From 82ec8ac340bd8c2c6c69887e3e0cea15abe5dab8 Mon Sep 17 00:00:00 2001 From: xwx1135370 Date: Thu, 25 Jul 2024 09:23:51 +0800 Subject: [PATCH 001/473] =?UTF-8?q?=E4=BF=AE=E5=A4=8Dpart=5Fconfig?= =?UTF-8?q?=E4=B8=AD=E9=85=8D=E7=BD=AE=E7=9A=84musl=20feature?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit issue:https://gitee.com/openharmony/third_party_musl/issues/IAF1XE?from=project-issue Test:Source code compilation Signed-off-by: xwx1135370 --- services/common/BUILD.gn | 2 +- test/fuzztest/services/privacy/privacy_service_fuzz.gni | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/services/common/BUILD.gn b/services/common/BUILD.gn index bb4b96478..8722eb034 100644 --- a/services/common/BUILD.gn +++ b/services/common/BUILD.gn @@ -99,7 +99,7 @@ ohos_static_library("accesstoken_service_common") { } if (use_musl) { - if (use_jemalloc && use_jemalloc_dfx_intf) { + if (musl_use_jemalloc && musl_use_jemalloc_dfx_intf) { cflags_cc += [ "-DCONFIG_USE_JEMALLOC_DFX_INTF" ] } } diff --git a/test/fuzztest/services/privacy/privacy_service_fuzz.gni b/test/fuzztest/services/privacy/privacy_service_fuzz.gni index 371cadaf4..97d5ddd8b 100644 --- a/test/fuzztest/services/privacy/privacy_service_fuzz.gni +++ b/test/fuzztest/services/privacy/privacy_service_fuzz.gni @@ -102,7 +102,7 @@ privacy_cflags_cc = [ privacy_defines = [] if (use_musl) { - if (use_jemalloc && use_jemalloc_dfx_intf) { + if (musl_use_jemalloc && musl_use_jemalloc_dfx_intf) { privacy_defines += [ "CONFIG_USE_JEMALLOC_DFX_INTF" ] } } -- Gitee From 2e34241d2e63d8f4712f8a6c5c9ba2c12657ff90 Mon Sep 17 00:00:00 2001 From: chennian Date: Wed, 31 Jul 2024 00:02:44 +0800 Subject: [PATCH 002/473] =?UTF-8?q?AddRecord=E4=BC=98=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: chennian Change-Id: I3e0089e78b87d4b362d35da96aee721f1d236678 --- frameworks/common/BUILD.gn | 1 + .../common}/include/time_util.h | 0 .../common}/src/time_util.cpp | 0 .../innerkits/privacy/src/privacy_kit.cpp | 35 +++++++++++++++++-- .../test/unittest/src/privacy_kit_test.cpp | 11 +++++- .../src/token/accesstoken_info_manager.cpp | 6 ++-- services/common/BUILD.gn | 2 -- .../src/record/permission_record_manager.cpp | 2 -- .../src/service/privacy_manager_service.cpp | 3 +- 9 files changed, 49 insertions(+), 11 deletions(-) rename {services/common/utils => frameworks/common}/include/time_util.h (100%) rename {services/common/utils => frameworks/common}/src/time_util.cpp (100%) diff --git a/frameworks/common/BUILD.gn b/frameworks/common/BUILD.gn index d78b3c41b..5ef5ab824 100644 --- a/frameworks/common/BUILD.gn +++ b/frameworks/common/BUILD.gn @@ -46,6 +46,7 @@ ohos_shared_library("accesstoken_common_cxx") { "src/data_validator.cpp", "src/json_parser.cpp", "src/permission_map.cpp", + "src/time_util.cpp", ] external_deps = [ diff --git a/services/common/utils/include/time_util.h b/frameworks/common/include/time_util.h similarity index 100% rename from services/common/utils/include/time_util.h rename to frameworks/common/include/time_util.h diff --git a/services/common/utils/src/time_util.cpp b/frameworks/common/src/time_util.cpp similarity index 100% rename from services/common/utils/src/time_util.cpp rename to frameworks/common/src/time_util.cpp diff --git a/interfaces/innerkits/privacy/src/privacy_kit.cpp b/interfaces/innerkits/privacy/src/privacy_kit.cpp index d6c612dd7..54277fb3b 100644 --- a/interfaces/innerkits/privacy/src/privacy_kit.cpp +++ b/interfaces/innerkits/privacy/src/privacy_kit.cpp @@ -18,15 +18,42 @@ #include #include -#include "accesstoken_log.h" #include "constant_common.h" #include "data_validator.h" #include "privacy_error.h" #include "privacy_manager_client.h" +#include "time_util.h" namespace OHOS { namespace Security { namespace AccessToken { +namespace { +constexpr const uint64_t MERGE_TIMESTAMP = 200; // 200ms +std::mutex g_lockCache; +std::map g_recordMap; +} +static std::string GetRecordUniqueStr(const AddPermParamInfo& record) +{ + return std::to_string(record.tokenId) + "_" + record.permissionName + "_" + std::to_string(record.type); +} + +bool FindAndInsertRecord(const AddPermParamInfo& record) +{ + std::string newRecordStr = GetRecordUniqueStr(record); + uint64_t curTimestamp = TimeUtil::GetCurrentTimestamp(); + std::lock_guard lock(g_lockCache); + auto iter = g_recordMap.find(newRecordStr); + if (iter == g_recordMap.end()) { + g_recordMap[newRecordStr] = curTimestamp; + return false; + } + if (curTimestamp - iter->second < MERGE_TIMESTAMP) { + return true; + } + g_recordMap[newRecordStr] = curTimestamp; + return false; +} + int32_t PrivacyKit::AddPermissionUsedRecord(AccessTokenID tokenID, const std::string& permissionName, int32_t successCount, int32_t failCount, bool asyncMode) { @@ -49,7 +76,11 @@ int32_t PrivacyKit::AddPermissionUsedRecord(const AddPermParamInfo& info, bool a if (!DataValidator::IsHapCaller(info.tokenId)) { return PrivacyError::ERR_PARAM_INVALID; } - return PrivacyManagerClient::GetInstance().AddPermissionUsedRecord(info, asyncMode); + + if (!FindAndInsertRecord(info)) { + return PrivacyManagerClient::GetInstance().AddPermissionUsedRecord(info, asyncMode); + } + return RET_SUCCESS; } int32_t PrivacyKit::StartUsingPermission(AccessTokenID tokenID, const std::string& permissionName) diff --git a/interfaces/innerkits/privacy/test/unittest/src/privacy_kit_test.cpp b/interfaces/innerkits/privacy/test/unittest/src/privacy_kit_test.cpp index e087558c5..bc7c3dc57 100644 --- a/interfaces/innerkits/privacy/test/unittest/src/privacy_kit_test.cpp +++ b/interfaces/innerkits/privacy/test/unittest/src/privacy_kit_test.cpp @@ -587,9 +587,12 @@ HWTEST_F(PrivacyKitTest, AddPermissionUsedRecord006, TestSize.Level1) info.successCount = 1; info.failCount = 0; + // <200ms, record is dropped ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); + usleep(200000); // 200000us = 200ms ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); + usleep(200000); // 200000us = 200ms ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); PermissionUsedRequest request; @@ -602,7 +605,7 @@ HWTEST_F(PrivacyKitTest, AddPermissionUsedRecord006, TestSize.Level1) ASSERT_EQ(static_cast(1), result.bundleRecords.size()); ASSERT_EQ(static_cast(1), result.bundleRecords[0].permissionRecords.size()); ASSERT_EQ(static_cast(1), result.bundleRecords[0].permissionRecords[0].accessRecords.size()); - CheckPermissionUsedResult(request, result, 1, 4, 0); // records in the same minute combine to one + CheckPermissionUsedResult(request, result, 1, 3, 0); // records in the same minute combine to one } /** @@ -865,8 +868,11 @@ HWTEST_F(PrivacyKitTest, GetPermissionUsedRecords003, TestSize.Level1) info.successCount = 1; info.failCount = 0; ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); + usleep(200000); // 200000us = 200ms ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); + usleep(200000); // 200000us = 200ms ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); + usleep(200000); // 200000us = 200ms ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); PermissionUsedRequest request; @@ -877,12 +883,15 @@ HWTEST_F(PrivacyKitTest, GetPermissionUsedRecords003, TestSize.Level1) ASSERT_EQ(static_cast(1), result.bundleRecords.size()); CheckPermissionUsedResult(request, result, 1, 4, 0); + usleep(200000); // 200000us = 200ms info.permissionName = "ohos.permission.READ_CONTACTS"; ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); + usleep(200000); // 200000us = 200ms info.permissionName = "ohos.permission.READ_CALENDAR"; ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); + usleep(200000); // 200000us = 200ms info.permissionName = "ohos.permission.WRITE_CALENDAR"; ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index 116ca2e50..ecf5561f6 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -244,13 +244,13 @@ int AccessTokenInfoManager::AddHapTokenInfo(const std::shared_ptrIsRemote()) { - std::string HapUniqueKey = GetHapUniqueStr(info); - auto iter = hapTokenIdMap_.find(HapUniqueKey); + std::string hapUniqueKey = GetHapUniqueStr(info); + auto iter = hapTokenIdMap_.find(hapUniqueKey); if (iter != hapTokenIdMap_.end()) { ACCESSTOKEN_LOG_INFO(LABEL, "Token %{public}u Unique info has exist, update.", id); idRemoved = iter->second; } - hapTokenIdMap_[HapUniqueKey] = id; + hapTokenIdMap_[hapUniqueKey] = id; } hapTokenInfoMap_[id] = info; } diff --git a/services/common/BUILD.gn b/services/common/BUILD.gn index bb4b96478..3481181b9 100644 --- a/services/common/BUILD.gn +++ b/services/common/BUILD.gn @@ -21,7 +21,6 @@ config("accesstoken_service_common_public_config") { "database/include", "libraryloader/include", "random/include", - "utils/include", ] if (eventhandler_enable) { include_dirs += [ "handler/include" ] @@ -58,7 +57,6 @@ ohos_static_library("accesstoken_service_common") { "database/src/variant_value.cpp", "libraryloader/src/libraryloader.cpp", "random/src/random_openssl.cpp", - "utils/src/time_util.cpp", ] cflags_cc = [ diff --git a/services/privacymanager/src/record/permission_record_manager.cpp b/services/privacymanager/src/record/permission_record_manager.cpp index 224367eae..e5c2693e3 100644 --- a/services/privacymanager/src/record/permission_record_manager.cpp +++ b/services/privacymanager/src/record/permission_record_manager.cpp @@ -1031,8 +1031,6 @@ bool PermissionRecordManager::IsAllowedUsingPermission(AccessTokenID tokenId, co int32_t PermissionRecordManager::SetMutePolicy(const PolicyType& policyType, const CallerType& callerType, bool isMute) { - ACCESSTOKEN_LOG_INFO(LABEL, "CallerType: %{public}d, policyType: %{public}d, isMute: %{public}d", - callerType, policyType, isMute); std::string permissionName; if (callerType == MICROPHONE) { permissionName = MICROPHONE_PERMISSION_NAME; diff --git a/services/privacymanager/src/service/privacy_manager_service.cpp b/services/privacymanager/src/service/privacy_manager_service.cpp index d79eab810..91b00d6d7 100644 --- a/services/privacymanager/src/service/privacy_manager_service.cpp +++ b/services/privacymanager/src/service/privacy_manager_service.cpp @@ -277,7 +277,8 @@ bool PrivacyManagerService::IsAllowedUsingPermission(AccessTokenID tokenId, cons int32_t PrivacyManagerService::SetMutePolicy(uint32_t policyType, uint32_t callerType, bool isMute) { - ACCESSTOKEN_LOG_INFO(LABEL, "CallerType: %{public}d, isMute: %{public}d", callerType, isMute); + ACCESSTOKEN_LOG_INFO(LABEL, "PolicyType: %{public}d, callerType: %{public}d, isMute: %{public}d", + policyType, callerType, isMute); return PermissionRecordManager::GetInstance().SetMutePolicy( static_cast(policyType), static_cast(callerType), isMute); } -- Gitee From 0bae8b7ac70bb39415e39f4bbf385936806c5d89 Mon Sep 17 00:00:00 2001 From: zhouyan Date: Sat, 3 Aug 2024 17:32:18 +0800 Subject: [PATCH 003/473] =?UTF-8?q?=E4=B8=B4=E6=97=B6=E9=9D=99=E9=9F=B3?= =?UTF-8?q?=E7=94=A8=E4=BE=8B=E9=9A=94=E7=A6=BB?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: zhouyan Change-Id: I6372108b85604c2461f234ec7a62f91bf202446e --- .../test/unittest/permission_record_manager_test.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/services/privacymanager/test/unittest/permission_record_manager_test.cpp b/services/privacymanager/test/unittest/permission_record_manager_test.cpp index 0bc5f8468..9bdffb5fb 100644 --- a/services/privacymanager/test/unittest/permission_record_manager_test.cpp +++ b/services/privacymanager/test/unittest/permission_record_manager_test.cpp @@ -438,6 +438,7 @@ HWTEST_F(PermissionRecordManagerTest, StartUsingPermissionTest006, TestSize.Leve PermissionRecordManager::GetInstance().isMicLoad_ = isMicLoad; } +#ifndef APP_SECURITY_PRIVACY_SERVICE /* * @tc.name: ShowGlobalDialog001 * @tc.desc: ShowGlobalDialog function test @@ -454,6 +455,7 @@ HWTEST_F(PermissionRecordManagerTest, ShowGlobalDialog001, TestSize.Level1) sleep(3); // wait for dialog disappear ASSERT_EQ(true, PermissionRecordManager::GetInstance().ShowGlobalDialog(LOCATION_PERMISSION_NAME)); // no dialog } +#endif /* * @tc.name: AppStateChangeListener001 @@ -859,6 +861,7 @@ HWTEST_F(PermissionRecordManagerTest, SetMutePolicyTest007, TestSize.Level1) PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::TEMPORARY, CallerType::MICROPHONE, false)); } +#ifndef APP_SECURITY_PRIVACY_SERVICE /* * @tc.name: SetMutePolicyTest008 * @tc.desc: @@ -878,6 +881,7 @@ HWTEST_F(PermissionRecordManagerTest, SetMutePolicyTest008, TestSize.Level1) EXPECT_EQ(ERR_PRIVACY_POLICY_CHECK_FAILED, PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::TEMPORARY, CallerType::MICROPHONE, false)); } +#endif /* * @tc.name: SetMutePolicyTest009 -- Gitee From 216ce1c32a7f2647b447a273484b7cef03be9ece Mon Sep 17 00:00:00 2001 From: chennian Date: Mon, 5 Aug 2024 10:26:58 +0800 Subject: [PATCH 004/473] Modify bug Signed-off-by: chennian Change-Id: I82808d8fac2992f875f73a5b530bada90119c17b --- .../main/cpp/src/database/access_token_db.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp b/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp index 36160a825..0ed56858d 100644 --- a/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp +++ b/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp @@ -539,7 +539,7 @@ int32_t AccessTokenDb::AddAvailableTypeColumn() const int32_t AccessTokenDb::AddRequestToggleStatusColumn() const { ACCESSTOKEN_LOG_INFO(LABEL, "Entry"); - auto it = dataTypeToSqlTable_.find(DataType::ACCESSTOKEN_HAP_INFO); + auto it = dataTypeToSqlTable_.find(DataType::ACCESSTOKEN_PERMISSION_REQUEST_TOGGLE_STATUS); if (it == dataTypeToSqlTable_.end()) { return FAILURE; } -- Gitee From 113b8b0881a5516d82a41df6411f1cdc48d577a3 Mon Sep 17 00:00:00 2001 From: feibuzhid Date: Mon, 5 Aug 2024 11:49:59 +0800 Subject: [PATCH 005/473] =?UTF-8?q?=E9=9A=90=E7=A7=81=E6=9C=8D=E5=8A=A1?= =?UTF-8?q?=E6=96=B0=E5=A2=9E=E4=BD=BF=E7=94=A8=E5=AE=89=E5=85=A8=E9=9A=90?= =?UTF-8?q?=E7=A7=81=E4=BF=A1=E6=81=AF=E6=9D=83=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: feibuzhid --- services/tokensyncmanager/token_sync.cfg | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/services/tokensyncmanager/token_sync.cfg b/services/tokensyncmanager/token_sync.cfg index 313b5bd05..2c86fb502 100644 --- a/services/tokensyncmanager/token_sync.cfg +++ b/services/tokensyncmanager/token_sync.cfg @@ -15,9 +15,13 @@ "ohos.permission.MONITOR_DEVICE_NETWORK_STATE", "ohos.permission.DISTRIBUTED_SOFTBUS_CENTER", "ohos.permission.GET_BUNDLE_INFO_PRIVILEGED", - "ohos.permission.ACCESS_SERVICE_DP" + "ohos.permission.ACCESS_SERVICE_DP", + "ohos.permission.USE_SECURITY_PRIVACY_MESSAGER" + ], + "permission_acls" : [ + "ohos.permission.MONITOR_DEVICE_NETWORK_STATE", + "ohos.permission.USE_SECURITY_PRIVACY_MESSAGER" ], - "permission_acls" : [ "ohos.permission.MONITOR_DEVICE_NETWORK_STATE" ], "secon" : "u:r:token_sync_service:s0" } ] -- Gitee From de6179dace907195fd30b44eb44d0144c2a1e54e Mon Sep 17 00:00:00 2001 From: chennian Date: Mon, 5 Aug 2024 04:30:11 +0000 Subject: [PATCH 006/473] =?UTF-8?q?=E3=80=90=E6=8C=91=E5=8D=955.0release?= =?UTF-8?q?=E3=80=91=E4=BF=AE=E5=A4=8D=E6=9D=83=E9=99=90=E7=94=B3=E8=AF=B7?= =?UTF-8?q?=E5=BC=80=E5=85=B3=E5=8D=87=E7=BA=A7=E7=9A=84bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: chennian --- .../main/cpp/src/database/access_token_db.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp b/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp index 36160a825..0ed56858d 100644 --- a/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp +++ b/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp @@ -539,7 +539,7 @@ int32_t AccessTokenDb::AddAvailableTypeColumn() const int32_t AccessTokenDb::AddRequestToggleStatusColumn() const { ACCESSTOKEN_LOG_INFO(LABEL, "Entry"); - auto it = dataTypeToSqlTable_.find(DataType::ACCESSTOKEN_HAP_INFO); + auto it = dataTypeToSqlTable_.find(DataType::ACCESSTOKEN_PERMISSION_REQUEST_TOGGLE_STATUS); if (it == dataTypeToSqlTable_.end()) { return FAILURE; } -- Gitee From ff94cd91520ca4d6298c58d31067e10b5a6146fa Mon Sep 17 00:00:00 2001 From: wuliushuan Date: Mon, 5 Aug 2024 03:19:09 +0000 Subject: [PATCH 007/473] =?UTF-8?q?=E5=8D=95=E4=BE=8B=E5=8F=8C=E9=87=8D?= =?UTF-8?q?=E6=A3=80=E6=9F=A5=E9=94=81=E5=A4=9A=E5=B9=B6=E5=8F=91=E9=97=AE?= =?UTF-8?q?=E9=A2=98=E5=A4=84=E7=90=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: wuliushuan Change-Id: I92f47920df52e732e3c17710bd3f0c96bb6d288e --- .../innerkits/accesstoken/src/accesstoken_manager_client.cpp | 3 ++- .../privacymanager/src/database/permission_used_record_db.cpp | 3 ++- .../privacymanager/src/record/permission_record_repository.cpp | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp index b67a5796d..b37fbe187 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp @@ -47,7 +47,8 @@ AccessTokenManagerClient& AccessTokenManagerClient::GetInstance() if (instance == nullptr) { std::lock_guard lock(g_instanceMutex); if (instance == nullptr) { - instance = new AccessTokenManagerClient(); + AccessTokenManagerClient* tmp = new AccessTokenManagerClient(); + instance = std::move(tmp); } } return *instance; diff --git a/services/privacymanager/src/database/permission_used_record_db.cpp b/services/privacymanager/src/database/permission_used_record_db.cpp index f47b37037..88c1d1a35 100644 --- a/services/privacymanager/src/database/permission_used_record_db.cpp +++ b/services/privacymanager/src/database/permission_used_record_db.cpp @@ -43,7 +43,8 @@ PermissionUsedRecordDb& PermissionUsedRecordDb::GetInstance() if (instance == nullptr) { std::lock_guard lock(g_instanceMutex); if (instance == nullptr) { - instance = new PermissionUsedRecordDb(); + PermissionUsedRecordDb* tmp = new PermissionUsedRecordDb(); + instance = std::move(tmp); } } return *instance; diff --git a/services/privacymanager/src/record/permission_record_repository.cpp b/services/privacymanager/src/record/permission_record_repository.cpp index c0405a3b4..9d211656b 100644 --- a/services/privacymanager/src/record/permission_record_repository.cpp +++ b/services/privacymanager/src/record/permission_record_repository.cpp @@ -31,7 +31,8 @@ PermissionRecordRepository& PermissionRecordRepository::GetInstance() if (instance == nullptr) { std::lock_guard lock(g_instanceMutex); if (instance == nullptr) { - instance = new PermissionRecordRepository(); + PermissionRecordRepository* tmp = new PermissionRecordRepository(); + instance = std::move(tmp); } } return *instance; -- Gitee From 0930f325a0cc3c0bc033824218d10e4f3f1df723 Mon Sep 17 00:00:00 2001 From: weiyuxiong Date: Mon, 5 Aug 2024 19:44:23 +0800 Subject: [PATCH 008/473] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E6=9D=83=E9=99=90ACC?= =?UTF-8?q?ESS=5FCAR=5FDISTRIBUTED=5FENGINE=E5=92=8CALLOW=5FCONNECT=5FCAR?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: weiyuxiong --- frameworks/common/src/permission_map.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/frameworks/common/src/permission_map.cpp b/frameworks/common/src/permission_map.cpp index d1a2ccf25..30b151c99 100644 --- a/frameworks/common/src/permission_map.cpp +++ b/frameworks/common/src/permission_map.cpp @@ -485,6 +485,8 @@ const static std::vector> g_permMap = { {"ohos.permission.GET_FILE_THUMBNAIL", false}, {"ohos.permission.PUBLISH_DISPLAY_ROTATION_EVENT", false}, {"ohos.permission.PUBLISH_CAST_PLUGGED_EVENT", false}, + {"ohos.permission.ACCESS_CAR_DISTRIBUTED_ENGINE", false}, + {"ohos.permission.ALLOW_CONNECT_CAR", false}, }; bool TransferPermissionToOpcode(const std::string& permission, uint32_t& opCode) -- Gitee From e84809ac2c5400c0f4b8acb0f1908284cce6fed8 Mon Sep 17 00:00:00 2001 From: weiyuxiong Date: Mon, 5 Aug 2024 20:49:19 +0800 Subject: [PATCH 009/473] --amend Signed-off-by: weiyuxiong --- .../permission_definitions.json | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/services/accesstokenmanager/permission_definitions.json b/services/accesstokenmanager/permission_definitions.json index 316fe1f57..72d4486ed 100644 --- a/services/accesstokenmanager/permission_definitions.json +++ b/services/accesstokenmanager/permission_definitions.json @@ -4903,6 +4903,26 @@ "deprecated": "", "provisionEnable": true, "distributedSceneEnable": false + }, + { + "name": "ohos.permission.ACCESS_CAR_DISTRIBUTED_ENGINE", + "grantMode": "system_grant", + "availableLevel": "normal", + "availableType": "NORMAL", + "since": 12, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.ALLOW_CONNECT_CAR", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 12, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false } ] } -- Gitee From f17d83be74cc1425fdff72469fffcbb62df6e430 Mon Sep 17 00:00:00 2001 From: CodeAdo Date: Thu, 1 Aug 2024 15:58:32 +0800 Subject: [PATCH 010/473] add new sevurity Signed-off-by: CodeAdo --- frameworks/common/src/permission_map.cpp | 1 + .../accesstokenmanager/permission_definitions.json | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/frameworks/common/src/permission_map.cpp b/frameworks/common/src/permission_map.cpp index d1a2ccf25..36aa99d6c 100644 --- a/frameworks/common/src/permission_map.cpp +++ b/frameworks/common/src/permission_map.cpp @@ -485,6 +485,7 @@ const static std::vector> g_permMap = { {"ohos.permission.GET_FILE_THUMBNAIL", false}, {"ohos.permission.PUBLISH_DISPLAY_ROTATION_EVENT", false}, {"ohos.permission.PUBLISH_CAST_PLUGGED_EVENT", false}, + {"ohos.permission.NETWORK_DHCP", false}, }; bool TransferPermissionToOpcode(const std::string& permission, uint32_t& opCode) diff --git a/services/accesstokenmanager/permission_definitions.json b/services/accesstokenmanager/permission_definitions.json index 316fe1f57..5abbbaef7 100644 --- a/services/accesstokenmanager/permission_definitions.json +++ b/services/accesstokenmanager/permission_definitions.json @@ -4903,6 +4903,16 @@ "deprecated": "", "provisionEnable": true, "distributedSceneEnable": false + }, + { + "name": "ohos.permission.NETWORK_DHCP", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 12, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false } ] } -- Gitee From 7ed6d9a8cad38f9d02c532d41426fe0e5b2089ec Mon Sep 17 00:00:00 2001 From: wuliushuan Date: Mon, 5 Aug 2024 07:52:26 +0000 Subject: [PATCH 011/473] =?UTF-8?q?=E8=93=9D=E9=BB=84=E5=B7=AE=E5=BC=82?= =?UTF-8?q?=E5=A4=84=E7=90=86-=E4=BB=85=E5=8F=98=E6=9B=B4=E8=93=9D?= =?UTF-8?q?=E5=8C=BA0805?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: wuliushuan Change-Id: Id97aca577cb51420dd130b8a350d806a58eef252 --- interfaces/innerkits/privacy/src/privacy_kit.cpp | 6 +++--- .../test/unittest/permission_manager_test.cpp | 4 ++++ .../test/unittest/window_manager_test.cpp | 12 ------------ services/privacymanager/BUILD.gn | 7 +++++-- .../src/seccomp/privacy_sec_comp_enhance_agent.cpp | 5 ++++- .../test/unittest/permission_record_manager_test.cpp | 6 ++---- 6 files changed, 18 insertions(+), 22 deletions(-) diff --git a/interfaces/innerkits/privacy/src/privacy_kit.cpp b/interfaces/innerkits/privacy/src/privacy_kit.cpp index 54277fb3b..395f33640 100644 --- a/interfaces/innerkits/privacy/src/privacy_kit.cpp +++ b/interfaces/innerkits/privacy/src/privacy_kit.cpp @@ -28,9 +28,9 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { -constexpr const uint64_t MERGE_TIMESTAMP = 200; // 200ms +constexpr const int64_t MERGE_TIMESTAMP = 200; // 200ms std::mutex g_lockCache; -std::map g_recordMap; +std::map g_recordMap; } static std::string GetRecordUniqueStr(const AddPermParamInfo& record) { @@ -40,7 +40,7 @@ static std::string GetRecordUniqueStr(const AddPermParamInfo& record) bool FindAndInsertRecord(const AddPermParamInfo& record) { std::string newRecordStr = GetRecordUniqueStr(record); - uint64_t curTimestamp = TimeUtil::GetCurrentTimestamp(); + int64_t curTimestamp = TimeUtil::GetCurrentTimestamp(); std::lock_guard lock(g_lockCache); auto iter = g_recordMap.find(newRecordStr); if (iter == g_recordMap.end()) { diff --git a/services/accesstokenmanager/test/unittest/permission_manager_test.cpp b/services/accesstokenmanager/test/unittest/permission_manager_test.cpp index 17d8abd86..acbde3825 100644 --- a/services/accesstokenmanager/test/unittest/permission_manager_test.cpp +++ b/services/accesstokenmanager/test/unittest/permission_manager_test.cpp @@ -29,7 +29,9 @@ #undef private #include "accesstoken_callback_stubs.h" #include "callback_death_recipients.h" +#ifdef BGTASKMGR_CONTINUOUS_TASK_ENABLE #include "continuous_task_callback_info.h" +#endif #include "running_form_info.h" using namespace testing::ext; @@ -2253,6 +2255,7 @@ HWTEST_F(PermissionManagerTest, RunningFormInfoParcel001, TestSize.Level1) EXPECT_EQ(info.formLocation_, p->formLocation_); } +#ifdef BGTASKMGR_CONTINUOUS_TASK_ENABLE /* * @tc.name: ContinuousTaskCallbackInfoParcel001 * @tc.desc: ContinuousTaskCallbackInfo::Marshalling | Unmarshalling @@ -2277,6 +2280,7 @@ HWTEST_F(PermissionManagerTest, ContinuousTaskCallbackInfoParcel001, TestSize.Le EXPECT_EQ(info.abilityId_, p->abilityId_); EXPECT_EQ(info.tokenId_, p->tokenId_); } +#endif } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/common/window_manager/test/unittest/window_manager_test.cpp b/services/common/window_manager/test/unittest/window_manager_test.cpp index 2e7b0e3e5..c2574d603 100644 --- a/services/common/window_manager/test/unittest/window_manager_test.cpp +++ b/services/common/window_manager/test/unittest/window_manager_test.cpp @@ -60,18 +60,6 @@ HWTEST_F(WindowManagerTest, OnRemoteDiedHandle001, TestSize.Level1) { EXPECT_EQ(nullptr, PrivacyWindowManagerClient::GetInstance().wmsProxy_); } -/** - * @tc.name: UnregisterWindowManagerAgent001 - * @tc.desc: UnregisterWindowManagerAgent. - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(WindowManagerTest, UnregisterWindowManagerAgent001, TestSize.Level1) { - PrivacyWindowManagerClient::GetInstance().UnregisterWindowManagerAgent( - WindowManagerAgentType::WINDOW_MANAGER_AGENT_TYPE_CAMERA_WINDOW, nullptr); - EXPECT_EQ(nullptr, PrivacyWindowManagerClient::GetInstance().wmsProxy_); -} - } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/privacymanager/BUILD.gn b/services/privacymanager/BUILD.gn index ecfd2e94e..a52d65689 100644 --- a/services/privacymanager/BUILD.gn +++ b/services/privacymanager/BUILD.gn @@ -69,7 +69,6 @@ if (is_standard_system && ability_base_enable == true) { "${access_token_path}/services/common/power_manager/include", "${access_token_path}/services/common/screenlock_manager/include", "${access_token_path}/services/common/utils/include", - "${audio_framework_path}/services/audio_policy/common/include", ] sources = [ @@ -127,13 +126,17 @@ if (is_standard_system && ability_base_enable == true) { "sqlite:sqlite", ] + if (audio_framework_enable) { + include_dirs += + [ "${audio_framework_path}/services/audio_policy/common/include" ] + } + if (ohos_indep_compiler_enable) { external_deps += [ "bounds_checking_function:libsec_shared", "json:nlohmann_json_static", ] } - if (eventhandler_enable == true) { cflags_cc += [ "-DEVENTHANDLER_ENABLE" ] external_deps += [ "eventhandler:libeventhandler" ] diff --git a/services/privacymanager/src/seccomp/privacy_sec_comp_enhance_agent.cpp b/services/privacymanager/src/seccomp/privacy_sec_comp_enhance_agent.cpp index 26c8e9012..7c5ccc12b 100644 --- a/services/privacymanager/src/seccomp/privacy_sec_comp_enhance_agent.cpp +++ b/services/privacymanager/src/seccomp/privacy_sec_comp_enhance_agent.cpp @@ -20,6 +20,7 @@ #include "app_manager_access_client.h" #include "ipc_skeleton.h" #include "privacy_error.h" +#include "securec.h" namespace OHOS { namespace Security { @@ -128,7 +129,9 @@ int32_t PrivacySecCompEnhanceAgent::RegisterSecCompEnhance(const SecCompEnhanceD enhance.challenge = enhanceData.challenge; enhance.sessionId = enhanceData.sessionId; enhance.seqNum = enhanceData.seqNum; - enhance.key = enhanceData.key; + if (memcpy_s(enhance.key, AES_KEY_STORAGE_LEN, enhanceData.key, AES_KEY_STORAGE_LEN) != EOK) { + return PrivacyError::ERR_CALLBACK_ALREADY_EXIST; + } secCompEnhanceData_.emplace_back(enhance); ACCESSTOKEN_LOG_INFO(LABEL, "Register sec comp enhance success, pid %{public}d, total %{public}u.", pid, static_cast(secCompEnhanceData_.size())); diff --git a/services/privacymanager/test/unittest/permission_record_manager_test.cpp b/services/privacymanager/test/unittest/permission_record_manager_test.cpp index 9bdffb5fb..edc5dc3bd 100644 --- a/services/privacymanager/test/unittest/permission_record_manager_test.cpp +++ b/services/privacymanager/test/unittest/permission_record_manager_test.cpp @@ -55,9 +55,7 @@ static AccessTokenID g_nativeToken = 0; static bool g_isMicEdmMute = false; static bool g_isMicMixMute = false; static bool g_isMicMute = false; -constexpr const char* CAMERA_PERMISSION_NAME = "ohos.permission.CAMERA"; constexpr const char* MICROPHONE_PERMISSION_NAME = "ohos.permission.MICROPHONE"; -constexpr const char* LOCATION_PERMISSION_NAME = "ohos.permission.LOCATION"; static constexpr uint32_t MAX_CALLBACK_SIZE = 1024; static constexpr int32_t RANDOM_TOKENID = 123; static constexpr int32_t FIRST_INDEX = 0; @@ -449,11 +447,11 @@ HWTEST_F(PermissionRecordManagerTest, ShowGlobalDialog001, TestSize.Level1) { EXPECT_EQ(0, SetSelfTokenID(g_nativeToken)); - ASSERT_EQ(true, PermissionRecordManager::GetInstance().ShowGlobalDialog(CAMERA_PERMISSION_NAME)); + ASSERT_EQ(true, PermissionRecordManager::GetInstance().ShowGlobalDialog("ohos.permission.CAMERA")); sleep(3); // wait for dialog disappear ASSERT_EQ(true, PermissionRecordManager::GetInstance().ShowGlobalDialog(MICROPHONE_PERMISSION_NAME)); sleep(3); // wait for dialog disappear - ASSERT_EQ(true, PermissionRecordManager::GetInstance().ShowGlobalDialog(LOCATION_PERMISSION_NAME)); // no dialog + ASSERT_EQ(true, PermissionRecordManager::GetInstance().ShowGlobalDialog("ohos.permission.LOCATION")); // no dialog } #endif -- Gitee From b5dbed968838853d15a8feebd260625380f1349b Mon Sep 17 00:00:00 2001 From: zhouyan Date: Tue, 6 Aug 2024 10:38:16 +0800 Subject: [PATCH 012/473] =?UTF-8?q?=E6=9D=83=E9=99=90=E7=8A=B6=E6=80=81?= =?UTF-8?q?=E5=8F=98=E6=9B=B4=E7=9B=91=E5=90=AC=E5=9B=9E=E8=B0=83=E6=94=B9?= =?UTF-8?q?=E5=9B=9E=E5=BC=82=E6=AD=A5=E9=80=9A=E7=9F=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: zhouyan Change-Id: If9d81db904727b7f79c2c989dfa6a0866904268d --- .../cpp/src/callback/accesstoken_callback_proxys.cpp | 2 +- .../main/cpp/src/callback/callback_manager.cpp | 12 +----------- 2 files changed, 2 insertions(+), 12 deletions(-) diff --git a/services/accesstokenmanager/main/cpp/src/callback/accesstoken_callback_proxys.cpp b/services/accesstokenmanager/main/cpp/src/callback/accesstoken_callback_proxys.cpp index 759789ca6..860ddac4f 100644 --- a/services/accesstokenmanager/main/cpp/src/callback/accesstoken_callback_proxys.cpp +++ b/services/accesstokenmanager/main/cpp/src/callback/accesstoken_callback_proxys.cpp @@ -54,7 +54,7 @@ void PermissionStateChangeCallbackProxy::PermStateChangeCallback(PermStateChange } MessageParcel reply; - MessageOption option(MessageOption::TF_SYNC); + MessageOption option(MessageOption::TF_ASYNC); sptr remote = Remote(); if (remote == nullptr) { ACCESSTOKEN_LOG_ERROR(LABEL, "Remote service null."); diff --git a/services/accesstokenmanager/main/cpp/src/callback/callback_manager.cpp b/services/accesstokenmanager/main/cpp/src/callback/callback_manager.cpp index db15a25e7..0b315c218 100644 --- a/services/accesstokenmanager/main/cpp/src/callback/callback_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/callback/callback_manager.cpp @@ -32,7 +32,6 @@ namespace { static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "CallbackManager"}; static const uint32_t MAX_CALLBACK_SIZE = 1024; #ifndef RESOURCESCHEDULE_FFRT_ENABLE -static const time_t MAX_TIMEOUT_SEC = 30; static const int MAX_PTHREAD_NAME_LEN = 15; // pthread name max length #endif std::recursive_mutex g_instanceMutex; @@ -210,20 +209,11 @@ void CallbackManager::ExecuteCallbackAsync(AccessTokenID tokenID, const std::str #ifdef RESOURCESCHEDULE_FFRT_ENABLE std::string taskName = "AtmCallback"; - ffrt::task_handle h = ffrt::submit_h(callbackStart, {}, {}, + ffrt::submit_h(callbackStart, {}, {}, ffrt::task_attr().qos(ffrt::qos_default).name(taskName.c_str())); - ffrt::wait({h}); #else std::packaged_task callbackTask(callbackStart); - std::future fut = callbackTask.get_future(); std::make_unique(std::move(callbackTask))->detach(); - - ACCESSTOKEN_LOG_DEBUG(LABEL, "Waiting for the callback execution complete..."); - std::future_status status = fut.wait_for(std::chrono::seconds(MAX_TIMEOUT_SEC)); - if (status == std::future_status::timeout) { - ACCESSTOKEN_LOG_WARN(LABEL, "CallbackTask callback execution timeout"); - return; - } #endif ACCESSTOKEN_LOG_DEBUG(LABEL, "The callback execution is complete"); } -- Gitee From 20f1d0af44a25acfa472ae1c056e5f34aab8d1d1 Mon Sep 17 00:00:00 2001 From: AXYChen Date: Tue, 6 Aug 2024 19:25:54 +0800 Subject: [PATCH 013/473] changehilog Signed-off-by: AXYChen Change-Id: I7f169591e0786db7885349ddc63b5163d7ca8a3e --- interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp | 3 ++- .../main/cpp/src/database/access_token_db.cpp | 3 ++- .../main/cpp/src/permission/permission_manager.cpp | 9 +++++---- .../main/cpp/src/service/accesstoken_manager_stub.cpp | 4 ++++ .../main/cpp/src/token/accesstoken_info_manager.cpp | 4 ++-- 5 files changed, 15 insertions(+), 8 deletions(-) diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp index f550662cd..8e20d1eb4 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp @@ -70,7 +70,8 @@ permList: %{public}zu, stateList: %{public}zu", int32_t AccessTokenKit::InitHapToken(const HapInfoParams& info, HapPolicyParams& policy, AccessTokenIDEx& fullTokenId) { - ACCESSTOKEN_LOG_INFO(LABEL, "UserID: %{public}d, bundleName :%{public}s, \ + ACCESSTOKEN_LOG_INFO( + LABEL, "UserID: %{public}d, bundleName :%{public}s, \ permList: %{public}zu, stateList: %{public}zu", info.userID, info.bundleName.c_str(), policy.permList.size(), policy.permStateList.size()); if ((!DataValidator::IsUserIdValid(info.userID)) || !DataValidator::IsAppIDDescValid(info.appIDDesc) || diff --git a/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp b/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp index 2071cdebc..6527dcfee 100644 --- a/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp +++ b/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp @@ -133,6 +133,7 @@ int AccessTokenDb::Add(const DataType type, const std::vector& va if (addSize == 0) { return SUCCESS; } + //ACCESSTOKEN_LOG_INFO(LABEL, "Add type=%{public}d, size=%{public}zu.", type, addSize); OHOS::Utils::UniqueWriteGuard lock(this->rwLock_); std::string prepareSql = CreateInsertPrepareSqlCmd(type); auto statement = Prepare(prepareSql); @@ -165,7 +166,7 @@ int AccessTokenDb::Add(const DataType type, const std::vector& va ".", beforeCnt, afterCnt); } CommitTransaction(); - ACCESSTOKEN_LOG_INFO(LABEL, "Commit Add transaction."); + //ACCESSTOKEN_LOG_INFO(LABEL, "Commit Add transaction."); return SUCCESS; } diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index dcf75d01e..db831ec44 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -118,7 +118,7 @@ void PermissionManager::AddDefPermissions(const std::vector& perm { std::vector permFilterList; PermissionValidator::FilterInvalidPermissionDef(permList, permFilterList); - ACCESSTOKEN_LOG_INFO(LABEL, "PermFilterList size: %{public}zu", permFilterList.size()); + //ACCESSTOKEN_LOG_INFO(LABEL, "PermFilterList size: %{public}zu", permFilterList.size()); for (const auto& perm : permFilterList) { if (updateFlag) { PermissionDefinitionCache::GetInstance().Update(perm, tokenId); @@ -1159,8 +1159,8 @@ bool PermissionManager::InitDlpPermissionList(const std::string& bundleName, int bool PermissionManager::InitPermissionList(const std::string& appDistributionType, const HapPolicyParams& policy, std::vector& initializedList) { - ACCESSTOKEN_LOG_INFO(LABEL, "Before, request perm list size: %{public}zu, preAuthorizationInfo size %{public}zu.", - policy.permStateList.size(), policy.preAuthorizationInfo.size()); + //ACCESSTOKEN_LOG_INFO(LABEL, "Before, request perm list size: %{public}zu, preAuthorizationInfo size %{public}zu.", + // policy.permStateList.size(), policy.preAuthorizationInfo.size()); for (auto state : policy.permStateList) { PermissionDef permDef; @@ -1201,7 +1201,8 @@ bool PermissionManager::InitPermissionList(const std::string& appDistributionTyp } initializedList.emplace_back(state); } - ACCESSTOKEN_LOG_INFO(LABEL, "After, request perm list size: %{public}zu.", initializedList.size()); + ACCESSTOKEN_LOG_INFO(LABEL, "Before, request perm list size: %{public}zu; After, request perm list size: %{public}zu.", + policy.permStateList.size(), initializedList.size()); return true; } diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp index 7d8993b77..7b12db9ec 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp @@ -95,6 +95,7 @@ void AccessTokenManagerStub::DeleteTokenInfoInner(MessageParcel& data, MessagePa return; } AccessTokenID tokenID = data.ReadUint32(); + ACCESSTOKEN_LOG_INFO(LABEL, "Recieve request successfully, tokenID=%{public}d", tokenID); int result = this->DeleteToken(tokenID); reply.WriteInt32(result); } @@ -415,12 +416,14 @@ void AccessTokenManagerStub::AllocHapTokenInner(MessageParcel& data, MessageParc reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED); return; } + ACCESSTOKEN_LOG_INFO(LABEL, "Recieve request successfully"); res = this->AllocHapToken(*hapInfoParcel, *hapPolicyParcel); reply.WriteUint64(res.tokenIDEx); } void AccessTokenManagerStub::InitHapTokenInner(MessageParcel& data, MessageParcel& reply) { + AccessTokenID tokenID = IPCSkeleton::GetCallingTokenID(); if (!IsPrivilegedCalling() && (VerifyAccessToken(tokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) { @@ -436,6 +439,7 @@ void AccessTokenManagerStub::InitHapTokenInner(MessageParcel& data, MessageParce reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED); return; } + ACCESSTOKEN_LOG_INFO(LABEL, "Recieve request successfully"); int32_t res; AccessTokenIDEx fullTokenId = { 0 }; res = this->InitHapToken(*hapInfoParcel, *hapPolicyParcel, fullTokenId); diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index 116ca2e50..d9e9e0117 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -345,8 +345,8 @@ int AccessTokenInfoManager::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& { std::shared_ptr infoPtr = GetHapTokenInfoInner(tokenID); if (infoPtr == nullptr) { - ACCESSTOKEN_LOG_ERROR( - LABEL, "Token %{public}u is invalid.", tokenID); + //ACCESSTOKEN_LOG_ERROR( + // LABEL, "Token %{public}u is invalid.", tokenID); return AccessTokenError::ERR_TOKENID_NOT_EXIST; } infoPtr->TranslateToHapTokenInfo(info); -- Gitee From ac3936ef5b0cf841703bc7a5951af40b2a2d1565 Mon Sep 17 00:00:00 2001 From: yinjiaming Date: Wed, 7 Aug 2024 09:34:47 +0800 Subject: [PATCH 014/473] =?UTF-8?q?=E6=8E=A5=E5=8F=A3=E5=90=8D=E7=A7=B0?= =?UTF-8?q?=E5=8F=98=E6=9B=B4=20=E5=B0=86=E6=8E=A5=E5=8F=A3GetUserGrantedP?= =?UTF-8?q?ermissionUsedType=E7=9A=84=E5=90=8D=E7=A7=B0=E6=9B=B4=E6=94=B9?= =?UTF-8?q?=E4=B8=BAGetPermissionUsedType?