOKE_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", + HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, + "CALLER_TOKENID", callingTokenID); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + AccessTokenInfoManager::GetInstance().ClearUserGrantedPermissionState(tokenID); AccessTokenInfoManager::GetInstance().SetPermDialogCap(tokenID, false); return RET_SUCCESS; @@ -370,48 +521,119 @@ int AccessTokenManagerService::ClearUserGrantedPermissionState(AccessTokenID tok int32_t AccessTokenManagerService::RegisterPermStateChangeCallback( const PermStateChangeScopeParcel& scope, const sptr& callback) { + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } + if (VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + return AccessTokenError::ERR_PERMISSION_DENIED; + } return PermissionManager::GetInstance().AddPermStateChangeCallback(scope.scope, callback); } int32_t AccessTokenManagerService::UnRegisterPermStateChangeCallback(const sptr& callback) { + uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingToken) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } + if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); + + return AccessTokenError::ERR_PERMISSION_DENIED; + } return PermissionManager::GetInstance().RemovePermStateChangeCallback(callback); } int32_t AccessTokenManagerService::RegisterSelfPermStateChangeCallback( const PermStateChangeScopeParcel& scope, const sptr& callback) { + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if (this->GetTokenType(callingTokenID) != TOKEN_HAP) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is not hap."); + return AccessTokenError::ERR_PARAM_INVALID; + } return PermissionManager::GetInstance().AddPermStateChangeCallback(scope.scope, callback); } int32_t AccessTokenManagerService::UnRegisterSelfPermStateChangeCallback(const sptr& callback) { + uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); + if (this->GetTokenType(callingToken) != TOKEN_HAP) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is not hap."); + return AccessTokenError::ERR_PARAM_INVALID; + } return PermissionManager::GetInstance().RemovePermStateChangeCallback(callback); } -AccessTokenIDEx AccessTokenManagerService::AllocHapToken(const HapInfoParcel& info, const HapPolicyParcel& policy) +int32_t AccessTokenManagerService::AllocHapToken(const HapInfoParcel& info, const HapPolicyParcel& policy, + uint64_t& fullTokenId) { LOGI(ATM_DOMAIN, ATM_TAG, "BundleName: %{public}s", info.hapInfoParameter.bundleName.c_str()); AccessTokenIDEx tokenIdEx; tokenIdEx.tokenIDEx = 0LL; + AccessTokenID tokenID = IPCSkeleton::GetCallingTokenID(); + if (!IsPrivilegedCalling() && + (VerifyAccessToken(tokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", tokenID); + fullTokenId = static_cast(tokenIdEx.tokenIDEx); + return ERR_OK; + } + int ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo( info.hapInfoParameter, policy.hapPolicy, tokenIdEx); if (ret != RET_SUCCESS) { LOGE(ATM_DOMAIN, ATM_TAG, "Hap token info create failed"); } - return tokenIdEx; + fullTokenId = static_cast(tokenIdEx.tokenIDEx); + return ERR_OK; +} + +static void TransferHapPolicy(const HapPolicy& policyIn, HapPolicy& policyOut) +{ + policyOut.apl = policyIn.apl; + policyOut.domain = policyIn.domain; + policyOut.permList.assign(policyIn.permList.begin(), policyIn.permList.end()); + policyOut.aclRequestedList.assign(policyIn.aclRequestedList.begin(), policyIn.aclRequestedList.end()); + policyOut.preAuthorizationInfo.assign(policyIn.preAuthorizationInfo.begin(), policyIn.preAuthorizationInfo.end()); + for (const auto& perm : policyIn.permStateList) { + PermissionStatus tmp; + tmp.permissionName = perm.permissionName; + tmp.grantStatus = perm.grantStatus; + tmp.grantFlag = perm.grantFlag; + policyOut.permStateList.emplace_back(tmp); + } + policyOut.checkIgnore = policyIn.checkIgnore; + policyOut.aclExtendedMap = policyIn.aclExtendedMap; } -int32_t AccessTokenManagerService::InitHapToken(const HapInfoParcel& info, HapPolicyParcel& policy, - AccessTokenIDEx& fullTokenId, HapInfoCheckResult& result) +int32_t AccessTokenManagerService::InitHapToken(const HapInfoParcel& info, const HapPolicyParcel& policy, + uint64_t& fullTokenId, HapInfoCheckResultIdl& resultInfoIdl) { LOGI(ATM_DOMAIN, ATM_TAG, "Init hap %{public}s.", info.hapInfoParameter.bundleName.c_str()); + AccessTokenID tokenID = IPCSkeleton::GetCallingTokenID(); + if (!IsPrivilegedCalling() && + (VerifyAccessToken(tokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", tokenID); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + + HapPolicyParcel policyCopy; + TransferHapPolicy(policy.hapPolicy, policyCopy.hapPolicy); + + resultInfoIdl.realResult = ERR_OK; std::vector initializedList; if (info.hapInfoParameter.dlpType == DLP_COMMON) { + HapInfoCheckResult permCheckResult; if (!PermissionManager::GetInstance().InitPermissionList(info.hapInfoParameter.appDistributionType, - policy.hapPolicy, initializedList, result)) { - return ERR_PERM_REQUEST_CFG_FAILED; + policyCopy.hapPolicy, initializedList, permCheckResult)) { + resultInfoIdl.realResult = ERROR; + resultInfoIdl.permissionName = permCheckResult.permCheckResult.permissionName; + int32_t rule = permCheckResult.permCheckResult.rule; + resultInfoIdl.rule = static_cast(rule); + return ERR_OK; } } else { if (!PermissionManager::GetInstance().InitDlpPermissionList( @@ -419,10 +641,12 @@ int32_t AccessTokenManagerService::InitHapToken(const HapInfoParcel& info, HapPo return ERR_PERM_REQUEST_CFG_FAILED; } } - policy.hapPolicy.permStateList = initializedList; + policyCopy.hapPolicy.permStateList = initializedList; + AccessTokenIDEx tokenIdEx; int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo( - info.hapInfoParameter, policy.hapPolicy, fullTokenId); + info.hapInfoParameter, policyCopy.hapPolicy, tokenIdEx); + fullTokenId = tokenIdEx.tokenIDEx; if (ret != RET_SUCCESS) { return ret; } @@ -433,6 +657,15 @@ int32_t AccessTokenManagerService::InitHapToken(const HapInfoParcel& info, HapPo int AccessTokenManagerService::DeleteToken(AccessTokenID tokenID) { LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenID); + AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID(); + if (!IsPrivilegedCalling() && + (VerifyAccessToken(callingTokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + if (this->GetTokenType(tokenID) != TOKEN_HAP) { + return AccessTokenError::ERR_PARAM_INVALID; + } // only support hap token deletion return AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); } @@ -443,47 +676,103 @@ int AccessTokenManagerService::GetTokenType(AccessTokenID tokenID) return AccessTokenIDManager::GetInstance().GetTokenIdType(tokenID); } -AccessTokenIDEx AccessTokenManagerService::GetHapTokenID( - int32_t userID, const std::string& bundleName, int32_t instIndex) +int AccessTokenManagerService::GetTokenType(AccessTokenID tokenID, int32_t& tokenType) +{ + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenID); + tokenType = AccessTokenIDManager::GetInstance().GetTokenIdType(tokenID); + return ERR_OK; +} + +int32_t AccessTokenManagerService::GetHapTokenID( + int32_t userID, const std::string& bundleName, int32_t instIndex, uint64_t& fullTokenId) { LOGD(ATM_DOMAIN, ATM_TAG, "UserID: %{public}d, bundle: %{public}s, instIndex: %{public}d", userID, bundleName.c_str(), instIndex); - return AccessTokenInfoManager::GetInstance().GetHapTokenID(userID, bundleName, instIndex); + if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + + AccessTokenIDEx tokenIdEx = {0}; + fullTokenId = tokenIdEx.tokenIDEx; + return ERR_OK; + } + AccessTokenIDEx tokenIdEx = AccessTokenInfoManager::GetInstance().GetHapTokenID(userID, bundleName, instIndex); + fullTokenId = tokenIdEx.tokenIDEx; + return ERR_OK; } -AccessTokenID AccessTokenManagerService::AllocLocalTokenID( - const std::string& remoteDeviceID, AccessTokenID remoteTokenID) +int32_t AccessTokenManagerService::AllocLocalTokenID( + const std::string& remoteDeviceID, AccessTokenID remoteTokenID, AccessTokenID& tokenId) { LOGI(ATM_DOMAIN, ATM_TAG, "RemoteDeviceID: %{public}s, remoteTokenID: %{public}d", ConstantCommon::EncryptDevId(remoteDeviceID).c_str(), remoteTokenID); + if ((!IsNativeProcessCalling()) && !IsPrivilegedCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + tokenId = INVALID_TOKENID; + return ERR_OK; + } AccessTokenID tokenID = AccessTokenInfoManager::GetInstance().AllocLocalTokenID(remoteDeviceID, remoteTokenID); - return tokenID; + tokenId = tokenID; + return ERR_OK; } -int32_t AccessTokenManagerService::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, - const HapPolicyParcel& policyParcel, HapInfoCheckResult& result) +int32_t AccessTokenManagerService::UpdateHapToken(uint64_t& fullTokenId, const UpdateHapInfoParamsIdl& infoIdl, + const HapPolicyParcel& policyParcel, HapInfoCheckResultIdl& resultInfoIdl) { + AccessTokenIDEx tokenIdEx; + tokenIdEx.tokenIDEx = fullTokenId; LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenIdEx.tokenIdExStruct.tokenID); + AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID(); + if (!IsPrivilegedCalling() && + (VerifyAccessToken(callingTokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + UpdateHapInfoParams info; + info.appIDDesc = infoIdl.appIDDesc; + info.apiVersion = infoIdl.apiVersion; + info.isSystemApp = infoIdl.isSystemApp; + info.appDistributionType = infoIdl.appDistributionType; std::vector InitializedList; + + resultInfoIdl.realResult = ERR_OK; + HapInfoCheckResult permCheckResult; if (!PermissionManager::GetInstance().InitPermissionList( - info.appDistributionType, policyParcel.hapPolicy, InitializedList, result)) { - return ERR_PERM_REQUEST_CFG_FAILED; + info.appDistributionType, policyParcel.hapPolicy, InitializedList, permCheckResult)) { + resultInfoIdl.realResult = ERROR; + resultInfoIdl.permissionName = permCheckResult.permCheckResult.permissionName; + int32_t rule = permCheckResult.permCheckResult.rule; + resultInfoIdl.rule = static_cast(rule); + return ERR_OK; } int32_t ret = AccessTokenInfoManager::GetInstance().UpdateHapToken(tokenIdEx, info, InitializedList, policyParcel.hapPolicy); + fullTokenId = tokenIdEx.tokenIDEx; return ret; } -int32_t AccessTokenManagerService::GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenIdList) +int32_t AccessTokenManagerService::GetTokenIDByUserID(int32_t userID, std::vector& tokenIds) { LOGD(ATM_DOMAIN, ATM_TAG, "UserID: %{public}d", userID); - return AccessTokenInfoManager::GetInstance().GetTokenIDByUserID(userID, tokenIdList); + if (!IsNativeProcessCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + std::unordered_set tokenIdList; + + auto result = AccessTokenInfoManager::GetInstance().GetTokenIDByUserID(userID, tokenIdList); + std::copy(tokenIdList.begin(), tokenIdList.end(), std::back_inserter(tokenIds)); + return result; } int AccessTokenManagerService::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfoParcel& infoParcel) { LOGD(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenID); + if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + return AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenID, infoParcel.hapTokenInfoParams); } @@ -491,6 +780,11 @@ int AccessTokenManagerService::GetHapTokenInfoExtension(AccessTokenID tokenID, HapTokenInfoParcel& hapTokenInfoRes, std::string& appID) { LOGD(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d.", tokenID); + if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + int ret = AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenID, hapTokenInfoRes.hapTokenInfoParams); if (ret != RET_SUCCESS) { LOGE(ATM_DOMAIN, ATM_TAG, "Get hap token info extenstion failed, ret is %{public}d.", ret); @@ -503,6 +797,12 @@ int AccessTokenManagerService::GetHapTokenInfoExtension(AccessTokenID tokenID, int AccessTokenManagerService::GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoParcel& infoParcel) { LOGD(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenID); + + if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d).", IPCSkeleton::GetCallingTokenID()); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + NativeTokenInfoBase baseInfo; int32_t ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(tokenID, baseInfo); infoParcel.nativeTokenInfoParams.apl = baseInfo.apl; @@ -513,6 +813,10 @@ int AccessTokenManagerService::GetNativeTokenInfo(AccessTokenID tokenID, NativeT #ifndef ATM_BUILD_VARIANT_USER_ENABLE int32_t AccessTokenManagerService::ReloadNativeTokenInfo() { + if (!IsPrivilegedCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + return AccessTokenError::ERR_PERMISSION_DENIED; + } LibraryLoader loader(CONFIG_PARSE_LIBPATH); ConfigPolicyLoaderInterface* policy = loader.GetObject(); if (policy == nullptr) { @@ -531,9 +835,15 @@ int32_t AccessTokenManagerService::ReloadNativeTokenInfo() } #endif -AccessTokenID AccessTokenManagerService::GetNativeTokenId(const std::string& processName) +int32_t AccessTokenManagerService::GetNativeTokenId(const std::string& processName, AccessTokenID& tokenID) { - return AccessTokenInfoManager::GetInstance().GetNativeTokenId(processName); + if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + tokenID = INVALID_TOKENID; + return ERR_OK; + } + tokenID = AccessTokenInfoManager::GetInstance().GetNativeTokenId(processName); + return ERR_OK; } #ifdef TOKEN_SYNC_ENABLE @@ -542,16 +852,47 @@ int AccessTokenManagerService::GetHapTokenInfoFromRemote(AccessTokenID tokenID, { LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenID); + if (!IsAccessTokenCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + return AccessTokenError::ERR_PERMISSION_DENIED; + } return AccessTokenInfoManager::GetInstance().GetHapTokenInfoFromRemote(tokenID, hapSyncParcel.hapTokenInfoForSyncParams); } +static void TransferHapTokenInfoForSync(const HapTokenInfoForSync& policyIn, HapTokenInfoForSync& policyOut) +{ + policyOut.baseInfo.ver = policyIn.baseInfo.ver; + policyOut.baseInfo.userID = policyIn.baseInfo.userID; + policyOut.baseInfo.bundleName = policyIn.baseInfo.bundleName; + policyOut.baseInfo.apiVersion = policyIn.baseInfo.apiVersion; + policyOut.baseInfo.instIndex = policyIn.baseInfo.instIndex; + policyOut.baseInfo.dlpType = policyIn.baseInfo.dlpType; + policyOut.baseInfo.tokenID = policyIn.baseInfo.tokenID; + policyOut.baseInfo.tokenAttr = policyIn.baseInfo.tokenAttr; + for (const auto& item : policyIn.permStateList) { + PermissionStatus tmp; + tmp.permissionName = item.permissionName; + tmp.grantStatus = item.grantStatus; + tmp.grantFlag = item.grantFlag; + policyOut.permStateList.emplace_back(tmp); + } +} + int AccessTokenManagerService::SetRemoteHapTokenInfo(const std::string& deviceID, - HapTokenInfoForSyncParcel& hapSyncParcel) + const HapTokenInfoForSyncParcel& hapSyncParcel) { LOGI(ATM_DOMAIN, ATM_TAG, "DeviceID: %{public}s", ConstantCommon::EncryptDevId(deviceID).c_str()); + + if (!IsAccessTokenCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + HapTokenInfoForSyncParcel hapSyncParcelCopy; + TransferHapTokenInfoForSync(hapSyncParcel.hapTokenInfoForSyncParams, hapSyncParcelCopy.hapTokenInfoForSyncParams); + int ret = AccessTokenInfoManager::GetInstance().SetRemoteHapTokenInfo(deviceID, - hapSyncParcel.hapTokenInfoForSyncParams); + hapSyncParcelCopy.hapTokenInfoForSyncParams); return ret; } @@ -559,58 +900,101 @@ int AccessTokenManagerService::DeleteRemoteToken(const std::string& deviceID, Ac { LOGI(ATM_DOMAIN, ATM_TAG, "DeviceID: %{public}s, token id %{public}d", ConstantCommon::EncryptDevId(deviceID).c_str(), tokenID); + + if (!IsAccessTokenCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + return AccessTokenError::ERR_PERMISSION_DENIED; + } return AccessTokenInfoManager::GetInstance().DeleteRemoteToken(deviceID, tokenID); } -AccessTokenID AccessTokenManagerService::GetRemoteNativeTokenID(const std::string& deviceID, - AccessTokenID tokenID) +int32_t AccessTokenManagerService::GetRemoteNativeTokenID(const std::string& deviceID, + AccessTokenID tokenID, AccessTokenID& tokenId) { LOGI(ATM_DOMAIN, ATM_TAG, "DeviceID: %{public}s, token id %{public}d", ConstantCommon::EncryptDevId(deviceID).c_str(), tokenID); - return AccessTokenInfoManager::GetInstance().GetRemoteNativeTokenID(deviceID, tokenID); + if (!IsAccessTokenCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + tokenId = INVALID_TOKENID; + return ERR_OK; + } + tokenId = AccessTokenInfoManager::GetInstance().GetRemoteNativeTokenID(deviceID, tokenID); + return ERR_OK; } int AccessTokenManagerService::DeleteRemoteDeviceTokens(const std::string& deviceID) { LOGI(ATM_DOMAIN, ATM_TAG, "DeviceID: %{public}s", ConstantCommon::EncryptDevId(deviceID).c_str()); + + if (!IsAccessTokenCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + return AccessTokenError::ERR_PERMISSION_DENIED; + } return