From 642cb45e04f225f819f4d1be055e36a63cf0a231 Mon Sep 17 00:00:00 2001 From: wuliushuan Date: Fri, 28 Mar 2025 15:10:46 +0800 Subject: [PATCH] =?UTF-8?q?IDL=E5=8C=96=20250328?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: wuliushuan Change-Id: Ieb16946f4429aceda92161a474bb44ead78c4343 --- frameworks/accesstoken/BUILD.gn | 2 +- .../include/i_accesstoken_manager.h | 126 -- ...cel.h => perm_state_change_scope_parcel.h} | 2 +- ...cpp => perm_state_change_scope_parcel.cpp} | 4 +- .../test/unittest/accesstoken_parcel_test.cpp | 2 +- interfaces/innerkits/accesstoken/BUILD.gn | 7 +- .../src/accesstoken_manager_client.cpp | 448 ++++- .../src/accesstoken_manager_client.h | 5 +- .../src/accesstoken_manager_proxy.cpp | 1578 ----------------- .../src/accesstoken_manager_proxy.h | 122 -- .../accesstoken/test/unittest/BUILD.gn | 7 +- .../accesstoken_kit_coverage_test.cpp | 1 - .../get_hap_dlp_flag_test.cpp | 2 +- .../get_permission_flag_test.cpp | 2 +- .../get_permissions_status_test.cpp | 2 +- .../permission_request_toggle_status_test.cpp | 2 +- .../HapTokenTest/alloc_hap_token_test.cpp | 1 - .../app_installation_optimized_test.cpp | 2 +- .../HapTokenTest/delete_token_test.cpp | 2 +- .../HapTokenTest/get_hap_token_test.cpp | 2 +- .../HapTokenTest/get_token_type_test.cpp | 2 +- .../HapTokenTest/init_hap_token_test.cpp | 4 +- .../HapTokenTest/update_hap_token_test.cpp | 2 +- .../set_perm_dialog_cap_test.cpp | 1 - ...ar_user_granted__permission_state_test.cpp | 2 +- .../PermissionsTest/get_permission_test.cpp | 2 +- .../PermissionsTest/grant_permission_test.cpp | 2 +- .../revoke_permission_test.cpp | 2 +- .../verify_access_token_test.cpp | 2 +- ...gister_perm_state_change_callback_test.cpp | 2 +- ...gister_perm_state_change_callback_test.cpp | 2 +- .../unittest/SaTest/dump_token_info_test.cpp | 2 +- .../SaTest/get_native_token_id_test.cpp | 2 +- .../SaTest/get_native_token_info_test.cpp | 2 +- .../test/unittest/SaTest/get_version_test.cpp | 2 +- services/accesstokenmanager/BUILD.gn | 5 +- services/accesstokenmanager/idl/BUILD.gn | 125 ++ .../idl/IAccessTokenManager.idl | 89 + services/accesstokenmanager/idl/IdlCommon.idl | 49 + .../service/accesstoken_manager_service.h | 64 +- .../service/accesstoken_manager_stub.h | 113 -- .../service/accesstoken_manager_service.cpp | 590 +++++- .../src/service/accesstoken_manager_stub.cpp | 1335 -------------- .../accesstokenmanager/test/coverage/BUILD.gn | 7 +- .../accesstokenmanager/test/mock/BUILD.gn | 7 +- .../accesstokenmanager/test/unittest/BUILD.gn | 7 +- .../accesstoken_info_manager_test.cpp | 136 +- .../accesstoken/access_token_service_fuzz.gni | 4 +- .../allochaptokenstub_fuzzer/BUILD.gn | 7 +- .../allochaptokenstub_fuzzer.cpp | 6 +- .../alloclocaltokenidstub_fuzzer/BUILD.gn | 7 +- .../alloclocaltokenidstub_fuzzer.cpp | 6 +- .../BUILD.gn | 7 +- ...rusergrantedpermissionstatestub_fuzzer.cpp | 6 +- .../BUILD.gn | 7 +- .../deleteremotedevicetokensstub_fuzzer.cpp | 4 +- .../deleteremotetokenstub_fuzzer/BUILD.gn | 7 +- .../deleteremotetokenstub_fuzzer.cpp | 6 +- .../deletetokenstub_fuzzer/BUILD.gn | 7 +- .../deletetokenstub_fuzzer.cpp | 6 +- .../dumptokeninfostub_fuzzer/BUILD.gn | 7 +- .../dumptokeninfostub_fuzzer.cpp | 6 +- .../getdefpermissionstub_fuzzer/BUILD.gn | 7 +- .../getdefpermissionstub_fuzzer.cpp | 6 +- .../gethaptokenidstub_fuzzer/BUILD.gn | 7 +- .../gethaptokenidstub_fuzzer.cpp | 6 +- .../gethaptokeninfoextstub_fuzzer/BUILD.gn | 7 +- .../gethaptokeninfoextstub_fuzzer.cpp | 6 +- .../BUILD.gn | 7 +- .../gethaptokeninfofromremotestub_fuzzer.cpp | 6 +- .../gethaptokeninfostub_fuzzer/BUILD.gn | 7 +- .../gethaptokeninfostub_fuzzer.cpp | 6 +- .../getkernelpermissionsstub_fuzzer/BUILD.gn | 7 +- .../getkernelpermissionsstub_fuzzer.cpp | 6 +- .../getnativetokenidstub_fuzzer/BUILD.gn | 7 +- .../getnativetokenidstub_fuzzer.cpp | 6 +- .../getnativetokeninfostub_fuzzer/BUILD.gn | 7 +- .../getnativetokeninfostub_fuzzer.cpp | 6 +- .../getpermissionflagstub_fuzzer/BUILD.gn | 7 +- .../getpermissionflagstub_fuzzer.cpp | 6 +- .../BUILD.gn | 7 +- ...rmissionrequesttogglestatusstub_fuzzer.cpp | 6 +- .../getpermissionsstatusstub_fuzzer/BUILD.gn | 7 +- .../getpermissionsstatusstub_fuzzer.cpp | 6 +- .../getpermissionusedtypestub_fuzzer/BUILD.gn | 7 +- .../getpermissionusedtypestub_fuzzer.cpp | 6 +- .../BUILD.gn | 7 +- .../getremotenativetokenidstub_fuzzer.cpp | 6 +- .../BUILD.gn | 7 +- .../getreqpermissionbynamestub_fuzzer.cpp | 6 +- .../getreqpermissionsstub_fuzzer/BUILD.gn | 7 +- .../getreqpermissionsstub_fuzzer.cpp | 6 +- .../BUILD.gn | 7 +- .../getselfpermissionsstatestub_fuzzer.cpp | 6 +- .../gettokenidbyuseridstub_fuzzer/BUILD.gn | 5 +- .../gettokenidbyuseridstub_fuzzer.cpp | 4 +- .../gettokentypestub_fuzzer/BUILD.gn | 7 +- .../gettokentypestub_fuzzer.cpp | 6 +- .../BUILD.gn | 7 +- ...tpermissionforspecifiedtimestub_fuzzer.cpp | 6 +- .../grantpermissionstub_fuzzer/BUILD.gn | 7 +- .../grantpermissionstub_fuzzer.cpp | 6 +- .../inithaptokenstub_fuzzer/BUILD.gn | 7 +- .../inithaptokenstub_fuzzer.cpp | 6 +- .../inituserpolicystub_fuzzer/BUILD.gn | 5 +- .../inituserpolicystub_fuzzer.cpp | 4 +- .../BUILD.gn | 7 +- ...sterpermstatechangecallbackstub_fuzzer.cpp | 6 +- .../BUILD.gn | 5 +- ...selfpermstatechangecallbackstub_fuzzer.cpp | 4 +- .../BUILD.gn | 7 +- .../requestapppermonsettingstub_fuzzer.cpp | 6 +- .../revokepermissionstub_fuzzer/BUILD.gn | 7 +- .../revokepermissionstub_fuzzer.cpp | 6 +- .../setpermdialogcap_fuzzer/BUILD.gn | 7 +- .../setpermdialogcap_fuzzer.cpp | 6 +- .../BUILD.gn | 7 +- ...rmissionrequesttogglestatusstub_fuzzer.cpp | 6 +- .../setremotehaptokeninfostub_fuzzer/BUILD.gn | 7 +- .../setremotehaptokeninfostub_fuzzer.cpp | 6 +- .../updatehaptokenstub_fuzzer/BUILD.gn | 7 +- .../updatehaptokenstub_fuzzer.cpp | 4 +- .../updateuserpolicystub_fuzzer/BUILD.gn | 5 +- .../updateuserpolicystub_fuzzer.cpp | 4 +- .../verifyaccesstokenstub_fuzzer/BUILD.gn | 7 +- .../verifyaccesstokenstub_fuzzer.cpp | 6 +- .../BUILD.gn | 7 +- .../verifyaccesstokenwithliststub_fuzzer.cpp | 7 +- 128 files changed, 1702 insertions(+), 3680 deletions(-) delete mode 100644 frameworks/accesstoken/include/i_accesstoken_manager.h rename frameworks/accesstoken/include/{permission_state_change_scope_parcel.h => perm_state_change_scope_parcel.h} (95%) rename frameworks/accesstoken/src/{permission_state_change_scope_parcel.cpp => perm_state_change_scope_parcel.cpp} (96%) delete mode 100644 interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp delete mode 100644 interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h create mode 100644 services/accesstokenmanager/idl/BUILD.gn create mode 100644 services/accesstokenmanager/idl/IAccessTokenManager.idl create mode 100644 services/accesstokenmanager/idl/IdlCommon.idl delete mode 100644 services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h delete mode 100644 services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp diff --git a/frameworks/accesstoken/BUILD.gn b/frameworks/accesstoken/BUILD.gn index 905cf9753..6730263a5 100644 --- a/frameworks/accesstoken/BUILD.gn +++ b/frameworks/accesstoken/BUILD.gn @@ -55,11 +55,11 @@ ohos_shared_library("accesstoken_communication_adapter_cxx") { "src/hap_token_info_for_sync_parcel.cpp", "src/hap_token_info_parcel.cpp", "src/native_token_info_parcel.cpp", + "src/perm_state_change_scope_parcel.cpp", "src/permission_def_parcel.cpp", "src/permission_grant_info_parcel.cpp", "src/permission_list_state_parcel.cpp", "src/permission_state_change_info_parcel.cpp", - "src/permission_state_change_scope_parcel.cpp", "src/permission_status_parcel.cpp", ] diff --git a/frameworks/accesstoken/include/i_accesstoken_manager.h b/frameworks/accesstoken/include/i_accesstoken_manager.h deleted file mode 100644 index 22709473a..000000000 --- a/frameworks/accesstoken/include/i_accesstoken_manager.h +++ /dev/null @@ -1,126 +0,0 @@ -/* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef I_ACCESSTOKEN_MANAGER_H -#define I_ACCESSTOKEN_MANAGER_H - -#include -#include - -#include "access_token.h" -#include "accesstoken_service_ipc_interface_code.h" -#include "atm_tools_param_info_parcel.h" -#include "errors.h" -#include "hap_base_info_parcel.h" -#include "hap_info_parcel.h" -#include "hap_policy_parcel.h" -#include "hap_token_info_for_sync_parcel.h" -#include "hap_token_info_parcel.h" -#include "iremote_broker.h" -#include "i_permission_state_callback.h" -#include "native_token_info_parcel.h" -#include "permission_def_parcel.h" -#include "permission_grant_info_parcel.h" -#include "permission_list_state_parcel.h" -#include "permission_status_parcel.h" -#include "permission_state_change_scope_parcel.h" -#include "system_ability_definition.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -class IAccessTokenManager : public IRemoteBroker { -public: - static const int SA_ID_ACCESSTOKEN_MANAGER_SERVICE = ACCESS_TOKEN_MANAGER_SERVICE_ID; - - DECLARE_INTERFACE_DESCRIPTOR(u"ohos.security.accesstoken.IAccessTokenManager"); - - virtual PermUsedTypeEnum GetPermissionUsedType( - AccessTokenID tokenID, const std::string& permissionName) = 0; - virtual int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) = 0; - virtual int VerifyAccessToken(AccessTokenID tokenID, - const std::vector& permissionList, std::vector& permStateList) = 0; - virtual int GetDefPermission(const std::string& permissionName, PermissionDefParcel& permissionDefResult) = 0; - virtual int GetReqPermissions( - AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) = 0; - virtual int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag) = 0; - virtual int32_t SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status, - int32_t userID = 0) = 0; - virtual int32_t GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status, - int32_t userID = 0) = 0; - virtual int32_t RequestAppPermOnSetting(AccessTokenID tokenID) = 0; - virtual PermissionOper GetSelfPermissionsState(std::vector& permListParcel, - PermissionGrantInfoParcel& infoParcel) = 0; - virtual int32_t GetPermissionsStatus( - AccessTokenID tokenID, std::vector& permListParcel) = 0; - virtual int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) = 0; - virtual int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) = 0; - virtual int GrantPermissionForSpecifiedTime( - AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime) = 0; - virtual int ClearUserGrantedPermissionState(AccessTokenID tokenID) = 0; - virtual AccessTokenIDEx AllocHapToken(const HapInfoParcel& hapInfo, const HapPolicyParcel& policyParcel) = 0; - virtual int32_t InitHapToken(const HapInfoParcel& info, HapPolicyParcel& policy, - AccessTokenIDEx& fullTokenId, HapInfoCheckResult& result) = 0; - virtual int DeleteToken(AccessTokenID tokenID) = 0; - virtual int GetTokenType(AccessTokenID tokenID) = 0; - virtual AccessTokenIDEx GetHapTokenID(int32_t userID, const std::string& bundleName, int32_t instIndex) = 0; - virtual AccessTokenID AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID) = 0; - virtual int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoParcel& nativeTokenInfoRes) = 0; - virtual int32_t GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenIdList) = 0; - virtual int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfoParcel& hapTokenInfoRes) = 0; - virtual int32_t UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, - const HapPolicyParcel& policyParcel, HapInfoCheckResult& result) = 0; - virtual int32_t RegisterPermStateChangeCallback( - const PermStateChangeScopeParcel& scope, const sptr& callback) = 0; - virtual int32_t UnRegisterPermStateChangeCallback(const sptr& callback) = 0; - virtual int32_t RegisterSelfPermStateChangeCallback(const PermStateChangeScopeParcel& scope, - const sptr& callback) = 0; - virtual int32_t UnRegisterSelfPermStateChangeCallback(const sptr& callback) = 0; -#ifndef ATM_BUILD_VARIANT_USER_ENABLE - virtual int32_t ReloadNativeTokenInfo() = 0; -#endif - virtual int GetHapTokenInfoExtension(AccessTokenID tokenID, - HapTokenInfoParcel& hapTokenInfoRes, std::string& appID) = 0; - virtual AccessTokenID GetNativeTokenId(const std::string& processName) = 0; - -#ifdef TOKEN_SYNC_ENABLE - virtual int GetHapTokenInfoFromRemote(AccessTokenID tokenID, - HapTokenInfoForSyncParcel& hapSyncParcel) = 0; - virtual int SetRemoteHapTokenInfo(const std::string& deviceID, - HapTokenInfoForSyncParcel& hapSyncParcel) = 0; - virtual int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) = 0; - virtual AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID) = 0; - virtual int DeleteRemoteDeviceTokens(const std::string& deviceID) = 0; - virtual int32_t RegisterTokenSyncCallback(const sptr& callback) = 0; - virtual int32_t UnRegisterTokenSyncCallback() = 0; -#endif - virtual int32_t GetKernelPermissions( - AccessTokenID tokenId, std::vector& kernelPermList) = 0; - virtual int32_t GetReqPermissionByName( - AccessTokenID tokenId, const std::string& permissionName, std::string& value) = 0; - virtual int SetPermDialogCap(const HapBaseInfoParcel& hapBaseInfoParcel, bool enable) = 0; - virtual int32_t InitUserPolicy( - const std::vector& userList, const std::vector& permList) = 0; - virtual int32_t UpdateUserPolicy(const std::vector& userList) = 0; - virtual int32_t ClearUserPolicy() = 0; - virtual void DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& tokenInfo) = 0; - virtual int32_t GetVersion(uint32_t& version) = 0; - virtual void GetPermissionManagerInfo(PermissionGrantInfoParcel& infoParcel) = 0; -}; -} // namespace AccessToken -} // namespace Security -} // namespace OHOS - -#endif // I_ACCESSTOKEN_MANAGER_H diff --git a/frameworks/accesstoken/include/permission_state_change_scope_parcel.h b/frameworks/accesstoken/include/perm_state_change_scope_parcel.h similarity index 95% rename from frameworks/accesstoken/include/permission_state_change_scope_parcel.h rename to frameworks/accesstoken/include/perm_state_change_scope_parcel.h index e1988a8f2..b6807c499 100644 --- a/frameworks/accesstoken/include/permission_state_change_scope_parcel.h +++ b/frameworks/accesstoken/include/perm_state_change_scope_parcel.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at diff --git a/frameworks/accesstoken/src/permission_state_change_scope_parcel.cpp b/frameworks/accesstoken/src/perm_state_change_scope_parcel.cpp similarity index 96% rename from frameworks/accesstoken/src/permission_state_change_scope_parcel.cpp rename to frameworks/accesstoken/src/perm_state_change_scope_parcel.cpp index 8555df353..1d7345cd5 100644 --- a/frameworks/accesstoken/src/permission_state_change_scope_parcel.cpp +++ b/frameworks/accesstoken/src/perm_state_change_scope_parcel.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -13,7 +13,7 @@ * limitations under the License. */ -#include "permission_state_change_scope_parcel.h" +#include "perm_state_change_scope_parcel.h" #include "parcel_utils.h" namespace OHOS { diff --git a/frameworks/test/unittest/accesstoken_parcel_test.cpp b/frameworks/test/unittest/accesstoken_parcel_test.cpp index ebafe0eb7..aae920356 100644 --- a/frameworks/test/unittest/accesstoken_parcel_test.cpp +++ b/frameworks/test/unittest/accesstoken_parcel_test.cpp @@ -27,7 +27,7 @@ #include "parcel.h" #include "parcel_utils.h" #include "permission_grant_info_parcel.h" -#include "permission_state_change_scope_parcel.h" +#include "perm_state_change_scope_parcel.h" #include "permission_state_change_info_parcel.h" #include "permission_status_parcel.h" diff --git a/interfaces/innerkits/accesstoken/BUILD.gn b/interfaces/innerkits/accesstoken/BUILD.gn index 72f24f1d6..21fdd24ff 100644 --- a/interfaces/innerkits/accesstoken/BUILD.gn +++ b/interfaces/innerkits/accesstoken/BUILD.gn @@ -41,7 +41,10 @@ if (is_standard_system) { output_name = "libaccesstoken_sdk" - public_configs = [ ":accesstoken" ] + public_configs = [ + ":accesstoken", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] include_dirs = [ "${access_token_path}/frameworks/accesstoken/include", @@ -55,7 +58,6 @@ if (is_standard_system) { "src/accesstoken_death_recipient.cpp", "src/accesstoken_kit.cpp", "src/accesstoken_manager_client.cpp", - "src/accesstoken_manager_proxy.cpp", "src/perm_state_change_callback_customize.cpp", ] @@ -63,6 +65,7 @@ if (is_standard_system) { "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", "${access_token_path}/frameworks/common:accesstoken_common_cxx", "${access_token_path}/interfaces/innerkits/token_setproc:libperm_setproc", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_proxy", ] external_deps = [ diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp index 2f7a6df29..e2d5ac4dd 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. + * Copyright (c) 2021-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -15,16 +15,18 @@ #include "accesstoken_manager_client.h" -#include "accesstoken_common_log.h" #include "access_token_error.h" -#include "accesstoken_manager_proxy.h" +#include "access_token_manager_proxy.h" +#include "accesstoken_callbacks.h" +#include "accesstoken_common_log.h" #include "atm_tools_param_info_parcel.h" #include "hap_token_info.h" #include "hap_token_info_for_sync_parcel.h" +#include "idl_common.h" #include "iservice_registry.h" #include "parameter.h" +#include "perm_state_change_scope_parcel.h" #include "permission_grant_info_parcel.h" -#include "accesstoken_callbacks.h" namespace OHOS { namespace Security { @@ -33,6 +35,11 @@ namespace { static constexpr int32_t VALUE_MAX_LEN = 32; static const char* ACCESS_TOKEN_SERVICE_INIT_KEY = "accesstoken.permission.init"; std::recursive_mutex g_instanceMutex; +static const int32_t SA_ID_ACCESSTOKEN_MANAGER_SERVICE = 3503; +static const int MAX_PERMISSION_SIZE = 1000; +static const int32_t MAX_USER_POLICY_SIZE = 1024; +static const int32_t MAX_EXTENDED_VALUE_LIST_SIZE = 512; +const size_t NUMBER_TWO = 2; } // namespace static const uint32_t MAX_CALLBACK_MAP_SIZE = 200; @@ -59,6 +66,21 @@ AccessTokenManagerClient::~AccessTokenManagerClient() ReleaseProxy(); } +static int32_t ConvertResult(int32_t ret) +{ + switch (ret) { + case ERR_INVALID_DATA: + ret = ERR_WRITE_PARCEL_FAILED; + break; + case ERR_TRANSACTION_FAILED: + ret = ERR_SERVICE_ABNORMAL; + break; + default: + return ret; + } + return ret; +} + PermUsedTypeEnum AccessTokenManagerClient::GetPermissionUsedType( AccessTokenID tokenID, const std::string &permissionName) { @@ -67,14 +89,28 @@ PermUsedTypeEnum AccessTokenManagerClient::GetPermissionUsedType( LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null."); return PermUsedTypeEnum::INVALID_USED_TYPE; } - return proxy->GetPermissionUsedType(tokenID, permissionName); + int32_t permUsedType; + int32_t errCode = proxy->GetPermissionUsedType(tokenID, permissionName, permUsedType); + if (errCode != RET_SUCCESS) { + errCode = ConvertResult(errCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + return PermUsedTypeEnum::INVALID_USED_TYPE; + } + PermUsedTypeEnum result = static_cast(permUsedType); + return result; } int AccessTokenManagerClient::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) { auto proxy = GetProxy(); if (proxy != nullptr) { - return proxy->VerifyAccessToken(tokenID, permissionName); + int32_t errCode = proxy->VerifyAccessToken(tokenID, permissionName); + if (errCode != RET_SUCCESS) { + errCode = ConvertResult(errCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + return PERMISSION_DENIED; + } + return errCode; } char value[VALUE_MAX_LEN] = {0}; int32_t ret = GetParameter(ACCESS_TOKEN_SERVICE_INIT_KEY, "", value, VALUE_MAX_LEN - 1); @@ -99,7 +135,12 @@ int AccessTokenManagerClient::VerifyAccessToken(AccessTokenID tokenID, LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->VerifyAccessToken(tokenID, permissionList, permStateList); + int32_t errCode = proxy->VerifyAccessToken(tokenID, permissionList, permStateList); + if (errCode != RET_SUCCESS) { + errCode = ConvertResult(errCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + } + return errCode; } int AccessTokenManagerClient::GetDefPermission( @@ -113,6 +154,10 @@ int AccessTokenManagerClient::GetDefPermission( PermissionDefParcel permissionDefParcel; int result = proxy->GetDefPermission(permissionName, permissionDefParcel); permissionDefResult = permissionDefParcel.permissionDef; + if (result != RET_SUCCESS) { + result = ConvertResult(result); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", result); + } return result; } @@ -126,6 +171,18 @@ int AccessTokenManagerClient::GetReqPermissions( } std::vector parcelList; int result = proxy->GetReqPermissions(tokenID, parcelList, isSystemGrant); + if (result != RET_SUCCESS) { + result = ConvertResult(result); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", result); + return result; + } + + uint32_t reqPermSize = parcelList.size(); + if (reqPermSize > MAX_PERMISSION_SIZE) { + LOGE(ATM_DOMAIN, ATM_TAG, "Size(%{public}u) is oversize.", reqPermSize); + return ERR_OVERSIZE; + } + for (const auto& permParcel : parcelList) { PermissionStateFull perm; perm.permissionName = permParcel.permState.permissionName; @@ -146,7 +203,12 @@ int AccessTokenManagerClient::GetPermissionFlag( LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->GetPermissionFlag(tokenID, permissionName, flag); + int32_t result = proxy->GetPermissionFlag(tokenID, permissionName, flag); + if (result != RET_SUCCESS) { + result = ConvertResult(result); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d, flag=%{public}d).", result, flag); + return result; } PermissionOper AccessTokenManagerClient::GetSelfPermissionsState(std::vector& permList, @@ -172,16 +234,33 @@ PermissionOper AccessTokenManagerClient::GetSelfPermissionsState(std::vectorGetSelfPermissionsState(parcelList, infoParcel); + int32_t permOper; + int32_t errCode = proxy->GetSelfPermissionsState(parcelList, infoParcel, permOper); + if (errCode != RET_SUCCESS) { + errCode = ConvertResult(errCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + return INVALID_OPER; + } + + size_t size = parcelList.size(); + if (size != (len * NUMBER_TWO)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Size(%{public}zu) from server is not equal inputSize(%{public}zu)!", + size, len); + return INVALID_OPER; + } + if (size > MAX_PERMISSION_SIZE) { + LOGE(ATM_DOMAIN, ATM_TAG, "Size(%{public}zu) is oversize.", size); + return INVALID_OPER; + } for (uint32_t i = 0; i < len; i++) { - PermissionListState perm = parcelList[i].permsState; + PermissionListState perm = parcelList[i + len].permsState; permList[i].state = perm.state; permList[i].errorReason = perm.errorReason; } info = infoParcel.info; - return result; + return static_cast(permOper); } int32_t AccessTokenManagerClient::GetPermissionsStatus( @@ -208,10 +287,20 @@ int32_t AccessTokenManagerClient::GetPermissionsStatus( } int32_t result = proxy->GetPermissionsStatus(tokenID, parcelList); if (result != RET_SUCCESS) { + result = ConvertResult(result); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", result); return result; } + + size_t size = parcelList.size(); + if (size != (len * NUMBER_TWO)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Size(%{public}zu) from server is not equal inputSize(%{public}zu)!", + size, len); + return ERR_SIZE_NOT_EQUAL; + } + for (uint32_t i = 0; i < len; i++) { - PermissionListState perm = parcelList[i].permsState; + PermissionListState perm = parcelList[i + len].permsState; permList[i].state = perm.state; } @@ -225,7 +314,12 @@ int AccessTokenManagerClient::GrantPermission(AccessTokenID tokenID, const std:: LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->GrantPermission(tokenID, permissionName, flag); + int32_t result = proxy->GrantPermission(tokenID, permissionName, flag); + if (result != RET_SUCCESS) { + result = ConvertResult(result); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); + return result; } int AccessTokenManagerClient::RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) @@ -235,7 +329,12 @@ int AccessTokenManagerClient::RevokePermission(AccessTokenID tokenID, const std: LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->RevokePermission(tokenID, permissionName, flag); + int32_t result = proxy->RevokePermission(tokenID, permissionName, flag); + if (result != RET_SUCCESS) { + result = ConvertResult(result); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); + return result; } int AccessTokenManagerClient::GrantPermissionForSpecifiedTime( @@ -246,7 +345,12 @@ int AccessTokenManagerClient::GrantPermissionForSpecifiedTime( LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->GrantPermissionForSpecifiedTime(tokenID, permissionName, onceTime); + int32_t result = proxy->GrantPermissionForSpecifiedTime(tokenID, permissionName, onceTime); + if (result != RET_SUCCESS) { + result = ConvertResult(result); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); + return result; } int AccessTokenManagerClient::ClearUserGrantedPermissionState(AccessTokenID tokenID) @@ -256,7 +360,12 @@ int AccessTokenManagerClient::ClearUserGrantedPermissionState(AccessTokenID toke LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->ClearUserGrantedPermissionState(tokenID); + int32_t result = proxy->ClearUserGrantedPermissionState(tokenID); + if (result != RET_SUCCESS) { + result = ConvertResult(result); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); + return result; } int32_t AccessTokenManagerClient::SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status, @@ -267,7 +376,12 @@ int32_t AccessTokenManagerClient::SetPermissionRequestToggleStatus(const std::st LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null."); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->SetPermissionRequestToggleStatus(permissionName, status, userID); + int32_t result = proxy->SetPermissionRequestToggleStatus(permissionName, status, userID); + if (result != RET_SUCCESS) { + result = ConvertResult(result); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); + return result; } int32_t AccessTokenManagerClient::GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status, @@ -278,7 +392,12 @@ int32_t AccessTokenManagerClient::GetPermissionRequestToggleStatus(const std::st LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null."); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->GetPermissionRequestToggleStatus(permissionName, status, userID); + int32_t result = proxy->GetPermissionRequestToggleStatus(permissionName, status, userID); + if (result != RET_SUCCESS) { + result = ConvertResult(result); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d, status=%{public}d).", result, status); + return result; } int32_t AccessTokenManagerClient::RequestAppPermOnSetting(AccessTokenID tokenID) @@ -288,7 +407,12 @@ int32_t AccessTokenManagerClient::RequestAppPermOnSetting(AccessTokenID tokenID) LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null."); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->RequestAppPermOnSetting(tokenID); + int32_t result = proxy->RequestAppPermOnSetting(tokenID); + if (result != RET_SUCCESS) { + result = ConvertResult(result); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); + return result; } int32_t AccessTokenManagerClient::CreatePermStateChangeCallback( @@ -358,6 +482,10 @@ int32_t AccessTokenManagerClient::RegisterPermStateChangeCallback( std::lock_guard lock(callbackMutex_); callbackMap_[customizedCb] = callback; } + if (result != RET_SUCCESS) { + result = ConvertResult(result); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); return result; } @@ -385,6 +513,10 @@ int32_t AccessTokenManagerClient::UnRegisterPermStateChangeCallback( if (result == RET_SUCCESS) { callbackMap_.erase(goalCallback); } + if (result != RET_SUCCESS) { + result = ConvertResult(result); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); return result; } @@ -401,7 +533,16 @@ AccessTokenIDEx AccessTokenManagerClient::AllocHapToken(const HapInfoParams& inf hapInfoParcel.hapInfoParameter = info; hapPolicyParcel.hapPolicy = policy; - return proxy->AllocHapToken(hapInfoParcel, hapPolicyParcel); + uint64_t fullTokenId; + int32_t errCode = proxy->AllocHapToken(hapInfoParcel, hapPolicyParcel, fullTokenId); + if (errCode != RET_SUCCESS) { + errCode = ConvertResult(errCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + return tokenIdEx; + } + tokenIdEx.tokenIDEx = fullTokenId; + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (id=%{public}llu).", tokenIdEx.tokenIDEx); + return tokenIdEx; } int32_t AccessTokenManagerClient::InitHapToken(const HapInfoParams& info, HapPolicy& policy, @@ -417,7 +558,24 @@ int32_t AccessTokenManagerClient::InitHapToken(const HapInfoParams& info, HapPol hapInfoParcel.hapInfoParameter = info; hapPolicyParcel.hapPolicy = policy; - return proxy->InitHapToken(hapInfoParcel, hapPolicyParcel, fullTokenId, result); + HapInfoCheckResultIdl resultInfoIdl; + uint64_t fullToken = 0; + int32_t res = proxy->InitHapToken(hapInfoParcel, hapPolicyParcel, fullToken, resultInfoIdl); + if (fullToken == 0 && res == RET_SUCCESS) { + res = AccessTokenError::ERR_PERM_REQUEST_CFG_FAILED; + PermissionInfoCheckResult permCheckResult; + permCheckResult.permissionName = resultInfoIdl.permissionName; + int32_t rule = static_cast(resultInfoIdl.rule); + permCheckResult.rule = static_cast(rule); + result.permCheckResult = permCheckResult; + } + fullTokenId.tokenIDEx = fullToken; + if (res != RET_SUCCESS) { + res = ConvertResult(res); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d, id=%{public}llu).", + res, fullTokenId.tokenIDEx); + return res; } int AccessTokenManagerClient::DeleteToken(AccessTokenID tokenID) @@ -427,7 +585,12 @@ int AccessTokenManagerClient::DeleteToken(AccessTokenID tokenID) LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->DeleteToken(tokenID); + int32_t result = proxy->DeleteToken(tokenID); + if (result != RET_SUCCESS) { + result = ConvertResult(result); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d, id=%{public}u).", result, tokenID); + return result; } ATokenTypeEnum AccessTokenManagerClient::GetTokenType(AccessTokenID tokenID) @@ -437,7 +600,13 @@ ATokenTypeEnum AccessTokenManagerClient::GetTokenType(AccessTokenID tokenID) LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return TOKEN_INVALID; } - return static_cast(proxy->GetTokenType(tokenID)); + int32_t tokenType = static_cast(TOKEN_INVALID); + int32_t result = proxy->GetTokenType(tokenID, tokenType); + if (result != RET_SUCCESS) { + result = ConvertResult(result); + LOGE(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); + } + return static_cast(tokenType); } AccessTokenIDEx AccessTokenManagerClient::GetHapTokenID( @@ -449,7 +618,15 @@ AccessTokenIDEx AccessTokenManagerClient::GetHapTokenID( LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return result; } - return proxy->GetHapTokenID(userID, bundleName, instIndex); + uint64_t fullTokenId; + int32_t errCode = proxy->GetHapTokenID(userID, bundleName, instIndex, fullTokenId); + if (errCode != RET_SUCCESS) { + errCode = ConvertResult(errCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + return result; + } + result.tokenIDEx = fullTokenId; + return result; } AccessTokenID AccessTokenManagerClient::AllocLocalTokenID( @@ -460,7 +637,15 @@ AccessTokenID AccessTokenManagerClient::AllocLocalTokenID( LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return INVALID_TOKENID; } - return proxy->AllocLocalTokenID(remoteDeviceID, remoteTokenID); + uint32_t tokenId; + int32_t errCode = proxy->AllocLocalTokenID(remoteDeviceID, remoteTokenID, tokenId); + if (errCode != RET_SUCCESS) { + errCode = ConvertResult(errCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + return INVALID_TOKENID; + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (id=%{public}d).", tokenId); + return tokenId; } int32_t AccessTokenManagerClient::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, @@ -473,7 +658,28 @@ int32_t AccessTokenManagerClient::UpdateHapToken(AccessTokenIDEx& tokenIdEx, con } HapPolicyParcel hapPolicyParcel; hapPolicyParcel.hapPolicy = policy; - return proxy->UpdateHapToken(tokenIdEx, info, hapPolicyParcel, result); + UpdateHapInfoParamsIdl infoIdl; + infoIdl.appIDDesc = info.appIDDesc; + infoIdl.apiVersion = info.apiVersion; + infoIdl.isSystemApp = info.isSystemApp; + infoIdl.appDistributionType = info.appDistributionType; + HapInfoCheckResultIdl resultInfoIdl; + uint64_t fullTokenId = tokenIdEx.tokenIDEx; + int32_t res = proxy->UpdateHapToken(fullTokenId, infoIdl, hapPolicyParcel, resultInfoIdl); + tokenIdEx.tokenIDEx = fullTokenId; + if (res == RET_SUCCESS && resultInfoIdl.realResult != RET_SUCCESS) { + res = AccessTokenError::ERR_PERM_REQUEST_CFG_FAILED; + PermissionInfoCheckResult permCheckResult; + permCheckResult.permissionName = resultInfoIdl.permissionName; + int32_t rule = static_cast(resultInfoIdl.rule); + permCheckResult.rule = static_cast(rule); + result.permCheckResult = permCheckResult; + } + if (res != RET_SUCCESS) { + res = ConvertResult(res); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", res); + return res; } int32_t AccessTokenManagerClient::GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenIdList) @@ -483,7 +689,15 @@ int32_t AccessTokenManagerClient::GetTokenIDByUserID(int32_t userID, std::unorde LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->GetTokenIDByUserID(userID, tokenIdList); + std::vector tokenIds; + auto result = proxy->GetTokenIDByUserID(userID, tokenIds); + if (result != RET_SUCCESS) { + result = ConvertResult(result); + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); + return result; + } + std::copy(tokenIds.begin(), tokenIds.end(), std::inserter(tokenIdList, tokenIdList.begin())); + return result; } int AccessTokenManagerClient::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& hapTokenInfoRes) @@ -495,6 +709,11 @@ int AccessTokenManagerClient::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInf } HapTokenInfoParcel hapTokenInfoParcel; int res = proxy->GetHapTokenInfo(tokenID, hapTokenInfoParcel); + if (res != RET_SUCCESS) { + res = ConvertResult(res); + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", res); + return res; + } hapTokenInfoRes = hapTokenInfoParcel.hapTokenInfoParams; return res; @@ -509,6 +728,11 @@ int AccessTokenManagerClient::GetNativeTokenInfo(AccessTokenID tokenID, NativeTo } NativeTokenInfoParcel nativeTokenInfoParcel; int res = proxy->GetNativeTokenInfo(tokenID, nativeTokenInfoParcel); + if (res != RET_SUCCESS) { + res = ConvertResult(res); + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", res); + return res; + } nativeTokenInfoRes = nativeTokenInfoParcel.nativeTokenInfoParams; return res; } @@ -521,7 +745,13 @@ int32_t AccessTokenManagerClient::ReloadNativeTokenInfo() LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->ReloadNativeTokenInfo(); + int32_t res = proxy->ReloadNativeTokenInfo(); + if (res != RET_SUCCESS) { + res = ConvertResult(res); + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", res); + return res; + } + return res; } #endif @@ -535,6 +765,11 @@ int AccessTokenManagerClient::GetHapTokenInfoExtension(AccessTokenID tokenID, Ha HapTokenInfoParcel hapTokenInfoParcel; int res = proxy->GetHapTokenInfoExtension(tokenID, hapTokenInfoParcel, info.appID); + if (res != RET_SUCCESS) { + res = ConvertResult(res); + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", res); + return res; + } info.baseInfo = hapTokenInfoParcel.hapTokenInfoParams; return res; } @@ -546,7 +781,14 @@ AccessTokenID AccessTokenManagerClient::GetNativeTokenId(const std::string& proc LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return INVALID_TOKENID; } - return proxy->GetNativeTokenId(processName); + uint32_t tokenID; + ErrCode errCode = proxy->GetNativeTokenId(processName, tokenID); + if (errCode != RET_SUCCESS) { + errCode = ConvertResult(errCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + return INVALID_TOKENID; + } + return tokenID; } #ifdef TOKEN_SYNC_ENABLE @@ -560,6 +802,11 @@ int AccessTokenManagerClient::GetHapTokenInfoFromRemote(AccessTokenID tokenID, H HapTokenInfoForSyncParcel hapSyncParcel; int res = proxy->GetHapTokenInfoFromRemote(tokenID, hapSyncParcel); + if (res != RET_SUCCESS) { + res = ConvertResult(res); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", res); + return res; + } hapSync = hapSyncParcel.hapTokenInfoForSyncParams; return res; } @@ -576,6 +823,10 @@ int AccessTokenManagerClient::SetRemoteHapTokenInfo(const std::string& deviceID, hapSyncParcel.hapTokenInfoForSyncParams = hapSync; int res = proxy->SetRemoteHapTokenInfo(deviceID, hapSyncParcel); + if (res != RET_SUCCESS) { + res = ConvertResult(res); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", res); return res; } @@ -588,6 +839,10 @@ int AccessTokenManagerClient::DeleteRemoteToken(const std::string& deviceID, Acc } int res = proxy->DeleteRemoteToken(deviceID, tokenID); + if (res != RET_SUCCESS) { + res = ConvertResult(res); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", res); return res; } @@ -599,8 +854,15 @@ AccessTokenID AccessTokenManagerClient::GetRemoteNativeTokenID(const std::string return INVALID_TOKENID; } - AccessTokenID res = proxy->GetRemoteNativeTokenID(deviceID, tokenID); - return res; + uint32_t tokenId; + ErrCode errCode = proxy->GetRemoteNativeTokenID(deviceID, tokenID, tokenId); + if (errCode != RET_SUCCESS) { + errCode = ConvertResult(errCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + return INVALID_TOKENID; + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (id=%{public}d).", tokenId); + return tokenId; } int AccessTokenManagerClient::DeleteRemoteDeviceTokens(const std::string& deviceID) @@ -612,6 +874,10 @@ int AccessTokenManagerClient::DeleteRemoteDeviceTokens(const std::string& device } int res = proxy->DeleteRemoteDeviceTokens(deviceID); + if (res != RET_SUCCESS) { + res = ConvertResult(res); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", res); return res; } @@ -637,6 +903,10 @@ int32_t AccessTokenManagerClient::RegisterTokenSyncCallback( tokenSyncCallback_ = callback; syncCallbackImpl_ = syncCallback; } + if (res != RET_SUCCESS) { + res = ConvertResult(res); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", res); return res; } @@ -653,6 +923,10 @@ int32_t AccessTokenManagerClient::UnRegisterTokenSyncCallback() tokenSyncCallback_ = nullptr; syncCallbackImpl_ = nullptr; } + if (res != RET_SUCCESS) { + res = ConvertResult(res); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", res); return res; } #endif @@ -667,7 +941,11 @@ void AccessTokenManagerClient::DumpTokenInfo(const AtmToolsParamInfo& info, std: AtmToolsParamInfoParcel infoParcel; infoParcel.info = info; - proxy->DumpTokenInfo(infoParcel, dumpInfo); + int32_t errCode = proxy->DumpTokenInfo(infoParcel, dumpInfo); + if (errCode != RET_SUCCESS) { + errCode = ConvertResult(errCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + } } int32_t AccessTokenManagerClient::GetVersion(uint32_t& version) @@ -678,7 +956,12 @@ int32_t AccessTokenManagerClient::GetVersion(uint32_t& version) return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->GetVersion(version); + int32_t errCode = proxy->GetVersion(version); + if (errCode != RET_SUCCESS) { + errCode = ConvertResult(errCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + } + return errCode; } void AccessTokenManagerClient::InitProxy() @@ -690,10 +973,10 @@ void AccessTokenManagerClient::InitProxy() return; } sptr accesstokenSa = - sam->GetSystemAbility(IAccessTokenManager::SA_ID_ACCESSTOKEN_MANAGER_SERVICE); + sam->GetSystemAbility(SA_ID_ACCESSTOKEN_MANAGER_SERVICE); if (accesstokenSa == nullptr) { LOGE(ATM_DOMAIN, ATM_TAG, "GetSystemAbility %{public}d is null", - IAccessTokenManager::SA_ID_ACCESSTOKEN_MANAGER_SERVICE); + SA_ID_ACCESSTOKEN_MANAGER_SERVICE); return; } @@ -741,7 +1024,12 @@ int32_t AccessTokenManagerClient::SetPermDialogCap(const HapBaseInfo& hapBaseInf } HapBaseInfoParcel hapBaseInfoParcel; hapBaseInfoParcel.hapBaseInfo = hapBaseInfo; - return proxy->SetPermDialogCap(hapBaseInfoParcel, enable); + int32_t errCode = proxy->SetPermDialogCap(hapBaseInfoParcel, enable); + if (errCode != RET_SUCCESS) { + errCode = ConvertResult(errCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + } + return errCode; } void AccessTokenManagerClient::GetPermissionManagerInfo(PermissionGrantInfo& info) @@ -752,7 +1040,12 @@ void AccessTokenManagerClient::GetPermissionManagerInfo(PermissionGrantInfo& inf return; } PermissionGrantInfoParcel infoParcel; - proxy->GetPermissionManagerInfo(infoParcel); + int32_t errorCode = proxy->GetPermissionManagerInfo(infoParcel); + if (errorCode != RET_SUCCESS) { + errorCode = ConvertResult(errorCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errorCode); + return; + } info = infoParcel.info; } @@ -764,7 +1057,27 @@ int32_t AccessTokenManagerClient::InitUserPolicy( LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->InitUserPolicy(userList, permList); + + size_t userLen = userList.size(); + size_t permLen = permList.size(); + if ((userLen == 0) || (userLen > MAX_USER_POLICY_SIZE) || (permLen == 0) || (permLen > MAX_USER_POLICY_SIZE)) { + LOGE(ATM_DOMAIN, ATM_TAG, "UserLen %{public}zu or permLen %{public}zu is invalid", userLen, permLen); + return AccessTokenError::ERR_PARAM_INVALID; + } + + std::vector userIdlList; + for (const auto& userSate : userList) { + UserStateIdl userIdl; + userIdl.userId = userSate.userId; + userIdl.isActive = userSate.isActive; + userIdlList.emplace_back(userIdl); + } + int32_t errCode = proxy->InitUserPolicy(userIdlList, permList); + if (errCode != RET_SUCCESS) { + errCode = ConvertResult(errCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + } + return errCode; } int32_t AccessTokenManagerClient::ClearUserPolicy() @@ -774,7 +1087,12 @@ int32_t AccessTokenManagerClient::ClearUserPolicy() LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->ClearUserPolicy(); + int32_t errCode = proxy->ClearUserPolicy(); + if (errCode != RET_SUCCESS) { + errCode = ConvertResult(errCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + } + return errCode; } int32_t AccessTokenManagerClient::UpdateUserPolicy(const std::vector& userList) @@ -784,7 +1102,26 @@ int32_t AccessTokenManagerClient::UpdateUserPolicy(const std::vector& LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->UpdateUserPolicy(userList); + + size_t userLen = userList.size(); + if ((userLen == 0) || (userLen > MAX_USER_POLICY_SIZE)) { + LOGE(ATM_DOMAIN, ATM_TAG, "UserLen %{public}zu is invalid.", userLen); + return AccessTokenError::ERR_PARAM_INVALID; + } + + std::vector userIdlList; + for (const auto& userSate : userList) { + UserStateIdl userIdl; + userIdl.userId = userSate.userId; + userIdl.isActive = userSate.isActive; + userIdlList.emplace_back(userIdl); + } + int32_t errCode = proxy->UpdateUserPolicy(userIdlList); + if (errCode != RET_SUCCESS) { + errCode = ConvertResult(errCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + } + return errCode; } void AccessTokenManagerClient::ReleaseProxy() @@ -804,7 +1141,29 @@ int32_t AccessTokenManagerClient::GetKernelPermissions( LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->GetKernelPermissions(tokenId, kernelPermList); + std::vector kernelPermIdlList; + int32_t errCode = proxy->GetKernelPermissions(tokenId, kernelPermIdlList); + if (errCode != RET_SUCCESS) { + errCode = ConvertResult(errCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + return errCode; + } + + if (kernelPermIdlList.size() > MAX_EXTENDED_VALUE_LIST_SIZE) { + return AccessTokenError::ERR_OVERSIZE; + } + + for (const auto& item : kernelPermIdlList) { + PermissionWithValue tmp; + tmp.permissionName = item.permissionName; + tmp.value = item.value; + if (tmp.value == "true") { + tmp.value.clear(); + } + kernelPermList.emplace_back(tmp); + } + + return errCode; } int32_t AccessTokenManagerClient::GetReqPermissionByName( @@ -815,7 +1174,12 @@ int32_t AccessTokenManagerClient::GetReqPermissionByName( LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->GetReqPermissionByName(tokenId, permissionName, value); + int32_t errCode = proxy->GetReqPermissionByName(tokenId, permissionName, value); + if (errCode != RET_SUCCESS) { + errCode = ConvertResult(errCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + } + return errCode; } } // namespace AccessToken } // namespace Security diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h index b5a4d0984..df0ed5815 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. + * Copyright (c) 2021-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -19,6 +19,7 @@ #include #include #include +#include #include #include "access_token.h" @@ -28,7 +29,7 @@ #include "hap_info_parcel.h" #include "hap_policy_parcel.h" #include "hap_token_info.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" #include "nocopyable.h" #include "permission_def.h" #include "permission_grant_info.h" diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp deleted file mode 100644 index 767678b54..000000000 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp +++ /dev/null @@ -1,1578 +0,0 @@ -/* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "accesstoken_manager_proxy.h" - -#include "accesstoken_log.h" -#include "accesstoken_common_log.h" -#include "access_token_error.h" - -#include "parcel.h" -#include "string_ex.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "ATMProxy"}; -static const int MAX_PERMISSION_SIZE = 1000; -static const int32_t MAX_USER_POLICY_SIZE = 1024; -static const int32_t MAX_EXTENDED_VALUE_LIST_SIZE = 512; -} - -AccessTokenManagerProxy::AccessTokenManagerProxy(const sptr& impl) - : IRemoteProxy(impl) { -} - -AccessTokenManagerProxy::~AccessTokenManagerProxy() -{} - -bool AccessTokenManagerProxy::SendRequest( - AccessTokenInterfaceCode code, MessageParcel& data, MessageParcel& reply) -{ - MessageOption option(MessageOption::TF_SYNC); - - sptr remote = Remote(); - if (remote == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Code: %{public}d remote service null.", code); - return false; - } - int32_t requestResult = remote->SendRequest( - static_cast(code), data, reply, option); - if (requestResult != NO_ERROR) { - LOGE(ATM_DOMAIN, ATM_TAG, "Code: %{public}d request fail, result: %{public}d", code, requestResult); - return false; - } - return true; -} - -PermUsedTypeEnum AccessTokenManagerProxy::GetPermissionUsedType( - AccessTokenID tokenID, const std::string &permissionName) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return PermUsedTypeEnum::INVALID_USED_TYPE; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return PermUsedTypeEnum::INVALID_USED_TYPE; - } - if (!data.WriteString(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); - return PermUsedTypeEnum::INVALID_USED_TYPE; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_USER_GRANTED_PERMISSION_USED_TYPE, data, reply)) { - return PermUsedTypeEnum::INVALID_USED_TYPE; - } - - int32_t ret; - if (!reply.ReadInt32(ret)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32t failed."); - return PermUsedTypeEnum::INVALID_USED_TYPE; - } - PermUsedTypeEnum result = static_cast(ret); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (type=%{public}d).", result); - return result; -} - -int AccessTokenManagerProxy::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return PERMISSION_DENIED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return PERMISSION_DENIED; - } - if (!data.WriteString(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); - return PERMISSION_DENIED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::VERIFY_ACCESSTOKEN, data, reply)) { - return PERMISSION_DENIED; - } - - int32_t result = reply.ReadInt32(); - LOGD(ATM_DOMAIN, ATM_TAG, "Result from server (status=%{public}d).", result); - return result; -} - -int AccessTokenManagerProxy::VerifyAccessToken(AccessTokenID tokenID, - const std::vector& permissionList, std::vector& permStateList) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteStringVector(permissionList)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteStringVector failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::VERIFY_ACCESSTOKEN_WITH_LIST, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - if (!reply.ReadInt32Vector(&permStateList)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32Vector failed."); - return ERR_READ_PARCEL_FAILED; - } - - return ERR_OK; -} - -int AccessTokenManagerProxy::GetDefPermission( - const std::string& permissionName, PermissionDefParcel& permissionDefResult) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteString(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_DEF_PERMISSION, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - if (result != RET_SUCCESS) { - return result; - } - sptr resultSptr = reply.ReadParcelable(); - if (resultSptr == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable failed."); - return ERR_READ_PARCEL_FAILED; - } - permissionDefResult = *resultSptr; - return result; -} - -int AccessTokenManagerProxy::GetReqPermissions( - AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteInt32(isSystemGrant)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInt32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_REQ_PERMISSIONS, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGD(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - if (result != RET_SUCCESS) { - return result; - } - uint32_t reqPermSize = reply.ReadUint32(); - if (reqPermSize > MAX_PERMISSION_SIZE) { - LOGE(ATM_DOMAIN, ATM_TAG, "Size(%{public}u) is oversize.", reqPermSize); - return ERR_OVERSIZE; - } - for (uint32_t i = 0; i < reqPermSize; i++) { - sptr permissionReq = reply.ReadParcelable(); - if (permissionReq != nullptr) { - reqPermList.emplace_back(*permissionReq); - } - } - return result; -} - -int32_t AccessTokenManagerProxy::SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status, - int32_t userID = 0) -{ - MessageParcel sendData; - if (!sendData.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!sendData.WriteString(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!sendData.WriteUint32(status)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!sendData.WriteInt32(userID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInt32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::SET_PERMISSION_REQUEST_TOGGLE_STATUS, sendData, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -int32_t AccessTokenManagerProxy::GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status, - int32_t userID = 0) -{ - MessageParcel sendData; - if (!sendData.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!sendData.WriteString(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!sendData.WriteInt32(userID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInt32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_PERMISSION_REQUEST_TOGGLE_STATUS, sendData, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - if (result == RET_SUCCESS) { - status = reply.ReadUint32(); - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d, status=%{public}d).", result, status); - return result; -} - -int32_t AccessTokenManagerProxy::RequestAppPermOnSetting(AccessTokenID tokenID) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInt32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::REQUEST_APP_PERM_ON_SETTING, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); - return ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (result=%{public}d).", result); - return result; -} - -int AccessTokenManagerProxy::GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag) -{ - MessageParcel sendData; - if (!sendData.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!sendData.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!sendData.WriteString(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_PERMISSION_FLAG, sendData, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - if (result == RET_SUCCESS) { - flag = reply.ReadUint32(); - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d, flag=%{public}d).", result, flag); - return result; -} - -PermissionOper AccessTokenManagerProxy::GetSelfPermissionsState(std::vector& permListParcel, - PermissionGrantInfoParcel& infoParcel) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return INVALID_OPER; - } - if (!data.WriteUint32(permListParcel.size())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return INVALID_OPER; - } - for (const auto& permission : permListParcel) { - if (!data.WriteParcelable(&permission)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteParcelable failed."); - return INVALID_OPER; - } - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_PERMISSION_OPER_STATE, data, reply)) { - return INVALID_OPER; - } - - PermissionOper result = static_cast(reply.ReadInt32()); - size_t size = reply.ReadUint32(); - if (size != permListParcel.size()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Size(%{public}zu) from server is not equal inputSize(%{public}zu)!", - size, permListParcel.size()); - return INVALID_OPER; - } - if (size > MAX_PERMISSION_SIZE) { - LOGE(ATM_DOMAIN, ATM_TAG, "Size(%{public}zu) is oversize.", size); - return INVALID_OPER; - } - for (uint32_t i = 0; i < size; i++) { - sptr permissionReq = reply.ReadParcelable(); - if (permissionReq != nullptr) { - permListParcel[i].permsState.state = permissionReq->permsState.state; - permListParcel[i].permsState.errorReason = permissionReq->permsState.errorReason; - } - } - - sptr resultSptr = reply.ReadParcelable(); - if (resultSptr == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable failed."); - return INVALID_OPER; - } - infoParcel = *resultSptr; - - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (status=%{public}d).", result); - return result; -} - -int32_t AccessTokenManagerProxy::GetPermissionsStatus(AccessTokenID tokenID, - std::vector& permListParcel) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed"); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(permListParcel.size())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - for (const auto& permission : permListParcel) { - if (!data.WriteParcelable(&permission)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteParcelable failed."); - return ERR_WRITE_PARCEL_FAILED; - } - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_PERMISSIONS_STATUS, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - if (result != RET_SUCCESS) { - return result; - } - size_t size = reply.ReadUint32(); - if (size != permListParcel.size()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Size(%{public}zu) from server is not equal inputSize(%{public}zu)!", - size, permListParcel.size()); - return ERR_SIZE_NOT_EQUAL; - } - for (uint32_t i = 0; i < size; i++) { - sptr permissionReq = reply.ReadParcelable(); - if (permissionReq != nullptr) { - permListParcel[i].permsState.state = permissionReq->permsState.state; - } - } - return result; -} - -int AccessTokenManagerProxy::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) -{ - MessageParcel inData; - if (!inData.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!inData.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!inData.WriteString(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!inData.WriteUint32(flag)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GRANT_PERMISSION, inData, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -int AccessTokenManagerProxy::RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteString(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(flag)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::REVOKE_PERMISSION, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -int AccessTokenManagerProxy::GrantPermissionForSpecifiedTime( - AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteString(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(onceTime)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GRANT_PERMISSION_FOR_SPECIFIEDTIME, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); - return ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (result=%{public}d).", result); - return result; -} - -int AccessTokenManagerProxy::ClearUserGrantedPermissionState(AccessTokenID tokenID) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::CLEAR_USER_GRANT_PERMISSION, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -int32_t AccessTokenManagerProxy::RegisterPermStateChangeCallback( - const PermStateChangeScopeParcel& scope, const sptr& callback) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteParcelable(&scope)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteParcelable failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteRemoteObject(callback)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteRemoteObject failed."); - return ERR_WRITE_PARCEL_FAILED; - } - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::REGISTER_PERM_STATE_CHANGE_CALLBACK, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t ret; - if (!reply.ReadInt32(ret)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); - return ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", ret); - return ret; -} - -int32_t AccessTokenManagerProxy::UnRegisterPermStateChangeCallback(const sptr& callback) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteRemoteObject(callback)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteRemoteObject failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest( - AccessTokenInterfaceCode::UNREGISTER_PERM_STATE_CHANGE_CALLBACK, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); - return ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -int32_t AccessTokenManagerProxy::RegisterSelfPermStateChangeCallback( - const PermStateChangeScopeParcel& scope, const sptr& callback) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteParcelable(&scope)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteParcelable failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteRemoteObject(callback)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteRemoteObject failed."); - return ERR_WRITE_PARCEL_FAILED; - } - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::REGISTER_SELF_PERM_STATE_CHANGE_CALLBACK, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t ret; - if (!reply.ReadInt32(ret)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); - return ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", ret); - return ret; -} - -int32_t AccessTokenManagerProxy::UnRegisterSelfPermStateChangeCallback(const sptr& callback) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteRemoteObject(callback)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteRemoteObject failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest( - AccessTokenInterfaceCode::UNREGISTER_SELF_PERM_STATE_CHANGE_CALLBACK, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); - return ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -AccessTokenIDEx AccessTokenManagerProxy::AllocHapToken( - const HapInfoParcel& hapInfo, const HapPolicyParcel& policyParcel) -{ - MessageParcel data; - AccessTokenIDEx res = { 0 }; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return res; - } - - if (!data.WriteParcelable(&hapInfo)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteParcelable failed."); - return res; - } - if (!data.WriteParcelable(&policyParcel)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteParcelable failed."); - return res; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::ALLOC_TOKEN_HAP, data, reply)) { - return res; - } - - unsigned long long result = reply.ReadUint64(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (id=%{public}llu).", result); - res.tokenIDEx = result; - return res; -} - -int32_t AccessTokenManagerProxy::InitHapToken(const HapInfoParcel& hapInfoParcel, HapPolicyParcel& policyParcel, - AccessTokenIDEx& fullTokenId, HapInfoCheckResult& resultInfo) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - if (!data.WriteParcelable(&hapInfoParcel)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteParcelable failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteParcelable(&policyParcel)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteParcelable failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::INIT_TOKEN_HAP, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - int32_t result = 0; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); - return ERR_READ_PARCEL_FAILED; - } - if (result == RET_SUCCESS) { - uint64_t tokenId = 0; - if (!reply.ReadUint64(tokenId)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadUint64 faild."); - return ERR_READ_PARCEL_FAILED; - } - fullTokenId.tokenIDEx = tokenId; - } else { - if (reply.GetDataSize() > reply.GetReadPosition()) { - IF_FALSE_RETURN_VALUE_LOG(LABEL, reply.ReadString(resultInfo.permCheckResult.permissionName), - ERR_READ_PARCEL_FAILED, "ReadString faild."); - - int32_t rule; - IF_FALSE_RETURN_VALUE_LOG(LABEL, reply.ReadInt32(rule), - ERR_READ_PARCEL_FAILED, "ReadString faild."); - resultInfo.permCheckResult.rule = static_cast(rule); - } - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d, id=%{public}llu).", - result, fullTokenId.tokenIDEx); - return result; -} - -int AccessTokenManagerProxy::DeleteToken(AccessTokenID tokenID) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::TOKEN_DELETE, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d, id=%{public}u).", result, tokenID); - return result; -} - -int AccessTokenManagerProxy::GetTokenType(AccessTokenID tokenID) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write tokenID"); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_TOKEN_TYPE, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int result = reply.ReadInt32(); - LOGD(ATM_DOMAIN, ATM_TAG, "Result from server (type=%{public}d).", result); - return result; -} - -AccessTokenIDEx AccessTokenManagerProxy::GetHapTokenID(int32_t userID, const std::string& bundleName, int32_t instIndex) -{ - AccessTokenIDEx tokenIdEx = {0}; - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return tokenIdEx; - } - - if (!data.WriteInt32(userID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write tokenID"); - return tokenIdEx; - } - if (!data.WriteString(bundleName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write dcap"); - return tokenIdEx; - } - if (!data.WriteInt32(instIndex)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write dcap"); - return tokenIdEx; - } - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_HAP_TOKEN_ID, data, reply)) { - return tokenIdEx; - } - - tokenIdEx.tokenIDEx = reply.ReadUint64(); - LOGD(ATM_DOMAIN, ATM_TAG, "Result from server (id=%{public}llu).", tokenIdEx.tokenIDEx); - return tokenIdEx; -} - -AccessTokenID AccessTokenManagerProxy::AllocLocalTokenID( - const std::string& remoteDeviceID, AccessTokenID remoteTokenID) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return 0; - } - - if (!data.WriteString(remoteDeviceID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write dcap"); - return 0; - } - if (!data.WriteUint32(remoteTokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write dcap"); - return 0; - } - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::ALLOC_LOCAL_TOKEN_ID, data, reply)) { - return 0; - } - - AccessTokenID result = reply.ReadUint32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (id=%{public}d).", result); - return result; -} - -int AccessTokenManagerProxy::GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoParcel& nativeTokenInfoRes) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_NATIVE_TOKENINFO, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGD(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - if (result != RET_SUCCESS) { - return result; - } - sptr resultSptr = reply.ReadParcelable(); - if (resultSptr == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable fail"); - return ERR_READ_PARCEL_FAILED; - } - nativeTokenInfoRes = *resultSptr; - return result; -} - -int32_t AccessTokenManagerProxy::GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenIdList) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteInt32(userID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInt32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_TOKEN_ID_BY_USER_ID, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = 0; - if (!reply.ReadInt32(result)) { - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return ERR_READ_PARCEL_FAILED; - } - if (result != RET_SUCCESS) { - return result; - } - - uint32_t tokenIDListSize = 0; - if (!reply.ReadUint32(tokenIDListSize)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadUint32 failed."); - return ERR_READ_PARCEL_FAILED; - } - for (uint32_t i = 0; i < tokenIDListSize; i++) { - AccessTokenID tokenId = 0; - if (!reply.ReadUint32(tokenId)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadUint32 failed."); - return ERR_READ_PARCEL_FAILED; - } - tokenIdList.emplace(tokenId); - } - return result; -} - -int AccessTokenManagerProxy::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfoParcel& hapTokenInfoRes) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_HAP_TOKENINFO, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGD(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - if (result != RET_SUCCESS) { - return result; - } - sptr resultSptr = reply.ReadParcelable(); - if (resultSptr == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable failed."); - return ERR_READ_PARCEL_FAILED; - } - hapTokenInfoRes = *resultSptr; - return result; -} - -int32_t AccessTokenManagerProxy::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, - const HapPolicyParcel& policyParcel, HapInfoCheckResult& resultInfo) -{ - AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write tokenID failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteBool(info.isSystemApp)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write isSystemApp failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteString(info.appIDDesc)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write appIDDesc failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteInt32(info.apiVersion)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write apiVersion failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteString(info.appDistributionType)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write appDistributionType failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteParcelable(&policyParcel)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write policyParcel failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::UPDATE_HAP_TOKEN, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - int32_t result = reply.ReadInt32(); - tokenIdEx.tokenIdExStruct.tokenAttr = reply.ReadUint32(); - if (result != RET_SUCCESS && reply.GetDataSize() > reply.GetReadPosition()) { - IF_FALSE_RETURN_VALUE_LOG(LABEL, reply.ReadString(resultInfo.permCheckResult.permissionName), - ERR_READ_PARCEL_FAILED, "ReadString faild."); - - int32_t rule; - IF_FALSE_RETURN_VALUE_LOG(LABEL, reply.ReadInt32(rule), - ERR_READ_PARCEL_FAILED, "ReadString faild."); - resultInfo.permCheckResult.rule = static_cast(rule); - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -#ifndef ATM_BUILD_VARIANT_USER_ENABLE -int32_t AccessTokenManagerProxy::ReloadNativeTokenInfo() -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::RELOAD_NATIVE_TOKEN_INFO, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -#endif - -int AccessTokenManagerProxy::GetHapTokenInfoExtension(AccessTokenID tokenID, - HapTokenInfoParcel& hapTokenInfoRes, std::string& appID) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 fail"); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_HAP_TOKENINFO_EXT, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - if (result != RET_SUCCESS) { - return result; - } - sptr hapResult = reply.ReadParcelable(); - if (hapResult == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable fail."); - return ERR_READ_PARCEL_FAILED; - } - hapTokenInfoRes = *hapResult; - if (!reply.ReadString(appID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadString fail."); - return ERR_READ_PARCEL_FAILED; - } - - return result; -} - -AccessTokenID AccessTokenManagerProxy::GetNativeTokenId(const std::string& processName) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return INVALID_TOKENID; - } - - if (!data.WriteString(processName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); - return INVALID_TOKENID; - } - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_NATIVE_TOKEN_ID, data, reply)) { - return INVALID_TOKENID; - } - AccessTokenID id; - if (!reply.ReadUint32(id)) { - LOGI(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); - return INVALID_TOKENID; - } - LOGD(ATM_DOMAIN, ATM_TAG, "Result from server (process=%{public}s, id=%{public}d).", processName.c_str(), id); - return id; -} - -#ifdef TOKEN_SYNC_ENABLE -int AccessTokenManagerProxy::GetHapTokenInfoFromRemote(AccessTokenID tokenID, - HapTokenInfoForSyncParcel& hapSyncParcel) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(tokenID)) { - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_HAP_TOKEN_FROM_REMOTE, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - if (result != RET_SUCCESS) { - return result; - } - sptr hapResult = reply.ReadParcelable(); - if (hapResult == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable fail"); - return ERR_READ_PARCEL_FAILED; - } - hapSyncParcel = *hapResult; - return result; -} - -int AccessTokenManagerProxy::SetRemoteHapTokenInfo(const std::string& deviceID, - HapTokenInfoForSyncParcel& hapSyncParcel) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteString(deviceID)) { - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteParcelable(&hapSyncParcel)) { - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::SET_REMOTE_HAP_TOKEN_INFO, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -int AccessTokenManagerProxy::DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) -{ - MessageParcel data; - data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); - if (!data.WriteString(deviceID)) { - return ERR_WRITE_PARCEL_FAILED; - } - - if (!data.WriteUint32(tokenID)) { - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::DELETE_REMOTE_TOKEN_INFO, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -AccessTokenID AccessTokenManagerProxy::GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return 0; - } - if (!data.WriteString(deviceID)) { - return 0; - } - - if (!data.WriteUint32(tokenID)) { - return 0; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_NATIVE_REMOTE_TOKEN, data, reply)) { - return 0; - } - - AccessTokenID id = reply.ReadUint32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (id=%{public}d).", id); - return id; -} - -int AccessTokenManagerProxy::DeleteRemoteDeviceTokens(const std::string& deviceID) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteString(deviceID)) { - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::DELETE_REMOTE_DEVICE_TOKEN, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -int32_t AccessTokenManagerProxy::RegisterTokenSyncCallback(const sptr& callback) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteRemoteObject(callback)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteRemoteObject failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest( - AccessTokenInterfaceCode::REGISTER_TOKEN_SYNC_CALLBACK, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); - return ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} - -int32_t AccessTokenManagerProxy::UnRegisterTokenSyncCallback() -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest( - AccessTokenInterfaceCode::UNREGISTER_TOKEN_SYNC_CALLBACK, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); - return ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - return result; -} -#endif - -void AccessTokenManagerProxy::DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& dumpInfo) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return; - } - - if (!data.WriteParcelable(&infoParcel)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write infoParcel failed."); - return; - } - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::DUMP_TOKENINFO, data, reply)) { - return; - } - if (!reply.ReadString(dumpInfo)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadString failed."); - } -} - -int32_t AccessTokenManagerProxy::GetVersion(uint32_t& version) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write interface token failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_VERSION, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - int32_t result = reply.ReadInt32(); - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); - if (result != RET_SUCCESS) { - return result; - } - if (!reply.ReadUint32(version)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadUint32 failed."); - return ERR_READ_PARCEL_FAILED; - } - return result; -} - -int32_t AccessTokenManagerProxy::SetPermDialogCap(const HapBaseInfoParcel& hapBaseInfo, bool enable) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - if (!data.WriteParcelable(&hapBaseInfo)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteParcelable failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteBool(enable)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteBool failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::SET_PERM_DIALOG_CAPABILITY, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - return reply.ReadInt32(); -} - -void AccessTokenManagerProxy::GetPermissionManagerInfo(PermissionGrantInfoParcel& infoParcel) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); - return; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_PERMISSION_MANAGER_INFO, data, reply)) { - return; - } - - sptr parcel = reply.ReadParcelable(); - if (parcel == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable failed."); - return; - } - infoParcel = *parcel; -} - -int32_t AccessTokenManagerProxy::InitUserPolicy( - const std::vector& userList, const std::vector& permList) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write interface token failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - size_t userLen = userList.size(); - size_t permLen = permList.size(); - if ((userLen == 0) || (userLen > MAX_USER_POLICY_SIZE) || (permLen == 0) || (permLen > MAX_USER_POLICY_SIZE)) { - LOGE(ATM_DOMAIN, ATM_TAG, "UserLen %{public}zu or permLen %{public}zu is invalid", userLen, permLen); - return ERR_PARAM_INVALID; - } - - if (!data.WriteUint32(userLen)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write userLen size."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(permLen)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write permLen size."); - return ERR_WRITE_PARCEL_FAILED; - } - for (const auto& userInfo : userList) { - if (!data.WriteInt32(userInfo.userId)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write userId."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteBool(userInfo.isActive)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write isActive."); - return ERR_WRITE_PARCEL_FAILED; - } - } - for (const auto& permission : permList) { - if (!data.WriteString(permission)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write permission."); - return ERR_WRITE_PARCEL_FAILED; - } - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::INIT_USER_POLICY, data, reply)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read replay failed"); - return ERR_SERVICE_ABNORMAL; - } - int32_t result; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read Int32 failed"); - return AccessTokenError::ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server data = %{public}d", result); - return result; -} - -int32_t AccessTokenManagerProxy::ClearUserPolicy() -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write interface token failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::CLEAR_USER_POLICY, data, reply)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read replay failed"); - return ERR_SERVICE_ABNORMAL; - } - int32_t result; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read Int32 failed"); - return AccessTokenError::ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server data = %{public}d", result); - return result; -} - -int32_t AccessTokenManagerProxy::UpdateUserPolicy(const std::vector& userList) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write interface token failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - size_t userLen = userList.size(); - if ((userLen == 0) || (userLen > MAX_USER_POLICY_SIZE)) { - LOGE(ATM_DOMAIN, ATM_TAG, "UserLen %{public}zu is invalid.", userLen); - return ERR_PARAM_INVALID; - } - - if (!data.WriteUint32(userLen)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write userLen size."); - return ERR_WRITE_PARCEL_FAILED; - } - - for (const auto& userInfo : userList) { - if (!data.WriteInt32(userInfo.userId)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write userId."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteBool(userInfo.isActive)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write isActive."); - return ERR_WRITE_PARCEL_FAILED; - } - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::UPDATE_USER_POLICY, data, reply)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read replay failed"); - return ERR_SERVICE_ABNORMAL; - } - int32_t result; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read Int32 failed"); - return AccessTokenError::ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server data = %{public}d", result); - return result; -} - -int32_t AccessTokenManagerProxy::GetKernelPermissions( - AccessTokenID tokenID, std::vector& kernelPermList) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write interface token failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write tokenID."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_KERNEL_PERMISSIONS, data, reply)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read replay failed"); - return ERR_SERVICE_ABNORMAL; - } - int32_t result; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read result failed"); - return AccessTokenError::ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server data = %{public}d", result); - if (result != RET_SUCCESS) { - return result; - } - uint32_t size; - if (!reply.ReadUint32(size)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read size failed"); - return AccessTokenError::ERR_READ_PARCEL_FAILED; - } - if (size > MAX_EXTENDED_VALUE_LIST_SIZE) { - return AccessTokenError::ERR_OVERSIZE; - } - for (uint32_t i = 0; i < size; ++i) { - PermissionWithValue perm; - if (!reply.ReadString(perm.permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read permission name failed."); - return AccessTokenError::ERR_READ_PARCEL_FAILED; - } - if (!reply.ReadString(perm.value)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read value failed."); - return AccessTokenError::ERR_READ_PARCEL_FAILED; - } - if (perm.value == "true") { - perm.value.clear(); - } - kernelPermList.emplace_back(perm); - } - return RET_SUCCESS; -} - -int32_t AccessTokenManagerProxy::GetReqPermissionByName( - AccessTokenID tokenID, const std::string& permissionName, std::string& value) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - LOGE(ATM_DOMAIN, ATM_TAG, "Write interface token failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - if (!data.WriteUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write tokenID."); - return ERR_WRITE_PARCEL_FAILED; - } - - if (!data.WriteString(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write tokenID."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_PERMISSION_BY_NAME, data, reply)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read replay failed"); - return ERR_SERVICE_ABNORMAL; - } - int32_t result; - if (!reply.ReadInt32(result)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read result failed"); - return AccessTokenError::ERR_READ_PARCEL_FAILED; - } - LOGI(ATM_DOMAIN, ATM_TAG, "Result from server data = %{public}d", result); - if (result != RET_SUCCESS) { - return result; - } - if (!reply.ReadString(value)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read value failed"); - return AccessTokenError::ERR_READ_PARCEL_FAILED; - } - - return RET_SUCCESS; -} - -} // namespace AccessToken -} // namespace Security -} // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h deleted file mode 100644 index 99ff5740f..000000000 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h +++ /dev/null @@ -1,122 +0,0 @@ -/* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef ACCESSTOKEN_MANAGER_PROXY_H -#define ACCESSTOKEN_MANAGER_PROXY_H - -#include -#include - -#include "access_token.h" -#include "atm_tools_param_info_parcel.h" -#include "hap_info_parcel.h" -#include "hap_base_info_parcel.h" -#include "hap_policy_parcel.h" -#include "hap_token_info_parcel.h" -#include "hap_token_info_for_sync_parcel.h" -#include "i_accesstoken_manager.h" -#include "iremote_proxy.h" -#include "native_token_info_parcel.h" -#include "permission_def_parcel.h" -#include "permission_grant_info_parcel.h" -#include "permission_list_state_parcel.h" -#include "permission_status_parcel.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -class AccessTokenManagerProxy : public IRemoteProxy { -public: - explicit AccessTokenManagerProxy(const sptr& impl); - ~AccessTokenManagerProxy() override; - - PermUsedTypeEnum GetPermissionUsedType( - AccessTokenID tokenID, const std::string& permissionName) override; - int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) override; - int VerifyAccessToken(AccessTokenID tokenID, - const std::vector& permissionList, std::vector& permStateList) override; - int GetDefPermission(const std::string& permissionName, PermissionDefParcel& permissionDefResult) override; - int GetReqPermissions( - AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) override; - int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag) override; - int32_t SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status, - int32_t userID) override; - int32_t GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status, - int32_t userID) override; - int32_t RequestAppPermOnSetting(AccessTokenID tokenID) override; - int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) override; - int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) override; - int GrantPermissionForSpecifiedTime( - AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime) override; - PermissionOper GetSelfPermissionsState(std::vector& permListParcel, - PermissionGrantInfoParcel& infoParcel) override; - int32_t GetPermissionsStatus( - AccessTokenID tokenID, std::vector& permListParcel) override; - int ClearUserGrantedPermissionState(AccessTokenID tokenID) override; - int GetTokenType(AccessTokenID tokenID) override; - AccessTokenIDEx GetHapTokenID(int32_t userID, const std::string& bundleName, int32_t instIndex) override; - AccessTokenID AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID) override; - AccessTokenIDEx AllocHapToken(const HapInfoParcel& hapInfo, const HapPolicyParcel& policyParcel) override; - int32_t InitHapToken(const HapInfoParcel& hapInfoParcel, HapPolicyParcel& policyParcel, - AccessTokenIDEx& fullTokenId, HapInfoCheckResult& resultInfo) override; - int DeleteToken(AccessTokenID tokenID) override; - int32_t UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, - const HapPolicyParcel& policyParcel, HapInfoCheckResult& resultInfo) override; - int32_t GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenIdList) override; - int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfoParcel& hapTokenInfoRes) override; - int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoParcel& nativeTokenInfoRes) override; -#ifndef ATM_BUILD_VARIANT_USER_ENABLE - int32_t ReloadNativeTokenInfo() override; -#endif - int32_t RegisterPermStateChangeCallback(const PermStateChangeScopeParcel& scope, - const sptr& callback) override; - int32_t UnRegisterPermStateChangeCallback(const sptr& callback) override; - int32_t RegisterSelfPermStateChangeCallback(const PermStateChangeScopeParcel& scope, - const sptr& callback) override; - int32_t UnRegisterSelfPermStateChangeCallback(const sptr& callback) override; - AccessTokenID GetNativeTokenId(const std::string& processName) override; - int GetHapTokenInfoExtension(AccessTokenID tokenID, - HapTokenInfoParcel& hapTokenInfoRes, std::string& appID) override; - int32_t InitUserPolicy(const std::vector& userList, const std::vector& permList) override; - int32_t UpdateUserPolicy(const std::vector& userList) override; - int32_t ClearUserPolicy() override; - -#ifdef TOKEN_SYNC_ENABLE - int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSyncParcel& hapSyncParcel) override; - int SetRemoteHapTokenInfo(const std::string& deviceID, HapTokenInfoForSyncParcel& hapSyncParcel) override; - int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) override; - AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID) override; - int DeleteRemoteDeviceTokens(const std::string& deviceID) override; - int32_t RegisterTokenSyncCallback(const sptr& callback) override; - int32_t UnRegisterTokenSyncCallback() override; -#endif - - int32_t GetKernelPermissions( - AccessTokenID tokenId, std::vector& kernelPermList) override; - int32_t GetReqPermissionByName( - AccessTokenID tokenId, const std::string& permissionName, std::string& value) override; - int32_t SetPermDialogCap(const HapBaseInfoParcel& hapBaseInfo, bool enable) override; - void DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& dumpInfo) override; - int32_t GetVersion(uint32_t& version) override; - void GetPermissionManagerInfo(PermissionGrantInfoParcel& infoParcel) override; - -private: - bool SendRequest(AccessTokenInterfaceCode code, MessageParcel& data, MessageParcel& reply); - static inline BrokerDelegator delegator_; -}; -} // namespace AccessToken -} // namespace Security -} // namespace OHOS -#endif // ACCESSTOKEN_MANAGER_PROXY_H diff --git a/interfaces/innerkits/accesstoken/test/unittest/BUILD.gn b/interfaces/innerkits/accesstoken/test/unittest/BUILD.gn index 1727ef9f3..39bdcaf01 100755 --- a/interfaces/innerkits/accesstoken/test/unittest/BUILD.gn +++ b/interfaces/innerkits/accesstoken/test/unittest/BUILD.gn @@ -143,14 +143,16 @@ ohos_unittest("accesstoken_mock_test") { "${access_token_innerkit_path}/src/accesstoken_death_recipient.cpp", "${access_token_innerkit_path}/src/accesstoken_kit.cpp", "${access_token_innerkit_path}/src/accesstoken_manager_client.cpp", - "${access_token_innerkit_path}/src/accesstoken_manager_proxy.cpp", "${access_token_innerkit_path}/src/perm_state_change_callback_customize.cpp", "../mock/src/iservice_registry.cpp", "ProxyMockTest/accesstoken_mock_test.cpp", ] cflags_cc = [ "-DHILOG_ENABLE" ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] deps = [ "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", @@ -158,6 +160,7 @@ ohos_unittest("accesstoken_mock_test") { "${access_token_path}/interfaces/innerkits/accesstoken:libtokenid_sdk", "${access_token_path}/interfaces/innerkits/token_setproc:libperm_setproc", "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_proxy", ] external_deps = [ diff --git a/interfaces/innerkits/accesstoken/test/unittest/Coverage/accesstoken_kit_coverage_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/Coverage/accesstoken_kit_coverage_test.cpp index 0a225086d..5e3274cab 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/Coverage/accesstoken_kit_coverage_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/Coverage/accesstoken_kit_coverage_test.cpp @@ -19,7 +19,6 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" #include "hap_token_info.h" #include "nativetoken_kit.h" #include "permission_grant_info.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_hap_dlp_flag_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_hap_dlp_flag_test.cpp index 8800bdfa9..f55615cce 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_hap_dlp_flag_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_hap_dlp_flag_test.cpp @@ -21,7 +21,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permission_flag_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permission_flag_test.cpp index e9eb03f38..5236a9c8e 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permission_flag_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permission_flag_test.cpp @@ -21,7 +21,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permissions_status_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permissions_status_test.cpp index 2174649a0..4a25e0bd3 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permissions_status_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permissions_status_test.cpp @@ -21,7 +21,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/permission_request_toggle_status_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/permission_request_toggle_status_test.cpp index 8e70c9307..cf2d74ba3 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/permission_request_toggle_status_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/permission_request_toggle_status_test.cpp @@ -21,7 +21,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/alloc_hap_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/alloc_hap_token_test.cpp index d8d286e83..75d8794af 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/alloc_hap_token_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/alloc_hap_token_test.cpp @@ -20,7 +20,6 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" #include "nativetoken_kit.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/app_installation_optimized_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/app_installation_optimized_test.cpp index a53385c71..cd31758cf 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/app_installation_optimized_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/app_installation_optimized_test.cpp @@ -18,7 +18,7 @@ #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "nativetoken_kit.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/delete_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/delete_token_test.cpp index 68281ff82..654954664 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/delete_token_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/delete_token_test.cpp @@ -21,7 +21,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_hap_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_hap_token_test.cpp index f91a41454..22156a78f 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_hap_token_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_hap_token_test.cpp @@ -20,7 +20,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_token_type_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_token_type_test.cpp index b6b81fb80..85bc3e63f 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_token_type_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_token_type_test.cpp @@ -20,7 +20,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp index 8ce8e5dd8..6f1c99888 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp @@ -20,7 +20,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "nativetoken_kit.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" @@ -855,12 +855,12 @@ HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest011, TestSize.Level1) policyParams.aclExtendedMap["ohos.permission.ACCESS_CERT_MANAGER"] = testValue; ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); ASSERT_EQ(RET_SUCCESS, ret); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; testValue.push_back('1'); policyParams.aclExtendedMap["ohos.permission.ACCESS_CERT_MANAGER"] = testValue; ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); - AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; ret = AccessTokenKit::DeleteToken(tokenID); EXPECT_EQ(RET_SUCCESS, ret); diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp index 54ff953ba..ab697988f 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp @@ -20,7 +20,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "nativetoken_kit.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermisionDialogTest/set_perm_dialog_cap_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/PermisionDialogTest/set_perm_dialog_cap_test.cpp index de1cf2d96..abcfeb50a 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/PermisionDialogTest/set_perm_dialog_cap_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/PermisionDialogTest/set_perm_dialog_cap_test.cpp @@ -21,7 +21,6 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/clear_user_granted__permission_state_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/clear_user_granted__permission_state_test.cpp index 636cbcb42..bc84fa973 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/clear_user_granted__permission_state_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/clear_user_granted__permission_state_test.cpp @@ -20,7 +20,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "test_common.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/get_permission_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/get_permission_test.cpp index a7c19f175..78a607366 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/get_permission_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/get_permission_test.cpp @@ -20,7 +20,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/grant_permission_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/grant_permission_test.cpp index 6cf38323b..7676a7f0b 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/grant_permission_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/grant_permission_test.cpp @@ -20,7 +20,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/revoke_permission_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/revoke_permission_test.cpp index bb24a2e78..3e3c794eb 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/revoke_permission_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/revoke_permission_test.cpp @@ -20,7 +20,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/verify_access_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/verify_access_token_test.cpp index 262d7ca2d..2bf298ec3 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/verify_access_token_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/verify_access_token_test.cpp @@ -20,7 +20,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/register_perm_state_change_callback_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/register_perm_state_change_callback_test.cpp index c58a3429a..d7c7d250d 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/register_perm_state_change_callback_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/register_perm_state_change_callback_test.cpp @@ -19,7 +19,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "hap_token_info.h" #include "nativetoken_kit.h" #include "permission_grant_info.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/un_register_perm_state_change_callback_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/un_register_perm_state_change_callback_test.cpp index 0331e7b96..d56b32c8a 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/un_register_perm_state_change_callback_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/un_register_perm_state_change_callback_test.cpp @@ -19,7 +19,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "hap_token_info.h" #include "nativetoken_kit.h" #include "permission_grant_info.