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: yinjiaming Change-Id: I814c859f9e2c74931c8fbb5edbe18d7dbcf7e2d6 --- .../include/i_accesstoken_manager.h | 2 +- .../accesstoken/include/accesstoken_kit.h | 2 +- .../accesstoken/libaccesstoken_sdk.map | 2 +- .../accesstoken/src/accesstoken_kit.cpp | 4 +-- .../src/accesstoken_manager_client.cpp | 4 +-- .../src/accesstoken_manager_client.h | 2 +- .../src/accesstoken_manager_proxy.cpp | 2 +- .../src/accesstoken_manager_proxy.h | 2 +- .../unittest/src/accesstoken_kit_test.cpp | 32 +++++++++---------- .../include/permission/permission_manager.h | 2 +- .../permission/permission_policy_set.h | 2 +- .../service/accesstoken_manager_service.h | 2 +- .../service/accesstoken_manager_stub.h | 2 +- .../cpp/src/permission/permission_manager.cpp | 4 +-- .../src/permission/permission_policy_set.cpp | 2 +- .../service/accesstoken_manager_service.cpp | 4 +-- .../src/service/accesstoken_manager_stub.cpp | 6 ++-- test/fuzztest/innerkits/accesstoken/BUILD.gn | 2 +- .../BUILD.gn | 4 +-- .../corpus/init | 0 .../getpermissionusedtype_fuzzer.cpp} | 8 ++--- .../getpermissionusedtype_fuzzer.h} | 8 ++--- .../project.xml | 0 test/fuzztest/services/accesstoken/BUILD.gn | 2 +- .../BUILD.gn | 4 +-- .../corpus/init | 0 .../getpermissionusedtypestub_fuzzer.cpp} | 6 ++-- .../getpermissionusedtypestub_fuzzer.h} | 8 ++--- .../project.xml | 0 29 files changed, 59 insertions(+), 59 deletions(-) rename test/fuzztest/innerkits/accesstoken/{getusergrantedpermissionusedtype_fuzzer => getpermissionusedtype_fuzzer}/BUILD.gn (91%) rename test/fuzztest/innerkits/accesstoken/{getusergrantedpermissionusedtype_fuzzer => getpermissionusedtype_fuzzer}/corpus/init (100%) rename test/fuzztest/innerkits/accesstoken/{getusergrantedpermissionusedtype_fuzzer/getusergrantedpermissionusedtype_fuzzer.cpp => getpermissionusedtype_fuzzer/getpermissionusedtype_fuzzer.cpp} (82%) rename test/fuzztest/innerkits/accesstoken/{getusergrantedpermissionusedtype_fuzzer/getusergrantedpermissionusedtype_fuzzer.h => getpermissionusedtype_fuzzer/getpermissionusedtype_fuzzer.h} (69%) rename test/fuzztest/innerkits/accesstoken/{getusergrantedpermissionusedtype_fuzzer => getpermissionusedtype_fuzzer}/project.xml (100%) rename test/fuzztest/services/accesstoken/{getusergrantedpermissionusedtypestub_fuzzer => getpermissionusedtypestub_fuzzer}/BUILD.gn (91%) rename test/fuzztest/services/accesstoken/{getusergrantedpermissionusedtypestub_fuzzer => getpermissionusedtypestub_fuzzer}/corpus/init (100%) rename test/fuzztest/services/accesstoken/{getusergrantedpermissionusedtypestub_fuzzer/getusergrantedpermissionusedtypestub_fuzzer.cpp => getpermissionusedtypestub_fuzzer/getpermissionusedtypestub_fuzzer.cpp} (91%) rename test/fuzztest/services/accesstoken/{getusergrantedpermissionusedtypestub_fuzzer/getusergrantedpermissionusedtypestub_fuzzer.h => getpermissionusedtypestub_fuzzer/getpermissionusedtypestub_fuzzer.h} (68%) rename test/fuzztest/services/accesstoken/{getusergrantedpermissionusedtypestub_fuzzer => getpermissionusedtypestub_fuzzer}/project.xml (100%) diff --git a/frameworks/accesstoken/include/i_accesstoken_manager.h b/frameworks/accesstoken/include/i_accesstoken_manager.h index 3a0c0e7d1..ced9bb96d 100644 --- a/frameworks/accesstoken/include/i_accesstoken_manager.h +++ b/frameworks/accesstoken/include/i_accesstoken_manager.h @@ -47,7 +47,7 @@ public: DECLARE_INTERFACE_DESCRIPTOR(u"ohos.security.accesstoken.IAccessTokenManager"); - virtual PermUsedTypeEnum GetUserGrantedPermissionUsedType( + virtual PermUsedTypeEnum GetPermissionUsedType( AccessTokenID tokenID, const std::string& permissionName) = 0; virtual int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) = 0; virtual int GetDefPermission(const std::string& permissionName, PermissionDefParcel& permissionDefResult) = 0; diff --git a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h index 01c8240f9..84291fb8a 100644 --- a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h +++ b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h @@ -71,7 +71,7 @@ public: * @param permissionName permission to be checked * @return enum PermUsedTypeEnum, see access_token.h */ - static PermUsedTypeEnum GetUserGrantedPermissionUsedType(AccessTokenID tokenID, const std::string& permissionName); + static PermUsedTypeEnum GetPermissionUsedType(AccessTokenID tokenID, const std::string& permissionName); /** * @brief Create a unique hap token by input values. * @param info struct HapInfoParams quote, see hap_token_info.h diff --git a/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map b/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map index 6a40388ac..99c982418 100644 --- a/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map +++ b/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map @@ -65,7 +65,7 @@ "OHOS::Security::AccessToken::AccessTokenKit::VerifyAccessToken(unsigned int, unsigned int, std::__h::basic_string, std::__h::allocator> const&, bool)"; "OHOS::Security::AccessToken::PermStateChangeCallbackCustomize::GetScope(OHOS::Security::AccessToken::PermStateChangeScope&) const"; "OHOS::Security::AccessToken::AccessTokenKit::SetPermDialogCap(OHOS::Security::AccessToken::HapBaseInfo const&, bool)"; - "OHOS::Security::AccessToken::AccessTokenKit::GetUserGrantedPermissionUsedType(unsigned int, std::__h::basic_string, std::__h::allocator> const&)"; + "OHOS::Security::AccessToken::AccessTokenKit::GetPermissionUsedType(unsigned int, std::__h::basic_string, std::__h::allocator> const&)"; "OHOS::Security::AccessToken::AccessTokenKit::RegisterTokenSyncCallback(std::__h::shared_ptr const&)"; "OHOS::Security::AccessToken::AccessTokenKit::UnRegisterTokenSyncCallback()"; "OHOS::Security::AccessToken::AccessTokenKit::GetNativeTokenName(unsigned int, std::__h::basic_string, std::__h::allocator>&)"; diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp index f550662cd..fd2c58cf1 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp @@ -40,7 +40,7 @@ static const int INVALID_DLP_TOKEN_FLAG = -1; static const int FIRSTCALLER_TOKENID_DEFAULT = 0; } // namespace -PermUsedTypeEnum AccessTokenKit::GetUserGrantedPermissionUsedType( +PermUsedTypeEnum AccessTokenKit::GetPermissionUsedType( AccessTokenID tokenID, const std::string& permissionName) { ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d, permissionName=%{public}s.", @@ -49,7 +49,7 @@ PermUsedTypeEnum AccessTokenKit::GetUserGrantedPermissionUsedType( ACCESSTOKEN_LOG_ERROR(LABEL, "Input param failed."); return PermUsedTypeEnum::INVALID_USED_TYPE; } - return AccessTokenManagerClient::GetInstance().GetUserGrantedPermissionUsedType(tokenID, permissionName); + return AccessTokenManagerClient::GetInstance().GetPermissionUsedType(tokenID, permissionName); } AccessTokenIDEx AccessTokenKit::AllocHapToken(const HapInfoParams& info, const HapPolicyParams& policy) diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp index b37fbe187..f83b3594c 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp @@ -64,7 +64,7 @@ AccessTokenManagerClient::~AccessTokenManagerClient() ReleaseProxy(); } -PermUsedTypeEnum AccessTokenManagerClient::GetUserGrantedPermissionUsedType( +PermUsedTypeEnum AccessTokenManagerClient::GetPermissionUsedType( AccessTokenID tokenID, const std::string &permissionName) { auto proxy = GetProxy(); @@ -72,7 +72,7 @@ PermUsedTypeEnum AccessTokenManagerClient::GetUserGrantedPermissionUsedType( ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); return PermUsedTypeEnum::INVALID_USED_TYPE; } - return proxy->GetUserGrantedPermissionUsedType(tokenID, permissionName); + return proxy->GetPermissionUsedType(tokenID, permissionName); } int AccessTokenManagerClient::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h index 7dbb33c4c..99fd9b32e 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h @@ -49,7 +49,7 @@ public: virtual ~AccessTokenManagerClient(); - PermUsedTypeEnum GetUserGrantedPermissionUsedType(AccessTokenID tokenID, const std::string& permissionName); + PermUsedTypeEnum GetPermissionUsedType(AccessTokenID tokenID, const std::string& permissionName); int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName); int GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult); int GetDefPermissions(AccessTokenID tokenID, std::vector& permList); diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp index 274436c40..7dc7f5e5b 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp @@ -58,7 +58,7 @@ bool AccessTokenManagerProxy::SendRequest( return true; } -PermUsedTypeEnum AccessTokenManagerProxy::GetUserGrantedPermissionUsedType( +PermUsedTypeEnum AccessTokenManagerProxy::GetPermissionUsedType( AccessTokenID tokenID, const std::string &permissionName) { MessageParcel data; diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h index fd00b563a..147ef8016 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h @@ -43,7 +43,7 @@ public: explicit AccessTokenManagerProxy(const sptr& impl); ~AccessTokenManagerProxy() override; - PermUsedTypeEnum GetUserGrantedPermissionUsedType( + PermUsedTypeEnum GetPermissionUsedType( AccessTokenID tokenID, const std::string& permissionName) override; int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) override; int GetDefPermission(const std::string& permissionName, PermissionDefParcel& permissionDefResult) override; diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp index 7f4cd3b4a..e8a48f6c7 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp @@ -295,39 +295,39 @@ AccessTokenID AccessTokenKitTest::AllocTestToken( } /** - * @tc.name: GetUserGrantedPermissionUsedType001 + * @tc.name: GetPermissionUsedType001 * @tc.desc: Get hap permission visit type return invalid. * @tc.type: FUNC * @tc.require: */ -HWTEST_F(AccessTokenKitTest, GetUserGrantedPermissionUsedType001, TestSize.Level1) +HWTEST_F(AccessTokenKitTest, GetPermissionUsedType001, TestSize.Level1) { std::string accessBluetooth = "ohos.permission.ACCESS_BLUETOOTH"; EXPECT_EQ(PermUsedTypeEnum::INVALID_USED_TYPE, - AccessTokenKit::GetUserGrantedPermissionUsedType(selfTokenId_, accessBluetooth)); + AccessTokenKit::GetPermissionUsedType(selfTokenId_, accessBluetooth)); AccessTokenID tokenID = AllocTestToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); EXPECT_EQ(PermUsedTypeEnum::INVALID_USED_TYPE, - AccessTokenKit::GetUserGrantedPermissionUsedType(0, accessBluetooth)); + AccessTokenKit::GetPermissionUsedType(0, accessBluetooth)); EXPECT_EQ(PermUsedTypeEnum::INVALID_USED_TYPE, - AccessTokenKit::GetUserGrantedPermissionUsedType(tokenID, "ohos.permission.ACCELEROMETER")); + AccessTokenKit::GetPermissionUsedType(tokenID, "ohos.permission.ACCELEROMETER")); EXPECT_EQ(PermUsedTypeEnum::INVALID_USED_TYPE, - AccessTokenKit::GetUserGrantedPermissionUsedType(tokenID, "ohos.permission.xxxxx")); + AccessTokenKit::GetPermissionUsedType(tokenID, "ohos.permission.xxxxx")); EXPECT_EQ(PermUsedTypeEnum::INVALID_USED_TYPE, - AccessTokenKit::GetUserGrantedPermissionUsedType(tokenID, accessBluetooth)); + AccessTokenKit::GetPermissionUsedType(tokenID, accessBluetooth)); } /** - * @tc.name: GetUserGrantedPermissionUsedType002 + * @tc.name: GetPermissionUsedType002 * @tc.desc: Different grant permission modes get different visit type. * @tc.type: FUNC * @tc.require: */ -HWTEST_F(AccessTokenKitTest, GetUserGrantedPermissionUsedType002, TestSize.Level1) +HWTEST_F(AccessTokenKitTest, GetPermissionUsedType002, TestSize.Level1) { std::string accessBluetooth = "ohos.permission.ACCESS_BLUETOOTH"; std::string sendMessages = "ohos.permission.SEND_MESSAGES"; @@ -361,28 +361,28 @@ HWTEST_F(AccessTokenKitTest, GetUserGrantedPermissionUsedType002, TestSize.Level AccessTokenID tokenID = AllocTestToken(g_infoManagerTestInfoParms, testPolicyPrams); EXPECT_EQ(PermUsedTypeEnum::SEC_COMPONENT_TYPE, - AccessTokenKit::GetUserGrantedPermissionUsedType(tokenID, accessBluetooth)); + AccessTokenKit::GetPermissionUsedType(tokenID, accessBluetooth)); - EXPECT_EQ(PermUsedTypeEnum::NORMAL_TYPE, AccessTokenKit::GetUserGrantedPermissionUsedType(tokenID, sendMessages)); + EXPECT_EQ(PermUsedTypeEnum::NORMAL_TYPE, AccessTokenKit::GetPermissionUsedType(tokenID, sendMessages)); EXPECT_EQ(PermUsedTypeEnum::INVALID_USED_TYPE, - AccessTokenKit::GetUserGrantedPermissionUsedType(tokenID, writeCalendar)); + AccessTokenKit::GetPermissionUsedType(tokenID, writeCalendar)); int32_t selfUid = getuid(); EXPECT_EQ(0, SetSelfTokenID(tokenID)); setuid(1); EXPECT_EQ(PermUsedTypeEnum::INVALID_USED_TYPE, - AccessTokenKit::GetUserGrantedPermissionUsedType(tokenID, writeCalendar)); + AccessTokenKit::GetPermissionUsedType(tokenID, writeCalendar)); setuid(selfUid); ASSERT_EQ(0, SetSelfTokenID(selfTokenId_)); } /** - * @tc.name: GetUserGrantedPermissionUsedType003 + * @tc.name: GetPermissionUsedType003 * @tc.desc: Get security component visit type. * @tc.type: FUNC * @tc.require: */ -HWTEST_F(AccessTokenKitTest, GetUserGrantedPermissionUsedType003, TestSize.Level1) +HWTEST_F(AccessTokenKitTest, GetPermissionUsedType003, TestSize.Level1) { std::string distributedDatasync = "ohos.permission.DISTRIBUTED_DATASYNC"; PermissionStateFull testState1 = { @@ -402,7 +402,7 @@ HWTEST_F(AccessTokenKitTest, GetUserGrantedPermissionUsedType003, TestSize.Level ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GrantPermission(tokenID, distributedDatasync, PERMISSION_COMPONENT_SET)); EXPECT_EQ(PermUsedTypeEnum::SEC_COMPONENT_TYPE, - AccessTokenKit::GetUserGrantedPermissionUsedType(tokenID, distributedDatasync)); + AccessTokenKit::GetPermissionUsedType(tokenID, distributedDatasync)); } /** diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h index 1f83e1959..a90e51e08 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h @@ -62,7 +62,7 @@ public: void RemoveDefPermissions(AccessTokenID tokenID); int VerifyNativeAccessToken(AccessTokenID tokenID, const std::string& permissionName); int VerifyHapAccessToken(AccessTokenID tokenID, const std::string& permissionName); - PermUsedTypeEnum GetUserGrantedPermissionUsedType(AccessTokenID tokenID, const std::string& permissionName); + PermUsedTypeEnum GetPermissionUsedType(AccessTokenID tokenID, const std::string& permissionName); virtual int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName); int GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult); int GetDefPermissions(AccessTokenID tokenID, std::vector& permList); diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h b/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h index 5d2d3b2ce..b041a7027 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h @@ -44,7 +44,7 @@ public: void StorePermissionPolicySet(std::vector& permStateValueList); void Update(const std::vector& permStateList); - PermUsedTypeEnum GetUserGrantedPermissionUsedType(const std::string& permissionName); + PermUsedTypeEnum GetPermissionUsedType(const std::string& permissionName); int VerifyPermissionStatus(const std::string& permissionName); void GetDefPermissions(std::vector& permList); void GetPermissionStateFulls(std::vector& permList); diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h index 7cf7d7519..57f3c3b09 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h @@ -45,7 +45,7 @@ public: void OnRemoveSystemAbility(int32_t systemAbilityId, const std::string& deviceId) override; AccessTokenIDEx AllocHapToken(const HapInfoParcel& info, const HapPolicyParcel& policy) override; - PermUsedTypeEnum GetUserGrantedPermissionUsedType( + PermUsedTypeEnum GetPermissionUsedType( AccessTokenID tokenID, const std::string& permissionName) override; int32_t InitHapToken(const HapInfoParcel& info, HapPolicyParcel& policy, AccessTokenIDEx& fullTokenId) override; diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h index 7804b8a28..74e736e31 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h @@ -34,7 +34,7 @@ public: int OnRemoteRequest(uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& options) override; private: - void GetUserGrantedPermissionUsedTypeInner(MessageParcel& data, MessageParcel& reply); + void GetPermissionUsedTypeInner(MessageParcel& data, MessageParcel& reply); void VerifyAccessTokenInner(MessageParcel& data, MessageParcel& reply); void GetDefPermissionInner(MessageParcel& data, MessageParcel& reply); void GetDefPermissionsInner(MessageParcel& data, MessageParcel& reply); diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index dd3f9c106..0e5a93ad6 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -197,7 +197,7 @@ int PermissionManager::VerifyNativeAccessToken(AccessTokenID tokenID, const std: return permPolicySet->VerifyPermissionStatus(permissionName); } -PermUsedTypeEnum PermissionManager::GetUserGrantedPermissionUsedType( +PermUsedTypeEnum PermissionManager::GetPermissionUsedType( AccessTokenID tokenID, const std::string& permissionName) { if ((tokenID == INVALID_TOKENID) || @@ -220,7 +220,7 @@ PermUsedTypeEnum PermissionManager::GetUserGrantedPermissionUsedType( return PermUsedTypeEnum::INVALID_USED_TYPE; } - return permPolicySet->GetUserGrantedPermissionUsedType(permissionName); + return permPolicySet->GetPermissionUsedType(permissionName); } int PermissionManager::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp index e9f57bd7e..6a86b504e 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp @@ -200,7 +200,7 @@ uint32_t PermissionPolicySet::GetFlagWithoutSpecifiedElement(uint32_t fullFlag, return unmaskedFlag; } -PermUsedTypeEnum PermissionPolicySet::GetUserGrantedPermissionUsedType(const std::string& permissionName) +PermUsedTypeEnum PermissionPolicySet::GetPermissionUsedType(const std::string& permissionName) { Utils::UniqueReadGuard infoGuard(this->permPolicySetLock_); auto iter = std::find_if(permStateList_.begin(), permStateList_.end(), diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index 2c2e7354c..d4d5acfaa 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -120,11 +120,11 @@ void AccessTokenManagerService::OnRemoveSystemAbility(int32_t systemAbilityId, c } } -PermUsedTypeEnum AccessTokenManagerService::GetUserGrantedPermissionUsedType( +PermUsedTypeEnum AccessTokenManagerService::GetPermissionUsedType( AccessTokenID tokenID, const std::string& permissionName) { ACCESSTOKEN_LOG_INFO(LABEL, "TokenID=%{public}d, permission=%{public}s", tokenID, permissionName.c_str()); - return PermissionManager::GetInstance().GetUserGrantedPermissionUsedType(tokenID, permissionName); + return PermissionManager::GetInstance().GetPermissionUsedType(tokenID, permissionName); } int AccessTokenManagerService::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp index c2ff855ce..cd7ad9146 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp @@ -101,7 +101,7 @@ void AccessTokenManagerStub::DeleteTokenInfoInner(MessageParcel& data, MessagePa reply.WriteInt32(result); } -void AccessTokenManagerStub::GetUserGrantedPermissionUsedTypeInner(MessageParcel& data, MessageParcel& reply) +void AccessTokenManagerStub::GetPermissionUsedTypeInner(MessageParcel& data, MessageParcel& reply) { if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); @@ -120,7 +120,7 @@ void AccessTokenManagerStub::GetUserGrantedPermissionUsedTypeInner(MessageParcel reply.WriteInt32(static_cast(PermUsedTypeEnum::INVALID_USED_TYPE)); return; } - PermUsedTypeEnum result = this->GetUserGrantedPermissionUsedType(tokenID, permissionName); + PermUsedTypeEnum result = this->GetPermissionUsedType(tokenID, permissionName); int32_t type = static_cast(result); if (!reply.WriteInt32(type)) { ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInt32 fail."); @@ -1016,7 +1016,7 @@ void AccessTokenManagerStub::SetLocalTokenOpFuncInMap() void AccessTokenManagerStub::SetPermissionOpFuncInMap() { requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_USER_GRANTED_PERMISSION_USED_TYPE)] = - &AccessTokenManagerStub::GetUserGrantedPermissionUsedTypeInner; + &AccessTokenManagerStub::GetPermissionUsedTypeInner; requestFuncMap_[static_cast(AccessTokenInterfaceCode::VERIFY_ACCESSTOKEN)] = &AccessTokenManagerStub::VerifyAccessTokenInner; requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_DEF_PERMISSION)] = diff --git a/test/fuzztest/innerkits/accesstoken/BUILD.gn b/test/fuzztest/innerkits/accesstoken/BUILD.gn index 4b9ab856c..ed4bcd48e 100644 --- a/test/fuzztest/innerkits/accesstoken/BUILD.gn +++ b/test/fuzztest/innerkits/accesstoken/BUILD.gn @@ -39,13 +39,13 @@ group("fuzztest") { "getpermissionflags_fuzzer:GetPermissionFlagsFuzzTest", "getpermissionrequesttogglestatus_fuzzer:GetPermissionRequestToggleStatusFuzzTest", "getpermissionsstatus_fuzzer:GetPermissionsStatusFuzzTest", + "getpermissionusedtype_fuzzer:GetPermissionUsedTypeFuzzTest", "getremotenativetokenid_fuzzer:GetRemoteNativeTokenIDFuzzTest", "getrendertokenid_fuzzer:GetRenderTokenIdFuzzTest", "getreqpermissions_fuzzer:GetReqPermissionsFuzzTest", "getselfpermissionsstate_fuzzer:GetSelfPermissionsStateFuzzTest", "gettokentype_fuzzer:GetTokenTypeFuzzTest", "gettokentypeflag_fuzzer:GetTokenTypeFlagFuzzTest", - "getusergrantedpermissionusedtype_fuzzer:GetUserGrantedPermissionUsedTypeFuzzTest", "grantpermission_fuzzer:GrantPermissionFuzzTest", "inithaptoken_fuzzer:InitHapTokenFuzzTest", "registerpermstatechangecallback_fuzzer:RegisterPermStateChangeCallbackFuzzTest", diff --git a/test/fuzztest/innerkits/accesstoken/getusergrantedpermissionusedtype_fuzzer/BUILD.gn b/test/fuzztest/innerkits/accesstoken/getpermissionusedtype_fuzzer/BUILD.gn similarity index 91% rename from test/fuzztest/innerkits/accesstoken/getusergrantedpermissionusedtype_fuzzer/BUILD.gn rename to test/fuzztest/innerkits/accesstoken/getpermissionusedtype_fuzzer/BUILD.gn index 15bb572f6..df46aa9d8 100644 --- a/test/fuzztest/innerkits/accesstoken/getusergrantedpermissionusedtype_fuzzer/BUILD.gn +++ b/test/fuzztest/innerkits/accesstoken/getpermissionusedtype_fuzzer/BUILD.gn @@ -15,7 +15,7 @@ import("//build/config/features.gni") import("//build/test.gni") import("../../../../../access_token.gni") -ohos_fuzztest("GetUserGrantedPermissionUsedTypeFuzzTest") { +ohos_fuzztest("GetPermissionUsedTypeFuzzTest") { module_out_path = module_output_path_interface_access_token fuzz_config_file = "." @@ -29,7 +29,7 @@ ohos_fuzztest("GetUserGrantedPermissionUsedTypeFuzzTest") { "-Wno-unused-variable", "-fno-omit-frame-pointer", ] - sources = [ "getusergrantedpermissionusedtype_fuzzer.cpp" ] + sources = [ "getpermissionusedtype_fuzzer.cpp" ] deps = [ "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", diff --git a/test/fuzztest/innerkits/accesstoken/getusergrantedpermissionusedtype_fuzzer/corpus/init b/test/fuzztest/innerkits/accesstoken/getpermissionusedtype_fuzzer/corpus/init similarity index 100% rename from test/fuzztest/innerkits/accesstoken/getusergrantedpermissionusedtype_fuzzer/corpus/init rename to test/fuzztest/innerkits/accesstoken/getpermissionusedtype_fuzzer/corpus/init diff --git a/test/fuzztest/innerkits/accesstoken/getusergrantedpermissionusedtype_fuzzer/getusergrantedpermissionusedtype_fuzzer.cpp b/test/fuzztest/innerkits/accesstoken/getpermissionusedtype_fuzzer/getpermissionusedtype_fuzzer.cpp similarity index 82% rename from test/fuzztest/innerkits/accesstoken/getusergrantedpermissionusedtype_fuzzer/getusergrantedpermissionusedtype_fuzzer.cpp rename to test/fuzztest/innerkits/accesstoken/getpermissionusedtype_fuzzer/getpermissionusedtype_fuzzer.cpp index 1d022a939..cd7af6902 100644 --- a/test/fuzztest/innerkits/accesstoken/getusergrantedpermissionusedtype_fuzzer/getusergrantedpermissionusedtype_fuzzer.cpp +++ b/test/fuzztest/innerkits/accesstoken/getpermissionusedtype_fuzzer/getpermissionusedtype_fuzzer.cpp @@ -13,7 +13,7 @@ * limitations under the License. */ -#include "getusergrantedpermissionusedtype_fuzzer.h" +#include "getpermissionusedtype_fuzzer.h" #include #include @@ -27,13 +27,13 @@ using namespace std; using namespace OHOS::Security::AccessToken; namespace OHOS { -bool GetUserGrantedPermissionUsedTypeFuzzTest(const uint8_t* data, size_t size) +bool GetPermissionUsedTypeFuzzTest(const uint8_t* data, size_t size) { if ((data == nullptr) || (size == 0)) { return false; } AccessTokenFuzzData fuzzData(data, size); - PermUsedTypeEnum type = AccessTokenKit::GetUserGrantedPermissionUsedType( + PermUsedTypeEnum type = AccessTokenKit::GetPermissionUsedType( fuzzData.GetData(), fuzzData.GenerateRandomString()); return type != PermUsedTypeEnum::PERM_USED_TYPE_BUTT; @@ -44,6 +44,6 @@ bool GetUserGrantedPermissionUsedTypeFuzzTest(const uint8_t* data, size_t size) extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { /* Run your code on data */ - OHOS::GetUserGrantedPermissionUsedTypeFuzzTest(data, size); + OHOS::GetPermissionUsedTypeFuzzTest(data, size); return 0; } diff --git a/test/fuzztest/innerkits/accesstoken/getusergrantedpermissionusedtype_fuzzer/getusergrantedpermissionusedtype_fuzzer.h b/test/fuzztest/innerkits/accesstoken/getpermissionusedtype_fuzzer/getpermissionusedtype_fuzzer.h similarity index 69% rename from test/fuzztest/innerkits/accesstoken/getusergrantedpermissionusedtype_fuzzer/getusergrantedpermissionusedtype_fuzzer.h rename to test/fuzztest/innerkits/accesstoken/getpermissionusedtype_fuzzer/getpermissionusedtype_fuzzer.h index e41aadc9c..367274a05 100644 --- a/test/fuzztest/innerkits/accesstoken/getusergrantedpermissionusedtype_fuzzer/getusergrantedpermissionusedtype_fuzzer.h +++ b/test/fuzztest/innerkits/accesstoken/getpermissionusedtype_fuzzer/getpermissionusedtype_fuzzer.h @@ -13,9 +13,9 @@ * limitations under the License. */ -#ifndef TEST_FUZZTEST_GETUSERGRANTEDPERMISSIONUSEDTYPE_FUZZER_H -#define TEST_FUZZTEST_GETUSERGRANTEDPERMISSIONUSEDTYPE_FUZZER_H +#ifndef TEST_FUZZTEST_GETPERMISSIONUSEDTYPE_FUZZER_H +#define TEST_FUZZTEST_GETPERMISSIONUSEDTYPE_FUZZER_H -#define FUZZ_PROJECT_NAME "getusergrantedpermissionusedtype_fuzzer" +#define FUZZ_PROJECT_NAME "getpermissionusedtype_fuzzer" -#endif // TEST_FUZZTEST_GETUSERGRANTEDPERMISSIONUSEDTYPE_FUZZER_H +#endif // TEST_FUZZTEST_GETPERMISSIONUSEDTYPE_FUZZER_H diff --git a/test/fuzztest/innerkits/accesstoken/getusergrantedpermissionusedtype_fuzzer/project.xml b/test/fuzztest/innerkits/accesstoken/getpermissionusedtype_fuzzer/project.xml similarity index 100% rename from test/fuzztest/innerkits/accesstoken/getusergrantedpermissionusedtype_fuzzer/project.xml rename to test/fuzztest/innerkits/accesstoken/getpermissionusedtype_fuzzer/project.xml diff --git a/test/fuzztest/services/accesstoken/BUILD.gn b/test/fuzztest/services/accesstoken/BUILD.gn index 02738c39e..94ef9b152 100644 --- a/test/fuzztest/services/accesstoken/BUILD.gn +++ b/test/fuzztest/services/accesstoken/BUILD.gn @@ -36,11 +36,11 @@ group("fuzztest") { "getpermissionflagstub_fuzzer:GetPermissionFlagStubFuzzTest", "getpermissionrequesttogglestatusstub_fuzzer:GetPermissionRequestToggleStatusStubFuzzTest", "getpermissionsstatusstub_fuzzer:GetPermissionsStatusStubFuzzTest", + "getpermissionusedtypestub_fuzzer:GetPermissionUsedTypeStubFuzzTest", "getremotenativetokenidstub_fuzzer:GetRemoteNativeTokenIDStubFuzzTest", "getreqpermissionsstub_fuzzer:GetReqPermissionsStubFuzzTest", "getselfpermissionsstatestub_fuzzer:GetSelfPermissionsStateStubFuzzTest", "gettokentypestub_fuzzer:GetTokenTypeStubFuzzTest", - "getusergrantedpermissionusedtypestub_fuzzer:GetUserGrantedPermissionUsedTypeStubFuzzTest", "grantpermissionstub_fuzzer:GrantPermissionStubFuzzTest", "registerpermstatechangecallbackstub_fuzzer:RegisterPermStateChangeCallbackStubFuzzTest", "reloadnativetokeninfostub_fuzzer:ReloadNativeTokenInfoStubFuzzTest", diff --git a/test/fuzztest/services/accesstoken/getusergrantedpermissionusedtypestub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/BUILD.gn similarity index 91% rename from test/fuzztest/services/accesstoken/getusergrantedpermissionusedtypestub_fuzzer/BUILD.gn rename to test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/BUILD.gn index 8f82e26a6..81e50ab0a 100644 --- a/test/fuzztest/services/accesstoken/getusergrantedpermissionusedtypestub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/BUILD.gn @@ -16,11 +16,11 @@ import("//build/test.gni") import("../../../../../access_token.gni") import("../access_token_service_fuzz.gni") -ohos_fuzztest("GetUserGrantedPermissionUsedTypeStubFuzzTest") { +ohos_fuzztest("GetPermissionUsedTypeStubFuzzTest") { module_out_path = module_output_path_service_access_token fuzz_config_file = "." - sources = [ "getusergrantedpermissionusedtypestub_fuzzer.cpp" ] + sources = [ "getpermissionusedtypestub_fuzzer.cpp" ] cflags = [ "-g", diff --git a/test/fuzztest/services/accesstoken/getusergrantedpermissionusedtypestub_fuzzer/corpus/init b/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/corpus/init similarity index 100% rename from test/fuzztest/services/accesstoken/getusergrantedpermissionusedtypestub_fuzzer/corpus/init rename to test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/corpus/init diff --git a/test/fuzztest/services/accesstoken/getusergrantedpermissionusedtypestub_fuzzer/getusergrantedpermissionusedtypestub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/getpermissionusedtypestub_fuzzer.cpp similarity index 91% rename from test/fuzztest/services/accesstoken/getusergrantedpermissionusedtypestub_fuzzer/getusergrantedpermissionusedtypestub_fuzzer.cpp rename to test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/getpermissionusedtypestub_fuzzer.cpp index 262600fba..06d696d70 100644 --- a/test/fuzztest/services/accesstoken/getusergrantedpermissionusedtypestub_fuzzer/getusergrantedpermissionusedtypestub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/getpermissionusedtypestub_fuzzer.cpp @@ -13,7 +13,7 @@ * limitations under the License. */ -#include "getusergrantedpermissionusedtypestub_fuzzer.h" +#include "getpermissionusedtypestub_fuzzer.h" #include #include #include @@ -32,7 +32,7 @@ const int CONSTANTS_NUMBER_TWO = 2; static const int32_t ROOT_UID = 0; namespace OHOS { -bool GetUserGrantedPermissionUsedTypeStubFuzzTest(const uint8_t* data, size_t size) +bool GetPermissionUsedTypeStubFuzzTest(const uint8_t* data, size_t size) { if ((data == nullptr) || (size == 0)) { return false; @@ -71,6 +71,6 @@ bool GetUserGrantedPermissionUsedTypeStubFuzzTest(const uint8_t* data, size_t si extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { /* Run your code on data */ - OHOS::GetUserGrantedPermissionUsedTypeStubFuzzTest(data, size); + OHOS::GetPermissionUsedTypeStubFuzzTest(data, size); return 0; } diff --git a/test/fuzztest/services/accesstoken/getusergrantedpermissionusedtypestub_fuzzer/getusergrantedpermissionusedtypestub_fuzzer.h b/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/getpermissionusedtypestub_fuzzer.h similarity index 68% rename from test/fuzztest/services/accesstoken/getusergrantedpermissionusedtypestub_fuzzer/getusergrantedpermissionusedtypestub_fuzzer.h rename to test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/getpermissionusedtypestub_fuzzer.h index 45c3f3ae6..a1cc53b3d 100644 --- a/test/fuzztest/services/accesstoken/getusergrantedpermissionusedtypestub_fuzzer/getusergrantedpermissionusedtypestub_fuzzer.h +++ b/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/getpermissionusedtypestub_fuzzer.h @@ -13,9 +13,9 @@ * limitations under the License. */ -#ifndef TEST_FUZZTEST_GETUSERGRANTEDPERMISSIONUSEDTYPESTUB_FUZZER_H -#define TEST_FUZZTEST_GETUSERGRANTEDPERMISSIONUSEDTYPESTUB_FUZZER_H +#ifndef TEST_FUZZTEST_GETPERMISSIONUSEDTYPESTUB_FUZZER_H +#define TEST_FUZZTEST_GETPERMISSIONUSEDTYPESTUB_FUZZER_H -#define FUZZ_PROJECT_NAME "getusergrantedpermissionusedtypestub_fuzzer" +#define FUZZ_PROJECT_NAME "getpermissionusedtypestub_fuzzer" -#endif // TEST_FUZZTEST_GETUSERGRANTEDPERMISSIONUSEDTYPESTUB_FUZZER_H +#endif // TEST_FUZZTEST_GETPERMISSIONUSEDTYPESTUB_FUZZER_H diff --git a/test/fuzztest/services/accesstoken/getusergrantedpermissionusedtypestub_fuzzer/project.xml b/test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/project.xml similarity index 100% rename from test/fuzztest/services/accesstoken/getusergrantedpermissionusedtypestub_fuzzer/project.xml rename to test/fuzztest/services/accesstoken/getpermissionusedtypestub_fuzzer/project.xml -- Gitee From aa1077209991ccdd7dd88d31c965ba2908d239b0 Mon Sep 17 00:00:00 2001 From: AXYChen Date: Thu, 8 Aug 2024 10:43:08 +0800 Subject: [PATCH 015/473] =?UTF-8?q?=E4=BF=AE=E6=94=B9appstatedata=20AppInd?= =?UTF-8?q?ex?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: AXYChen Change-Id: I7616f5bc9a90e7e0c094150d0a0ff0e50da89e60 --- services/common/app_manager/include/app_state_data.h | 2 ++ services/common/app_manager/src/app_state_data.cpp | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/services/common/app_manager/include/app_state_data.h b/services/common/app_manager/include/app_state_data.h index a18e09f34..3530c4fb4 100644 --- a/services/common/app_manager/include/app_state_data.h +++ b/services/common/app_manager/include/app_state_data.h @@ -49,6 +49,8 @@ struct AppStateData : public Parcelable { std::string callerBundleName; bool isSplitScreenMode = false; bool isFloatingWindowMode = false; + bool isSpecifyTokenId = false; + int32_t appIndex = 0; }; } // namespace AccessToken } // namespace Security diff --git a/services/common/app_manager/src/app_state_data.cpp b/services/common/app_manager/src/app_state_data.cpp index 89ef9c611..f80bac585 100644 --- a/services/common/app_manager/src/app_state_data.cpp +++ b/services/common/app_manager/src/app_state_data.cpp @@ -24,7 +24,7 @@ bool AppStateData::Marshalling(Parcel &parcel) const && parcel.WriteInt32(pid) && parcel.WriteUint32(accessTokenId) && parcel.WriteBool(isFocused) && parcel.WriteInt32(extensionType) && parcel.WriteInt32Vector(renderPids) && parcel.WriteString(callerBundleName) && parcel.WriteBool(isSplitScreenMode) - && parcel.WriteBool(isFloatingWindowMode)); + && parcel.WriteBool(isFloatingWindowMode) && parcel.WriteInt32(appIndex)); } AppStateData *AppStateData::Unmarshalling(Parcel &parcel) @@ -44,6 +44,7 @@ AppStateData *AppStateData::Unmarshalling(Parcel &parcel) appStateData->callerBundleName = parcel.ReadString(); appStateData->isSplitScreenMode = parcel.ReadBool(); appStateData->isFloatingWindowMode = parcel.ReadBool(); + appStateData->appIndex = parcel.ReadInt32(); return appStateData; } } // namespace AccessToken -- Gitee From 4393b7603da204e6fa9c24483f89c803e750df75 Mon Sep 17 00:00:00 2001 From: lsq Date: Thu, 8 Aug 2024 21:05:54 +0800 Subject: [PATCH 016/473] =?UTF-8?q?=E6=8F=90=E4=BE=9B=E4=BC=81=E4=B8=9A?= =?UTF-8?q?=E7=A9=BA=E9=97=B4=E5=8D=95=E6=B4=BB=E7=9A=84=E6=8E=A5=E5=8F=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: lsq Change-Id: I7e82b4eb55dfbd0a8144250859676305bfab2990 --- .../accesstoken/include/access_token.h | 10 +++++++++ .../accesstoken/include/access_token_error.h | 2 ++ .../accesstoken/include/accesstoken_kit.h | 21 +++++++++++++++++++ .../accesstoken/libaccesstoken_sdk.map | 3 +++ .../accesstoken/src/accesstoken_kit.cpp | 19 +++++++++++++++++ .../unittest/src/accesstoken_kit_test.cpp | 20 ++++++++++++++++++ .../service/accesstoken_manager_service.cpp | 10 +++++++-- 7 files changed, 83 insertions(+), 2 deletions(-) diff --git a/interfaces/innerkits/accesstoken/include/access_token.h b/interfaces/innerkits/accesstoken/include/access_token.h index 578b02637..6e90165b0 100644 --- a/interfaces/innerkits/accesstoken/include/access_token.h +++ b/interfaces/innerkits/accesstoken/include/access_token.h @@ -240,6 +240,16 @@ typedef enum DlpType { BUTT_DLP_TYPE, } HapDlpType; +/** + * @brief User permission policy status. + */ +typedef struct { + /** user id */ + int32_t userId; + /** active status */ + bool isActive; +} UserState; + /** * @brief Dlp permission type */ diff --git a/interfaces/innerkits/accesstoken/include/access_token_error.h b/interfaces/innerkits/accesstoken/include/access_token_error.h index 80eabbf92..2aad05255 100644 --- a/interfaces/innerkits/accesstoken/include/access_token_error.h +++ b/interfaces/innerkits/accesstoken/include/access_token_error.h @@ -74,6 +74,8 @@ enum AccessTokenError { ERR_SIZE_NOT_EQUAL, ERR_PERM_REQUEST_CFG_FAILED, ERR_LOAD_SO_FAILED, + ERR_USER_POLICY_INITIALIZED, + ERR_USER_POLICY_NOT_INITIALIZED, }; } // namespace AccessToken } // namespace Security diff --git a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h index 01c8240f9..48bd6916f 100644 --- a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h +++ b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h @@ -423,6 +423,27 @@ public: * @return error code, see access_token_error.h */ static int32_t GetNativeTokenName(AccessTokenID tokenId, std::string& name); + + /** + * @brief Set user permission policy + * @param userList list of user id. + * @param permList list of permission + * @return error code, see access_token_error.h + */ + static int32_t InitUserPolicy(const std::vector& userList, const std::vector& permList); + + /** + * @brief Update user permission policy + * @param userList list of user id. + * @return error code, see access_token_error.h + */ + static int32_t UpdateUserPolicy(const std::vector& userList); + + /** + * @brief Clear user permission policy + * @return error code, see access_token_error.h + */ + static int32_t ClearUserPolicy(); }; } // namespace AccessToken } // namespace Security diff --git a/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map b/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map index 6a40388ac..af471f286 100644 --- a/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map +++ b/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map @@ -53,6 +53,9 @@ "OHOS::Security::AccessToken::AccessTokenKit::GetTokenType(unsigned int)"; "OHOS::Security::AccessToken::AccessTokenKit::GetHapDlpFlag(unsigned int)"; "OHOS::Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(unsigned int)"; + "OHOS::Security::AccessToken::AccessTokenKit::InitUserPolicy(std::__h::vector> const&, std::__h::vector, std::__h::allocator>, std::__h::allocator, std::__h::allocator>>> const&)"; + "OHOS::Security::AccessToken::AccessTokenKit::UpdateUserPolicy(std::__h::vector> const&)"; + "OHOS::Security::AccessToken::AccessTokenKit::ClearUserPolicy()"; "OHOS::Security::AccessToken::AccessTokenKit::GetSelfPermissionsState(std::__h::vector>&, OHOS::Security::AccessToken::PermissionGrantInfo&)"; "OHOS::Security::AccessToken::AccessTokenKit::GetPermissionsStatus(unsigned int, std::__h::vector>&)"; "OHOS::Security::AccessToken::AccessTokenKit::GetVersion(unsigned int&)"; diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp index f550662cd..d8a8ff827 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp @@ -603,6 +603,25 @@ int32_t AccessTokenKit::GetNativeTokenName(AccessTokenID tokenId, std::string& n return AccessTokenManagerClient::GetInstance().GetNativeTokenName(tokenId, name); } + +int32_t AccessTokenKit::InitUserPolicy( + const std::vector& userList, const std::vector& permList) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "Enter."); + return 0; +} + +int32_t AccessTokenKit::UpdateUserPolicy(const std::vector& userList) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "Enter."); + return 0; +} + +int32_t AccessTokenKit::ClearUserPolicy() +{ + ACCESSTOKEN_LOG_INFO(LABEL, "Enter."); + return 0; +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp index 7f4cd3b4a..47271ce0d 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp @@ -3322,6 +3322,26 @@ HWTEST_F(AccessTokenKitTest, GetNativeTokenName002, TestSize.Level1) ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::GetNativeTokenName(tokenId, name)); setuid(selfUid); } + +/** + * @tc.name: UserPolicyTest + * @tc.desc: UserPolicyTest. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenKitTest, UserPolicyTest, TestSize.Level1) +{ + UserState user = {.userId = 100, .isActive = true}; // 100 is userId + const std::vector userList = { user }; + const std::vector permList = { "ohos.permission.INTERNET" }; + int32_t ret = AccessTokenKit::InitUserPolicy(userList, permList); + EXPECT_EQ(ret, 0); + ret = AccessTokenKit::UpdateUserPolicy(userList); + EXPECT_EQ(ret, 0); + ret = AccessTokenKit::ClearUserPolicy(); + EXPECT_EQ(ret, 0); +} + } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index 2c2e7354c..ca4c20d8c 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -638,9 +638,15 @@ void AccessTokenManagerService::AccessTokenServiceParamSet() const { int32_t res = SetParameter(ACCESS_TOKEN_SERVICE_INIT_KEY, std::to_string(1).c_str()); if (res != 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "SetParameter ACCESS_TOKEN_SERVICE_INIT_KEY failed %{public}d", res); + ACCESSTOKEN_LOG_ERROR(LABEL, "SetParameter ACCESS_TOKEN_SERVICE_INIT_KEY 1 failed %{public}d", res); + return; + } + // 2 is to tell others sa that at service is loaded. + res = SetParameter(ACCESS_TOKEN_SERVICE_INIT_KEY, std::to_string(2).c_str()); + if (res != 0) { + ACCESSTOKEN_LOG_ERROR(LABEL, "SetParameter ACCESS_TOKEN_SERVICE_INIT_KEY 2 failed %{public}d", res); + return; } - ACCESSTOKEN_LOG_INFO(LABEL, "SetParameter ACCESS_TOKEN_SERVICE_INIT_KEY success"); } void AccessTokenManagerService::GetConfigValue() -- Gitee From a17c907d0bc172508503447841d422d7b7a733f6 Mon Sep 17 00:00:00 2001 From: chennian Date: Thu, 8 Aug 2024 23:00:16 +0800 Subject: [PATCH 017/473] =?UTF-8?q?=E7=94=B5=E6=BA=90=E7=AE=A1=E7=90=86?= =?UTF-8?q?=E6=94=B9=E6=88=90=E5=B8=B8=E9=A9=BB=E4=BE=9D=E8=B5=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: chennian Change-Id: Ic7d3263d211708cf50ccf159a27b21233abb7a25 --- services/common/power_manager/BUILD.gn | 17 ++- .../include/power_manager_client.h | 55 ++++++++ .../include/power_manager_proxy.h | 48 +++++++ .../src/power_manager_client.cpp | 121 ++++++++++++++++++ .../src/power_manager_loader.cpp | 9 +- .../power_manager/src/power_manager_proxy.cpp | 49 +++++++ 6 files changed, 288 insertions(+), 11 deletions(-) create mode 100644 services/common/power_manager/include/power_manager_client.h create mode 100644 services/common/power_manager/include/power_manager_proxy.h create mode 100644 services/common/power_manager/src/power_manager_client.cpp create mode 100644 services/common/power_manager/src/power_manager_proxy.cpp diff --git a/services/common/power_manager/BUILD.gn b/services/common/power_manager/BUILD.gn index db6ad6798..b5135103d 100644 --- a/services/common/power_manager/BUILD.gn +++ b/services/common/power_manager/BUILD.gn @@ -30,11 +30,18 @@ ohos_shared_library("accesstoken_power_manager") { } branch_protector_ret = "pac_ret" - include_dirs = [ "include" ] + include_dirs = [ + "include", + "${access_token_path}/frameworks/common/include", + ] - sources = [ "src/power_manager_loader.cpp" ] + sources = [ + "src/power_manager_client.cpp", + "src/power_manager_loader.cpp", + "src/power_manager_proxy.cpp", + ] - cflags_cc = [] + cflags_cc = [ "-DHILOG_ENABLE" ] configs = [ "${access_token_path}/config:access_token_compile_flags", "${access_token_path}/config:coverage_flags", @@ -43,8 +50,10 @@ ohos_shared_library("accesstoken_power_manager") { external_deps = [ "c_utils:utils", + "hilog:libhilog", "ipc:ipc_core", - "power_manager:powermgr_client", + "safwk:system_ability_fwk", + "samgr:samgr_proxy", ] } } diff --git a/services/common/power_manager/include/power_manager_client.h b/services/common/power_manager/include/power_manager_client.h new file mode 100644 index 000000000..a22f381c3 --- /dev/null +++ b/services/common/power_manager/include/power_manager_client.h @@ -0,0 +1,55 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ACCESS_POWER_MANAGER_ACCESS_CLIENT_H +#define ACCESS_POWER_MANAGER_ACCESS_CLIENT_H + +#include +#include "nocopyable.h" +#include "power_manager_proxy.