AccessTokenInfoManager::GetInstance().DeleteRemoteDeviceTokens(deviceID); } int32_t AccessTokenManagerService::RegisterTokenSyncCallback(const sptr& callback) { LOGI(ATM_DOMAIN, ATM_TAG, "Call token sync callback registed."); + + if (!IsAccessTokenCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied, tokenID=%{public}d", IPCSkeleton::GetCallingTokenID()); + return AccessTokenError::ERR_PERMISSION_DENIED; + } return TokenModifyNotifier::GetInstance().RegisterTokenSyncCallback(callback); } int32_t AccessTokenManagerService::UnRegisterTokenSyncCallback() { LOGI(ATM_DOMAIN, ATM_TAG, "Call token sync callback unregisted."); + + if (!IsAccessTokenCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied, tokenID=%{public}d", IPCSkeleton::GetCallingTokenID()); + return AccessTokenError::ERR_PERMISSION_DENIED; + } return TokenModifyNotifier::GetInstance().UnRegisterTokenSyncCallback(); } #endif -void AccessTokenManagerService::DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& dumpInfo) +int32_t AccessTokenManagerService::DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& dumpInfo) { LOGI(ATM_DOMAIN, ATM_TAG, "Called"); + if (!IsShellProcessCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + dumpInfo = ""; + return ERR_OK; + } + bool isDeveloperMode = OHOS::system::GetBoolParameter(DEVELOPER_MODE_STATE, false); if (!isDeveloperMode) { dumpInfo = "Developer mode not support."; - return; + return ERR_OK; } AccessTokenInfoManager::GetInstance().DumpTokenInfo(infoParcel.info, dumpInfo); + return ERR_OK; } int32_t AccessTokenManagerService::GetVersion(uint32_t& version) { LOGI(ATM_DOMAIN, ATM_TAG, "Called"); + uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingToken) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } version = DEFAULT_TOKEN_VERSION; return RET_SUCCESS; } int32_t AccessTokenManagerService::SetPermDialogCap(const HapBaseInfoParcel& hapBaseInfoParcel, bool enable) { + uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); + if (VerifyAccessToken(callingToken, DISABLE_PERMISSION_DIALOG) == PERMISSION_DENIED) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + AccessTokenIDEx tokenIdEx = AccessTokenInfoManager::GetInstance().GetHapTokenID( hapBaseInfoParcel.hapBaseInfo.userID, hapBaseInfoParcel.hapBaseInfo.bundleName, @@ -624,28 +1008,74 @@ int32_t AccessTokenManagerService::SetPermDialogCap(const HapBaseInfoParcel& hap return ret; } -void AccessTokenManagerService::GetPermissionManagerInfo(PermissionGrantInfoParcel& infoParcel) +int32_t AccessTokenManagerService::GetPermissionManagerInfo(PermissionGrantInfoParcel& infoParcel) { infoParcel.info.grantBundleName = grantBundleName_; infoParcel.info.grantAbilityName = grantAbilityName_; infoParcel.info.grantServiceAbilityName = grantServiceAbilityName_; infoParcel.info.permStateAbilityName = permStateAbilityName_; infoParcel.info.globalSwitchAbilityName = globalSwitchAbilityName_; + return ERR_OK; } int32_t AccessTokenManagerService::InitUserPolicy( - const std::vector& userList, const std::vector& permList) + const std::vector& userIdlList, const std::vector& permList) { + uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); + if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + + uint32_t userSize = userIdlList.size(); + uint32_t permSize = permList.size(); + if ((userSize > MAX_USER_POLICY_SIZE) || (permSize > MAX_USER_POLICY_SIZE)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Size %{public}u is invalid", userSize); + return AccessTokenError::ERR_OVERSIZE; + } + + std::vector userList; + for (const auto& item : userIdlList) { + UserState tmp; + tmp.userId = item.userId; + tmp.isActive = item.isActive; + userList.emplace_back(tmp); + } return AccessTokenInfoManager::GetInstance().InitUserPolicy(userList, permList); } -int32_t AccessTokenManagerService::UpdateUserPolicy(const std::vector& userList) +int32_t AccessTokenManagerService::UpdateUserPolicy(const std::vector& userIdlList) { + uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); + if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + + uint32_t userSize = userIdlList.size(); + if (userSize > MAX_USER_POLICY_SIZE) { + LOGE(ATM_DOMAIN, ATM_TAG, "Size %{public}u is invalid", userSize); + return AccessTokenError::ERR_OVERSIZE; + } + + std::vector userList; + for (const auto& item : userIdlList) { + UserState tmp; + tmp.userId = item.userId; + tmp.isActive = item.isActive; + userList.emplace_back(tmp); + } return AccessTokenInfoManager::GetInstance().UpdateUserPolicy(userList); } int32_t AccessTokenManagerService::ClearUserPolicy() { + uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); + if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + return AccessTokenInfoManager::GetInstance().ClearUserPolicy(); } @@ -741,14 +1171,32 @@ void AccessTokenManagerService::GetConfigValue() } int32_t AccessTokenManagerService::GetKernelPermissions( - AccessTokenID tokenId, std::vector& kernelPermList) + AccessTokenID tokenId, std::vector& kernelPermIdlList) { - return AccessTokenInfoManager::GetInstance().GetKernelPermissions(tokenId, kernelPermList); + auto callingToken = IPCSkeleton::GetCallingTokenID(); + if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + + std::vector kernelPermList; + auto result = AccessTokenInfoManager::GetInstance().GetKernelPermissions(tokenId, kernelPermList); + for (const auto& item : kernelPermList) { + PermissionWithValueIdl tmp; + tmp.permissionName = item.permissionName; + tmp.value = item.value; + kernelPermIdlList.emplace_back(tmp); + } + return result; } int32_t AccessTokenManagerService::GetReqPermissionByName( AccessTokenID tokenId, const std::string& permissionName, std::string& value) { + if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + return AccessTokenError::ERR_PERMISSION_DENIED; + } return AccessTokenInfoManager::GetInstance().GetReqPermissionByName( tokenId, permissionName, value); } @@ -767,6 +1215,64 @@ bool AccessTokenManagerService::Initialize() LOGI(ATM_DOMAIN, ATM_TAG, "Initialize success"); return true; } + +bool AccessTokenManagerService::IsPrivilegedCalling() const +{ + // shell process is root in debug mode. +#ifndef ATM_BUILD_VARIANT_USER_ENABLE + int32_t callingUid = IPCSkeleton::GetCallingUid(); + return callingUid == ROOT_UID; +#else + return false; +#endif +} + +bool AccessTokenManagerService::IsAccessTokenCalling() +{ + uint32_t tokenCaller = IPCSkeleton::GetCallingTokenID(); + if (tokenSyncId_ == 0) { + this->GetNativeTokenId("token_sync_service", tokenSyncId_); + } + return tokenCaller == tokenSyncId_; +} + +bool AccessTokenManagerService::IsNativeProcessCalling() +{ + AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); + return this->GetTokenType(tokenCaller) == TOKEN_NATIVE; +} + +bool AccessTokenManagerService::IsShellProcessCalling() +{ + AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); + return this->GetTokenType(tokenCaller) == TOKEN_SHELL; +} + +bool AccessTokenManagerService::IsSystemAppCalling() const +{ + uint64_t fullTokenId = IPCSkeleton::GetCallingFullTokenID(); + return TokenIdKit::IsSystemAppByFullTokenID(fullTokenId); +} + +int32_t AccessTokenManagerService::CallbackEnter(uint32_t code) +{ + ClearThreadErrorMsg(); +#ifdef HICOLLIE_ENABLE + std::string name = "AtmTimer"; + g_timerId = HiviewDFX::XCollie::GetInstance().SetTimer(name, TIMEOUT, nullptr, nullptr, + HiviewDFX::XCOLLIE_FLAG_LOG); +#endif // HICOLLIE_ENABLE + return ERR_OK; +} + +int32_t AccessTokenManagerService::CallbackExit(uint32_t code, int32_t result) +{ +#ifdef HICOLLIE_ENABLE + HiviewDFX::XCollie::GetInstance().CancelTimer(g_timerId); +#endif // HICOLLIE_ENABLE + ReportSysCommonEventError(code, 0); + return ERR_OK; +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp deleted file mode 100644 index 9271dc0380ca1ddda632dc18a21744b4d3bb6750..0000000000000000000000000000000000000000 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp +++ /dev/null @@ -1,1335 +0,0 @@ -/* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "accesstoken_manager_stub.h" - -#include -#include "accesstoken_dfx_define.h" -#include "accesstoken_common_log.h" -#include "access_token_error.h" -#include "ipc_skeleton.h" -#include "memory_guard.h" -#include "string_ex.h" -#include "tokenid_kit.h" -#include "hisysevent_adapter.h" -#ifdef HICOLLIE_ENABLE -#include "xcollie/xcollie.h" -#endif // HICOLLIE_ENABLE - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -const std::string MANAGE_HAP_TOKENID_PERMISSION = "ohos.permission.MANAGE_HAP_TOKENID"; -static const int32_t DUMP_CAPACITY_SIZE = 2 * 1024 * 1000; -static const int MAX_PERMISSION_SIZE = 1000; -static const int32_t MAX_USER_POLICY_SIZE = 1024; -const std::string GRANT_SENSITIVE_PERMISSIONS = "ohos.permission.GRANT_SENSITIVE_PERMISSIONS"; -const std::string REVOKE_SENSITIVE_PERMISSIONS = "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS"; -const std::string GET_SENSITIVE_PERMISSIONS = "ohos.permission.GET_SENSITIVE_PERMISSIONS"; -const std::string DISABLE_PERMISSION_DIALOG = "ohos.permission.DISABLE_PERMISSION_DIALOG"; -const std::string GRANT_SHORT_TERM_WRITE_MEDIAVIDEO = "ohos.permission.GRANT_SHORT_TERM_WRITE_MEDIAVIDEO"; - -#ifdef HICOLLIE_ENABLE -constexpr uint32_t TIMEOUT = 40; // 40s -#endif // HICOLLIE_ENABLE -} - -int32_t AccessTokenManagerStub::OnRemoteRequest( - uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& option) -{ - MemoryGuard guard; - - ClearThreadErrorMsg(); - uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); - LOGD(ATM_DOMAIN, ATM_TAG, "Code %{public}u token %{public}u", code, callingTokenID); - std::u16string descriptor = data.ReadInterfaceToken(); - if (descriptor != IAccessTokenManager::GetDescriptor()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Get unexpect descriptor: %{public}s", Str16ToStr8(descriptor).c_str()); - return ERROR_IPC_REQUEST_FAIL; - } - -#ifdef HICOLLIE_ENABLE - std::string name = "AtmTimer"; - int timerId = HiviewDFX::XCollie::GetInstance().SetTimer(name, TIMEOUT, nullptr, nullptr, - HiviewDFX::XCOLLIE_FLAG_LOG); -#endif // HICOLLIE_ENABLE - - auto itFunc = requestFuncMap_.find(code); - if (itFunc != requestFuncMap_.end()) { - auto requestFunc = itFunc->second; - if (requestFunc != nullptr) { - (this->*requestFunc)(data, reply); - -#ifdef HICOLLIE_ENABLE - HiviewDFX::XCollie::GetInstance().CancelTimer(timerId); -#endif // HICOLLIE_ENABLE - ReportSysCommonEventError(code, 0); - return NO_ERROR; - } - } - -#ifdef HICOLLIE_ENABLE - HiviewDFX::XCollie::GetInstance().CancelTimer(timerId); -#endif // HICOLLIE_ENABLE - - return IPCObjectStub::OnRemoteRequest(code, data, reply, option); // when code invalid -} - -void AccessTokenManagerStub::DeleteTokenInfoInner(MessageParcel& data, MessageParcel& reply) -{ - AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID(); - if (!IsPrivilegedCalling() && - (VerifyAccessToken(callingTokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - AccessTokenID tokenID = data.ReadUint32(); - if (this->GetTokenType(tokenID) != TOKEN_HAP) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PARAM_INVALID), "WriteInt32 failed."); - return; - } - int result = this->DeleteToken(tokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::GetPermissionUsedTypeInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(static_cast(PermUsedTypeEnum::INVALID_USED_TYPE)), - "WriteInt32 failed."); - return; - } - uint32_t tokenID; - if (!data.ReadUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to read tokenID."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(static_cast(PermUsedTypeEnum::INVALID_USED_TYPE)), - "WriteInt32 failed."); - return; - } - std::string permissionName; - if (!data.ReadString(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to read permissionName."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32( - static_cast(PermUsedTypeEnum::INVALID_USED_TYPE)), "WriteInt32 failed."); - return; - } - PermUsedTypeEnum result = this->GetPermissionUsedType(tokenID, permissionName); - int32_t type = static_cast(result); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(type), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::VerifyAccessTokenInner(MessageParcel& data, MessageParcel& reply) -{ - AccessTokenID tokenID = data.ReadUint32(); - std::string permissionName = data.ReadString(); - int result = this->VerifyAccessToken(tokenID, permissionName); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::VerifyAccessTokenWithListInner(MessageParcel& data, MessageParcel& reply) -{ - AccessTokenID tokenID; - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, data.ReadUint32(tokenID), "ReadUint32 failed."); - - std::vector permissionList; - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, data.ReadStringVector(&permissionList), "ReadStringVector failed."); - - std::vector permStateList; - this->VerifyAccessToken(tokenID, permissionList, permStateList); - - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32Vector(permStateList), "WriteInt32Vector failed."); -} - -void AccessTokenManagerStub::GetDefPermissionInner(MessageParcel& data, MessageParcel& reply) -{ - std::string permissionName = data.ReadString(); - PermissionDefParcel permissionDefParcel; - int result = this->GetDefPermission(permissionName, permissionDefParcel); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteParcelable(&permissionDefParcel), "Write PermissionDefParcel fail."); -} - -void AccessTokenManagerStub::GetReqPermissionsInner(MessageParcel& data, MessageParcel& reply) -{ - unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - if (!IsPrivilegedCalling() && - VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - - AccessTokenID tokenID = data.ReadUint32(); - int isSystemGrant = data.ReadInt32(); - std::vector permList; - - int result = this->GetReqPermissions(tokenID, permList, isSystemGrant); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - LOGD(ATM_DOMAIN, ATM_TAG, "PermList size: %{public}zu", permList.size()); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(permList.size()), "WriteInt32 failed."); - for (const auto& permDef : permList) { - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&permDef), "WriteParcelable fail."); - } -} - -void AccessTokenManagerStub::GetSelfPermissionsStateInner(MessageParcel& data, MessageParcel& reply) -{ - std::vector permList; - uint32_t size = 0; - if (!data.ReadUint32(size)) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(INVALID_OPER), "WriteInt32 failed."); - return; - } - LOGD(ATM_DOMAIN, ATM_TAG, "PermList size read from client data is %{public}d.", size); - if (size > MAX_PERMISSION_SIZE) { - LOGE(ATM_DOMAIN, ATM_TAG, "PermList size %{public}d is invalid", size); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(INVALID_OPER), "WriteInt32 failed."); - return; - } - for (uint32_t i = 0; i < size; i++) { - sptr permissionParcel = data.ReadParcelable(); - if (permissionParcel != nullptr) { - permList.emplace_back(*permissionParcel); - } - } - PermissionGrantInfoParcel infoParcel; - PermissionOper result = this->GetSelfPermissionsState(permList, infoParcel); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(permList.size()), "WriteUint32 failed."); - for (const auto& perm : permList) { - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&perm), "WriteParcelable failed."); - } - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&infoParcel), "WriteParcelable failed."); -} - -void AccessTokenManagerStub::GetPermissionsStatusInner(MessageParcel& data, MessageParcel& reply) -{ - unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - if (!IsPrivilegedCalling() && - VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - - AccessTokenID tokenID = data.ReadUint32(); - std::vector permList; - uint32_t size = 0; - if (!data.ReadUint32(size)) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(INVALID_OPER), "WriteInt32 failed."); - return; - } - LOGD(ATM_DOMAIN, ATM_TAG, "PermList size read from client data is %{public}d.", size); - if (size > MAX_PERMISSION_SIZE) { - LOGE(ATM_DOMAIN, ATM_TAG, "PermList size %{public}d is oversize", size); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(INVALID_OPER), "WriteInt32 failed."); - return; - } - for (uint32_t i = 0; i < size; i++) { - sptr permissionParcel = data.ReadParcelable(); - if (permissionParcel != nullptr) { - permList.emplace_back(*permissionParcel); - } - } - int32_t result = this->GetPermissionsStatus(tokenID, permList); - - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(permList.size()), "WriteUint32 failed."); - for (const auto& perm : permList) { - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&perm), "WriteParcelable failed."); - } -} - -void AccessTokenManagerStub::GetPermissionFlagInner(MessageParcel& data, MessageParcel& reply) -{ - unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - AccessTokenID tokenID = data.ReadUint32(); - std::string permissionName = data.ReadString(); - if (!IsPrivilegedCalling() && - VerifyAccessToken(callingTokenID, GRANT_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED && - VerifyAccessToken(callingTokenID, REVOKE_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED && - VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - uint32_t flag; - int result = this->GetPermissionFlag(tokenID, permissionName, flag); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(flag), "WriteUint32 failed."); -} - -void AccessTokenManagerStub::SetPermissionRequestToggleStatusInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - - std::string permissionName = data.ReadString(); - uint32_t status = data.ReadUint32(); - int32_t userID = data.ReadInt32(); - if (!IsPrivilegedCalling() && VerifyAccessToken(callingTokenID, DISABLE_PERMISSION_DIALOG) == PERMISSION_DENIED) { - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, "CALLER_TOKENID", - callingTokenID, "PERMISSION_NAME", permissionName, "INTERFACE", "SetToggleStatus"); - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d).", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - int32_t result = this->SetPermissionRequestToggleStatus(permissionName, status, userID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::GetPermissionRequestToggleStatusInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - - std::string permissionName = data.ReadString(); - int32_t userID = data.ReadInt32(); - if (!IsShellProcessCalling() && !IsPrivilegedCalling() && - VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, "CALLER_TOKENID", - callingTokenID, "PERMISSION_NAME", permissionName, "INTERFACE", "GetToggleStatus"); - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d).", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - uint32_t status; - int32_t result = this->GetPermissionRequestToggleStatus(permissionName, status, userID); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(status), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::RequestAppPermOnSettingInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsSystemAppCalling()) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - - AccessTokenID tokenID; - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, data.ReadUint32(tokenID), "ReadUint32 failed."); - - int result = this->RequestAppPermOnSetting(tokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::GrantPermissionInner(MessageParcel& data, MessageParcel& reply) -{ - unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - AccessTokenID tokenID = data.ReadUint32(); - std::string permissionName = data.ReadString(); - uint32_t flag = data.ReadUint32(); - if (!IsPrivilegedCalling() && - VerifyAccessToken(callingTokenID, GRANT_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, - "CALLER_TOKENID", callingTokenID, "PERMISSION_NAME", permissionName); - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - int result = this->GrantPermission(tokenID, permissionName, flag); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::RevokePermissionInner(MessageParcel& data, MessageParcel& reply) -{ - unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - AccessTokenID tokenID = data.ReadUint32(); - std::string permissionName = data.ReadString(); - uint32_t flag = data.ReadUint32(); - if (!IsPrivilegedCalling() && - VerifyAccessToken(callingTokenID, REVOKE_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, - "CALLER_TOKENID", callingTokenID, "PERMISSION_NAME", permissionName); - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - int result = this->RevokePermission(tokenID, permissionName, flag); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::GrantPermissionForSpecifiedTimeInner(MessageParcel& data, MessageParcel& reply) -{ - unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - AccessTokenID tokenID = data.ReadUint32(); - std::string permissionName = data.ReadString(); - uint32_t onceTime = data.ReadUint32(); - if (!IsPrivilegedCalling() && - VerifyAccessToken(callingTokenID, GRANT_SHORT_TERM_WRITE_MEDIAVIDEO) == PERMISSION_DENIED) { - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, - "CALLER_TOKENID", callingTokenID, "PERMISSION_NAME", permissionName); - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - int result = this->GrantPermissionForSpecifiedTime(tokenID, permissionName, onceTime); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::ClearUserGrantedPermissionStateInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); - if (!IsPrivilegedCalling() && - VerifyAccessToken(callingTokenID, REVOKE_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, - "CALLER_TOKENID", callingTokenID); - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - AccessTokenID tokenID = data.ReadUint32(); - int result = this->ClearUserGrantedPermissionState(tokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::AllocHapTokenInner(MessageParcel& data, MessageParcel& reply) -{ - AccessTokenIDEx res = {0}; - AccessTokenID tokenID = IPCSkeleton::GetCallingTokenID(); - if (!IsPrivilegedCalling() && - (VerifyAccessToken(tokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", tokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - - sptr hapInfoParcel = data.ReadParcelable(); - sptr hapPolicyParcel = data.ReadParcelable(); - if (hapInfoParcel == nullptr || hapPolicyParcel == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read hapPolicyParcel or hapInfoParcel fail"); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - res = this->AllocHapToken(*hapInfoParcel, *hapPolicyParcel); - reply.WriteUint64(res.tokenIDEx); -} - -void AccessTokenManagerStub::InitHapTokenInner(MessageParcel& data, MessageParcel& reply) -{ - AccessTokenID tokenID = IPCSkeleton::GetCallingTokenID(); - if (!IsPrivilegedCalling() && - (VerifyAccessToken(tokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", tokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - - sptr hapInfoParcel = data.ReadParcelable(); - sptr hapPolicyParcel = data.ReadParcelable(); - if (hapInfoParcel == nullptr || hapPolicyParcel == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read hapPolicyParcel or hapInfoParcel fail"); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - int32_t res; - AccessTokenIDEx fullTokenId = { 0 }; - HapInfoCheckResult result; - res = this->InitHapToken(*hapInfoParcel, *hapPolicyParcel, fullTokenId, result); - if (!reply.WriteInt32(res)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInt32 fail"); - } - - if (res != RET_SUCCESS) { - if (!result.permCheckResult.permissionName.empty()) { - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteString(result.permCheckResult.permissionName), "WriteString failed."); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(result.permCheckResult.rule), "WriteInt32 failed."); - } - LOGE(ATM_DOMAIN, ATM_TAG, "Res error %{public}d.", res); - return; - } - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint64(fullTokenId.tokenIDEx), "WriteUint64 failed."); -} - -void AccessTokenManagerStub::GetTokenTypeInner(MessageParcel& data, MessageParcel& reply) -{ - AccessTokenID tokenID = data.ReadUint32(); - int result = this->GetTokenType(tokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::GetHapTokenIDInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(INVALID_TOKENID), "WriteInt32 failed."); - return; - } - int userID = data.ReadInt32(); - std::string bundleName = data.ReadString(); - int instIndex = data.ReadInt32(); - AccessTokenIDEx tokenIdEx = this->GetHapTokenID(userID, bundleName, instIndex); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint64(tokenIdEx.tokenIDEx), "WriteUint64 failed."); -} - -void AccessTokenManagerStub::AllocLocalTokenIDInner(MessageParcel& data, MessageParcel& reply) -{ - if ((!IsNativeProcessCalling()) && !IsPrivilegedCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(INVALID_TOKENID), "WriteInt32 failed."); - return; - } - std::string remoteDeviceID = data.ReadString(); - AccessTokenID remoteTokenID = data.ReadUint32(); - AccessTokenID result = this->AllocLocalTokenID(remoteDeviceID, remoteTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(result), "WriteUint32 failed."); -} - -void AccessTokenManagerStub::UpdateHapTokenInner(MessageParcel& data, MessageParcel& reply) -{ - AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID(); - if (!IsPrivilegedCalling() && - (VerifyAccessToken(callingTokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - UpdateHapInfoParams info; - AccessTokenID tokenID = data.ReadUint32(); - info.isSystemApp = data.ReadBool(); - info.appIDDesc = data.ReadString(); - info.apiVersion = data.ReadInt32(); - info.appDistributionType = data.ReadString(); - AccessTokenIDEx tokenIdEx; - tokenIdEx.tokenIdExStruct.tokenID = tokenID; - sptr policyParcel = data.ReadParcelable(); - if (policyParcel == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "PolicyParcel read faild"); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - HapInfoCheckResult resultInfo; - int32_t result = this->UpdateHapToken(tokenIdEx, info, *policyParcel, resultInfo); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteUint32(tokenIdEx.tokenIdExStruct.tokenAttr), "WriteUint32 failed."); - if (result != RET_SUCCESS) { - if (!resultInfo.permCheckResult.permissionName.empty()) { - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteString(resultInfo.permCheckResult.permissionName), "WriteString failed."); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(resultInfo.permCheckResult.rule), "WriteInt32 failed."); - } - LOGE(ATM_DOMAIN, ATM_TAG, "Res error %{public}d", result); - return; - } -} - -void AccessTokenManagerStub::GetTokenIDByUserIDInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsNativeProcessCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - std::unordered_set tokenIdList; - int32_t userID = 0; - if (!data.ReadInt32(userID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to read userId."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - int32_t result = this->GetTokenIDByUserID(userID, tokenIdList); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(tokenIdList.size()), "WriteUint32 failed."); - for (const auto& tokenId : tokenIdList) { - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(tokenId), "WriteUint32 failed."); - } -} - -void AccessTokenManagerStub::GetHapTokenInfoInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - HapTokenInfoParcel hapTokenInfoParcel; - AccessTokenID tokenID = data.ReadUint32(); - int result = this->GetHapTokenInfo(tokenID, hapTokenInfoParcel); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&hapTokenInfoParcel), "Write parcel failed."); -} - -void AccessTokenManagerStub::GetHapTokenInfoExtensionInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - HapTokenInfoParcel hapTokenInfoParcel; - std::string appID; - AccessTokenID tokenID = data.ReadUint32(); - int result = this->GetHapTokenInfoExtension(tokenID, hapTokenInfoParcel, appID); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&hapTokenInfoParcel), "Write parcel failed."); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteString(appID), "Write string failed."); -} - -void AccessTokenManagerStub::GetNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d).", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - AccessTokenID tokenID = data.ReadUint32(); - NativeTokenInfoParcel nativeTokenInfoParcel; - int result = this->GetNativeTokenInfo(tokenID, nativeTokenInfoParcel); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&nativeTokenInfoParcel), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::RegisterPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - if (VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - sptr scopeParcel = data.ReadParcelable(); - if (scopeParcel == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read scopeParcel fail"); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - sptr callback = data.ReadRemoteObject(); - if (callback == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read callback fail"); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - int32_t result = this->RegisterPermStateChangeCallback(*scopeParcel, callback); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::UnRegisterPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); - if ((this->GetTokenType(callingToken) == TOKEN_HAP) && (!IsSystemAppCalling())) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - sptr callback = data.ReadRemoteObject(); - if (callback == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read callback fail"); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - int32_t result = this->UnRegisterPermStateChangeCallback(callback); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::RegisterSelfPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); - if (this->GetTokenType(callingTokenID) != TOKEN_HAP) { - LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is not hap."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PARAM_INVALID), "WriteInt32 failed."); - return; - } - sptr scopeParcel = data.ReadParcelable(); - if (scopeParcel == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read scopeParcel fail"); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - sptr callback = data.ReadRemoteObject(); - if (callback == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read callback fail"); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - int32_t result = this->RegisterSelfPermStateChangeCallback(*scopeParcel, callback); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::UnRegisterSelfPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); - if (this->GetTokenType(callingToken) != TOKEN_HAP) { - LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is not hap."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PARAM_INVALID), "WriteInt32 failed."); - return; - } - sptr callback = data.ReadRemoteObject(); - if (callback == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read callback fail"); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - int32_t result = this->UnRegisterSelfPermStateChangeCallback(callback); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -#ifndef ATM_BUILD_VARIANT_USER_ENABLE -void AccessTokenManagerStub::ReloadNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsPrivilegedCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteUint32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - int32_t result = this->ReloadNativeTokenInfo(); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} -#endif - -void AccessTokenManagerStub::GetNativeTokenIdInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(INVALID_TOKENID), "WriteUint32 failed."); - return; - } - std::string processName; - if (!data.ReadString(processName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadString fail, processName=%{public}s", processName.c_str()); - return; - } - AccessTokenID result = this->GetNativeTokenId(processName); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::GetKernelPermissionsInner(MessageParcel& data, MessageParcel& reply) -{ - auto callingToken = IPCSkeleton::GetCallingTokenID(); - if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteUint32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteUint32 failed."); - return; - } - - AccessTokenID tokenID; - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, data.ReadUint32(tokenID), "ReadUint32 failed."); - std::vector kernelPermList; - int32_t result = this->GetKernelPermissions(tokenID, kernelPermList); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(kernelPermList.size()), "WriteUint32 failed."); - for (const auto& perm : kernelPermList) { - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteString(perm.permissionName), "WriteString failed."); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteString(perm.value), "WriteString failed."); - } -} - -void AccessTokenManagerStub::GetReqPermissionByNameInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteUint32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteUint32 failed."); - return; - } - - AccessTokenID tokenID; - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, data.ReadUint32(tokenID), "ReadUint32 failed."); - std::string permissionName; - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, data.ReadString(permissionName), "ReadUint32 failed."); - std::string resultValue; - int32_t result = this->GetReqPermissionByName(tokenID, permissionName, resultValue); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteString(resultValue), "WriteString failed."); -} - -#ifdef TOKEN_SYNC_ENABLE -void AccessTokenManagerStub::GetHapTokenInfoFromRemoteInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsAccessTokenCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - AccessTokenID tokenID = data.ReadUint32(); - HapTokenInfoForSyncParcel hapTokenParcel; - - int result = this->GetHapTokenInfoFromRemote(tokenID, hapTokenParcel); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&hapTokenParcel), "WriteParcelable failed."); -} - -void AccessTokenManagerStub::SetRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsAccessTokenCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - std::string deviceID = data.ReadString(); - sptr hapTokenParcel = data.ReadParcelable(); - if (hapTokenParcel == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "HapTokenParcel read faild"); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - int result = this->SetRemoteHapTokenInfo(deviceID, *hapTokenParcel); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::DeleteRemoteTokenInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsAccessTokenCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - std::string deviceID = data.ReadString(); - AccessTokenID tokenID = data.ReadUint32(); - - int result = this->DeleteRemoteToken(deviceID, tokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::GetRemoteNativeTokenIDInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsAccessTokenCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(INVALID_TOKENID), "WriteInt32 failed."); - return; - } - std::string deviceID = data.ReadString(); - AccessTokenID tokenID = data.ReadUint32(); - - AccessTokenID result = this->GetRemoteNativeTokenID(deviceID, tokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::DeleteRemoteDeviceTokensInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsAccessTokenCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - std::string deviceID = data.ReadString(); - - int result = this->DeleteRemoteDeviceTokens(deviceID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::RegisterTokenSyncCallbackInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsAccessTokenCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied, tokenID=%{public}d", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - - sptr callback = data.ReadRemoteObject(); - if (callback == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Callback read failed."