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/SaTest/dump_token_info_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/SaTest/dump_token_info_test.cpp index 83424dac6..5f7ff2fba 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/SaTest/dump_token_info_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/SaTest/dump_token_info_test.cpp @@ -21,7 +21,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_id_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_id_test.cpp index 2f910f59b..5c945a183 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_id_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_id_test.cpp @@ -21,7 +21,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_info_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_info_test.cpp index ada8b705a..9ad51d8f1 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_info_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_info_test.cpp @@ -21,7 +21,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" diff --git a/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_version_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_version_test.cpp index eb6c1343d..c0b9c2d5d 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_version_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_version_test.cpp @@ -19,7 +19,7 @@ #include "access_token.h" #include "access_token_error.h" #include "accesstoken_common_log.h" -#include "accesstoken_service_ipc_interface_code.h" +#include "iaccess_token_manager.h" #include "hap_token_info.h" #include "nativetoken_kit.h" #include "permission_grant_info.h" diff --git a/services/accesstokenmanager/BUILD.gn b/services/accesstokenmanager/BUILD.gn index 9fa2fc93c..6ef246714 100644 --- a/services/accesstokenmanager/BUILD.gn +++ b/services/accesstokenmanager/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021-2024 Huawei Device Co., Ltd. +# Copyright (c) 2021-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -91,7 +91,6 @@ if (is_standard_system) { "main/cpp/src/permission/short_grant_manager.cpp", "main/cpp/src/permission/temp_permission_observer.cpp", "main/cpp/src/service/accesstoken_manager_service.cpp", - "main/cpp/src/service/accesstoken_manager_stub.cpp", "main/cpp/src/token/accesstoken_id_manager.cpp", "main/cpp/src/token/accesstoken_info_manager.cpp", "main/cpp/src/token/hap_token_info_inner.cpp", @@ -105,6 +104,7 @@ if (is_standard_system) { configs = [ "${access_token_path}/config:access_token_compile_flags", "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", ] if (dlp_permission_enable == true) { @@ -125,6 +125,7 @@ if (is_standard_system) { "${access_token_path}/interfaces/innerkits/token_setproc:libtoken_setproc", "${access_token_path}/services/accesstokenmanager:access_token.rc", "${access_token_path}/services/accesstokenmanager:permission_definition_config", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_stub", "${access_token_path}/services/common:accesstoken_service_common", ] diff --git a/services/accesstokenmanager/idl/BUILD.gn b/services/accesstokenmanager/idl/BUILD.gn new file mode 100644 index 000000000..1b08e66a7 --- /dev/null +++ b/services/accesstokenmanager/idl/BUILD.gn @@ -0,0 +1,125 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/components/idl_tool/idl.gni") +import("//build/ohos.gni") +import("../../../access_token.gni") + +idl_gen_interface("access_token_manager_interface") { + sources = [ "IAccessTokenManager.idl" ] + sources_common = [ "IdlCommon.idl" ] + log_domainid = "0xD005A01" + log_tag = "ATM" + subsystem_name = "security" + part_name = "access_token" +} + +config("access_token_manager_gen_config") { + include_dirs = [ "${target_gen_dir}" ] +} + +ohos_source_set("access_token_manager_proxy") { + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + } + + cflags_cc = [] + if (build_variant == "user") { + cflags_cc += [ "-DATM_BUILD_VARIANT_USER_ENABLE" ] + } + if (token_sync_enable == true) { + cflags_cc += [ "-DTOKEN_SYNC_ENABLE" ] + } + + output_values = get_target_outputs(":access_token_manager_interface") + + include_dirs = [ + "${access_token_path}/frameworks/accesstoken/include", + "${access_token_path}/frameworks/common/include", + "src", + ] + + sources = filter_include(output_values, + [ + "*_proxy.cpp", + "*idl_common.cpp", + ]) + + deps = [ + ":access_token_manager_interface", + "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", + "${access_token_path}/frameworks/common:accesstoken_common_cxx", + "${access_token_path}/interfaces/innerkits/token_setproc:libperm_setproc", + ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + "init:libbegetutil", + "ipc:ipc_single", + "samgr:samgr_proxy", + ] + + subsystem_name = "security" + part_name = "access_token" +} + +ohos_source_set("access_token_manager_stub") { + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + } + + cflags_cc = [] + if (build_variant == "user") { + cflags_cc += [ "-DATM_BUILD_VARIANT_USER_ENABLE" ] + } + if (token_sync_enable == true) { + cflags_cc += [ "-DTOKEN_SYNC_ENABLE" ] + } + + output_values = get_target_outputs(":access_token_manager_interface") + + include_dirs = [ + "${access_token_path}/frameworks/accesstoken/include", + "${access_token_path}/frameworks/common/include", + "src", + ] + + sources = filter_include(output_values, + [ + "*_stub.cpp", + "*idl_common.cpp", + ]) + + deps = [ + ":access_token_manager_interface", + "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", + "${access_token_path}/frameworks/common:accesstoken_common_cxx", + "${access_token_path}/interfaces/innerkits/token_setproc:libperm_setproc", + ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + "init:libbegetutil", + "ipc:ipc_single", + "samgr:samgr_proxy", + ] + + subsystem_name = "security" + part_name = "access_token" +} diff --git a/services/accesstokenmanager/idl/IAccessTokenManager.idl b/services/accesstokenmanager/idl/IAccessTokenManager.idl new file mode 100644 index 000000000..31da0d225 --- /dev/null +++ b/services/accesstokenmanager/idl/IAccessTokenManager.idl @@ -0,0 +1,89 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package OHOS.Security.AccessToken; +sequenceable OHOS.Security.AccessToken.PermissionDefParcel; +sequenceable OHOS.Security.AccessToken.PermissionStatusParcel; +sequenceable OHOS.Security.AccessToken.PermissionListStateParcel; +sequenceable OHOS.Security.AccessToken.PermissionGrantInfoParcel; +sequenceable OHOS.Security.AccessToken.HapInfoParcel; +sequenceable OHOS.Security.AccessToken.HapPolicyParcel; +sequenceable OHOS.Security.AccessToken.NativeTokenInfoParcel; +sequenceable OHOS.Security.AccessToken.HapTokenInfoParcel; +sequenceable OHOS.Security.AccessToken.PermStateChangeScopeParcel; +sequenceable OHOS.IRemoteObject; +sequenceable OHOS.Security.AccessToken.HapTokenInfoForSyncParcel; +sequenceable OHOS.Security.AccessToken.HapBaseInfoParcel; +sequenceable OHOS.Security.AccessToken.AtmToolsParamInfoParcel; + +import IdlCommon; + +option_stub_hooks on; + +interface OHOS.Security.AccessToken.IAccessTokenManager{ + [ipccode 1] void VerifyAccessToken([in] unsigned int tokenID, [in] String permissionName); + [ipccode 2] void GetDefPermission([in] String permissionName, [out] PermissionDefParcel permissionDefResult); + [ipccode 3] void GetReqPermissions([in] unsigned int tokenID, [out] List reqPermList, [in] boolean isSystemGrant); + [ipccode 4] void GetPermissionFlag([in] unsigned int tokenID, [in] String permissionName, [out] unsigned int flag); + [ipccode 5] void GrantPermission([in] unsigned int tokenID, [in] String permissionName, [in] unsigned int flag); + [ipccode 6] void RevokePermission([in] unsigned int tokenID, [in] String permissionName, [in] unsigned int flag); + [ipccode 7] void ClearUserGrantedPermissionState([in] unsigned int tokenID); + [ipccode 8] void AllocHapToken([in] HapInfoParcel hapInfo, [in] HapPolicyParcel policyParcel, [out] unsigned long fullTokenId); + [ipccode 9] void DeleteToken([in] unsigned int tokenID); + [ipccode 10] void InitHapToken([in] HapInfoParcel info, [in] HapPolicyParcel policy, [out] unsigned long fullTokenId, [out] HapInfoCheckResultIdl resultInfoIdl); + [ipccode 11] void SetPermissionRequestToggleStatus([in] String permissionName, [in] unsigned int status, [in] int userID); + [ipccode 12] void GetPermissionRequestToggleStatus([in] String permissionName, [out] unsigned int status, [in] int userID); + [ipccode 13] void GrantPermissionForSpecifiedTime([in] unsigned int tokenID, [in] String permissionName, [in] unsigned int onceTime); + [ipccode 14] void RequestAppPermOnSetting([in] unsigned int tokenID); + [ipccode 16] void GetTokenType([in] unsigned int tokenID, [out] int tokenType); + + [ipccode 18] void GetHapTokenID([in] int userID, [in] String bundleName, [in] int instIndex, [out] unsigned long fullTokenId); + [ipccode 19] void AllocLocalTokenID([in] String remoteDeviceID, [in] unsigned int remoteTokenID, [out] unsigned int tokenId); + [ipccode 20] void GetNativeTokenInfo([in] unsigned int tokenID, [out] NativeTokenInfoParcel nativeTokenInfoRes); + [ipccode 21] void GetHapTokenInfo([in] unsigned int tokenID, [out] HapTokenInfoParcel hapTokenInfoRes); + [ipccode 22] void UpdateHapToken([inout] unsigned long fullTokenId, [in] UpdateHapInfoParamsIdl infoIdl, [in] HapPolicyParcel policyParcel, [out] HapInfoCheckResultIdl resultInfoIdl); + [ipccode 23] void GetTokenIDByUserID([in] int userID, [out] List tokenIdList); + [macrodef TOKEN_SYNC_ENABLE, ipccode 32] void GetHapTokenInfoFromRemote([in] unsigned int tokenID, [out] HapTokenInfoForSyncParcel hapSyncParcel); + + [macrodef TOKEN_SYNC_ENABLE, ipccode 34] void SetRemoteHapTokenInfo([in] String deviceID, [in] HapTokenInfoForSyncParcel hapSyncParcel); + + [macrodef TOKEN_SYNC_ENABLE, ipccode 36] void DeleteRemoteToken([in] String deviceID, [in] unsigned int tokenID); + [macrodef TOKEN_SYNC_ENABLE, ipccode 37] void DeleteRemoteDeviceTokens([in] String deviceID); + [macrodef TOKEN_SYNC_ENABLE, ipccode 38] void GetRemoteNativeTokenID([in] String deviceID, [in] unsigned int tokenID, [out] unsigned int tokenId); + [macrodef TOKEN_SYNC_ENABLE, ipccode 39] void RegisterTokenSyncCallback([in] IRemoteObject cb); + [macrodef TOKEN_SYNC_ENABLE, ipccode 40] void UnRegisterTokenSyncCallback(); + [ipccode 48, ipcoutcapacity 2000] void DumpTokenInfo([in] AtmToolsParamInfoParcel infoParcel, [out] String tokenInfo); + [ipccode 49] void GetSelfPermissionsState([inout] List permListParcel, [out] PermissionGrantInfoParcel infoParcel, [out] int permOper); + [ipccode 50] void GetPermissionsStatus([in] unsigned int tokenID, [inout] ListpermListParcel); + [ipccode 51] void RegisterPermStateChangeCallback([in] PermStateChangeScopeParcel scope, [in] IRemoteObject cb); + [ipccode 52] void UnRegisterPermStateChangeCallback([in] IRemoteObject cb); + [ipccode 53, macrondef ATM_BUILD_VARIANT_USER_ENABLE] void ReloadNativeTokenInfo(); + [ipccode 54] void GetNativeTokenId([in] String processName, [out] unsigned int tokenID); + [ipccode 55] void SetPermDialogCap([in] HapBaseInfoParcel hapBaseInfoParcel, [in] boolean enable); + [ipccode 56] void GetPermissionUsedType([in] unsigned int tokenID, [in] String permissionName, [out] int permUsedType); + + [ipccode 58] void GetVersion([out] unsigned int version); + [ipccode 59] void GetPermissionManagerInfo([out] PermissionGrantInfoParcel infoParcel); + + [ipccode 61] void InitUserPolicy([in] List userIdlList, [in] List permList); + [ipccode 62] void UpdateUserPolicy([in] List userIdlList); + [ipccode 63] void ClearUserPolicy(); + [ipccode 64] void GetHapTokenInfoExtension([in] unsigned int tokenID, [out] HapTokenInfoParcel hapTokenInfoRes, [out] String appID); + [ipccode 65] void RegisterSelfPermStateChangeCallback([in] PermStateChangeScopeParcel scope, [in] IRemoteObject cb); + [ipccode 66] void UnRegisterSelfPermStateChangeCallback([in] IRemoteObject cb); + [ipccode 67] void GetKernelPermissions([in] unsigned int tokenId, [out] List kernelPermIdlList); + [ipccode 68] void GetReqPermissionByName([in] unsigned int tokenId, [in] String permissionName, [out] String value); + [ipccode 80] void VerifyAccessToken([in] unsigned int tokenID, [in] List permissionList, [out] List permStateList); +} \ No newline at end of file diff --git a/services/accesstokenmanager/idl/IdlCommon.idl b/services/accesstokenmanager/idl/IdlCommon.idl new file mode 100644 index 000000000..a95766a4e --- /dev/null +++ b/services/accesstokenmanager/idl/IdlCommon.idl @@ -0,0 +1,49 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package OHOS.Security.AccessToken; + +struct UserStateIdl { + /** user id */ + int userId; + /** active status */ + boolean isActive; +}; + +struct PermissionWithValueIdl { + String permissionName; + String value; +}; + +struct UpdateHapInfoParamsIdl { + String appIDDesc; + /** which version of the SDK is used to develop the hap */ + int apiVersion; + /** indicates whether the hap is a system app */ + boolean isSystemApp; + /* app type */ + String appDistributionType; +}; + +enum PermissionRulesEnumIdl { + PERMISSION_EDM_RULE = 0, + PERMISSION_ACL_RULE +}; + +struct HapInfoCheckResultIdl { + String permissionName; + PermissionRulesEnumIdl rule; + int realResult +}; \ No newline at end of file diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h index befb3df1b..c90a9a26b 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h @@ -18,8 +18,9 @@ #include #include +#include -#include "accesstoken_manager_stub.h" +#include "access_token_manager_stub.h" #ifdef EVENTHANDLER_ENABLE #include "access_event_handler.h" #endif @@ -45,19 +46,19 @@ public: void OnAddSystemAbility(int32_t systemAbilityId, const std::string& deviceId) override; void OnRemoveSystemAbility(int32_t systemAbilityId, const std::string& deviceId) override; - AccessTokenIDEx AllocHapToken(const HapInfoParcel& info, const HapPolicyParcel& policy) override; - PermUsedTypeEnum GetPermissionUsedType( - AccessTokenID tokenID, const std::string& permissionName) override; - int32_t InitHapToken(const HapInfoParcel& info, HapPolicyParcel& policy, - AccessTokenIDEx& fullTokenId, HapInfoCheckResult& result) override; + int32_t AllocHapToken(const HapInfoParcel& info, const HapPolicyParcel& policy, uint64_t& fullTokenId) override; + int32_t GetPermissionUsedType( + AccessTokenID tokenID, const std::string& permissionName, int32_t& permUsedType) override; + int32_t InitHapToken(const HapInfoParcel& info, const HapPolicyParcel& policy, + uint64_t& fullTokenId, HapInfoCheckResultIdl& resultInfoIdl) override; int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) override; int VerifyAccessToken(AccessTokenID tokenID, const std::vector& permissionList, std::vector& permStateList) override; int GetDefPermission(const std::string& permissionName, PermissionDefParcel& permissionDefResult) override; int GetReqPermissions( AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) override; - PermissionOper GetSelfPermissionsState(std::vector& reqPermList, - PermissionGrantInfoParcel& infoParcel) override; + int32_t GetSelfPermissionsState(std::vector& reqPermList, + PermissionGrantInfoParcel& infoParcel, int32_t& permOper) override; int32_t GetPermissionsStatus(AccessTokenID tokenID, std::vector& reqPermList) override; int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag) override; int32_t SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status, @@ -71,14 +72,17 @@ public: AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime) override; int ClearUserGrantedPermissionState(AccessTokenID tokenID) override; int DeleteToken(AccessTokenID tokenID) override; - int GetTokenType(AccessTokenID tokenID) override; - AccessTokenIDEx GetHapTokenID(int32_t userID, const std::string& bundleName, int32_t instIndex) override; - AccessTokenID AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID) override; + int GetTokenType(AccessTokenID tokenID); + int GetTokenType(AccessTokenID tokenID, int32_t& tokenType) override; + int32_t GetHapTokenID( + int32_t userID, const std::string& bundleName, int32_t instIndex, uint64_t& fullTokenId) override; + int32_t AllocLocalTokenID( + const std::string& remoteDeviceID, AccessTokenID remoteTokenID, AccessTokenID& tokenId) override; int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoParcel& infoParcel) override; - int32_t GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenIdList) override; + int32_t GetTokenIDByUserID(int32_t userID, std::vector& tokenIds) override; int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfoParcel& infoParcel) override; - int32_t UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, - const HapPolicyParcel& policyParcel, HapInfoCheckResult& result) override; + int32_t UpdateHapToken(uint64_t& fullTokenId, const UpdateHapInfoParamsIdl& infoIdl, + const HapPolicyParcel& policyParcel, HapInfoCheckResultIdl& resultInfoIdl) override; int32_t RegisterPermStateChangeCallback( const PermStateChangeScopeParcel& scope, const sptr& callback) override; int32_t UnRegisterPermStateChangeCallback(const sptr& callback) override; @@ -90,30 +94,34 @@ public: #endif int GetHapTokenInfoExtension(AccessTokenID tokenID, HapTokenInfoParcel& hapTokenInfoRes, std::string& appID) override; - AccessTokenID GetNativeTokenId(const std::string& processName) override; + int32_t GetNativeTokenId(const std::string& processName, AccessTokenID& tokenID) override; #ifdef TOKEN_SYNC_ENABLE int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSyncParcel& hapSyncParcel) override; - int SetRemoteHapTokenInfo(const std::string& deviceID, HapTokenInfoForSyncParcel& hapSyncParcel) override; + int SetRemoteHapTokenInfo(const std::string& deviceID, const HapTokenInfoForSyncParcel& hapSyncParcel) override; int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) override; - AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID) override; + int32_t GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID, AccessTokenID& tokenId) override; int DeleteRemoteDeviceTokens(const std::string& deviceID) override; int32_t RegisterTokenSyncCallback(const sptr& callback) override; int32_t UnRegisterTokenSyncCallback() override; #endif int32_t GetKernelPermissions( - AccessTokenID tokenId, std::vector& kernelPermList) override; + AccessTokenID tokenId, std::vector& kernelPermIdlList) override; int32_t GetReqPermissionByName( AccessTokenID tokenId, const std::string& permissionName, std::string& value) override; int SetPermDialogCap(const HapBaseInfoParcel& hapBaseInfoParcel, bool enable) override; - void GetPermissionManagerInfo(PermissionGrantInfoParcel& infoParcel) override; - int32_t InitUserPolicy(const std::vector& userList, const std::vector& permList) override; - int32_t UpdateUserPolicy(const std::vector& userList) override; + int32_t GetPermissionManagerInfo(PermissionGrantInfoParcel& infoParcel) override; + int32_t InitUserPolicy( + const std::vector& userIdlList, const std::vector& permList) override; + int32_t UpdateUserPolicy(const std::vector& userIdlList) override; int32_t ClearUserPolicy() override; - void DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& dumpInfo) override; + int32_t DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& dumpInfo) override; int32_t GetVersion(uint32_t& version) override; int Dump(int fd, const std::vector& args) override; + int32_t CallbackEnter(uint32_t code) override; + int32_t CallbackExit(uint32_t code, int32_t result) override; + private: void GetValidConfigFilePathList(std::vector& pathList); bool GetConfigGrantValueFromFile(std::string& fileContent); @@ -128,6 +136,18 @@ private: std::string permStateAbilityName_; std::string globalSwitchAbilityName_; std::string applicationSettingAbilityName_; + + bool IsPrivilegedCalling() const; + bool IsAccessTokenCalling(); + bool IsNativeProcessCalling(); + bool IsSystemAppCalling() const; + bool IsShellProcessCalling(); +#ifndef ATM_BUILD_VARIANT_USER_ENABLE + static const int32_t ROOT_UID = 0; +#endif + static const int32_t ACCESSTOKEN_UID = 3020; + + AccessTokenID tokenSyncId_ = 0; }; } // namespace AccessToken } // namespace Security diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h deleted file mode 100644 index 03647a2e5..000000000 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h +++ /dev/null @@ -1,113 +0,0 @@ -/* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef ACCESSTOKEN_MANAGER_STUB_H -#define ACCESSTOKEN_MANAGER_STUB_H - -#include - -#include "i_accesstoken_manager.h" - -#include "iremote_stub.h" -#include "nocopyable.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -class AccessTokenManagerStub : public IRemoteStub { -public: - AccessTokenManagerStub(); - virtual ~AccessTokenManagerStub(); - - int OnRemoteRequest(uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& options) override; - -private: - void GetPermissionUsedTypeInner(MessageParcel& data, MessageParcel& reply); - void VerifyAccessTokenInner(MessageParcel& data, MessageParcel& reply); - void VerifyAccessTokenWithListInner(MessageParcel& data, MessageParcel& reply); - void GetDefPermissionInner(MessageParcel& data, MessageParcel& reply); - void GetReqPermissionsInner(MessageParcel& data, MessageParcel& reply); - void GetSelfPermissionsStateInner(MessageParcel& data, MessageParcel& reply); - void GetPermissionsStatusInner(MessageParcel& data, MessageParcel& reply); - void GetPermissionFlagInner(MessageParcel& data, MessageParcel& reply); - void SetPermissionRequestToggleStatusInner(MessageParcel& data, MessageParcel& reply); - void GetPermissionRequestToggleStatusInner(MessageParcel& data, MessageParcel& reply); - void RequestAppPermOnSettingInner(MessageParcel& data, MessageParcel& reply); - void GrantPermissionInner(MessageParcel& data, MessageParcel& reply); - void RevokePermissionInner(MessageParcel& data, MessageParcel& reply); - void GrantPermissionForSpecifiedTimeInner(MessageParcel& data, MessageParcel& reply); - void ClearUserGrantedPermissionStateInner(MessageParcel& data, MessageParcel& reply); - void AllocHapTokenInner(MessageParcel& data, MessageParcel& reply); - void InitHapTokenInner(MessageParcel& data, MessageParcel& reply); - void DeleteTokenInfoInner(MessageParcel& data, MessageParcel& reply); - void UpdateHapTokenInner(MessageParcel& data, MessageParcel& reply); - void GetTokenIDByUserIDInner(MessageParcel& data, MessageParcel& reply); - void GetHapTokenInfoInner(MessageParcel& data, MessageParcel& reply); - void GetNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply); - void AllocLocalTokenIDInner(MessageParcel& data, MessageParcel& reply); - void GetHapTokenIDInner(MessageParcel& data, MessageParcel& reply); - void GetTokenTypeInner(MessageParcel& data, MessageParcel& reply); - void RegisterPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply); - void UnRegisterPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply); - void RegisterSelfPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply); - void UnRegisterSelfPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply); -#ifndef ATM_BUILD_VARIANT_USER_ENABLE - void ReloadNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply); - void DumpPermDefInfoInner(MessageParcel& data, MessageParcel& reply); -#endif - void GetHapTokenInfoExtensionInner(MessageParcel& data, MessageParcel& reply); - void GetNativeTokenIdInner(MessageParcel& data, MessageParcel& reply); - -#ifdef TOKEN_SYNC_ENABLE - void GetHapTokenInfoFromRemoteInner(MessageParcel& data, MessageParcel& reply); - void SetRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply); - void DeleteRemoteTokenInner(MessageParcel& data, MessageParcel& reply); - void DeleteRemoteDeviceTokensInner(MessageParcel& data, MessageParcel& reply); - void GetRemoteNativeTokenIDInner(MessageParcel& data, MessageParcel& reply); - void RegisterTokenSyncCallbackInner(MessageParcel& data, MessageParcel& reply); - void UnRegisterTokenSyncCallbackInner(MessageParcel& data, MessageParcel& reply); - void SetTokenSyncFuncInMap(); -#endif - void SetPermissionOpFuncInMap(); - void SetLocalTokenOpFuncInMap(); - void DumpTokenInfoInner(MessageParcel& data, MessageParcel& reply); - void GetVersionInner(MessageParcel& data, MessageParcel& reply); - void SetPermDialogCapInner(MessageParcel& data, MessageParcel& reply); - void GetPermissionManagerInfoInner(MessageParcel& data, MessageParcel& reply); - void InitUserPolicyInner(MessageParcel& data, MessageParcel& reply); - void UpdateUserPolicyInner(MessageParcel& data, MessageParcel& reply); - void ClearUserPolicyInner(MessageParcel& data, MessageParcel& reply); - void GetReqPermissionByNameInner(MessageParcel& data, MessageParcel& reply); - void GetKernelPermissionsInner(MessageParcel& data, MessageParcel& reply); - - bool IsPrivilegedCalling() const; - bool IsAccessTokenCalling(); - bool IsNativeProcessCalling(); - bool IsSystemAppCalling() const; - bool IsShellProcessCalling(); -#ifndef ATM_BUILD_VARIANT_USER_ENABLE - static const int32_t ROOT_UID = 0; -#endif - static const int32_t ACCESSTOKEN_UID = 3020; - - AccessTokenID tokenSyncId_ = 0; - - using RequestFuncType = void (AccessTokenManagerStub::*)(MessageParcel &data, MessageParcel &reply); - std::map requestFuncMap_; -}; -} // namespace AccessToken -} // namespace Security -} // namespace OHOS -#endif // ACCESSTOKEN_MANAGER_STUB_H diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index ff56b39dd..353ad782c 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -18,12 +18,12 @@ #include #include "access_token.h" -#include "access_token_error.h" #include "access_token_db.h" +#include "access_token_error.h" +#include "accesstoken_common_log.h" #include "accesstoken_dfx_define.h" #include "accesstoken_id_manager.h" #include "accesstoken_info_manager.h" -#include "accesstoken_common_log.h" #include "constant_common.h" #include "data_validator.h" #include "hap_token_info.h" @@ -49,6 +49,10 @@ #ifdef TOKEN_SYNC_ENABLE #include "token_modify_notifier.h" #endif // TOKEN_SYNC_ENABLE +#include "tokenid_kit.h" +#ifdef HICOLLIE_ENABLE +#include "xcollie/xcollie.h" +#endif // HICOLLIE_ENABLE namespace OHOS { namespace Security { @@ -63,6 +67,22 @@ const char* PERMISSION_STATE_SHEET_ABILITY_NAME = "com.ohos.permissionmanager.Pe const char* GLOBAL_SWITCH_SHEET_ABILITY_NAME = "com.ohos.permissionmanager.GlobalSwitchSheetAbility"; const char* APPLICATION_SETTING_ABILITY_NAME = "com.ohos.permissionmanager.MainAbility"; const char* DEVELOPER_MODE_STATE = "const.security.developermode.state"; + +const std::string MANAGE_HAP_TOKENID_PERMISSION = "ohos.permission.MANAGE_HAP_TOKENID"; +static constexpr int MAX_PERMISSION_SIZE = 1000; +static constexpr int32_t MAX_USER_POLICY_SIZE = 1024; +const std::string GRANT_SENSITIVE_PERMISSIONS = "ohos.permission.GRANT_SENSITIVE_PERMISSIONS"; +const std::string REVOKE_SENSITIVE_PERMISSIONS = "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS"; +const std::string GET_SENSITIVE_PERMISSIONS = "ohos.permission.GET_SENSITIVE_PERMISSIONS"; +const std::string DISABLE_PERMISSION_DIALOG = "ohos.permission.DISABLE_PERMISSION_DIALOG"; +const std::string GRANT_SHORT_TERM_WRITE_MEDIAVIDEO = "ohos.permission.GRANT_SHORT_TERM_WRITE_MEDIAVIDEO"; + +static constexpr int32_t SA_ID_ACCESSTOKEN_MANAGER_SERVICE = 3503; + +#ifdef HICOLLIE_ENABLE +constexpr uint32_t TIMEOUT = 40; // 40s +thread_local int32_t g_timerId = 0; +#endif // HICOLLIE_ENABLE } const bool REGISTER_RESULT = @@ -128,11 +148,18 @@ void AccessTokenManagerService::OnRemoveSystemAbility(int32_t systemAbilityId, c } } -PermUsedTypeEnum AccessTokenManagerService::GetPermissionUsedType( - AccessTokenID tokenID, const std::string& permissionName) +int32_t AccessTokenManagerService::GetPermissionUsedType( + AccessTokenID tokenID, const std::string& permissionName, int32_t& permUsedType) { LOGI(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d, permission=%{public}s", tokenID, permissionName.c_str()); - return PermissionManager::GetInstance().GetPermissionUsedType(tokenID, permissionName); + if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + permUsedType = static_cast(PermUsedTypeEnum::INVALID_USED_TYPE); + return permUsedType; + } + permUsedType = static_cast( + PermissionManager::GetInstance().GetPermissionUsedType(tokenID, permissionName)); + return ERR_OK; } int AccessTokenManagerService::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) @@ -210,6 +237,16 @@ int AccessTokenManagerService::GetDefPermission( int AccessTokenManagerService::GetReqPermissions( AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) { + AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } + if (!IsPrivilegedCalling() && + VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + std::vector permList; int ret = PermissionManager::GetInstance().GetReqPermissions(tokenID, permList, isSystemGrant); @@ -221,19 +258,41 @@ int AccessTokenManagerService::GetReqPermissions( return ret; } -PermissionOper AccessTokenManagerService::GetSelfPermissionsState(std::vector& reqPermList, - PermissionGrantInfoParcel& infoParcel) +int32_t AccessTokenManagerService::GetSelfPermissionsState(std::vector& reqPermList, + PermissionGrantInfoParcel& infoParcel, int32_t& permOper) { + uint32_t size = reqPermList.size(); + if (size > MAX_PERMISSION_SIZE) { + LOGE(ATM_DOMAIN, ATM_TAG, "PermList size %{public}d is invalid", size); + return INVALID_OPER; + } infoParcel.info.grantBundleName = grantBundleName_; infoParcel.info.grantAbilityName = grantAbilityName_; infoParcel.info.grantServiceAbilityName = grantServiceAbilityName_; AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID(); - return GetPermissionsState(callingTokenID, reqPermList); + permOper = GetPermissionsState(callingTokenID, reqPermList); + return ERR_OK; } int32_t AccessTokenManagerService::GetPermissionsStatus(AccessTokenID tokenID, std::vector& reqPermList) { + AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } + if (!IsPrivilegedCalling() && + VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + + uint32_t size = reqPermList.size(); + if (size > MAX_PERMISSION_SIZE) { + LOGE(ATM_DOMAIN, ATM_TAG, "PermList size %{public}d is invalid", size); + return INVALID_OPER; + } + if (!AccessTokenInfoManager::GetInstance().IsTokenIdExist(tokenID)) { LOGE(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d does not exist", tokenID); return ERR_TOKENID_NOT_EXIST; @@ -314,23 +373,64 @@ PermissionOper AccessTokenManagerService::GetPermissionsState(AccessTokenID toke int AccessTokenManagerService::GetPermissionFlag( AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag) { + AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } + + if (!IsPrivilegedCalling() && + VerifyAccessToken(callingTokenID, GRANT_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED && + VerifyAccessToken(callingTokenID, REVOKE_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED && + VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + return AccessTokenError::ERR_PERMISSION_DENIED; + } return PermissionManager::GetInstance().GetPermissionFlag(tokenID, permissionName, flag); } int32_t AccessTokenManagerService::SetPermissionRequestToggleStatus( const std::string& permissionName, uint32_t status, int32_t userID = 0) { + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } + + if (!IsPrivilegedCalling() && VerifyAccessToken(callingTokenID, DISABLE_PERMISSION_DIALOG) == PERMISSION_DENIED) { + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", + HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, "CALLER_TOKENID", + callingTokenID, "PERMISSION_NAME", permissionName, "INTERFACE", "SetToggleStatus"); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d).", callingTokenID); + return AccessTokenError::ERR_PERMISSION_DENIED; + } return AccessTokenInfoManager::GetInstance().SetPermissionRequestToggleStatus(permissionName, status, userID); } int32_t AccessTokenManagerService::GetPermissionRequestToggleStatus( const std::string& permissionName, uint32_t& status, int32_t userID = 0) { + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } + + if (!IsShellProcessCalling() && !IsPrivilegedCalling() && + VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", + HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, "CALLER_TOKENID", + callingTokenID, "PERMISSION_NAME", permissionName, "INTERFACE", "GetToggleStatus"); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d).", callingTokenID); + return AccessTokenError::ERR_PERMISSION_DENIED; + } return AccessTokenInfoManager::GetInstance().GetPermissionRequestToggleStatus(permissionName, status, userID); } int32_t AccessTokenManagerService::RequestAppPermOnSetting(AccessTokenID tokenID) { + if (!IsSystemAppCalling()) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } + HapTokenInfo hapInfo; int32_t ret = AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenID, hapInfo); if (ret != ERR_OK) { @@ -343,18 +443,59 @@ int32_t AccessTokenManagerService::RequestAppPermOnSetting(AccessTokenID tokenID int AccessTokenManagerService::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) { + AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } + + if (!IsPrivilegedCalling() && + VerifyAccessToken(callingTokenID, GRANT_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", + HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, + "CALLER_TOKENID", callingTokenID, "PERMISSION_NAME", permissionName); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + int32_t ret = PermissionManager::GetInstance().GrantPermission(tokenID, permissionName, flag); return ret; } int AccessTokenManagerService::RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) { + AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } + + if (!IsPrivilegedCalling() && + VerifyAccessToken(callingTokenID, REVOKE_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", + HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, + "CALLER_TOKENID", callingTokenID, "PERMISSION_NAME", permissionName); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + return AccessTokenError::ERR_PERMISSION_DENIED; + } return PermissionManager::GetInstance().RevokePermission(tokenID, permissionName, flag); } int AccessTokenManagerService::GrantPermissionForSpecifiedTime( AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime) { + AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } + + if (!IsPrivilegedCalling() && + VerifyAccessToken(callingTokenID, GRANT_SHORT_TERM_WRITE_MEDIAVIDEO) == PERMISSION_DENIED) { + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", + HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, + "CALLER_TOKENID", callingTokenID, "PERMISSION_NAME", permissionName); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + int32_t ret = PermissionManager::GetInstance().GrantPermissionForSpecifiedTime(tokenID, permissionName, onceTime); return ret; } @@ -362,6 +503,16 @@ int AccessTokenManagerService::GrantPermissionForSpecifiedTime( int AccessTokenManagerService::ClearUserGrantedPermissionState(AccessTokenID tokenID) { LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenID); + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if (!IsPrivilegedCalling() && + VerifyAccessToken(callingTokenID, REVOKE_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", + HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, + "CALLER_TOKENID", callingTokenID); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + AccessTokenInfoManager::GetInstance().ClearUserGrantedPermissionState(tokenID); AccessTokenInfoManager::GetInstance().SetPermDialogCap(tokenID, false); return RET_SUCCESS; @@ -370,48 +521,119 @@ int AccessTokenManagerService::ClearUserGrantedPermissionState(AccessTokenID tok int32_t AccessTokenManagerService::RegisterPermStateChangeCallback( const PermStateChangeScopeParcel& scope, const sptr& callback) { + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } + if (VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + return AccessTokenError::ERR_PERMISSION_DENIED; + } return PermissionManager::GetInstance().AddPermStateChangeCallback(scope.scope, callback); } int32_t AccessTokenManagerService::UnRegisterPermStateChangeCallback(const sptr& callback) { + uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingToken) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } + if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); + + return AccessTokenError::ERR_PERMISSION_DENIED; + } return PermissionManager::GetInstance().RemovePermStateChangeCallback(callback); } int32_t AccessTokenManagerService::RegisterSelfPermStateChangeCallback( const PermStateChangeScopeParcel& scope, const sptr& callback) { + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if (this->GetTokenType(callingTokenID) != TOKEN_HAP) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is not hap."); + return AccessTokenError::ERR_PARAM_INVALID; + } return PermissionManager::GetInstance().AddPermStateChangeCallback(scope.scope, callback); } int32_t AccessTokenManagerService::UnRegisterSelfPermStateChangeCallback(const sptr& callback) { + uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); + if (this->GetTokenType(callingToken) != TOKEN_HAP) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is not hap."); + return AccessTokenError::ERR_PARAM_INVALID; + } return PermissionManager::GetInstance().RemovePermStateChangeCallback(callback); } -AccessTokenIDEx AccessTokenManagerService::AllocHapToken(const HapInfoParcel& info, const HapPolicyParcel& policy) +int32_t AccessTokenManagerService::AllocHapToken(const HapInfoParcel& info, const HapPolicyParcel& policy, + uint64_t& fullTokenId) { LOGI(ATM_DOMAIN, ATM_TAG, "BundleName: %{public}s", info.hapInfoParameter.bundleName.c_str()); AccessTokenIDEx tokenIdEx; tokenIdEx.tokenIDEx = 0LL; + AccessTokenID tokenID = IPCSkeleton::GetCallingTokenID(); + if (!IsPrivilegedCalling() && + (VerifyAccessToken(tokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", tokenID); + fullTokenId = static_cast(tokenIdEx.tokenIDEx); + return ERR_OK; + } + int ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo( info.hapInfoParameter, policy.hapPolicy, tokenIdEx); if (ret != RET_SUCCESS) { LOGE(ATM_DOMAIN, ATM_TAG, "Hap token info create failed"); } - return tokenIdEx; + fullTokenId = static_cast(tokenIdEx.tokenIDEx); + return ERR_OK; +} + +static void TransferHapPolicy(const HapPolicy& policyIn, HapPolicy& policyOut) +{ + policyOut.apl = policyIn.apl; + policyOut.domain = policyIn.domain; + policyOut.permList.assign(policyIn.permList.begin(), policyIn.permList.end()); + policyOut.aclRequestedList.assign(policyIn.aclRequestedList.begin(), policyIn.aclRequestedList.end()); + policyOut.preAuthorizationInfo.assign(policyIn.preAuthorizationInfo.begin(), policyIn.preAuthorizationInfo.end()); + for (const auto& perm : policyIn.permStateList) { + PermissionStatus tmp; + tmp.permissionName = perm.permissionName; + tmp.grantStatus = perm.grantStatus; + tmp.grantFlag = perm.grantFlag; + policyOut.permStateList.emplace_back(tmp); + } + policyOut.checkIgnore = policyIn.checkIgnore; + policyOut.aclExtendedMap = policyIn.aclExtendedMap; } -int32_t AccessTokenManagerService::InitHapToken(const HapInfoParcel& info, HapPolicyParcel& policy, - AccessTokenIDEx& fullTokenId, HapInfoCheckResult& result) +int32_t AccessTokenManagerService::InitHapToken(const HapInfoParcel& info, const HapPolicyParcel& policy, + uint64_t& fullTokenId, HapInfoCheckResultIdl& resultInfoIdl) { LOGI(ATM_DOMAIN, ATM_TAG, "Init hap %{public}s.", info.hapInfoParameter.bundleName.c_str()); + AccessTokenID tokenID = IPCSkeleton::GetCallingTokenID(); + if (!IsPrivilegedCalling() && + (VerifyAccessToken(tokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", tokenID); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + + HapPolicyParcel policyCopy; + TransferHapPolicy(policy.hapPolicy, policyCopy.hapPolicy); + + resultInfoIdl.realResult = ERR_OK; std::vector initializedList; if (info.hapInfoParameter.dlpType == DLP_COMMON) { + HapInfoCheckResult permCheckResult; if (!PermissionManager::GetInstance().InitPermissionList(info.hapInfoParameter.appDistributionType, - policy.hapPolicy, initializedList, result)) { - return ERR_PERM_REQUEST_CFG_FAILED; + policyCopy.hapPolicy, initializedList, permCheckResult)) { + resultInfoIdl.realResult = ERROR; + resultInfoIdl.permissionName = permCheckResult.permCheckResult.permissionName; + int32_t rule = permCheckResult.permCheckResult.rule; + resultInfoIdl.rule = static_cast(rule); + return ERR_OK; } } else { if (!PermissionManager::GetInstance().InitDlpPermissionList( @@ -419,10 +641,12 @@ int32_t AccessTokenManagerService::InitHapToken(const HapInfoParcel& info, HapPo return ERR_PERM_REQUEST_CFG_FAILED; } } - policy.hapPolicy.permStateList = initializedList; + policyCopy.hapPolicy.permStateList = initializedList; + AccessTokenIDEx tokenIdEx; int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo( - info.hapInfoParameter, policy.hapPolicy, fullTokenId); + info.hapInfoParameter, policyCopy.hapPolicy, tokenIdEx); + fullTokenId = tokenIdEx.tokenIDEx; if (ret != RET_SUCCESS) { return ret; } @@ -433,6 +657,15 @@ int32_t AccessTokenManagerService::InitHapToken(const HapInfoParcel& info, HapPo int AccessTokenManagerService::DeleteToken(AccessTokenID tokenID) { LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenID); + AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID(); + if (!IsPrivilegedCalling() && + (VerifyAccessToken(callingTokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + if (this->GetTokenType(tokenID) != TOKEN_HAP) { + return AccessTokenError::ERR_PARAM_INVALID; + } // only support hap token deletion return AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); } @@ -443,47 +676,103 @@ int AccessTokenManagerService::GetTokenType(AccessTokenID tokenID) return AccessTokenIDManager::GetInstance().GetTokenIdType(tokenID); } -AccessTokenIDEx AccessTokenManagerService::GetHapTokenID( - int32_t userID, const std::string& bundleName, int32_t instIndex) +int AccessTokenManagerService::GetTokenType(AccessTokenID tokenID, int32_t& tokenType) +{ + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenID); + tokenType = AccessTokenIDManager::GetInstance().GetTokenIdType(tokenID); + return ERR_OK; +} + +int32_t AccessTokenManagerService::GetHapTokenID( + int32_t userID, const std::string& bundleName, int32_t instIndex, uint64_t& fullTokenId) { LOGD(ATM_DOMAIN, ATM_TAG, "UserID: %{public}d, bundle: %{public}s, instIndex: %{public}d", userID, bundleName.c_str(), instIndex); - return AccessTokenInfoManager::GetInstance().GetHapTokenID(userID, bundleName, instIndex); + if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + + AccessTokenIDEx tokenIdEx = {0}; + fullTokenId = tokenIdEx.tokenIDEx; + return ERR_OK; + } + AccessTokenIDEx tokenIdEx = AccessTokenInfoManager::GetInstance().GetHapTokenID(userID, bundleName, instIndex); + fullTokenId = tokenIdEx.tokenIDEx; + return ERR_OK; } -AccessTokenID AccessTokenManagerService::AllocLocalTokenID( - const std::string& remoteDeviceID, AccessTokenID remoteTokenID) +int32_t AccessTokenManagerService::AllocLocalTokenID( + const std::string& remoteDeviceID, AccessTokenID remoteTokenID, AccessTokenID& tokenId) { LOGI(ATM_DOMAIN, ATM_TAG, "RemoteDeviceID: %{public}s, remoteTokenID: %{public}d", ConstantCommon::EncryptDevId(remoteDeviceID).c_str(), remoteTokenID); + if ((!IsNativeProcessCalling()) && !IsPrivilegedCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + tokenId = INVALID_TOKENID; + return ERR_OK; + } AccessTokenID tokenID = AccessTokenInfoManager::GetInstance().AllocLocalTokenID(remoteDeviceID, remoteTokenID); - return tokenID; + tokenId = tokenID; + return ERR_OK; } -int32_t AccessTokenManagerService::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, - const HapPolicyParcel& policyParcel, HapInfoCheckResult& result) +int32_t AccessTokenManagerService::UpdateHapToken(uint64_t& fullTokenId, const UpdateHapInfoParamsIdl& infoIdl, + const HapPolicyParcel& policyParcel, HapInfoCheckResultIdl& resultInfoIdl) { + AccessTokenIDEx tokenIdEx; + tokenIdEx.tokenIDEx = fullTokenId; LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenIdEx.tokenIdExStruct.tokenID); + AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID(); + if (!IsPrivilegedCalling() && + (VerifyAccessToken(callingTokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + UpdateHapInfoParams info; + info.appIDDesc = infoIdl.appIDDesc; + info.apiVersion = infoIdl.apiVersion; + info.isSystemApp = infoIdl.isSystemApp; + info.appDistributionType = infoIdl.appDistributionType; std::vector InitializedList; + + resultInfoIdl.realResult = ERR_OK; + HapInfoCheckResult permCheckResult; if (!PermissionManager::GetInstance().InitPermissionList( - info.appDistributionType, policyParcel.hapPolicy, InitializedList, result)) { - return ERR_PERM_REQUEST_CFG_FAILED; + info.appDistributionType, policyParcel.hapPolicy, InitializedList, permCheckResult)) { + resultInfoIdl.realResult = ERROR; + resultInfoIdl.permissionName = permCheckResult.permCheckResult.permissionName; + int32_t rule = permCheckResult.permCheckResult.rule; + resultInfoIdl.rule = static_cast(rule); + return ERR_OK; } int32_t ret = AccessTokenInfoManager::GetInstance().UpdateHapToken(tokenIdEx, info, InitializedList, policyParcel.hapPolicy); + fullTokenId = tokenIdEx.tokenIDEx; return ret; } -int32_t AccessTokenManagerService::GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenIdList) +int32_t AccessTokenManagerService::GetTokenIDByUserID(int32_t userID, std::vector& tokenIds) { LOGD(ATM_DOMAIN, ATM_TAG, "UserID: %{public}d", userID); - return AccessTokenInfoManager::GetInstance().GetTokenIDByUserID(userID, tokenIdList); + if (!IsNativeProcessCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + std::unordered_set tokenIdList; + + auto result = AccessTokenInfoManager::GetInstance().GetTokenIDByUserID(userID, tokenIdList); + std::copy(tokenIdList.begin(), tokenIdList.end(), std::back_inserter(tokenIds)); + return result; } int AccessTokenManagerService::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfoParcel& infoParcel) { LOGD(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenID); + if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + return AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenID, infoParcel.hapTokenInfoParams); } @@ -491,6 +780,11 @@ int AccessTokenManagerService::GetHapTokenInfoExtension(AccessTokenID tokenID, HapTokenInfoParcel& hapTokenInfoRes, std::string& appID) { LOGD(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d.", tokenID); + if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + int ret = AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenID, hapTokenInfoRes.hapTokenInfoParams); if (ret != RET_SUCCESS) { LOGE(ATM_DOMAIN, ATM_TAG, "Get hap token info extenstion failed, ret is %{public}d.", ret); @@ -503,6 +797,12 @@ int AccessTokenManagerService::GetHapTokenInfoExtension(AccessTokenID tokenID, int AccessTokenManagerService::GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoParcel& infoParcel) { LOGD(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenID); + + if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d).", IPCSkeleton::GetCallingTokenID()); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + NativeTokenInfoBase baseInfo; int32_t ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(tokenID, baseInfo); infoParcel.nativeTokenInfoParams.apl = baseInfo.apl; @@ -513,6 +813,10 @@ int AccessTokenManagerService::GetNativeTokenInfo(AccessTokenID tokenID, NativeT #ifndef ATM_BUILD_VARIANT_USER_ENABLE int32_t AccessTokenManagerService::ReloadNativeTokenInfo() { + if (!IsPrivilegedCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + return AccessTokenError::ERR_PERMISSION_DENIED; + } LibraryLoader loader(CONFIG_PARSE_LIBPATH); ConfigPolicyLoaderInterface* policy = loader.GetObject(); if (policy == nullptr) { @@ -531,9 +835,15 @@ int32_t AccessTokenManagerService::ReloadNativeTokenInfo() } #endif -AccessTokenID AccessTokenManagerService::GetNativeTokenId(const std::string& processName) +int32_t AccessTokenManagerService::GetNativeTokenId(const std::string& processName, AccessTokenID& tokenID) { - return AccessTokenInfoManager::GetInstance().GetNativeTokenId(processName); + if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + tokenID = INVALID_TOKENID; + return ERR_OK; + } + tokenID = AccessTokenInfoManager::GetInstance().GetNativeTokenId(processName); + return ERR_OK; } #ifdef TOKEN_SYNC_ENABLE @@ -542,16 +852,47 @@ int AccessTokenManagerService::GetHapTokenInfoFromRemote(AccessTokenID tokenID, { LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenID); + if (!IsAccessTokenCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + return AccessTokenError::ERR_PERMISSION_DENIED; + } return AccessTokenInfoManager::GetInstance().GetHapTokenInfoFromRemote(tokenID, hapSyncParcel.hapTokenInfoForSyncParams); } +static void TransferHapTokenInfoForSync(const HapTokenInfoForSync& policyIn, HapTokenInfoForSync& policyOut) +{ + policyOut.baseInfo.ver = policyIn.baseInfo.ver; + policyOut.baseInfo.userID = policyIn.baseInfo.userID; + policyOut.baseInfo.bundleName = policyIn.baseInfo.bundleName; + policyOut.baseInfo.apiVersion = policyIn.baseInfo.apiVersion; + policyOut.baseInfo.instIndex = policyIn.baseInfo.instIndex; + policyOut.baseInfo.dlpType = policyIn.baseInfo.dlpType; + policyOut.baseInfo.tokenID = policyIn.baseInfo.tokenID; + policyOut.baseInfo.tokenAttr = policyIn.baseInfo.tokenAttr; + for (const auto& item : policyIn.permStateList) { + PermissionStatus tmp; + tmp.permissionName = item.permissionName; + tmp.grantStatus = item.grantStatus; + tmp.grantFlag = item.grantFlag; + policyOut.permStateList.emplace_back(tmp); + } +} + int AccessTokenManagerService::SetRemoteHapTokenInfo(const std::string& deviceID, - HapTokenInfoForSyncParcel& hapSyncParcel) + const HapTokenInfoForSyncParcel& hapSyncParcel) { LOGI(ATM_DOMAIN, ATM_TAG, "DeviceID: %{public}s", ConstantCommon::EncryptDevId(deviceID).c_str()); + + if (!IsAccessTokenCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + HapTokenInfoForSyncParcel hapSyncParcelCopy; + TransferHapTokenInfoForSync(hapSyncParcel.hapTokenInfoForSyncParams, hapSyncParcelCopy.hapTokenInfoForSyncParams); + int ret = AccessTokenInfoManager::GetInstance().SetRemoteHapTokenInfo(deviceID, - hapSyncParcel.hapTokenInfoForSyncParams); + hapSyncParcelCopy.hapTokenInfoForSyncParams); return ret; } @@ -559,58 +900,101 @@ int AccessTokenManagerService::DeleteRemoteToken(const std::string& deviceID, Ac { LOGI(ATM_DOMAIN, ATM_TAG, "DeviceID: %{public}s, token id %{public}d", ConstantCommon::EncryptDevId(deviceID).c_str(), tokenID); + + if (!IsAccessTokenCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + return AccessTokenError::ERR_PERMISSION_DENIED; + } return AccessTokenInfoManager::GetInstance().DeleteRemoteToken(deviceID, tokenID); } -AccessTokenID AccessTokenManagerService::GetRemoteNativeTokenID(const std::string& deviceID, - AccessTokenID tokenID) +int32_t AccessTokenManagerService::GetRemoteNativeTokenID(const std::string& deviceID, + AccessTokenID tokenID, AccessTokenID& tokenId) { LOGI(ATM_DOMAIN, ATM_TAG, "DeviceID: %{public}s, token id %{public}d", ConstantCommon::EncryptDevId(deviceID).c_str(), tokenID); - return AccessTokenInfoManager::GetInstance().GetRemoteNativeTokenID(deviceID, tokenID); + if (!IsAccessTokenCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + tokenId = INVALID_TOKENID; + return ERR_OK; + } + tokenId = AccessTokenInfoManager::GetInstance().GetRemoteNativeTokenID(deviceID, tokenID); + return ERR_OK; } int AccessTokenManagerService::DeleteRemoteDeviceTokens(const std::string& deviceID) { LOGI(ATM_DOMAIN, ATM_TAG, "DeviceID: %{public}s", ConstantCommon::EncryptDevId(deviceID).c_str()); + + if (!IsAccessTokenCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + return AccessTokenError::ERR_PERMISSION_DENIED; + } return AccessTokenInfoManager::GetInstance().DeleteRemoteDeviceTokens(deviceID); } int32_t AccessTokenManagerService::RegisterTokenSyncCallback(const sptr& callback) { LOGI(ATM_DOMAIN, ATM_TAG, "Call token sync callback registed."); + + if (!IsAccessTokenCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied, tokenID=%{public}d", IPCSkeleton::GetCallingTokenID()); + return AccessTokenError::ERR_PERMISSION_DENIED; + } return TokenModifyNotifier::GetInstance().RegisterTokenSyncCallback(callback); } int32_t AccessTokenManagerService::UnRegisterTokenSyncCallback() { LOGI(ATM_DOMAIN, ATM_TAG, "Call token sync callback unregisted."); + + if (!IsAccessTokenCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied, tokenID=%{public}d", IPCSkeleton::GetCallingTokenID()); + return AccessTokenError::ERR_PERMISSION_DENIED; + } return TokenModifyNotifier::GetInstance().UnRegisterTokenSyncCallback(); } #endif -void AccessTokenManagerService::DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& dumpInfo) +int32_t AccessTokenManagerService::DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& dumpInfo) { LOGI(ATM_DOMAIN, ATM_TAG, "Called"); + if (!IsShellProcessCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + dumpInfo = ""; + return ERR_OK; + } + bool isDeveloperMode = OHOS::system::GetBoolParameter(DEVELOPER_MODE_STATE, false); if (!isDeveloperMode) { dumpInfo = "Developer mode not support."; - return; + return ERR_OK; } AccessTokenInfoManager::GetInstance().DumpTokenInfo(infoParcel.info, dumpInfo); + return ERR_OK; } int32_t AccessTokenManagerService::GetVersion(uint32_t& version) { LOGI(ATM_DOMAIN, ATM_TAG, "Called"); + uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingToken) == TOKEN_HAP) && (!IsSystemAppCalling())) { + return AccessTokenError::ERR_NOT_SYSTEM_APP; + } version = DEFAULT_TOKEN_VERSION; return RET_SUCCESS; } int32_t AccessTokenManagerService::SetPermDialogCap(const HapBaseInfoParcel& hapBaseInfoParcel, bool enable) { + uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); + if (VerifyAccessToken(callingToken, DISABLE_PERMISSION_DIALOG) == PERMISSION_DENIED) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + AccessTokenIDEx tokenIdEx = AccessTokenInfoManager::GetInstance().GetHapTokenID( hapBaseInfoParcel.hapBaseInfo.userID, hapBaseInfoParcel.hapBaseInfo.bundleName, @@ -624,28 +1008,74 @@ int32_t AccessTokenManagerService::SetPermDialogCap(const HapBaseInfoParcel& hap return ret; } -void AccessTokenManagerService::GetPermissionManagerInfo(PermissionGrantInfoParcel& infoParcel) +int32_t AccessTokenManagerService::GetPermissionManagerInfo(PermissionGrantInfoParcel& infoParcel) { infoParcel.info.grantBundleName = grantBundleName_; infoParcel.info.grantAbilityName = grantAbilityName_; infoParcel.info.grantServiceAbilityName = grantServiceAbilityName_; infoParcel.info.permStateAbilityName = permStateAbilityName_; infoParcel.info.globalSwitchAbilityName = globalSwitchAbilityName_; + return ERR_OK; } int32_t AccessTokenManagerService::InitUserPolicy( - const std::vector& userList, const std::vector& permList) + const std::vector& userIdlList, const std::vector& permList) { + uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); + if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + + uint32_t userSize = userIdlList.size(); + uint32_t permSize = permList.size(); + if ((userSize > MAX_USER_POLICY_SIZE) || (permSize > MAX_USER_POLICY_SIZE)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Size %{public}u is invalid", userSize); + return AccessTokenError::ERR_OVERSIZE; + } + + std::vector userList; + for (const auto& item : userIdlList) { + UserState tmp; + tmp.userId = item.userId; + tmp.isActive = item.isActive; + userList.emplace_back(tmp); + } return AccessTokenInfoManager::GetInstance().InitUserPolicy(userList, permList); } -int32_t AccessTokenManagerService::UpdateUserPolicy(const std::vector& userList) +int32_t AccessTokenManagerService::UpdateUserPolicy(const std::vector& userIdlList) { + uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); + if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + + uint32_t userSize = userIdlList.size(); + if (userSize > MAX_USER_POLICY_SIZE) { + LOGE(ATM_DOMAIN, ATM_TAG, "Size %{public}u is invalid", userSize); + return AccessTokenError::ERR_OVERSIZE; + } + + std::vector userList; + for (const auto& item : userIdlList) { + UserState tmp; + tmp.userId = item.userId; + tmp.isActive = item.isActive; + userList.emplace_back(tmp); + } return AccessTokenInfoManager::GetInstance().UpdateUserPolicy(userList); } int32_t AccessTokenManagerService::ClearUserPolicy() { + uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); + if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + return AccessTokenInfoManager::GetInstance().ClearUserPolicy(); } @@ -741,14 +1171,32 @@ void AccessTokenManagerService::GetConfigValue() } int32_t AccessTokenManagerService::GetKernelPermissions( - AccessTokenID tokenId, std::vector& kernelPermList) + AccessTokenID tokenId, std::vector& kernelPermIdlList) { - return AccessTokenInfoManager::GetInstance().GetKernelPermissions(tokenId, kernelPermList); + auto callingToken = IPCSkeleton::GetCallingTokenID(); + if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); + return AccessTokenError::ERR_PERMISSION_DENIED; + } + + std::vector kernelPermList; + auto result = AccessTokenInfoManager::GetInstance().GetKernelPermissions(tokenId, kernelPermList); + for (const auto& item : kernelPermList) { + PermissionWithValueIdl tmp; + tmp.permissionName = item.permissionName; + tmp.value = item.value; + kernelPermIdlList.emplace_back(tmp); + } + return result; } int32_t AccessTokenManagerService::GetReqPermissionByName( AccessTokenID tokenId, const std::string& permissionName, std::string& value) { + if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + return AccessTokenError::ERR_PERMISSION_DENIED; + } return AccessTokenInfoManager::GetInstance().GetReqPermissionByName( tokenId, permissionName, value); } @@ -767,6 +1215,64 @@ bool AccessTokenManagerService::Initialize() LOGI(ATM_DOMAIN, ATM_TAG, "Initialize success"); return true; } + +bool AccessTokenManagerService::IsPrivilegedCalling() const +{ + // shell process is root in debug mode. +#ifndef ATM_BUILD_VARIANT_USER_ENABLE + int32_t callingUid = IPCSkeleton::GetCallingUid(); + return callingUid == ROOT_UID; +#else + return false; +#endif +} + +bool AccessTokenManagerService::IsAccessTokenCalling() +{ + uint32_t tokenCaller = IPCSkeleton::GetCallingTokenID(); + if (tokenSyncId_ == 0) { + this->GetNativeTokenId("token_sync_service", tokenSyncId_); + } + return tokenCaller == tokenSyncId_; +} + +bool AccessTokenManagerService::IsNativeProcessCalling() +{ + AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); + return this->GetTokenType(tokenCaller) == TOKEN_NATIVE; +} + +bool AccessTokenManagerService::IsShellProcessCalling() +{ + AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); + return this->GetTokenType(tokenCaller) == TOKEN_SHELL; +} + +bool AccessTokenManagerService::IsSystemAppCalling() const +{ + uint64_t fullTokenId = IPCSkeleton::GetCallingFullTokenID(); + return TokenIdKit::IsSystemAppByFullTokenID(fullTokenId); +} + +int32_t AccessTokenManagerService::CallbackEnter(uint32_t code) +{ + ClearThreadErrorMsg(); +#ifdef HICOLLIE_ENABLE + std::string name = "AtmTimer"; + g_timerId = HiviewDFX::XCollie::GetInstance().SetTimer(name, TIMEOUT, nullptr, nullptr, + HiviewDFX::XCOLLIE_FLAG_LOG); +#endif // HICOLLIE_ENABLE + return ERR_OK; +} + +int32_t AccessTokenManagerService::CallbackExit(uint32_t code, int32_t result) +{ +#ifdef HICOLLIE_ENABLE + HiviewDFX::XCollie::GetInstance().CancelTimer(g_timerId); +#endif // HICOLLIE_ENABLE + ReportSysCommonEventError(code, 0); + return ERR_OK; +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp deleted file mode 100644 index 9271dc038..000000000 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp +++ /dev/null @@ -1,1335 +0,0 @@ -/* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "accesstoken_manager_stub.h" - -#include -#include "accesstoken_dfx_define.h" -#include "accesstoken_common_log.h" -#include "access_token_error.h" -#include "ipc_skeleton.h" -#include "memory_guard.h" -#include "string_ex.h" -#include "tokenid_kit.h" -#include "hisysevent_adapter.h" -#ifdef HICOLLIE_ENABLE -#include "xcollie/xcollie.h" -#endif // HICOLLIE_ENABLE - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -const std::string MANAGE_HAP_TOKENID_PERMISSION = "ohos.permission.MANAGE_HAP_TOKENID"; -static const int32_t DUMP_CAPACITY_SIZE = 2 * 1024 * 1000; -static const int MAX_PERMISSION_SIZE = 1000; -static const int32_t MAX_USER_POLICY_SIZE = 1024; -const std::string GRANT_SENSITIVE_PERMISSIONS = "ohos.permission.GRANT_SENSITIVE_PERMISSIONS"; -const std::string REVOKE_SENSITIVE_PERMISSIONS = "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS"; -const std::string GET_SENSITIVE_PERMISSIONS = "ohos.permission.GET_SENSITIVE_PERMISSIONS"; -const std::string DISABLE_PERMISSION_DIALOG = "ohos.permission.DISABLE_PERMISSION_DIALOG"; -const std::string GRANT_SHORT_TERM_WRITE_MEDIAVIDEO = "ohos.permission.GRANT_SHORT_TERM_WRITE_MEDIAVIDEO"; - -#ifdef HICOLLIE_ENABLE -constexpr uint32_t TIMEOUT = 40; // 40s -#endif // HICOLLIE_ENABLE -} - -int32_t AccessTokenManagerStub::OnRemoteRequest( - uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& option) -{ - MemoryGuard guard; - - ClearThreadErrorMsg(); - uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); - LOGD(ATM_DOMAIN, ATM_TAG, "Code %{public}u token %{public}u", code, callingTokenID); - std::u16string descriptor = data.ReadInterfaceToken(); - if (descriptor != IAccessTokenManager::GetDescriptor()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Get unexpect descriptor: %{public}s", Str16ToStr8(descriptor).c_str()); - return ERROR_IPC_REQUEST_FAIL; - } - -#ifdef HICOLLIE_ENABLE - std::string name = "AtmTimer"; - int timerId = HiviewDFX::XCollie::GetInstance().SetTimer(name, TIMEOUT, nullptr, nullptr, - HiviewDFX::XCOLLIE_FLAG_LOG); -#endif // HICOLLIE_ENABLE - - auto itFunc = requestFuncMap_.find(code); - if (itFunc != requestFuncMap_.end()) { - auto requestFunc = itFunc->second; - if (requestFunc != nullptr) { - (this->*requestFunc)(data, reply); - -#ifdef HICOLLIE_ENABLE - HiviewDFX::XCollie::GetInstance().CancelTimer(timerId); -#endif // HICOLLIE_ENABLE - ReportSysCommonEventError(code, 0); - return NO_ERROR; - } - } - -#ifdef HICOLLIE_ENABLE - HiviewDFX::XCollie::GetInstance().CancelTimer(timerId); -#endif // HICOLLIE_ENABLE - - return IPCObjectStub::OnRemoteRequest(code, data, reply, option); // when code invalid -} - -void AccessTokenManagerStub::DeleteTokenInfoInner(MessageParcel& data, MessageParcel& reply) -{ - AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID(); - if (!IsPrivilegedCalling() && - (VerifyAccessToken(callingTokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - AccessTokenID tokenID = data.ReadUint32(); - if (this->GetTokenType(tokenID) != TOKEN_HAP) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PARAM_INVALID), "WriteInt32 failed."); - return; - } - int result = this->DeleteToken(tokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::GetPermissionUsedTypeInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(static_cast(PermUsedTypeEnum::INVALID_USED_TYPE)), - "WriteInt32 failed."); - return; - } - uint32_t tokenID; - if (!data.ReadUint32(tokenID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to read tokenID."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(static_cast(PermUsedTypeEnum::INVALID_USED_TYPE)), - "WriteInt32 failed."); - return; - } - std::string permissionName; - if (!data.ReadString(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to read permissionName."