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +class PowerMgrDeathRecipient : public IRemoteObject::DeathRecipient { +public: + PowerMgrDeathRecipient() {} + virtual ~PowerMgrDeathRecipient() override = default; + void OnRemoteDied(const wptr& object) override; +}; + +class PowerMgrClient final { +public: + static PowerMgrClient& GetInstance(); + virtual ~PowerMgrClient(); + bool IsScreenOn(); + + void OnRemoteDiedHandle(); +private: + PowerMgrClient(); + DISALLOW_COPY_AND_MOVE(PowerMgrClient); + + void InitProxy(); + sptr GetProxy(); + void ReleaseProxy(); + + sptr serviceDeathObserver_ = nullptr; + std::mutex proxyMutex_; + sptr proxy_ = nullptr; +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // ACCESS_POWER_MANAGER_ACCESS_CLIENT_H diff --git a/services/common/power_manager/include/power_manager_proxy.h b/services/common/power_manager/include/power_manager_proxy.h new file mode 100644 index 000000000..efcf3b496 --- /dev/null +++ b/services/common/power_manager/include/power_manager_proxy.h @@ -0,0 +1,48 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ACCESS_POWER_MANAGER_ACCESS_PROXY_H +#define ACCESS_POWER_MANAGER_ACCESS_PROXY_H + +#include + +namespace OHOS { +namespace Security { +namespace AccessToken { +class IPowerMgr : public IRemoteBroker { +public: + DECLARE_INTERFACE_DESCRIPTOR(u"ohos.powermgr.IPowerMgr"); + enum class Message { + IS_SCREEN_ON = 16, + }; + + virtual bool IsScreenOn() = 0; +}; + +class PowerMgrProxy : public IRemoteProxy { +public: + explicit PowerMgrProxy(const sptr& impl) + : IRemoteProxy(impl) {} + ~PowerMgrProxy() = default; + DISALLOW_COPY_AND_MOVE(PowerMgrProxy); + + virtual bool IsScreenOn() override; +private: + static inline BrokerDelegator delegator_; +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // ACCESS_POWER_MANAGER_ACCESS_PROXY_H diff --git a/services/common/power_manager/src/power_manager_client.cpp b/services/common/power_manager/src/power_manager_client.cpp new file mode 100644 index 000000000..4b08b71a8 --- /dev/null +++ b/services/common/power_manager/src/power_manager_client.cpp @@ -0,0 +1,121 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "power_manager_client.h" +#include + +#include "accesstoken_log.h" +#include "iservice_registry.h" +#include "system_ability_definition.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { + LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "PowerMgrClient" +}; +std::mutex g_instanceMutex; +} // namespace + +PowerMgrClient& PowerMgrClient::GetInstance() +{ + static PowerMgrClient* instance = nullptr; + if (instance == nullptr) { + std::lock_guard lock(g_instanceMutex); + if (instance == nullptr) { + instance = new PowerMgrClient(); + } + } + return *instance; +} + +PowerMgrClient::PowerMgrClient() +{} + +PowerMgrClient::~PowerMgrClient() +{ + std::lock_guard lock(proxyMutex_); + ReleaseProxy(); +} + +bool PowerMgrClient::IsScreenOn() +{ + ACCESSTOKEN_LOG_INFO(LABEL, "Entry"); + auto proxy = GetProxy(); + if (proxy == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + return false; + } + return proxy->IsScreenOn(); +} + +void PowerMgrClient::InitProxy() +{ + auto sam = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); + if (sam == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "GetSystemAbilityManager is null"); + return; + } + auto powerManagerSa = sam->GetSystemAbility(POWER_MANAGER_SERVICE_ID); + if (powerManagerSa == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "GetSystemAbility %{public}d is null", + POWER_MANAGER_SERVICE_ID); + return; + } + + serviceDeathObserver_ = sptr::MakeSptr(); + if (serviceDeathObserver_ != nullptr) { + powerManagerSa->AddDeathRecipient(serviceDeathObserver_); + } + + proxy_ = iface_cast(powerManagerSa); + if (proxy_ == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Iface_cast get null"); + } +} + +void PowerMgrClient::OnRemoteDiedHandle() +{ + std::lock_guard lock(proxyMutex_); + ReleaseProxy(); +} + +sptr PowerMgrClient::GetProxy() +{ + std::lock_guard lock(proxyMutex_); + if (proxy_ == nullptr) { + InitProxy(); + } + return proxy_; +} + +void PowerMgrClient::ReleaseProxy() +{ + if (proxy_ != nullptr && serviceDeathObserver_ != nullptr) { + proxy_->AsObject()->RemoveDeathRecipient(serviceDeathObserver_); + } + proxy_ = nullptr; + serviceDeathObserver_ = nullptr; +} + +void PowerMgrDeathRecipient::OnRemoteDied(const wptr& object) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "OnRemoteDied"); + PowerMgrClient::GetInstance().OnRemoteDiedHandle(); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS + diff --git a/services/common/power_manager/src/power_manager_loader.cpp b/services/common/power_manager/src/power_manager_loader.cpp index bab03d3cc..e78679882 100644 --- a/services/common/power_manager/src/power_manager_loader.cpp +++ b/services/common/power_manager/src/power_manager_loader.cpp @@ -13,23 +13,18 @@ * limitations under the License. */ #include "power_manager_loader.h" - -#include "power_mgr_client.h" +#include "power_manager_client.h" namespace OHOS { namespace Security { namespace AccessToken { bool PowerManagerLoader::IsScreenOn() { - bool isScreenOn = PowerMgr::PowerMgrClient::GetInstance().IsScreenOn(); - delete &PowerMgr::PowerMgrClient::GetInstance(); - return isScreenOn; + return PowerMgrClient::GetInstance().IsScreenOn(); } void PowerManagerLoader::WakeupDevice() { - PowerMgr::PowerMgrClient::GetInstance().WakeupDevice(); - delete &PowerMgr::PowerMgrClient::GetInstance(); } extern "C" { diff --git a/services/common/power_manager/src/power_manager_proxy.cpp b/services/common/power_manager/src/power_manager_proxy.cpp new file mode 100644 index 000000000..99276f193 --- /dev/null +++ b/services/common/power_manager/src/power_manager_proxy.cpp @@ -0,0 +1,49 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "power_manager_proxy.h" +#include "accesstoken_log.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +constexpr HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "PowerMgrProxy"}; +} + +bool PowerMgrProxy::IsScreenOn() +{ + MessageParcel data; + MessageParcel reply; + MessageOption option; + if (!data.WriteInterfaceToken(GetDescriptor())) { + ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed"); + return false; + } + bool needPrintLog = true; + if (!data.WriteBool(needPrintLog)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "WriteBool failed"); + return false; + } + int32_t error = Remote()->SendRequest(static_cast(IPowerMgr::Message::IS_SCREEN_ON), data, reply, option); + if (error != ERR_NONE) { + ACCESSTOKEN_LOG_ERROR(LABEL, "IsScreenOn failed, error: %{public}d", error); + return false; + } + return reply.ReadBool(); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS -- Gitee From 8d3b04196af65abca4220b28ad0f16355c45689c Mon Sep 17 00:00:00 2001 From: wangminghai <892696242@qq.com> Date: Fri, 9 Aug 2024 11:28:29 +0800 Subject: [PATCH 018/473] =?UTF-8?q?=E5=85=81=E8=AE=B8=E7=B3=BB=E7=BB=9F?= =?UTF-8?q?=E5=BA=94=E7=94=A8=E6=8C=82=E8=BD=BDbbox=E8=B7=AF=E5=BE=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: wangminghai <892696242@qq.com> --- frameworks/common/src/permission_map.cpp | 1 + .../accesstokenmanager/permission_definitions.json | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/frameworks/common/src/permission_map.cpp b/frameworks/common/src/permission_map.cpp index 36aa99d6c..a39c66aae 100644 --- a/frameworks/common/src/permission_map.cpp +++ b/frameworks/common/src/permission_map.cpp @@ -486,6 +486,7 @@ const static std::vector> g_permMap = { {"ohos.permission.PUBLISH_DISPLAY_ROTATION_EVENT", false}, {"ohos.permission.PUBLISH_CAST_PLUGGED_EVENT", false}, {"ohos.permission.NETWORK_DHCP", false}, + {"ohos.permission.ACCESS_BBOX_DIR", false}, }; bool TransferPermissionToOpcode(const std::string& permission, uint32_t& opCode) diff --git a/services/accesstokenmanager/permission_definitions.json b/services/accesstokenmanager/permission_definitions.json index 5abbbaef7..c28b3b68e 100644 --- a/services/accesstokenmanager/permission_definitions.json +++ b/services/accesstokenmanager/permission_definitions.json @@ -10,6 +10,16 @@ "provisionEnable": true, "distributedSceneEnable": false }, + { + "name": "ohos.permission.ACCESS_BBOX_DIR", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 12, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, { "name": "ohos.permission.SUBSCRIBE_SWING_ABILITY", "grantMode": "system_grant", -- Gitee From c3fd13c62ea542baa1fd25da4ab7c7fd4f4e86a9 Mon Sep 17 00:00:00 2001 From: AXYChen Date: Fri, 9 Aug 2024 15:02:23 +0800 Subject: [PATCH 019/473] =?UTF-8?q?=E4=BF=AE=E6=94=B9appStateData?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: AXYChen Change-Id: I9809307830560319bb012d98d4898e0cc77119ec --- .../test/unittest/app_manager_client/app_state_data.cpp | 3 ++- .../privacy/test/unittest/app_manager_client/app_state_data.h | 2 ++ services/common/app_manager/src/app_state_data.cpp | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/interfaces/innerkits/privacy/test/unittest/app_manager_client/app_state_data.cpp b/interfaces/innerkits/privacy/test/unittest/app_manager_client/app_state_data.cpp index e6a4ce72e..18e40c019 100644 --- a/interfaces/innerkits/privacy/test/unittest/app_manager_client/app_state_data.cpp +++ b/interfaces/innerkits/privacy/test/unittest/app_manager_client/app_state_data.cpp @@ -24,7 +24,7 @@ bool AppStateData::Marshalling(Parcel &parcel) const && parcel.WriteInt32(pid) && parcel.WriteUint32(accessTokenId) && parcel.WriteBool(isFocused) && parcel.WriteInt32(extensionType) && parcel.WriteInt32Vector(renderPids) && parcel.WriteString(callerBundleName) && parcel.WriteBool(isSplitScreenMode) - && parcel.WriteBool(isFloatingWindowMode)); + && parcel.WriteBool(isFloatingWindowMode) && parcel.WriteInt32(appIndex)); } AppStateData *AppStateData::Unmarshalling(Parcel &parcel) @@ -44,6 +44,7 @@ AppStateData *AppStateData::Unmarshalling(Parcel &parcel) appStateData->callerBundleName = parcel.ReadString(); appStateData->isSplitScreenMode = parcel.ReadBool(); appStateData->isFloatingWindowMode = parcel.ReadBool(); + appStateData->appIndex = parcel.ReadInt32(); return appStateData; } } // namespace AccessToken diff --git a/interfaces/innerkits/privacy/test/unittest/app_manager_client/app_state_data.h b/interfaces/innerkits/privacy/test/unittest/app_manager_client/app_state_data.h index 7323f54e9..3b261d218 100644 --- a/interfaces/innerkits/privacy/test/unittest/app_manager_client/app_state_data.h +++ b/interfaces/innerkits/privacy/test/unittest/app_manager_client/app_state_data.h @@ -49,6 +49,8 @@ struct AppStateData : public Parcelable { std::string callerBundleName; bool isSplitScreenMode = false; bool isFloatingWindowMode = false; + bool isSpecifyTokenId = false; + int32_t appIndex = 0; }; } // namespace AccessToken } // namespace Security diff --git a/services/common/app_manager/src/app_state_data.cpp b/services/common/app_manager/src/app_state_data.cpp index f80bac585..cde6f2b03 100644 --- a/services/common/app_manager/src/app_state_data.cpp +++ b/services/common/app_manager/src/app_state_data.cpp @@ -24,7 +24,7 @@ bool AppStateData::Marshalling(Parcel &parcel) const && parcel.WriteInt32(pid) && parcel.WriteUint32(accessTokenId) && parcel.WriteBool(isFocused) && parcel.WriteInt32(extensionType) && parcel.WriteInt32Vector(renderPids) && parcel.WriteString(callerBundleName) && parcel.WriteBool(isSplitScreenMode) - && parcel.WriteBool(isFloatingWindowMode) && parcel.WriteInt32(appIndex)); + && parcel.WriteBool(isFloatingWindowMode) && parcel.WriteInt32(appIndex)); } AppStateData *AppStateData::Unmarshalling(Parcel &parcel) -- Gitee From 4a345ba6155131ad2fad50950a408a634ca2d9ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=84=A4=E4=B8=96=E7=8C=AA?= <1546432050@qq.com> Date: Fri, 9 Aug 2024 13:21:12 +0000 Subject: [PATCH 020/473] update frameworks/common/src/permission_map.cpp. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 愤世猪 <1546432050@qq.com> --- frameworks/common/src/permission_map.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/frameworks/common/src/permission_map.cpp b/frameworks/common/src/permission_map.cpp index 89055c7d5..91e9a6155 100644 --- a/frameworks/common/src/permission_map.cpp +++ b/frameworks/common/src/permission_map.cpp @@ -488,6 +488,8 @@ const static std::vector> g_permMap = { {"ohos.permission.NETWORK_DHCP", false}, {"ohos.permission.ACCESS_CAR_DISTRIBUTED_ENGINE", false}, {"ohos.permission.ALLOW_CONNECT_CAR", false}, + {"ohos.permission.MANAGE_ACCESSORY", false}, + {"ohos.permission.COLLECT_ACCESSORY_LOG", false}, }; bool TransferPermissionToOpcode(const std::string& permission, uint32_t& opCode) -- Gitee From 4eec70ce3286b0a8b06c828fc4c57eb8e4710f33 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=84=A4=E4=B8=96=E7=8C=AA?= <1546432050@qq.com> Date: Fri, 9 Aug 2024 13:22:45 +0000 Subject: [PATCH 021/473] update services/accesstokenmanager/permission_definitions.json. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 愤世猪 <1546432050@qq.com> --- .../permission_definitions.json | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/services/accesstokenmanager/permission_definitions.json b/services/accesstokenmanager/permission_definitions.json index 191a1b91e..86692f886 100644 --- a/services/accesstokenmanager/permission_definitions.json +++ b/services/accesstokenmanager/permission_definitions.json @@ -4933,6 +4933,26 @@ "deprecated": "", "provisionEnable": true, "distributedSceneEnable": false + }, + { + "name": "ohos.permission.MANAGE_ACCESSORY", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 12, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.COLLECT_ACCESSORY_LOG", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 12, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false } ] } -- Gitee From c3a72ade944f6db1791b7350d02ee1a3abcde1c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E8=9C=9C?= Date: Mon, 12 Aug 2024 13:19:57 +0800 Subject: [PATCH 022/473] =?UTF-8?q?=E5=87=AD=E6=8D=AE=E5=BD=95=E5=85=A5?= =?UTF-8?q?=E6=8E=A7=E4=BB=B6=E6=96=B0=E5=A2=9E=E6=9D=83=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李蜜 --- frameworks/common/src/permission_map.cpp | 1 + .../accesstokenmanager/permission_definitions.json | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/frameworks/common/src/permission_map.cpp b/frameworks/common/src/permission_map.cpp index 89055c7d5..d9505ec63 100644 --- a/frameworks/common/src/permission_map.cpp +++ b/frameworks/common/src/permission_map.cpp @@ -488,6 +488,7 @@ const static std::vector> g_permMap = { {"ohos.permission.NETWORK_DHCP", false}, {"ohos.permission.ACCESS_CAR_DISTRIBUTED_ENGINE", false}, {"ohos.permission.ALLOW_CONNECT_CAR", false}, + {"ohos.permission.ACCESS_IDM_WIDGET", false}, }; bool TransferPermissionToOpcode(const std::string& permission, uint32_t& opCode) diff --git a/services/accesstokenmanager/permission_definitions.json b/services/accesstokenmanager/permission_definitions.json index 191a1b91e..7d739c9d0 100644 --- a/services/accesstokenmanager/permission_definitions.json +++ b/services/accesstokenmanager/permission_definitions.json @@ -4933,6 +4933,16 @@ "deprecated": "", "provisionEnable": true, "distributedSceneEnable": false + }, + { + "name": "ohos.permission.ACCESS_IDM_WIDGET", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 12, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": true } ] } -- Gitee From c478c5c13ad00b647d8cfbb56eb49f5102762fb9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=83=91=E6=99=93=E6=99=B4?= Date: Tue, 13 Aug 2024 17:15:37 +0800 Subject: [PATCH 023/473] =?UTF-8?q?=E6=96=B0=E5=A2=9EeSIM=E8=AE=BF?= =?UTF-8?q?=E9=97=AE=E6=9D=83=E9=99=90ohos.permission.GET=5FTELEPHONY=5FES?= =?UTF-8?q?IM=5FSTATE=E3=80=81ohos.permission.SET=5FTELEPHONY=5FESIM=5FSTA?= =?UTF-8?q?TE=E3=80=81=20ohos.permission.SET=5FTELEPHONY=5FESIM=5FSTATE=5F?= =?UTF-8?q?OPEN?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 郑晓晴 --- frameworks/common/src/permission_map.cpp | 3 ++ .../permission_definitions.json | 30 +++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/frameworks/common/src/permission_map.cpp b/frameworks/common/src/permission_map.cpp index 885436e29..e39086968 100644 --- a/frameworks/common/src/permission_map.cpp +++ b/frameworks/common/src/permission_map.cpp @@ -490,6 +490,9 @@ const static std::vector> g_permMap = { {"ohos.permission.ACCESS_CAR_DISTRIBUTED_ENGINE", false}, {"ohos.permission.ALLOW_CONNECT_CAR", false}, {"ohos.permission.ACCESS_IDM_WIDGET", false}, + {"ohos.permission.GET_TELEPHONY_ESIM_STATE", false}, + {"ohos.permission.SET_TELEPHONY_ESIM_STATE", false}, + {"ohos.permission.GET_TELEPHONY_ESIM_STATE_OPEN", false}, }; bool TransferPermissionToOpcode(const std::string& permission, uint32_t& opCode) diff --git a/services/accesstokenmanager/permission_definitions.json b/services/accesstokenmanager/permission_definitions.json index aa82cd722..0213bdf2a 100644 --- a/services/accesstokenmanager/permission_definitions.json +++ b/services/accesstokenmanager/permission_definitions.json @@ -3909,6 +3909,36 @@ "deprecated": "", "provisionEnable": true, "distributedSceneEnable": false + }, + { + "name": "ohos.permission.GET_TELEPHONY_ESIM_STATE", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 13, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.SET_TELEPHONY_ESIM_STATE", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 13, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.SET_TELEPHONY_ESIM_STATE_OPEN", + "grantMode": "system_grant", + "availableLevel": "normal", + "availableType": "NORMAL", + "since": 13, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false } ], "userGrantPermissions": [ -- Gitee From 798dd4c95804208f7bb281dcd097e47cf8f80d7d Mon Sep 17 00:00:00 2001 From: Angus Date: Tue, 13 Aug 2024 23:20:36 +0800 Subject: [PATCH 024/473] =?UTF-8?q?=E7=BD=91=E7=BB=9C=E9=98=B2=E7=81=AB?= =?UTF-8?q?=E5=A2=99=EF=BC=9A=E6=96=B0=E5=A2=9E=E6=9D=83=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Angus --- frameworks/common/src/permission_map.cpp | 2 ++ .../permission_definitions.json | 20 +++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/frameworks/common/src/permission_map.cpp b/frameworks/common/src/permission_map.cpp index 885436e29..67e79f95e 100644 --- a/frameworks/common/src/permission_map.cpp +++ b/frameworks/common/src/permission_map.cpp @@ -489,6 +489,8 @@ const static std::vector> g_permMap = { {"ohos.permission.ACCESS_BBOX_DIR", false}, {"ohos.permission.ACCESS_CAR_DISTRIBUTED_ENGINE", false}, {"ohos.permission.ALLOW_CONNECT_CAR", false}, + {"ohos.permission.MANAGE_NET_FIREWALL", false}, + {"ohos.permission.GET_NET_FIREWALL", false}, {"ohos.permission.ACCESS_IDM_WIDGET", false}, }; diff --git a/services/accesstokenmanager/permission_definitions.json b/services/accesstokenmanager/permission_definitions.json index aa82cd722..f113873f5 100644 --- a/services/accesstokenmanager/permission_definitions.json +++ b/services/accesstokenmanager/permission_definitions.json @@ -4944,6 +4944,26 @@ "provisionEnable": true, "distributedSceneEnable": false }, + { + "name": "ohos.permission.MANAGE_NET_FIREWALL", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 12, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.GET_NET_FIREWALL", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 12, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, { "name": "ohos.permission.ACCESS_IDM_WIDGET", "grantMode": "system_grant", -- Gitee From 97ed658dcca56e2a03279a49d98226d6f7762397 Mon Sep 17 00:00:00 2001 From: y1585740638 Date: Sat, 10 Aug 2024 15:59:30 +0800 Subject: [PATCH 025/473] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E5=BC=B9=E7=AA=97?= =?UTF-8?q?=E6=97=A5=E5=BF=97=E6=89=93=E5=8D=B0=E4=BF=A1=E6=81=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: y1585740638 Change-Id: If4d65046b3ac4517bd22b9f6ee5e91ff1a2d68dc --- .../accesstoken/napi/src/napi_request_permission.cpp | 10 +++++----- .../main/cpp/src/permission/permission_manager.cpp | 3 ++- .../main/cpp/src/permission/permission_policy_set.cpp | 4 ++-- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/interfaces/kits/accesstoken/napi/src/napi_request_permission.cpp b/interfaces/kits/accesstoken/napi/src/napi_request_permission.cpp index 00570ad9a..f6b8cc5cb 100644 --- a/interfaces/kits/accesstoken/napi/src/napi_request_permission.cpp +++ b/interfaces/kits/accesstoken/napi/src/napi_request_permission.cpp @@ -909,11 +909,6 @@ void RequestAsyncInstanceControl::ExecCallback(int32_t id) ACCESSTOKEN_LOG_INFO(LABEL, "Id: %{public}d not existed.", id); return; } - if (iter->second.empty()) { - ACCESSTOKEN_LOG_INFO(LABEL, "Id: %{public}d, map is empty", id); - instanceIdMap_.erase(id); - return; - } while (!iter->second.empty()) { ACCESSTOKEN_LOG_INFO(LABEL, "Id: %{public}d, map size: %{public}zu.", id, iter->second.size()); asyncContext = iter->second[0]; @@ -923,6 +918,11 @@ void RequestAsyncInstanceControl::ExecCallback(int32_t id) break; } } + if (iter->second.empty()) { + ACCESSTOKEN_LOG_INFO(LABEL, "Id: %{public}d, map is empty", id); + instanceIdMap_.erase(id); + return; + } } if (isDynamic) { if (asyncContext->uiExtensionFlag) { diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index dd3f9c106..97a7d9ac2 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -361,7 +361,8 @@ void PermissionManager::GetSelfPermissionState(const std::vectorgrantStatus[0] != PERMISSION_GRANTED) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID: %{public}d, permission: %{public}s is not granted", - tokenId_, permissionName.c_str()); + ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID: %{public}d, permission: %{public}s is not granted, flag: %{public}d", + tokenId_, permissionName.c_str(), iter->grantFlags[0]); return PERMISSION_DENIED; } return PERMISSION_GRANTED; -- Gitee From 3db00023e5460e3a664ceb1f935db933e0abc2eb Mon Sep 17 00:00:00 2001 From: y1585740638 Date: Thu, 15 Aug 2024 16:26:42 +0800 Subject: [PATCH 026/473] =?UTF-8?q?=E5=A4=9A=E7=BA=BF=E7=A8=8B=E7=94=A8?= =?UTF-8?q?=E4=BE=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: y1585740638 Change-Id: I992f845f159950fbebd719809d29f1f3554caa91 --- .../accesstokenmanager/test/unittest/BUILD.gn | 1 + .../test/unittest/multi_thread_test.cpp | 124 ++++++++++++++++++ .../test/unittest/multi_thread_test.h | 36 +++++ 3 files changed, 161 insertions(+) create mode 100644 services/accesstokenmanager/test/unittest/multi_thread_test.cpp create mode 100644 services/accesstokenmanager/test/unittest/multi_thread_test.h diff --git a/services/accesstokenmanager/test/unittest/BUILD.gn b/services/accesstokenmanager/test/unittest/BUILD.gn index 3d3057d91..9b79b7974 100644 --- a/services/accesstokenmanager/test/unittest/BUILD.gn +++ b/services/accesstokenmanager/test/unittest/BUILD.gn @@ -82,6 +82,7 @@ ohos_unittest("libaccesstoken_manager_service_standard_test") { sources = [ "accesstoken_database_test.cpp", "accesstoken_info_manager_test.cpp", + "multi_thread_test.cpp", "native_token_receptor_test.cpp", "permission_definition_parser_test.cpp", "permission_grant_event_test.cpp", diff --git a/services/accesstokenmanager/test/unittest/multi_thread_test.cpp b/services/accesstokenmanager/test/unittest/multi_thread_test.cpp new file mode 100644 index 000000000..3a13bedce --- /dev/null +++ b/services/accesstokenmanager/test/unittest/multi_thread_test.cpp @@ -0,0 +1,124 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "multi_thread_test.h" + +#include "access_token.h" +#include "access_token_error.h" +#include "accesstoken_log.h" +#define private public +#include "accesstoken_id_manager.h" +#undef private +#include "permission_validator.h" +#include "string_ex.h" +#include "token_setproc.h" + + +using namespace testing::ext; +using namespace testing::mt; +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +bool g_register = false; +static std::set g_tokenIdSet; +static constexpr int32_t TEST_TOKEN_ID_1 = 537800000; +static constexpr int32_t TEST_TOKEN_ID_2 = 537900000; +static constexpr int32_t MULTI_CYCLE_TIMES = 1000; +static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, + SECURITY_DOMAIN_ACCESSTOKEN, "AccessTokenMultiThreadTest"}; +} + +void AccessTokenMultiThreadTest::SetUpTestCase() +{ +} + +void AccessTokenMultiThreadTest::TearDownTestCase() +{ +} + +void AccessTokenMultiThreadTest::SetUp() +{ + ACCESSTOKEN_LOG_INFO(LABEL, "SetUp ok."); + g_tokenIdSet = AccessTokenIDManager::GetInstance().tokenIdSet_; + AccessTokenIDManager::GetInstance().tokenIdSet_.clear(); +} + +void AccessTokenMultiThreadTest::TearDown() +{ + AccessTokenIDManager::GetInstance().tokenIdSet_ = g_tokenIdSet; // recovery +} + +void TestRegisterTokenId() +{ + AccessTokenID tokenId = TEST_TOKEN_ID_2; + int32_t i = MULTI_CYCLE_TIMES + 1; + while (i--) { + tokenId += i; + AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_HAP); + } +} + +void TestReleaseTokenId() +{ + AccessTokenID releaseId = TEST_TOKEN_ID_2; + AccessTokenID tokenId = TEST_TOKEN_ID_1; + g_register = !g_register; + int32_t i = MULTI_CYCLE_TIMES + 1; + if (!g_register) { + while (i--) { + releaseId += i; + AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); + } + } else { + while (i--) { + tokenId += i; + AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_HAP); + } + } +} + +/** + * @tc.name: RegisterTokenId001 + * @tc.desc: register 1000 id. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(AccessTokenMultiThreadTest, RegisterTokenId001, TestSize.Level1) +{ + SET_THREAD_NUM(10); + GTEST_RUN_TASK(TestRegisterTokenId); + std::vector tokenIdList; + AccessTokenIDManager::GetInstance().GetHapTokenIdList(tokenIdList); + EXPECT_EQ(MULTI_CYCLE_TIMES, tokenIdList.size()); +} + +/** + * @tc.name: RegisterTokenId002 + * @tc.desc: release and register 1000 id. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(AccessTokenMultiThreadTest, RegisterTokenId002, TestSize.Level1) +{ + SET_THREAD_NUM(10); + GTEST_RUN_TASK(TestReleaseTokenId); + std::vector tokenIdList; + AccessTokenIDManager::GetInstance().GetHapTokenIdList(tokenIdList); + EXPECT_EQ(MULTI_CYCLE_TIMES, tokenIdList.size()); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/services/accesstokenmanager/test/unittest/multi_thread_test.h b/services/accesstokenmanager/test/unittest/multi_thread_test.h new file mode 100644 index 000000000..ed672d6f0 --- /dev/null +++ b/services/accesstokenmanager/test/unittest/multi_thread_test.h @@ -0,0 +1,36 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef MULTI_THREAD_TEST_H +#define MULTI_THREAD_TEST_H + +#include +#include +#include + +namespace OHOS { +namespace Security { +namespace AccessToken { +class AccessTokenMultiThreadTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void TearDown(); + void SetUp(); +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // MULTI_THREAD_TEST_H \ No newline at end of file -- Gitee From 64f1f90d164b85c1f83dad781d6f0295342f4cc6 Mon Sep 17 00:00:00 2001 From: zhouyan Date: Fri, 16 Aug 2024 10:54:16 +0800 Subject: [PATCH 027/473] =?UTF-8?q?UpdateHapToken=E6=94=B9=E4=B8=BA?= =?UTF-8?q?=E4=B8=80=E6=AC=A1=E4=BA=8B=E5=8A=A1=E4=B8=AD=E5=88=A0=E9=99=A4?= =?UTF-8?q?=E5=92=8C=E6=B7=BB=E5=8A=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: zhouyan Change-Id: I143490525d576925c7630bd1d8e45c7c9b863145 --- .../cpp/include/database/access_token_db.h | 4 + .../main/cpp/src/database/access_token_db.cpp | 85 +++++++++++++++++++ .../src/token/accesstoken_info_manager.cpp | 29 ++++++- 3 files changed, 114 insertions(+), 4 deletions(-) diff --git a/services/accesstokenmanager/main/cpp/include/database/access_token_db.h b/services/accesstokenmanager/main/cpp/include/database/access_token_db.h index 4c6416312..99d9f38b3 100644 --- a/services/accesstokenmanager/main/cpp/include/database/access_token_db.h +++ b/services/accesstokenmanager/main/cpp/include/database/access_token_db.h @@ -60,6 +60,8 @@ public: int RefreshAll(const DataType type, const std::vector& values); int32_t FindByConditions(DataType type, const GenericValues& andConditions, std::vector& results); + int32_t DeleteAndInsertHap(AccessTokenID tokenId, const std::vector& hapInfoValues, + const std::vector& permDefValues, const std::vector& permStateValues); void OnCreate() override; void OnUpdate(int32_t version) override; @@ -84,6 +86,8 @@ private: int32_t AddAvailableTypeColumn() const; int32_t AddPermDialogCapColumn() const; int32_t AddRequestToggleStatusColumn() const; + int32_t HandleDeleteAndAddSql(const GenericValues& conditionValue, const std::vector& addValues, + const std::string& delSql, const std::string& addSql); AccessTokenDb(); DISALLOW_COPY_AND_MOVE(AccessTokenDb); diff --git a/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp b/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp index 0ed56858d..98c296d35 100644 --- a/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp +++ b/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp @@ -18,6 +18,7 @@ #include #include #include "accesstoken_log.h" +#include "access_token_error.h" namespace OHOS { namespace Security { @@ -249,6 +250,90 @@ int32_t AccessTokenDb::FindByConditions(DataType type, return SUCCESS; } +int32_t AccessTokenDb::HandleDeleteAndAddSql(const GenericValues& conditionValue, + const std::vector& addValues, const std::string& delSql, const std::string& addSql) +{ + // delete table record, condition only token_id + auto statDel = Prepare(delSql); + statDel.Bind(TokenFiledConst::FIELD_TOKEN_ID, conditionValue.Get(TokenFiledConst::FIELD_TOKEN_ID)); + if (statDel.Step() != Statement::State::DONE) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Delete table record failed, errorMsg is %{public}s.", SpitError().c_str()); + return AccessTokenError::ERR_DATABASE_OPERATE_FAILED; + } + + // if no value to add return success + if (addValues.empty()) { + return RET_SUCCESS; + } + + // add to table + auto statAdd = Prepare(addSql); + for (const auto& value : addValues) { + std::vector addColumns = value.GetAllKeys(); + // bind column value + for (const auto& column : addColumns) { + statAdd.Bind(column, value.Get(column)); + } + + // exec sql + if (statAdd.Step() != Statement::State::DONE) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Add table failed, errorMsg is %{public}s.", SpitError().c_str()); + return AccessTokenError::ERR_DATABASE_OPERATE_FAILED; + } + statAdd.Reset(); // reset statement + } + + return RET_SUCCESS; +} + +int32_t AccessTokenDb::DeleteAndInsertHap(AccessTokenID tokenId, const std::vector& hapInfoValues, + const std::vector& permDefValues, const std::vector& permStateValues) +{ + GenericValues conditionValue; + conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenId)); + + // create delete sqls + std::vector delColumnNames; + delColumnNames.emplace_back(TokenFiledConst::FIELD_TOKEN_ID); + std::string hapDelSql = CreateDeletePrepareSqlCmd(DataType::ACCESSTOKEN_HAP_INFO, delColumnNames); + std::string defDelSql = CreateDeletePrepareSqlCmd(DataType::ACCESSTOKEN_PERMISSION_DEF, delColumnNames); + std::string stateDelSql = CreateDeletePrepareSqlCmd(DataType::ACCESSTOKEN_PERMISSION_STATE, delColumnNames); + + // create add sqls + std::string hapAddSql = CreateInsertPrepareSqlCmd(DataType::ACCESSTOKEN_HAP_INFO); + std::string defAddSql = CreateInsertPrepareSqlCmd(DataType::ACCESSTOKEN_PERMISSION_DEF); + std::string stateAddSql = CreateInsertPrepareSqlCmd(DataType::ACCESSTOKEN_PERMISSION_STATE); + + OHOS::Utils::UniqueWriteGuard lock(this->rwLock_); + BeginTransaction(); + + // delete and add hap token info + int32_t res = HandleDeleteAndAddSql(conditionValue, hapInfoValues, hapDelSql, hapAddSql); + if (res != RET_SUCCESS) { + RollbackTransaction(); + return res; + } + + // delete and add permission def + res = HandleDeleteAndAddSql(conditionValue, permDefValues, defDelSql, stateAddSql); + if (res != RET_SUCCESS) { + RollbackTransaction(); + return res; + } + + // delete and add permission state + res = HandleDeleteAndAddSql(conditionValue, permStateValues, stateDelSql, hapAddSql); + if (res != RET_SUCCESS) { + RollbackTransaction(); + return res; + } + + CommitTransaction(); + ACCESSTOKEN_LOG_INFO(LABEL, "Delete and insert hap success!"); + + return RET_SUCCESS; +} + int64_t AccessTokenDb::Count(DataType type) { GenericValues result; diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index fa4e25224..32fd9eabb 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -710,8 +710,7 @@ int32_t AccessTokenInfoManager::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const // update hap to kernel std::shared_ptr policySet = infoPtr->GetHapInfoPermissionPolicySet(); PermissionManager::GetInstance().AddPermToKernel(tokenID, policySet); - ModifyHapTokenInfoFromDb(tokenID); - return RET_SUCCESS; + return ModifyHapTokenInfoFromDb(tokenID); } #ifdef TOKEN_SYNC_ENABLE @@ -1120,9 +1119,31 @@ int AccessTokenInfoManager::AddAllNativeTokenInfoToDb(void) int AccessTokenInfoManager::ModifyHapTokenInfoFromDb(AccessTokenID tokenID) { + std::shared_ptr hapInner = GetHapTokenInfoInner(tokenID); + if (hapInner == nullptr) { + ACCESSTOKEN_LOG_INFO(LABEL, "token %{public}u info is null!", tokenID); + return AccessTokenError::ERR_TOKENID_NOT_EXIST; + } + Utils::UniqueWriteGuard infoGuard(this->modifyLock_); - RemoveHapTokenInfoFromDb(tokenID); - return AddHapTokenInfoToDb(tokenID); + // get new hap token info from cache + std::vector hapInfoValues; + hapInner->StoreHapInfo(hapInfoValues); // only exsit one if empty something is wrong + if (hapInfoValues.empty()) { + ACCESSTOKEN_LOG_INFO(LABEL, "Hap token info is empty!"); + return AccessTokenError::ERR_PARAM_INVALID; + } + + // get new permission def from cache if exsits + std::vector permDefValues; + PermissionDefinitionCache::GetInstance().StorePermissionDef(tokenID, permDefValues); + + // get new permission def from cache if exsits + std::vector permStateValues; + hapInner->StorePermissionPolicy(permStateValues); + + return AccessTokenDb::GetInstance().DeleteAndInsertHap(tokenID, hapInfoValues, permDefValues, + permStateValues); } int32_t AccessTokenInfoManager::ModifyHapPermStateFromDb(AccessTokenID tokenID, const std::string& permission) -- Gitee From 28873d52ddae97be5470544599a33beba7aeb7b0 Mon Sep 17 00:00:00 2001 From: yuan78 Date: Fri, 16 Aug 2024 11:08:39 +0800 Subject: [PATCH 028/473] =?UTF-8?q?=E6=96=B0=E5=A2=9EGET=5FETHERNET=5FLOCA?= =?UTF-8?q?L=5FMAC=E6=9D=83=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: yuan78 --- frameworks/common/src/permission_map.cpp | 1 + .../accesstokenmanager/permission_definitions.json | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/frameworks/common/src/permission_map.cpp b/frameworks/common/src/permission_map.cpp index 1c4c0e96d..f7e65e325 100644 --- a/frameworks/common/src/permission_map.cpp +++ b/frameworks/common/src/permission_map.cpp @@ -492,6 +492,7 @@ const static std::vector> g_permMap = { {"ohos.permission.ACCESS_IDM_WIDGET", false}, {"ohos.permission.MANAGE_ACCESSORY", false}, {"ohos.permission.COLLECT_ACCESSORY_LOG", false}, + {"ohos.permission.GET_ETHERNET_LOCAL_MAC", false}, }; bool TransferPermissionToOpcode(const std::string& permission, uint32_t& opCode) diff --git a/services/accesstokenmanager/permission_definitions.json b/services/accesstokenmanager/permission_definitions.json index 81323d133..835936e34 100644 --- a/services/accesstokenmanager/permission_definitions.json +++ b/services/accesstokenmanager/permission_definitions.json @@ -4973,6 +4973,16 @@ "deprecated": "", "provisionEnable": true, "distributedSceneEnable": false + }, + { + "name": "ohos.permission.GET_ETHERNET_LOCAL_MAC", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 12, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false } ] } -- Gitee From c8a482c5a254193f7994490960555281c2e2e32d Mon Sep 17 00:00:00 2001 From: zhouyan Date: Fri, 16 Aug 2024 16:40:40 +0800 Subject: [PATCH 029/473] =?UTF-8?q?1=E3=80=81=E4=BF=AE=E5=A4=8DUpdateHapTo?= =?UTF-8?q?ken=E6=8E=A5=E5=8F=A3=E9=97=AE=E9=A2=98=202=E3=80=81=E4=B8=B4?= =?UTF-8?q?=E6=97=B6=E9=9D=99=E9=9F=B3=E9=80=82=E9=85=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: zhouyan Change-Id: I8e400c28374791b96c62a2c0a669f2e34afcdbbd --- .../innerkits/privacy/include/active_change_response_info.h | 1 + .../main/cpp/src/database/access_token_db.cpp | 4 ++-- .../privacymanager/src/record/permission_record_manager.cpp | 6 +++--- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/interfaces/innerkits/privacy/include/active_change_response_info.h b/interfaces/innerkits/privacy/include/active_change_response_info.h index 276f72486..44503ad2c 100644 --- a/interfaces/innerkits/privacy/include/active_change_response_info.h +++ b/interfaces/innerkits/privacy/include/active_change_response_info.h @@ -50,6 +50,7 @@ enum ActiveChangeType { PERM_INACTIVE = 0, PERM_ACTIVE_IN_FOREGROUND = 1, PERM_ACTIVE_IN_BACKGROUND = 2, + PERM_TEMPORARY_CALL, }; /** diff --git a/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp b/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp index 98c296d35..2e763a39a 100644 --- a/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp +++ b/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp @@ -315,14 +315,14 @@ int32_t AccessTokenDb::DeleteAndInsertHap(AccessTokenID tokenId, const std::vect } // delete and add permission def - res = HandleDeleteAndAddSql(conditionValue, permDefValues, defDelSql, stateAddSql); + res = HandleDeleteAndAddSql(conditionValue, permDefValues, defDelSql, defAddSql); if (res != RET_SUCCESS) { RollbackTransaction(); return res; } // delete and add permission state - res = HandleDeleteAndAddSql(conditionValue, permStateValues, stateDelSql, hapAddSql); + res = HandleDeleteAndAddSql(conditionValue, permStateValues, stateDelSql, stateAddSql); if (res != RET_SUCCESS) { RollbackTransaction(); return res; diff --git a/services/privacymanager/src/record/permission_record_manager.cpp b/services/privacymanager/src/record/permission_record_manager.cpp index e5c2693e3..3ad8fe998 100644 --- a/services/privacymanager/src/record/permission_record_manager.cpp +++ b/services/privacymanager/src/record/permission_record_manager.cpp @@ -32,6 +32,7 @@ #include "constant_common.h" #include "data_translator.h" #include "i_state_change_callback.h" +#include "ipc_skeleton.h" #include "iservice_registry.h" #include "libraryloader.h" #include "parameter.h" @@ -1116,9 +1117,8 @@ int32_t PermissionRecordManager::SetTempMutePolicy(const std::string permissionN return PrivacyError::ERR_EDM_POLICY_CHECK_FAILED; } if (GetMuteStatus(permissionName, MIXED)) { - if (!ShowGlobalDialog(permissionName)) { - return ERR_SERVICE_ABNORMAL; - } + AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID(); + CallbackExecute(callingTokenID, permissionName, PERM_TEMPORARY_CALL); return PrivacyError::ERR_PRIVACY_POLICY_CHECK_FAILED; } } -- Gitee From c0b4aeabcd50d1a8dfd82436edfe5a719e067ef3 Mon Sep 17 00:00:00 2001 From: wuliushuan Date: Thu, 15 Aug 2024 12:22:12 +0000 Subject: [PATCH 030/473] =?UTF-8?q?=E8=B0=83=E6=95=B4=E6=9D=83=E9=99=90?= =?UTF-8?q?