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - int32_t result = this->RegisterTokenSyncCallback(callback); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::UnRegisterTokenSyncCallbackInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsAccessTokenCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied, tokenID=%{public}d", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - - int32_t result = this->UnRegisterTokenSyncCallback(); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} -#endif - -void AccessTokenManagerStub::GetVersionInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); - if ((this->GetTokenType(callingToken) == TOKEN_HAP) && (!IsSystemAppCalling())) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - uint32_t version; - int32_t result = this->GetVersion(version); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(version), "WriteUint32 failed."); -} - -void AccessTokenManagerStub::DumpTokenInfoInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsShellProcessCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - reply.WriteString(""); - return; - } - sptr infoParcel = data.ReadParcelable(); - if (infoParcel == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read infoParcel fail"); - reply.WriteString("read infoParcel fail"); - return; - } - std::string dumpInfo = ""; - this->DumpTokenInfo(*infoParcel, dumpInfo); - if (!reply.SetDataCapacity(DUMP_CAPACITY_SIZE)) { - LOGW(ATM_DOMAIN, ATM_TAG, "SetDataCapacity failed"); - } - if (!reply.WriteString(dumpInfo)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed"); - } -} - -void AccessTokenManagerStub::SetPermDialogCapInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); - if (VerifyAccessToken(callingToken, DISABLE_PERMISSION_DIALOG) == PERMISSION_DENIED) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - - sptr hapBaseInfoParcel = data.ReadParcelable(); - if (hapBaseInfoParcel == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read hapBaseInfoParcel fail"); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - bool enable = data.ReadBool(); - int32_t res = this->SetPermDialogCap(*hapBaseInfoParcel, enable); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(res), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::GetPermissionManagerInfoInner(MessageParcel& data, MessageParcel& reply) -{ - PermissionGrantInfoParcel infoParcel; - this->GetPermissionManagerInfo(infoParcel); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&infoParcel), "WriteParcelable failed."); -} - -void AccessTokenManagerStub::InitUserPolicyInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); - if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - std::vector userList; - std::vector permList; - uint32_t userSize = data.ReadUint32(); - uint32_t permSize = data.ReadUint32(); - if ((userSize > MAX_USER_POLICY_SIZE) || (permSize > MAX_USER_POLICY_SIZE)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Size %{public}u is invalid", userSize); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_OVERSIZE), "WriteParcelable failed."); - return; - } - for (uint32_t i = 0; i < userSize; i++) { - UserState userInfo; - if (!data.ReadInt32(userInfo.userId)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to read userId."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - if (!data.ReadBool(userInfo.isActive)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to read isActive."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - userList.emplace_back(userInfo); - } - for (uint32_t i = 0; i < permSize; i++) { - std::string permission; - if (!data.ReadString(permission)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to read permission."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - permList.emplace_back(permission); - } - int32_t res = this->InitUserPolicy(userList, permList); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(res), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::UpdateUserPolicyInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); - if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - std::vector userList; - uint32_t userSize = data.ReadUint32(); - if (userSize > MAX_USER_POLICY_SIZE) { - LOGE(ATM_DOMAIN, ATM_TAG, "Size %{public}u is invalid", userSize); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(AccessTokenError::ERR_OVERSIZE), "WriteInt32 failed."); - return; - } - for (uint32_t i = 0; i < userSize; i++) { - UserState userInfo; - if (!data.ReadInt32(userInfo.userId)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to read userId."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - if (!data.ReadBool(userInfo.isActive)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to read isActive."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - userList.emplace_back(userInfo); - } - int32_t res = this->UpdateUserPolicy(userList); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(res), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::ClearUserPolicyInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); - if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - - int32_t res = this->ClearUserPolicy(); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(res), "WriteInt32 failed."); -} - -bool AccessTokenManagerStub::IsPrivilegedCalling() const -{ - // shell process is root in debug mode. -#ifndef ATM_BUILD_VARIANT_USER_ENABLE - int32_t callingUid = IPCSkeleton::GetCallingUid(); - return callingUid == ROOT_UID; -#else - return false; -#endif -} - -bool AccessTokenManagerStub::IsAccessTokenCalling() -{ - uint32_t tokenCaller = IPCSkeleton::GetCallingTokenID(); - if (tokenSyncId_ == 0) { - tokenSyncId_ = this->GetNativeTokenId("token_sync_service"); - } - return tokenCaller == tokenSyncId_; -} - -bool AccessTokenManagerStub::IsNativeProcessCalling() -{ - AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); - return this->GetTokenType(tokenCaller) == TOKEN_NATIVE; -} - -bool AccessTokenManagerStub::IsShellProcessCalling() -{ - AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); - return this->GetTokenType(tokenCaller) == TOKEN_SHELL; -} - -bool AccessTokenManagerStub::IsSystemAppCalling() const -{ - uint64_t fullTokenId = IPCSkeleton::GetCallingFullTokenID(); - return TokenIdKit::IsSystemAppByFullTokenID(fullTokenId); -} - -#ifdef TOKEN_SYNC_ENABLE -void AccessTokenManagerStub::SetTokenSyncFuncInMap() -{ - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_HAP_TOKEN_FROM_REMOTE)] = - &AccessTokenManagerStub::GetHapTokenInfoFromRemoteInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::SET_REMOTE_HAP_TOKEN_INFO)] = - &AccessTokenManagerStub::SetRemoteHapTokenInfoInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::DELETE_REMOTE_TOKEN_INFO)] = - &AccessTokenManagerStub::DeleteRemoteTokenInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::DELETE_REMOTE_DEVICE_TOKEN)] = - &AccessTokenManagerStub::DeleteRemoteDeviceTokensInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_NATIVE_REMOTE_TOKEN)] = - &AccessTokenManagerStub::GetRemoteNativeTokenIDInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::REGISTER_TOKEN_SYNC_CALLBACK)] = - &AccessTokenManagerStub::RegisterTokenSyncCallbackInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::UNREGISTER_TOKEN_SYNC_CALLBACK)] = - &AccessTokenManagerStub::UnRegisterTokenSyncCallbackInner; -} -#endif - -void AccessTokenManagerStub::SetLocalTokenOpFuncInMap() -{ - requestFuncMap_[static_cast(AccessTokenInterfaceCode::ALLOC_TOKEN_HAP)] = - &AccessTokenManagerStub::AllocHapTokenInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::INIT_TOKEN_HAP)] = - &AccessTokenManagerStub::InitHapTokenInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::TOKEN_DELETE)] = - &AccessTokenManagerStub::DeleteTokenInfoInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_TOKEN_TYPE)] = - &AccessTokenManagerStub::GetTokenTypeInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_HAP_TOKEN_ID)] = - &AccessTokenManagerStub::GetHapTokenIDInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::ALLOC_LOCAL_TOKEN_ID)] = - &AccessTokenManagerStub::AllocLocalTokenIDInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_NATIVE_TOKENINFO)] = - &AccessTokenManagerStub::GetNativeTokenInfoInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_TOKEN_ID_BY_USER_ID)] = - &AccessTokenManagerStub::GetTokenIDByUserIDInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_HAP_TOKENINFO)] = - &AccessTokenManagerStub::GetHapTokenInfoInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::UPDATE_HAP_TOKEN)] = - &AccessTokenManagerStub::UpdateHapTokenInner; -#ifndef ATM_BUILD_VARIANT_USER_ENABLE - requestFuncMap_[static_cast(AccessTokenInterfaceCode::RELOAD_NATIVE_TOKEN_INFO)] = - &AccessTokenManagerStub::ReloadNativeTokenInfoInner; -#endif - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_NATIVE_TOKEN_ID)] = - &AccessTokenManagerStub::GetNativeTokenIdInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::SET_PERM_DIALOG_CAPABILITY)] = - &AccessTokenManagerStub::SetPermDialogCapInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_PERMISSION_MANAGER_INFO)] = - &AccessTokenManagerStub::GetPermissionManagerInfoInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::INIT_USER_POLICY)] = - &AccessTokenManagerStub::InitUserPolicyInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::UPDATE_USER_POLICY)] = - &AccessTokenManagerStub::UpdateUserPolicyInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::CLEAR_USER_POLICY)] = - &AccessTokenManagerStub::ClearUserPolicyInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_HAP_TOKENINFO_EXT)] = - &AccessTokenManagerStub::GetHapTokenInfoExtensionInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_KERNEL_PERMISSIONS)] = - &AccessTokenManagerStub::GetKernelPermissionsInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_PERMISSION_BY_NAME)] = - &AccessTokenManagerStub::GetReqPermissionByNameInner; -} - -void AccessTokenManagerStub::SetPermissionOpFuncInMap() -{ - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_USER_GRANTED_PERMISSION_USED_TYPE)] = - &AccessTokenManagerStub::GetPermissionUsedTypeInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::VERIFY_ACCESSTOKEN)] = - &AccessTokenManagerStub::VerifyAccessTokenInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::VERIFY_ACCESSTOKEN_WITH_LIST)] = - &AccessTokenManagerStub::VerifyAccessTokenWithListInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_DEF_PERMISSION)] = - &AccessTokenManagerStub::GetDefPermissionInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_REQ_PERMISSIONS)] = - &AccessTokenManagerStub::GetReqPermissionsInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_PERMISSION_FLAG)] = - &AccessTokenManagerStub::GetPermissionFlagInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GRANT_PERMISSION)] = - &AccessTokenManagerStub::GrantPermissionInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::REVOKE_PERMISSION)] = - &AccessTokenManagerStub::RevokePermissionInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GRANT_PERMISSION_FOR_SPECIFIEDTIME)] = - &AccessTokenManagerStub::GrantPermissionForSpecifiedTimeInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::CLEAR_USER_GRANT_PERMISSION)] = - &AccessTokenManagerStub::ClearUserGrantedPermissionStateInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_PERMISSION_OPER_STATE)] = - &AccessTokenManagerStub::GetSelfPermissionsStateInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_PERMISSIONS_STATUS)] = - &AccessTokenManagerStub::GetPermissionsStatusInner; - requestFuncMap_[ - static_cast(AccessTokenInterfaceCode::REGISTER_PERM_STATE_CHANGE_CALLBACK)] = - &AccessTokenManagerStub::RegisterPermStateChangeCallbackInner; - requestFuncMap_[ - static_cast(AccessTokenInterfaceCode::UNREGISTER_PERM_STATE_CHANGE_CALLBACK)] = - &AccessTokenManagerStub::UnRegisterPermStateChangeCallbackInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::DUMP_TOKENINFO)] = - &AccessTokenManagerStub::DumpTokenInfoInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_VERSION)] = - &AccessTokenManagerStub::GetVersionInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::SET_PERMISSION_REQUEST_TOGGLE_STATUS)] = - &AccessTokenManagerStub::SetPermissionRequestToggleStatusInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_PERMISSION_REQUEST_TOGGLE_STATUS)] = - &AccessTokenManagerStub::GetPermissionRequestToggleStatusInner; - requestFuncMap_[ - static_cast(AccessTokenInterfaceCode::REGISTER_SELF_PERM_STATE_CHANGE_CALLBACK)] = - &AccessTokenManagerStub::RegisterSelfPermStateChangeCallbackInner; - requestFuncMap_[ - static_cast(AccessTokenInterfaceCode::UNREGISTER_SELF_PERM_STATE_CHANGE_CALLBACK)] = - &AccessTokenManagerStub::UnRegisterSelfPermStateChangeCallbackInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::REQUEST_APP_PERM_ON_SETTING)] = - &AccessTokenManagerStub::RequestAppPermOnSettingInner; -} - -AccessTokenManagerStub::AccessTokenManagerStub() -{ - SetPermissionOpFuncInMap(); - SetLocalTokenOpFuncInMap(); -#ifdef TOKEN_SYNC_ENABLE - SetTokenSyncFuncInMap(); -#endif -} - -AccessTokenManagerStub::~AccessTokenManagerStub() -{ - requestFuncMap_.clear(); -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS diff --git a/services/accesstokenmanager/test/coverage/BUILD.gn b/services/accesstokenmanager/test/coverage/BUILD.gn index 15c858e9c3fd3f323d05f25944b7dcf6cb3ac648..19e90844ca69c6856237bb456df6a06975e6e081 100644 --- a/services/accesstokenmanager/test/coverage/BUILD.gn +++ b/services/accesstokenmanager/test/coverage/BUILD.gn @@ -36,7 +36,6 @@ accesstoken_manager_service_source = [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp", @@ -88,7 +87,10 @@ ohos_unittest("libaccesstoken_manager_service_coverage_test") { cflags_cc = [ "-DHILOG_ENABLE" ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] deps = [ "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", @@ -99,6 +101,7 @@ ohos_unittest("libaccesstoken_manager_service_coverage_test") { "${access_token_path}/interfaces/innerkits/privacy:libprivacy_sdk", "${access_token_path}/interfaces/innerkits/token_setproc:libperm_setproc", "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_stub", "${access_token_path}/services/common:accesstoken_service_common", ] diff --git a/services/accesstokenmanager/test/mock/BUILD.gn b/services/accesstokenmanager/test/mock/BUILD.gn index