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32( - static_cast(PermUsedTypeEnum::INVALID_USED_TYPE)), "WriteInt32 failed."); - return; - } - PermUsedTypeEnum result = this->GetPermissionUsedType(tokenID, permissionName); - int32_t type = static_cast(result); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(type), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::VerifyAccessTokenInner(MessageParcel& data, MessageParcel& reply) -{ - AccessTokenID tokenID = data.ReadUint32(); - std::string permissionName = data.ReadString(); - int result = this->VerifyAccessToken(tokenID, permissionName); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::VerifyAccessTokenWithListInner(MessageParcel& data, MessageParcel& reply) -{ - AccessTokenID tokenID; - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, data.ReadUint32(tokenID), "ReadUint32 failed."); - - std::vector permissionList; - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, data.ReadStringVector(&permissionList), "ReadStringVector failed."); - - std::vector permStateList; - this->VerifyAccessToken(tokenID, permissionList, permStateList); - - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32Vector(permStateList), "WriteInt32Vector failed."); -} - -void AccessTokenManagerStub::GetDefPermissionInner(MessageParcel& data, MessageParcel& reply) -{ - std::string permissionName = data.ReadString(); - PermissionDefParcel permissionDefParcel; - int result = this->GetDefPermission(permissionName, permissionDefParcel); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteParcelable(&permissionDefParcel), "Write PermissionDefParcel fail."); -} - -void AccessTokenManagerStub::GetReqPermissionsInner(MessageParcel& data, MessageParcel& reply) -{ - unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - if (!IsPrivilegedCalling() && - VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - - AccessTokenID tokenID = data.ReadUint32(); - int isSystemGrant = data.ReadInt32(); - std::vector permList; - - int result = this->GetReqPermissions(tokenID, permList, isSystemGrant); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - LOGD(ATM_DOMAIN, ATM_TAG, "PermList size: %{public}zu", permList.size()); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(permList.size()), "WriteInt32 failed."); - for (const auto& permDef : permList) { - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&permDef), "WriteParcelable fail."); - } -} - -void AccessTokenManagerStub::GetSelfPermissionsStateInner(MessageParcel& data, MessageParcel& reply) -{ - std::vector permList; - uint32_t size = 0; - if (!data.ReadUint32(size)) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(INVALID_OPER), "WriteInt32 failed."); - return; - } - LOGD(ATM_DOMAIN, ATM_TAG, "PermList size read from client data is %{public}d.", size); - if (size > MAX_PERMISSION_SIZE) { - LOGE(ATM_DOMAIN, ATM_TAG, "PermList size %{public}d is invalid", size); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(INVALID_OPER), "WriteInt32 failed."); - return; - } - for (uint32_t i = 0; i < size; i++) { - sptr permissionParcel = data.ReadParcelable(); - if (permissionParcel != nullptr) { - permList.emplace_back(*permissionParcel); - } - } - PermissionGrantInfoParcel infoParcel; - PermissionOper result = this->GetSelfPermissionsState(permList, infoParcel); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(permList.size()), "WriteUint32 failed."); - for (const auto& perm : permList) { - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&perm), "WriteParcelable failed."); - } - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&infoParcel), "WriteParcelable failed."); -} - -void AccessTokenManagerStub::GetPermissionsStatusInner(MessageParcel& data, MessageParcel& reply) -{ - unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - if (!IsPrivilegedCalling() && - VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - - AccessTokenID tokenID = data.ReadUint32(); - std::vector permList; - uint32_t size = 0; - if (!data.ReadUint32(size)) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(INVALID_OPER), "WriteInt32 failed."); - return; - } - LOGD(ATM_DOMAIN, ATM_TAG, "PermList size read from client data is %{public}d.", size); - if (size > MAX_PERMISSION_SIZE) { - LOGE(ATM_DOMAIN, ATM_TAG, "PermList size %{public}d is oversize", size); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(INVALID_OPER), "WriteInt32 failed."); - return; - } - for (uint32_t i = 0; i < size; i++) { - sptr permissionParcel = data.ReadParcelable(); - if (permissionParcel != nullptr) { - permList.emplace_back(*permissionParcel); - } - } - int32_t result = this->GetPermissionsStatus(tokenID, permList); - - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(permList.size()), "WriteUint32 failed."); - for (const auto& perm : permList) { - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&perm), "WriteParcelable failed."); - } -} - -void AccessTokenManagerStub::GetPermissionFlagInner(MessageParcel& data, MessageParcel& reply) -{ - unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - AccessTokenID tokenID = data.ReadUint32(); - std::string permissionName = data.ReadString(); - if (!IsPrivilegedCalling() && - VerifyAccessToken(callingTokenID, GRANT_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED && - VerifyAccessToken(callingTokenID, REVOKE_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED && - VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - uint32_t flag; - int result = this->GetPermissionFlag(tokenID, permissionName, flag); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(flag), "WriteUint32 failed."); -} - -void AccessTokenManagerStub::SetPermissionRequestToggleStatusInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - - std::string permissionName = data.ReadString(); - uint32_t status = data.ReadUint32(); - int32_t userID = data.ReadInt32(); - if (!IsPrivilegedCalling() && VerifyAccessToken(callingTokenID, DISABLE_PERMISSION_DIALOG) == PERMISSION_DENIED) { - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, "CALLER_TOKENID", - callingTokenID, "PERMISSION_NAME", permissionName, "INTERFACE", "SetToggleStatus"); - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d).", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - int32_t result = this->SetPermissionRequestToggleStatus(permissionName, status, userID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::GetPermissionRequestToggleStatusInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - - std::string permissionName = data.ReadString(); - int32_t userID = data.ReadInt32(); - if (!IsShellProcessCalling() && !IsPrivilegedCalling() && - VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, "CALLER_TOKENID", - callingTokenID, "PERMISSION_NAME", permissionName, "INTERFACE", "GetToggleStatus"); - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d).", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - uint32_t status; - int32_t result = this->GetPermissionRequestToggleStatus(permissionName, status, userID); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(status), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::RequestAppPermOnSettingInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsSystemAppCalling()) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - - AccessTokenID tokenID; - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, data.ReadUint32(tokenID), "ReadUint32 failed."); - - int result = this->RequestAppPermOnSetting(tokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::GrantPermissionInner(MessageParcel& data, MessageParcel& reply) -{ - unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - AccessTokenID tokenID = data.ReadUint32(); - std::string permissionName = data.ReadString(); - uint32_t flag = data.ReadUint32(); - if (!IsPrivilegedCalling() && - VerifyAccessToken(callingTokenID, GRANT_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, - "CALLER_TOKENID", callingTokenID, "PERMISSION_NAME", permissionName); - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - int result = this->GrantPermission(tokenID, permissionName, flag); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::RevokePermissionInner(MessageParcel& data, MessageParcel& reply) -{ - unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - AccessTokenID tokenID = data.ReadUint32(); - std::string permissionName = data.ReadString(); - uint32_t flag = data.ReadUint32(); - if (!IsPrivilegedCalling() && - VerifyAccessToken(callingTokenID, REVOKE_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, - "CALLER_TOKENID", callingTokenID, "PERMISSION_NAME", permissionName); - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - int result = this->RevokePermission(tokenID, permissionName, flag); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::GrantPermissionForSpecifiedTimeInner(MessageParcel& data, MessageParcel& reply) -{ - unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - AccessTokenID tokenID = data.ReadUint32(); - std::string permissionName = data.ReadString(); - uint32_t onceTime = data.ReadUint32(); - if (!IsPrivilegedCalling() && - VerifyAccessToken(callingTokenID, GRANT_SHORT_TERM_WRITE_MEDIAVIDEO) == PERMISSION_DENIED) { - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, - "CALLER_TOKENID", callingTokenID, "PERMISSION_NAME", permissionName); - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - int result = this->GrantPermissionForSpecifiedTime(tokenID, permissionName, onceTime); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::ClearUserGrantedPermissionStateInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); - if (!IsPrivilegedCalling() && - VerifyAccessToken(callingTokenID, REVOKE_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, - "CALLER_TOKENID", callingTokenID); - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - AccessTokenID tokenID = data.ReadUint32(); - int result = this->ClearUserGrantedPermissionState(tokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::AllocHapTokenInner(MessageParcel& data, MessageParcel& reply) -{ - AccessTokenIDEx res = {0}; - AccessTokenID tokenID = IPCSkeleton::GetCallingTokenID(); - if (!IsPrivilegedCalling() && - (VerifyAccessToken(tokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", tokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - - sptr hapInfoParcel = data.ReadParcelable(); - sptr hapPolicyParcel = data.ReadParcelable(); - if (hapInfoParcel == nullptr || hapPolicyParcel == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read hapPolicyParcel or hapInfoParcel fail"); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - res = this->AllocHapToken(*hapInfoParcel, *hapPolicyParcel); - reply.WriteUint64(res.tokenIDEx); -} - -void AccessTokenManagerStub::InitHapTokenInner(MessageParcel& data, MessageParcel& reply) -{ - AccessTokenID tokenID = IPCSkeleton::GetCallingTokenID(); - if (!IsPrivilegedCalling() && - (VerifyAccessToken(tokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", tokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - - sptr hapInfoParcel = data.ReadParcelable(); - sptr hapPolicyParcel = data.ReadParcelable(); - if (hapInfoParcel == nullptr || hapPolicyParcel == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read hapPolicyParcel or hapInfoParcel fail"); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - int32_t res; - AccessTokenIDEx fullTokenId = { 0 }; - HapInfoCheckResult result; - res = this->InitHapToken(*hapInfoParcel, *hapPolicyParcel, fullTokenId, result); - if (!reply.WriteInt32(res)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteInt32 fail"); - } - - if (res != RET_SUCCESS) { - if (!result.permCheckResult.permissionName.empty()) { - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteString(result.permCheckResult.permissionName), "WriteString failed."); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(result.permCheckResult.rule), "WriteInt32 failed."); - } - LOGE(ATM_DOMAIN, ATM_TAG, "Res error %{public}d.", res); - return; - } - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint64(fullTokenId.tokenIDEx), "WriteUint64 failed."); -} - -void AccessTokenManagerStub::GetTokenTypeInner(MessageParcel& data, MessageParcel& reply) -{ - AccessTokenID tokenID = data.ReadUint32(); - int result = this->GetTokenType(tokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::GetHapTokenIDInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(INVALID_TOKENID), "WriteInt32 failed."); - return; - } - int userID = data.ReadInt32(); - std::string bundleName = data.ReadString(); - int instIndex = data.ReadInt32(); - AccessTokenIDEx tokenIdEx = this->GetHapTokenID(userID, bundleName, instIndex); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint64(tokenIdEx.tokenIDEx), "WriteUint64 failed."); -} - -void AccessTokenManagerStub::AllocLocalTokenIDInner(MessageParcel& data, MessageParcel& reply) -{ - if ((!IsNativeProcessCalling()) && !IsPrivilegedCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(INVALID_TOKENID), "WriteInt32 failed."); - return; - } - std::string remoteDeviceID = data.ReadString(); - AccessTokenID remoteTokenID = data.ReadUint32(); - AccessTokenID result = this->AllocLocalTokenID(remoteDeviceID, remoteTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(result), "WriteUint32 failed."); -} - -void AccessTokenManagerStub::UpdateHapTokenInner(MessageParcel& data, MessageParcel& reply) -{ - AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID(); - if (!IsPrivilegedCalling() && - (VerifyAccessToken(callingTokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - UpdateHapInfoParams info; - AccessTokenID tokenID = data.ReadUint32(); - info.isSystemApp = data.ReadBool(); - info.appIDDesc = data.ReadString(); - info.apiVersion = data.ReadInt32(); - info.appDistributionType = data.ReadString(); - AccessTokenIDEx tokenIdEx; - tokenIdEx.tokenIdExStruct.tokenID = tokenID; - sptr policyParcel = data.ReadParcelable(); - if (policyParcel == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "PolicyParcel read faild"); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - HapInfoCheckResult resultInfo; - int32_t result = this->UpdateHapToken(tokenIdEx, info, *policyParcel, resultInfo); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteUint32(tokenIdEx.tokenIdExStruct.tokenAttr), "WriteUint32 failed."); - if (result != RET_SUCCESS) { - if (!resultInfo.permCheckResult.permissionName.empty()) { - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteString(resultInfo.permCheckResult.permissionName), "WriteString failed."); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(resultInfo.permCheckResult.rule), "WriteInt32 failed."); - } - LOGE(ATM_DOMAIN, ATM_TAG, "Res error %{public}d", result); - return; - } -} - -void AccessTokenManagerStub::GetTokenIDByUserIDInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsNativeProcessCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - std::unordered_set tokenIdList; - int32_t userID = 0; - if (!data.ReadInt32(userID)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to read userId."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - int32_t result = this->GetTokenIDByUserID(userID, tokenIdList); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(tokenIdList.size()), "WriteUint32 failed."); - for (const auto& tokenId : tokenIdList) { - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(tokenId), "WriteUint32 failed."); - } -} - -void AccessTokenManagerStub::GetHapTokenInfoInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - HapTokenInfoParcel hapTokenInfoParcel; - AccessTokenID tokenID = data.ReadUint32(); - int result = this->GetHapTokenInfo(tokenID, hapTokenInfoParcel); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&hapTokenInfoParcel), "Write parcel failed."); -} - -void AccessTokenManagerStub::GetHapTokenInfoExtensionInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - HapTokenInfoParcel hapTokenInfoParcel; - std::string appID; - AccessTokenID tokenID = data.ReadUint32(); - int result = this->GetHapTokenInfoExtension(tokenID, hapTokenInfoParcel, appID); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&hapTokenInfoParcel), "Write parcel failed."); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteString(appID), "Write string failed."); -} - -void AccessTokenManagerStub::GetNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d).", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - AccessTokenID tokenID = data.ReadUint32(); - NativeTokenInfoParcel nativeTokenInfoParcel; - int result = this->GetNativeTokenInfo(tokenID, nativeTokenInfoParcel); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&nativeTokenInfoParcel), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::RegisterPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); - if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - if (VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - sptr scopeParcel = data.ReadParcelable(); - if (scopeParcel == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read scopeParcel fail"); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - sptr callback = data.ReadRemoteObject(); - if (callback == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read callback fail"); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - int32_t result = this->RegisterPermStateChangeCallback(*scopeParcel, callback); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::UnRegisterPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); - if ((this->GetTokenType(callingToken) == TOKEN_HAP) && (!IsSystemAppCalling())) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - sptr callback = data.ReadRemoteObject(); - if (callback == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read callback fail"); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - int32_t result = this->UnRegisterPermStateChangeCallback(callback); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::RegisterSelfPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); - if (this->GetTokenType(callingTokenID) != TOKEN_HAP) { - LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is not hap."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PARAM_INVALID), "WriteInt32 failed."); - return; - } - sptr scopeParcel = data.ReadParcelable(); - if (scopeParcel == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read scopeParcel fail"); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - sptr callback = data.ReadRemoteObject(); - if (callback == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read callback fail"); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - int32_t result = this->RegisterSelfPermStateChangeCallback(*scopeParcel, callback); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::UnRegisterSelfPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); - if (this->GetTokenType(callingToken) != TOKEN_HAP) { - LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is not hap."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PARAM_INVALID), "WriteInt32 failed."); - return; - } - sptr callback = data.ReadRemoteObject(); - if (callback == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read callback fail"); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - int32_t result = this->UnRegisterSelfPermStateChangeCallback(callback); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -#ifndef ATM_BUILD_VARIANT_USER_ENABLE -void AccessTokenManagerStub::ReloadNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsPrivilegedCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteUint32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - int32_t result = this->ReloadNativeTokenInfo(); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} -#endif - -void AccessTokenManagerStub::GetNativeTokenIdInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(INVALID_TOKENID), "WriteUint32 failed."); - return; - } - std::string processName; - if (!data.ReadString(processName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "ReadString fail, processName=%{public}s", processName.c_str()); - return; - } - AccessTokenID result = this->GetNativeTokenId(processName); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::GetKernelPermissionsInner(MessageParcel& data, MessageParcel& reply) -{ - auto callingToken = IPCSkeleton::GetCallingTokenID(); - if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteUint32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteUint32 failed."); - return; - } - - AccessTokenID tokenID; - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, data.ReadUint32(tokenID), "ReadUint32 failed."); - std::vector kernelPermList; - int32_t result = this->GetKernelPermissions(tokenID, kernelPermList); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(kernelPermList.size()), "WriteUint32 failed."); - for (const auto& perm : kernelPermList) { - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteString(perm.permissionName), "WriteString failed."); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteString(perm.value), "WriteString failed."); - } -} - -void AccessTokenManagerStub::GetReqPermissionByNameInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteUint32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteUint32 failed."); - return; - } - - AccessTokenID tokenID; - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, data.ReadUint32(tokenID), "ReadUint32 failed."); - std::string permissionName; - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, data.ReadString(permissionName), "ReadUint32 failed."); - std::string resultValue; - int32_t result = this->GetReqPermissionByName(tokenID, permissionName, resultValue); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteString(resultValue), "WriteString failed."); -} - -#ifdef TOKEN_SYNC_ENABLE -void AccessTokenManagerStub::GetHapTokenInfoFromRemoteInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsAccessTokenCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - AccessTokenID tokenID = data.ReadUint32(); - HapTokenInfoForSyncParcel hapTokenParcel; - - int result = this->GetHapTokenInfoFromRemote(tokenID, hapTokenParcel); - IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&hapTokenParcel), "WriteParcelable failed."); -} - -void AccessTokenManagerStub::SetRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsAccessTokenCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - std::string deviceID = data.ReadString(); - sptr hapTokenParcel = data.ReadParcelable(); - if (hapTokenParcel == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "HapTokenParcel read faild"); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - int result = this->SetRemoteHapTokenInfo(deviceID, *hapTokenParcel); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::DeleteRemoteTokenInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsAccessTokenCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - std::string deviceID = data.ReadString(); - AccessTokenID tokenID = data.ReadUint32(); - - int result = this->DeleteRemoteToken(deviceID, tokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::GetRemoteNativeTokenIDInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsAccessTokenCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(INVALID_TOKENID), "WriteInt32 failed."); - return; - } - std::string deviceID = data.ReadString(); - AccessTokenID tokenID = data.ReadUint32(); - - AccessTokenID result = this->GetRemoteNativeTokenID(deviceID, tokenID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::DeleteRemoteDeviceTokensInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsAccessTokenCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - std::string deviceID = data.ReadString(); - - int result = this->DeleteRemoteDeviceTokens(deviceID); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::RegisterTokenSyncCallbackInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsAccessTokenCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied, tokenID=%{public}d", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - - sptr callback = data.ReadRemoteObject(); - if (callback == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Callback read failed."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - int32_t result = this->RegisterTokenSyncCallback(callback); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::UnRegisterTokenSyncCallbackInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsAccessTokenCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied, tokenID=%{public}d", IPCSkeleton::GetCallingTokenID()); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - - int32_t result = this->UnRegisterTokenSyncCallback(); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); -} -#endif - -void AccessTokenManagerStub::GetVersionInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); - if ((this->GetTokenType(callingToken) == TOKEN_HAP) && (!IsSystemAppCalling())) { - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); - return; - } - uint32_t version; - int32_t result = this->GetVersion(version); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - if (result != RET_SUCCESS) { - return; - } - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(version), "WriteUint32 failed."); -} - -void AccessTokenManagerStub::DumpTokenInfoInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsShellProcessCalling()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - reply.WriteString(""); - return; - } - sptr infoParcel = data.ReadParcelable(); - if (infoParcel == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read infoParcel fail"); - reply.WriteString("read infoParcel fail"); - return; - } - std::string dumpInfo = ""; - this->DumpTokenInfo(*infoParcel, dumpInfo); - if (!reply.SetDataCapacity(DUMP_CAPACITY_SIZE)) { - LOGW(ATM_DOMAIN, ATM_TAG, "SetDataCapacity failed"); - } - if (!reply.WriteString(dumpInfo)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed"); - } -} - -void AccessTokenManagerStub::SetPermDialogCapInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); - if (VerifyAccessToken(callingToken, DISABLE_PERMISSION_DIALOG) == PERMISSION_DENIED) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - - sptr hapBaseInfoParcel = data.ReadParcelable(); - if (hapBaseInfoParcel == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Read hapBaseInfoParcel fail"); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - bool enable = data.ReadBool(); - int32_t res = this->SetPermDialogCap(*hapBaseInfoParcel, enable); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(res), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::GetPermissionManagerInfoInner(MessageParcel& data, MessageParcel& reply) -{ - PermissionGrantInfoParcel infoParcel; - this->GetPermissionManagerInfo(infoParcel); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&infoParcel), "WriteParcelable failed."); -} - -void AccessTokenManagerStub::InitUserPolicyInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); - if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - std::vector userList; - std::vector permList; - uint32_t userSize = data.ReadUint32(); - uint32_t permSize = data.ReadUint32(); - if ((userSize > MAX_USER_POLICY_SIZE) || (permSize > MAX_USER_POLICY_SIZE)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Size %{public}u is invalid", userSize); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_OVERSIZE), "WriteParcelable failed."); - return; - } - for (uint32_t i = 0; i < userSize; i++) { - UserState userInfo; - if (!data.ReadInt32(userInfo.userId)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to read userId."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - if (!data.ReadBool(userInfo.isActive)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to read isActive."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - userList.emplace_back(userInfo); - } - for (uint32_t i = 0; i < permSize; i++) { - std::string permission; - if (!data.ReadString(permission)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to read permission."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - permList.emplace_back(permission); - } - int32_t res = this->InitUserPolicy(userList, permList); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(res), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::UpdateUserPolicyInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); - if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - std::vector userList; - uint32_t userSize = data.ReadUint32(); - if (userSize > MAX_USER_POLICY_SIZE) { - LOGE(ATM_DOMAIN, ATM_TAG, "Size %{public}u is invalid", userSize); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(AccessTokenError::ERR_OVERSIZE), "WriteInt32 failed."); - return; - } - for (uint32_t i = 0; i < userSize; i++) { - UserState userInfo; - if (!data.ReadInt32(userInfo.userId)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to read userId."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - if (!data.ReadBool(userInfo.isActive)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to read isActive."); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); - return; - } - userList.emplace_back(userInfo); - } - int32_t res = this->UpdateUserPolicy(userList); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(res), "WriteInt32 failed."); -} - -void AccessTokenManagerStub::ClearUserPolicyInner(MessageParcel& data, MessageParcel& reply) -{ - uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); - if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } - - int32_t res = this->ClearUserPolicy(); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(res), "WriteInt32 failed."); -} - -bool AccessTokenManagerStub::IsPrivilegedCalling() const -{ - // shell process is root in debug mode. -#ifndef ATM_BUILD_VARIANT_USER_ENABLE - int32_t callingUid = IPCSkeleton::GetCallingUid(); - return callingUid == ROOT_UID; -#else - return false; -#endif -} - -bool AccessTokenManagerStub::IsAccessTokenCalling() -{ - uint32_t tokenCaller = IPCSkeleton::GetCallingTokenID(); - if (tokenSyncId_ == 0) { - tokenSyncId_ = this->GetNativeTokenId("token_sync_service"); - } - return tokenCaller == tokenSyncId_; -} - -bool AccessTokenManagerStub::IsNativeProcessCalling() -{ - AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); - return this->GetTokenType(tokenCaller) == TOKEN_NATIVE; -} - -bool AccessTokenManagerStub::IsShellProcessCalling() -{ - AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); - return this->GetTokenType(tokenCaller) == TOKEN_SHELL; -} - -bool AccessTokenManagerStub::IsSystemAppCalling() const -{ - uint64_t fullTokenId = IPCSkeleton::GetCallingFullTokenID(); - return TokenIdKit::IsSystemAppByFullTokenID(fullTokenId); -} - -#ifdef TOKEN_SYNC_ENABLE -void AccessTokenManagerStub::SetTokenSyncFuncInMap() -{ - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_HAP_TOKEN_FROM_REMOTE)] = - &AccessTokenManagerStub::GetHapTokenInfoFromRemoteInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::SET_REMOTE_HAP_TOKEN_INFO)] = - &AccessTokenManagerStub::SetRemoteHapTokenInfoInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::DELETE_REMOTE_TOKEN_INFO)] = - &AccessTokenManagerStub::DeleteRemoteTokenInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::DELETE_REMOTE_DEVICE_TOKEN)] = - &AccessTokenManagerStub::DeleteRemoteDeviceTokensInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_NATIVE_REMOTE_TOKEN)] = - &AccessTokenManagerStub::GetRemoteNativeTokenIDInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::REGISTER_TOKEN_SYNC_CALLBACK)] = - &AccessTokenManagerStub::RegisterTokenSyncCallbackInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::UNREGISTER_TOKEN_SYNC_CALLBACK)] = - &AccessTokenManagerStub::UnRegisterTokenSyncCallbackInner; -} -#endif - -void AccessTokenManagerStub::SetLocalTokenOpFuncInMap() -{ - requestFuncMap_[static_cast(AccessTokenInterfaceCode::ALLOC_TOKEN_HAP)] = - &AccessTokenManagerStub::AllocHapTokenInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::INIT_TOKEN_HAP)] = - &AccessTokenManagerStub::InitHapTokenInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::TOKEN_DELETE)] = - &AccessTokenManagerStub::DeleteTokenInfoInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_TOKEN_TYPE)] = - &AccessTokenManagerStub::GetTokenTypeInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_HAP_TOKEN_ID)] = - &AccessTokenManagerStub::GetHapTokenIDInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::ALLOC_LOCAL_TOKEN_ID)] = - &AccessTokenManagerStub::AllocLocalTokenIDInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_NATIVE_TOKENINFO)] = - &AccessTokenManagerStub::GetNativeTokenInfoInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_TOKEN_ID_BY_USER_ID)] = - &AccessTokenManagerStub::GetTokenIDByUserIDInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_HAP_TOKENINFO)] = - &AccessTokenManagerStub::GetHapTokenInfoInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::UPDATE_HAP_TOKEN)] = - &AccessTokenManagerStub::UpdateHapTokenInner; -#ifndef ATM_BUILD_VARIANT_USER_ENABLE - requestFuncMap_[static_cast(AccessTokenInterfaceCode::RELOAD_NATIVE_TOKEN_INFO)] = - &AccessTokenManagerStub::ReloadNativeTokenInfoInner; -#endif - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_NATIVE_TOKEN_ID)] = - &AccessTokenManagerStub::GetNativeTokenIdInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::SET_PERM_DIALOG_CAPABILITY)] = - &AccessTokenManagerStub::SetPermDialogCapInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_PERMISSION_MANAGER_INFO)] = - &AccessTokenManagerStub::GetPermissionManagerInfoInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::INIT_USER_POLICY)] = - &AccessTokenManagerStub::InitUserPolicyInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::UPDATE_USER_POLICY)] = - &AccessTokenManagerStub::UpdateUserPolicyInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::CLEAR_USER_POLICY)] = - &AccessTokenManagerStub::ClearUserPolicyInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_HAP_TOKENINFO_EXT)] = - &AccessTokenManagerStub::GetHapTokenInfoExtensionInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_KERNEL_PERMISSIONS)] = - &AccessTokenManagerStub::GetKernelPermissionsInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_PERMISSION_BY_NAME)] = - &AccessTokenManagerStub::GetReqPermissionByNameInner; -} - -void AccessTokenManagerStub::SetPermissionOpFuncInMap() -{ - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_USER_GRANTED_PERMISSION_USED_TYPE)] = - &AccessTokenManagerStub::GetPermissionUsedTypeInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::VERIFY_ACCESSTOKEN)] = - &AccessTokenManagerStub::VerifyAccessTokenInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::VERIFY_ACCESSTOKEN_WITH_LIST)] = - &AccessTokenManagerStub::VerifyAccessTokenWithListInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_DEF_PERMISSION)] = - &AccessTokenManagerStub::GetDefPermissionInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_REQ_PERMISSIONS)] = - &AccessTokenManagerStub::GetReqPermissionsInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_PERMISSION_FLAG)] = - &AccessTokenManagerStub::GetPermissionFlagInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GRANT_PERMISSION)] = - &AccessTokenManagerStub::GrantPermissionInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::REVOKE_PERMISSION)] = - &AccessTokenManagerStub::RevokePermissionInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GRANT_PERMISSION_FOR_SPECIFIEDTIME)] = - &AccessTokenManagerStub::GrantPermissionForSpecifiedTimeInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::CLEAR_USER_GRANT_PERMISSION)] = - &AccessTokenManagerStub::ClearUserGrantedPermissionStateInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_PERMISSION_OPER_STATE)] = - &AccessTokenManagerStub::GetSelfPermissionsStateInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_PERMISSIONS_STATUS)] = - &AccessTokenManagerStub::GetPermissionsStatusInner; - requestFuncMap_[ - static_cast(AccessTokenInterfaceCode::REGISTER_PERM_STATE_CHANGE_CALLBACK)] = - &AccessTokenManagerStub::RegisterPermStateChangeCallbackInner; - requestFuncMap_[ - static_cast(AccessTokenInterfaceCode::UNREGISTER_PERM_STATE_CHANGE_CALLBACK)] = - &AccessTokenManagerStub::UnRegisterPermStateChangeCallbackInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::DUMP_TOKENINFO)] = - &AccessTokenManagerStub::DumpTokenInfoInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_VERSION)] = - &AccessTokenManagerStub::GetVersionInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::SET_PERMISSION_REQUEST_TOGGLE_STATUS)] = - &AccessTokenManagerStub::SetPermissionRequestToggleStatusInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_PERMISSION_REQUEST_TOGGLE_STATUS)] = - &AccessTokenManagerStub::GetPermissionRequestToggleStatusInner; - requestFuncMap_[ - static_cast(AccessTokenInterfaceCode::REGISTER_SELF_PERM_STATE_CHANGE_CALLBACK)] = - &AccessTokenManagerStub::RegisterSelfPermStateChangeCallbackInner; - requestFuncMap_[ - static_cast(AccessTokenInterfaceCode::UNREGISTER_SELF_PERM_STATE_CHANGE_CALLBACK)] = - &AccessTokenManagerStub::UnRegisterSelfPermStateChangeCallbackInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::REQUEST_APP_PERM_ON_SETTING)] = - &AccessTokenManagerStub::RequestAppPermOnSettingInner; -} - -AccessTokenManagerStub::AccessTokenManagerStub() -{ - SetPermissionOpFuncInMap(); - SetLocalTokenOpFuncInMap(); -#ifdef TOKEN_SYNC_ENABLE - SetTokenSyncFuncInMap(); -#endif -} - -AccessTokenManagerStub::~AccessTokenManagerStub() -{ - requestFuncMap_.clear(); -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS diff --git a/services/accesstokenmanager/test/coverage/BUILD.gn b/services/accesstokenmanager/test/coverage/BUILD.gn index 15c858e9c..19e90844c 100644 --- a/services/accesstokenmanager/test/coverage/BUILD.gn +++ b/services/accesstokenmanager/test/coverage/BUILD.gn @@ -36,7 +36,6 @@ accesstoken_manager_service_source = [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp", @@ -88,7 +87,10 @@ ohos_unittest("libaccesstoken_manager_service_coverage_test") { cflags_cc = [ "-DHILOG_ENABLE" ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] deps = [ "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", @@ -99,6 +101,7 @@ ohos_unittest("libaccesstoken_manager_service_coverage_test") { "${access_token_path}/interfaces/innerkits/privacy:libprivacy_sdk", "${access_token_path}/interfaces/innerkits/token_setproc:libperm_setproc", "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_stub", "${access_token_path}/services/common:accesstoken_service_common", ] diff --git a/services/accesstokenmanager/test/mock/BUILD.gn b/services/accesstokenmanager/test/mock/BUILD.gn index f52d369b6..306bad286 100644 --- a/services/accesstokenmanager/test/mock/BUILD.gn +++ b/services/accesstokenmanager/test/mock/BUILD.gn @@ -36,7 +36,6 @@ accesstoken_manager_service_source = [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp", @@ -89,7 +88,10 @@ ohos_unittest("libpermission_manager_mock_test") { cflags_cc = [ "-DHILOG_ENABLE" ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] deps = [ "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", @@ -100,6 +102,7 @@ ohos_unittest("libpermission_manager_mock_test") { "${access_token_path}/interfaces/innerkits/privacy:libprivacy_sdk", "${access_token_path}/interfaces/innerkits/token_setproc:libperm_setproc", "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_stub", "${access_token_path}/services/common:accesstoken_service_common", ] diff --git a/services/accesstokenmanager/test/unittest/BUILD.gn b/services/accesstokenmanager/test/unittest/BUILD.gn index 812c0a2a1..f2866ef0d 100644 --- a/services/accesstokenmanager/test/unittest/BUILD.gn +++ b/services/accesstokenmanager/test/unittest/BUILD.gn @@ -36,7 +36,6 @@ accesstoken_manager_service_source = [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp", @@ -102,7 +101,10 @@ ohos_unittest("libaccesstoken_manager_service_standard_test") { sources += [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/dlp_permission_set_manager.cpp" ] } - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] deps = [ "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", @@ -113,6 +115,7 @@ ohos_unittest("libaccesstoken_manager_service_standard_test") { "${access_token_path}/interfaces/innerkits/privacy:libprivacy_sdk", "${access_token_path}/interfaces/innerkits/token_setproc:libperm_setproc", "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_stub", "${access_token_path}/services/common:accesstoken_service_common", ] diff --git a/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp b/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp index 0c7fb6a31..a519fd132 100644 --- a/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp +++ b/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp @@ -35,6 +35,7 @@ #include "permission_validator.h" #include "string_ex.h" #include "token_setproc.h" +#include "system_ability_definition.h" using namespace testing::ext; using namespace OHOS; @@ -48,6 +49,7 @@ static constexpr int USER_ID = 100; static constexpr int INST_INDEX = 0; static constexpr int32_t MAX_EXTENDED_MAP_SIZE = 512; static constexpr int32_t MAX_VALUE_LENGTH = 1024; +static AccessTokenID g_selfTokenId = 0; static PermissionDef g_infoManagerTestPermDef1 = { .permissionName = "open the door", .bundleName = "accesstoken_test", @@ -107,6 +109,7 @@ static PermissionStatus g_permState = { }; #ifdef TOKEN_SYNC_ENABLE +static uint32_t tokenSyncId_ = 0; static const int32_t FAKE_SYNC_RET = 0xabcdef; class TokenSyncCallbackMock : public TokenSyncCallbackStub { public: @@ -122,12 +125,14 @@ public: void AccessTokenInfoManagerTest::SetUpTestCase() { + g_selfTokenId = GetSelfTokenID(); AccessTokenInfoManager::GetInstance().Init(); } void AccessTokenInfoManagerTest::TearDownTestCase() { sleep(3); // delay 3 minutes + SetSelfTokenID(g_selfTokenId); } void AccessTokenInfoManagerTest::SetUp() @@ -387,9 +392,10 @@ HWTEST_F(AccessTokenInfoManagerTest, InitHapToken001, TestSize.Level1) HapPolicyParcel hapPolicyParcel; hapPolicyParcel.hapPolicy.apl = ATokenAplEnum::APL_NORMAL; hapPolicyParcel.hapPolicy.domain = "test.domain"; - AccessTokenIDEx tokenIdEx; - HapInfoCheckResult result; - ASSERT_EQ(ERR_PARAM_INVALID, atManagerService_->InitHapToken(hapinfoParcel, hapPolicyParcel, tokenIdEx, result)); + uint64_t fullTokenId; + HapInfoCheckResultIdl result; + ASSERT_EQ(ERR_PARAM_INVALID, + atManagerService_->InitHapToken(hapinfoParcel, hapPolicyParcel, fullTokenId, result)); } /** @@ -413,10 +419,10 @@ HWTEST_F(AccessTokenInfoManagerTest, InitHapToken002, TestSize.Level1) HapPolicyParcel hapPolicyParcel; hapPolicyParcel.hapPolicy.apl = ATokenAplEnum::APL_NORMAL; hapPolicyParcel.hapPolicy.domain = "test.domain"; - AccessTokenIDEx tokenIdEx; - HapInfoCheckResult result; + uint64_t fullTokenId; + HapInfoCheckResultIdl result; ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, - atManagerService_->InitHapToken(hapinfoParcel, hapPolicyParcel, tokenIdEx, result)); + atManagerService_->InitHapToken(hapinfoParcel, hapPolicyParcel, fullTokenId, result)); } /** @@ -454,18 +460,29 @@ HWTEST_F(AccessTokenInfoManagerTest, InitHapToken003, TestSize.Level1) .permList = {}, .permStateList = { permissionStateA, permissionStateB } }; - AccessTokenIDEx fullTokenId = {0}; + uint64_t fullTokenId;; + HapInfoCheckResultIdl resultInfoIdl; HapInfoCheckResult result; - ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, atManagerService_->InitHapToken(info, policy, fullTokenId, result)); + ASSERT_EQ(0, + atManagerService_->InitHapToken(info, policy, fullTokenId, resultInfoIdl)); + + PermissionInfoCheckResult permCheckResult; + permCheckResult.permissionName = resultInfoIdl.permissionName; + int32_t rule = static_cast(resultInfoIdl.rule); + permCheckResult.rule = PermissionRulesEnum(rule); + result.permCheckResult = permCheckResult; ASSERT_EQ(result.permCheckResult.permissionName, "ohos.permission.GET_ALL_APP_ACCOUNTS"); ASSERT_EQ(result.permCheckResult.rule, PERMISSION_ACL_RULE); permissionStateA.permissionName = "ohos.permission.ENTERPRISE_MANAGE_SETTINGS"; policy.hapPolicy.aclRequestedList = { "ohos.permission.ENTERPRISE_MANAGE_SETTINGS" }; policy.hapPolicy.permStateList = { permissionStateA, permissionStateB }; - ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, atManagerService_->InitHapToken(info, policy, fullTokenId, result)); - ASSERT_EQ(result.permCheckResult.permissionName, "ohos.permission.ENTERPRISE_MANAGE_SETTINGS"); - ASSERT_EQ(result.permCheckResult.rule, PERMISSION_EDM_RULE); + ASSERT_EQ(0, + atManagerService_->InitHapToken(info, policy, fullTokenId, resultInfoIdl)); + + ASSERT_EQ(resultInfoIdl.permissionName, "ohos.permission.ENTERPRISE_MANAGE_SETTINGS"); + rule = static_cast(resultInfoIdl.rule); + ASSERT_EQ(PermissionRulesEnum(rule), PERMISSION_EDM_RULE); } static void GetHapParams(HapInfoParams& infoParams, HapPolicy& policyParams) @@ -514,8 +531,8 @@ HWTEST_F(AccessTokenInfoManagerTest, InitHapToken004, TestSize.Level1) HapPolicyParcel policy; GetHapParams(info.hapInfoParameter, policy.hapPolicy); - AccessTokenIDEx fullTokenId; - HapInfoCheckResult result; + uint64_t fullTokenId;; + HapInfoCheckResultIdl result; int32_t ret = atManagerService_->InitHapToken(info, policy, fullTokenId, result); ASSERT_EQ(RET_SUCCESS, ret); @@ -529,12 +546,14 @@ HWTEST_F(AccessTokenInfoManagerTest, InitHapToken004, TestSize.Level1) std::to_string(MAX_EXTENDED_MAP_SIZE - 1); ret = atManagerService_->InitHapToken(info, policy, fullTokenId, result); ASSERT_EQ(RET_SUCCESS, ret); + AccessTokenIDEx tokenIDEx = {fullTokenId}; + AccessTokenID tokenID = tokenIDEx.tokenIdExStruct.tokenID; policy.hapPolicy.aclExtendedMap[std::to_string(MAX_EXTENDED_MAP_SIZE)] = std::to_string(MAX_EXTENDED_MAP_SIZE); ret = atManagerService_->InitHapToken(info, policy, fullTokenId, result); ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); - AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ret = atManagerService_->DeleteToken(tokenID); EXPECT_EQ(RET_SUCCESS, ret); } @@ -551,8 +570,8 @@ HWTEST_F(AccessTokenInfoManagerTest, InitHapToken005, TestSize.Level1) HapPolicyParcel policy; GetHapParams(info.hapInfoParameter, policy.hapPolicy); - AccessTokenIDEx fullTokenId; - HapInfoCheckResult result; + uint64_t fullTokenId; + HapInfoCheckResultIdl result; policy.hapPolicy.aclExtendedMap["ohos.permission.ACCESS_CERT_MANAGER"] = ""; int32_t ret = atManagerService_->InitHapToken(info, policy, fullTokenId, result); ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); @@ -566,12 +585,13 @@ HWTEST_F(AccessTokenInfoManagerTest, InitHapToken005, TestSize.Level1) policy.hapPolicy.aclExtendedMap["ohos.permission.ACCESS_CERT_MANAGER"] = testValue; ret = atManagerService_->InitHapToken(info, policy, fullTokenId, result); ASSERT_EQ(RET_SUCCESS, ret); + AccessTokenIDEx tokenIDEx = {fullTokenId}; + AccessTokenID tokenID = tokenIDEx.tokenIdExStruct.tokenID; testValue.push_back('1'); policy.hapPolicy.aclExtendedMap["ohos.permission.ACCESS_CERT_MANAGER"] = testValue; ret = atManagerService_->InitHapToken(info, policy, fullTokenId, result); ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); - AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; ret = atManagerService_->DeleteToken(tokenID); EXPECT_EQ(RET_SUCCESS, ret); @@ -588,14 +608,14 @@ HWTEST_F(AccessTokenInfoManagerTest, InitHapToken006, TestSize.Level1) HapInfoParcel info; HapPolicyParcel policy; GetHapParams(info.hapInfoParameter, policy.hapPolicy); - AccessTokenIDEx fullTokenId; - HapInfoCheckResult result; + uint64_t fullTokenId; + HapInfoCheckResultIdl result; TestPrepareKernelPermissionStatus(policy.hapPolicy); ASSERT_EQ(RET_SUCCESS, atManagerService_->InitHapToken(info, policy, fullTokenId, result)); - AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + AccessTokenID tokenID = static_cast(fullTokenId); - std::vector kernelPermList; + std::vector kernelPermList; EXPECT_EQ(RET_SUCCESS, atManagerService_->GetKernelPermissions(tokenID, kernelPermList)); EXPECT_EQ(1, kernelPermList.size()); @@ -624,15 +644,15 @@ HWTEST_F(AccessTokenInfoManagerTest, InitHapToken007, TestSize.Level1) HapInfoParcel info; HapPolicyParcel policy; GetHapParams(info.hapInfoParameter, policy.hapPolicy); - AccessTokenIDEx fullTokenId; - HapInfoCheckResult result; + uint64_t fullTokenId; + HapInfoCheckResultIdl result; TestPrepareKernelPermissionStatus(policy.hapPolicy); policy.hapPolicy.aclExtendedMap.erase("ohos.permission.KERNEL_ATM_SELF_USE"); ASSERT_EQ(RET_SUCCESS, atManagerService_->InitHapToken(info, policy, fullTokenId, result)); - AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + AccessTokenID tokenID = static_cast(fullTokenId); - std::vector kernelPermList; + std::vector kernelPermList; EXPECT_EQ(RET_SUCCESS, atManagerService_->GetKernelPermissions(tokenID, kernelPermList)); EXPECT_EQ(1, kernelPermList.size()); @@ -850,15 +870,15 @@ HWTEST_F(AccessTokenInfoManagerTest, UpdateHapToken004, TestSize.Level1) HapInfoParcel info; HapPolicyParcel policy; GetHapParams(info.hapInfoParameter, policy.hapPolicy); - AccessTokenIDEx fullTokenId; - HapInfoCheckResult result; + uint64_t fullTokenId; + HapInfoCheckResultIdl result; TestPrepareKernelPermissionStatus(policy.hapPolicy); ASSERT_EQ(RET_SUCCESS, atManagerService_->InitHapToken(info, policy, fullTokenId, result)); - AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + AccessTokenID tokenID = static_cast(fullTokenId); policy.hapPolicy.aclExtendedMap["ohos.permission.KERNEL_ATM_SELF_USE"] = "1"; // modified value - UpdateHapInfoParams updateInfoParams = { + UpdateHapInfoParamsIdl updateInfoParams = { .appIDDesc = "AccessTokenTestAppID", .apiVersion = DEFAULT_API_VERSION, .isSystemApp = true, @@ -866,7 +886,7 @@ HWTEST_F(AccessTokenInfoManagerTest, UpdateHapToken004, TestSize.Level1) }; EXPECT_EQ(RET_SUCCESS, atManagerService_->UpdateHapToken(fullTokenId, updateInfoParams, policy, result)); - std::vector kernelPermList; + std::vector kernelPermList; EXPECT_EQ(RET_SUCCESS, atManagerService_->GetKernelPermissions(tokenID, kernelPermList)); EXPECT_EQ(1, kernelPermList.size()); @@ -1117,6 +1137,15 @@ HWTEST_F(AccessTokenInfoManagerTest, NotifyTokenSyncTask001, TestSize.Level1) TokenModifyNotifier::GetInstance().modifiedTokenList_ = modifiedTokenList; // recovery } +void setPermission() +{ + setuid(0); + if (tokenSyncId_ == 0) { + tokenSyncId_ = AccessTokenInfoManager::GetInstance().GetNativeTokenId("token_sync_service"); + } + SetSelfTokenID(tokenSyncId_); +} + /** * @tc.name: RegisterTokenSyncCallback001 * @tc.desc: TokenModifyNotifier::RegisterTokenSyncCallback function test @@ -1125,7 +1154,7 @@ HWTEST_F(AccessTokenInfoManagerTest, NotifyTokenSyncTask001, TestSize.Level1) */ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenSyncCallback001, TestSize.Level1) { - setuid(3020); + setPermission(); sptr callback = new (std::nothrow) TokenSyncCallbackMock(); ASSERT_NE(nullptr, callback); EXPECT_EQ(RET_SUCCESS, @@ -1133,6 +1162,7 @@ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenSyncCallback001, TestSize.Leve EXPECT_NE(nullptr, TokenModifyNotifier::GetInstance().tokenSyncCallbackObject_); EXPECT_NE(nullptr, TokenModifyNotifier::GetInstance().tokenSyncCallbackDeathRecipient_); + setuid(3020); EXPECT_CALL(*callback, GetRemoteHapTokenInfo(testing::_, testing::_)).WillOnce(testing::Return(FAKE_SYNC_RET)); EXPECT_EQ(FAKE_SYNC_RET, TokenModifyNotifier::GetInstance().tokenSyncCallbackObject_->GetRemoteHapTokenInfo("", 0)); @@ -1143,6 +1173,7 @@ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenSyncCallback001, TestSize.Leve EXPECT_CALL(*callback, UpdateRemoteHapTokenInfo(testing::_)).WillOnce(testing::Return(FAKE_SYNC_RET)); EXPECT_EQ(FAKE_SYNC_RET, TokenModifyNotifier::GetInstance().tokenSyncCallbackObject_->UpdateRemoteHapTokenInfo(tokenInfo)); + setPermission(); EXPECT_EQ(RET_SUCCESS, atManagerService_->UnRegisterTokenSyncCallback()); EXPECT_EQ(nullptr, TokenModifyNotifier::GetInstance().tokenSyncCallbackObject_); @@ -1158,12 +1189,13 @@ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenSyncCallback001, TestSize.Leve */ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenSyncCallback002, TestSize.Level1) { - setuid(3020); + setPermission(); sptr callback = new (std::nothrow) TokenSyncCallbackMock(); ASSERT_NE(nullptr, callback); EXPECT_EQ(RET_SUCCESS, atManagerService_->RegisterTokenSyncCallback(callback->AsObject())); EXPECT_NE(nullptr, TokenModifyNotifier::GetInstance().tokenSyncCallbackObject_); + setuid(3020); EXPECT_CALL(*callback, GetRemoteHapTokenInfo(testing::_, testing::_)) .WillOnce(testing::Return(FAKE_SYNC_RET)); EXPECT_EQ(FAKE_SYNC_RET, TokenModifyNotifier::GetInstance().GetRemoteHapTokenInfo("", 0)); @@ -1199,6 +1231,7 @@ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenSyncCallback002, TestSize.Leve TokenModifyNotifier::GetInstance().modifiedTokenList_ = modifiedTokenList; // recovery TokenModifyNotifier::GetInstance().deleteTokenList_ = deleteTokenList; + setPermission(); EXPECT_EQ(RET_SUCCESS, atManagerService_->UnRegisterTokenSyncCallback()); setuid(0); @@ -1212,10 +1245,11 @@ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenSyncCallback002, TestSize.Leve */ HWTEST_F(AccessTokenInfoManagerTest, GetRemoteHapTokenInfo001, TestSize.Level1) { - setuid(3020); + setPermission(); sptr callback = new (std::nothrow) TokenSyncCallbackMock(); ASSERT_NE(nullptr, callback); EXPECT_EQ(RET_SUCCESS, atManagerService_->RegisterTokenSyncCallback(callback->AsObject())); + setuid(3020); EXPECT_CALL(*callback, GetRemoteHapTokenInfo(testing::_, testing::_)) .WillOnce(testing::Return(FAKE_SYNC_RET)); EXPECT_EQ(FAKE_SYNC_RET, TokenModifyNotifier::GetInstance() @@ -1225,6 +1259,7 @@ HWTEST_F(AccessTokenInfoManagerTest, GetRemoteHapTokenInfo001, TestSize.Level1) .WillOnce(testing::Return(TOKEN_SYNC_OPENSOURCE_DEVICE)); EXPECT_EQ(TOKEN_SYNC_IPC_ERROR, TokenModifyNotifier::GetInstance() .GetRemoteHapTokenInfo("invalid_id", 0)); // this is a test input + setPermission(); EXPECT_EQ(RET_SUCCESS, atManagerService_->UnRegisterTokenSyncCallback()); setuid(0); @@ -2081,8 +2116,9 @@ HWTEST_F(AccessTokenInfoManagerTest, AllocHapToken001, TestSize.Level1) hapPolicyParcel.hapPolicy.apl = ATokenAplEnum::APL_NORMAL; hapPolicyParcel.hapPolicy.domain = "test.domain"; - AccessTokenIDEx tokenIDEx = atManagerService_->AllocHapToken(hapinfoParcel, hapPolicyParcel); - ASSERT_EQ(INVALID_TOKENID, tokenIDEx.tokenIDEx); + uint64_t tokenIDEx; + atManagerService_->AllocHapToken(hapinfoParcel, hapPolicyParcel, tokenIDEx); + ASSERT_EQ(INVALID_TOKENID, tokenIDEx); } /** @@ -2132,34 +2168,6 @@ HWTEST_F(AccessTokenInfoManagerTest, Dlopen002, TestSize.Level1) } #endif -/** - * @tc.name: OnRemoteRequest001 - * @tc.desc: Test OnRemoteRequest - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenInfoManagerTest, OnRemoteRequest001, TestSize.Level1) -{ - uint32_t code = 0; - MessageParcel data; - MessageParcel reply; - MessageOption option; - data.WriteInterfaceToken(u"this is a test interface"); - EXPECT_EQ(ERROR_IPC_REQUEST_FAIL, atManagerService_->OnRemoteRequest(code, data, reply, option)); - - std::map oldMap = atManagerService_->requestFuncMap_; - atManagerService_->requestFuncMap_.clear(); - atManagerService_->requestFuncMap_[1] = nullptr; - - data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); - EXPECT_NE(NO_ERROR, atManagerService_->OnRemoteRequest(code, data, reply, option)); - - data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); - EXPECT_NE(NO_ERROR, atManagerService_->OnRemoteRequest(1, data, reply, option)); - - atManagerService_->requestFuncMap_ = oldMap; -} - /** * @tc.name: VerifyNativeAccessToken001 * @tc.desc: AccessTokenInfoManagerTest::VerifyNativeAccessToken function test @@ -2367,4 +2375,4 @@ HWTEST_F(AccessTokenInfoManagerTest, GetPermissionRequestToggleStatus002, TestSi } } // namespace AccessToken } // namespace Security -} // namespace OHOS +} // namespace OHOS \ No newline at end of file diff --git a/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni b/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni index e48ac73d9..c0406e4aa 100644 --- a/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni +++ b/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -56,6 +56,7 @@ access_token_deps = [ "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", "${access_token_path}/services/accesstokenmanager:access_token.rc", "${access_token_path}/services/accesstokenmanager/etc:param_files", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_stub", "${access_token_path}/services/common:accesstoken_service_common", "${access_token_path}/services/common/json_parse:accesstoken_cjson_utils", ] @@ -100,7 +101,6 @@ access_token_sources = [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/short_grant_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp", diff --git a/test/fuzztest/services/accesstoken/allochaptokenstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/allochaptokenstub_fuzzer/BUILD.gn index 72c33dd15..0f649acb5 100644 --- a/test/fuzztest/services/accesstoken/allochaptokenstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/allochaptokenstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("AllocHapTokenStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/allochaptokenstub_fuzzer/allochaptokenstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/allochaptokenstub_fuzzer/allochaptokenstub_fuzzer.cpp index 15da22d9a..0125f79fb 100644 --- a/test/fuzztest/services/accesstoken/allochaptokenstub_fuzzer/allochaptokenstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/allochaptokenstub_fuzzer/allochaptokenstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023-2024 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -24,7 +24,7 @@ #undef private #include "accesstoken_manager_service.h" #include "hap_info_parcel.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -93,7 +93,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::ALLOC_TOKEN_HAP); + IAccessTokenManagerIpcCode::COMMAND_ALLOC_HAP_TOKEN); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/alloclocaltokenidstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/alloclocaltokenidstub_fuzzer/BUILD.gn index 16c34223e..935dc5a39 100644 --- a/test/fuzztest/services/accesstoken/alloclocaltokenidstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/alloclocaltokenidstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("AllocLocalTokenIDStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/alloclocaltokenidstub_fuzzer/alloclocaltokenidstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/alloclocaltokenidstub_fuzzer/alloclocaltokenidstub_fuzzer.cpp index afca023e1..79e4f2c43 100644 --- a/test/fuzztest/services/accesstoken/alloclocaltokenidstub_fuzzer/alloclocaltokenidstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/alloclocaltokenidstub_fuzzer/alloclocaltokenidstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #include "accesstoken_fuzzdata.h" #undef private #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -48,7 +48,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::ALLOC_LOCAL_TOKEN_ID); + IAccessTokenManagerIpcCode::COMMAND_ALLOC_LOCAL_TOKEN_I_D); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/clearusergrantedpermissionstatestub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/clearusergrantedpermissionstatestub_fuzzer/BUILD.gn index 8e0863d3b..c7a63b3a1 100644 --- a/test/fuzztest/services/accesstoken/clearusergrantedpermissionstatestub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/clearusergrantedpermissionstatestub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("ClearUserGrantedPermissionStateStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/clearusergrantedpermissionstatestub_fuzzer/clearusergrantedpermissionstatestub_fuzzer.cpp b/test/fuzztest/services/accesstoken/clearusergrantedpermissionstatestub_fuzzer/clearusergrantedpermissionstatestub_fuzzer.cpp index 74b20b953..6d0865fe8 100644 --- a/test/fuzztest/services/accesstoken/clearusergrantedpermissionstatestub_fuzzer/clearusergrantedpermissionstatestub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/clearusergrantedpermissionstatestub_fuzzer/clearusergrantedpermissionstatestub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #include "accesstoken_fuzzdata.h" #undef private #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -46,7 +46,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::CLEAR_USER_GRANT_PERMISSION); + IAccessTokenManagerIpcCode::COMMAND_CLEAR_USER_GRANTED_PERMISSION_STATE); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/BUILD.gn index 03a4a1ceb..8c7329171 100644 --- a/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("DeleteRemoteDeviceTokensStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/deleteremotedevicetokensstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/deleteremotedevicetokensstub_fuzzer.cpp index cd02f2da0..ac5977c12 100644 --- a/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/deleteremotedevicetokensstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/deleteremotedevicetokensstub_fuzzer.cpp @@ -23,7 +23,7 @@ #include "accesstoken_info_manager.h" #include "accesstoken_kit.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" #include "token_setproc.h" using namespace std; @@ -50,7 +50,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::DELETE_REMOTE_DEVICE_TOKEN); + IAccessTokenManagerIpcCode::COMMAND_DELETE_REMOTE_DEVICE_TOKENS); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/BUILD.gn index 9985da7f8..f3b5fd118 100644 --- a/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("DeleteRemoteTokenStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/deleteremotetokenstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/deleteremotetokenstub_fuzzer.cpp index 86ef252ac..b9f55622a 100644 --- a/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/deleteremotetokenstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/deleteremotetokenstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #include "accesstoken_info_manager.h" #include "accesstoken_kit.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" #include "token_setproc.h" using namespace std; @@ -54,7 +54,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::DELETE_REMOTE_TOKEN_INFO); + IAccessTokenManagerIpcCode::COMMAND_DELETE_REMOTE_TOKEN); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/deletetokenstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/deletetokenstub_fuzzer/BUILD.gn index f64cc370e..5063db50f 100644 --- a/test/fuzztest/services/accesstoken/deletetokenstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/deletetokenstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("DeleteTokenStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/deletetokenstub_fuzzer/deletetokenstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/deletetokenstub_fuzzer/deletetokenstub_fuzzer.cpp index 2048eeedc..80d797a4f 100644 --- a/test/fuzztest/services/accesstoken/deletetokenstub_fuzzer/deletetokenstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/deletetokenstub_fuzzer/deletetokenstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #include "accesstoken_fuzzdata.h" #undef private #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -47,7 +47,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::TOKEN_DELETE); + IAccessTokenManagerIpcCode::COMMAND_DELETE_TOKEN); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/dumptokeninfostub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/dumptokeninfostub_fuzzer/BUILD.gn index c2446867e..b06825841 100644 --- a/test/fuzztest/services/accesstoken/dumptokeninfostub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/dumptokeninfostub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("DumpTokenInfoStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/dumptokeninfostub_fuzzer/dumptokeninfostub_fuzzer.cpp b/test/fuzztest/services/accesstoken/dumptokeninfostub_fuzzer/dumptokeninfostub_fuzzer.cpp index b60d73996..96e30a502 100644 --- a/test/fuzztest/services/accesstoken/dumptokeninfostub_fuzzer/dumptokeninfostub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/dumptokeninfostub_fuzzer/dumptokeninfostub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #include "accesstoken_fuzzdata.h" #undef private #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -43,7 +43,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::DUMP_TOKENINFO); + IAccessTokenManagerIpcCode::COMMAND_DUMP_TOKEN_INFO); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/getdefpermissionstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getdefpermissionstub_fuzzer/BUILD.gn index ded95af83..3cd1c415b 100644 --- a/test/fuzztest/services/accesstoken/getdefpermissionstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getdefpermissionstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetDefPermissionStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getdefpermissionstub_fuzzer/getdefpermissionstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getdefpermissionstub_fuzzer/getdefpermissionstub_fuzzer.cpp index f16a57366..5be9fb45e 100644 --- a/test/fuzztest/services/accesstoken/getdefpermissionstub_fuzzer/getdefpermissionstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getdefpermissionstub_fuzzer/getdefpermissionstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #include "accesstoken_fuzzdata.h" #undef private #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" #include "permission_def_parcel.h" using namespace std; @@ -45,7 +45,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_DEF_PERMISSION); + IAccessTokenManagerIpcCode::COMMAND_GET_DEF_PERMISSION); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/gethaptokenidstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/gethaptokenidstub_fuzzer/BUILD.gn index feff7b531..5f964f2ef 100644 --- a/test/fuzztest/services/accesstoken/gethaptokenidstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/gethaptokenidstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetHapTokenIDStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/gethaptokenidstub_fuzzer/gethaptokenidstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/gethaptokenidstub_fuzzer/gethaptokenidstub_fuzzer.cpp index c2e0560ee..39c8c5fff 100644 --- a/test/fuzztest/services/accesstoken/gethaptokenidstub_fuzzer/gethaptokenidstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/gethaptokenidstub_fuzzer/gethaptokenidstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #include "accesstoken_fuzzdata.h" #undef private #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -51,7 +51,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_HAP_TOKEN_ID); + IAccessTokenManagerIpcCode::COMMAND_GET_HAP_TOKEN_I_D); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/gethaptokeninfoextstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/gethaptokeninfoextstub_fuzzer/BUILD.gn index 96c90b59d..1fb85c364 100644 --- a/test/fuzztest/services/accesstoken/gethaptokeninfoextstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/gethaptokeninfoextstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetHapTokenInfoExtStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/gethaptokeninfoextstub_fuzzer/gethaptokeninfoextstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/gethaptokeninfoextstub_fuzzer/gethaptokeninfoextstub_fuzzer.cpp index 2f2c8dfc7..1f6b07eb3 100644 --- a/test/fuzztest/services/accesstoken/gethaptokeninfoextstub_fuzzer/gethaptokeninfoextstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/gethaptokeninfoextstub_fuzzer/gethaptokeninfoextstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -24,7 +24,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" #include "permission_def_parcel.h" #include "accesstoken_kit.h" #include "access_token.h" @@ -134,7 +134,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_HAP_TOKENINFO_EXT); + IAccessTokenManagerIpcCode::COMMAND_GET_HAP_TOKEN_INFO_EXTENSION); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/BUILD.gn index 6cebda6d4..534f9be56 100644 --- a/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetHapTokenInfoFromRemoteStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/gethaptokeninfofromremotestub_fuzzer.cpp b/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/gethaptokeninfofromremotestub_fuzzer.cpp index 747adab6e..98b432e1a 100644 --- a/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/gethaptokeninfofromremotestub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/gethaptokeninfofromremotestub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #include "accesstoken_info_manager.h" #include "accesstoken_kit.