=E5=88=9D=E5=A7=8B=E5=8C=96=E4=BD=8D=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: wuliushuan Change-Id: I72342add361d0d8c19707ffdac3bf41bb19654f4 --- .../main/cpp/include/permission/permission_definition_cache.h | 2 +- .../main/cpp/src/permission/permission_definition_cache.cpp | 4 ++-- .../main/cpp/src/permission/permission_manager.cpp | 4 ++-- .../test/unittest/accesstoken_info_manager_test.cpp | 4 ++++ 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h b/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h index 9ca0aa894..841322f85 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h @@ -38,7 +38,7 @@ public: bool Update(const PermissionDef& info, AccessTokenID tokenId); - void DeleteByBundleName(const std::string& bundleName); + void DeleteByToken(AccessTokenID tokenId); int FindByPermissionName(const std::string& permissionName, PermissionDef& info); diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp index ef9e84a89..f1b12b405 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp @@ -75,12 +75,12 @@ bool PermissionDefinitionCache::Update(const PermissionDef& info, AccessTokenID return true; } -void PermissionDefinitionCache::DeleteByBundleName(const std::string& bundleName) +void PermissionDefinitionCache::DeleteByToken(AccessTokenID tokenId) { Utils::UniqueWriteGuard cacheGuard(this->cacheLock_); auto it = permissionDefinitionMap_.begin(); while (it != permissionDefinitionMap_.end()) { - if (bundleName == it->second.permDef.bundleName) { + if (tokenId == it->second.tokenId) { permissionDefinitionMap_.erase(it++); } else { ++it; diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index 97a7d9ac2..d6277ad5a 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -128,6 +128,7 @@ void PermissionManager::AddDefPermissions(const std::vector& perm if (!PermissionDefinitionCache::GetInstance().HasDefinition(perm.permissionName)) { PermissionDefinitionCache::GetInstance().Insert(perm, tokenId); } else { + PermissionDefinitionCache::GetInstance().Update(perm, tokenId); ACCESSTOKEN_LOG_INFO(LABEL, "Permission %{public}s has define", TransferPermissionDefToString(perm).c_str()); } @@ -143,8 +144,7 @@ void PermissionManager::RemoveDefPermissions(AccessTokenID tokenID) ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid params(tokenID: %{public}u)!", tokenID); return; } - std::string bundleName = tokenInfo->GetBundleName(); - PermissionDefinitionCache::GetInstance().DeleteByBundleName(bundleName); + PermissionDefinitionCache::GetInstance().DeleteByToken(tokenID); } int PermissionManager::VerifyHapAccessToken(AccessTokenID tokenID, const std::string& permissionName) diff --git a/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp b/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp index 5e000228f..659737a4d 100644 --- a/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp +++ b/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp @@ -251,6 +251,10 @@ HWTEST_F(AccessTokenInfoManagerTest, CreateHapTokenInfo002, TestSize.Level1) ASSERT_EQ(RET_SUCCESS, ret); ASSERT_NE(tokenIdEx.tokenIdExStruct.tokenID, tokenIdEx1.tokenIdExStruct.tokenID); GTEST_LOG_(INFO) << "add same hap token"; + PermissionDef permDef; + ASSERT_EQ(RET_SUCCESS, + PermissionManager::GetInstance().GetDefPermission(g_infoManagerTestPermDef1.permissionName, permDef)); + ASSERT_EQ(permDef.permissionName, g_infoManagerTestPermDef1.permissionName); std::shared_ptr tokenInfo; tokenInfo = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenIdEx1.tokenIdExStruct.tokenID); -- Gitee From 9e49ca3830c3f49c532634cd6c244c0d1fb1aa73 Mon Sep 17 00:00:00 2001 From: chennian Date: Mon, 19 Aug 2024 04:49:09 +0000 Subject: [PATCH 031/473] Kill process when permission is revoke Signed-off-by: chennian Change-Id: I436ed41b7f59d99bcd42a5acdc8492a40f407fa1 --- BUILD.gn | 3 +- services/accesstokenmanager/access_token.cfg | 3 +- .../cpp/src/permission/permission_manager.cpp | 10 +- .../test/unittest/permission_manager_test.cpp | 45 ++++++ services/common/BUILD.gn | 1 + services/common/app_manager/BUILD.gn | 58 ++++++++ .../include/ams_manager_access_proxy.h | 52 +++++++ .../include/app_manager_access_client.h | 3 +- .../include/app_manager_access_proxy.h | 4 + .../src/ams_manager_access_proxy.cpp | 50 +++++++ .../src/app_manager_access_client.cpp | 16 +- .../src/app_manager_access_proxy.cpp | 23 +++ .../src/app_manager_death_recipient.cpp | 2 +- services/common/test/BUILD.gn | 90 +++++++++++ .../test/unittest/interface_code_test.cpp | 140 ++++++++++++++++++ .../privacymanager/test/coverage/BUILD.gn | 1 - .../privacymanager/test/unittest/BUILD.gn | 9 -- .../test/unittest/sensitive_manager_test.cpp | 22 --- 18 files changed, 494 insertions(+), 38 deletions(-) create mode 100644 services/common/app_manager/BUILD.gn create mode 100644 services/common/app_manager/include/ams_manager_access_proxy.h create mode 100644 services/common/app_manager/src/ams_manager_access_proxy.cpp create mode 100644 services/common/test/BUILD.gn create mode 100644 services/common/test/unittest/interface_code_test.cpp diff --git a/BUILD.gn b/BUILD.gn index bc6a7dba5..818f325b3 100644 --- a/BUILD.gn +++ b/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021-2023 Huawei Device Co., Ltd. +# Copyright (c) 2021-2024 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -32,6 +32,7 @@ group("accesstoken_build_module_test") { ] if (ability_base_enable == true) { deps += [ + "services/common/test:unittest", "services/el5filekeymanager/test:unittest", "services/privacymanager/test:unittest", ] diff --git a/services/accesstokenmanager/access_token.cfg b/services/accesstokenmanager/access_token.cfg index ed7b9b46f..5567b6d77 100644 --- a/services/accesstokenmanager/access_token.cfg +++ b/services/accesstokenmanager/access_token.cfg @@ -25,7 +25,8 @@ "ohos.permission.ACCESS_SERVICE_DM", "ohos.permission.DISTRIBUTED_DATASYNC", "ohos.permission.RUNNING_STATE_OBSERVER", - "ohos.permission.GET_RUNNING_INFO" + "ohos.permission.GET_RUNNING_INFO", + "ohos.permission.KILL_APP_PROCESSES" ], "secon" : "u:r:accesstoken_service:s0" } diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index d6277ad5a..a5803d924 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -589,6 +589,14 @@ void PermissionManager::NotifyWhenPermissionStateUpdated(AccessTokenID tokenID, // To notify the client cache to update by resetting paramValue_. ParamUpdate(permissionName, flag, false); + // To notify kill process when perm is revoke + if ((flag != PERMISSION_ALLOW_THIS_TIME) && (flag != PERMISSION_COMPONENT_SET)) { + if (!isGranted) { + ACCESSTOKEN_LOG_INFO(LABEL, "Perm(%{public}s) is revoked, kill process(%{public}u).", + permissionName.c_str(), tokenID); + AppManagerAccessClient::GetInstance().KillProcessesByAccessTokenId(tokenID); + } + } // DFX. HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK_EVENT", HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "CODE", USER_GRANT_PERMISSION_EVENT, @@ -612,7 +620,7 @@ int32_t PermissionManager::UpdateTokenPermissionState( if (flag == PERMISSION_ALLOW_THIS_TIME) { if (isGranted) { if (!TempPermissionObserver::GetInstance().IsAllowGrantTempPermission(tokenID, permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Grant permission failed, tokenID:%{public}d, permissionName:%{public}s", + ACCESSTOKEN_LOG_ERROR(LABEL, "Grant permission failed, id:%{public}d, permissionName:%{public}s", tokenID, permissionName.c_str()); return ERR_IDENTITY_CHECK_FAILED; } diff --git a/services/accesstokenmanager/test/unittest/permission_manager_test.cpp b/services/accesstokenmanager/test/unittest/permission_manager_test.cpp index acbde3825..94fe87e0f 100644 --- a/services/accesstokenmanager/test/unittest/permission_manager_test.cpp +++ b/services/accesstokenmanager/test/unittest/permission_manager_test.cpp @@ -1402,6 +1402,51 @@ HWTEST_F(PermissionManagerTest, UpdateTokenPermissionState002, TestSize.Level1) ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenId)); } +/** + * @tc.name: UpdateTokenPermissionState003 + * @tc.desc: PermissionManager::UpdateTokenPermissionState function test + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionManagerTest, UpdateTokenPermissionState003, TestSize.Level1) +{ + std::string permissionName = "ohos.permission.DUMP"; + uint32_t flag = 0; + + HapInfoParams info = { + .userID = USER_ID, + .bundleName = "permission_manager_test", + .instIndex = INST_INDEX, + .appIDDesc = "permission_manager_test" + }; + HapPolicyParams policy = { + .apl = APL_NORMAL, + .domain = "domain" + }; + AccessTokenIDEx tokenIdEx = {0}; + ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(info, policy, tokenIdEx)); + ASSERT_NE(static_cast(0), tokenIdEx.tokenIdExStruct.tokenID); + AccessTokenID tokenId = tokenIdEx.tokenIdExStruct.tokenID; + + // permissio is granted + ASSERT_EQ(AccessTokenError::ERR_TOKENID_NOT_EXIST, PermissionManager::GetInstance().UpdateTokenPermissionState( + tokenId, permissionName, true, flag)); + + flag = PERMISSION_ALLOW_THIS_TIME; + ASSERT_EQ(AccessTokenError::ERR_IDENTITY_CHECK_FAILED, PermissionManager::GetInstance().UpdateTokenPermissionState( + tokenId, permissionName, false, flag)); + + flag = PERMISSION_COMPONENT_SET; + ASSERT_EQ(AccessTokenError::ERR_IDENTITY_CHECK_FAILED, PermissionManager::GetInstance().UpdateTokenPermissionState( + tokenId, permissionName, false, flag)); + + flag = PERMISSION_USER_FIXED; + ASSERT_EQ(AccessTokenError::ERR_IDENTITY_CHECK_FAILED, PermissionManager::GetInstance().UpdateTokenPermissionState( + tokenId, permissionName, false, flag)); + + ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenId)); +} + /** * @tc.name: IsAllowGrantTempPermission001 * @tc.desc: PermissionManager::IsAllowGrantTempPermission function test diff --git a/services/common/BUILD.gn b/services/common/BUILD.gn index 40e13f2d3..74f31e0f3 100644 --- a/services/common/BUILD.gn +++ b/services/common/BUILD.gn @@ -44,6 +44,7 @@ ohos_static_library("accesstoken_service_common") { public_configs = [ ":accesstoken_service_common_public_config" ] sources = [ + "app_manager/src/ams_manager_access_proxy.cpp", "app_manager/src/app_manager_access_client.cpp", "app_manager/src/app_manager_access_proxy.cpp", "app_manager/src/app_manager_death_recipient.cpp", diff --git a/services/common/app_manager/BUILD.gn b/services/common/app_manager/BUILD.gn new file mode 100644 index 000000000..d1db269b8 --- /dev/null +++ b/services/common/app_manager/BUILD.gn @@ -0,0 +1,58 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/ohos.gni") +import("../../../access_token.gni") + +ohos_shared_library("accesstoken_app_manager") { + subsystem_name = "security" + part_name = "access_token" + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + } + branch_protector_ret = "pac_ret" + + include_dirs = [ + "${access_token_path}/frameworks/common/include", + "${access_token_path}/frameworks/privacy/include", + "${access_token_path}/interfaces/innerkits/accesstoken/include", + "${access_token_path}/interfaces/innerkits/privacy/include", + "include", + ] + + sources = [ + "src/ams_manager_access_proxy.cpp", + "src/app_manager_access_client.cpp", + "src/app_manager_access_proxy.cpp", + "src/app_manager_death_recipient.cpp", + "src/app_state_data.cpp", + "src/app_status_change_callback.cpp", + "src/process_data.cpp", + ] + + cflags_cc = [ "-DHILOG_ENABLE" ] + configs = [ + "${access_token_path}/config:access_token_compile_flags", + "${access_token_path}/config:coverage_flags", + ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + "ipc:ipc_core", + "safwk:system_ability_fwk", + "samgr:samgr_proxy", + ] +} diff --git a/services/common/app_manager/include/ams_manager_access_proxy.h b/services/common/app_manager/include/ams_manager_access_proxy.h new file mode 100644 index 000000000..4718c8ab3 --- /dev/null +++ b/services/common/app_manager/include/ams_manager_access_proxy.h @@ -0,0 +1,52 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ACCESS_AMS_MANAGER_ACCESS_PROXY_H +#define ACCESS_AMS_MANAGER_ACCESS_PROXY_H + +#include + +#include "app_state_data.h" +#include "process_data.h" +#include "service_ipc_interface_code.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +class IAmsMgr : public IRemoteBroker { +public: + DECLARE_INTERFACE_DESCRIPTOR(u"ohos.appexecfwk.IAmsMgr"); + + virtual int32_t KillProcessesByAccessTokenId(const uint32_t accessTokenId) = 0; + + enum class Message { + FORCE_KILL_APPLICATION_BY_ACCESS_TOKEN_ID = 49, + }; +}; + +class AmsManagerAccessProxy : public IRemoteProxy { +public: + explicit AmsManagerAccessProxy(const sptr& impl) : IRemoteProxy(impl) {} + + virtual ~AmsManagerAccessProxy() = default; + + int32_t KillProcessesByAccessTokenId(const uint32_t accessTokenId) override; +private: + static inline BrokerDelegator delegator_; +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // ACCESS_AMS_MANAGER_ACCESS_PROXY_H diff --git a/services/common/app_manager/include/app_manager_access_client.h b/services/common/app_manager/include/app_manager_access_client.h index b938169cb..385987855 100644 --- a/services/common/app_manager/include/app_manager_access_client.h +++ b/services/common/app_manager/include/app_manager_access_client.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2024 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -33,6 +33,7 @@ public: static AppManagerAccessClient& GetInstance(); virtual ~AppManagerAccessClient(); + int32_t KillProcessesByAccessTokenId(const uint32_t accessTokenId); int32_t RegisterApplicationStateObserver(const sptr& observer); int32_t UnregisterApplicationStateObserver(const sptr& observer); int32_t GetForegroundApplications(std::vector& list); diff --git a/services/common/app_manager/include/app_manager_access_proxy.h b/services/common/app_manager/include/app_manager_access_proxy.h index fabe1f203..9e4e40bbf 100644 --- a/services/common/app_manager/include/app_manager_access_proxy.h +++ b/services/common/app_manager/include/app_manager_access_proxy.h @@ -18,6 +18,7 @@ #include +#include "ams_manager_access_proxy.h" #include "app_state_data.h" #include "process_data.h" #include "service_ipc_interface_code.h" @@ -43,12 +44,14 @@ class IAppMgr : public IRemoteBroker { public: DECLARE_INTERFACE_DESCRIPTOR(u"ohos.appexecfwk.AppMgr"); + virtual sptr GetAmsMgr() = 0; virtual int32_t RegisterApplicationStateObserver(const sptr& observer, const std::vector& bundleNameList = {}) = 0; virtual int32_t UnregisterApplicationStateObserver(const sptr& observer) = 0; virtual int32_t GetForegroundApplications(std::vector& list) = 0; enum class Message { + APP_GET_MGR_INSTANCE = 6, REGISTER_APPLICATION_STATE_OBSERVER = 12, UNREGISTER_APPLICATION_STATE_OBSERVER = 13, GET_FOREGROUND_APPLICATIONS = 14, @@ -61,6 +64,7 @@ public: virtual ~AppManagerAccessProxy() = default; + sptr GetAmsMgr() override; int32_t RegisterApplicationStateObserver(const sptr& observer, const std::vector &bundleNameList = {}) override; int32_t UnregisterApplicationStateObserver(const sptr& observer) override; diff --git a/services/common/app_manager/src/ams_manager_access_proxy.cpp b/services/common/app_manager/src/ams_manager_access_proxy.cpp new file mode 100644 index 000000000..d0ace69e5 --- /dev/null +++ b/services/common/app_manager/src/ams_manager_access_proxy.cpp @@ -0,0 +1,50 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "ams_manager_access_proxy.h" +#include "accesstoken_log.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +constexpr HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AmsManagerAccessProxy"}; +static constexpr int32_t ERROR = -1; +} +int32_t AmsManagerAccessProxy::KillProcessesByAccessTokenId(const uint32_t accessTokenId) +{ + MessageParcel data; + MessageParcel reply; + MessageOption option(MessageOption::TF_SYNC); + if (!data.WriteInterfaceToken(GetDescriptor())) { + ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + return ERROR; + } + + if (!data.WriteInt32(accessTokenId)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInt32 failed."); + return ERROR; + } + int32_t error = Remote()->SendRequest( + static_cast(IAmsMgr::Message::FORCE_KILL_APPLICATION_BY_ACCESS_TOKEN_ID), data, reply, option); + if (error != ERR_NONE) { + ACCESSTOKEN_LOG_ERROR(LABEL, "KillProcessesByAccessTokenId failed, error: %{public}d", error); + return ERROR; + } + return reply.ReadInt32(); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/services/common/app_manager/src/app_manager_access_client.cpp b/services/common/app_manager/src/app_manager_access_client.cpp index 7853e18f0..438bae720 100644 --- a/services/common/app_manager/src/app_manager_access_client.cpp +++ b/services/common/app_manager/src/app_manager_access_client.cpp @@ -50,6 +50,20 @@ AppManagerAccessClient::~AppManagerAccessClient() ReleaseProxy(); } +int32_t AppManagerAccessClient::KillProcessesByAccessTokenId(const uint32_t accessTokenId) +{ + auto proxy = GetProxy(); + if (proxy == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); + return -1; + } + sptr amsService = proxy->GetAmsMgr(); + if (amsService == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "AmsService is null."); + } + return amsService->KillProcessesByAccessTokenId(accessTokenId); +} + int32_t AppManagerAccessClient::RegisterApplicationStateObserver(const sptr& observer) { ACCESSTOKEN_LOG_INFO(LABEL, "Entry"); @@ -59,7 +73,7 @@ int32_t AppManagerAccessClient::RegisterApplicationStateObserver(const sptr bundleNameList; diff --git a/services/common/app_manager/src/app_manager_access_proxy.cpp b/services/common/app_manager/src/app_manager_access_proxy.cpp index 2bbe4b2d5..186a5d2c6 100644 --- a/services/common/app_manager/src/app_manager_access_proxy.cpp +++ b/services/common/app_manager/src/app_manager_access_proxy.cpp @@ -25,6 +25,29 @@ static constexpr int32_t ERROR = -1; constexpr int32_t CYCLE_LIMIT = 1000; } +sptr AppManagerAccessProxy::GetAmsMgr() +{ + MessageParcel data; + MessageParcel reply; + MessageOption option; + if (!data.WriteInterfaceToken(GetDescriptor())) { + return nullptr; + } + int32_t error = Remote()->SendRequest( + static_cast(IAppMgr::Message::APP_GET_MGR_INSTANCE), data, reply, option); + if (error != ERR_NONE) { + ACCESSTOKEN_LOG_ERROR(LABEL, "GetAmsMgr failed, error: %{public}d", error); + return nullptr; + } + sptr object = reply.ReadRemoteObject(); + sptr amsMgr = iface_cast(object); + if (!amsMgr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Ability manager service instance is nullptr. "); + return nullptr; + } + return amsMgr; +} + int32_t AppManagerAccessProxy::RegisterApplicationStateObserver(const sptr& observer, const std::vector& bundleNameList) { diff --git a/services/common/app_manager/src/app_manager_death_recipient.cpp b/services/common/app_manager/src/app_manager_death_recipient.cpp index c18e9b08a..86870441d 100644 --- a/services/common/app_manager/src/app_manager_death_recipient.cpp +++ b/services/common/app_manager/src/app_manager_death_recipient.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2024 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at diff --git a/services/common/test/BUILD.gn b/services/common/test/BUILD.gn new file mode 100644 index 000000000..f9e8e6d62 --- /dev/null +++ b/services/common/test/BUILD.gn @@ -0,0 +1,90 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/test.gni") +import("../../../access_token.gni") + +if (is_standard_system && ability_base_enable) { + ohos_unittest("libipc_code_test") { + subsystem_name = "security" + part_name = "access_token" + module_out_path = part_name + "/" + part_name + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + } + branch_protector_ret = "pac_ret" + + include_dirs = [ + "${access_token_path}/frameworks/privacy/include", + "${access_token_path}/frameworks/common/include", + "${access_token_path}/services/common/ability_manager/include", + "${access_token_path}/services/common/app_manager/include", + "${access_token_path}/services/privacymanager/src/camera_manager", + ] + + sources = [ "unittest/interface_code_test.cpp" ] + + cflags_cc = [] + + configs = [ "${access_token_path}/config:coverage_flags" ] + + deps = [ + "${access_token_path}/frameworks/common:accesstoken_common_cxx", + "${access_token_path}/frameworks/privacy:privacy_communication_adapter_cxx", + "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", + "${access_token_path}/interfaces/innerkits/accesstoken:libtokenid_sdk", + "${access_token_path}/interfaces/innerkits/privacy:libprivacy_sdk", + "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", + "${access_token_path}/services/common:accesstoken_service_common", + "${access_token_path}/services/privacymanager:privacy_manager_service", + ] + + external_deps = [ + "ability_base:want", + "access_token:libaccesstoken_sdk", + "c_utils:utils", + "googletest:gtest_main", + "hilog:libhilog", + "hisysevent:libhisysevent", + "init:libbegetutil", + "ipc:ipc_core", + "safwk:system_ability_fwk", + "samgr:samgr_proxy", + "sqlite:sqlite", + ] + + if (audio_framework_enable) { + cflags_cc += [ "-DAUDIO_FRAMEWORK_ENABLE" ] + external_deps += [ "audio_framework:audio_client" ] + } + + if (ability_runtime_enable) { + cflags_cc += [ "-DABILITY_RUNTIME_ENABLE" ] + external_deps += [ + "ability_runtime:ability_manager", + "ability_runtime:app_manager", + ] + } + if (camera_framework_enable) { + cflags_cc += [ "-DCAMERA_FRAMEWORK_ENABLE" ] + external_deps += [ "camera_framework:camera_framework" ] + } + } +} + +group("unittest") { + testonly = true + deps = [ ":libipc_code_test" ] +} diff --git a/services/common/test/unittest/interface_code_test.cpp b/services/common/test/unittest/interface_code_test.cpp new file mode 100644 index 000000000..e6a373625 --- /dev/null +++ b/services/common/test/unittest/interface_code_test.cpp @@ -0,0 +1,140 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include "access_token.h" +#include "accesstoken_kit.h" +#ifdef ABILITY_RUNTIME_ENABLE +#include "ams_mgr_interface.h" +#include "app_manager_access_proxy.h" +#include "app_mgr_ipc_interface_code.h" + +#include "ability_manager_ipc_interface_code.h" +#include "iapplication_state_observer.h" +#endif + +#ifdef CAMERA_FRAMEWORK_ENABLE +#include "camera_service_ipc_interface_code.h" +#endif + +#include "privacy_camera_service_ipc_interface_code.h" +#include "service_ipc_interface_code.h" + +using namespace testing::ext; + +namespace OHOS { +namespace Security { +namespace AccessToken { +class IpcCodeTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); +}; + +void IpcCodeTest::SetUpTestCase() +{ +} + +void IpcCodeTest::TearDownTestCase() +{ +} + +void IpcCodeTest::SetUp() +{ +} + +void IpcCodeTest::TearDown() +{ +} + +#ifdef ABILITY_RUNTIME_ENABLE +/* + * @tc.name: AppManagerCodeTest001 + * @tc.desc: test appMgr ipc code + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(IpcCodeTest, AppManagerCodeTest001, TestSize.Level1) +{ + ASSERT_EQ(static_cast(AppExecFwk::AppMgrInterfaceCode::REGISTER_APPLICATION_STATE_OBSERVER), + static_cast(AccessToken::IAppMgr::Message::REGISTER_APPLICATION_STATE_OBSERVER)); // 12 + ASSERT_EQ(static_cast(AppExecFwk::AppMgrInterfaceCode::UNREGISTER_APPLICATION_STATE_OBSERVER), + static_cast(AccessToken::IAppMgr::Message::UNREGISTER_APPLICATION_STATE_OBSERVER)); // 13 + ASSERT_EQ(static_cast(AppExecFwk::AppMgrInterfaceCode::GET_FOREGROUND_APPLICATIONS), + static_cast(AccessToken::IAppMgr::Message::GET_FOREGROUND_APPLICATIONS)); // 14 +} + +/* + * @tc.name: AmsManagerCodeTest001 + * @tc.desc: test amsMgr ipc code + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(IpcCodeTest, AmsManagerCodeTest001, TestSize.Level1) +{ + ASSERT_EQ(static_cast(AppExecFwk::IAmsMgr::Message::FORCE_KILL_APPLICATION_BY_ACCESS_TOKEN_ID), + static_cast(AccessToken::IAmsMgr::Message::FORCE_KILL_APPLICATION_BY_ACCESS_TOKEN_ID)); +} + +/* + * @tc.name: AmsManagerCodeTest001 + * @tc.desc: test ability manager ipc code + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(IpcCodeTest, AbilityManagerCodeTest001, TestSize.Level1) +{ + ASSERT_EQ(static_cast( + AppExecFwk::IApplicationStateObserver::Message::TRANSACT_ON_FOREGROUND_APPLICATION_CHANGED), + static_cast( + AccessToken::AccessAppServiceInterfaceCode::TRANSACT_ON_FOREGROUND_APPLICATION_CHANGED)); + ASSERT_EQ(static_cast(AAFwk::AbilityManagerInterfaceCode::START_ABILITY_ADD_CALLER), + static_cast(AccessToken::AccessAbilityServiceInterfaceCode::START_ABILITY_ADD_CALLER)); +} +#endif + +#ifdef CAMERA_FRAMEWORK_ENABLE +/* + * @tc.name: CameraManagerCodeTest001 + * @tc.desc: test camera framework ipc code + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(IpcCodeTest, CameraManagerCodeTest001, TestSize.Level1) +{ + ASSERT_EQ(static_cast(CameraStandard::CameraServiceInterfaceCode::CAMERA_SERVICE_IS_CAMERA_MUTED), + static_cast(AccessToken::PrivacyCameraServiceInterfaceCode::CAMERA_SERVICE_IS_CAMERA_MUTED)); + ASSERT_EQ(static_cast(CameraStandard::CameraServiceInterfaceCode::CAMERA_SERVICE_MUTE_CAMERA_PERSIST), + static_cast(AccessToken::PrivacyCameraServiceInterfaceCode::CAMERA_SERVICE_MUTE_CAMERA_PERSIST)); +} +#endif + +#ifdef AUDIO_FRAMEWORK_ENABLE +/* + * @tc.name: AudioManagerCodeTest001 + * @tc.desc: test audio framework ipc code + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(IpcCodeTest, AudioManagerCodeTest001, TestSize.Level1) +{ +} +#endif +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/services/privacymanager/test/coverage/BUILD.gn b/services/privacymanager/test/coverage/BUILD.gn index 4db84f5ea..3a46ca22c 100644 --- a/services/privacymanager/test/coverage/BUILD.gn +++ b/services/privacymanager/test/coverage/BUILD.gn @@ -46,7 +46,6 @@ if (is_standard_system && ability_base_enable == true) { "${access_token_path}/services/privacymanager/include/database", "${access_token_path}/services/privacymanager/include/record", "${access_token_path}/services/privacymanager/include/service", - "${access_token_path}/services/privacymanager/include/sensitive/app_manager", "${access_token_path}/services/privacymanager/include/sensitive/audio_manager", "${access_token_path}/services/privacymanager/include/sensitive/camera_manager", ] diff --git a/services/privacymanager/test/unittest/BUILD.gn b/services/privacymanager/test/unittest/BUILD.gn index dd9e614a0..ed1cdac9e 100644 --- a/services/privacymanager/test/unittest/BUILD.gn +++ b/services/privacymanager/test/unittest/BUILD.gn @@ -46,7 +46,6 @@ if (is_standard_system && ability_base_enable == true) { "${access_token_path}/services/privacymanager/include/database", "${access_token_path}/services/privacymanager/include/record", "${access_token_path}/services/privacymanager/include/service", - "${access_token_path}/services/privacymanager/include/sensitive/app_manager", "${access_token_path}/services/privacymanager/include/sensitive/audio_manager", "${access_token_path}/services/privacymanager/include/sensitive/camera_manager", "${audio_framework_path}/services/audio_policy/common/include", @@ -130,14 +129,6 @@ if (is_standard_system && ability_base_enable == true) { ] } - if (ability_runtime_enable) { - cflags_cc += [ "-DABILITY_RUNTIME_ENABLE" ] - external_deps += [ - "ability_runtime:ability_manager", - "ability_runtime:app_manager", - ] - } - if (window_manager_enable && access_token_camera_float_window_enable) { cflags_cc += [ "-DCAMERA_FLOAT_WINDOW_ENABLE" ] include_dirs += diff --git a/services/privacymanager/test/unittest/sensitive_manager_test.cpp b/services/privacymanager/test/unittest/sensitive_manager_test.cpp index 3eedfe002..b064ec5f1 100644 --- a/services/privacymanager/test/unittest/sensitive_manager_test.cpp +++ b/services/privacymanager/test/unittest/sensitive_manager_test.cpp @@ -19,10 +19,6 @@ #include "accesstoken_kit.h" #include "app_manager_access_client.h" #include "app_manager_access_proxy.h" -#ifdef ABILITY_RUNTIME_ENABLE -#include "ability_manager_interface.h" -#include "app_mgr_interface.h" -#endif #include "app_state_data.h" #define private public #include "audio_manager_privacy_client.h" @@ -175,24 +171,6 @@ HWTEST_F(SensitiveManagerServiceTest, SetCameraMuteTest001, TestSize.Level1) CameraManagerPrivacyClient::GetInstance().MuteCameraPersist(PolicyType::PRIVACY, initMute); } -#ifdef ABILITY_RUNTIME_ENABLE -/* - * @tc.name: AppManagerPrivacyCode001 - * @tc.desc: test api function - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(SensitiveManagerServiceTest, AppManagerPrivacyCode001, TestSize.Level1) -{ - ASSERT_EQ(static_cast(OHOS::AppExecFwk::AppMgrInterfaceCode::REGISTER_APPLICATION_STATE_OBSERVER), - static_cast(IAppMgr::Message::REGISTER_APPLICATION_STATE_OBSERVER)); // 12 - ASSERT_EQ(static_cast(OHOS::AppExecFwk::AppMgrInterfaceCode::UNREGISTER_APPLICATION_STATE_OBSERVER), - static_cast(IAppMgr::Message::UNREGISTER_APPLICATION_STATE_OBSERVER)); // 13 - ASSERT_EQ(static_cast(OHOS::AppExecFwk::AppMgrInterfaceCode::GET_FOREGROUND_APPLICATIONS), - static_cast(IAppMgr::Message::GET_FOREGROUND_APPLICATIONS)); // 14 -} -#endif - /* * @tc.name: RegisterAppObserverTest001 * @tc.desc: test RegisterApplicationStateObserver with Callback is nullptr. -- Gitee From 42706982e718ffd297ca1c7198fb054a8e1e12e5 Mon Sep 17 00:00:00 2001 From: wanganjie Date: Mon, 19 Aug 2024 19:45:10 +0800 Subject: [PATCH 032/473] =?UTF-8?q?=E6=96=B0=E5=A2=9E=E6=9D=83=E9=99=90?= =?UTF-8?q?=E5=85=81=E8=AE=B8=E6=A8=A1=E6=80=81UIExtension=E4=B8=8D?= =?UTF-8?q?=E9=9A=90=E8=97=8F=E4=B8=8D=E5=AE=89=E5=85=A8=E7=AA=97=E5=8F=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: wanganjie --- frameworks/common/src/permission_map.cpp | 1 + .../accesstokenmanager/permission_definitions.json | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/frameworks/common/src/permission_map.cpp b/frameworks/common/src/permission_map.cpp index f7e65e325..ffc113057 100644 --- a/frameworks/common/src/permission_map.cpp +++ b/frameworks/common/src/permission_map.cpp @@ -493,6 +493,7 @@ const static std::vector> g_permMap = { {"ohos.permission.MANAGE_ACCESSORY", false}, {"ohos.permission.COLLECT_ACCESSORY_LOG", false}, {"ohos.permission.GET_ETHERNET_LOCAL_MAC", false}, + {"ohos.permission.ALLOW_SHOW_NON_SECURE_WINDOWS", false}, }; bool TransferPermissionToOpcode(const std::string& permission, uint32_t& opCode) diff --git a/services/accesstokenmanager/permission_definitions.json b/services/accesstokenmanager/permission_definitions.json index 835936e34..a638e96f3 100644 --- a/services/accesstokenmanager/permission_definitions.json +++ b/services/accesstokenmanager/permission_definitions.json @@ -4983,6 +4983,16 @@ "deprecated": "", "provisionEnable": true, "distributedSceneEnable": false + }, + { + "name": "ohos.permission.ALLOW_SHOW_NON_SECURE_WINDOWS", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 12, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false } ] } -- Gitee From 0a0b6141adf94f5f6b1a9187c358d9d05f6aed53 Mon Sep 17 00:00:00 2001 From: chennian Date: Mon, 19 Aug 2024 14:38:06 +0000 Subject: [PATCH 033/473] Delete DumpTokenIfNeeded Signed-off-by: chennian Change-Id: Ib39fa7e7e9388c08e0a7b7d64ea470b0bbba250c --- .../service/accesstoken_manager_service.h | 7 -- .../service/accesstoken_manager_service.cpp | 76 ++----------------- 2 files changed, 7 insertions(+), 76 deletions(-) diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h index 7cf7d7519..3f31626cb 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h @@ -108,15 +108,8 @@ private: bool GetConfigGrantValueFromFile(std::string& fileContent); void GetConfigValue(); bool Initialize(); - void DumpTokenIfNeeded(); void AccessTokenServiceParamSet() const; PermissionOper GetPermissionsState(AccessTokenID tokenID, std::vector& reqPermList); -#ifdef EVENTHANDLER_ENABLE - std::shared_ptr eventRunner_; - std::shared_ptr dumpEventRunner_; - std::shared_ptr eventHandler_; - std::shared_ptr dumpEventHandler_; -#endif ServiceRunningState state_; std::string grantBundleName_; std::string grantAbilityName_; diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index ca4c20d8c..582c40a70 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -277,16 +277,12 @@ int32_t AccessTokenManagerService::GetPermissionRequestToggleStatus( int AccessTokenManagerService::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) { - int32_t ret = PermissionManager::GetInstance().GrantPermission(tokenID, permissionName, flag); - DumpTokenIfNeeded(); - return ret; + return PermissionManager::GetInstance().GrantPermission(tokenID, permissionName, flag); } int AccessTokenManagerService::RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) { - int32_t ret = PermissionManager::GetInstance().RevokePermission(tokenID, permissionName, flag); - DumpTokenIfNeeded(); - return ret; + return PermissionManager::GetInstance().RevokePermission(tokenID, permissionName, flag); } int AccessTokenManagerService::ClearUserGrantedPermissionState(AccessTokenID tokenID) @@ -294,7 +290,6 @@ int AccessTokenManagerService::ClearUserGrantedPermissionState(AccessTokenID tok ACCESSTOKEN_LOG_INFO(LABEL, "TokenID: %{public}d", tokenID); PermissionManager::GetInstance().ClearUserGrantedPermissionState(tokenID); AccessTokenInfoManager::GetInstance().SetPermDialogCap(tokenID, false); - DumpTokenIfNeeded(); return RET_SUCCESS; } @@ -320,7 +315,6 @@ AccessTokenIDEx AccessTokenManagerService::AllocHapToken(const HapInfoParcel& in if (ret != RET_SUCCESS) { ACCESSTOKEN_LOG_ERROR(LABEL, "Hap token info create failed"); } - DumpTokenIfNeeded(); return tokenIdEx; } @@ -349,7 +343,6 @@ int32_t AccessTokenManagerService::InitHapToken( return ret; } - DumpTokenIfNeeded(); return ret; } @@ -360,9 +353,7 @@ int AccessTokenManagerService::DeleteToken(AccessTokenID tokenID) PrivacyKit::RemovePermissionUsedRecords(tokenID, ""); #endif // COMMON_EVENT_SERVICE_ENABLE // only support hap token deletion - int ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); - DumpTokenIfNeeded(); - return ret; + return AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); } int AccessTokenManagerService::GetTokenType(AccessTokenID tokenID) @@ -392,7 +383,6 @@ AccessTokenID AccessTokenManagerService::AllocLocalTokenID( ACCESSTOKEN_LOG_INFO(LABEL, "RemoteDeviceID: %{public}s, remoteTokenID: %{public}d", ConstantCommon::EncryptDevId(remoteDeviceID).c_str(), remoteTokenID); AccessTokenID tokenID = AccessTokenInfoManager::GetInstance().AllocLocalTokenID(remoteDeviceID, remoteTokenID); - DumpTokenIfNeeded(); return tokenID; } @@ -407,7 +397,6 @@ int32_t AccessTokenManagerService::UpdateHapToken(AccessTokenIDEx& tokenIdEx, } int32_t ret = AccessTokenInfoManager::GetInstance().UpdateHapToken(tokenIdEx, info, InitializedList, policyParcel.hapPolicyParameter.apl, policyParcel.hapPolicyParameter.permList); - DumpTokenIfNeeded(); return ret; } @@ -428,9 +417,7 @@ int AccessTokenManagerService::GetNativeTokenInfo(AccessTokenID tokenID, NativeT #ifndef ATM_BUILD_VARIANT_USER_ENABLE int32_t AccessTokenManagerService::ReloadNativeTokenInfo() { - int32_t ret = NativeTokenReceptor::GetInstance().Init(); - DumpTokenIfNeeded(); - return ret; + return NativeTokenReceptor::GetInstance().Init(); } #endif @@ -470,7 +457,6 @@ int AccessTokenManagerService::SetRemoteHapTokenInfo(const std::string& deviceID ACCESSTOKEN_LOG_INFO(LABEL, "DeviceID: %{public}s", ConstantCommon::EncryptDevId(deviceID).c_str()); int ret = AccessTokenInfoManager::GetInstance().SetRemoteHapTokenInfo(deviceID, hapSyncParcel.hapTokenInfoForSyncParams); - DumpTokenIfNeeded(); return ret; } @@ -483,18 +469,14 @@ int AccessTokenManagerService::SetRemoteNativeTokenInfo(const std::string& devic std::transform(nativeTokenInfoForSyncParcel.begin(), nativeTokenInfoForSyncParcel.end(), std::back_inserter(nativeList), [](const auto& nativeParcel) { return nativeParcel.nativeTokenInfoForSyncParams; }); - int ret = AccessTokenInfoManager::GetInstance().SetRemoteNativeTokenInfo(deviceID, nativeList); - DumpTokenIfNeeded(); - return ret; + return AccessTokenInfoManager::GetInstance().SetRemoteNativeTokenInfo(deviceID, nativeList); } int AccessTokenManagerService::DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) { ACCESSTOKEN_LOG_INFO(LABEL, "DeviceID: %{public}s, token id %{public}d", ConstantCommon::EncryptDevId(deviceID).c_str(), tokenID); - int ret = AccessTokenInfoManager::GetInstance().DeleteRemoteToken(deviceID, tokenID); - DumpTokenIfNeeded(); - return ret; + return AccessTokenInfoManager::GetInstance().DeleteRemoteToken(deviceID, tokenID); } AccessTokenID AccessTokenManagerService::GetRemoteNativeTokenID(const std::string& deviceID, @@ -509,9 +491,7 @@ AccessTokenID AccessTokenManagerService::GetRemoteNativeTokenID(const std::strin int AccessTokenManagerService::DeleteRemoteDeviceTokens(const std::string& deviceID) { ACCESSTOKEN_LOG_INFO(LABEL, "DeviceID: %{public}s", ConstantCommon::EncryptDevId(deviceID).c_str()); - int ret = AccessTokenInfoManager::GetInstance().DeleteRemoteDeviceTokens(deviceID); - DumpTokenIfNeeded(); - return ret; + return AccessTokenInfoManager::GetInstance().DeleteRemoteDeviceTokens(deviceID); } int32_t AccessTokenManagerService::RegisterTokenSyncCallback(const sptr& callback) @@ -608,32 +588,6 @@ int AccessTokenManagerService::Dump(int fd, const std::vector& a return ERR_OK; } -void AccessTokenManagerService::DumpTokenIfNeeded() -{ -#ifdef EVENTHANDLER_ENABLE - if (AccessTokenInfoManager::GetInstance().GetCurDumpTaskNum() > 1) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Has refresh task!"); - return; - } - AccessTokenInfoManager::GetInstance().AddDumpTaskNum(); - if (dumpEventHandler_ == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Fail to get EventHandler."); - AccessTokenInfoManager::GetInstance().ReduceDumpTaskNum(); - return; - } - - std::function delayed = ([]() { - AccessTokenInfoManager::GetInstance().DumpToken(); - ACCESSTOKEN_LOG_INFO(LABEL, "Dump token end."); - // Sleep for one minute to avoid frequent refresh of the file. - std::this_thread::sleep_for(std::chrono::minutes(1)); - AccessTokenInfoManager::GetInstance().ReduceDumpTaskNum(); - }); - - dumpEventHandler_->ProxyPostTask(delayed); -#endif -} - void AccessTokenManagerService::AccessTokenServiceParamSet() const { int32_t res = SetParameter(ACCESS_TOKEN_SERVICE_INIT_KEY, std::to_string(1).c_str()); @@ -693,22 +647,6 @@ bool AccessTokenManagerService::Initialize() AccessTokenInfoManager::GetInstance().Init(); NativeTokenReceptor::GetInstance().Init(); -#ifdef EVENTHANDLER_ENABLE - eventRunner_ = AppExecFwk::EventRunner::Create(true, AppExecFwk::ThreadMode::FFRT); - if (!eventRunner_) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to create a recvRunner."); - return false; - } - dumpEventRunner_ = AppExecFwk::EventRunner::Create(true, AppExecFwk::ThreadMode::FFRT); - if (!dumpEventRunner_) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to create a recvRunner."); - return false; - } - eventHandler_ = std::make_shared(eventRunner_); - dumpEventHandler_ = std::make_shared(dumpEventRunner_); - TempPermissionObserver::GetInstance().InitEventHandler(eventHandler_); -#endif - #ifdef SUPPORT_SANDBOX_APP DlpPermissionSetParser::GetInstance().Init(); #endif -- Gitee From d65e1bb42f51b882bf8929095bc6d9c4751a6354 Mon Sep 17 00:00:00 2001 From: chennian Date: Tue, 20 Aug 2024 06:46:15 +0000 Subject: [PATCH 034/473] Delete DumpTokenIfNeeded Signed-off-by: chennian Change-Id: I3c7a3430bc9f7d1032bb674a3d66fb691c4c16f8 --- .../cpp/include/service/accesstoken_manager_service.h | 4 ++++ .../cpp/src/service/accesstoken_manager_service.cpp | 10 ++++++++++ 2 files changed, 14 insertions(+) diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h index 3f31626cb..87fdd8faf 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h @@ -110,6 +110,10 @@ private: bool Initialize(); void AccessTokenServiceParamSet() const; PermissionOper GetPermissionsState(AccessTokenID tokenID, std::vector& reqPermList); +#ifdef EVENTHANDLER_ENABLE + std::shared_ptr eventRunner_; + std::shared_ptr eventHandler_; +#endif ServiceRunningState state_; std::string grantBundleName_; std::string grantAbilityName_; diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index 582c40a70..898947933 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -647,6 +647,16 @@ bool AccessTokenManagerService::Initialize() AccessTokenInfoManager::GetInstance().Init(); NativeTokenReceptor::GetInstance().Init(); +#ifdef EVENTHANDLER_ENABLE + eventRunner_ = AppExecFwk::EventRunner::Create(true, AppExecFwk::ThreadMode::FFRT); + if (!eventRunner_) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to create a recvRunner."); + return false; + } + eventHandler_ = std::make_shared(eventRunner_); + TempPermissionObserver::GetInstance().InitEventHandler(eventHandler_); +#endif + #ifdef SUPPORT_SANDBOX_APP DlpPermissionSetParser::GetInstance().Init(); #endif -- Gitee From dea7a113984cc480e63a02f6ed99b5ad469ccdd7 Mon Sep 17 00:00:00 2001 From: zhouyan Date: Tue, 20 Aug 2024 15:22:44 +0800 Subject: [PATCH 035/473] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E9=89=B4=E6=9D=83ndk?= =?UTF-8?q?