f52d369b6fbc762b7c5dea80f3645840755977ac..306bad286d2cc276612fe333ec39cd5a8ef67f11 100644 --- a/services/accesstokenmanager/test/mock/BUILD.gn +++ b/services/accesstokenmanager/test/mock/BUILD.gn @@ -36,7 +36,6 @@ accesstoken_manager_service_source = [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp", @@ -89,7 +88,10 @@ ohos_unittest("libpermission_manager_mock_test") { cflags_cc = [ "-DHILOG_ENABLE" ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] deps = [ "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", @@ -100,6 +102,7 @@ ohos_unittest("libpermission_manager_mock_test") { "${access_token_path}/interfaces/innerkits/privacy:libprivacy_sdk", "${access_token_path}/interfaces/innerkits/token_setproc:libperm_setproc", "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_stub", "${access_token_path}/services/common:accesstoken_service_common", ] diff --git a/services/accesstokenmanager/test/unittest/BUILD.gn b/services/accesstokenmanager/test/unittest/BUILD.gn index 812c0a2a1915dbd31d4f2c30d63e29cae4f56407..f2866ef0dc37627ef94f5eb3478e2b2cd9590833 100644 --- a/services/accesstokenmanager/test/unittest/BUILD.gn +++ b/services/accesstokenmanager/test/unittest/BUILD.gn @@ -36,7 +36,6 @@ accesstoken_manager_service_source = [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp", @@ -102,7 +101,10 @@ ohos_unittest("libaccesstoken_manager_service_standard_test") { sources += [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/dlp_permission_set_manager.cpp" ] } - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] deps = [ "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", @@ -113,6 +115,7 @@ ohos_unittest("libaccesstoken_manager_service_standard_test") { "${access_token_path}/interfaces/innerkits/privacy:libprivacy_sdk", "${access_token_path}/interfaces/innerkits/token_setproc:libperm_setproc", "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_stub", "${access_token_path}/services/common:accesstoken_service_common", ] diff --git a/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp b/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp index 0c7fb6a317c691dd5bda855caaeb59aaf2c2e0ac..a519fd13223006645284aebdc7482619ce0caaa5 100644 --- a/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp +++ b/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp @@ -35,6 +35,7 @@ #include "permission_validator.h" #include "string_ex.h" #include "token_setproc.h" +#include "system_ability_definition.h" using namespace testing::ext; using namespace OHOS; @@ -48,6 +49,7 @@ static constexpr int USER_ID = 100; static constexpr int INST_INDEX = 0; static constexpr int32_t MAX_EXTENDED_MAP_SIZE = 512; static constexpr int32_t MAX_VALUE_LENGTH = 1024; +static AccessTokenID g_selfTokenId = 0; static PermissionDef g_infoManagerTestPermDef1 = { .permissionName = "open the door", .bundleName = "accesstoken_test", @@ -107,6 +109,7 @@ static PermissionStatus g_permState = { }; #ifdef TOKEN_SYNC_ENABLE +static uint32_t tokenSyncId_ = 0; static const int32_t FAKE_SYNC_RET = 0xabcdef; class TokenSyncCallbackMock : public TokenSyncCallbackStub { public: @@ -122,12 +125,14 @@ public: void AccessTokenInfoManagerTest::SetUpTestCase() { + g_selfTokenId = GetSelfTokenID(); AccessTokenInfoManager::GetInstance().Init(); } void AccessTokenInfoManagerTest::TearDownTestCase() { sleep(3); // delay 3 minutes + SetSelfTokenID(g_selfTokenId); } void AccessTokenInfoManagerTest::SetUp() @@ -387,9 +392,10 @@ HWTEST_F(AccessTokenInfoManagerTest, InitHapToken001, TestSize.Level1) HapPolicyParcel hapPolicyParcel; hapPolicyParcel.hapPolicy.apl = ATokenAplEnum::APL_NORMAL; hapPolicyParcel.hapPolicy.domain = "test.domain"; - AccessTokenIDEx tokenIdEx; - HapInfoCheckResult result; - ASSERT_EQ(ERR_PARAM_INVALID, atManagerService_->InitHapToken(hapinfoParcel, hapPolicyParcel, tokenIdEx, result)); + uint64_t fullTokenId; + HapInfoCheckResultIdl result; + ASSERT_EQ(ERR_PARAM_INVALID, + atManagerService_->InitHapToken(hapinfoParcel, hapPolicyParcel, fullTokenId, result)); } /** @@ -413,10 +419,10 @@ HWTEST_F(AccessTokenInfoManagerTest, InitHapToken002, TestSize.Level1) HapPolicyParcel hapPolicyParcel; hapPolicyParcel.hapPolicy.apl = ATokenAplEnum::APL_NORMAL; hapPolicyParcel.hapPolicy.domain = "test.domain"; - AccessTokenIDEx tokenIdEx; - HapInfoCheckResult result; + uint64_t fullTokenId; + HapInfoCheckResultIdl result; ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, - atManagerService_->InitHapToken(hapinfoParcel, hapPolicyParcel, tokenIdEx, result)); + atManagerService_->InitHapToken(hapinfoParcel, hapPolicyParcel, fullTokenId, result)); } /** @@ -454,18 +460,29 @@ HWTEST_F(AccessTokenInfoManagerTest, InitHapToken003, TestSize.Level1) .permList = {}, .permStateList = { permissionStateA, permissionStateB } }; - AccessTokenIDEx fullTokenId = {0}; + uint64_t fullTokenId;; + HapInfoCheckResultIdl resultInfoIdl; HapInfoCheckResult result; - ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, atManagerService_->InitHapToken(info, policy, fullTokenId, result)); + ASSERT_EQ(0, + atManagerService_->InitHapToken(info, policy, fullTokenId, resultInfoIdl)); + + PermissionInfoCheckResult permCheckResult; + permCheckResult.permissionName = resultInfoIdl.permissionName; + int32_t rule = static_cast(resultInfoIdl.rule); + permCheckResult.rule = PermissionRulesEnum(rule); + result.permCheckResult = permCheckResult; ASSERT_EQ(result.permCheckResult.permissionName, "ohos.permission.GET_ALL_APP_ACCOUNTS"); ASSERT_EQ(result.permCheckResult.rule, PERMISSION_ACL_RULE); permissionStateA.permissionName = "ohos.permission.ENTERPRISE_MANAGE_SETTINGS"; policy.hapPolicy.aclRequestedList = { "ohos.permission.ENTERPRISE_MANAGE_SETTINGS" }; policy.hapPolicy.permStateList = { permissionStateA, permissionStateB }; - ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, atManagerService_->InitHapToken(info, policy, fullTokenId, result)); - ASSERT_EQ(result.permCheckResult.permissionName, "ohos.permission.ENTERPRISE_MANAGE_SETTINGS"); - ASSERT_EQ(result.permCheckResult.rule, PERMISSION_EDM_RULE); + ASSERT_EQ(0, + atManagerService_->InitHapToken(info, policy, fullTokenId, resultInfoIdl)); + + ASSERT_EQ(resultInfoIdl.permissionName, "ohos.permission.ENTERPRISE_MANAGE_SETTINGS"); + rule = static_cast(resultInfoIdl.rule); + ASSERT_EQ(PermissionRulesEnum(rule), PERMISSION_EDM_RULE); } static void GetHapParams(HapInfoParams& infoParams, HapPolicy& policyParams) @@ -514,8 +531,8 @@ HWTEST_F(AccessTokenInfoManagerTest, InitHapToken004, TestSize.Level1) HapPolicyParcel policy; GetHapParams(info.hapInfoParameter, policy.hapPolicy); - AccessTokenIDEx fullTokenId; - HapInfoCheckResult result; + uint64_t fullTokenId;; + HapInfoCheckResultIdl result; int32_t ret = atManagerService_->InitHapToken(info, policy, fullTokenId, result); ASSERT_EQ(RET_SUCCESS, ret); @@ -529,12 +546,14 @@ HWTEST_F(AccessTokenInfoManagerTest, InitHapToken004, TestSize.Level1) std::to_string(MAX_EXTENDED_MAP_SIZE - 1); ret = atManagerService_->InitHapToken(info, policy, fullTokenId, result); ASSERT_EQ(RET_SUCCESS, ret); + AccessTokenIDEx tokenIDEx = {fullTokenId}; + AccessTokenID tokenID = tokenIDEx.tokenIdExStruct.tokenID; policy.hapPolicy.aclExtendedMap[std::to_string(MAX_EXTENDED_MAP_SIZE)] = std::to_string(MAX_EXTENDED_MAP_SIZE); ret = atManagerService_->InitHapToken(info, policy, fullTokenId, result); ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); - AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ret = atManagerService_->DeleteToken(tokenID); EXPECT_EQ(RET_SUCCESS, ret); } @@ -551,8 +570,8 @@ HWTEST_F(AccessTokenInfoManagerTest, InitHapToken005, TestSize.Level1) HapPolicyParcel policy; GetHapParams(info.hapInfoParameter, policy.hapPolicy); - AccessTokenIDEx fullTokenId; - HapInfoCheckResult result; + uint64_t fullTokenId; + HapInfoCheckResultIdl result; policy.hapPolicy.aclExtendedMap["ohos.permission.ACCESS_CERT_MANAGER"] = ""; int32_t ret = atManagerService_->InitHapToken(info, policy, fullTokenId, result); ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); @@ -566,12 +585,13 @@ HWTEST_F(AccessTokenInfoManagerTest, InitHapToken005, TestSize.Level1) policy.hapPolicy.aclExtendedMap["ohos.permission.ACCESS_CERT_MANAGER"] = testValue; ret = atManagerService_->InitHapToken(info, policy, fullTokenId, result); ASSERT_EQ(RET_SUCCESS, ret); + AccessTokenIDEx tokenIDEx = {fullTokenId}; + AccessTokenID tokenID = tokenIDEx.tokenIdExStruct.tokenID; testValue.push_back('1'); policy.hapPolicy.aclExtendedMap["ohos.permission.ACCESS_CERT_MANAGER"] = testValue; ret = atManagerService_->InitHapToken(info, policy, fullTokenId, result); ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); - AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; ret = atManagerService_->DeleteToken(tokenID); EXPECT_EQ(RET_SUCCESS, ret); @@ -588,14 +608,14 @@ HWTEST_F(AccessTokenInfoManagerTest, InitHapToken006, TestSize.Level1) HapInfoParcel info; HapPolicyParcel policy; GetHapParams(info.hapInfoParameter, policy.hapPolicy); - AccessTokenIDEx fullTokenId; - HapInfoCheckResult result; + uint64_t fullTokenId; + HapInfoCheckResultIdl result; TestPrepareKernelPermissionStatus(policy.hapPolicy); ASSERT_EQ(RET_SUCCESS, atManagerService_->InitHapToken(info, policy, fullTokenId, result)); - AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + AccessTokenID tokenID = static_cast(fullTokenId); - std::vector kernelPermList; + std::vector kernelPermList; EXPECT_EQ(RET_SUCCESS, atManagerService_->GetKernelPermissions(tokenID, kernelPermList)); EXPECT_EQ(1, kernelPermList.size()); @@ -624,15 +644,15 @@ HWTEST_F(AccessTokenInfoManagerTest, InitHapToken007, TestSize.Level1) HapInfoParcel info; HapPolicyParcel policy; GetHapParams(info.hapInfoParameter, policy.hapPolicy); - AccessTokenIDEx fullTokenId; - HapInfoCheckResult result; + uint64_t fullTokenId; + HapInfoCheckResultIdl result; TestPrepareKernelPermissionStatus(policy.hapPolicy); policy.hapPolicy.aclExtendedMap.erase("ohos.permission.KERNEL_ATM_SELF_USE"); ASSERT_EQ(RET_SUCCESS, atManagerService_->InitHapToken(info, policy, fullTokenId, result)); - AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + AccessTokenID tokenID = static_cast(fullTokenId); - std::vector kernelPermList; + std::vector kernelPermList; EXPECT_EQ(RET_SUCCESS, atManagerService_->GetKernelPermissions(tokenID, kernelPermList)); EXPECT_EQ(1, kernelPermList.size()); @@ -850,15 +870,15 @@ HWTEST_F(AccessTokenInfoManagerTest, UpdateHapToken004, TestSize.Level1) HapInfoParcel info; HapPolicyParcel policy; GetHapParams(info.hapInfoParameter, policy.hapPolicy); - AccessTokenIDEx fullTokenId; - HapInfoCheckResult result; + uint64_t fullTokenId; + HapInfoCheckResultIdl result; TestPrepareKernelPermissionStatus(policy.hapPolicy); ASSERT_EQ(RET_SUCCESS, atManagerService_->InitHapToken(info, policy, fullTokenId, result)); - AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + AccessTokenID tokenID = static_cast(fullTokenId); policy.hapPolicy.aclExtendedMap["ohos.permission.KERNEL_ATM_SELF_USE"] = "1"; // modified value - UpdateHapInfoParams updateInfoParams = { + UpdateHapInfoParamsIdl updateInfoParams = { .appIDDesc = "AccessTokenTestAppID", .apiVersion = DEFAULT_API_VERSION, .isSystemApp = true, @@ -866,7 +886,7 @@ HWTEST_F(AccessTokenInfoManagerTest, UpdateHapToken004, TestSize.Level1) }; EXPECT_EQ(RET_SUCCESS, atManagerService_->UpdateHapToken(fullTokenId, updateInfoParams, policy, result)); - std::vector kernelPermList; + std::vector kernelPermList; EXPECT_EQ(RET_SUCCESS, atManagerService_->GetKernelPermissions(tokenID, kernelPermList)); EXPECT_EQ(1, kernelPermList.size()); @@ -1117,6 +1137,15 @@ HWTEST_F(AccessTokenInfoManagerTest, NotifyTokenSyncTask001, TestSize.Level1) TokenModifyNotifier::GetInstance().modifiedTokenList_ = modifiedTokenList; // recovery } +void setPermission() +{ + setuid(0); + if (tokenSyncId_ == 0) { + tokenSyncId_ = AccessTokenInfoManager::GetInstance().GetNativeTokenId("token_sync_service"); + } + SetSelfTokenID(tokenSyncId_); +} + /** * @tc.name: RegisterTokenSyncCallback001 * @tc.desc: TokenModifyNotifier::RegisterTokenSyncCallback function test @@ -1125,7 +1154,7 @@ HWTEST_F(AccessTokenInfoManagerTest, NotifyTokenSyncTask001, TestSize.Level1) */ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenSyncCallback001, TestSize.Level1) { - setuid(3020); + setPermission(); sptr callback = new (std::nothrow) TokenSyncCallbackMock(); ASSERT_NE(nullptr, callback); EXPECT_EQ(RET_SUCCESS, @@ -1133,6 +1162,7 @@ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenSyncCallback001, TestSize.Leve EXPECT_NE(nullptr, TokenModifyNotifier::GetInstance().tokenSyncCallbackObject_); EXPECT_NE(nullptr, TokenModifyNotifier::GetInstance().tokenSyncCallbackDeathRecipient_); + setuid(3020); EXPECT_CALL(*callback, GetRemoteHapTokenInfo(testing::_, testing::_)).WillOnce(testing::Return(FAKE_SYNC_RET)); EXPECT_EQ(FAKE_SYNC_RET, TokenModifyNotifier::GetInstance().tokenSyncCallbackObject_->GetRemoteHapTokenInfo("", 0)); @@ -1143,6 +1173,7 @@ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenSyncCallback001, TestSize.Leve EXPECT_CALL(*callback, UpdateRemoteHapTokenInfo(testing::_)).WillOnce(testing::Return(FAKE_SYNC_RET)); EXPECT_EQ(FAKE_SYNC_RET, TokenModifyNotifier::GetInstance().tokenSyncCallbackObject_->UpdateRemoteHapTokenInfo(tokenInfo)); + setPermission(); EXPECT_EQ(RET_SUCCESS, atManagerService_->UnRegisterTokenSyncCallback()); EXPECT_EQ(nullptr, TokenModifyNotifier::GetInstance().tokenSyncCallbackObject_); @@ -1158,12 +1189,13 @@ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenSyncCallback001, TestSize.Leve */ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenSyncCallback002, TestSize.Level1) { - setuid(3020); + setPermission(); sptr callback = new (std::nothrow) TokenSyncCallbackMock(); ASSERT_NE(nullptr, callback); EXPECT_EQ(RET_SUCCESS, atManagerService_->RegisterTokenSyncCallback(callback->AsObject())); EXPECT_NE(nullptr, TokenModifyNotifier::GetInstance().tokenSyncCallbackObject_); + setuid(3020); EXPECT_CALL(*callback, GetRemoteHapTokenInfo(testing::_, testing::_)) .WillOnce(testing::Return(FAKE_SYNC_RET)); EXPECT_EQ(FAKE_SYNC_RET, TokenModifyNotifier::GetInstance().GetRemoteHapTokenInfo("", 0)); @@ -1199,6 +1231,7 @@ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenSyncCallback002, TestSize.Leve TokenModifyNotifier::GetInstance().modifiedTokenList_ = modifiedTokenList; // recovery TokenModifyNotifier::GetInstance().deleteTokenList_ = deleteTokenList; + setPermission(); EXPECT_EQ(RET_SUCCESS, atManagerService_->UnRegisterTokenSyncCallback()); setuid(0); @@ -1212,10 +1245,11 @@ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenSyncCallback002, TestSize.Leve */ HWTEST_F(AccessTokenInfoManagerTest, GetRemoteHapTokenInfo001, TestSize.Level1) { - setuid(3020); + setPermission(); sptr callback = new (std::nothrow) TokenSyncCallbackMock(); ASSERT_NE(nullptr, callback); EXPECT_EQ(RET_SUCCESS, atManagerService_->RegisterTokenSyncCallback(callback->AsObject())); + setuid(3020); EXPECT_CALL(*callback, GetRemoteHapTokenInfo(testing::_, testing::_)) .WillOnce(testing::Return(FAKE_SYNC_RET)); EXPECT_EQ(FAKE_SYNC_RET, TokenModifyNotifier::GetInstance() @@ -1225,6 +1259,7 @@ HWTEST_F(AccessTokenInfoManagerTest, GetRemoteHapTokenInfo001, TestSize.Level1) .WillOnce(testing::Return(TOKEN_SYNC_OPENSOURCE_DEVICE)); EXPECT_EQ(TOKEN_SYNC_IPC_ERROR, TokenModifyNotifier::GetInstance() .GetRemoteHapTokenInfo("invalid_id", 0)); // this is a test input + setPermission(); EXPECT_EQ(RET_SUCCESS, atManagerService_->UnRegisterTokenSyncCallback()); setuid(0); @@ -2081,8 +2116,9 @@ HWTEST_F(AccessTokenInfoManagerTest, AllocHapToken001, TestSize.Level1) hapPolicyParcel.hapPolicy.apl = ATokenAplEnum::APL_NORMAL; hapPolicyParcel.hapPolicy.domain = "test.domain"; - AccessTokenIDEx tokenIDEx = atManagerService_->AllocHapToken(hapinfoParcel, hapPolicyParcel); - ASSERT_EQ(INVALID_TOKENID, tokenIDEx.tokenIDEx); + uint64_t tokenIDEx; + atManagerService_->AllocHapToken(hapinfoParcel, hapPolicyParcel, tokenIDEx); + ASSERT_EQ(INVALID_TOKENID, tokenIDEx); } /** @@ -2132,34 +2168,6 @@ HWTEST_F(AccessTokenInfoManagerTest, Dlopen002, TestSize.Level1) } #endif -/** - * @tc.name: OnRemoteRequest001 - * @tc.desc: Test OnRemoteRequest - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenInfoManagerTest, OnRemoteRequest001, TestSize.Level1) -{ - uint32_t code = 0; - MessageParcel data; - MessageParcel reply; - MessageOption option; - data.WriteInterfaceToken(u"this is a test interface"); - EXPECT_EQ(ERROR_IPC_REQUEST_FAIL, atManagerService_->OnRemoteRequest(code, data, reply, option)); - - std::map oldMap = atManagerService_->requestFuncMap_; - atManagerService_->requestFuncMap_.clear(); - atManagerService_->requestFuncMap_[1] = nullptr; - - data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); - EXPECT_NE(NO_ERROR, atManagerService_->OnRemoteRequest(code, data, reply, option)); - - data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); - EXPECT_NE(NO_ERROR, atManagerService_->OnRemoteRequest(1, data, reply, option)); - - atManagerService_->requestFuncMap_ = oldMap; -} - /** * @tc.name: VerifyNativeAccessToken001 * @tc.desc: AccessTokenInfoManagerTest::VerifyNativeAccessToken function test @@ -2367,4 +2375,4 @@ HWTEST_F(AccessTokenInfoManagerTest, GetPermissionRequestToggleStatus002, TestSi } } // namespace AccessToken } // namespace Security -} // namespace OHOS +} // namespace OHOS \ No newline at end of file diff --git a/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni b/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni index e48ac73d97a4ec3ac926316416cea23a4cbb56cf..c0406e4aab42524368d931ffa172497a0b68ae49 100644 --- a/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni +++ b/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -56,6 +56,7 @@ access_token_deps = [ "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", "${access_token_path}/services/accesstokenmanager:access_token.rc", "${access_token_path}/services/accesstokenmanager/etc:param_files", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_stub", "${access_token_path}/services/common:accesstoken_service_common", "${access_token_path}/services/common/json_parse:accesstoken_cjson_utils", ] @@ -100,7 +101,6 @@ access_token_sources = [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/short_grant_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp", diff --git a/test/fuzztest/services/accesstoken/allochaptokenstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/allochaptokenstub_fuzzer/BUILD.gn index 72c33dd1538932bc77bf79c8deb6faa49be13624..0f649acb5c9e19b4c98db0dc279b6e28cb662d7b 100644 --- a/test/fuzztest/services/accesstoken/allochaptokenstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/allochaptokenstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("AllocHapTokenStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/allochaptokenstub_fuzzer/allochaptokenstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/allochaptokenstub_fuzzer/allochaptokenstub_fuzzer.cpp index 15da22d9aecf7f7a433a461a56de1e9006523ed7..0125f79fb1d158a15da7929bc589f23abbb4f50e 100644 --- a/test/fuzztest/services/accesstoken/allochaptokenstub_fuzzer/allochaptokenstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/allochaptokenstub_fuzzer/allochaptokenstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023-2024 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -24,7 +24,7 @@ #undef private #include "accesstoken_manager_service.h" #include "hap_info_parcel.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -93,7 +93,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::ALLOC_TOKEN_HAP); + IAccessTokenManagerIpcCode::COMMAND_ALLOC_HAP_TOKEN); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/alloclocaltokenidstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/alloclocaltokenidstub_fuzzer/BUILD.gn index 16c34223efd86b6027ff11074f406a92569c2954..935dc5a39606ca631a3716f353ebc32913b7c118 100644 --- a/test/fuzztest/services/accesstoken/alloclocaltokenidstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/alloclocaltokenidstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("AllocLocalTokenIDStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/alloclocaltokenidstub_fuzzer/alloclocaltokenidstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/alloclocaltokenidstub_fuzzer/alloclocaltokenidstub_fuzzer.cpp index afca023e194c3574d01d56261c9f14892046d9df..79e4f2c43b9424d965a4d07ac95dc9167365a4b9 100644 --- a/test/fuzztest/services/accesstoken/alloclocaltokenidstub_fuzzer/alloclocaltokenidstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/alloclocaltokenidstub_fuzzer/alloclocaltokenidstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #include "accesstoken_fuzzdata.h" #undef private #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -48,7 +48,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::ALLOC_LOCAL_TOKEN_ID); + IAccessTokenManagerIpcCode::COMMAND_ALLOC_LOCAL_TOKEN_I_D); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/clearusergrantedpermissionstatestub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/clearusergrantedpermissionstatestub_fuzzer/BUILD.gn index 8e0863d3bf64db66ec16a10a40eb6b2257c0dedc..c7a63b3a1d1ead416bf7288452a1c9d350b16412 100644 --- a/test/fuzztest/services/accesstoken/clearusergrantedpermissionstatestub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/clearusergrantedpermissionstatestub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("ClearUserGrantedPermissionStateStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/clearusergrantedpermissionstatestub_fuzzer/clearusergrantedpermissionstatestub_fuzzer.cpp b/test/fuzztest/services/accesstoken/clearusergrantedpermissionstatestub_fuzzer/clearusergrantedpermissionstatestub_fuzzer.cpp index 74b20b9536af374e0a4de7d7428984ef9c8230c2..6d0865fe8d009e5896b11b9a8a8a706c9898094f 100644 --- a/test/fuzztest/services/accesstoken/clearusergrantedpermissionstatestub_fuzzer/clearusergrantedpermissionstatestub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/clearusergrantedpermissionstatestub_fuzzer/clearusergrantedpermissionstatestub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #include "accesstoken_fuzzdata.h" #undef private #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -46,7 +46,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::CLEAR_USER_GRANT_PERMISSION); + IAccessTokenManagerIpcCode::COMMAND_CLEAR_USER_GRANTED_PERMISSION_STATE); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/BUILD.gn index 03a4a1ceb2f7a5dec93427e71b6f6dd1e4d34019..8c7329171e7197f47def039be140259abd259991 100644 --- a/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("DeleteRemoteDeviceTokensStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/deleteremotedevicetokensstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/deleteremotedevicetokensstub_fuzzer.cpp index cd02f2da0bcae6cb5ea89da5fee57793b417bc00..ac5977c12380e1ba2ffa446d415dee5d6eb59731 100644 --- a/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/deleteremotedevicetokensstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/deleteremotedevicetokensstub_fuzzer.cpp @@ -23,7 +23,7 @@ #include "accesstoken_info_manager.h" #include "accesstoken_kit.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" #include "token_setproc.h" using namespace std; @@ -50,7 +50,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::DELETE_REMOTE_DEVICE_TOKEN); + IAccessTokenManagerIpcCode::COMMAND_DELETE_REMOTE_DEVICE_TOKENS); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/BUILD.gn index 9985da7f89581a0ef03509da721cabb08c22780e..f3b5fd118d49782ed36d1b841dbdbc3ec3221a8a 100644 --- a/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("DeleteRemoteTokenStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/deleteremotetokenstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/deleteremotetokenstub_fuzzer.cpp index 86ef252ac2bf449ecb1906e048655decae7fee26..b9f55622a41abcde3749fc1059236d3b9a42d7a5 100644 --- a/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/deleteremotetokenstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/deleteremotetokenstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #include "accesstoken_info_manager.h" #include "accesstoken_kit.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" #include "token_setproc.h" using namespace std; @@ -54,7 +54,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::DELETE_REMOTE_TOKEN_INFO); + IAccessTokenManagerIpcCode::COMMAND_DELETE_REMOTE_TOKEN); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/deletetokenstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/deletetokenstub_fuzzer/BUILD.gn index f64cc370ef3958938468e4e73bbb06c99088d2bf..5063db50f21b075c8f5163d3aad133a1b51cfe77 100644 --- a/test/fuzztest/services/accesstoken/deletetokenstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/deletetokenstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("DeleteTokenStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/deletetokenstub_fuzzer/deletetokenstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/deletetokenstub_fuzzer/deletetokenstub_fuzzer.cpp index 2048eeedce20d301f1dd10de65d64c6b20ca7b0c..80d797a4f5d812ec739de3cf54d8769e99e42d0b 100644 --- a/test/fuzztest/services/accesstoken/deletetokenstub_fuzzer/deletetokenstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/deletetokenstub_fuzzer/deletetokenstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #include "accesstoken_fuzzdata.h" #undef private #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -47,7 +47,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::TOKEN_DELETE); + IAccessTokenManagerIpcCode::COMMAND_DELETE_TOKEN); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/dumptokeninfostub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/dumptokeninfostub_fuzzer/BUILD.gn index c2446867e34138d6eb6fc48e8fbb184294870bf9..b06825841e8c77a77abbd417998acf60393cd525 100644 --- a/test/fuzztest/services/accesstoken/dumptokeninfostub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/dumptokeninfostub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("DumpTokenInfoStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/dumptokeninfostub_fuzzer/dumptokeninfostub_fuzzer.cpp b/test/fuzztest/services/accesstoken/dumptokeninfostub_fuzzer/dumptokeninfostub_fuzzer.cpp index b60d7399638346d48f1b66873d7a0a6afade1c57..96e30a5026d8c225900e8a30e0f2d628594088a9 100644 --- a/test/fuzztest/services/accesstoken/dumptokeninfostub_fuzzer/dumptokeninfostub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/dumptokeninfostub_fuzzer/dumptokeninfostub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #include "accesstoken_fuzzdata.h" #undef private #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -43,7 +43,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::DUMP_TOKENINFO); + IAccessTokenManagerIpcCode::COMMAND_DUMP_TOKEN_INFO); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/getdefpermissionstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getdefpermissionstub_fuzzer/BUILD.gn index ded95af835e952c36675ea146e57ae02bc33b4c6..3cd1c415b908766cf31bfaa293b719ca5f05ffae 100644 --- a/test/fuzztest/services/accesstoken/getdefpermissionstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getdefpermissionstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetDefPermissionStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getdefpermissionstub_fuzzer/getdefpermissionstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getdefpermissionstub_fuzzer/getdefpermissionstub_fuzzer.cpp index f16a5736629b4e13fc253191cea83f4c5321538f..5be9fb45eb812b030d74eca9c080bcc1f990f25f 100644 --- a/test/fuzztest/services/accesstoken/getdefpermissionstub_fuzzer/getdefpermissionstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getdefpermissionstub_fuzzer/getdefpermissionstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #include "accesstoken_fuzzdata.h" #undef private #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" #include "permission_def_parcel.h" using namespace std; @@ -45,7 +45,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_DEF_PERMISSION); + IAccessTokenManagerIpcCode::COMMAND_GET_DEF_PERMISSION); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/gethaptokenidstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/gethaptokenidstub_fuzzer/BUILD.gn index feff7b531501d6976882ef0859152f37ac82cb72..5f964f2ef15d85c1780db1994c677c370c9a9cc5 100644 --- a/test/fuzztest/services/accesstoken/gethaptokenidstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/gethaptokenidstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetHapTokenIDStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/gethaptokenidstub_fuzzer/gethaptokenidstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/gethaptokenidstub_fuzzer/gethaptokenidstub_fuzzer.cpp index c2e0560eee018d51665fa1917f963227e151de2d..39c8c5fff819fd9dc0cd8ea975b1f7438617f099 100644 --- a/test/fuzztest/services/accesstoken/gethaptokenidstub_fuzzer/gethaptokenidstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/gethaptokenidstub_fuzzer/gethaptokenidstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #include "accesstoken_fuzzdata.h" #undef private #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -51,7 +51,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_HAP_TOKEN_ID); + IAccessTokenManagerIpcCode::COMMAND_GET_HAP_TOKEN_I_D); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/gethaptokeninfoextstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/gethaptokeninfoextstub_fuzzer/BUILD.gn index 96c90b59db1084e3ffab3ae2ebb033a5cc00c9b7..1fb85c364cbf13fa35b7bc1a1a0443fe0c2288ed 100644 --- a/test/fuzztest/services/accesstoken/gethaptokeninfoextstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/gethaptokeninfoextstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetHapTokenInfoExtStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/gethaptokeninfoextstub_fuzzer/gethaptokeninfoextstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/gethaptokeninfoextstub_fuzzer/gethaptokeninfoextstub_fuzzer.cpp index 2f2c8dfc706cb2d0e9cd194697181658af504c54..1f6b07eb3201176dc2e58833f051ddcd3f678ad1 100644 --- a/test/fuzztest/services/accesstoken/gethaptokeninfoextstub_fuzzer/gethaptokeninfoextstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/gethaptokeninfoextstub_fuzzer/gethaptokeninfoextstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -24,7 +24,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" #include "permission_def_parcel.h" #include "accesstoken_kit.h" #include "access_token.h" @@ -134,7 +134,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_HAP_TOKENINFO_EXT); + IAccessTokenManagerIpcCode::COMMAND_GET_HAP_TOKEN_INFO_EXTENSION); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/BUILD.gn index 6cebda6d47d62bdc158c0599ca974e0fa08375d7..534f9be569fd8eea0ba21433b485c33591a1c43f 100644 --- a/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetHapTokenInfoFromRemoteStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/gethaptokeninfofromremotestub_fuzzer.cpp b/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/gethaptokeninfofromremotestub_fuzzer.cpp index 747adab6e8572712cb91c810f0b86561e5d6721b..98b432e1aac79417ad9848bf9e3c4c8adc194d71 100644 --- a/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/gethaptokeninfofromremotestub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/gethaptokeninfofromremotestub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #include "accesstoken_info_manager.h" #include "accesstoken_kit.