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" #include "token_setproc.h" using namespace std; @@ -49,7 +49,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_HAP_TOKEN_FROM_REMOTE); + IAccessTokenManagerIpcCode::COMMAND_GET_HAP_TOKEN_INFO_FROM_REMOTE); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/gethaptokeninfostub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/gethaptokeninfostub_fuzzer/BUILD.gn index 3780e4e29..5b17d73eb 100644 --- a/test/fuzztest/services/accesstoken/gethaptokeninfostub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/gethaptokeninfostub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetHapTokenInfoStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/gethaptokeninfostub_fuzzer/gethaptokeninfostub_fuzzer.cpp b/test/fuzztest/services/accesstoken/gethaptokeninfostub_fuzzer/gethaptokeninfostub_fuzzer.cpp index 234dcdd9c..9f05b6060 100644 --- a/test/fuzztest/services/accesstoken/gethaptokeninfostub_fuzzer/gethaptokeninfostub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/gethaptokeninfostub_fuzzer/gethaptokeninfostub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" #include "permission_def_parcel.h" using namespace std; @@ -48,7 +48,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_HAP_TOKENINFO); + IAccessTokenManagerIpcCode::COMMAND_GET_HAP_TOKEN_INFO); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/BUILD.gn index 5a0763a72..9bbe0f010 100644 --- a/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetKernelPermissionsStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/getkernelpermissionsstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/getkernelpermissionsstub_fuzzer.cpp index 5d18288f5..06c8c603e 100644 --- a/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/getkernelpermissionsstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/getkernelpermissionsstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -42,7 +42,7 @@ namespace OHOS { return false; } - uint32_t code = static_cast(AccessTokenInterfaceCode::GET_KERNEL_PERMISSIONS); + uint32_t code = static_cast(IAccessTokenManagerIpcCode::COMMAND_GET_KERNEL_PERMISSIONS); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/getnativetokenidstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getnativetokenidstub_fuzzer/BUILD.gn index 88f5a33e3..e03846b15 100644 --- a/test/fuzztest/services/accesstoken/getnativetokenidstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getnativetokenidstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetNativeTokenIdStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getnativetokenidstub_fuzzer/getnativetokenidstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getnativetokenidstub_fuzzer/getnativetokenidstub_fuzzer.cpp index a6ba9c6ec..96f13c6c9 100644 --- a/test/fuzztest/services/accesstoken/getnativetokenidstub_fuzzer/getnativetokenidstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getnativetokenidstub_fuzzer/getnativetokenidstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" #include "permission_def_parcel.h" using namespace std; @@ -48,7 +48,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_NATIVE_TOKEN_ID); + IAccessTokenManagerIpcCode::COMMAND_GET_NATIVE_TOKEN_ID); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/getnativetokeninfostub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getnativetokeninfostub_fuzzer/BUILD.gn index bf1c570cd..69a27a830 100644 --- a/test/fuzztest/services/accesstoken/getnativetokeninfostub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getnativetokeninfostub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetNativeTokenInfoStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getnativetokeninfostub_fuzzer/getnativetokeninfostub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getnativetokeninfostub_fuzzer/getnativetokeninfostub_fuzzer.cpp index aae9deef4..505057e1e 100644 --- a/test/fuzztest/services/accesstoken/getnativetokeninfostub_fuzzer/getnativetokeninfostub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getnativetokeninfostub_fuzzer/getnativetokeninfostub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -45,7 +45,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_NATIVE_TOKENINFO); + IAccessTokenManagerIpcCode::COMMAND_GET_NATIVE_TOKEN_INFO); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/getpermissionflagstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getpermissionflagstub_fuzzer/BUILD.gn index bd20c6515..c0950cccd 100644 --- a/test/fuzztest/services/accesstoken/getpermissionflagstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getpermissionflagstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetPermissionFlagStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getpermissionflagstub_fuzzer/getpermissionflagstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getpermissionflagstub_fuzzer/getpermissionflagstub_fuzzer.cpp index 1a568a539..cc4c7fc5d 100644 --- a/test/fuzztest/services/accesstoken/getpermissionflagstub_fuzzer/getpermissionflagstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getpermissionflagstub_fuzzer/getpermissionflagstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -46,7 +46,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_PERMISSION_FLAG); + IAccessTokenManagerIpcCode::COMMAND_GET_PERMISSION_FLAG); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/getpermissionrequesttogglestatusstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getpermissionrequesttogglestatusstub_fuzzer/BUILD.gn index 07a60bedb..ac30fc2f5 100644 --- a/test/fuzztest/services/accesstoken/getpermissionrequesttogglestatusstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getpermissionrequesttogglestatusstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetPermissionRequestToggleStatusStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getpermissionrequesttogglestatusstub_fuzzer/getpermissionrequesttogglestatusstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getpermissionrequesttogglestatusstub_fuzzer/getpermissionrequesttogglestatusstub_fuzzer.cpp index 841934814..10b12bce5 100644 --- a/test/fuzztest/services/accesstoken/getpermissionrequesttogglestatusstub_fuzzer/getpermissionrequesttogglestatusstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getpermissionrequesttogglestatusstub_fuzzer/getpermissionrequesttogglestatusstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -46,7 +46,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_PERMISSION_REQUEST_TOGGLE_STATUS); + IAccessTokenManagerIpcCode::COMMAND_GET_PERMISSION_REQUEST_TOGGLE_STATUS); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/getpermissionsstatusstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getpermissionsstatusstub_fuzzer/BUILD.gn index 389e032db..efc48f2c8 100644 --- a/test/fuzztest/services/accesstoken/getpermissionsstatusstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getpermissionsstatusstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -34,7 +34,10 @@ ohos_fuzztest("GetPermissionsStatusStubFuzzTest") { deps = access_token_deps deps += [ "${access_token_path}/interfaces/innerkits/nativetoken:libnativetoken_shared" ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getpermissionsstatusstub_fuzzer/getpermissionsstatusstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getpermissionsstatusstub_fuzzer/getpermissionsstatusstub_fuzzer.cpp index 472fcc480..3f61fc13f 100644 --- a/test/fuzztest/services/accesstoken/getpermissionsstatusstub_fuzzer/getpermissionsstatusstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getpermissionsstatusstub_fuzzer/getpermissionsstatusstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -24,7 +24,7 @@ #include "access_token.h" #include "accesstoken_kit.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" #include "nativetoken_kit.h" #include "securec.h" #include "token_setproc.h" @@ -120,7 +120,7 @@ size_t g_baseFuzzPos = 0; } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_PERMISSIONS_STATUS); + IAccessTokenManagerIpcCode::COMMAND_GET_PERMISSIONS_STATUS); MessageParcel reply; MessageOption option; bool enable = ((size % CONSTANTS_NUMBER_TWO) == 0); diff --git a/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/BUILD.gn index 81e50ab0a..9e050c961 100644 --- a/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetPermissionUsedTypeStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/getpermissionusedtypestub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/getpermissionusedtypestub_fuzzer.cpp index 5c8a672de..46d926281 100644 --- a/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/getpermissionusedtypestub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/getpermissionusedtypestub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -24,7 +24,7 @@ #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" #include "hap_info_parcel.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -52,7 +52,7 @@ bool GetPermissionUsedTypeStubFuzzTest(const uint8_t* data, size_t size) } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_USER_GRANTED_PERMISSION_USED_TYPE); + IAccessTokenManagerIpcCode::COMMAND_GET_PERMISSION_USED_TYPE); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/BUILD.gn index d3ce3d6fc..0dfb959a6 100644 --- a/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetRemoteNativeTokenIDStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/getremotenativetokenidstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/getremotenativetokenidstub_fuzzer.cpp index 2b8239078..1fb794568 100644 --- a/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/getremotenativetokenidstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/getremotenativetokenidstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #include "accesstoken_info_manager.h" #include "accesstoken_kit.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" #include "token_setproc.h" using namespace std; @@ -54,7 +54,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_NATIVE_REMOTE_TOKEN); + IAccessTokenManagerIpcCode::COMMAND_GET_REMOTE_NATIVE_TOKEN_I_D); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/BUILD.gn index f2de773f0..197b8f6b2 100644 --- a/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetReqPermissionByNameStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/getreqpermissionbynamestub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/getreqpermissionbynamestub_fuzzer.cpp index d9f021801..e0da7247c 100644 --- a/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/getreqpermissionbynamestub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/getreqpermissionbynamestub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -42,7 +42,7 @@ namespace OHOS { return false; } - uint32_t code = static_cast(AccessTokenInterfaceCode::GET_PERMISSION_BY_NAME); + uint32_t code = static_cast(IAccessTokenManagerIpcCode::COMMAND_GET_REQ_PERMISSION_BY_NAME); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/getreqpermissionsstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getreqpermissionsstub_fuzzer/BUILD.gn index 225390f68..0c3f1c41f 100644 --- a/test/fuzztest/services/accesstoken/getreqpermissionsstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getreqpermissionsstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetReqPermissionsStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getreqpermissionsstub_fuzzer/getreqpermissionsstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getreqpermissionsstub_fuzzer/getreqpermissionsstub_fuzzer.cpp index d8db10cb1..022a9113e 100644 --- a/test/fuzztest/services/accesstoken/getreqpermissionsstub_fuzzer/getreqpermissionsstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getreqpermissionsstub_fuzzer/getreqpermissionsstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" #include "permission_def_parcel.h" using namespace std; @@ -47,7 +47,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_REQ_PERMISSIONS); + IAccessTokenManagerIpcCode::COMMAND_GET_REQ_PERMISSIONS); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/getselfpermissionsstatestub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getselfpermissionsstatestub_fuzzer/BUILD.gn index 6e0b50f04..064c9261c 100644 --- a/test/fuzztest/services/accesstoken/getselfpermissionsstatestub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getselfpermissionsstatestub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetSelfPermissionsStateStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/getselfpermissionsstatestub_fuzzer/getselfpermissionsstatestub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getselfpermissionsstatestub_fuzzer/getselfpermissionsstatestub_fuzzer.cpp index bb35c40c4..a767372a2 100644 --- a/test/fuzztest/services/accesstoken/getselfpermissionsstatestub_fuzzer/getselfpermissionsstatestub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getselfpermissionsstatestub_fuzzer/getselfpermissionsstatestub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS; @@ -51,7 +51,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_PERMISSION_OPER_STATE); + IAccessTokenManagerIpcCode::COMMAND_GET_SELF_PERMISSIONS_STATE); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/gettokenidbyuseridstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/gettokenidbyuseridstub_fuzzer/BUILD.gn index e3bcbfced..78d02583e 100644 --- a/test/fuzztest/services/accesstoken/gettokenidbyuseridstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/gettokenidbyuseridstub_fuzzer/BUILD.gn @@ -32,7 +32,10 @@ ohos_fuzztest("GetTokenIDByUserIDStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/gettokenidbyuseridstub_fuzzer/gettokenidbyuseridstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/gettokenidbyuseridstub_fuzzer/gettokenidbyuseridstub_fuzzer.cpp index 3345a3bd2..a3b3cc411 100644 --- a/test/fuzztest/services/accesstoken/gettokenidbyuseridstub_fuzzer/gettokenidbyuseridstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/gettokenidbyuseridstub_fuzzer/gettokenidbyuseridstub_fuzzer.cpp @@ -18,7 +18,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -41,7 +41,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_TOKEN_ID_BY_USER_ID); + IAccessTokenManagerIpcCode::COMMAND_GET_TOKEN_I_D_BY_USER_I_D); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/gettokentypestub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/gettokentypestub_fuzzer/BUILD.gn index 1a167b063..e19e8f3d0 100644 --- a/test/fuzztest/services/accesstoken/gettokentypestub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/gettokentypestub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GetTokenTypeStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/gettokentypestub_fuzzer/gettokentypestub_fuzzer.cpp b/test/fuzztest/services/accesstoken/gettokentypestub_fuzzer/gettokentypestub_fuzzer.cpp index f98c2ddc8..7a21b62dd 100644 --- a/test/fuzztest/services/accesstoken/gettokentypestub_fuzzer/gettokentypestub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/gettokentypestub_fuzzer/gettokentypestub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -42,7 +42,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_TOKEN_TYPE); + IAccessTokenManagerIpcCode::COMMAND_GET_TOKEN_TYPE); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/BUILD.gn index 5416997fc..1f4268915 100644 --- a/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GrantPermissionForSpecifiedTimeStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/grantpermissionforspecifiedtimestub_fuzzer.cpp b/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/grantpermissionforspecifiedtimestub_fuzzer.cpp index 73e4bb695..ae92c9001 100644 --- a/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/grantpermissionforspecifiedtimestub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/grantpermissionforspecifiedtimestub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -24,7 +24,7 @@ #undef private #include "accesstoken_manager_service.h" #include "hap_info_parcel.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -49,7 +49,7 @@ namespace OHOS { return false; } uint32_t code = static_cast( - AccessTokenInterfaceCode::GRANT_PERMISSION_FOR_SPECIFIEDTIME); + IAccessTokenManagerIpcCode::COMMAND_ALLOC_HAP_TOKEN); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/BUILD.gn index c8b6142db..65dfeeeef 100644 --- a/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("GrantPermissionStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/grantpermissionstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/grantpermissionstub_fuzzer.cpp index f7f3dff30..34aa2513d 100644 --- a/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/grantpermissionstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/grantpermissionstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -26,7 +26,7 @@ #include "accesstoken_info_manager.h" #include "accesstoken_kit.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" #include "token_setproc.h" using namespace std; @@ -65,7 +65,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::GRANT_PERMISSION); + IAccessTokenManagerIpcCode::COMMAND_GRANT_PERMISSION); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/inithaptokenstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/inithaptokenstub_fuzzer/BUILD.gn index 5b707634a..4b1e8c6f2 100644 --- a/test/fuzztest/services/accesstoken/inithaptokenstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/inithaptokenstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("InitHapTokenStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/inithaptokenstub_fuzzer/inithaptokenstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/inithaptokenstub_fuzzer/inithaptokenstub_fuzzer.cpp index 13fa49d2a..ea023f93c 100644 --- a/test/fuzztest/services/accesstoken/inithaptokenstub_fuzzer/inithaptokenstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/inithaptokenstub_fuzzer/inithaptokenstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -24,7 +24,7 @@ #undef private #include "accesstoken_manager_service.h" #include "hap_info_parcel.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -93,7 +93,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::INIT_TOKEN_HAP); + IAccessTokenManagerIpcCode::COMMAND_INIT_HAP_TOKEN); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/BUILD.gn index ac370e147..33e4bf96f 100644 --- a/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/BUILD.gn @@ -34,7 +34,10 @@ ohos_fuzztest("InitUserPolicyStubFuzzTest") { deps = access_token_deps deps += [ "${access_token_path}/interfaces/innerkits/nativetoken:libnativetoken_shared" ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/inituserpolicystub_fuzzer.cpp b/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/inituserpolicystub_fuzzer.cpp index 1184c309a..f4b01a42c 100644 --- a/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/inituserpolicystub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/inituserpolicystub_fuzzer.cpp @@ -23,7 +23,7 @@ #include "accesstoken_fuzzdata.h" #include "accesstoken_kit.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" #include "nativetoken_kit.h" #include "token_setproc.h" @@ -93,7 +93,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::INIT_USER_POLICY); + IAccessTokenManagerIpcCode::COMMAND_INIT_USER_POLICY); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/registerpermstatechangecallbackstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/registerpermstatechangecallbackstub_fuzzer/BUILD.gn index 155806b69..11a3e6545 100644 --- a/test/fuzztest/services/accesstoken/registerpermstatechangecallbackstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/registerpermstatechangecallbackstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("RegisterPermStateChangeCallbackStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/registerpermstatechangecallbackstub_fuzzer/registerpermstatechangecallbackstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/registerpermstatechangecallbackstub_fuzzer/registerpermstatechangecallbackstub_fuzzer.cpp index 251cfd7d9..b37d7b402 100644 --- a/test/fuzztest/services/accesstoken/registerpermstatechangecallbackstub_fuzzer/registerpermstatechangecallbackstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/registerpermstatechangecallbackstub_fuzzer/registerpermstatechangecallbackstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -22,7 +22,7 @@ #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_client.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -77,7 +77,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::REGISTER_PERM_STATE_CHANGE_CALLBACK); + IAccessTokenManagerIpcCode::COMMAND_REGISTER_PERM_STATE_CHANGE_CALLBACK); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/BUILD.gn index cdb19e0af..63c5b686e 100644 --- a/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/BUILD.gn @@ -34,7 +34,10 @@ ohos_fuzztest("RegisterSelfPermStateChangeCallbackStubFuzzTest") { deps = access_token_deps deps += [ "${access_token_path}/interfaces/innerkits/nativetoken:libnativetoken_shared" ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/registerselfpermstatechangecallbackstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/registerselfpermstatechangecallbackstub_fuzzer.cpp index 946e7fa59..4d35d90e5 100644 --- a/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/registerselfpermstatechangecallbackstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/registerselfpermstatechangecallbackstub_fuzzer.cpp @@ -26,7 +26,7 @@ #include "accesstoken_kit.h" #include "accesstoken_manager_client.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" #include "token_setproc.h" using namespace std; @@ -110,7 +110,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::REGISTER_SELF_PERM_STATE_CHANGE_CALLBACK); + IAccessTokenManagerIpcCode::COMMAND_REGISTER_SELF_PERM_STATE_CHANGE_CALLBACK); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/BUILD.gn index 7972f3712..9e06d8b29 100644 --- a/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("RequestAppPermOnSettingStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/requestapppermonsettingstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/requestapppermonsettingstub_fuzzer.cpp index 4c65417af..bcd22753e 100644 --- a/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/requestapppermonsettingstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/requestapppermonsettingstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -42,7 +42,7 @@ namespace OHOS { return false; } - uint32_t code = static_cast(AccessTokenInterfaceCode::REQUEST_APP_PERM_ON_SETTING); + uint32_t code = static_cast(IAccessTokenManagerIpcCode::COMMAND_REQUEST_APP_PERM_ON_SETTING); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/revokepermissionstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/revokepermissionstub_fuzzer/BUILD.gn index de933d784..5e81544fc 100644 --- a/test/fuzztest/services/accesstoken/revokepermissionstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/revokepermissionstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("RevokePermissionStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/revokepermissionstub_fuzzer/revokepermissionstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/revokepermissionstub_fuzzer/revokepermissionstub_fuzzer.cpp index aab7e2a75..30d69e7df 100644 --- a/test/fuzztest/services/accesstoken/revokepermissionstub_fuzzer/revokepermissionstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/revokepermissionstub_fuzzer/revokepermissionstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -48,7 +48,7 @@ namespace OHOS { return false; } uint32_t code = static_cast( - AccessTokenInterfaceCode::REVOKE_PERMISSION); + IAccessTokenManagerIpcCode::COMMAND_REVOKE_PERMISSION); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/setpermdialogcap_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/setpermdialogcap_fuzzer/BUILD.gn index 81f75417d..c240203ea 100644 --- a/test/fuzztest/services/accesstoken/setpermdialogcap_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/setpermdialogcap_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("SetPermDialogCapFuzzTest") { deps = access_token_deps deps += [ "${access_token_path}/interfaces/innerkits/nativetoken:libnativetoken_shared" ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/setpermdialogcap_fuzzer/setpermdialogcap_fuzzer.cpp b/test/fuzztest/services/accesstoken/setpermdialogcap_fuzzer/setpermdialogcap_fuzzer.cpp index 153e3bbd2..994193a1a 100644 --- a/test/fuzztest/services/accesstoken/setpermdialogcap_fuzzer/setpermdialogcap_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/setpermdialogcap_fuzzer/setpermdialogcap_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #include "accesstoken_fuzzdata.h" #include "accesstoken_kit.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" #include "nativetoken_kit.h" #include "securec.h" #include "token_setproc.h" @@ -72,7 +72,7 @@ namespace OHOS { if (!datas.WriteParcelable(&baseInfoParcel)) { return false; } - uint32_t code = static_cast(AccessTokenInterfaceCode::SET_PERM_DIALOG_CAPABILITY); + uint32_t code = static_cast(IAccessTokenManagerIpcCode::COMMAND_SET_PERM_DIALOG_CAP); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/setpermissionrequesttogglestatusstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/setpermissionrequesttogglestatusstub_fuzzer/BUILD.gn index 7a7623c5f..2bf1efcd2 100644 --- a/test/fuzztest/services/accesstoken/setpermissionrequesttogglestatusstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/setpermissionrequesttogglestatusstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("SetPermissionRequestToggleStatusStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/setpermissionrequesttogglestatusstub_fuzzer/setpermissionrequesttogglestatusstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/setpermissionrequesttogglestatusstub_fuzzer/setpermissionrequesttogglestatusstub_fuzzer.cpp index c2934d016..7e98d5860 100644 --- a/test/fuzztest/services/accesstoken/setpermissionrequesttogglestatusstub_fuzzer/setpermissionrequesttogglestatusstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/setpermissionrequesttogglestatusstub_fuzzer/setpermissionrequesttogglestatusstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,7 +23,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -49,7 +49,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::SET_PERMISSION_REQUEST_TOGGLE_STATUS); + IAccessTokenManagerIpcCode::COMMAND_SET_PERMISSION_REQUEST_TOGGLE_STATUS); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/BUILD.gn index 35fa2dfe5..66b3dfb04 100644 --- a/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("SetRemoteHapTokenInfoStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/setremotehaptokeninfostub_fuzzer.cpp b/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/setremotehaptokeninfostub_fuzzer.cpp index 8cda4c996..db20383d4 100644 --- a/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/setremotehaptokeninfostub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/setremotehaptokeninfostub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -24,7 +24,7 @@ #include "accesstoken_info_manager.h" #include "accesstoken_kit.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" #include "permission_state_full.h" #include "token_setproc.h" @@ -88,7 +88,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::SET_REMOTE_HAP_TOKEN_INFO); + IAccessTokenManagerIpcCode::COMMAND_SET_REMOTE_HAP_TOKEN_INFO); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/updatehaptokenstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/updatehaptokenstub_fuzzer/BUILD.gn index 7b73bb9b5..31a7c5de2 100644 --- a/test/fuzztest/services/accesstoken/updatehaptokenstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/updatehaptokenstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("UpdateHapTokenStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/updatehaptokenstub_fuzzer/updatehaptokenstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/updatehaptokenstub_fuzzer/updatehaptokenstub_fuzzer.cpp index 939f5f390..e9763360a 100644 --- a/test/fuzztest/services/accesstoken/updatehaptokenstub_fuzzer/updatehaptokenstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/updatehaptokenstub_fuzzer/updatehaptokenstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -80,7 +80,7 @@ namespace OHOS { if (!datas.WriteParcelable(&hapPolicyParcel)) { return false; } - uint32_t code = static_cast(AccessTokenInterfaceCode::UPDATE_HAP_TOKEN); + uint32_t code = static_cast(IAccessTokenManagerIpcCode::COMMAND_UPDATE_HAP_TOKEN); MessageParcel reply; MessageOption option; bool enable = ((size % CONSTANTS_NUMBER_TWO) == 0); diff --git a/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/BUILD.gn index 3d21d687f..3a5c06574 100644 --- a/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/BUILD.gn @@ -34,7 +34,10 @@ ohos_fuzztest("UpdateUserPolicyStubFuzzTest") { deps = access_token_deps deps += [ "${access_token_path}/interfaces/innerkits/nativetoken:libnativetoken_shared" ] - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/updateuserpolicystub_fuzzer.cpp b/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/updateuserpolicystub_fuzzer.cpp index c0a8edc5d..0714eab49 100644 --- a/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/updateuserpolicystub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/updateuserpolicystub_fuzzer.cpp @@ -23,7 +23,7 @@ #include "accesstoken_fuzzdata.h" #include "accesstoken_kit.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" #include "nativetoken_kit.h" #include "token_setproc.h" @@ -85,7 +85,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::UPDATE_USER_POLICY); + IAccessTokenManagerIpcCode::COMMAND_UPDATE_USER_POLICY); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/verifyaccesstokenstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/verifyaccesstokenstub_fuzzer/BUILD.gn index 3187a41a1..47672fbf1 100644 --- a/test/fuzztest/services/accesstoken/verifyaccesstokenstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/verifyaccesstokenstub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("VerifyAccessTokenStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/verifyaccesstokenstub_fuzzer/verifyaccesstokenstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/verifyaccesstokenstub_fuzzer/verifyaccesstokenstub_fuzzer.cpp index d0c514595..7575cc237 100644 --- a/test/fuzztest/services/accesstoken/verifyaccesstokenstub_fuzzer/verifyaccesstokenstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/verifyaccesstokenstub_fuzzer/verifyaccesstokenstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -44,7 +44,7 @@ namespace OHOS { } uint32_t code = static_cast( - AccessTokenInterfaceCode::VERIFY_ACCESSTOKEN); + IAccessTokenManagerIpcCode::COMMAND_VERIFY_ACCESS_TOKEN); MessageParcel reply; MessageOption option; diff --git a/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/BUILD.gn index 1d6648b8f..c134bd809 100644 --- a/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2024-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,7 +33,10 @@ ohos_fuzztest("VerifyAccessTokenWithListStubFuzzTest") { deps = access_token_deps - configs = [ "${access_token_path}/config:coverage_flags" ] + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] external_deps = access_token_external_deps diff --git a/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/verifyaccesstokenwithliststub_fuzzer.cpp b/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/verifyaccesstokenwithliststub_fuzzer.cpp index af153efff..b6ddf6902 100644 --- a/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/verifyaccesstokenwithliststub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/verifyaccesstokenwithliststub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,7 +21,7 @@ #undef private #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" +#include "iaccess_token_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; @@ -48,7 +48,8 @@ namespace OHOS { return false; } - uint32_t code = static_cast(AccessTokenInterfaceCode::VERIFY_ACCESSTOKEN_WITH_LIST); + uint32_t code = static_cast( + IAccessTokenManagerIpcCode::COMMAND_VERIFY_ACCESS_TOKEN_IN_UNSIGNED_INT_IN_LIST_STRING_OUT_LIST_INT); MessageParcel reply; MessageOption option; -- Gitee