=E6=8E=A5=E5=8F=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: zhouyan Change-Id: I4cfd9decd9ed9c47ff88ff069466b06e1068235b --- bundle.json | 5 +- interfaces/kits/capi/BUILD.gn | 18 +++++ interfaces/kits/capi/accesstoken/BUILD.gn | 49 ++++++++++++ .../include/ability_access_control.h | 61 +++++++++++++++ .../src/ability_access_control.cpp | 34 ++++++++ interfaces/kits/cj/BUILD.gn | 21 +++++ interfaces/kits/{ => cj}/accesstoken/BUILD.gn | 77 ++---------------- .../include}/ability_access_ctrl_ffi.h | 0 .../accesstoken/include}/at_manager_impl.h | 0 .../cj => cj/accesstoken/include}/macro.h | 0 .../src}/ability_access_ctrl_ffi.cpp | 0 .../src}/ability_access_ctrl_mock.cpp | 0 .../accesstoken/src}/at_manager_impl.cpp | 0 interfaces/kits/{ => napi}/BUILD.gn | 7 -- interfaces/kits/napi/accesstoken/BUILD.gn | 78 +++++++++++++++++++ .../accesstoken}/include/napi_atmanager.h | 0 .../include/napi_context_common.h | 0 .../napi_request_global_switch_on_setting.h | 0 .../include/napi_request_permission.h | 0 .../napi_request_permission_on_setting.h | 0 .../accesstoken}/src/napi_atmanager.cpp | 0 .../accesstoken}/src/napi_context_common.cpp | 0 .../napi_request_global_switch_on_setting.cpp | 0 .../src/napi_request_permission.cpp | 0 .../napi_request_permission_on_setting.cpp | 0 interfaces/kits/{ => napi}/common/BUILD.gn | 2 +- .../{ => napi}/common/include/napi_common.h | 0 .../{ => napi}/common/include/napi_error.h | 0 .../{ => napi}/common/src/napi_common.cpp | 0 .../kits/{ => napi}/common/src/napi_error.cpp | 0 .../{ => napi}/el5filekeymanager/BUILD.gn | 6 +- .../include/el5_filekey_manager_napi.h | 0 .../src/el5_filekey_manager_napi.cpp | 0 interfaces/kits/{ => napi}/privacy/BUILD.gn | 12 +-- .../privacy}/include/napi_context_common.h | 0 .../privacy}/include/native_module.h | 0 .../include/permission_record_manager_napi.h | 0 .../privacy}/src/napi_context_common.cpp | 0 .../privacy}/src/native_module.cpp | 0 .../src/permission_record_manager_napi.cpp | 0 40 files changed, 281 insertions(+), 89 deletions(-) create mode 100644 interfaces/kits/capi/BUILD.gn create mode 100644 interfaces/kits/capi/accesstoken/BUILD.gn create mode 100644 interfaces/kits/capi/accesstoken/include/ability_access_control.h create mode 100644 interfaces/kits/capi/accesstoken/src/ability_access_control.cpp create mode 100644 interfaces/kits/cj/BUILD.gn rename interfaces/kits/{ => cj}/accesstoken/BUILD.gn (55%) rename interfaces/kits/{accesstoken/cj => cj/accesstoken/include}/ability_access_ctrl_ffi.h (100%) rename interfaces/kits/{accesstoken/cj => cj/accesstoken/include}/at_manager_impl.h (100%) rename interfaces/kits/{accesstoken/cj => cj/accesstoken/include}/macro.h (100%) rename interfaces/kits/{accesstoken/cj => cj/accesstoken/src}/ability_access_ctrl_ffi.cpp (100%) rename interfaces/kits/{accesstoken/cj => cj/accesstoken/src}/ability_access_ctrl_mock.cpp (100%) rename interfaces/kits/{accesstoken/cj => cj/accesstoken/src}/at_manager_impl.cpp (100%) rename interfaces/kits/{ => napi}/BUILD.gn (87%) create mode 100644 interfaces/kits/napi/accesstoken/BUILD.gn rename interfaces/kits/{accesstoken/napi => napi/accesstoken}/include/napi_atmanager.h (100%) rename interfaces/kits/{accesstoken/napi => napi/accesstoken}/include/napi_context_common.h (100%) rename interfaces/kits/{accesstoken/napi => napi/accesstoken}/include/napi_request_global_switch_on_setting.h (100%) rename interfaces/kits/{accesstoken/napi => napi/accesstoken}/include/napi_request_permission.h (100%) rename interfaces/kits/{accesstoken/napi => napi/accesstoken}/include/napi_request_permission_on_setting.h (100%) rename interfaces/kits/{accesstoken/napi => napi/accesstoken}/src/napi_atmanager.cpp (100%) rename interfaces/kits/{accesstoken/napi => napi/accesstoken}/src/napi_context_common.cpp (100%) rename interfaces/kits/{accesstoken/napi => napi/accesstoken}/src/napi_request_global_switch_on_setting.cpp (100%) rename interfaces/kits/{accesstoken/napi => napi/accesstoken}/src/napi_request_permission.cpp (100%) rename interfaces/kits/{accesstoken/napi => napi/accesstoken}/src/napi_request_permission_on_setting.cpp (100%) rename interfaces/kits/{ => napi}/common/BUILD.gn (97%) rename interfaces/kits/{ => napi}/common/include/napi_common.h (100%) rename interfaces/kits/{ => napi}/common/include/napi_error.h (100%) rename interfaces/kits/{ => napi}/common/src/napi_common.cpp (100%) rename interfaces/kits/{ => napi}/common/src/napi_error.cpp (100%) rename interfaces/kits/{ => napi}/el5filekeymanager/BUILD.gn (91%) rename interfaces/kits/{el5filekeymanager/napi => napi/el5filekeymanager}/include/el5_filekey_manager_napi.h (100%) rename interfaces/kits/{el5filekeymanager/napi => napi/el5filekeymanager}/src/el5_filekey_manager_napi.cpp (100%) rename interfaces/kits/{ => napi}/privacy/BUILD.gn (86%) rename interfaces/kits/{privacy/napi => napi/privacy}/include/napi_context_common.h (100%) rename interfaces/kits/{privacy/napi => napi/privacy}/include/native_module.h (100%) rename interfaces/kits/{privacy/napi => napi/privacy}/include/permission_record_manager_napi.h (100%) rename interfaces/kits/{privacy/napi => napi/privacy}/src/napi_context_common.cpp (100%) rename interfaces/kits/{privacy/napi => napi/privacy}/src/native_module.cpp (100%) rename interfaces/kits/{privacy/napi => napi/privacy}/src/permission_record_manager_napi.cpp (100%) diff --git a/bundle.json b/bundle.json index d6099fc65..c5be94464 100644 --- a/bundle.json +++ b/bundle.json @@ -66,8 +66,9 @@ "//base/security/access_token/tools:tools_atm" ], "fwk_group": [ - "//base/security/access_token/interfaces/kits:napi_packages", - "//base/security/access_token/interfaces/kits:cj_packages" + "//base/security/access_token/interfaces/kits/capi:capi_packages", + "//base/security/access_token/interfaces/kits/cj:cj_packages", + "//base/security/access_token/interfaces/kits/napi:napi_packages" ], "service_group": [ "//base/security/access_token/interfaces/innerkits/tokensync:libtokensync_sdk", diff --git a/interfaces/kits/capi/BUILD.gn b/interfaces/kits/capi/BUILD.gn new file mode 100644 index 000000000..070fee69a --- /dev/null +++ b/interfaces/kits/capi/BUILD.gn @@ -0,0 +1,18 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/ohos.gni") + +group("capi_packages") { + deps = [ "accesstoken:libability_access_control" ] +} diff --git a/interfaces/kits/capi/accesstoken/BUILD.gn b/interfaces/kits/capi/accesstoken/BUILD.gn new file mode 100644 index 000000000..11093e09e --- /dev/null +++ b/interfaces/kits/capi/accesstoken/BUILD.gn @@ -0,0 +1,49 @@ +# Copyright (c) 2021-2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/ohos.gni") +import("../../../../access_token.gni") + +config("accesstoken_ndk_config") { + include_dirs = [ "include" ] +} + +ohos_shared_library("libability_access_control") { + innerapi_tags = [ "ndk" ] + output_extension = "so" + public_configs = [ ":accesstoken_ndk_config" ] + + sanitize = { + integer_overflow = true + cfi = true + debug = false + cfi_cross_dso = true + boundary_sanitize = true + ubsan = true + } + + sources = [ "src/ability_access_control.cpp" ] + + deps = [ + "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", + "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", + ] + + cflags_cc = [ + "-Wall", + "-Werror", + ] + + part_name = "access_token" + subsystem_name = "security" +} diff --git a/interfaces/kits/capi/accesstoken/include/ability_access_control.h b/interfaces/kits/capi/accesstoken/include/ability_access_control.h new file mode 100644 index 000000000..121e5b983 --- /dev/null +++ b/interfaces/kits/capi/accesstoken/include/ability_access_control.h @@ -0,0 +1,61 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup AbilityAccessControl + * @{ + * + * @brief Provides the capability to manage access token. + * + * @since 12 + */ + +/** + * @file ability_access_control.h + * + * @brief Declares the APIs for managing access token. + * + * @library ability_access_control.so + * @kit AbilityKit + * @syscap SystemCapability.Security.AccessToken + * @since 12 + */ + +#ifndef ABILITY_ACCESS_CONTROL_H +#define ABILITY_ACCESS_CONTROL_H + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Checks whether this application has been granted the given permission. + * + * @param permission - Name of the permission to be granted. + * @return true - The permission has been granted to this application. + * false - The permission has not been granted to this application. + * @since 12 + */ +bool OH_AT_CheckSelfPermission(const char *permission); + +#ifdef __cplusplus +} +#endif + +/** @} */ +#endif /* ABILITY_ACCESS_CONTROL_H */ diff --git a/interfaces/kits/capi/accesstoken/src/ability_access_control.cpp b/interfaces/kits/capi/accesstoken/src/ability_access_control.cpp new file mode 100644 index 000000000..a477dfed0 --- /dev/null +++ b/interfaces/kits/capi/accesstoken/src/ability_access_control.cpp @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "ability_access_control.h" + +#include + +#include "accesstoken_kit.h" +#include "token_setproc.h" + +using namespace OHOS::Security::AccessToken; + +bool OH_AT_CheckSelfPermission(const char *permission) +{ + if (permission == nullptr) { + return false; + } + + uint64_t tokenId = GetSelfTokenID(); + std::string permissionName(permission); + return (AccessTokenKit::VerifyAccessToken(tokenId, permissionName) == PermissionState::PERMISSION_GRANTED); +} \ No newline at end of file diff --git a/interfaces/kits/cj/BUILD.gn b/interfaces/kits/cj/BUILD.gn new file mode 100644 index 000000000..ecd17dee0 --- /dev/null +++ b/interfaces/kits/cj/BUILD.gn @@ -0,0 +1,21 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/ohos.gni") + +group("cj_packages") { + deps = [] + if (support_jsapi) { + deps += [ "accesstoken:cj_ability_access_ctrl_ffi" ] + } +} diff --git a/interfaces/kits/accesstoken/BUILD.gn b/interfaces/kits/cj/accesstoken/BUILD.gn similarity index 55% rename from interfaces/kits/accesstoken/BUILD.gn rename to interfaces/kits/cj/accesstoken/BUILD.gn index 479b9f762..89783c793 100644 --- a/interfaces/kits/accesstoken/BUILD.gn +++ b/interfaces/kits/cj/accesstoken/BUILD.gn @@ -12,73 +12,10 @@ # limitations under the License. import("//build/ohos.gni") -import("../../../access_token.gni") - -ohos_shared_library("libabilityaccessctrl") { - sanitize = { - cfi = true - cfi_cross_dso = true - debug = false - } - branch_protector_ret = "pac_ret" - include_dirs = [ - "${access_token_path}/frameworks/common/include", - "${access_token_path}/interfaces/innerkits/accesstoken/include", - "${access_token_path}/interfaces/innerkits/token_callback/include", - "${access_token_path}/interfaces/innerkits/token_setproc/include", - "../common/include", - "napi/include", - ] - - sources = [ - "napi/src/napi_atmanager.cpp", - "napi/src/napi_context_common.cpp", - "napi/src/napi_request_global_switch_on_setting.cpp", - "napi/src/napi_request_permission.cpp", - "napi/src/napi_request_permission_on_setting.cpp", - ] - - deps = [ - "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", - "${access_token_path}/interfaces/innerkits/token_callback:libtoken_callback_sdk", - "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", - "../common:libnapi_common", - ] - - cflags_cc = [ "-DHILOG_ENABLE" ] - external_deps = [ - "ability_base:want", - "ability_runtime:ability_context_native", - "ability_runtime:ability_manager", - "ability_runtime:abilitykit_native", - "ability_runtime:napi_base_context", - "ability_runtime:ui_extension", - "ace_engine:ace_uicontent", - "c_utils:utils", - "hilog:libhilog", - "hisysevent:libhisysevent", - "init:libbegetutil", - "ipc:ipc_single", - "napi:ace_napi", - ] - - if (eventhandler_enable == true) { - cflags_cc += [ "-DEVENTHANDLER_ENABLE" ] - external_deps += [ "eventhandler:libeventhandler" ] - } - - configs = [ - "${access_token_path}/config:access_token_compile_flags", - "${access_token_path}/config:coverage_flags", - ] - - relative_install_dir = "module" - subsystem_name = "security" - part_name = "access_token" -} +import("../../../../access_token.gni") config("cj_ability_access_ctrl_ffi_config") { - include_dirs = [ "cj" ] + include_dirs = [ "include" ] } ohos_shared_library("cj_ability_access_ctrl_ffi") { @@ -93,7 +30,7 @@ ohos_shared_library("cj_ability_access_ctrl_ffi") { "${access_token_path}/interfaces/innerkits/accesstoken/include", "${access_token_path}/interfaces/innerkits/token_callback/include", "${access_token_path}/interfaces/innerkits/token_setproc/include", - "../common/include", + "../../napi/common/include", ] if (!defined(defines)) { @@ -102,15 +39,15 @@ ohos_shared_library("cj_ability_access_ctrl_ffi") { if (!ohos_indep_compiler_enable && product_name != "ohos-sdk") { sources = [ - "cj/ability_access_ctrl_ffi.cpp", - "cj/at_manager_impl.cpp", + "src/ability_access_ctrl_ffi.cpp", + "src/at_manager_impl.cpp", ] deps = [ "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", "${access_token_path}/interfaces/innerkits/token_callback:libtoken_callback_sdk", "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", - "../common:libnapi_common", + "../../napi/common:libnapi_common", ] external_deps = [ @@ -131,7 +68,7 @@ ohos_shared_library("cj_ability_access_ctrl_ffi") { ] } else { defines += [ "PREVIEWER" ] - sources = [ "cj/ability_access_ctrl_mock.cpp" ] + sources = [ "src/ability_access_ctrl_mock.cpp" ] external_deps = [ "napi:cj_bind_ffi" ] } diff --git a/interfaces/kits/accesstoken/cj/ability_access_ctrl_ffi.h b/interfaces/kits/cj/accesstoken/include/ability_access_ctrl_ffi.h similarity index 100% rename from interfaces/kits/accesstoken/cj/ability_access_ctrl_ffi.h rename to interfaces/kits/cj/accesstoken/include/ability_access_ctrl_ffi.h diff --git a/interfaces/kits/accesstoken/cj/at_manager_impl.h b/interfaces/kits/cj/accesstoken/include/at_manager_impl.h similarity index 100% rename from interfaces/kits/accesstoken/cj/at_manager_impl.h rename to interfaces/kits/cj/accesstoken/include/at_manager_impl.h diff --git a/interfaces/kits/accesstoken/cj/macro.h b/interfaces/kits/cj/accesstoken/include/macro.h similarity index 100% rename from interfaces/kits/accesstoken/cj/macro.h rename to interfaces/kits/cj/accesstoken/include/macro.h diff --git a/interfaces/kits/accesstoken/cj/ability_access_ctrl_ffi.cpp b/interfaces/kits/cj/accesstoken/src/ability_access_ctrl_ffi.cpp similarity index 100% rename from interfaces/kits/accesstoken/cj/ability_access_ctrl_ffi.cpp rename to interfaces/kits/cj/accesstoken/src/ability_access_ctrl_ffi.cpp diff --git a/interfaces/kits/accesstoken/cj/ability_access_ctrl_mock.cpp b/interfaces/kits/cj/accesstoken/src/ability_access_ctrl_mock.cpp similarity index 100% rename from interfaces/kits/accesstoken/cj/ability_access_ctrl_mock.cpp rename to interfaces/kits/cj/accesstoken/src/ability_access_ctrl_mock.cpp diff --git a/interfaces/kits/accesstoken/cj/at_manager_impl.cpp b/interfaces/kits/cj/accesstoken/src/at_manager_impl.cpp similarity index 100% rename from interfaces/kits/accesstoken/cj/at_manager_impl.cpp rename to interfaces/kits/cj/accesstoken/src/at_manager_impl.cpp diff --git a/interfaces/kits/BUILD.gn b/interfaces/kits/napi/BUILD.gn similarity index 87% rename from interfaces/kits/BUILD.gn rename to interfaces/kits/napi/BUILD.gn index 4ce2c2b1d..57602dbda 100644 --- a/interfaces/kits/BUILD.gn +++ b/interfaces/kits/napi/BUILD.gn @@ -24,10 +24,3 @@ group("napi_packages") { ] } } - -group("cj_packages") { - deps = [] - if (support_jsapi) { - deps += [ "accesstoken:cj_ability_access_ctrl_ffi" ] - } -} diff --git a/interfaces/kits/napi/accesstoken/BUILD.gn b/interfaces/kits/napi/accesstoken/BUILD.gn new file mode 100644 index 000000000..df41a2a8b --- /dev/null +++ b/interfaces/kits/napi/accesstoken/BUILD.gn @@ -0,0 +1,78 @@ +# Copyright (c) 2021-2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/ohos.gni") +import("../../../../access_token.gni") + +ohos_shared_library("libabilityaccessctrl") { + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + } + branch_protector_ret = "pac_ret" + include_dirs = [ + "${access_token_path}/frameworks/common/include", + "${access_token_path}/interfaces/innerkits/accesstoken/include", + "${access_token_path}/interfaces/innerkits/token_callback/include", + "${access_token_path}/interfaces/innerkits/token_setproc/include", + "../common/include", + "include", + ] + + sources = [ + "src/napi_atmanager.cpp", + "src/napi_context_common.cpp", + "src/napi_request_global_switch_on_setting.cpp", + "src/napi_request_permission.cpp", + "src/napi_request_permission_on_setting.cpp", + ] + + deps = [ + "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", + "${access_token_path}/interfaces/innerkits/token_callback:libtoken_callback_sdk", + "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", + "../common:libnapi_common", + ] + + cflags_cc = [ "-DHILOG_ENABLE" ] + external_deps = [ + "ability_base:want", + "ability_runtime:ability_context_native", + "ability_runtime:ability_manager", + "ability_runtime:abilitykit_native", + "ability_runtime:napi_base_context", + "ability_runtime:ui_extension", + "ace_engine:ace_uicontent", + "c_utils:utils", + "hilog:libhilog", + "hisysevent:libhisysevent", + "init:libbegetutil", + "ipc:ipc_single", + "napi:ace_napi", + ] + + if (eventhandler_enable == true) { + cflags_cc += [ "-DEVENTHANDLER_ENABLE" ] + external_deps += [ "eventhandler:libeventhandler" ] + } + + configs = [ + "${access_token_path}/config:access_token_compile_flags", + "${access_token_path}/config:coverage_flags", + ] + + relative_install_dir = "module" + subsystem_name = "security" + part_name = "access_token" +} diff --git a/interfaces/kits/accesstoken/napi/include/napi_atmanager.h b/interfaces/kits/napi/accesstoken/include/napi_atmanager.h similarity index 100% rename from interfaces/kits/accesstoken/napi/include/napi_atmanager.h rename to interfaces/kits/napi/accesstoken/include/napi_atmanager.h diff --git a/interfaces/kits/accesstoken/napi/include/napi_context_common.h b/interfaces/kits/napi/accesstoken/include/napi_context_common.h similarity index 100% rename from interfaces/kits/accesstoken/napi/include/napi_context_common.h rename to interfaces/kits/napi/accesstoken/include/napi_context_common.h diff --git a/interfaces/kits/accesstoken/napi/include/napi_request_global_switch_on_setting.h b/interfaces/kits/napi/accesstoken/include/napi_request_global_switch_on_setting.h similarity index 100% rename from interfaces/kits/accesstoken/napi/include/napi_request_global_switch_on_setting.h rename to interfaces/kits/napi/accesstoken/include/napi_request_global_switch_on_setting.h diff --git a/interfaces/kits/accesstoken/napi/include/napi_request_permission.h b/interfaces/kits/napi/accesstoken/include/napi_request_permission.h similarity index 100% rename from interfaces/kits/accesstoken/napi/include/napi_request_permission.h rename to interfaces/kits/napi/accesstoken/include/napi_request_permission.h diff --git a/interfaces/kits/accesstoken/napi/include/napi_request_permission_on_setting.h b/interfaces/kits/napi/accesstoken/include/napi_request_permission_on_setting.h similarity index 100% rename from interfaces/kits/accesstoken/napi/include/napi_request_permission_on_setting.h rename to interfaces/kits/napi/accesstoken/include/napi_request_permission_on_setting.h diff --git a/interfaces/kits/accesstoken/napi/src/napi_atmanager.cpp b/interfaces/kits/napi/accesstoken/src/napi_atmanager.cpp similarity index 100% rename from interfaces/kits/accesstoken/napi/src/napi_atmanager.cpp rename to interfaces/kits/napi/accesstoken/src/napi_atmanager.cpp diff --git a/interfaces/kits/accesstoken/napi/src/napi_context_common.cpp b/interfaces/kits/napi/accesstoken/src/napi_context_common.cpp similarity index 100% rename from interfaces/kits/accesstoken/napi/src/napi_context_common.cpp rename to interfaces/kits/napi/accesstoken/src/napi_context_common.cpp diff --git a/interfaces/kits/accesstoken/napi/src/napi_request_global_switch_on_setting.cpp b/interfaces/kits/napi/accesstoken/src/napi_request_global_switch_on_setting.cpp similarity index 100% rename from interfaces/kits/accesstoken/napi/src/napi_request_global_switch_on_setting.cpp rename to interfaces/kits/napi/accesstoken/src/napi_request_global_switch_on_setting.cpp diff --git a/interfaces/kits/accesstoken/napi/src/napi_request_permission.cpp b/interfaces/kits/napi/accesstoken/src/napi_request_permission.cpp similarity index 100% rename from interfaces/kits/accesstoken/napi/src/napi_request_permission.cpp rename to interfaces/kits/napi/accesstoken/src/napi_request_permission.cpp diff --git a/interfaces/kits/accesstoken/napi/src/napi_request_permission_on_setting.cpp b/interfaces/kits/napi/accesstoken/src/napi_request_permission_on_setting.cpp similarity index 100% rename from interfaces/kits/accesstoken/napi/src/napi_request_permission_on_setting.cpp rename to interfaces/kits/napi/accesstoken/src/napi_request_permission_on_setting.cpp diff --git a/interfaces/kits/common/BUILD.gn b/interfaces/kits/napi/common/BUILD.gn similarity index 97% rename from interfaces/kits/common/BUILD.gn rename to interfaces/kits/napi/common/BUILD.gn index a8fc1b351..b69784053 100644 --- a/interfaces/kits/common/BUILD.gn +++ b/interfaces/kits/napi/common/BUILD.gn @@ -12,7 +12,7 @@ # limitations under the License. import("//build/ohos.gni") -import("../../../access_token.gni") +import("../../../../access_token.gni") ohos_static_library("libnapi_common") { sanitize = { diff --git a/interfaces/kits/common/include/napi_common.h b/interfaces/kits/napi/common/include/napi_common.h similarity index 100% rename from interfaces/kits/common/include/napi_common.h rename to interfaces/kits/napi/common/include/napi_common.h diff --git a/interfaces/kits/common/include/napi_error.h b/interfaces/kits/napi/common/include/napi_error.h similarity index 100% rename from interfaces/kits/common/include/napi_error.h rename to interfaces/kits/napi/common/include/napi_error.h diff --git a/interfaces/kits/common/src/napi_common.cpp b/interfaces/kits/napi/common/src/napi_common.cpp similarity index 100% rename from interfaces/kits/common/src/napi_common.cpp rename to interfaces/kits/napi/common/src/napi_common.cpp diff --git a/interfaces/kits/common/src/napi_error.cpp b/interfaces/kits/napi/common/src/napi_error.cpp similarity index 100% rename from interfaces/kits/common/src/napi_error.cpp rename to interfaces/kits/napi/common/src/napi_error.cpp diff --git a/interfaces/kits/el5filekeymanager/BUILD.gn b/interfaces/kits/napi/el5filekeymanager/BUILD.gn similarity index 91% rename from interfaces/kits/el5filekeymanager/BUILD.gn rename to interfaces/kits/napi/el5filekeymanager/BUILD.gn index 69ded2028..210248fb5 100644 --- a/interfaces/kits/el5filekeymanager/BUILD.gn +++ b/interfaces/kits/napi/el5filekeymanager/BUILD.gn @@ -12,7 +12,7 @@ # limitations under the License. import("//build/ohos.gni") -import("../../../access_token.gni") +import("../../../../access_token.gni") ohos_shared_library("screenlockfilemanager") { sanitize = { @@ -25,10 +25,10 @@ ohos_shared_library("screenlockfilemanager") { include_dirs = [ "${access_token_path}/frameworks/el5filekeymanager/include", "${access_token_path}/interfaces/innerkits/el5filekeymanager/include", - "napi/include", + "include", ] - sources = [ "napi/src/el5_filekey_manager_napi.cpp" ] + sources = [ "src/el5_filekey_manager_napi.cpp" ] deps = [ "${access_token_path}/interfaces/innerkits/el5filekeymanager:el5_filekey_manager_sdk" ] diff --git a/interfaces/kits/el5filekeymanager/napi/include/el5_filekey_manager_napi.h b/interfaces/kits/napi/el5filekeymanager/include/el5_filekey_manager_napi.h similarity index 100% rename from interfaces/kits/el5filekeymanager/napi/include/el5_filekey_manager_napi.h rename to interfaces/kits/napi/el5filekeymanager/include/el5_filekey_manager_napi.h diff --git a/interfaces/kits/el5filekeymanager/napi/src/el5_filekey_manager_napi.cpp b/interfaces/kits/napi/el5filekeymanager/src/el5_filekey_manager_napi.cpp similarity index 100% rename from interfaces/kits/el5filekeymanager/napi/src/el5_filekey_manager_napi.cpp rename to interfaces/kits/napi/el5filekeymanager/src/el5_filekey_manager_napi.cpp diff --git a/interfaces/kits/privacy/BUILD.gn b/interfaces/kits/napi/privacy/BUILD.gn similarity index 86% rename from interfaces/kits/privacy/BUILD.gn rename to interfaces/kits/napi/privacy/BUILD.gn index 14b8f850c..c5f356aea 100644 --- a/interfaces/kits/privacy/BUILD.gn +++ b/interfaces/kits/napi/privacy/BUILD.gn @@ -12,7 +12,7 @@ # limitations under the License. import("//build/ohos.gni") -import("../../../access_token.gni") +import("../../../../access_token.gni") ohos_shared_library("libprivacymanager") { sanitize = { @@ -26,14 +26,14 @@ ohos_shared_library("libprivacymanager") { "${access_token_path}/frameworks/privacy/include", "${access_token_path}/interfaces/innerkits/accesstoken/include", "${access_token_path}/interfaces/innerkits/privacy/include", - "${access_token_path}/interfaces/kits/common/include", - "napi/include", + "${access_token_path}/interfaces/kits/napi/common/include", + "include", ] sources = [ - "napi/src/napi_context_common.cpp", - "napi/src/native_module.cpp", - "napi/src/permission_record_manager_napi.cpp", + "src/napi_context_common.cpp", + "src/native_module.cpp", + "src/permission_record_manager_napi.cpp", ] deps = [ diff --git a/interfaces/kits/privacy/napi/include/napi_context_common.h b/interfaces/kits/napi/privacy/include/napi_context_common.h similarity index 100% rename from interfaces/kits/privacy/napi/include/napi_context_common.h rename to interfaces/kits/napi/privacy/include/napi_context_common.h diff --git a/interfaces/kits/privacy/napi/include/native_module.h b/interfaces/kits/napi/privacy/include/native_module.h similarity index 100% rename from interfaces/kits/privacy/napi/include/native_module.h rename to interfaces/kits/napi/privacy/include/native_module.h diff --git a/interfaces/kits/privacy/napi/include/permission_record_manager_napi.h b/interfaces/kits/napi/privacy/include/permission_record_manager_napi.h similarity index 100% rename from interfaces/kits/privacy/napi/include/permission_record_manager_napi.h rename to interfaces/kits/napi/privacy/include/permission_record_manager_napi.h diff --git a/interfaces/kits/privacy/napi/src/napi_context_common.cpp b/interfaces/kits/napi/privacy/src/napi_context_common.cpp similarity index 100% rename from interfaces/kits/privacy/napi/src/napi_context_common.cpp rename to interfaces/kits/napi/privacy/src/napi_context_common.cpp diff --git a/interfaces/kits/privacy/napi/src/native_module.cpp b/interfaces/kits/napi/privacy/src/native_module.cpp similarity index 100% rename from interfaces/kits/privacy/napi/src/native_module.cpp rename to interfaces/kits/napi/privacy/src/native_module.cpp diff --git a/interfaces/kits/privacy/napi/src/permission_record_manager_napi.cpp b/interfaces/kits/napi/privacy/src/permission_record_manager_napi.cpp similarity index 100% rename from interfaces/kits/privacy/napi/src/permission_record_manager_napi.cpp rename to interfaces/kits/napi/privacy/src/permission_record_manager_napi.cpp -- Gitee From efb1ae406676423f99607e0b9fea4f52dbd8de7c Mon Sep 17 00:00:00 2001 From: wangchen Date: Tue, 20 Aug 2024 15:41:11 +0800 Subject: [PATCH 036/473] Fix: add sa auto restart Close #IAL8N7 Signed-off-by: wangchen --- services/el5filekeymanager/sa_profile/8250.json | 1 + 1 file changed, 1 insertion(+) diff --git a/services/el5filekeymanager/sa_profile/8250.json b/services/el5filekeymanager/sa_profile/8250.json index 0ad279268..f7341c6c3 100644 --- a/services/el5filekeymanager/sa_profile/8250.json +++ b/services/el5filekeymanager/sa_profile/8250.json @@ -5,6 +5,7 @@ "name": 8250, "libpath": "libel5_filekey_manager_service.z.so", "run-on-create": false, + "auto-restart":true, "distributed": false, "dump_level": 1, "start-on-demand": { -- Gitee From 3e4c04186e9328286ebc0a09f59633a5578b7f97 Mon Sep 17 00:00:00 2001 From: wuliushuan Date: Mon, 19 Aug 2024 08:45:20 +0000 Subject: [PATCH 037/473] =?UTF-8?q?=E4=B8=8D=E5=90=88=E7=90=86tdd=E9=97=AE?= =?UTF-8?q?=E9=A2=98=E4=BF=AE=E5=A4=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: wuliushuan Change-Id: Ifebc9c2702e1f8bd0aa096f1e4c05180b4d1a4fa --- .../src/accesstoken_kit_extension_test.cpp | 2 +- .../unittest/src/accesstoken_kit_test.cpp | 6 +++--- .../test/unittest/permission_manager_test.cpp | 20 +++++++++++-------- 3 files changed, 16 insertions(+), 12 deletions(-) diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_extension_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_extension_test.cpp index 93f3a1864..76ae4eb6d 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_extension_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_extension_test.cpp @@ -95,7 +95,7 @@ PermissionDef g_infoManagerTestPermDef2 = { }; PermissionDef g_infoManagerTestPermDef3 = { - .permissionName = "ohos.permission.GET_BUNDLE_INFO", + .permissionName = "ohos.permission.GET_BUNDLE_INFO_TEST", .bundleName = "accesstoken_test3", .grantMode = 1, .availableLevel = APL_NORMAL, diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp index 47271ce0d..3b63eb49d 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp @@ -867,7 +867,7 @@ HWTEST_F(AccessTokenKitTest, SetPermissionRequestToggleStatus004, TestSize.Level AccessTokenIDEx tokenIdEx = {0}; PermissionDef infoManagerTestPermDef = { - .permissionName = "ohos.permission.DISABLE_PERMISSION_DIALOG", + .permissionName = "ohos.permission.DISABLE_PERMISSION_DIALOG_TEST", .bundleName = "accesstoken_test", .grantMode = 1, .availableLevel = APL_NORMAL, @@ -984,7 +984,7 @@ static void AllocAndSetHapToken(void) AccessTokenIDEx tokenIdEx = {0}; PermissionDef infoManagerTestPermDef1 = { - .permissionName = "ohos.permission.DISABLE_PERMISSION_DIALOG", + .permissionName = "ohos.permission.DISABLE_PERMISSION_DIALOG_TEST", .bundleName = "accesstoken_test", .grantMode = 1, .availableLevel = APL_NORMAL, @@ -1004,7 +1004,7 @@ static void AllocAndSetHapToken(void) }; PermissionDef infoManagerTestPermDef2 = { - .permissionName = "ohos.permission.GET_SENSITIVE_PERMISSIONS", + .permissionName = "ohos.permission.GET_SENSITIVE_PERMISSIONS_TEST", .bundleName = "accesstoken_test", .grantMode = 1, .availableLevel = APL_NORMAL, diff --git a/services/accesstokenmanager/test/unittest/permission_manager_test.cpp b/services/accesstokenmanager/test/unittest/permission_manager_test.cpp index 94fe87e0f..2aeb1769c 100644 --- a/services/accesstokenmanager/test/unittest/permission_manager_test.cpp +++ b/services/accesstokenmanager/test/unittest/permission_manager_test.cpp @@ -1419,29 +1419,33 @@ HWTEST_F(PermissionManagerTest, UpdateTokenPermissionState003, TestSize.Level1) .instIndex = INST_INDEX, .appIDDesc = "permission_manager_test" }; + PermissionStateFull permStat = { + .permissionName = permissionName, + .isGeneral = true, + .resDeviceID = {"dev-001"}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .grantFlags = {PermissionFlag::PERMISSION_DEFAULT_FLAG} + }; HapPolicyParams policy = { .apl = APL_NORMAL, - .domain = "domain" + .domain = "domain", + .permStateList = {permStat} }; AccessTokenIDEx tokenIdEx = {0}; ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(info, policy, tokenIdEx)); ASSERT_NE(static_cast(0), tokenIdEx.tokenIdExStruct.tokenID); AccessTokenID tokenId = tokenIdEx.tokenIdExStruct.tokenID; - // permissio is granted - ASSERT_EQ(AccessTokenError::ERR_TOKENID_NOT_EXIST, PermissionManager::GetInstance().UpdateTokenPermissionState( - tokenId, permissionName, true, flag)); - flag = PERMISSION_ALLOW_THIS_TIME; - ASSERT_EQ(AccessTokenError::ERR_IDENTITY_CHECK_FAILED, PermissionManager::GetInstance().UpdateTokenPermissionState( + ASSERT_EQ(RET_SUCCESS, PermissionManager::GetInstance().UpdateTokenPermissionState( tokenId, permissionName, false, flag)); flag = PERMISSION_COMPONENT_SET; - ASSERT_EQ(AccessTokenError::ERR_IDENTITY_CHECK_FAILED, PermissionManager::GetInstance().UpdateTokenPermissionState( + ASSERT_EQ(RET_SUCCESS, PermissionManager::GetInstance().UpdateTokenPermissionState( tokenId, permissionName, false, flag)); flag = PERMISSION_USER_FIXED; - ASSERT_EQ(AccessTokenError::ERR_IDENTITY_CHECK_FAILED, PermissionManager::GetInstance().UpdateTokenPermissionState( + ASSERT_EQ(RET_SUCCESS, PermissionManager::GetInstance().UpdateTokenPermissionState( tokenId, permissionName, false, flag)); ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenId)); -- Gitee From 01b29c242efc114ec9ecf2ab91166636a064a54c Mon Sep 17 00:00:00 2001 From: lsq Date: Mon, 12 Aug 2024 15:07:50 +0800 Subject: [PATCH 038/473] Signed-off-by: lsq Change-Id: Iaa287c4ae068e3debe107db35a18327002f692c9 Signed-off-by: lsq Change-Id: Id6b97a539ae1737bdc52f5b33598c4debf0757f1 Signed-off-by: lsq --- .../accesstoken_service_ipc_interface_code.h | 3 + .../include/i_accesstoken_manager.h | 4 + .../accesstoken/src/accesstoken_kit.cpp | 6 +- .../src/accesstoken_manager_client.cpp | 31 + .../src/accesstoken_manager_client.h | 3 + .../src/accesstoken_manager_proxy.cpp | 122 ++++ .../src/accesstoken_manager_proxy.h | 3 + .../innerkits/accesstoken/test/BUILD.gn | 3 + .../unittest/src/accesstoken_deny_test.cpp | 31 + .../test/unittest/src/edm_policy_set_test.cpp | 658 ++++++++++++++++++ .../test/unittest/src/edm_policy_set_test.h | 34 + .../cpp/include/callback/callback_manager.h | 2 +- .../include/permission/permission_manager.h | 13 +- .../permission/permission_policy_set.h | 5 +- .../service/accesstoken_manager_service.h | 3 + .../service/accesstoken_manager_stub.h | 3 + .../include/token/accesstoken_info_manager.h | 22 +- .../cpp/src/callback/callback_manager.cpp | 4 +- .../cpp/src/permission/permission_manager.cpp | 99 +-- .../src/permission/permission_policy_set.cpp | 52 ++ .../service/accesstoken_manager_service.cpp | 39 +- .../src/service/accesstoken_manager_stub.cpp | 97 +++ .../src/token/accesstoken_info_manager.cpp | 350 +++++++++- .../accesstoken_info_manager_test.cpp | 21 +- .../test/unittest/permission_manager_test.cpp | 19 - 25 files changed, 1513 insertions(+), 114 deletions(-) create mode 100644 interfaces/innerkits/accesstoken/test/unittest/src/edm_policy_set_test.cpp create mode 100644 interfaces/innerkits/accesstoken/test/unittest/src/edm_policy_set_test.h diff --git a/frameworks/accesstoken/include/accesstoken_service_ipc_interface_code.h b/frameworks/accesstoken/include/accesstoken_service_ipc_interface_code.h index b6c9c363f..1d7573ac9 100644 --- a/frameworks/accesstoken/include/accesstoken_service_ipc_interface_code.h +++ b/frameworks/accesstoken/include/accesstoken_service_ipc_interface_code.h @@ -66,6 +66,9 @@ enum class AccessTokenInterfaceCode { GET_VERSION, GET_PERMISSION_MANAGER_INFO, GET_NATIVE_TOKEN_NAME, + INIT_USER_POLICY, + UPDATE_USER_POLICY, + CLEAR_USER_POLICY, }; } // namespace AccessToken } // namespace Security diff --git a/frameworks/accesstoken/include/i_accesstoken_manager.h b/frameworks/accesstoken/include/i_accesstoken_manager.h index 3a0c0e7d1..7a56f5cfa 100644 --- a/frameworks/accesstoken/include/i_accesstoken_manager.h +++ b/frameworks/accesstoken/include/i_accesstoken_manager.h @@ -102,6 +102,10 @@ public: #endif virtual int SetPermDialogCap(const HapBaseInfoParcel& hapBaseInfoParcel, bool enable) = 0; + virtual int32_t InitUserPolicy( + const std::vector& userList, const std::vector& permList) = 0; + virtual int32_t UpdateUserPolicy(const std::vector& userList) = 0; + virtual int32_t ClearUserPolicy() = 0; virtual void DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& tokenInfo) = 0; virtual int32_t DumpPermDefInfo(std::string& tokenInfo) = 0; virtual int32_t GetVersion(uint32_t& version) = 0; diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp index d8a8ff827..72a229d18 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp @@ -608,19 +608,19 @@ int32_t AccessTokenKit::InitUserPolicy( const std::vector& userList, const std::vector& permList) { ACCESSTOKEN_LOG_INFO(LABEL, "Enter."); - return 0; + return AccessTokenManagerClient::GetInstance().InitUserPolicy(userList, permList); } int32_t AccessTokenKit::UpdateUserPolicy(const std::vector& userList) { ACCESSTOKEN_LOG_INFO(LABEL, "Enter."); - return 0; + return AccessTokenManagerClient::GetInstance().UpdateUserPolicy(userList); } int32_t AccessTokenKit::ClearUserPolicy() { ACCESSTOKEN_LOG_INFO(LABEL, "Enter."); - return 0; + return AccessTokenManagerClient::GetInstance().ClearUserPolicy(); } } // namespace AccessToken } // namespace Security diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp index b37fbe187..a20c8aa35 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp @@ -767,6 +767,37 @@ int32_t AccessTokenManagerClient::GetNativeTokenName(AccessTokenID tokenId, std: return proxy->GetNativeTokenName(tokenId, name); } +int32_t AccessTokenManagerClient::InitUserPolicy( + const std::vector& userList, const std::vector& permList) +{ + auto proxy = GetProxy(); + if (proxy == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + return AccessTokenError::ERR_SERVICE_ABNORMAL; + } + return proxy->InitUserPolicy(userList, permList); +} + +int32_t AccessTokenManagerClient::ClearUserPolicy() +{ + auto proxy = GetProxy(); + if (proxy == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + return AccessTokenError::ERR_SERVICE_ABNORMAL; + } + return proxy->ClearUserPolicy(); +} + +int32_t AccessTokenManagerClient::UpdateUserPolicy(const std::vector& userList) +{ + auto proxy = GetProxy(); + if (proxy == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + return AccessTokenError::ERR_SERVICE_ABNORMAL; + } + return proxy->UpdateUserPolicy(userList); +} + void AccessTokenManagerClient::ReleaseProxy() { if (proxy_ != nullptr && serviceDeathObserver_ != nullptr) { diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h index 7dbb33c4c..7a80c6555 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h @@ -103,6 +103,9 @@ public: int32_t SetPermDialogCap(const HapBaseInfo& hapBaseInfo, bool enable); void GetPermissionManagerInfo(PermissionGrantInfo& info); int32_t GetNativeTokenName(AccessTokenID tokenId, std::string& name); + int32_t InitUserPolicy(const std::vector& userList, const std::vector& permList); + int32_t UpdateUserPolicy(const std::vector& userList); + int32_t ClearUserPolicy(); private: AccessTokenManagerClient(); diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp index 274436c40..2168fafc6 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp @@ -27,6 +27,7 @@ namespace AccessToken { namespace { static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "ATMProxy"}; static const int MAX_PERMISSION_SIZE = 1000; +static const int32_t MAX_USER_POLICY_SIZE = 1024; #ifdef TOKEN_SYNC_ENABLE static const int MAX_NATIVE_TOKEN_INFO_SIZE = 20480; #endif @@ -1279,6 +1280,127 @@ int32_t AccessTokenManagerProxy::GetNativeTokenName(AccessTokenID tokenId, std:: ACCESSTOKEN_LOG_INFO(LABEL, "Result from server (error=%{public}d, name=%{public}s).", result, name.c_str()); return result; } + +int32_t AccessTokenManagerProxy::InitUserPolicy( + const std::vector& userList, const std::vector& permList) +{ + MessageParcel data; + if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Write interface token failed."); + return ERR_WRITE_PARCEL_FAILED; + } + + size_t userLen = userList.size(); + size_t permLen = permList.size(); + if ((userLen == 0) || (userLen > MAX_USER_POLICY_SIZE) || (permLen == 0) || (permLen > MAX_USER_POLICY_SIZE)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "UserLen %{public}zu or permLen %{public}zu is invalid", userLen, permLen); + return ERR_PARAM_INVALID; + } + + if (!data.WriteUint32(userLen)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write userLen size."); + return ERR_WRITE_PARCEL_FAILED; + } + if (!data.WriteUint32(permLen)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write permLen size."); + return ERR_WRITE_PARCEL_FAILED; + } + for (const auto& userInfo : userList) { + if (!data.WriteInt32(userInfo.userId)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write userId."); + return ERR_WRITE_PARCEL_FAILED; + } + if (!data.WriteBool(userInfo.isActive)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write isActive."); + return ERR_WRITE_PARCEL_FAILED; + } + } + for (const auto& permission : permList) { + if (!data.WriteString(permission)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write permission."); + return ERR_WRITE_PARCEL_FAILED; + } + } + + MessageParcel reply; + if (!SendRequest(AccessTokenInterfaceCode::INIT_USER_POLICY, data, reply)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Read replay failed"); + return ERR_SERVICE_ABNORMAL; + } + int32_t result; + if (!reply.ReadInt32(result)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Read Int32 failed"); + return AccessTokenError::ERR_READ_PARCEL_FAILED; + } + ACCESSTOKEN_LOG_INFO(LABEL, "Result from server data = %{public}d", result); + return result; +} + +int32_t AccessTokenManagerProxy::ClearUserPolicy() +{ + MessageParcel data; + if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Write interface token failed."); + return ERR_WRITE_PARCEL_FAILED; + } + + MessageParcel reply; + if (!SendRequest(AccessTokenInterfaceCode::CLEAR_USER_POLICY, data, reply)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Read replay failed"); + return ERR_SERVICE_ABNORMAL; + } + int32_t result; + if (!reply.ReadInt32(result)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Read Int32 failed"); + return AccessTokenError::ERR_READ_PARCEL_FAILED; + } + ACCESSTOKEN_LOG_INFO(LABEL, "Result from server data = %{public}d", result); + return result; +} + +int32_t AccessTokenManagerProxy::UpdateUserPolicy(const std::vector& userList) +{ + MessageParcel data; + if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Write interface token failed."); + return ERR_WRITE_PARCEL_FAILED; + } + + size_t userLen = userList.size(); + if ((userLen == 0) || (userLen > MAX_USER_POLICY_SIZE)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "UserLen %{public}zu is invalid.", userLen); + return ERR_PARAM_INVALID; + } + + if (!data.WriteUint32(userLen)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write userLen size."); + return ERR_WRITE_PARCEL_FAILED; + } + + for (const auto& userInfo : userList) { + if (!data.WriteInt32(userInfo.userId)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write userId."); + return ERR_WRITE_PARCEL_FAILED; + } + if (!data.WriteBool(userInfo.isActive)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write isActive."); + return ERR_WRITE_PARCEL_FAILED; + } + } + + MessageParcel reply; + if (!SendRequest(AccessTokenInterfaceCode::UPDATE_USER_POLICY, data, reply)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Read replay failed"); + return ERR_SERVICE_ABNORMAL; + } + int32_t result; + if (!reply.ReadInt32(result)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Read Int32 failed"); + return AccessTokenError::ERR_READ_PARCEL_FAILED; + } + ACCESSTOKEN_LOG_INFO(LABEL, "Result from server data = %{public}d", result); + return result; +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h index fd00b563a..9ec19eb5a 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h @@ -81,6 +81,9 @@ public: const PermStateChangeScopeParcel& scope, const sptr& callback) override; int32_t UnRegisterPermStateChangeCallback(const sptr& callback) override; AccessTokenID GetNativeTokenId(const std::string& processName) override; + int32_t InitUserPolicy(const std::vector& userList, const std::vector& permList) override; + int32_t UpdateUserPolicy(const std::vector& userList) override; + int32_t ClearUserPolicy() override; #ifdef TOKEN_SYNC_ENABLE int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSyncParcel& hapSyncParcel) override; diff --git a/interfaces/innerkits/accesstoken/test/BUILD.gn b/interfaces/innerkits/accesstoken/test/BUILD.gn index 084a6cb8e..33d8ab225 100644 --- a/interfaces/innerkits/accesstoken/test/BUILD.gn +++ b/interfaces/innerkits/accesstoken/test/BUILD.gn @@ -42,6 +42,7 @@ ohos_unittest("libaccesstoken_sdk_test") { "unittest/src/accesstoken_location_request_test.cpp", "unittest/src/app_installation_optimized_test.cpp", "unittest/src/clone_app_permission_test.cpp", + "unittest/src/edm_policy_set_test.cpp", "unittest/src/remote_token_kit_test.cpp", "unittest/src/security_component_grant_test.cpp", ] @@ -52,7 +53,9 @@ ohos_unittest("libaccesstoken_sdk_test") { deps = [ "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", + "${access_token_path}/frameworks/common:accesstoken_common_cxx", "${access_token_path}/interfaces/innerkits/nativetoken:libnativetoken_shared", + "${access_token_path}/interfaces/innerkits/token_setproc:libperm_setproc", "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", "../:libaccesstoken_sdk", "../:libtokenid_sdk", diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_deny_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_deny_test.cpp index 9536719ab..a7ba2d2ac 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_deny_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_deny_test.cpp @@ -98,6 +98,37 @@ void AccessTokenDenyTest::TearDown() setuid(g_selfUid); } +/** + * @tc.name: InitUserPolicy001 + * @tc.desc: InitUserPolicy without authorized. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(AccessTokenDenyTest, InitUserPolicy001, TestSize.Level1) +{ + UserState user = {.userId = 100, .isActive = true}; // 100 is userId + const std::vector userList = { user }; + const std::vector permList = { "ohos.permission.INTERNET" }; + int32_t ret = AccessTokenKit::InitUserPolicy(userList, permList); + EXPECT_EQ(ret, AccessTokenError::ERR_PERMISSION_DENIED); +} + + +/** + * @tc.name: UpdateUserPolicy002 + * @tc.desc: UpdateUserPolicy without authorized. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(AccessTokenDenyTest, UpdateUserPolicy002, TestSize.Level1) +{ + UserState user = {.userId = 100, .isActive = true}; // 100 is userId + const std::vector userList = { user }; + int32_t ret = AccessTokenKit::UpdateUserPolicy(userList); + EXPECT_EQ(ret, AccessTokenError::ERR_PERMISSION_DENIED); +} + + /** * @tc.name: AllocHapToken001 * @tc.desc: AllocHapToken with no permission diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/edm_policy_set_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/edm_policy_set_test.cpp new file mode 100644 index 000000000..22711fe1e --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/src/edm_policy_set_test.cpp @@ -0,0 +1,658 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "edm_policy_set_test.h" +#include + +#include "accesstoken_kit.h" +#include "accesstoken_log.h" +#include "access_token_error.h" +#include "permission_map.h" +#include "perm_setproc.h" +#include "token_setproc.h" +#include "tokenid_kit.h" + +using namespace testing::ext; +using namespace OHOS::Security::AccessToken; + +namespace { +static const uint32_t DEFAULT_ACCOUNT_ID = 100; +static const uint32_t MOCK_USER_ID_10001 = 10001; +static const uint32_t MOCK_USER_ID_10002 = 10002; +static const uint32_t MOCK_USER_ID_10003 = 10003; +const std::string MANAGE_HAP_TOKEN_ID_PERMISSION = "ohos.permission.MANAGE_HAP_TOKENID"; +const std::string INTERNET = "ohos.permission.INTERNET"; +static const std::string GET_NETWORK_STATS = "ohos.permission.GET_NETWORK_STATS"; +static const std::string LOCATION = "ohos.permission.LOCATION"; +static const std::string GET_SENSITIVE_PERMISSIONS = "ohos.permission.GET_SENSITIVE_PERMISSIONS"; +static const std::string REVOKE_SENSITIVE_PERMISSIONS = "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS"; + +PermissionStateFull g_infoManagerInternetState = { + .permissionName = INTERNET, + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {0} +}; + +PermissionStateFull g_infoManagerNetWorkState = { + .permissionName = GET_NETWORK_STATS, + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {0} +}; + +PermissionStateFull g_infoManagerManageNetState = { + .permissionName = LOCATION, + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .grantFlags = {0} +}; + +// Permission set +HapInfoParams g_testHapInfoParams = { + .userID = 0, + .bundleName = "testName", + .instIndex = 0, + .appIDDesc = "test2", + .apiVersion = 11 // api version is 11 +}; + +HapPolicyParams g_testPolicyParams = { + .apl = APL_SYSTEM_CORE, + .domain = "test.domain2", + .permStateList = { + g_infoManagerInternetState, + g_infoManagerNetWorkState, + g_infoManagerManageNetState, + } +}; + +uint64_t g_selfShellTokenId; + +PermissionStateFull g_tddPermReq = { + .permissionName = MANAGE_HAP_TOKEN_ID_PERMISSION, + .isGeneral = true, + .resDeviceID = {"device3"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED} +}; + +PermissionStateFull g_tddPermGet = { + .permissionName = "ohos.permission.GET_SENSITIVE_PERMISSIONS", + .isGeneral = true, + .resDeviceID = {"device3"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED} +}; + +PermissionStateFull g_tddPermRevoke = { + .permissionName = "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS", + .isGeneral = true, + .resDeviceID = {"device3"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED} +}; + +HapInfoParams g_tddHapInfoParams = { + .userID = 1, + .bundleName = "EdmPolicySetTest", + .instIndex = 0, + .appIDDesc = "test2", + .apiVersion = 11, // api version is 11 + .isSystemApp = true +}; + +HapPolicyParams g_tddPolicyParams = { + .apl = APL_SYSTEM_CORE, + .domain = "test.domain2", + .permStateList = {g_tddPermReq, g_tddPermGet, g_tddPermRevoke} +}; + +static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "EdmPolicySetTest"}; +} + +void EdmPolicySetTest::TearDownTestCase() +{ + AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(g_tddHapInfoParams.userID, + g_tddHapInfoParams.bundleName, + g_tddHapInfoParams.instIndex); + AccessTokenKit::DeleteToken(tokenId); +} + +void EdmPolicySetTest::SetUp() +{ + ACCESSTOKEN_LOG_INFO(LABEL, "SetUp ok."); +} + +void EdmPolicySetTest::TearDown() +{ +} + +void EdmPolicySetTest::SetUpTestCase() +{ + g_selfShellTokenId = GetSelfTokenID(); + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_tddHapInfoParams, g_tddPolicyParams); + SetSelfTokenID(tokenIdEx.tokenIDEx); + ACCESSTOKEN_LOG_INFO(LABEL, "SetUpTestCase ok."); +} + +/** + * @tc.name: InitUserPolicy002 + * @tc.desc: InitUserPolicy failed invalid userList size. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(EdmPolicySetTest, InitUserPolicy002, TestSize.Level1) +{ + const int32_t invalidSize = 1025; // 1025 is invalid size. + std::vector userList(invalidSize); + std::vector permList = { "ohos.permission.INTERNET" }; + int32_t ret = AccessTokenKit::InitUserPolicy(userList, permList); + EXPECT_EQ(ret, AccessTokenError::ERR_PARAM_INVALID); +} + +/** + * @tc.name: InitUserPolicy003 + * @tc.desc: InitUserPolicy failed empty userList. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(EdmPolicySetTest, InitUserPolicy003, TestSize.Level1) +{ + std::vector userListEmtpy; + std::vector permList = { "ohos.permission.INTERNET" }; + int32_t ret = AccessTokenKit::InitUserPolicy(userListEmtpy, permList); + EXPECT_EQ(ret, AccessTokenError::ERR_PARAM_INVALID); +} + +/** + * @tc.name: InitUserPolicy004 + * @tc.desc: InitUserPolicy failed empty userList. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(EdmPolicySetTest, InitUserPolicy004, TestSize.Level1) +{ + UserState user = {.userId = DEFAULT_ACCOUNT_ID, .isActive = true}; + const int32_t invalidSize = 1025; // 1025 is invalid size. + std::vector userList = { user }; + std::vector permList(invalidSize, "abc"); + int32_t ret = AccessTokenKit::InitUserPolicy(userList, permList); + EXPECT_EQ(ret, AccessTokenError::ERR_PARAM_INVALID); +} + +/** + * @tc.name: InitUserPolicy005 + * @tc.desc: InitUserPolicy failed empty permList. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(EdmPolicySetTest, InitUserPolicy005, TestSize.Level1) +{ + UserState user = {.userId = DEFAULT_ACCOUNT_ID, .isActive = true}; + std::vector userList = { user }; + std::vector permListEmpty; + int32_t ret = AccessTokenKit::InitUserPolicy(userList, permListEmpty); + EXPECT_EQ(ret, AccessTokenError::ERR_PARAM_INVALID); +} + +/** + * @tc.name: UpdateUserPolicy001 + * @tc.desc: UpdateUserPolicy failed with + * policy uninitialized and ClearUserPolicy successfully with policy uninitialized. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(EdmPolicySetTest, UpdateUserPolicy001, TestSize.Level1) +{ + uint32_t tokenId = AccessTokenKit::GetNativeTokenId("foundation"); + EXPECT_EQ(0, SetSelfTokenID(tokenId)); + GTEST_LOG_(INFO) << "permissionSet OK "; + + UserState user = {.userId = DEFAULT_ACCOUNT_ID, .isActive = true}; + const std::vector userList = { user }; + int32_t res = AccessTokenKit::UpdateUserPolicy(userList); + EXPECT_EQ(res, AccessTokenError::ERR_USER_POLICY_NOT_INITIALIZED); + + res = AccessTokenKit::ClearUserPolicy(); + EXPECT_EQ(res, RET_SUCCESS); +} + +/** + * @tc.name: InitUserPolicy008 + * @tc.desc: Check permission status in the heap. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(EdmPolicySetTest, InitUserPolicy008, TestSize.Level1) +{ + uint32_t tokenId = AccessTokenKit::GetNativeTokenId("foundation"); + EXPECT_EQ(0, SetSelfTokenID(tokenId)); + GTEST_LOG_(INFO) << "permissionSet OK "; + + g_testHapInfoParams.userID = MOCK_USER_ID_10001; + AccessTokenIDEx fullIdUser1; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser1)); + g_testHapInfoParams.userID = MOCK_USER_ID_10002; + AccessTokenIDEx fullIdUser2; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser2)); + + UserState user0 = {.userId = -1, .isActive = true}; + UserState user1 = {.userId = MOCK_USER_ID_10001, .isActive = true}; + UserState user2 = {.userId = MOCK_USER_ID_10002, .isActive = false}; + + std::vector userList = { user0, user1, user2}; + std::vector permList = { INTERNET, GET_NETWORK_STATS, LOCATION }; + int32_t res = AccessTokenKit::InitUserPolicy(userList, permList); + EXPECT_EQ(res, 0); + + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET), PERMISSION_DENIED); + + std::vector permStatList; + res = AccessTokenKit::GetReqPermissions(fullIdUser2.tokenIdExStruct.tokenID, permStatList, true); + EXPECT_EQ(RET_SUCCESS, res); + EXPECT_EQ(static_cast(2), permStatList.size()); + EXPECT_EQ(INTERNET, permStatList[0].permissionName); + EXPECT_EQ(PERMISSION_GRANTED, permStatList[0].grantStatus[0]); + + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser1.tokenIdExStruct.tokenID)); + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser2.tokenIdExStruct.tokenID)); + + res = AccessTokenKit::ClearUserPolicy(); + EXPECT_EQ(res, 0); +} + +/** + * @tc.name: InitUserPolicy007 + * @tc.desc: InitUserPolicy and the stock permission status is refreshed according to the policy. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(EdmPolicySetTest, InitUserPolicy007, TestSize.Level1) +{ + uint32_t tokenId = AccessTokenKit::GetNativeTokenId("foundation"); + EXPECT_EQ(0, SetSelfTokenID(tokenId)); + GTEST_LOG_(INFO) << "permissionSet OK "; + + g_testHapInfoParams.userID = MOCK_USER_ID_10001; + AccessTokenIDEx fullIdUser1; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser1)); + g_testHapInfoParams.userID = MOCK_USER_ID_10002; + AccessTokenIDEx fullIdUser2; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser2)); + g_testHapInfoParams.userID = MOCK_USER_ID_10003; + AccessTokenIDEx fullIdUser3; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser3)); + + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, LOCATION), + PERMISSION_DENIED); + + UserState user0 = {.userId = -1, .isActive = true}; + UserState user1 = {.userId = MOCK_USER_ID_10001, .isActive = true}; + UserState user2 = {.userId = MOCK_USER_ID_10002, .isActive = false}; + UserState user3 = {.userId = MOCK_USER_ID_10003, .isActive = false}; + + std::vector userList = { user0, user1, user2, user3 }; + std::vector permList = { INTERNET, GET_NETWORK_STATS, LOCATION }; + int32_t ret = AccessTokenKit::InitUserPolicy(userList, permList); + EXPECT_EQ(ret, 0); + + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET), PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser3.tokenIdExStruct.tokenID, INTERNET), PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, LOCATION), + PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, LOCATION), + PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser3.tokenIdExStruct.tokenID, LOCATION), + PERMISSION_DENIED); + + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser1.tokenIdExStruct.tokenID)); + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser2.tokenIdExStruct.tokenID)); + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser3.tokenIdExStruct.tokenID)); + + int32_t res = AccessTokenKit::ClearUserPolicy(); + EXPECT_EQ(res, 0); +} + +/** + * @tc.name: UpdateUserPolicy003 + * @tc.desc: UpdateUserPolicy with invalid userList. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(EdmPolicySetTest, UpdateUserPolicy003, TestSize.Level1) +{ + const int32_t invalidSize = 1025; // 1025 is invalid size. + std::vector userList(invalidSize); + int32_t ret = AccessTokenKit::UpdateUserPolicy(userList); + EXPECT_EQ(ret, AccessTokenError::ERR_PARAM_INVALID); + + std::vector userListEmpty; + ret = AccessTokenKit::UpdateUserPolicy(userListEmpty); + EXPECT_EQ(ret, AccessTokenError::ERR_PARAM_INVALID); +} + +/** + * @tc.name: UpdateUserPolicy004 + * @tc.desc: UpdateUserPolicy and the stock permission status is refreshed according to the policy. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(EdmPolicySetTest, UpdateUserPolicy004, TestSize.Level1) +{ + g_testHapInfoParams.userID = MOCK_USER_ID_10001; + AccessTokenIDEx fullIdUser1; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser1)); + g_testHapInfoParams.userID = MOCK_USER_ID_10002; + AccessTokenIDEx fullIdUser2; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser2)); + + UserState user1 = {.userId = MOCK_USER_ID_10001, .isActive = false}; + UserState user2 = {.userId = MOCK_USER_ID_10002, .isActive = true}; + std::vector userListBefore = { user1, user2 }; + std::vector permList = { INTERNET, LOCATION }; + int32_t ret = AccessTokenKit::InitUserPolicy(userListBefore, permList); + EXPECT_EQ(ret, 0); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET), PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, LOCATION), + PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, LOCATION), + PERMISSION_DENIED); + + // update the policy + user1.isActive = true; + user2.isActive = false; + std::vector userListAfter = { user1, user2 }; + ret = AccessTokenKit::UpdateUserPolicy(userListAfter); + EXPECT_EQ(ret, 0); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET), PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, LOCATION), + PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, LOCATION), + PERMISSION_DENIED); + + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser1.tokenIdExStruct.tokenID)); + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser2.tokenIdExStruct.tokenID)); + + int32_t res = AccessTokenKit::ClearUserPolicy(); + EXPECT_EQ(res, 0); +} + + +/** + * @tc.name: UserPolicyTestForNewHap + * @tc.desc: Set the authorization status based on the user policy during new hap installation + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(EdmPolicySetTest, UserPolicyTestForNewHap, TestSize.Level1) +{ + UserState user1 = {.userId = MOCK_USER_ID_10001, .isActive = true}; + UserState user2 = {.userId = MOCK_USER_ID_10002, .isActive = true}; + std::vector userListBefore = { user1, user2 }; + std::vector permList = { INTERNET, LOCATION }; + EXPECT_EQ(AccessTokenKit::InitUserPolicy(userListBefore, permList), 0); + + g_testHapInfoParams.userID = MOCK_USER_ID_10001; + AccessTokenIDEx fullIdUser1; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser1)); + g_testHapInfoParams.userID = MOCK_USER_ID_10002; + AccessTokenIDEx fullIdUser2; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser2)); + + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, LOCATION), + PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, LOCATION), + PERMISSION_DENIED); + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser1.tokenIdExStruct.tokenID)); + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser2.tokenIdExStruct.tokenID)); + + // update the policy + user1.isActive = false; + user2.isActive = false; + std::vector userListAfter = { user1, user2 }; + int32_t ret = AccessTokenKit::UpdateUserPolicy(userListAfter); + EXPECT_EQ(ret, 0); + g_testHapInfoParams.userID = MOCK_USER_ID_10001; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser1)); + g_testHapInfoParams.userID = MOCK_USER_ID_10002; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser2)); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET), PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET), PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, LOCATION), + PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, LOCATION), + PERMISSION_DENIED); + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser1.tokenIdExStruct.tokenID)); + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser2.tokenIdExStruct.tokenID)); + EXPECT_EQ(AccessTokenKit::ClearUserPolicy(), 0); +} + +/** + * @tc.name: UserPolicyTestForNewHap + * @tc.desc: Set the authorization status based on the user policy during new hap installation + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(EdmPolicySetTest, UserPolicyTestForClearUserGranted, TestSize.Level1) +{ + UserState user1 = {.userId = MOCK_USER_ID_10001, .isActive = true}; + UserState user2 = {.userId = MOCK_USER_ID_10002, .isActive = false}; + std::vector userListBefore = { user1, user2 }; + std::vector permList = { INTERNET, LOCATION }; + int32_t ret = AccessTokenKit::InitUserPolicy(userListBefore, permList); + EXPECT_EQ(ret, 0); + + g_testHapInfoParams.userID = MOCK_USER_ID_10001; + AccessTokenIDEx fullIdUser1; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser1)); + g_testHapInfoParams.userID = MOCK_USER_ID_10002; + AccessTokenIDEx fullIdUser2; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser2)); + + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET), PERMISSION_DENIED); + + ret = AccessTokenKit::ClearUserGrantedPermissionState(fullIdUser1.tokenIdExStruct.tokenID); + EXPECT_EQ(RET_SUCCESS, ret); + ret = AccessTokenKit::ClearUserGrantedPermissionState(fullIdUser2.tokenIdExStruct.tokenID); + EXPECT_EQ(RET_SUCCESS, ret); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET), PERMISSION_DENIED); + + // update the policy + user1.isActive = false; + user2.isActive = true; + std::vector userListAfter = { user1, user2 }; + ret = AccessTokenKit::UpdateUserPolicy(userListAfter); + + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET), PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); + + ret = AccessTokenKit::ClearUserGrantedPermissionState(fullIdUser1.tokenIdExStruct.tokenID); + ret = AccessTokenKit::ClearUserGrantedPermissionState(fullIdUser2.tokenIdExStruct.tokenID); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET), PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); + + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser1.tokenIdExStruct.tokenID)); + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser2.tokenIdExStruct.tokenID)); + + int32_t res = AccessTokenKit::ClearUserPolicy(); + EXPECT_EQ(res, 0); +} + +class CbCustomizeTest : public PermStateChangeCallbackCustomize { +public: + explicit CbCustomizeTest(const PermStateChangeScope &scopeInfo) + : PermStateChangeCallbackCustomize(scopeInfo) + { + } + + ~CbCustomizeTest() + {} + + virtual void PermStateChangeCallback(PermStateChangeInfo& result) + { + int32_t status = (result.permStateChangeType == 1) ? PERMISSION_GRANTED : PERMISSION_DENIED; + EXPECT_EQ(status, AccessTokenKit::VerifyAccessToken(result.tokenID, result.permissionName)); + goalTokenId = result.tokenID; + } + + uint32_t goalTokenId = 0; +}; + +/** + * @tc.name: UserPolicyForDeleteTest + * @tc.desc: Set the authorization status based on the user policy during Delete hap installation + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(EdmPolicySetTest, UserPolicyForDeleteTest, TestSize.Level1) +{ + /* Init test hap */ + g_testHapInfoParams.userID = MOCK_USER_ID_10001; + AccessTokenIDEx fullIdUser1; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser1)); + g_testHapInfoParams.userID = MOCK_USER_ID_10002; + AccessTokenIDEx fullIdUser2; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser2)); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET, true), + PERMISSION_GRANTED); + + /* Register internet permission listener */ + PermStateChangeScope scopeInfo; + scopeInfo.permList = { INTERNET }; + scopeInfo.tokenIDs = {}; + auto callbackPtr = std::make_shared(scopeInfo); + int32_t ret = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); + EXPECT_EQ(RET_SUCCESS, ret); + + /* Set user policy */ + UserState user1 = {.userId = MOCK_USER_ID_10001, .isActive = true}; + UserState user2 = {.userId = MOCK_USER_ID_10002, .isActive = false}; + std::vector userListBefore = { user1, user2 }; + std::vector permList = { INTERNET }; + ret = AccessTokenKit::InitUserPolicy(userListBefore, permList); + EXPECT_EQ(ret, 0); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET), PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET, true), + PERMISSION_DENIED); + + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser1.tokenIdExStruct.tokenID)); + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser2.tokenIdExStruct.tokenID)); + usleep(500000); // 500000us = 0.5s + EXPECT_EQ(callbackPtr->goalTokenId, fullIdUser1.tokenIdExStruct.tokenID); + + ret = AccessTokenKit::ClearUserPolicy(); + EXPECT_EQ(ret, 0); + ret = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, ret); +} + +/** + * @tc.name: ClearUserPolicy001 + * @tc.desc: Check permission status after clear user policy. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(EdmPolicySetTest, ClearUserPolicy001, TestSize.Level1) +{ + g_testHapInfoParams.userID = MOCK_USER_ID_10002; + AccessTokenIDEx fullIdUser2; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser2)); + g_testHapInfoParams.userID = MOCK_USER_ID_10001; + AccessTokenIDEx fullIdUser1; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser1)); + + UserState user1 = {.userId = MOCK_USER_ID_10001, .isActive = false}; + UserState user2 = {.userId = MOCK_USER_ID_10002, .isActive = false}; + std::vector userList = { user1, user2}; + std::vector permList = { INTERNET }; + EXPECT_EQ(0, AccessTokenKit::InitUserPolicy(userList, permList)); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET), PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET), PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET, true), + PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET, true), + PERMISSION_DENIED); + + int32_t res = AccessTokenKit::ClearUserPolicy(); + EXPECT_EQ(res, 0); + + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); + + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser1.tokenIdExStruct.tokenID)); + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser2.tokenIdExStruct.tokenID)); +} + + +/** + * @tc.name: UserPolicyForUpdateHapTokenTest + * @tc.desc: UpdateHapToken and check permission status with user policy After . + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(EdmPolicySetTest, UserPolicyForUpdateHapTokenTest, TestSize.Level1) +{ + HapPolicyParams testPolicyParams1 = { + .apl = APL_SYSTEM_CORE, + .domain = "test.domain2", + .permStateList = { + g_infoManagerNetWorkState, + } + }; + g_testHapInfoParams.userID = MOCK_USER_ID_10001; + AccessTokenIDEx fullIdUser1; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParams1, fullIdUser1)); + + UserState user1 = {.userId = MOCK_USER_ID_10001, .isActive = false}; + std::vector userList = { user1}; + std::vector permList = { INTERNET }; + EXPECT_EQ(0, AccessTokenKit::InitUserPolicy(userList, permList)); + HapPolicyParams testPolicyParams2 = { + .apl = APL_SYSTEM_CORE, + .domain = "test.domain2", + .permStateList = { + g_infoManagerInternetState, + g_infoManagerNetWorkState, + } + }; + UpdateHapInfoParams info; + info.appIDDesc = "TEST"; + info.apiVersion = 12; + info.isSystemApp = false; + int32_t res = AccessTokenKit::UpdateHapToken(fullIdUser1, info, testPolicyParams2); + EXPECT_EQ(res, 0); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET), PERMISSION_DENIED); + + res = AccessTokenKit::ClearUserPolicy(); + EXPECT_EQ(res, 0); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); + + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser1.tokenIdExStruct.tokenID)); +} \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/edm_policy_set_test.h b/interfaces/innerkits/accesstoken/test/unittest/src/edm_policy_set_test.h new file mode 100644 index 000000000..4673409ed --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/src/edm_policy_set_test.h @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef EDM_POLICY_SET_TEST_H +#define EDM_POLICY_SET_TEST_H + +#include + +namespace OHOS { +namespace Security { +namespace AccessToken { +class EdmPolicySetTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void TearDown(); + void SetUp(); +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // EDM_POLICY_SET_TEST_H \ No newline at end of file diff --git a/services/accesstokenmanager/main/cpp/include/callback/callback_manager.h b/services/accesstokenmanager/main/cpp/include/callback/callback_manager.h index 813a86180..3614cbe3b 100644 --- a/services/accesstokenmanager/main/cpp/include/callback/callback_manager.h +++ b/services/accesstokenmanager/main/cpp/include/callback/callback_manager.h @@ -55,7 +55,7 @@ public: void ExecuteCallbackAsync(AccessTokenID tokenID, const std::string& permName, int32_t changeType); private: - void ExcuteAllCallback(std::vector>& list, AccessTokenID tokenID, const std::string& permName, + void ExecuteAllCallback(std::vector>& list, AccessTokenID tokenID, const std::string& permName, int32_t changeType); void GetCallbackObjectList(AccessTokenID tokenID, const std::string& permName, std::vector>& list); diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h index 1f83e1959..ac8c3c7de 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h @@ -75,7 +75,6 @@ public: bool isGranted, uint32_t flag); int32_t GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag); int32_t RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag); - void ClearUserGrantedPermissionState(AccessTokenID tokenID); void GetSelfPermissionState(const std::vector& permsList, PermissionListState& permState, int32_t apiVersion); int32_t AddPermStateChangeCallback( @@ -89,15 +88,21 @@ public: void ParamUpdate(const std::string& permissionName, uint32_t flag, bool filtered); void NotifyWhenPermissionStateUpdated(AccessTokenID tokenID, const std::string& permissionName, bool isGranted, uint32_t flag, const std::shared_ptr& infoPtr); - int32_t ClearUserGrantedPermission(AccessTokenID tokenID); int32_t DumpPermDefInfo(std::string& dumpInfo); void AddPermToKernel(AccessTokenID tokenID, const std::shared_ptr& policy); + void AddPermToKernel(AccessTokenID tokenID, const std::shared_ptr& policy, + const std::vector& permList); void RemovePermFromKernel(AccessTokenID tokenID); void SetPermToKernel(AccessTokenID tokenID, const std::string& permissionName, bool isGranted); bool InitPermissionList(const std::string& appDistributionType, const HapPolicyParams& policy, std::vector& initializedList); bool InitDlpPermissionList(const std::string& bundleName, int32_t userId, std::vector& initializedList); + void GetStateOrFlagChangedList(std::vector& stateListBefore, + std::vector& stateListAfter, std::vector& stateChangeList); + void NotifyUpdatedPermList(const std::vector& grantedPermListBefore, + const std::vector& grantedPermListAfter, AccessTokenID tokenID); + protected: static void RegisterImpl(PermissionManager* implInstance); private: @@ -111,14 +116,10 @@ private: bool GetLocationPermissionIndex(std::vector& reqPermList, LocationIndex& locationIndex); bool GetLocationPermissionState(AccessTokenID tokenID, std::vector& reqPermList, std::vector& permsList, int32_t apiVersion, const LocationIndex& locationIndex); - void NotifyUpdatedPermList(const std::vector& grantedPermListBefore, - const std::vector& grantedPermListAfter, AccessTokenID tokenID); int32_t FindPermRequestToggleStatusFromDb(int32_t userID, const std::string& permissionName); void AddPermRequestToggleStatusToDb(int32_t userID, const std::string& permissionName, int32_t status); void PermDefToString(const PermissionDef& def, std::string& info) const; bool IsPermissionStateOrFlagMatched(const PermissionStateFull& stata1, const PermissionStateFull& stata2); - void GetStateOrFlagChangedList(std::vector& stateListBefore, - std::vector& stateListAfter, std::vector& stateChangeList); PermissionGrantEvent grantEvent_; static std::recursive_mutex mutex_; diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h b/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h index 5d2d3b2ce..83c280ef2 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h @@ -60,8 +60,11 @@ public: static uint32_t GetFlagWithoutSpecifiedElement(uint32_t fullFlag, uint32_t removedFlag); static uint32_t GetFlagWroteToDb(uint32_t grantFlag); void GetDeletedPermissionListToNotify(std::vector& permissionList); + void GetDeletedPermissionListToNotify(std::vector& permissionList, + const std::vector& constrainedList); void GetGrantedPermissionList(std::vector& permissionList); - + void RefreshPermStateToKernel(const std::vector& permList, + bool hapUserIsActive, AccessTokenID tokenId, std::map& refreshedPermList); void GetPermissionStateList(std::vector& opCodeList, std::vector& statusList); uint32_t GetReqPermissionSize(); private: diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h index 7cf7d7519..efc62bd07 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h @@ -98,6 +98,9 @@ public: int SetPermDialogCap(const HapBaseInfoParcel& hapBaseInfoParcel, bool enable) override; void GetPermissionManagerInfo(PermissionGrantInfoParcel& infoParcel) override; int32_t GetNativeTokenName(AccessTokenID tokenID, std::string& name) override; + int32_t InitUserPolicy(const std::vector& userList, const std::vector& permList) override; + int32_t UpdateUserPolicy(const std::vector& userList) override; + int32_t ClearUserPolicy() override; void DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& dumpInfo) override; int32_t DumpPermDefInfo(std::string& dumpInfo) override; int32_t GetVersion(uint32_t& version) override; diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h index 7804b8a28..dc63b10b0 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h @@ -84,6 +84,9 @@ private: void SetPermDialogCapInner(MessageParcel& data, MessageParcel& reply); void GetPermissionManagerInfoInner(MessageParcel& data, MessageParcel& reply); void GetNativeTokenNameInner(MessageParcel& data, MessageParcel& reply); + void InitUserPolicyInner(MessageParcel& data, MessageParcel& reply); + void UpdateUserPolicyInner(MessageParcel& data, MessageParcel& reply); + void ClearUserPolicyInner(MessageParcel& data, MessageParcel& reply); bool IsPrivilegedCalling() const; bool IsAccessTokenCalling(); diff --git a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h index 8772b2dff..d41ccc6b4 100644 --- a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h +++ b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h @@ -16,6 +16,7 @@ #ifndef ACCESSTOKEN_TOKEN_INFO_MANAGER_H #define ACCESSTOKEN_TOKEN_INFO_MANAGER_H +#include #include #include #include @@ -76,6 +77,9 @@ public: void GetRelatedSandBoxHapList(AccessTokenID tokenId, std::vector& tokenIdList); int32_t GetHapTokenDlpType(AccessTokenID id); int32_t SetPermDialogCap(AccessTokenID tokenID, bool enable); + int32_t InitUserPolicy(const std::vector& userList, const std::vector& permList); + int32_t UpdateUserPolicy(const std::vector& userList); + int32_t ClearUserPolicy(); bool GetPermDialogCap(AccessTokenID tokenID); int32_t ModifyHapPermStateFromDb(AccessTokenID tokenID, const std::string& permission); void DumpToken(); @@ -83,6 +87,9 @@ public: void AddDumpTaskNum(); void ReduceDumpTaskNum(); int32_t GetNativeTokenName(AccessTokenID tokenId, std::string& name); + void ClearUserGrantedPermissionState(AccessTokenID tokenID); + int32_t ClearUserGrantedPermission(AccessTokenID tokenID); + bool IsPermissionRestrictedByUserPolicy(AccessTokenID id, const std::string& permissionName); #ifdef TOKEN_SYNC_ENABLE /* tokensync needed */ @@ -128,9 +135,18 @@ private: void DumpHapTokenInfoByTokenId(const AccessTokenID tokenId, std::string& dumpInfo); void DumpHapTokenInfoByBundleName(const std::string& bundleName, std::string& dumpInfo); void DumpAllHapTokenInfo(std::string& dumpInfo); + void DumpUserPolicyInfo(std::string& dumpInfo); void DumpNativeTokenInfoByProcessName(const std::string& processName, std::string& dumpInfo); void DumpAllNativeTokenInfo(std::string& dumpInfo); - + int32_t ParseUserPolicyInfo(const std::vector& userList, + const std::vector& permList, std::map& changedUserList); + int32_t ParseUserPolicyInfo(const std::vector& userList, + std::map& changedUserList); + int32_t UpdatePermissionStateToKernel(const std::vector& permCodeList, + const std::map& tokenIdList); + int32_t UpdatePermissionStateToKernel(const std::map& tokenIdList); + void GetGoalHapList(std::map& tokenIdList, + std::map& changedUserList); #ifdef RESOURCESCHEDULE_FFRT_ENABLE std::atomic_int32_t curTaskNum_; std::shared_ptr ffrtTaskQueue_ = std::make_shared("TokenStore"); @@ -149,6 +165,10 @@ private: std::map hapTokenIdMap_; std::map> nativeTokenInfoMap_; std::map nativeTokenIdMap_; + + OHOS::Utils::RWLock userPolicyLock_; + std::vector inactiveUserList_; + std::vector permPolicyList_; }; } // namespace AccessToken } // namespace Security diff --git a/services/accesstokenmanager/main/cpp/src/callback/callback_manager.cpp b/services/accesstokenmanager/main/cpp/src/callback/callback_manager.cpp index 0b315c218..5b2e7a71c 100644 --- a/services/accesstokenmanager/main/cpp/src/callback/callback_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/callback/callback_manager.cpp @@ -134,7 +134,7 @@ bool CallbackManager::CalledAccordingToPermLlist(const std::vector& [permName](const std::string& perm) { return perm == permName; }); } -void CallbackManager::ExcuteAllCallback(std::vector>& list, AccessTokenID tokenID, +void CallbackManager::ExecuteAllCallback(std::vector>& list, AccessTokenID tokenID, const std::string& permName, int32_t changeType) { for (auto it = list.begin(); it != list.end(); ++it) { @@ -204,7 +204,7 @@ void CallbackManager::ExecuteCallbackAsync(AccessTokenID tokenID, const std::str #endif std::vector> list; this->GetCallbackObjectList(tokenID, permName, list); - this->ExcuteAllCallback(list, tokenID, permName, changeType); + this->ExecuteAllCallback(list, tokenID, permName, changeType); }; #ifdef RESOURCESCHEDULE_FFRT_ENABLE diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index dd3f9c106..c33e0f103 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -466,7 +466,7 @@ int32_t PermissionManager::FindPermRequestToggleStatusFromDb(int32_t userID, con if (permRequestToggleStatusRes.empty()) { // never set, return default status: CLOSED if APP_TRACKING_CONSENT return (permissionName == "ohos.permission.APP_TRACKING_CONSENT") ? - PermissionRequestToggleStatus::CLOSED : PermissionRequestToggleStatus::OPEN;; + PermissionRequestToggleStatus::CLOSED : PermissionRequestToggleStatus::OPEN; } return permRequestToggleStatusRes[0].GetInt(TokenFiledConst::FIELD_REQUEST_TOGGLE_STATUS); } @@ -900,18 +900,6 @@ bool PermissionManager::LocationPermissionSpecialHandle( return GetLocationPermissionState(tokenID, reqPermList, permsList, apiVersion, locationIndex); } -void PermissionManager::ClearUserGrantedPermissionState(AccessTokenID tokenID) -{ - if (ClearUserGrantedPermission(tokenID) != RET_SUCCESS) { - return; - } - std::vector tokenIdList; - AccessTokenInfoManager::GetInstance().GetRelatedSandBoxHapList(tokenID, tokenIdList); - for (const auto& id : tokenIdList) { - (void)ClearUserGrantedPermission(id); - } -} - void PermissionManager::NotifyUpdatedPermList(const std::vector& grantedPermListBefore, const std::vector& grantedPermListAfter, AccessTokenID tokenID) { @@ -954,58 +942,6 @@ void PermissionManager::GetStateOrFlagChangedList(std::vector infoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenID); - if (infoPtr == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Token %{public}u is invalid.", tokenID); - return ERR_PARAM_INVALID; - } - if (infoPtr->IsRemote()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "It is a remote hap token %{public}u!", tokenID); - return ERR_IDENTITY_CHECK_FAILED; - } - std::shared_ptr permPolicySet = infoPtr->GetHapInfoPermissionPolicySet(); - if (permPolicySet == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid params!"); - return ERR_PARAM_INVALID; - } - std::vector grantedPermListBefore; - permPolicySet->GetGrantedPermissionList(grantedPermListBefore); - std::vector stateListBefore; - permPolicySet->GetPermissionStateList(stateListBefore); - - // reset permission. - permPolicySet->ResetUserGrantPermissionStatus(); - // clear security component granted permission which is not requested in module.json. - permPolicySet->ClearSecCompGrantedPerm(); - -#ifdef SUPPORT_SANDBOX_APP - // update permission status with dlp permission rule. - std::vector permListOfHap; - permPolicySet->GetPermissionStateFulls(permListOfHap); - DlpPermissionSetManager::GetInstance().UpdatePermStateWithDlpInfo( - infoPtr->GetDlpType(), permListOfHap); - permPolicySet->Update(permListOfHap); -#endif - - std::vector grantedPermListAfter; - permPolicySet->GetGrantedPermissionList(grantedPermListAfter); - std::vector stateListAfter; - permPolicySet->GetPermissionStateList(stateListAfter); - std::vector stateChangeList; - GetStateOrFlagChangedList(stateListBefore, stateListAfter, stateChangeList); - if (!AccessTokenInfoManager::GetInstance().UpdateStatesToDatabase(tokenID, stateChangeList)) { - return ERR_DATABASE_OPERATE_FAILED; - } - - // clear - AddPermToKernel(tokenID, permPolicySet); - - NotifyUpdatedPermList(grantedPermListBefore, grantedPermListAfter, tokenID); - return RET_SUCCESS; -} - void PermissionManager::NotifyPermGrantStoreResult(bool result, uint64_t timestamp) { grantEvent_.NotifyPermGrantStoreResult(result, timestamp); @@ -1044,6 +980,39 @@ void PermissionManager::AddPermToKernel(AccessTokenID tokenID, const std::shared } } +void PermissionManager::AddPermToKernel(AccessTokenID tokenID, const std::shared_ptr& policy, + const std::vector& permList) +{ + if (policy == nullptr) { + return; + } + + std::vector permCodeList; + for (const auto &permission : permList) { + uint32_t code; + if (!TransferPermissionToOpcode(permission, code)) { + continue; + } + permCodeList.emplace_back(code); + } + + std::vector opCodeList; + std::vector statusList; + bool isUserActive = false; + policy->GetPermissionStateList(opCodeList, statusList); + for (uint32_t i = 0; i < opCodeList.size(); i++) { + if (std::find(permCodeList.begin(), permCodeList.end(), opCodeList[i]) == permCodeList.end()) { + continue; + } + statusList[i] = statusList[i] && isUserActive; + } + int32_t ret = AddPermissionToKernel(tokenID, opCodeList, statusList); + if (ret != ACCESS_TOKEN_OK) { + ACCESSTOKEN_LOG_ERROR(LABEL, "AddPermissionToKernel(token=%{public}d), size=%{public}zu, err=%{public}d", + tokenID, opCodeList.size(), ret); + } +} + void PermissionManager::RemovePermFromKernel(AccessTokenID tokenID) { int32_t ret = RemovePermissionFromKernel(tokenID); diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp index e9f57bd7e..08330c9c8 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp @@ -24,6 +24,7 @@ #include "permission_definition_cache.h" #include "permission_map.h" #include "permission_validator.h" +#include "perm_setproc.h" #include "data_translator.h" #include "token_field_const.h" @@ -489,6 +490,24 @@ void PermissionPolicySet::GetDeletedPermissionListToNotify(std::vector& permissionList, + const std::vector& constrainedList) +{ + Utils::UniqueReadGuard infoGuard(this->permPolicySetLock_); + for (const auto& perm : permStateList_) { + if (perm.isGeneral) { + if ((perm.grantStatus[0] == PERMISSION_GRANTED) && + (std::find(constrainedList.begin(), constrainedList.end(), perm.permissionName) == + constrainedList.end())) { + permissionList.emplace_back(perm.permissionName); + } + } + } + for (const auto& permission : secCompGrantedPermList_) { + permissionList.emplace_back(permission); + } +} + void PermissionPolicySet::GetPermissionStateList(std::vector& opCodeList, std::vector& statusList) { Utils::UniqueReadGuard infoGuard(this->permPolicySetLock_); @@ -501,6 +520,39 @@ void PermissionPolicySet::GetPermissionStateList(std::vector& opCodeLi } } +void PermissionPolicySet::RefreshPermStateToKernel(const std::vector& permList, + bool hapUserIsActive, AccessTokenID tokenId, std::map& refreshedPermList) +{ + Utils::UniqueReadGuard infoGuard(this->permPolicySetLock_); + for (const auto& state : permStateList_) { + if (std::find(permList.begin(), permList.end(), state.permissionName) == permList.end()) { + continue; + } + uint32_t code; + if (TransferPermissionToOpcode(state.permissionName, code)) { + bool isGrantedCurr; + int32_t ret = GetPermissionFromKernel(tokenId, code, isGrantedCurr); + bool isGrantedToBe = (state.grantStatus[0] == PERMISSION_GRANTED) && hapUserIsActive; + if (ret != RET_SUCCESS) { + ACCESSTOKEN_LOG_ERROR(LABEL, "SetPermissionToKernel err=%{public}d", ret); + continue; + } + ACCESSTOKEN_LOG_INFO(LABEL, + "id=%{public}u, opCode=%{public}u, isGranted=%{public}d, hapUserIsActive=%{public}d", + tokenId, code, isGrantedToBe, hapUserIsActive); + if (isGrantedCurr == isGrantedToBe) { + continue; + } + ret = SetPermissionToKernel(tokenId, code, isGrantedToBe); + if (ret != RET_SUCCESS) { + ACCESSTOKEN_LOG_ERROR(LABEL, "SetPermissionToKernel err=%{public}d", ret); + continue; + } + refreshedPermList[state.permissionName] = isGrantedToBe; + } + } +} + uint32_t PermissionPolicySet::GetReqPermissionSize() { return static_cast(permStateList_.size()); diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index ca4c20d8c..3b89ba549 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -135,6 +135,11 @@ int AccessTokenManagerService::VerifyAccessToken(AccessTokenID tokenID, const st int32_t res = PermissionManager::GetInstance().VerifyAccessToken(tokenID, permissionName); ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID: %{public}d, permission: %{public}s, res %{public}d", tokenID, permissionName.c_str(), res); + if ((res == PERMISSION_GRANTED) && + (AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(tokenID) == TOKEN_HAP)) { + res = AccessTokenInfoManager::GetInstance().IsPermissionRestrictedByUserPolicy(tokenID, permissionName) ? + PERMISSION_DENIED : PERMISSION_GRANTED; + } #ifdef HITRACE_NATIVE_ENABLE FinishTrace(HITRACE_TAG_ACCESS_CONTROL); #endif @@ -292,7 +297,7 @@ int AccessTokenManagerService::RevokePermission(AccessTokenID tokenID, const std int AccessTokenManagerService::ClearUserGrantedPermissionState(AccessTokenID tokenID) { ACCESSTOKEN_LOG_INFO(LABEL, "TokenID: %{public}d", tokenID); - PermissionManager::GetInstance().ClearUserGrantedPermissionState(tokenID); + AccessTokenInfoManager::GetInstance().ClearUserGrantedPermissionState(tokenID); AccessTokenInfoManager::GetInstance().SetPermDialogCap(tokenID, false); DumpTokenIfNeeded(); return RET_SUCCESS; @@ -573,6 +578,22 @@ int32_t AccessTokenManagerService::GetNativeTokenName(AccessTokenID tokenId, std return AccessTokenInfoManager::GetInstance().GetNativeTokenName(tokenId, name); } +int32_t