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" #include "token_setproc.h" using namespace std; @@ -49,7 +49,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_HAP_TOKEN_FROM_REMOTE); + IAccessTokenManagerIpcCode::COMMAND_GET_HAP_TOKEN_INFO_FROM_REMOTE); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/gethaptokeninfostub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/gethaptokeninfostub_fuzzer/BUILD.gn index 3780e4e29bb6abd2133078547cda3472a6e18020..5b17d73ebc2f3ef33f09bf47fc44614d617daf37 100644 --- a/test/fuzztest/services/accesstoken/gethaptokeninfostub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/gethaptokeninfostub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetHapTokenInfoStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/gethaptokeninfostub_fuzzer/gethaptokeninfostub_fuzzer.cpp b/test/fuzztest/services/accesstoken/gethaptokeninfostub_fuzzer/gethaptokeninfostub_fuzzer.cpp index 234dcdd9ca48dec47939f94f7cc9e6d89b3aefef..9f05b60603508a28f111a8855b40febcb3687e85 100644 --- a/test/fuzztest/services/accesstoken/gethaptokeninfostub_fuzzer/gethaptokeninfostub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/gethaptokeninfostub_fuzzer/gethaptokeninfostub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" #include "permission_def_parcel.h" using namespace std; @@ -48,7 +48,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_HAP_TOKENINFO); + IAccessTokenManagerIpcCode::COMMAND_GET_HAP_TOKEN_INFO); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/BUILD.gn index 5a0763a72fb4c1d4acffd9960562d869281cd5fb..9bbe0f0104a70ec1c6bf1ad897c3c6c84986e277 100644 --- a/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetKernelPermissionsStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/getkernelpermissionsstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/getkernelpermissionsstub_fuzzer.cpp index 5d18288f5acc58338dbd4d16f8a36df504c5bf72..06c8c603e96ab9c543c37e2dc3260192a545d3a7 100644 --- a/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/getkernelpermissionsstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/getkernelpermissionsstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -42,7 +42,7 @@ namespace OHOS { return false; } - uint32_t code = static_cast(AccessTokenInterfaceCode::GET_KERNEL_PERMISSIONS); + uint32_t code = static_cast(IAccessTokenManagerIpcCode::COMMAND_GET_KERNEL_PERMISSIONS); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/getnativetokenidstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getnativetokenidstub_fuzzer/BUILD.gn index 88f5a33e366d54da371b2d6ede1fe5de628803f0..e03846b15b5b6617b0ea7ded64481e10f3d47e24 100644 --- a/test/fuzztest/services/accesstoken/getnativetokenidstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getnativetokenidstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetNativeTokenIdStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getnativetokenidstub_fuzzer/getnativetokenidstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getnativetokenidstub_fuzzer/getnativetokenidstub_fuzzer.cpp index a6ba9c6ec197c2627fba158b5c8a20083369926b..96f13c6c98d1c6bb558712b1f20d18bbff36bca5 100644 --- a/test/fuzztest/services/accesstoken/getnativetokenidstub_fuzzer/getnativetokenidstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getnativetokenidstub_fuzzer/getnativetokenidstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" #include "permission_def_parcel.h" using namespace std; @@ -48,7 +48,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_NATIVE_TOKEN_ID); + IAccessTokenManagerIpcCode::COMMAND_GET_NATIVE_TOKEN_ID); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/getnativetokeninfostub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getnativetokeninfostub_fuzzer/BUILD.gn index bf1c570cd13430ae34a81819a02b5895ff5f8a84..69a27a830bad93fd9502559b1492bf4c8b528f81 100644 --- a/test/fuzztest/services/accesstoken/getnativetokeninfostub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getnativetokeninfostub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetNativeTokenInfoStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getnativetokeninfostub_fuzzer/getnativetokeninfostub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getnativetokeninfostub_fuzzer/getnativetokeninfostub_fuzzer.cpp index aae9deef479833fc0511507e9362bfdd32dd9ae0..505057e1ef907c8d37a4fc79e1d7f7161622fe55 100644 --- a/test/fuzztest/services/accesstoken/getnativetokeninfostub_fuzzer/getnativetokeninfostub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getnativetokeninfostub_fuzzer/getnativetokeninfostub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -45,7 +45,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_NATIVE_TOKENINFO); + IAccessTokenManagerIpcCode::COMMAND_GET_NATIVE_TOKEN_INFO); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/getpermissionflagstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getpermissionflagstub_fuzzer/BUILD.gn index bd20c6515a44dba36067fdd94b204d1bab9d2d06..c0950cccd2ebd578cddda407940eab648bacf698 100644 --- a/test/fuzztest/services/accesstoken/getpermissionflagstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getpermissionflagstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetPermissionFlagStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getpermissionflagstub_fuzzer/getpermissionflagstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getpermissionflagstub_fuzzer/getpermissionflagstub_fuzzer.cpp index 1a568a539a14ffbdaa1e67f1c2c2b2a5671138b7..cc4c7fc5d5da05821fa79fd6a78f9a7e3c94ab9b 100644 --- a/test/fuzztest/services/accesstoken/getpermissionflagstub_fuzzer/getpermissionflagstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getpermissionflagstub_fuzzer/getpermissionflagstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -46,7 +46,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_PERMISSION_FLAG); + IAccessTokenManagerIpcCode::COMMAND_GET_PERMISSION_FLAG); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/getpermissionrequesttogglestatusstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getpermissionrequesttogglestatusstub_fuzzer/BUILD.gn index 07a60bedb24857339047cf812e441c73096c1e09..ac30fc2f5003499c0f4f7836e6f359a33a47c654 100644 --- a/test/fuzztest/services/accesstoken/getpermissionrequesttogglestatusstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getpermissionrequesttogglestatusstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetPermissionRequestToggleStatusStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getpermissionrequesttogglestatusstub_fuzzer/getpermissionrequesttogglestatusstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getpermissionrequesttogglestatusstub_fuzzer/getpermissionrequesttogglestatusstub_fuzzer.cpp index 841934814bc644260af981c2a5d2e22021ce2767..10b12bce5775971c4fbd0df8a6b22830a3e5ea38 100644 --- a/test/fuzztest/services/accesstoken/getpermissionrequesttogglestatusstub_fuzzer/getpermissionrequesttogglestatusstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getpermissionrequesttogglestatusstub_fuzzer/getpermissionrequesttogglestatusstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -46,7 +46,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_PERMISSION_REQUEST_TOGGLE_STATUS); + IAccessTokenManagerIpcCode::COMMAND_GET_PERMISSION_REQUEST_TOGGLE_STATUS); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/getpermissionsstatusstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getpermissionsstatusstub_fuzzer/BUILD.gn index 389e032db381b0c39dfcaca7b3f2d345963dd3fa..efc48f2c8a5ba7a69ff6a5007c17a21d02503e96 100644 --- a/test/fuzztest/services/accesstoken/getpermissionsstatusstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getpermissionsstatusstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -34,7 +34,10 @@ ohos_fuzztest("GetPermissionsStatusStubFuzzTest") { deps = access_token_deps deps += [ "${access_token_path}/interfaces/innerkits/nativetoken:libnativetoken_shared" ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getpermissionsstatusstub_fuzzer/getpermissionsstatusstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getpermissionsstatusstub_fuzzer/getpermissionsstatusstub_fuzzer.cpp index 472fcc4808d963d1e5cdd4936405f69cc2f16d20..3f61fc13f81f24480a2ce682bfeeb965c75043d2 100644 --- a/test/fuzztest/services/accesstoken/getpermissionsstatusstub_fuzzer/getpermissionsstatusstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getpermissionsstatusstub_fuzzer/getpermissionsstatusstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -24,7 +24,7 @@ #include "access_token.h" #include "accesstoken_kit.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" #include "nativetoken_kit.h" #include "securec.h" #include "token_setproc.h" @@ -120,7 +120,7 @@ size_t g_baseFuzzPos = 0; } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_PERMISSIONS_STATUS); + IAccessTokenManagerIpcCode::COMMAND_GET_PERMISSIONS_STATUS); MessageParcel reply; MessageOption option; bool enable = ((size % CONSTANTS_NUMBER_TWO) == 0); diff --git a/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/BUILD.gn index 81e50ab0ae6d39754ca54140d1456bbe76314d14..9e050c96110bd792d69326c5df2d098e53bbd8ac 100644 --- a/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetPermissionUsedTypeStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/getpermissionusedtypestub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/getpermissionusedtypestub_fuzzer.cpp index 5c8a672deff002860635be02480145956391f1ba..46d92628166cf29214d58e045bfbcde4db83df14 100644 --- a/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/getpermissionusedtypestub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/getpermissionusedtypestub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -24,7 +24,7 @@ #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" #include "hap_info_parcel.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -52,7 +52,7 @@ bool GetPermissionUsedTypeStubFuzzTest(const uint8_t* data, size_t size) } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_USER_GRANTED_PERMISSION_USED_TYPE); + IAccessTokenManagerIpcCode::COMMAND_GET_PERMISSION_USED_TYPE); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/BUILD.gn index d3ce3d6fc1078c32a209a1d62c83e62e35ac3287..0dfb959a6bf56435a8dd4a30f4842650a452989c 100644 --- a/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetRemoteNativeTokenIDStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/getremotenativetokenidstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/getremotenativetokenidstub_fuzzer.cpp index 2b823907860ca6d8f828c08702053217b66fbcdb..1fb79456826d563234227b0b137b7caaa22f02cf 100644 --- a/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/getremotenativetokenidstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/getremotenativetokenidstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #include "accesstoken_info_manager.h" #include "accesstoken_kit.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" #include "token_setproc.h" using namespace std; @@ -54,7 +54,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_NATIVE_REMOTE_TOKEN); + IAccessTokenManagerIpcCode::COMMAND_GET_REMOTE_NATIVE_TOKEN_I_D); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/BUILD.gn index f2de773f08d93df3eeaef2b965bc0b52949d1224..197b8f6b246b46b59d844ec05cdf713370bf0b28 100644 --- a/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetReqPermissionByNameStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/getreqpermissionbynamestub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/getreqpermissionbynamestub_fuzzer.cpp index d9f021801db41f5c66041eae2c9258f1d923dddf..e0da7247cd64e5f9aefed9d2a4fc1503364a3eb0 100644 --- a/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/getreqpermissionbynamestub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/getreqpermissionbynamestub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -42,7 +42,7 @@ namespace OHOS { return false; } - uint32_t code = static_cast(AccessTokenInterfaceCode::GET_PERMISSION_BY_NAME); + uint32_t code = static_cast(IAccessTokenManagerIpcCode::COMMAND_GET_REQ_PERMISSION_BY_NAME); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/getreqpermissionsstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getreqpermissionsstub_fuzzer/BUILD.gn index 225390f68a30b67d7e3832f902c3136659971b18..0c3f1c41f972650ffcb5bbc0fd98e72c99fa9c8f 100644 --- a/test/fuzztest/services/accesstoken/getreqpermissionsstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getreqpermissionsstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetReqPermissionsStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getreqpermissionsstub_fuzzer/getreqpermissionsstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getreqpermissionsstub_fuzzer/getreqpermissionsstub_fuzzer.cpp index d8db10cb1445a6f88461f731798dc3d11b90cd01..022a9113e235f1d04c2e222f21709d0f5ae18538 100644 --- a/test/fuzztest/services/accesstoken/getreqpermissionsstub_fuzzer/getreqpermissionsstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getreqpermissionsstub_fuzzer/getreqpermissionsstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" #include "permission_def_parcel.h" using namespace std; @@ -47,7 +47,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_REQ_PERMISSIONS); + IAccessTokenManagerIpcCode::COMMAND_GET_REQ_PERMISSIONS); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/getselfpermissionsstatestub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getselfpermissionsstatestub_fuzzer/BUILD.gn index 6e0b50f044ff59713ba3fa10696fbc639ea066c0..064c9261cd8d4db2c4dae7f7aa92f86381e5f8de 100644 --- a/test/fuzztest/services/accesstoken/getselfpermissionsstatestub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getselfpermissionsstatestub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetSelfPermissionsStateStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getselfpermissionsstatestub_fuzzer/getselfpermissionsstatestub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getselfpermissionsstatestub_fuzzer/getselfpermissionsstatestub_fuzzer.cpp index bb35c40c439a50bbb56aafd5a7adc7c3fb3b0dac..a767372a2dfd8e5786c1c22e4795dc347b1e2321 100644 --- a/test/fuzztest/services/accesstoken/getselfpermissionsstatestub_fuzzer/getselfpermissionsstatestub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getselfpermissionsstatestub_fuzzer/getselfpermissionsstatestub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS; @@ -51,7 +51,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_PERMISSION_OPER_STATE); + IAccessTokenManagerIpcCode::COMMAND_GET_SELF_PERMISSIONS_STATE); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/gettokenidbyuseridstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/gettokenidbyuseridstub_fuzzer/BUILD.gn index e3bcbfcedb7ec3732c562212b29fd84cbb7c576e..78d02583e92b8d2dc70e719ca7929c12fbed3f0e 100644 --- a/test/fuzztest/services/accesstoken/gettokenidbyuseridstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/gettokenidbyuseridstub_fuzzer/BUILD.gn @@ -32,7 +32,10 @@ ohos_fuzztest("GetTokenIDByUserIDStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/gettokenidbyuseridstub_fuzzer/gettokenidbyuseridstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/gettokenidbyuseridstub_fuzzer/gettokenidbyuseridstub_fuzzer.cpp index 3345a3bd2c06071a6546bb784f8b86ea5c126cbe..a3b3cc411f9d3d21e72f872acd3f080d355c8f70 100644 --- a/test/fuzztest/services/accesstoken/gettokenidbyuseridstub_fuzzer/gettokenidbyuseridstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/gettokenidbyuseridstub_fuzzer/gettokenidbyuseridstub_fuzzer.cpp @@ -18,7 +18,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -41,7 +41,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_TOKEN_ID_BY_USER_ID); + IAccessTokenManagerIpcCode::COMMAND_GET_TOKEN_I_D_BY_USER_I_D); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/gettokentypestub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/gettokentypestub_fuzzer/BUILD.gn index 1a167b063f285f4acb09e4c15d0dcf7efc564bec..e19e8f3d08f88f36eb7c0f1f2052987900e34f97 100644 --- a/test/fuzztest/services/accesstoken/gettokentypestub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/gettokentypestub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetTokenTypeStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/gettokentypestub_fuzzer/gettokentypestub_fuzzer.cpp b/test/fuzztest/services/accesstoken/gettokentypestub_fuzzer/gettokentypestub_fuzzer.cpp index f98c2ddc8309e806233fef0e6ca4453a5eab9632..7a21b62ddb31286f56d9e16be5defb2455b2d7df 100644 --- a/test/fuzztest/services/accesstoken/gettokentypestub_fuzzer/gettokentypestub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/gettokentypestub_fuzzer/gettokentypestub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -42,7 +42,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_TOKEN_TYPE); + IAccessTokenManagerIpcCode::COMMAND_GET_TOKEN_TYPE); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/BUILD.gn index 5416997fc165c653ee5a109fb8556e6b740e7c66..1f4268915ac8b11f993df82d52577f3cb1aa46b0 100644 --- a/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GrantPermissionForSpecifiedTimeStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/grantpermissionforspecifiedtimestub_fuzzer.cpp b/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/grantpermissionforspecifiedtimestub_fuzzer.cpp index 73e4bb6959a41afd8bef0e17cff40fda3cb114df..ae92c90019df4d272c51a4deeeef6f49f61e1e03 100644 --- a/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/grantpermissionforspecifiedtimestub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/grantpermissionforspecifiedtimestub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -24,7 +24,7 @@ #undef private #include "accesstoken_manager_service.h" #include "hap_info_parcel.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -49,7 +49,7 @@ namespace OHOS { return false; } uint32_t code = static_cast( - AccessTokenInterfaceCode::GRANT_PERMISSION_FOR_SPECIFIEDTIME); + IAccessTokenManagerIpcCode::COMMAND_ALLOC_HAP_TOKEN); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/BUILD.gn index c8b6142db311fd4fa683130129a54e02501a9e95..65dfeeeef516d2b22f5606ac364082098c94df08 100644 --- a/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GrantPermissionStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/grantpermissionstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/grantpermissionstub_fuzzer.cpp index f7f3dff303ea71bdadfe143fec73b69c93f55874..34aa2513d544404329f818414e3b16f2a1d7c38f 100644 --- a/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/grantpermissionstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/grantpermissionstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -26,7 +26,7 @@ #include "accesstoken_info_manager.h" #include "accesstoken_kit.