AccessTokenManagerService::InitUserPolicy( + const std::vector& userList, const std::vector& permList) +{ + return AccessTokenInfoManager::GetInstance().InitUserPolicy(userList, permList); +} + +int32_t AccessTokenManagerService::UpdateUserPolicy(const std::vector& userList) +{ + return AccessTokenInfoManager::GetInstance().UpdateUserPolicy(userList); +} + +int32_t AccessTokenManagerService::ClearUserPolicy() +{ + return AccessTokenInfoManager::GetInstance().ClearUserPolicy(); +} + int AccessTokenManagerService::Dump(int fd, const std::vector& args) { if (fd < 0) { @@ -660,14 +681,14 @@ void AccessTokenManagerService::GetConfigValue() AccessTokenConfigValue value; if (policy->GetConfigValue(ServiceType::ACCESSTOKEN_SERVICE, value)) { // set value from config - grantBundleName_ = value.atConfig.grantBundleName.empty() - ? GRANT_ABILITY_BUNDLE_NAME : value.atConfig.grantBundleName; - grantAbilityName_ = value.atConfig.grantAbilityName.empty() - ? GRANT_ABILITY_ABILITY_NAME : value.atConfig.grantAbilityName; - permStateAbilityName_ = value.atConfig.permStateAbilityName.empty() - ? PERMISSION_STATE_SHEET_ABILITY_NAME : value.atConfig.permStateAbilityName; - globalSwitchAbilityName_ = value.atConfig.globalSwitchAbilityName.empty() - ? GLOBAL_SWITCH_SHEET_ABILITY_NAME : value.atConfig.globalSwitchAbilityName; + grantBundleName_ = value.atConfig.grantBundleName.empty() ? + GRANT_ABILITY_BUNDLE_NAME : value.atConfig.grantBundleName; + grantAbilityName_ = value.atConfig.grantAbilityName.empty() ? + GRANT_ABILITY_ABILITY_NAME : value.atConfig.grantAbilityName; + permStateAbilityName_ = value.atConfig.permStateAbilityName.empty() ? + PERMISSION_STATE_SHEET_ABILITY_NAME : value.atConfig.permStateAbilityName; + globalSwitchAbilityName_ = value.atConfig.globalSwitchAbilityName.empty() ? + GLOBAL_SWITCH_SHEET_ABILITY_NAME : value.atConfig.globalSwitchAbilityName; } else { ACCESSTOKEN_LOG_INFO(LABEL, "No config file or config file is not valid, use default values"); grantBundleName_ = GRANT_ABILITY_BUNDLE_NAME; diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp index c2ff855ce..19a355170 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp @@ -35,6 +35,7 @@ static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ const std::string MANAGE_HAP_TOKENID_PERMISSION = "ohos.permission.MANAGE_HAP_TOKENID"; static const int32_t DUMP_CAPACITY_SIZE = 2 * 1024 * 1000; static const int MAX_PERMISSION_SIZE = 1000; +static const int32_t MAX_USER_POLICY_SIZE = 1024; #ifdef TOKEN_SYNC_ENABLE static const int MAX_NATIVE_TOKEN_INFO_SIZE = 20480; #endif @@ -913,6 +914,96 @@ void AccessTokenManagerStub::GetNativeTokenNameInner(MessageParcel& data, Messag } } +void AccessTokenManagerStub::InitUserPolicyInner(MessageParcel& data, MessageParcel& reply) +{ + uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); + if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingToken); + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); + return; + } + std::vector userList; + std::vector permList; + uint32_t userSize = data.ReadUint32(); + uint32_t permSize = data.ReadUint32(); + if ((userSize > MAX_USER_POLICY_SIZE) || (permSize > MAX_USER_POLICY_SIZE)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Size %{public}u is invalid", userSize); + reply.WriteInt32(AccessTokenError::ERR_OVERSIZE); + return; + } + for (uint32_t i = 0; i < userSize; i++) { + UserState userInfo; + if (!data.ReadInt32(userInfo.userId)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to read userId."); + reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED); + return; + } + if (!data.ReadBool(userInfo.isActive)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to read isActive."); + reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED); + return; + } + userList.emplace_back(userInfo); + } + for (uint32_t i = 0; i < permSize; i++) { + std::string permission; + if (!data.ReadString(permission)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to read permission."); + reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED); + return; + } + permList.emplace_back(permission); + } + int32_t res = this->InitUserPolicy(userList, permList); + reply.WriteInt32(res); +} + +void AccessTokenManagerStub::UpdateUserPolicyInner(MessageParcel& data, MessageParcel& reply) +{ + uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); + if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingToken); + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); + return; + } + std::vector userList; + uint32_t userSize = data.ReadUint32(); + if (userSize > MAX_USER_POLICY_SIZE) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Size %{public}u is invalid", userSize); + reply.WriteInt32(AccessTokenError::ERR_OVERSIZE); + return; + } + for (uint32_t i = 0; i < userSize; i++) { + UserState userInfo; + if (!data.ReadInt32(userInfo.userId)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to read userId."); + reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED); + return; + } + if (!data.ReadBool(userInfo.isActive)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to read isActive."); + reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED); + return; + } + userList.emplace_back(userInfo); + } + int32_t res = this->UpdateUserPolicy(userList); + reply.WriteInt32(res); +} + +void AccessTokenManagerStub::ClearUserPolicyInner(MessageParcel& data, MessageParcel& reply) +{ + uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); + if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingToken); + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); + return; + } + + int32_t res = this->ClearUserPolicy(); + reply.WriteInt32(res); +} + bool AccessTokenManagerStub::IsPrivilegedCalling() const { // shell process is root in debug mode. @@ -1011,6 +1102,12 @@ void AccessTokenManagerStub::SetLocalTokenOpFuncInMap() &AccessTokenManagerStub::GetPermissionManagerInfoInner; requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_NATIVE_TOKEN_NAME)] = &AccessTokenManagerStub::GetNativeTokenNameInner; + requestFuncMap_[static_cast(AccessTokenInterfaceCode::INIT_USER_POLICY)] = + &AccessTokenManagerStub::InitUserPolicyInner; + requestFuncMap_[static_cast(AccessTokenInterfaceCode::UPDATE_USER_POLICY)] = + &AccessTokenManagerStub::UpdateUserPolicyInner; + requestFuncMap_[static_cast(AccessTokenInterfaceCode::CLEAR_USER_POLICY)] = + &AccessTokenManagerStub::ClearUserPolicyInner; } void AccessTokenManagerStub::SetPermissionOpFuncInMap() diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index fa4e25224..5372e691f 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -42,6 +42,8 @@ #include "ipc_skeleton.h" #include "permission_definition_cache.h" #include "permission_manager.h" +#include "permission_map.h" +#include "perm_setproc.h" #include "access_token_db.h" #include "token_field_const.h" #include "token_setproc.h" @@ -257,14 +259,24 @@ int AccessTokenInfoManager::AddHapTokenInfo(const std::shared_ptr policySet = info->GetHapInfoPermissionPolicySet(); - PermissionManager::GetInstance().AddPermToKernel(id, policySet); - - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "ADD_HAP", HiviewDFX::HiSysEvent::EventType::STATISTIC, + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "ADD_HAP", + HiviewDFX::HiSysEvent::EventType::STATISTIC, "TOKENID", info->GetTokenID(), "USERID", info->GetUserID(), "BUNDLENAME", info->GetBundleName(), "INSTINDEX", info->GetInstIndex()); + // add hap to kernel + std::shared_ptr policySet = info->GetHapInfoPermissionPolicySet(); + int32_t userId = info->GetUserID(); + { + Utils::UniqueReadGuard infoGuard(this->userPolicyLock_); + if (!permPolicyList_.empty() && + (std::find(inactiveUserList_.begin(), inactiveUserList_.end(), userId) != inactiveUserList_.end())) { + ACCESSTOKEN_LOG_INFO(LABEL, "Execute user policy."); + PermissionManager::GetInstance().AddPermToKernel(id, policySet, permPolicyList_); + return RET_SUCCESS; + } + } + PermissionManager::GetInstance().AddPermToKernel(id, policySet); return RET_SUCCESS; } @@ -709,6 +721,17 @@ int32_t AccessTokenInfoManager::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const #endif // update hap to kernel std::shared_ptr policySet = infoPtr->GetHapInfoPermissionPolicySet(); + int32_t userId = infoPtr->GetUserID(); + { + Utils::UniqueReadGuard infoGuard(this->userPolicyLock_); + if (!permPolicyList_.empty() && + (std::find(inactiveUserList_.begin(), inactiveUserList_.end(), userId) != inactiveUserList_.end())) { + ACCESSTOKEN_LOG_INFO(LABEL, "Execute user policy."); + PermissionManager::GetInstance().AddPermToKernel(tokenID, policySet, permPolicyList_); + ModifyHapTokenInfoFromDb(tokenID); + return RET_SUCCESS; + } + } PermissionManager::GetInstance().AddPermToKernel(tokenID, policySet); ModifyHapTokenInfoFromDb(tokenID); return RET_SUCCESS; @@ -1238,7 +1261,17 @@ void AccessTokenInfoManager::PermissionStateNotify(const std::shared_ptr permissionList; - policy->GetDeletedPermissionListToNotify(permissionList); + int32_t userId = info->GetUserID(); + { + Utils::UniqueReadGuard infoGuard(this->userPolicyLock_); + if (!permPolicyList_.empty() && + (std::find(inactiveUserList_.begin(), inactiveUserList_.end(), userId) != inactiveUserList_.end())) { + ACCESSTOKEN_LOG_INFO(LABEL, "Execute user policy."); + policy->GetDeletedPermissionListToNotify(permissionList, permPolicyList_); + } else { + policy->GetDeletedPermissionListToNotify(permissionList); + } + } if (permissionList.size() != 0) { PermissionManager::GetInstance().ParamUpdate(permissionList[0], 0, true); } @@ -1311,6 +1344,27 @@ void AccessTokenInfoManager::DumpAllHapTokenInfo(std::string& dumpInfo) } } +void AccessTokenInfoManager::DumpUserPolicyInfo(std::string& dumpInfo) +{ + ACCESSTOKEN_LOG_DEBUG(LABEL, "Get user policy info."); + + Utils::UniqueReadGuard infoUser(this->userPolicyLock_); + dumpInfo.append(R"({)"); + dumpInfo.append("\n"); + dumpInfo.append(R"( "userIdList": )"); + for (uint32_t i = 0; i < inactiveUserList_.size(); i++) { + dumpInfo.append(R"( )" + std::to_string(inactiveUserList_[i])); + } + dumpInfo.append("\n"); + dumpInfo.append(R"( "permissionList": )"); + for (uint32_t i = 0; i < permPolicyList_.size(); i++) { + dumpInfo.append(R"( )" + permPolicyList_[i]); + } + dumpInfo.append("\n"); + dumpInfo.append("}"); + dumpInfo.append("\n"); +} + void AccessTokenInfoManager::DumpNativeTokenInfoByProcessName(const std::string& processName, std::string& dumpInfo) { ACCESSTOKEN_LOG_DEBUG(LABEL, "Get native token info by processName[%{public}s].", processName.c_str()); @@ -1387,6 +1441,95 @@ void AccessTokenInfoManager::DumpTokenInfo(const AtmToolsParamInfo& info, std::s DumpAllHapTokenInfo(dumpInfo); DumpAllNativeTokenInfo(dumpInfo); + DumpUserPolicyInfo(dumpInfo); +} + + +void AccessTokenInfoManager::ClearUserGrantedPermissionState(AccessTokenID tokenID) +{ + if (ClearUserGrantedPermission(tokenID) != RET_SUCCESS) { + return; + } + std::vector tokenIdList; + GetRelatedSandBoxHapList(tokenID, tokenIdList); + for (const auto& id : tokenIdList) { + (void)ClearUserGrantedPermission(id); + } +} + +int32_t AccessTokenInfoManager::ClearUserGrantedPermission(AccessTokenID id) +{ + std::shared_ptr infoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(id); + if (infoPtr == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Token %{public}u is invalid.", id); + return ERR_PARAM_INVALID; + } + if (infoPtr->IsRemote()) { + ACCESSTOKEN_LOG_ERROR(LABEL, "It is a remote hap token %{public}u!", id); + return ERR_IDENTITY_CHECK_FAILED; + } + std::shared_ptr permPolicySet = infoPtr->GetHapInfoPermissionPolicySet(); + if (permPolicySet == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid params!"); + return ERR_PARAM_INVALID; + } + std::vector grantedPermListBefore; + permPolicySet->GetGrantedPermissionList(grantedPermListBefore); + std::vector stateListBefore; + permPolicySet->GetPermissionStateList(stateListBefore); + + // reset permission. + permPolicySet->ResetUserGrantPermissionStatus(); + // clear security component granted permission which is not requested in module.json. + permPolicySet->ClearSecCompGrantedPerm(); + +#ifdef SUPPORT_SANDBOX_APP + // update permission status with dlp permission rule. + std::vector permListOfHap; + permPolicySet->GetPermissionStateFulls(permListOfHap); + DlpPermissionSetManager::GetInstance().UpdatePermStateWithDlpInfo(infoPtr->GetDlpType(), permListOfHap); + permPolicySet->Update(permListOfHap); +#endif + + std::vector grantedPermListAfter; + permPolicySet->GetGrantedPermissionList(grantedPermListAfter); + std::vector stateListAfter; + permPolicySet->GetPermissionStateList(stateListAfter); + std::vector stateChangeList; + PermissionManager::GetInstance().GetStateOrFlagChangedList(stateListBefore, stateListAfter, stateChangeList); + if (!UpdateStatesToDatabase(id, stateChangeList)) { + return ERR_DATABASE_OPERATE_FAILED; + } + + { + int32_t userId = infoPtr->GetUserID(); + Utils::UniqueReadGuard infoGuard(this->userPolicyLock_); + if (!permPolicyList_.empty() && + (std::find(inactiveUserList_.begin(), inactiveUserList_.end(), userId) != inactiveUserList_.end())) { + PermissionManager::GetInstance().AddPermToKernel(id, permPolicySet, permPolicyList_); + PermissionManager::GetInstance().NotifyUpdatedPermList(grantedPermListBefore, grantedPermListAfter, id); + return RET_SUCCESS; + } + } + PermissionManager::GetInstance().AddPermToKernel(id, permPolicySet); + PermissionManager::GetInstance().NotifyUpdatedPermList(grantedPermListBefore, grantedPermListAfter, id); + return RET_SUCCESS; +} + +bool AccessTokenInfoManager::IsPermissionRestrictedByUserPolicy(AccessTokenID id, const std::string& permissionName) +{ + std::shared_ptr infoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(id); + if (infoPtr == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Token %{public}u is invalid.", id); + return ERR_PARAM_INVALID; + } + int32_t userId = infoPtr->GetUserID(); + Utils::UniqueReadGuard infoGuard(this->userPolicyLock_); + if ((std::find(permPolicyList_.begin(), permPolicyList_.end(), permissionName) != permPolicyList_.end()) && + (std::find(inactiveUserList_.begin(), inactiveUserList_.end(), userId) != inactiveUserList_.end())) { + return true; + } + return false; } void AccessTokenInfoManager::GetRelatedSandBoxHapList(AccessTokenID tokenId, std::vector& tokenIdList) @@ -1441,6 +1584,201 @@ int32_t AccessTokenInfoManager::SetPermDialogCap(AccessTokenID tokenID, bool ena return RET_SUCCESS; } +int32_t AccessTokenInfoManager::ParseUserPolicyInfo(const std::vector& userList, + const std::vector& permList, std::map& changedUserList) +{ + if (!permPolicyList_.empty()) { + ACCESSTOKEN_LOG_ERROR(LABEL, "UserPolicy has been initialized."); + return ERR_USER_POLICY_INITIALIZED; + } + for (const auto &permission : permList) { + if (std::find(permPolicyList_.begin(), permPolicyList_.end(), permission) == permPolicyList_.end()) { + permPolicyList_.emplace_back(permission); + } + } + + if (permPolicyList_.empty()) { + ACCESSTOKEN_LOG_ERROR(LABEL, "permList is invalid."); + return ERR_PARAM_INVALID; + } + for (const auto &userInfo : userList) { + if (userInfo.userId < 0) { + ACCESSTOKEN_LOG_WARN(LABEL, "userId %{public}d is invalid.", userInfo.userId); + continue; + } + if (userInfo.isActive) { + ACCESSTOKEN_LOG_INFO(LABEL, "userid %{public}d is active.", userInfo.userId); + continue; + } + inactiveUserList_.emplace_back(userInfo.userId); + changedUserList[userInfo.userId] = false; + } + + return RET_SUCCESS; +} + +int32_t AccessTokenInfoManager::ParseUserPolicyInfo(const std::vector& userList, + std::map& changedUserList) +{ + if (permPolicyList_.empty()) { + ACCESSTOKEN_LOG_ERROR(LABEL, "UserPolicy has been initialized."); + return ERR_USER_POLICY_NOT_INITIALIZED; + } + for (const auto &userInfo : userList) { + if (userInfo.userId < 0) { + ACCESSTOKEN_LOG_WARN(LABEL, "UserId %{public}d is invalid.", userInfo.userId); + continue; + } + auto iter = std::find(inactiveUserList_.begin(), inactiveUserList_.end(), userInfo.userId); + // the userid is changed to foreground + if ((iter != inactiveUserList_.end() && userInfo.isActive)) { + inactiveUserList_.erase(iter); + changedUserList[userInfo.userId] = userInfo.isActive; + } + // the userid is changed to background + if ((iter == inactiveUserList_.end() && !userInfo.isActive)) { + changedUserList[userInfo.userId] = userInfo.isActive; + inactiveUserList_.emplace_back(userInfo.userId); + } + } + return RET_SUCCESS; +} + +void AccessTokenInfoManager::GetGoalHapList(std::map& tokenIdList, + std::map& changedUserList) +{ + Utils::UniqueReadGuard infoGuard(this->hapTokenInfoLock_); + for (auto iter = hapTokenInfoMap_.begin(); iter != hapTokenInfoMap_.end(); ++iter) { + AccessTokenID tokenId = iter->first; + std::shared_ptr infoPtr = iter->second; + if (infoPtr == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "TokenId infoPtr is null."); + continue; + } + auto userInfo = changedUserList.find(infoPtr->GetUserID()); + if (userInfo != changedUserList.end()) { + // Record the policy status of hap (active or not). + tokenIdList[tokenId] = userInfo->second; + } + } + return; +} + +int32_t AccessTokenInfoManager::UpdatePermissionStateToKernel(const std::map& tokenIdList) +{ + for (auto iter = tokenIdList.begin(); iter != tokenIdList.end(); ++iter) { + AccessTokenID tokenId = iter->first; + std::shared_ptr infoPtr = GetHapTokenInfoInner(tokenId); + bool isActive = iter->second; + std::shared_ptr permPolicySet = infoPtr->GetHapInfoPermissionPolicySet(); + // refresh under userPolicyLock_ + { + Utils::UniqueReadGuard infoGuard(this->userPolicyLock_); + std::map refreshedPermList; + permPolicySet->RefreshPermStateToKernel(permPolicyList_, isActive, tokenId, refreshedPermList); + + if (refreshedPermList.size() != 0) { + PermissionManager::GetInstance().ParamUpdate(std::string(), 0, true); + } + for (auto perm = refreshedPermList.begin(); perm != refreshedPermList.end(); ++perm) { + PermStateChangeType change = perm->second ? + PermStateChangeType::STATE_CHANGE_GRANTED : PermStateChangeType::STATE_CHANGE_REVOKED; + CallbackManager::GetInstance().ExecuteCallbackAsync(tokenId, perm->first, change); + } + } + } + return RET_SUCCESS; +} + +int32_t AccessTokenInfoManager::UpdatePermissionStateToKernel(const std::vector& permCodeList, + const std::map& tokenIdList) +{ + for (auto iter = tokenIdList.begin(); iter != tokenIdList.end(); ++iter) { + AccessTokenID tokenId = iter->first; + std::shared_ptr infoPtr = GetHapTokenInfoInner(tokenId); + bool isActive = iter->second; + std::shared_ptr permPolicySet = infoPtr->GetHapInfoPermissionPolicySet(); + std::map refreshedPermList; + permPolicySet->RefreshPermStateToKernel(permCodeList, isActive, tokenId, refreshedPermList); + + if (refreshedPermList.size() != 0) { + PermissionManager::GetInstance().ParamUpdate(std::string(), 0, true); + } + for (auto perm = refreshedPermList.begin(); perm != refreshedPermList.end(); ++perm) { + ACCESSTOKEN_LOG_INFO(LABEL, "Perm %{public}s refreshed by user policy, isactive %{public}d.", + perm->first.c_str(), perm->second); + PermStateChangeType change = perm->second ? + PermStateChangeType::STATE_CHANGE_GRANTED : PermStateChangeType::STATE_CHANGE_REVOKED; + CallbackManager::GetInstance().ExecuteCallbackAsync(tokenId, perm->first, change); + } + } + return RET_SUCCESS; +} + +int32_t AccessTokenInfoManager::InitUserPolicy( + const std::vector& userList, const std::vector& permList) +{ + std::map tokenIdList; + { + Utils::UniqueWriteGuard infoGuard(this->userPolicyLock_); + std::map changedUserList; + int32_t ret = ParseUserPolicyInfo(userList, permList, changedUserList); + if (ret != RET_SUCCESS) { + return ret; + } + if (changedUserList.empty()) { + ACCESSTOKEN_LOG_INFO(LABEL, "changedUserList is empty."); + return ret; + } + GetGoalHapList(tokenIdList, changedUserList); + } + return UpdatePermissionStateToKernel(tokenIdList); +} + +int32_t AccessTokenInfoManager::UpdateUserPolicy(const std::vector& userList) +{ + std::map tokenIdList; + { + std::map changedUserList; + Utils::UniqueWriteGuard infoGuard(this->userPolicyLock_); + int32_t ret = ParseUserPolicyInfo(userList, changedUserList); + if (ret != RET_SUCCESS) { + return ret; + } + if (changedUserList.empty()) { + ACCESSTOKEN_LOG_INFO(LABEL, "changedUserList is empty."); + return ret; + } + GetGoalHapList(tokenIdList, changedUserList); + } + return UpdatePermissionStateToKernel(tokenIdList); +} + +int32_t AccessTokenInfoManager::ClearUserPolicy() +{ + std::map tokenIdList; + std::vector permList; + Utils::UniqueWriteGuard infoGuard(this->userPolicyLock_); + if (permPolicyList_.empty()) { + ACCESSTOKEN_LOG_WARN(LABEL, "UserPolicy has been cleared."); + return RET_SUCCESS; + } + permList.assign(permPolicyList_.begin(), permPolicyList_.end()); + std::map changedUserList; + for (const auto &userId : inactiveUserList_) { + // All user comes to be active for permission manager. + changedUserList[userId] = true; + } + GetGoalHapList(tokenIdList, changedUserList); + int32_t ret = UpdatePermissionStateToKernel(permList, tokenIdList); + // Lock range is large. While The number of ClearUserPolicy function calls is very small. + if (ret == RET_SUCCESS) { + permPolicyList_.clear(); + inactiveUserList_.clear(); + } + return ret; +} + bool AccessTokenInfoManager::GetPermDialogCap(AccessTokenID tokenID) { if (tokenID == INVALID_TOKENID) { diff --git a/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp b/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp index 5e000228f..b6cd5269c 100644 --- a/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp +++ b/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp @@ -927,7 +927,7 @@ HWTEST_F(AccessTokenInfoManagerTest, SetRemoteHapTokenInfo001, TestSize.Level1) EXPECT_EQ(false, SetRemoteHapTokenInfoTest(deviceID, wrongBaseInfo)); wrongBaseInfo = rightBaseInfo; - wrongBaseInfo.dlpType = (HapDlpType)11;; // wrong dlpType + wrongBaseInfo.dlpType = (HapDlpType)11; // wrong dlpType EXPECT_EQ(false, SetRemoteHapTokenInfoTest(deviceID, wrongBaseInfo)); wrongBaseInfo = rightBaseInfo; @@ -939,6 +939,25 @@ HWTEST_F(AccessTokenInfoManagerTest, SetRemoteHapTokenInfo001, TestSize.Level1) EXPECT_EQ(false, SetRemoteHapTokenInfoTest(deviceID, wrongBaseInfo)); } +/** + * @tc.name: ClearUserGrantedPermissionState001 + * @tc.desc: AccessTokenInfoManagerTest::ClearUserGrantedPermissionState function test + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenInfoManagerTest, ClearUserGrantedPermissionState001, TestSize.Level1) +{ + AccessTokenID tokenId = 123; // 123 is random input + + std::shared_ptr hap = std::make_shared(); + ASSERT_NE(nullptr, hap); + AccessTokenInfoManager::GetInstance().hapTokenInfoMap_[tokenId] = hap; + + AccessTokenInfoManager::GetInstance().ClearUserGrantedPermissionState(tokenId); // permPolicySet is null + + AccessTokenInfoManager::GetInstance().hapTokenInfoMap_.erase(tokenId); +} + /** * @tc.name: NotifyTokenSyncTask001 * @tc.desc: TokenModifyNotifier::NotifyTokenSyncTask function test diff --git a/services/accesstokenmanager/test/unittest/permission_manager_test.cpp b/services/accesstokenmanager/test/unittest/permission_manager_test.cpp index acbde3825..7d93b5354 100644 --- a/services/accesstokenmanager/test/unittest/permission_manager_test.cpp +++ b/services/accesstokenmanager/test/unittest/permission_manager_test.cpp @@ -1513,25 +1513,6 @@ HWTEST_F(PermissionManagerTest, VerifyHapAccessToken001, TestSize.Level1) AccessTokenInfoManager::GetInstance().hapTokenInfoMap_.erase(tokenId); } -/** - * @tc.name: ClearUserGrantedPermissionState001 - * @tc.desc: PermissionManager::ClearUserGrantedPermissionState function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(PermissionManagerTest, ClearUserGrantedPermissionState001, TestSize.Level1) -{ - AccessTokenID tokenId = 123; // 123 is random input - - std::shared_ptr hap = std::make_shared(); - ASSERT_NE(nullptr, hap); - AccessTokenInfoManager::GetInstance().hapTokenInfoMap_[tokenId] = hap; - - PermissionManager::GetInstance().ClearUserGrantedPermissionState(tokenId); // permPolicySet is null - - AccessTokenInfoManager::GetInstance().hapTokenInfoMap_.erase(tokenId); -} - /** * @tc.name: GrantTempPermission001 * @tc.desc: Test grant temp permission revoke permission after switching to background -- Gitee From 1cffa7814a23a7f8f01e5c48a45420f7936a71c8 Mon Sep 17 00:00:00 2001 From: zengsiyu Date: Wed, 21 Aug 2024 14:29:22 +0800 Subject: [PATCH 039/473] delete app key by bundle name and user id Signed-off-by: zengsiyu Change-Id: Ide023e4d2ddc9ee88929608b8d347ad8849227e0 --- .../include/el5_filekey_manager_interface.h | 2 +- .../include/el5_filekey_service_ext_interface.h | 2 +- .../include/el5_filekey_manager_client.h | 2 +- .../include/el5_filekey_manager_kit.h | 5 +++-- .../src/el5_filekey_manager_client.cpp | 4 ++-- .../src/el5_filekey_manager_kit.cpp | 4 ++-- .../src/el5_filekey_manager_proxy.cpp | 10 +++++++--- .../src/el5_filekey_manager_proxy.h | 2 +- .../src/el5_filekey_manager_kit_unittest.cpp | 7 ++++--- .../include/el5_filekey_manager_service.h | 2 +- .../src/el5_filekey_manager_service.cpp | 10 +++++++--- .../src/el5_filekey_manager_stub.cpp | 5 +++-- ...el5_filekey_manager_service_mock_unittest.cpp | 16 +++++++++------- .../src/el5_filekey_manager_service_unittest.cpp | 7 ++++--- 14 files changed, 46 insertions(+), 32 deletions(-) diff --git a/frameworks/el5filekeymanager/include/el5_filekey_manager_interface.h b/frameworks/el5filekeymanager/include/el5_filekey_manager_interface.h index 61fda9112..917ebe93f 100644 --- a/frameworks/el5filekeymanager/include/el5_filekey_manager_interface.h +++ b/frameworks/el5filekeymanager/include/el5_filekey_manager_interface.h @@ -34,7 +34,7 @@ public: virtual int32_t AcquireAccess(DataLockType type) = 0; virtual int32_t ReleaseAccess(DataLockType type) = 0; virtual int32_t GenerateAppKey(uint32_t uid, const std::string& bundleName, std::string& keyId) = 0; - virtual int32_t DeleteAppKey(const std::string& keyId) = 0; + virtual int32_t DeleteAppKey(const std::string& bundleName, int32_t userId) = 0; virtual int32_t GetUserAppKey(int32_t userId, bool getAllFlag, std::vector> &keyInfos) = 0; virtual int32_t ChangeUserAppkeysLoadInfo(int32_t userId, std::vector> &loadInfos) = 0; diff --git a/frameworks/el5filekeymanager/include/el5_filekey_service_ext_interface.h b/frameworks/el5filekeymanager/include/el5_filekey_service_ext_interface.h index 00d17ec3a..167eba64c 100644 --- a/frameworks/el5filekeymanager/include/el5_filekey_service_ext_interface.h +++ b/frameworks/el5filekeymanager/include/el5_filekey_service_ext_interface.h @@ -28,7 +28,7 @@ public: virtual int32_t AcquireAccess(DataLockType type, bool isApp) = 0; virtual int32_t ReleaseAccess(DataLockType type, bool isApp) = 0; virtual int32_t GenerateAppKey(uint32_t uid, const std::string& bundleName, std::string& keyId) = 0; - virtual int32_t DeleteAppKey(const std::string& keyId) = 0; + virtual int32_t DeleteAppKey(const std::string& bundleName, int32_t userId) = 0; virtual int32_t GetUserAppKey(int32_t userId, bool getAllFlag, std::vector> &keyInfos) = 0; virtual int32_t ChangeUserAppkeysLoadInfo(int32_t userId, std::vector> &loadInfos) = 0; diff --git a/interfaces/innerkits/el5filekeymanager/include/el5_filekey_manager_client.h b/interfaces/innerkits/el5filekeymanager/include/el5_filekey_manager_client.h index f310df5e1..6364fec68 100644 --- a/interfaces/innerkits/el5filekeymanager/include/el5_filekey_manager_client.h +++ b/interfaces/innerkits/el5filekeymanager/include/el5_filekey_manager_client.h @@ -32,7 +32,7 @@ public: int32_t AcquireAccess(DataLockType type); int32_t ReleaseAccess(DataLockType type); int32_t GenerateAppKey(uint32_t uid, const std::string& bundleName, std::string& keyId); - int32_t DeleteAppKey(const std::string& keyId); + int32_t DeleteAppKey(const std::string& bundleName, int32_t userId); int32_t GetUserAppKey(int32_t userId, bool getAllFlag, std::vector> &keyInfos); int32_t ChangeUserAppkeysLoadInfo(int32_t userId, std::vector> &loadInfos); int32_t SetFilePathPolicy(); diff --git a/interfaces/innerkits/el5filekeymanager/include/el5_filekey_manager_kit.h b/interfaces/innerkits/el5filekeymanager/include/el5_filekey_manager_kit.h index d33322298..982f8a071 100644 --- a/interfaces/innerkits/el5filekeymanager/include/el5_filekey_manager_kit.h +++ b/interfaces/innerkits/el5filekeymanager/include/el5_filekey_manager_kit.h @@ -54,10 +54,11 @@ public: static int32_t GenerateAppKey(uint32_t uid, const std::string& bundleName, std::string& keyId); /** * @brief Delete app key of the uninstalled application. - * @param keyId KeyId of the uninstalled application + * @param bundleName bundle name + * @param userId The user id * @return error code, see el5_filekey_manager_error.h */ - static int32_t DeleteAppKey(const std::string& keyId); + static int32_t DeleteAppKey(const std::string& bundleName, int32_t userId); /** * @brief Get key infos of the specified user, the state is unloaded. * @param userId The user id diff --git a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_client.cpp b/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_client.cpp index 6a0d2467b..6ed2ebe6a 100644 --- a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_client.cpp +++ b/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_client.cpp @@ -71,14 +71,14 @@ int32_t El5FilekeyManagerClient::GenerateAppKey(uint32_t uid, const std::string& return proxy->GenerateAppKey(uid, bundleName, keyId); } -int32_t El5FilekeyManagerClient::DeleteAppKey(const std::string& keyId) +int32_t El5FilekeyManagerClient::DeleteAppKey(const std::string& bundleName, int32_t userId) { auto proxy = GetProxy(); if (proxy == nullptr) { LOG_ERROR("Get proxy failed, proxy is null."); return EFM_ERR_SA_GET_PROXY; } - return proxy->DeleteAppKey(keyId); + return proxy->DeleteAppKey(bundleName, userId); } int32_t El5FilekeyManagerClient::GetUserAppKey(int32_t userId, bool getAllFlag, diff --git a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_kit.cpp b/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_kit.cpp index 3b02a8df6..162d3e827 100644 --- a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_kit.cpp +++ b/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_kit.cpp @@ -35,9 +35,9 @@ int32_t El5FilekeyManagerKit::GenerateAppKey(uint32_t uid, const std::string& bu return El5FilekeyManagerClient::GetInstance().GenerateAppKey(uid, bundleName, keyId); } -int32_t El5FilekeyManagerKit::DeleteAppKey(const std::string& keyId) +int32_t El5FilekeyManagerKit::DeleteAppKey(const std::string& bundleName, int32_t userId) { - return El5FilekeyManagerClient::GetInstance().DeleteAppKey(keyId); + return El5FilekeyManagerClient::GetInstance().DeleteAppKey(bundleName, userId); } int32_t El5FilekeyManagerKit::GetUserAppKey(int32_t userId, std::vector> &keyInfos) diff --git a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_proxy.cpp b/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_proxy.cpp index 2762ff011..a1df32ffd 100644 --- a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_proxy.cpp +++ b/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_proxy.cpp @@ -121,15 +121,19 @@ int32_t El5FilekeyManagerProxy::GenerateAppKey(uint32_t uid, const std::string& return result; } -int32_t El5FilekeyManagerProxy::DeleteAppKey(const std::string& keyId) +int32_t El5FilekeyManagerProxy::DeleteAppKey(const std::string& bundleName, int32_t userId) { MessageParcel data; if (!data.WriteInterfaceToken(El5FilekeyManagerInterface::GetDescriptor())) { LOG_ERROR("Failed to write WriteInterfaceToken."); return EFM_ERR_IPC_WRITE_DATA; } - if (!data.WriteString(keyId)) { - LOG_ERROR("Failed to WriteString(%{public}s).", keyId.c_str()); + if (!data.WriteString(bundleName)) { + LOG_ERROR("Failed to WriteString(%{public}s).", bundleName.c_str()); + return EFM_ERR_IPC_WRITE_DATA; + } + if (!data.WriteUint32(userId)) { + LOG_ERROR("Failed to WriteUint32(%{public}d).", userId); return EFM_ERR_IPC_WRITE_DATA; } diff --git a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_proxy.h b/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_proxy.h index 6d0bfa269..8029a5434 100644 --- a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_proxy.h +++ b/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_proxy.h @@ -31,7 +31,7 @@ public: int32_t AcquireAccess(DataLockType type) override; int32_t ReleaseAccess(DataLockType type) override; int32_t GenerateAppKey(uint32_t uid, const std::string& bundleName, std::string& keyId) override; - int32_t DeleteAppKey(const std::string& keyId) override; + int32_t DeleteAppKey(const std::string& bundleName, int32_t userId) override; int32_t GetUserAppKey(int32_t userId, bool getAllFlag, std::vector> &keyInfos) override; int32_t ChangeUserAppkeysLoadInfo(int32_t userId, std::vector> &loadInfos) override; diff --git a/interfaces/innerkits/el5filekeymanager/test/unittest/src/el5_filekey_manager_kit_unittest.cpp b/interfaces/innerkits/el5filekeymanager/test/unittest/src/el5_filekey_manager_kit_unittest.cpp index 33969199f..5d0a69dd6 100644 --- a/interfaces/innerkits/el5filekeymanager/test/unittest/src/el5_filekey_manager_kit_unittest.cpp +++ b/interfaces/innerkits/el5filekeymanager/test/unittest/src/el5_filekey_manager_kit_unittest.cpp @@ -112,14 +112,15 @@ HWTEST_F(El5FilekeyManagerKitTest, GenerateAppKey001, TestSize.Level1) /** * @tc.name: DeleteAppKey001 - * @tc.desc: Delete app key by keyId without permission. + * @tc.desc: Delete app key by bundle name and user id without permission. * @tc.type: FUNC * @tc.require: issueI9JGMV */ HWTEST_F(El5FilekeyManagerKitTest, DeleteAppKey001, TestSize.Level1) { - std::string keyId = ""; - ASSERT_EQ(El5FilekeyManagerKit::DeleteAppKey(keyId), EFM_ERR_NO_PERMISSION); + std::string bundleName = ""; + int32_t userId = 100; + ASSERT_EQ(El5FilekeyManagerKit::DeleteAppKey(bundleName, userId), EFM_ERR_NO_PERMISSION); } /** diff --git a/services/el5filekeymanager/include/el5_filekey_manager_service.h b/services/el5filekeymanager/include/el5_filekey_manager_service.h index c06fe1a08..79006b3a0 100644 --- a/services/el5filekeymanager/include/el5_filekey_manager_service.h +++ b/services/el5filekeymanager/include/el5_filekey_manager_service.h @@ -44,7 +44,7 @@ public: int32_t AcquireAccess(DataLockType type) override; int32_t ReleaseAccess(DataLockType type) override; int32_t GenerateAppKey(uint32_t uid, const std::string& bundleName, std::string& keyId) override; - int32_t DeleteAppKey(const std::string& keyId) override; + int32_t DeleteAppKey(const std::string& bundleName, int32_t userId) override; int32_t GetUserAppKey(int32_t userId, bool getAllFlag, std::vector> &keyInfos) override; int32_t ChangeUserAppkeysLoadInfo(int32_t userId, std::vector> &loadInfos) override; diff --git a/services/el5filekeymanager/src/el5_filekey_manager_service.cpp b/services/el5filekeymanager/src/el5_filekey_manager_service.cpp index 66225702a..b663f4a3d 100644 --- a/services/el5filekeymanager/src/el5_filekey_manager_service.cpp +++ b/services/el5filekeymanager/src/el5_filekey_manager_service.cpp @@ -200,9 +200,13 @@ int32_t El5FilekeyManagerService::GenerateAppKey(uint32_t uid, const std::string return service_->GenerateAppKey(uid, bundleName, keyId); } -int32_t El5FilekeyManagerService::DeleteAppKey(const std::string& keyId) +int32_t El5FilekeyManagerService::DeleteAppKey(const std::string& bundleName, int32_t userId) { - LOG_DEBUG("Delete app key."); + LOG_DEBUG("Delete %{public}d's %{public}s app key.", userId, bundleName.c_str()); + if (userId < 0) { + LOG_ERROR("UserId is invalid!"); + return EFM_ERR_INVALID_PARAMETER; + } if (IPCSkeleton::GetCallingUid() != INSTALLS_UID) { LOG_ERROR("Delete app key permission denied."); return EFM_ERR_NO_PERMISSION; @@ -214,7 +218,7 @@ int32_t El5FilekeyManagerService::DeleteAppKey(const std::string& keyId) return EFM_SUCCESS; } - return service_->DeleteAppKey(keyId); + return service_->DeleteAppKey(bundleName, userId); } int32_t El5FilekeyManagerService::GetUserAppKey(int32_t userId, bool getAllFlag, diff --git a/services/el5filekeymanager/src/el5_filekey_manager_stub.cpp b/services/el5filekeymanager/src/el5_filekey_manager_stub.cpp index 4bc22021f..0665fedb1 100644 --- a/services/el5filekeymanager/src/el5_filekey_manager_stub.cpp +++ b/services/el5filekeymanager/src/el5_filekey_manager_stub.cpp @@ -97,8 +97,9 @@ void El5FilekeyManagerStub::GenerateAppKeyInner(MessageParcel &data, MessageParc void El5FilekeyManagerStub::DeleteAppKeyInner(MessageParcel &data, MessageParcel &reply) { - std::string keyId = data.ReadString(); - reply.WriteInt32(this->DeleteAppKey(keyId)); + std::string bundleName = data.ReadString(); + int32_t userId = data.ReadInt32(); + reply.WriteInt32(this->DeleteAppKey(bundleName, userId)); } void El5FilekeyManagerStub::GetUserAppKeyInner(MessageParcel &data, MessageParcel &reply) diff --git a/services/el5filekeymanager/test/src/el5_filekey_manager_service_mock_unittest.cpp b/services/el5filekeymanager/test/src/el5_filekey_manager_service_mock_unittest.cpp index 08547ed3c..69c1a4f30 100644 --- a/services/el5filekeymanager/test/src/el5_filekey_manager_service_mock_unittest.cpp +++ b/services/el5filekeymanager/test/src/el5_filekey_manager_service_mock_unittest.cpp @@ -67,7 +67,7 @@ public: return EFM_SUCCESS; } - int32_t DeleteAppKey(const std::string& keyId) + int32_t DeleteAppKey(const std::string& bundleName, int32_t userId) { return EFM_SUCCESS; } @@ -219,7 +219,7 @@ HWTEST_F(El5FilekeyManagerServiceMockTest, GenerateAppKey002, TestSize.Level1) /** * @tc.name: DeleteAppKey001 - * @tc.desc: Delete app key by keyId. + * @tc.desc: Delete app key by bundle name and user id. * @tc.type: FUNC * @tc.require: issueIAD2MD */ @@ -227,16 +227,17 @@ HWTEST_F(El5FilekeyManagerServiceMockTest, DeleteAppKey001, TestSize.Level1) { el5FilekeyManagerService_->service_ = nullptr; - std::string keyId = ""; + std::string bundleName = ""; + int32_t userId = 100; MockIpc::SetCallingUid(3060); - ASSERT_EQ(el5FilekeyManagerService_->DeleteAppKey(keyId), EFM_SUCCESS); + ASSERT_EQ(el5FilekeyManagerService_->DeleteAppKey(bundleName, userId), EFM_SUCCESS); } /** * @tc.name: DeleteAppKey002 - * @tc.desc: Delete app key by keyId. + * @tc.desc: Delete app key by bundle name and user id. * @tc.type: FUNC * @tc.require: issueIAD2MD */ @@ -244,11 +245,12 @@ HWTEST_F(El5FilekeyManagerServiceMockTest, DeleteAppKey002, TestSize.Level1) { el5FilekeyManagerService_->service_ = new TestEl5FilekeyServiceExt(); - std::string keyId = ""; + std::string bundleName = ""; + int32_t userId = 100; MockIpc::SetCallingUid(3060); - ASSERT_EQ(el5FilekeyManagerService_->DeleteAppKey(keyId), EFM_SUCCESS); + ASSERT_EQ(el5FilekeyManagerService_->DeleteAppKey(bundleName, userId), EFM_SUCCESS); } /** diff --git a/services/el5filekeymanager/test/src/el5_filekey_manager_service_unittest.cpp b/services/el5filekeymanager/test/src/el5_filekey_manager_service_unittest.cpp index b47f0b5c1..693a0e797 100644 --- a/services/el5filekeymanager/test/src/el5_filekey_manager_service_unittest.cpp +++ b/services/el5filekeymanager/test/src/el5_filekey_manager_service_unittest.cpp @@ -120,14 +120,15 @@ HWTEST_F(El5FilekeyManagerServiceTest, GenerateAppKey001, TestSize.Level1) /** * @tc.name: DeleteAppKey001 - * @tc.desc: Delete app key by keyId without permission. + * @tc.desc: Delete app key by bundle name and user id without permission. * @tc.type: FUNC * @tc.require: issueI9JGMV */ HWTEST_F(El5FilekeyManagerServiceTest, DeleteAppKey001, TestSize.Level1) { - std::string keyId = ""; - ASSERT_EQ(el5FilekeyManagerService_->DeleteAppKey(keyId), EFM_ERR_NO_PERMISSION); + std::string bundleName = ""; + int32_t userId = 100; + ASSERT_EQ(el5FilekeyManagerService_->DeleteAppKey(bundleName, userId), EFM_ERR_NO_PERMISSION); } /** -- Gitee From 8eb5b5a806a7cd3fbdd75b1ff41a327e58edf9d5 Mon Sep 17 00:00:00 2001 From: lsq Date: Wed, 21 Aug 2024 18:40:03 +0800 Subject: [PATCH 040/473] =?UTF-8?q?=E5=88=A0=E9=99=A4=E5=BD=B1=E5=93=8D?= =?UTF-8?q?