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" #include "token_setproc.h" using namespace std; @@ -65,7 +65,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::GRANT_PERMISSION); + IAccessTokenManagerIpcCode::COMMAND_GRANT_PERMISSION); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/inithaptokenstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/inithaptokenstub_fuzzer/BUILD.gn index 5b707634a7b65fa386bc0b7478983a39480f73ed..4b1e8c6f26c9bdeda97fe3e99ca2c7d2ae84c454 100644 --- a/test/fuzztest/services/accesstoken/inithaptokenstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/inithaptokenstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("InitHapTokenStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/inithaptokenstub_fuzzer/inithaptokenstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/inithaptokenstub_fuzzer/inithaptokenstub_fuzzer.cpp index 13fa49d2a6d74711f38502f802ef4fce46e935a8..ea023f93c3739ba0fdfd31329b32cebbf683f643 100644 --- a/test/fuzztest/services/accesstoken/inithaptokenstub_fuzzer/inithaptokenstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/inithaptokenstub_fuzzer/inithaptokenstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -24,7 +24,7 @@ #undef private #include "accesstoken_manager_service.h" #include "hap_info_parcel.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -93,7 +93,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::INIT_TOKEN_HAP); + IAccessTokenManagerIpcCode::COMMAND_INIT_HAP_TOKEN); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/BUILD.gn index ac370e1470d1cf836016e8874f98dd016eb1c678..33e4bf96f54927076b2ebcca6850d49e65a4b5fb 100644 --- a/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/BUILD.gn @@ -34,7 +34,10 @@ ohos_fuzztest("InitUserPolicyStubFuzzTest") { deps = access_token_deps deps += [ "${access_token_path}/interfaces/innerkits/nativetoken:libnativetoken_shared" ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/inituserpolicystub_fuzzer.cpp b/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/inituserpolicystub_fuzzer.cpp index 1184c309aad13fde07a8a13900a9de0c3e0b5778..f4b01a42cd6cf7178e6b414ab9cf69bfff3753a3 100644 --- a/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/inituserpolicystub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/inituserpolicystub_fuzzer.cpp @@ -23,7 +23,7 @@ #include "accesstoken_fuzzdata.h" #include "accesstoken_kit.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" #include "nativetoken_kit.h" #include "token_setproc.h" @@ -93,7 +93,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::INIT_USER_POLICY); + IAccessTokenManagerIpcCode::COMMAND_INIT_USER_POLICY); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/registerpermstatechangecallbackstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/registerpermstatechangecallbackstub_fuzzer/BUILD.gn index 155806b6908103192c78b4c3cc10cf00b66376ba..11a3e6545699a83398a14b237ef223877b2e9abb 100644 --- a/test/fuzztest/services/accesstoken/registerpermstatechangecallbackstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/registerpermstatechangecallbackstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("RegisterPermStateChangeCallbackStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/registerpermstatechangecallbackstub_fuzzer/registerpermstatechangecallbackstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/registerpermstatechangecallbackstub_fuzzer/registerpermstatechangecallbackstub_fuzzer.cpp index 251cfd7d90fbb90a31252ad2ae1ce5ae917e2e98..b37d7b402981e33081c5d5a7da44f733814700d1 100644 --- a/test/fuzztest/services/accesstoken/registerpermstatechangecallbackstub_fuzzer/registerpermstatechangecallbackstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/registerpermstatechangecallbackstub_fuzzer/registerpermstatechangecallbackstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -22,7 +22,7 @@ #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_client.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -77,7 +77,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::REGISTER_PERM_STATE_CHANGE_CALLBACK); + IAccessTokenManagerIpcCode::COMMAND_REGISTER_PERM_STATE_CHANGE_CALLBACK); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/BUILD.gn index cdb19e0afb3eaa63eee042980cbc88ff762e4be1..63c5b686e807d24c43fbfdc147b81e70971647d4 100644 --- a/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/BUILD.gn @@ -34,7 +34,10 @@ ohos_fuzztest("RegisterSelfPermStateChangeCallbackStubFuzzTest") { deps = access_token_deps deps += [ "${access_token_path}/interfaces/innerkits/nativetoken:libnativetoken_shared" ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/registerselfpermstatechangecallbackstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/registerselfpermstatechangecallbackstub_fuzzer.cpp index 946e7fa59c3976efa2b6236405742a702ca7e315..4d35d90e5e6d883d56dee8e8e05a8b2d67d3a43c 100644 --- a/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/registerselfpermstatechangecallbackstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/registerselfpermstatechangecallbackstub_fuzzer.cpp @@ -26,7 +26,7 @@ #include "accesstoken_kit.h" #include "accesstoken_manager_client.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" #include "token_setproc.h" using namespace std; @@ -110,7 +110,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::REGISTER_SELF_PERM_STATE_CHANGE_CALLBACK); + IAccessTokenManagerIpcCode::COMMAND_REGISTER_SELF_PERM_STATE_CHANGE_CALLBACK); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/BUILD.gn index 7972f3712181095e28fa4ef5e5d80b53663ff13a..9e06d8b295ffb4c1ad66c6c53aea1f0a1cb0a3b1 100644 --- a/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("RequestAppPermOnSettingStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/requestapppermonsettingstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/requestapppermonsettingstub_fuzzer.cpp index 4c65417afa86030ece0cec5ba6ee0d4a04639713..bcd22753e8ff3743bb80bd3cb1f97a66ee4eb6f5 100644 --- a/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/requestapppermonsettingstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/requestapppermonsettingstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -42,7 +42,7 @@ namespace OHOS { return false; } - uint32_t code = static_cast(AccessTokenInterfaceCode::REQUEST_APP_PERM_ON_SETTING); + uint32_t code = static_cast(IAccessTokenManagerIpcCode::COMMAND_REQUEST_APP_PERM_ON_SETTING); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/revokepermissionstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/revokepermissionstub_fuzzer/BUILD.gn index de933d784862cd1a9b3a940aad24f101b6644e99..5e81544fcf06101694bbdd1621e84e3ed6107b58 100644 --- a/test/fuzztest/services/accesstoken/revokepermissionstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/revokepermissionstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("RevokePermissionStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/revokepermissionstub_fuzzer/revokepermissionstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/revokepermissionstub_fuzzer/revokepermissionstub_fuzzer.cpp index aab7e2a752c3a758ded5c089ec32d3c86892abeb..30d69e7df101d4003741b160ad494bdb20cfc6e6 100644 --- a/test/fuzztest/services/accesstoken/revokepermissionstub_fuzzer/revokepermissionstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/revokepermissionstub_fuzzer/revokepermissionstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -48,7 +48,7 @@ namespace OHOS { return false; } uint32_t code = static_cast( - AccessTokenInterfaceCode::REVOKE_PERMISSION); + IAccessTokenManagerIpcCode::COMMAND_REVOKE_PERMISSION); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/setpermdialogcap_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/setpermdialogcap_fuzzer/BUILD.gn index 81f75417dd0323cfded1a32ec707f5cd8c85d430..c240203ea66a076bdba65571806e29ae6073d35d 100644 --- a/test/fuzztest/services/accesstoken/setpermdialogcap_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/setpermdialogcap_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("SetPermDialogCapFuzzTest") { deps = access_token_deps deps += [ "${access_token_path}/interfaces/innerkits/nativetoken:libnativetoken_shared" ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/setpermdialogcap_fuzzer/setpermdialogcap_fuzzer.cpp b/test/fuzztest/services/accesstoken/setpermdialogcap_fuzzer/setpermdialogcap_fuzzer.cpp index 153e3bbd22af5ec34ce1b0757348a9fc8d87b288..994193a1a4edfcc3e4372b30611b7aced4385bdc 100644 --- a/test/fuzztest/services/accesstoken/setpermdialogcap_fuzzer/setpermdialogcap_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/setpermdialogcap_fuzzer/setpermdialogcap_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #include "accesstoken_fuzzdata.h" #include "accesstoken_kit.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" #include "nativetoken_kit.h" #include "securec.h" #include "token_setproc.h" @@ -72,7 +72,7 @@ namespace OHOS { if (!datas.WriteParcelable(&baseInfoParcel)) { return false; } - uint32_t code = static_cast(AccessTokenInterfaceCode::SET_PERM_DIALOG_CAPABILITY); + uint32_t code = static_cast(IAccessTokenManagerIpcCode::COMMAND_SET_PERM_DIALOG_CAP); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/setpermissionrequesttogglestatusstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/setpermissionrequesttogglestatusstub_fuzzer/BUILD.gn index 7a7623c5f96775c1f17b978c742ac0d326785f22..2bf1efcd27a90b6e046fc4b8a38d502d56a17374 100644 --- a/test/fuzztest/services/accesstoken/setpermissionrequesttogglestatusstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/setpermissionrequesttogglestatusstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("SetPermissionRequestToggleStatusStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/setpermissionrequesttogglestatusstub_fuzzer/setpermissionrequesttogglestatusstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/setpermissionrequesttogglestatusstub_fuzzer/setpermissionrequesttogglestatusstub_fuzzer.cpp index c2934d01648a974c8cb78b5da67847a07de8758b..7e98d58607a4accec0b6e026b687f7b7eb61db49 100644 --- a/test/fuzztest/services/accesstoken/setpermissionrequesttogglestatusstub_fuzzer/setpermissionrequesttogglestatusstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/setpermissionrequesttogglestatusstub_fuzzer/setpermissionrequesttogglestatusstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -49,7 +49,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::SET_PERMISSION_REQUEST_TOGGLE_STATUS); + IAccessTokenManagerIpcCode::COMMAND_SET_PERMISSION_REQUEST_TOGGLE_STATUS); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/BUILD.gn index 35fa2dfe5376b32b27024681bc8c20e8efe5b712..66b3dfb0455b7d72a2b0ddddb4e089c5700cba41 100644 --- a/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("SetRemoteHapTokenInfoStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/setremotehaptokeninfostub_fuzzer.cpp b/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/setremotehaptokeninfostub_fuzzer.cpp index 8cda4c996b4890eaa1120f6087f36ebc238a9ad0..db20383d44d5b167a9a20c48b648d266dc6c83bf 100644 --- a/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/setremotehaptokeninfostub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/setremotehaptokeninfostub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -24,7 +24,7 @@ #include "accesstoken_info_manager.h" #include "accesstoken_kit.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" #include "permission_state_full.h" #include "token_setproc.h" @@ -88,7 +88,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::SET_REMOTE_HAP_TOKEN_INFO); + IAccessTokenManagerIpcCode::COMMAND_SET_REMOTE_HAP_TOKEN_INFO); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/updatehaptokenstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/updatehaptokenstub_fuzzer/BUILD.gn index 7b73bb9b50bb9a01fedade3060f04f44139eb644..31a7c5de20aeb5c5481166411a5de2e43985f134 100644 --- a/test/fuzztest/services/accesstoken/updatehaptokenstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/updatehaptokenstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("UpdateHapTokenStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/updatehaptokenstub_fuzzer/updatehaptokenstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/updatehaptokenstub_fuzzer/updatehaptokenstub_fuzzer.cpp index 939f5f390799ccbce13b60cb6b3fca280a81c7af..e9763360a32ce92624f6fa8f7668297115e2ad37 100644 --- a/test/fuzztest/services/accesstoken/updatehaptokenstub_fuzzer/updatehaptokenstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/updatehaptokenstub_fuzzer/updatehaptokenstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -80,7 +80,7 @@ namespace OHOS { if (!datas.WriteParcelable(&hapPolicyParcel)) { return false; } - uint32_t code = static_cast(AccessTokenInterfaceCode::UPDATE_HAP_TOKEN); + uint32_t code = static_cast(IAccessTokenManagerIpcCode::COMMAND_UPDATE_HAP_TOKEN); MessageParcel reply; MessageOption option; bool enable = ((size % CONSTANTS_NUMBER_TWO) == 0); diff --git a/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/BUILD.gn index 3d21d687f7d335c0a2e445b1ce8a8cba0985a484..3a5c065745c952f69cb74e80886f65db8ee3b1f1 100644 --- a/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/BUILD.gn @@ -34,7 +34,10 @@ ohos_fuzztest("UpdateUserPolicyStubFuzzTest") { deps = access_token_deps deps += [ "${access_token_path}/interfaces/innerkits/nativetoken:libnativetoken_shared" ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/updateuserpolicystub_fuzzer.cpp b/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/updateuserpolicystub_fuzzer.cpp index c0a8edc5d11725c62c29741e9c52847ce803943f..0714eab49649697a9dfbec66f8633a73e780cc9c 100644 --- a/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/updateuserpolicystub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/updateuserpolicystub_fuzzer.cpp @@ -23,7 +23,7 @@ #include "accesstoken_fuzzdata.h" #include "accesstoken_kit.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" #include "nativetoken_kit.h" #include "token_setproc.h" @@ -85,7 +85,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::UPDATE_USER_POLICY); + IAccessTokenManagerIpcCode::COMMAND_UPDATE_USER_POLICY); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/verifyaccesstokenstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/verifyaccesstokenstub_fuzzer/BUILD.gn index 3187a41a1b91fa20f4e3087308557e6207a485c4..47672fbf17d91ed8b181def6382ca04a9c9abce6 100644 --- a/test/fuzztest/services/accesstoken/verifyaccesstokenstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/verifyaccesstokenstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("VerifyAccessTokenStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/verifyaccesstokenstub_fuzzer/verifyaccesstokenstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/verifyaccesstokenstub_fuzzer/verifyaccesstokenstub_fuzzer.cpp index d0c51459545a6a64387e88e9f89c9db129c2e8f3..7575cc2379930bcbd49c8d2db6a50399e43ad62c 100644 --- a/test/fuzztest/services/accesstoken/verifyaccesstokenstub_fuzzer/verifyaccesstokenstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/verifyaccesstokenstub_fuzzer/verifyaccesstokenstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -44,7 +44,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::VERIFY_ACCESSTOKEN); + IAccessTokenManagerIpcCode::COMMAND_VERIFY_ACCESS_TOKEN); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/BUILD.gn index 1d6648b8f3d42ce858ead87907d451001ede81b2..c134bd8099341930b073cd73573615f1b81b57ee 100644 --- a/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("VerifyAccessTokenWithListStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/verifyaccesstokenwithliststub_fuzzer.cpp b/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/verifyaccesstokenwithliststub_fuzzer.cpp index af153efffd06dae2c5b37cfed1f0c2086787c84c..b6ddf690259bd902f4e45b7c2fcac9ab8fb4cedb 100644 --- a/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/verifyaccesstokenwithliststub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/verifyaccesstokenwithliststub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -48,7 +48,8 @@ namespace OHOS { return false; } - uint32_t code = static_cast(AccessTokenInterfaceCode::VERIFY_ACCESSTOKEN_WITH_LIST); + uint32_t code = static_cast( + IAccessTokenManagerIpcCode::COMMAND_VERIFY_ACCESS_TOKEN_IN_UNSIGNED_INT_IN_LIST_STRING_OUT_LIST_INT); MessageParcel reply; MessageOption option;