=E7=94=A8=E4=BE=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: lsq Change-Id: I2c2345554a10737d3c21552f8daef49fc4e39a2b --- .../test/unittest/src/edm_policy_set_test.cpp | 71 ------------------- .../src/token/accesstoken_info_manager.cpp | 1 + 2 files changed, 1 insertion(+), 71 deletions(-) diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/edm_policy_set_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/edm_policy_set_test.cpp index 22711fe1e..eddf82b9d 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/edm_policy_set_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/edm_policy_set_test.cpp @@ -502,77 +502,6 @@ HWTEST_F(EdmPolicySetTest, UserPolicyTestForClearUserGranted, TestSize.Level1) EXPECT_EQ(res, 0); } -class CbCustomizeTest : public PermStateChangeCallbackCustomize { -public: - explicit CbCustomizeTest(const PermStateChangeScope &scopeInfo) - : PermStateChangeCallbackCustomize(scopeInfo) - { - } - - ~CbCustomizeTest() - {} - - virtual void PermStateChangeCallback(PermStateChangeInfo& result) - { - int32_t status = (result.permStateChangeType == 1) ? PERMISSION_GRANTED : PERMISSION_DENIED; - EXPECT_EQ(status, AccessTokenKit::VerifyAccessToken(result.tokenID, result.permissionName)); - goalTokenId = result.tokenID; - } - - uint32_t goalTokenId = 0; -}; - -/** - * @tc.name: UserPolicyForDeleteTest - * @tc.desc: Set the authorization status based on the user policy during Delete hap installation - * @tc.type: FUNC - * @tc.require:Issue Number - */ -HWTEST_F(EdmPolicySetTest, UserPolicyForDeleteTest, TestSize.Level1) -{ - /* Init test hap */ - g_testHapInfoParams.userID = MOCK_USER_ID_10001; - AccessTokenIDEx fullIdUser1; - EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser1)); - g_testHapInfoParams.userID = MOCK_USER_ID_10002; - AccessTokenIDEx fullIdUser2; - EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser2)); - EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); - EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); - EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET, true), - PERMISSION_GRANTED); - - /* Register internet permission listener */ - PermStateChangeScope scopeInfo; - scopeInfo.permList = { INTERNET }; - scopeInfo.tokenIDs = {}; - auto callbackPtr = std::make_shared(scopeInfo); - int32_t ret = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); - EXPECT_EQ(RET_SUCCESS, ret); - - /* Set user policy */ - UserState user1 = {.userId = MOCK_USER_ID_10001, .isActive = true}; - UserState user2 = {.userId = MOCK_USER_ID_10002, .isActive = false}; - std::vector userListBefore = { user1, user2 }; - std::vector permList = { INTERNET }; - ret = AccessTokenKit::InitUserPolicy(userListBefore, permList); - EXPECT_EQ(ret, 0); - EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); - EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET), PERMISSION_DENIED); - EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET, true), - PERMISSION_DENIED); - - EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser1.tokenIdExStruct.tokenID)); - EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser2.tokenIdExStruct.tokenID)); - usleep(500000); // 500000us = 0.5s - EXPECT_EQ(callbackPtr->goalTokenId, fullIdUser1.tokenIdExStruct.tokenID); - - ret = AccessTokenKit::ClearUserPolicy(); - EXPECT_EQ(ret, 0); - ret = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); - ASSERT_EQ(RET_SUCCESS, ret); -} - /** * @tc.name: ClearUserPolicy001 * @tc.desc: Check permission status after clear user policy. diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index 5372e691f..1c2cf0d79 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -1527,6 +1527,7 @@ bool AccessTokenInfoManager::IsPermissionRestrictedByUserPolicy(AccessTokenID id Utils::UniqueReadGuard infoGuard(this->userPolicyLock_); if ((std::find(permPolicyList_.begin(), permPolicyList_.end(), permissionName) != permPolicyList_.end()) && (std::find(inactiveUserList_.begin(), inactiveUserList_.end(), userId) != inactiveUserList_.end())) { + ACCESSTOKEN_LOG_INFO(LABEL, "id %{public}u perm %{public}s.", id, permissionName.c_str()); return true; } return false; -- Gitee From cac976650817f3df3fb9ab743303e490f2a0e697 Mon Sep 17 00:00:00 2001 From: ligongshao Date: Tue, 20 Aug 2024 19:31:27 +0800 Subject: [PATCH 041/473] set el5 sa timeout 10 seconds Signed-off-by: ligongshao --- .../el5filekeymanager/src/el5_filekey_manager_client.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_client.cpp b/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_client.cpp index 6a0d2467b..c282fceb3 100644 --- a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_client.cpp +++ b/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_client.cpp @@ -25,7 +25,7 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { -constexpr int32_t LOAD_SA_TIMEOUT_MS = 5000; +constexpr int32_t LOAD_SA_TIMEOUT_MS = 60000; } El5FilekeyManagerClient::El5FilekeyManagerClient() { -- Gitee From 6c3a796f2de62ab79153cb3217b287b91356d90f Mon Sep 17 00:00:00 2001 From: ZhuGangQiang Date: Thu, 22 Aug 2024 15:56:06 +0800 Subject: [PATCH 042/473] add permission Signed-off-by: ZhuGangQiang --- frameworks/common/src/permission_map.cpp | 1 + .../accesstokenmanager/permission_definitions.json | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/frameworks/common/src/permission_map.cpp b/frameworks/common/src/permission_map.cpp index 1d06a9b4a..ac95bd2f0 100644 --- a/frameworks/common/src/permission_map.cpp +++ b/frameworks/common/src/permission_map.cpp @@ -473,6 +473,7 @@ const static std::vector> g_permMap = { {"ohos.permission.FILTER_INPUT_EVENT", false}, {"ohos.permission.INPUT_PANEL_STATUS_PUBLISHER", false}, {"ohos.permission.RECEIVE_FUSION_MESSAGES", false}, + {"ohos.permission.ACCESS_FUSION_MANAGER", false}, {"ohos.permission.PUBLISH_LOCATION_EVENT", false}, {"ohos.permission.DUMP_AUDIO", false}, {"ohos.permission.ACTIVATE_DEVICE_PSI", false}, diff --git a/services/accesstokenmanager/permission_definitions.json b/services/accesstokenmanager/permission_definitions.json index 8ad497ea5..e64cc532f 100644 --- a/services/accesstokenmanager/permission_definitions.json +++ b/services/accesstokenmanager/permission_definitions.json @@ -3880,6 +3880,16 @@ "provisionEnable": true, "distributedSceneEnable": false }, + { + "name": "ohos.permission.ACCESS_FUSION_MANAGER", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 12, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, { "name": "ohos.permission.PUBLISH_LOCATION_EVENT", "grantMode": "system_grant", -- Gitee From fec0d0c402cbb436dc575d2d050d1fe8226a2a5f Mon Sep 17 00:00:00 2001 From: xia-bubai Date: Thu, 22 Aug 2024 15:25:17 +0800 Subject: [PATCH 043/473] =?UTF-8?q?=E5=A2=9E=E5=8A=A0hisysevent=E6=89=93?= =?UTF-8?q?=E7=82=B9=E5=A4=84=EF=BC=9A=E5=A2=9E=E5=8A=A0=E6=8E=88=E6=9D=83?= =?UTF-8?q?/=E5=8F=96=E6=B6=88=E6=8E=88=E6=9D=83/=E6=9B=B4=E6=96=B0HAP?= =?UTF-8?q?=E7=9A=84access=5Ftoken=E4=BF=A1=E6=81=AF/=E6=B6=88=E9=99=A4use?= =?UTF-8?q?r=20grant=E6=8E=88=E6=9D=83=E4=BF=A1=E6=81=AF/=E7=94=9F?= =?UTF-8?q?=E6=80=81=E7=AE=A1=E6=8E=A7=E6=8E=A7=E5=88=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: xia-bubai --- hisysevent.yaml | 28 +++++++++++++++++++ .../cpp/src/permission/permission_manager.cpp | 5 ++++ .../service/accesstoken_manager_service.cpp | 9 ++++-- .../src/token/accesstoken_info_manager.cpp | 15 +++++++--- 4 files changed, 51 insertions(+), 6 deletions(-) diff --git a/hisysevent.yaml b/hisysevent.yaml index 068404e07..5d391dcc6 100644 --- a/hisysevent.yaml +++ b/hisysevent.yaml @@ -73,3 +73,31 @@ REQUEST_PERMISSIONS_FROM_USER: __BASE: {type: BEHAVIOR, level: MINOR, desc: request permissions from user} BUNDLENAME: {type: STRING, desc: bundle name} UIEXTENSION_FLAG: {type: BOOL, desc: uiextension flag} + +UPDATE_PERMISSION: + __BASE: {type: BEHAVIOR, level: MINOR, desc: grant or revoke permission} + TOKENID: {type: UINT32, desc: tokenID} + PERMISSION_NAME: {type: STRING, desc: permission name} + PERMISSION_FLAG: {type: UINT32, desc: permission flag} + GRANTED_FLAG: {type: BOOL, desc: grant or revoke} + +UPDATE_HAP: + __BASE: {type: STATISTIC, level: MINOR, tag: usability, desc: update hap to device} + TOKENID: {type: UINT32, desc: token id} + USERID: {type: INT32, desc: user id} + BUNDLENAME: {type: STRING, desc: bundle name} + INSTINDEX: {type: INT32, desc: inst index} + +CLEAR_USER_PERMISSION_STATE: + __BASE: {type: BEHAVIOR, level: MINOR, desc: clear user permission state} + TOKENID: {type: UINT32, desc: tokenid to be cleared} + TOKENID_LEN: {type: UINT32, desc: amount of realated sandbox app accesstoken} + +SET_PERMISSION_DIALOG_CAP: + __BASE: {type: BEHAVIOR, level: MINOR, desc: set permission dialog capability} + TOKENID: {type: UINT32, desc: token id} + USERID: {type: INT32, desc: user id} + BUNDLENAME: {type: STRING, desc: bundle name} + INSTINDEX: {type: INT32, desc: inst index} + ENABLE: {type: BOOL, desc: enable or disable} + diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index dcc8d8f22..8fefbdbbc 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -688,6 +688,11 @@ int32_t PermissionManager::CheckAndUpdatePermission(AccessTokenID tokenID, const (void)UpdateTokenPermissionState(id, permissionName, isGranted, flag); } #endif + + // DFX + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_PERMISSION", + HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "TOKENID", tokenID, "PERMISSION_NAME", + permissionName, "PERMISSION_FLAG", flag, "GRANTED_FLAG", isGranted); return RET_SUCCESS; } diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index 45a28361b..6885d0dee 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -539,8 +539,13 @@ int32_t AccessTokenManagerService::SetPermDialogCap(const HapBaseInfoParcel& hap hapBaseInfoParcel.hapBaseInfo.userID, hapBaseInfoParcel.hapBaseInfo.bundleName, hapBaseInfoParcel.hapBaseInfo.instIndex); - - return AccessTokenInfoManager::GetInstance().SetPermDialogCap(tokenIdEx.tokenIdExStruct.tokenID, enable); + int32_t ret = AccessTokenInfoManager::GetInstance().SetPermDialogCap(tokenIdEx.tokenIdExStruct.tokenID, enable); + // DFX + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "SET_PERMISSION_DIALOG_CAP", + HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "TOKENID", tokenIdEx.tokenIdExStruct.tokenID, + "USERID", hapBaseInfoParcel.hapBaseInfo.userID, "BUNDLENAME", hapBaseInfoParcel.hapBaseInfo.bundleName, + "INSTINDEX", hapBaseInfoParcel.hapBaseInfo.instIndex, "ENABLE", enable); + return ret; } void AccessTokenManagerService::GetPermissionManagerInfo(PermissionGrantInfoParcel& infoParcel) diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index f5ea2e81d..097ba7b64 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -710,10 +710,13 @@ int32_t AccessTokenInfoManager::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const { Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); infoPtr->Update(info, permStateList, apl); - ACCESSTOKEN_LOG_INFO(LABEL, - "Token %{public}u bundle name %{public}s user %{public}d inst %{public}d tokenAttr %{public}d update ok!", - tokenID, infoPtr->GetBundleName().c_str(), infoPtr->GetUserID(), infoPtr->GetInstIndex(), - infoPtr->GetHapInfoBasic().tokenAttr); + ACCESSTOKEN_LOG_INFO(LABEL, "Token %{public}u bundle name %{public}s user %{public}d \ +inst %{public}d tokenAttr %{public}d update ok!", tokenID, infoPtr->GetBundleName().c_str(), + infoPtr->GetUserID(), infoPtr->GetInstIndex(), infoPtr->GetHapInfoBasic().tokenAttr); + // DFX + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_HAP", + HiviewDFX::HiSysEvent::EventType::STATISTIC, "TOKENID", infoPtr->GetTokenID(), "USERID", + infoPtr->GetUserID(), "BUNDLENAME", infoPtr->GetBundleName(), "INSTINDEX", infoPtr->GetInstIndex()); } PermissionManager::GetInstance().AddDefPermissions(permList, tokenID, true); #ifdef TOKEN_SYNC_ENABLE @@ -1476,6 +1479,10 @@ void AccessTokenInfoManager::ClearUserGrantedPermissionState(AccessTokenID token for (const auto& id : tokenIdList) { (void)ClearUserGrantedPermission(id); } + // DFX + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "CLEAR_USER_PERMISSION_STATE", + HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "TOKENID", tokenID, + "TOKENID_LEN", static_cast(tokenIdList.size())); } int32_t AccessTokenInfoManager::ClearUserGrantedPermission(AccessTokenID id) -- Gitee From 1ca382ddfcb167cc827d29133242e43a54981317 Mon Sep 17 00:00:00 2001 From: zhouyan Date: Thu, 22 Aug 2024 17:26:13 +0800 Subject: [PATCH 044/473] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E9=94=81=E5=B1=8F?= =?UTF-8?q?=E6=9C=8D=E5=8A=A1=E5=90=AF=E5=8A=A8=E5=9B=9E=E8=B0=83=E8=8E=B7?= =?UTF-8?q?=E5=8F=96=E5=88=B0=E7=9A=84=E5=80=BC=E4=B8=8E=E6=9E=9A=E4=B8=BE?= =?UTF-8?q?=E4=B8=8D=E4=B8=80=E8=87=B4=E7=9A=84=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: zhouyan Change-Id: I870b8a086569bc0c831519aae6353f86c0a0fb5c --- .../privacymanager/src/service/privacy_manager_service.cpp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/services/privacymanager/src/service/privacy_manager_service.cpp b/services/privacymanager/src/service/privacy_manager_service.cpp index 91b00d6d7..c7338692b 100644 --- a/services/privacymanager/src/service/privacy_manager_service.cpp +++ b/services/privacymanager/src/service/privacy_manager_service.cpp @@ -324,7 +324,12 @@ void PrivacyManagerService::OnAddSystemAbility(int32_t systemAbilityId, const st ScreenLockManagerAccessLoaderInterface* screenlockManagerLoader = loader.GetObject(); if (screenlockManagerLoader != nullptr) { - PermissionRecordManager::GetInstance().SetLockScreenStatus(screenlockManagerLoader->IsScreenLocked()); + int32_t lockScreenStatus = LockScreenStatusChangeType::PERM_ACTIVE_IN_UNLOCKED; + if (screenlockManagerLoader->IsScreenLocked()) { + lockScreenStatus = LockScreenStatusChangeType::PERM_ACTIVE_IN_LOCKED; + } + + PermissionRecordManager::GetInstance().SetLockScreenStatus(lockScreenStatus); } return; } -- Gitee From cb1a4a89b0bce4e79fc03fefad16446c8f5b5e5e Mon Sep 17 00:00:00 2001 From: AXYChen Date: Thu, 22 Aug 2024 21:09:44 +0800 Subject: [PATCH 045/473] Signed-off-by: AXYChen Change-Id: If950a0cc98baf77e78d0bfc37beb5be7f73815a2 --- .../src/record/permission_record_manager.cpp | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/services/privacymanager/src/record/permission_record_manager.cpp b/services/privacymanager/src/record/permission_record_manager.cpp index e5c2693e3..b80660df9 100644 --- a/services/privacymanager/src/record/permission_record_manager.cpp +++ b/services/privacymanager/src/record/permission_record_manager.cpp @@ -153,7 +153,7 @@ void PermissionRecordManager::AddRecord(const PermissionRecord& record) int32_t PermissionRecordManager::GetPermissionRecord(const AddPermParamInfo& info, PermissionRecord& record) { if (AccessTokenKit::GetTokenTypeFlag(info.tokenId) != TOKEN_HAP) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Not hap(%{public}d).", info.tokenId); + ACCESSTOKEN_LOG_ERROR(LABEL, "Not hap(%{public}d).", info.tokenId); return PrivacyError::ERR_PARAM_INVALID; } int32_t opCode; @@ -544,7 +544,7 @@ bool PermissionRecordManager::AddRecordToStartList(const PermissionRecord& recor std::lock_guard lock(startRecordListMutex_); bool hasStarted = std::any_of(startRecordList_.begin(), startRecordList_.end(), [record](const auto& rec) { return (rec.opCode == record.opCode) && (rec.tokenId == record.tokenId); }); - ACCESSTOKEN_LOG_ERROR(LABEL, "Id(%{public}d), opCode(%{public}d), hasStarted(%{public}d).", + ACCESSTOKEN_LOG_INFO(LABEL, "Id(%{public}d), opCode(%{public}d), hasStarted(%{public}d).", record.tokenId, record.opCode, hasStarted); if (!hasStarted) { startRecordList_.emplace_back(record); @@ -704,6 +704,7 @@ bool PermissionRecordManager::GetRecordFromStartList(uint32_t tokenId, int32_t return true; } } + ACCESSTOKEN_LOG_ERROR(LABEL, "No records started, tokenId=%{public}d, opCode=%{public}d", tokenId, opCode); return false; } @@ -824,8 +825,6 @@ void PermissionRecordManager::ExecuteCameraCallbackAsync(AccessTokenID tokenId) int32_t PermissionRecordManager::StartUsingPermission(AccessTokenID tokenId, const std::string& permissionName) { - ACCESSTOKEN_LOG_INFO(LABEL, "Entry, tokenId=0x%{public}x, permissionName=%{public}s", - tokenId, permissionName.c_str()); InitializeMuteState(permissionName); if (GetMuteStatus(permissionName, EDM)) { ACCESSTOKEN_LOG_ERROR(LABEL, "EDM not allow."); @@ -924,8 +923,6 @@ int32_t PermissionRecordManager::StartUsingPermission(AccessTokenID tokenId, con int32_t PermissionRecordManager::StopUsingPermission(AccessTokenID tokenId, const std::string& permissionName) { - ACCESSTOKEN_LOG_INFO(LABEL, "Id=0x%{public}x, permissionName=%{public}s", - tokenId, permissionName.c_str()); ExecuteDeletePermissionRecordTask(); if (AccessTokenKit::GetTokenTypeFlag(tokenId) != TOKEN_HAP) { -- Gitee From 0f2f02431784fd6a263a5f17aa1a00daee0d6eea Mon Sep 17 00:00:00 2001 From: AXYChen Date: Wed, 7 Aug 2024 17:59:44 +0800 Subject: [PATCH 046/473] =?UTF-8?q?=E4=BF=AE=E6=94=B9app=5Fstate=5Fdata?= =?UTF-8?q?=E7=BB=93=E6=9E=84=E4=BD=93?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: AXYChen Change-Id: I04607d0a2b5190991430487a7a8e2e24d8e61925 Signed-off-by: AXYChen --- .../accesstoken/src/accesstoken_kit.cpp | 4 +- .../src/accesstoken_manager_client.cpp | 1 + .../src/accesstoken_manager_proxy.cpp | 9 +++- .../main/cpp/src/database/access_token_db.cpp | 2 - .../cpp/src/permission/permission_manager.cpp | 50 +++++++++---------- .../src/permission/permission_policy_set.cpp | 12 +++-- .../service/accesstoken_manager_service.cpp | 5 +- .../src/service/accesstoken_manager_stub.cpp | 6 +-- .../src/token/accesstoken_info_manager.cpp | 23 +++------ .../src/record/permission_record_manager.cpp | 4 +- 10 files changed, 52 insertions(+), 64 deletions(-) diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp index 8e20d1eb4..4b5412f60 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp @@ -70,8 +70,7 @@ permList: %{public}zu, stateList: %{public}zu", int32_t AccessTokenKit::InitHapToken(const HapInfoParams& info, HapPolicyParams& policy, AccessTokenIDEx& fullTokenId) { - ACCESSTOKEN_LOG_INFO( - LABEL, "UserID: %{public}d, bundleName :%{public}s, \ + ACCESSTOKEN_LOG_INFO(LABEL, "UserID: %{public}d, bundleName :%{public}s, \ permList: %{public}zu, stateList: %{public}zu", info.userID, info.bundleName.c_str(), policy.permList.size(), policy.permStateList.size()); if ((!DataValidator::IsUserIdValid(info.userID)) || !DataValidator::IsAppIDDescValid(info.appIDDesc) || @@ -115,7 +114,6 @@ int AccessTokenKit::DeleteToken(AccessTokenID tokenID) { ACCESSTOKEN_LOG_INFO(LABEL, "TokenID=%{public}d.", tokenID); if (tokenID == INVALID_TOKENID) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID is invalid"); return AccessTokenError::ERR_PARAM_INVALID; } return AccessTokenManagerClient::GetInstance().DeleteToken(tokenID); diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp index b67a5796d..82a5bfa2b 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp @@ -321,6 +321,7 @@ int32_t AccessTokenManagerClient::RegisterPermStateChangeCallback( if (scopeParcel.scope.permList.size() > PERMS_LIST_SIZE_MAX || scopeParcel.scope.tokenIDs.size() > TOKENIDS_LIST_SIZE_MAX) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Scope oversize"); return AccessTokenError::ERR_PARAM_INVALID; } result = proxy->RegisterPermStateChangeCallback(scopeParcel, callback->AsObject()); diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp index 274436c40..4580f6f7d 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp @@ -668,7 +668,7 @@ int AccessTokenManagerProxy::GetTokenType(AccessTokenID tokenID) } int result = reply.ReadInt32(); - ACCESSTOKEN_LOG_DEBUG(LABEL, "Result from server (error=%{public}d).", result); + ACCESSTOKEN_LOG_DEBUG(LABEL, "Result from server (type=%{public}d).", result); return result; } @@ -828,21 +828,27 @@ int32_t AccessTokenManagerProxy::UpdateHapToken( return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteUint32(tokenID)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Write tokenID failed."); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteBool(info.isSystemApp)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Write isSystemApp failed."); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteString(info.appIDDesc)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Write appIDDesc failed."); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteInt32(info.apiVersion)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Write apiVersion failed."); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteString(info.appDistributionType)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Write appDistributionType failed."); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteParcelable(&policyParcel)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Write policyParcel failed."); return ERR_WRITE_PARCEL_FAILED; } @@ -1147,6 +1153,7 @@ void AccessTokenManagerProxy::DumpTokenInfo(const AtmToolsParamInfoParcel& infoP } if (!data.WriteParcelable(&infoParcel)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Write infoParcel failed."); return; } MessageParcel reply; diff --git a/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp b/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp index 6527dcfee..188f03db7 100644 --- a/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp +++ b/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp @@ -133,7 +133,6 @@ int AccessTokenDb::Add(const DataType type, const std::vector& va if (addSize == 0) { return SUCCESS; } - //ACCESSTOKEN_LOG_INFO(LABEL, "Add type=%{public}d, size=%{public}zu.", type, addSize); OHOS::Utils::UniqueWriteGuard lock(this->rwLock_); std::string prepareSql = CreateInsertPrepareSqlCmd(type); auto statement = Prepare(prepareSql); @@ -166,7 +165,6 @@ int AccessTokenDb::Add(const DataType type, const std::vector& va ".", beforeCnt, afterCnt); } CommitTransaction(); - //ACCESSTOKEN_LOG_INFO(LABEL, "Commit Add transaction."); return SUCCESS; } diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index db831ec44..1a4974c72 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -103,7 +103,7 @@ void PermissionManager::ClearAllSecCompGrantedPerm(const std::vector tokenInfoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenId); if (tokenInfoPtr == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenId is invalid, tokenId=%{public}u", tokenId); + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenInfo is null, tokenId=%{public}u", tokenId); continue; } std::shared_ptr permPolicySet = tokenInfoPtr->GetHapInfoPermissionPolicySet(); @@ -118,7 +118,7 @@ void PermissionManager::AddDefPermissions(const std::vector& perm { std::vector permFilterList; PermissionValidator::FilterInvalidPermissionDef(permList, permFilterList); - //ACCESSTOKEN_LOG_INFO(LABEL, "PermFilterList size: %{public}zu", permFilterList.size()); + ACCESSTOKEN_LOG_INFO(LABEL, "PermFilterList size: %{public}zu", permFilterList.size()); for (const auto& perm : permFilterList) { if (updateFlag) { PermissionDefinitionCache::GetInstance().Update(perm, tokenId); @@ -140,7 +140,7 @@ void PermissionManager::RemoveDefPermissions(AccessTokenID tokenID) std::shared_ptr tokenInfo = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenID); if (tokenInfo == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid params(tokenID: %{public}u)!", tokenID); + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenInfo is null, tokenId=%{public}u", tokenID); return; } std::string bundleName = tokenInfo->GetBundleName(); @@ -152,12 +152,12 @@ int PermissionManager::VerifyHapAccessToken(AccessTokenID tokenID, const std::st std::shared_ptr tokenInfoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenID); if (tokenInfoPtr == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID: %{public}d, can not find tokenInfo!", tokenID); + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenInfo is null, tokenId=%{public}u", tokenID); return PERMISSION_DENIED; } std::shared_ptr permPolicySet = tokenInfoPtr->GetHapInfoPermissionPolicySet(); if (permPolicySet == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID: %{public}d, invalid params!", tokenID); + ACCESSTOKEN_LOG_ERROR(LABEL, "PolicySet is null, TokenID=%{public}d.", tokenID); return PERMISSION_DENIED; } @@ -169,7 +169,7 @@ int PermissionManager::VerifyNativeAccessToken(AccessTokenID tokenID, const std: std::shared_ptr tokenInfoPtr = AccessTokenInfoManager::GetInstance().GetNativeTokenInfoInner(tokenID); if (tokenInfoPtr == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Can not find tokenInfo!"); + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenInfo is null, tokenId=%{public}u", tokenID); return PERMISSION_DENIED; } @@ -190,7 +190,7 @@ int PermissionManager::VerifyNativeAccessToken(AccessTokenID tokenID, const std: std::shared_ptr permPolicySet = AccessTokenInfoManager::GetInstance().GetNativePermissionPolicySet(tokenID); if (permPolicySet == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid params!"); + ACCESSTOKEN_LOG_ERROR(LABEL, "PolicySet is null, TokenID=%{public}d.", tokenID); return PERMISSION_DENIED; } @@ -219,7 +219,7 @@ PermUsedTypeEnum PermissionManager::GetUserGrantedPermissionUsedType( std::shared_ptr permPolicySet = AccessTokenInfoManager::GetInstance().GetHapPermissionPolicySet(tokenID); if (permPolicySet == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID=%{public}d, invalid params.", tokenID); + ACCESSTOKEN_LOG_ERROR(LABEL, "PolicySet is null, TokenID=%{public}d.", tokenID); return PermUsedTypeEnum::INVALID_USED_TYPE; } @@ -237,7 +237,7 @@ int PermissionManager::VerifyAccessToken(AccessTokenID tokenID, const std::strin } if (!PermissionValidator::IsPermissionNameValid(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID: %{public}d, invalid params!", tokenID); + ACCESSTOKEN_LOG_ERROR(LABEL, "PermissionName: %{public}s, invalid params!", permissionName.c_str()); return PERMISSION_DENIED; } @@ -266,7 +266,7 @@ int PermissionManager::GetDefPermissions(AccessTokenID tokenID, std::vector permPolicySet = AccessTokenInfoManager::GetInstance().GetHapPermissionPolicySet(tokenID); if (permPolicySet == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid params!"); + ACCESSTOKEN_LOG_ERROR(LABEL, "PolicySet is null, TokenID=%{public}d.", tokenID); return AccessTokenError::ERR_TOKENID_NOT_EXIST; } @@ -282,7 +282,7 @@ int PermissionManager::GetReqPermissions( std::shared_ptr permPolicySet = AccessTokenInfoManager::GetInstance().GetHapPermissionPolicySet(tokenID); if (permPolicySet == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid params!"); + ACCESSTOKEN_LOG_ERROR(LABEL, "PolicySet is null, TokenID=%{public}d.", tokenID); return AccessTokenError::ERR_TOKENID_NOT_EXIST; } @@ -395,7 +395,7 @@ int PermissionManager::GetPermissionFlag(AccessTokenID tokenID, const std::strin ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: %{public}u, permissionName: %{public}s", __func__, tokenID, permissionName.c_str()); if (!PermissionValidator::IsPermissionNameValid(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid params!"); + ACCESSTOKEN_LOG_ERROR(LABEL, "PermissionName:%{public}s invalid!", permissionName.c_str()); return AccessTokenError::ERR_PARAM_INVALID; } if (!PermissionDefinitionCache::GetInstance().HasDefinition(permissionName)) { @@ -406,7 +406,7 @@ int PermissionManager::GetPermissionFlag(AccessTokenID tokenID, const std::strin std::shared_ptr permPolicySet = AccessTokenInfoManager::GetInstance().GetHapPermissionPolicySet(tokenID); if (permPolicySet == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid params!"); + ACCESSTOKEN_LOG_ERROR(LABEL, "PolicySet is null, TokenID=%{public}d.", tokenID); return AccessTokenError::ERR_TOKENID_NOT_EXIST; } int32_t fullFlag; @@ -448,7 +448,7 @@ int32_t PermissionManager::DumpPermDefInfo(std::string& dumpInfo) PermissionDef def; int32_t ret = DataTranslator::TranslationIntoPermissionDef(*iter, def); if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "PermDef is wrong."); + ACCESSTOKEN_LOG_ERROR(LABEL, "PermDef of %{public}s is wrong.", def.permissionName.c_str()); return ret; } PermDefToString(def, dumpInfo); @@ -630,7 +630,7 @@ int32_t PermissionManager::UpdateTokenPermissionState( { std::shared_ptr infoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenID); if (infoPtr == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid params!"); + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenInfo is null, tokenId=%{public}u", tokenID); return AccessTokenError::ERR_TOKENID_NOT_EXIST; } if (infoPtr->IsRemote()) { @@ -648,7 +648,7 @@ int32_t PermissionManager::UpdateTokenPermissionState( } std::shared_ptr permPolicySet = infoPtr->GetHapInfoPermissionPolicySet(); if (permPolicySet == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid params!"); + ACCESSTOKEN_LOG_ERROR(LABEL, "PolicySet is null, TokenID=%{public}d.", tokenID); return AccessTokenError::ERR_PARAM_INVALID; } #ifdef SUPPORT_SANDBOX_APP @@ -683,7 +683,7 @@ int32_t PermissionManager::CheckAndUpdatePermission(AccessTokenID tokenID, const bool isGranted, uint32_t flag) { if (!PermissionValidator::IsPermissionNameValid(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid params!"); + ACCESSTOKEN_LOG_ERROR(LABEL, "permissionName: %{pubic}s, Invalid params!", permissionName.c_str()); return AccessTokenError::ERR_PARAM_INVALID; } if (!PermissionDefinitionCache::GetInstance().HasDefinition(permissionName)) { @@ -692,7 +692,7 @@ int32_t PermissionManager::CheckAndUpdatePermission(AccessTokenID tokenID, const return AccessTokenError::ERR_PERMISSION_NOT_EXIST; } if (!PermissionValidator::IsPermissionFlagValid(flag)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid params!"); + ACCESSTOKEN_LOG_ERROR(LABEL, "flag: %{public}d, Invalid params!", flag); return AccessTokenError::ERR_PARAM_INVALID; } int32_t ret = UpdateTokenPermissionState(tokenID, permissionName, isGranted, flag); @@ -985,7 +985,7 @@ int32_t PermissionManager::ClearUserGrantedPermission(AccessTokenID tokenID) { std::shared_ptr infoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenID); if (infoPtr == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Token %{public}u is invalid.", tokenID); + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenInfo is null, tokenId=%{public}u", tokenID); return ERR_PARAM_INVALID; } if (infoPtr->IsRemote()) { @@ -994,7 +994,7 @@ int32_t PermissionManager::ClearUserGrantedPermission(AccessTokenID tokenID) } std::shared_ptr permPolicySet = infoPtr->GetHapInfoPermissionPolicySet(); if (permPolicySet == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid params!"); + ACCESSTOKEN_LOG_ERROR(LABEL, "PolicySet is null, TokenID=%{public}d.", tokenID); return ERR_PARAM_INVALID; } std::vector grantedPermListBefore; @@ -1149,7 +1149,7 @@ bool PermissionManager::InitDlpPermissionList(const std::string& bundleName, int std::shared_ptr permPolicySet = AccessTokenInfoManager::GetInstance().GetHapPermissionPolicySet(tokenId.tokenIdExStruct.tokenID); if (permPolicySet == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid params!"); + ACCESSTOKEN_LOG_ERROR(LABEL, "PolicySet is null, TokenID=%{public}d.", tokenId.tokenIdExStruct.tokenID); return false; } permPolicySet->GetPermissionStateFulls(initializedList); @@ -1159,8 +1159,9 @@ bool PermissionManager::InitDlpPermissionList(const std::string& bundleName, int bool PermissionManager::InitPermissionList(const std::string& appDistributionType, const HapPolicyParams& policy, std::vector& initializedList) { - //ACCESSTOKEN_LOG_INFO(LABEL, "Before, request perm list size: %{public}zu, preAuthorizationInfo size %{public}zu.", - // policy.permStateList.size(), policy.preAuthorizationInfo.size()); + ACCESSTOKEN_LOG_INFO(LABEL, "Before, request perm list size: %{public}zu, preAuthorizationInfo size %{public}zu, " + "ACLRequestedList size %{public}zu.", + policy.permStateList.size(), policy.preAuthorizationInfo.size(), policy.aclRequestedList.size()); for (auto state : policy.permStateList) { PermissionDef permDef; @@ -1201,8 +1202,7 @@ bool PermissionManager::InitPermissionList(const std::string& appDistributionTyp } initializedList.emplace_back(state); } - ACCESSTOKEN_LOG_INFO(LABEL, "Before, request perm list size: %{public}zu; After, request perm list size: %{public}zu.", - policy.permStateList.size(), initializedList.size()); + ACCESSTOKEN_LOG_INFO(LABEL, "After, request perm list size: %{public}zu.", initializedList.size()); return true; } diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp index e9f57bd7e..b050aadf5 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp @@ -215,7 +215,8 @@ PermUsedTypeEnum PermissionPolicySet::GetUserGrantedPermissionUsedType(const std } if (IsPermGrantedBySecComp(iter->grantFlags[0])) { - ACCESSTOKEN_LOG_INFO(LABEL, "Permission is granted by seccomp, tokenID=%{public}d.", tokenId_); + ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s is granted by seccomp, tokenID=%{public}d.", + permissionName.c_str(), tokenId_); return PermUsedTypeEnum::SEC_COMPONENT_TYPE; } @@ -231,7 +232,8 @@ PermUsedTypeEnum PermissionPolicySet::GetUserGrantedPermissionUsedType(const std if (std::any_of(secCompGrantedPermList_.begin(), secCompGrantedPermList_.end(), [permissionName](const auto& permission) { return permission == permissionName; })) { - ACCESSTOKEN_LOG_INFO(LABEL, "Permission is granted by seccomp, tokenID=%{public}d.", tokenId_); + ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s is granted by seccomp, tokenID=%{public}d.", + permissionName.c_str(), tokenId_); return PermUsedTypeEnum::SEC_COMPONENT_TYPE; } ACCESSTOKEN_LOG_ERROR(LABEL, "Application %{public}u not apply for %{public}s.", tokenId_, permissionName.c_str()); @@ -256,8 +258,8 @@ int PermissionPolicySet::VerifyPermissionStatus(const std::string& permissionNam return PERMISSION_GRANTED; } if (iter->grantStatus[0] != PERMISSION_GRANTED) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID: %{public}d, permission: %{public}s is not granted", - tokenId_, permissionName.c_str()); + ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID: %{public}d, grantFlags: %{public}d, permission: %{public}s is not granted", + tokenId_, iter->grantFlags[0], permissionName.c_str()); return PERMISSION_DENIED; } return PERMISSION_GRANTED; @@ -292,6 +294,7 @@ int PermissionPolicySet::QueryPermissionFlag(const std::string& permissionName, flag = perm.grantFlags[0]; return RET_SUCCESS; } else { + ACCESSTOKEN_LOG_ERROR(LABEL, "Permission %{public}s is invalid", permissionName.c_str()); return AccessTokenError::ERR_PARAM_INVALID; } } @@ -409,7 +412,6 @@ int32_t PermissionPolicySet::UpdateSecCompGrantedPermList(const std::string& per int32_t PermissionPolicySet::UpdatePermissionStatus(const std::string& permissionName, bool isGranted, uint32_t flag) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "PermissionName %{public}s.", permissionName.c_str()); if (!IsPermGrantedBySecComp(flag)) { return UpdatePermStateList(permissionName, isGranted, flag); } diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index b5b55ce4d..0f6dcb62a 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -164,8 +164,6 @@ int AccessTokenManagerService::GetDefPermissions(AccessTokenID tokenID, std::vec int AccessTokenManagerService::GetReqPermissions( AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID: %{public}d, isSystemGrant: %{public}d", tokenID, isSystemGrant); - std::vector permList; int ret = PermissionManager::GetInstance().GetReqPermissions(tokenID, permList, isSystemGrant); @@ -238,7 +236,7 @@ PermissionOper AccessTokenManagerService::GetPermissionsState(AccessTokenID toke if (static_cast(reqPermList[i].permsState.state) == DYNAMIC_OPER) { needRes = true; } - ACCESSTOKEN_LOG_DEBUG(LABEL, "Perm: 0x%{public}s, state: 0x%{public}d", + ACCESSTOKEN_LOG_DEBUG(LABEL, "Perm: %{public}s, state: %{public}d", reqPermList[i].permsState.permissionName.c_str(), reqPermList[i].permsState.state); } if (GetTokenType(tokenID) == TOKEN_HAP && AccessTokenInfoManager::GetInstance().GetPermDialogCap(tokenID)) { @@ -345,7 +343,6 @@ int32_t AccessTokenManagerService::InitHapToken( int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo( info.hapInfoParameter, policy.hapPolicyParameter, fullTokenId); if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Hap token info create failed."); return ret; } diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp index 7b12db9ec..65b5ab258 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp @@ -95,7 +95,6 @@ void AccessTokenManagerStub::DeleteTokenInfoInner(MessageParcel& data, MessagePa return; } AccessTokenID tokenID = data.ReadUint32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Recieve request successfully, tokenID=%{public}d", tokenID); int result = this->DeleteToken(tokenID); reply.WriteInt32(result); } @@ -236,7 +235,7 @@ void AccessTokenManagerStub::GetPermissionsStatusInner(MessageParcel& data, Mess } ACCESSTOKEN_LOG_DEBUG(LABEL, "PermList size read from client data is %{public}d.", size); if (size > MAX_PERMISSION_SIZE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "PermList size %{public}d is invalid", size); + ACCESSTOKEN_LOG_ERROR(LABEL, "PermList size %{public}d is oversize", size); reply.WriteInt32(INVALID_OPER); return; } @@ -416,14 +415,12 @@ void AccessTokenManagerStub::AllocHapTokenInner(MessageParcel& data, MessageParc reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED); return; } - ACCESSTOKEN_LOG_INFO(LABEL, "Recieve request successfully"); res = this->AllocHapToken(*hapInfoParcel, *hapPolicyParcel); reply.WriteUint64(res.tokenIDEx); } void AccessTokenManagerStub::InitHapTokenInner(MessageParcel& data, MessageParcel& reply) { - AccessTokenID tokenID = IPCSkeleton::GetCallingTokenID(); if (!IsPrivilegedCalling() && (VerifyAccessToken(tokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) { @@ -439,7 +436,6 @@ void AccessTokenManagerStub::InitHapTokenInner(MessageParcel& data, MessageParce reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED); return; } - ACCESSTOKEN_LOG_INFO(LABEL, "Recieve request successfully"); int32_t res; AccessTokenIDEx fullTokenId = { 0 }; res = this->InitHapToken(*hapInfoParcel, *hapPolicyParcel, fullTokenId); diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index d9e9e0117..b987bad70 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -345,8 +345,8 @@ int AccessTokenInfoManager::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& { std::shared_ptr infoPtr = GetHapTokenInfoInner(tokenID); if (infoPtr == nullptr) { - //ACCESSTOKEN_LOG_ERROR( - // LABEL, "Token %{public}u is invalid.", tokenID); + ACCESSTOKEN_LOG_ERROR( + LABEL, "Token %{public}u is invalid.", tokenID); return AccessTokenError::ERR_TOKENID_NOT_EXIST; } infoPtr->TranslateToHapTokenInfo(info); @@ -516,7 +516,7 @@ int AccessTokenInfoManager::CreateHapTokenInfo( int32_t cloneFlag = ((dlpFlag == 0) && (info.instIndex) > 0) ? 1 : 0; AccessTokenID tokenId = AccessTokenIDManager::GetInstance().CreateAndRegisterTokenId(TOKEN_HAP, dlpFlag, cloneFlag); if (tokenId == 0) { - ACCESSTOKEN_LOG_INFO(LABEL, "Token Id create failed"); + ACCESSTOKEN_LOG_ERROR(LABEL, "Token Id create failed"); return ERR_TOKENID_CREATE_FAILED; } PermissionManager::GetInstance().AddDefPermissions(policy.permList, tokenId, false); @@ -677,12 +677,12 @@ int32_t AccessTokenInfoManager::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const { AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; if (!DataValidator::IsAppIDDescValid(info.appIDDesc)) { - ACCESSTOKEN_LOG_INFO(LABEL, "Token %{public}u parm format error!", tokenID); + ACCESSTOKEN_LOG_ERROR(LABEL, "Token %{public}u parm format error!", tokenID); return AccessTokenError::ERR_PARAM_INVALID; } std::shared_ptr infoPtr = GetHapTokenInfoInner(tokenID); if (infoPtr == nullptr) { - ACCESSTOKEN_LOG_INFO(LABEL, "Token %{public}u is null, can not update!", tokenID); + ACCESSTOKEN_LOG_ERROR(LABEL, "Token %{public}u is invalid, can not update!", tokenID); return AccessTokenError::ERR_TOKENID_NOT_EXIST; } @@ -1157,7 +1157,7 @@ int AccessTokenInfoManager::AddHapTokenInfoToDb(AccessTokenID tokenID) std::shared_ptr hapInfo = GetHapTokenInfoInner(tokenID); if (hapInfo == nullptr) { - ACCESSTOKEN_LOG_INFO(LABEL, "Token %{public}u info is null!", tokenID); + ACCESSTOKEN_LOG_ERROR(LABEL, "Token %{public}u info is null!", tokenID); return AccessTokenError::ERR_TOKENID_NOT_EXIST; } hapInfo->StoreHapInfo(hapInfoValues); @@ -1262,8 +1262,6 @@ AccessTokenID AccessTokenInfoManager::GetNativeTokenId(const std::string& proces void AccessTokenInfoManager::DumpHapTokenInfoByTokenId(const AccessTokenID tokenId, std::string& dumpInfo) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Dump by tokenId[%{public}u].", tokenId); - ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdType(tokenId); if (type == TOKEN_HAP) { std::shared_ptr infoPtr = GetHapTokenInfoInner(tokenId); @@ -1282,8 +1280,6 @@ void AccessTokenInfoManager::DumpHapTokenInfoByTokenId(const AccessTokenID token void AccessTokenInfoManager::DumpHapTokenInfoByBundleName(const std::string& bundleName, std::string& dumpInfo) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Get hap token info by bundleName[%{public}s].", bundleName.c_str()); - Utils::UniqueReadGuard hapInfoGuard(this->hapTokenInfoLock_); for (auto iter = hapTokenInfoMap_.begin(); iter != hapTokenInfoMap_.end(); iter++) { if (iter->second != nullptr) { @@ -1312,8 +1308,6 @@ void AccessTokenInfoManager::DumpAllHapTokenInfo(std::string& dumpInfo) void AccessTokenInfoManager::DumpNativeTokenInfoByProcessName(const std::string& processName, std::string& dumpInfo) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Get native token info by processName[%{public}s].", processName.c_str()); - Utils::UniqueReadGuard infoGuard(this->nativeTokenInfoLock_); for (auto iter = nativeTokenInfoMap_.begin(); iter != nativeTokenInfoMap_.end(); iter++) { if ((iter->second != nullptr) && (processName == iter->second->GetProcessName())) { @@ -1499,11 +1493,6 @@ bool AccessTokenInfoManager::UpdateCapStateToDatabase(AccessTokenID tokenID, boo int32_t AccessTokenInfoManager::GetNativeTokenName(AccessTokenID tokenId, std::string& name) { - if (tokenId == INVALID_TOKENID) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenId %{public}u is invalid.", tokenId); - return AccessTokenError::ERR_PARAM_INVALID; - } - ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdType(tokenId); if ((type != ATokenTypeEnum::TOKEN_NATIVE) && (type != ATokenTypeEnum::TOKEN_SHELL)) { ACCESSTOKEN_LOG_ERROR(LABEL, "Token type %{public}u is invalid.", type); diff --git a/services/privacymanager/src/record/permission_record_manager.cpp b/services/privacymanager/src/record/permission_record_manager.cpp index 2e10660cd..21cc55084 100644 --- a/services/privacymanager/src/record/permission_record_manager.cpp +++ b/services/privacymanager/src/record/permission_record_manager.cpp @@ -544,7 +544,7 @@ bool PermissionRecordManager::AddRecordToStartList(const PermissionRecord& recor std::lock_guard lock(startRecordListMutex_); bool hasStarted = std::any_of(startRecordList_.begin(), startRecordList_.end(), [record](const auto& rec) { return (rec.opCode == record.opCode) && (rec.tokenId == record.tokenId); }); - ACCESSTOKEN_LOG_ERROR(LABEL, "Id(%{public}d), opCode(%{public}d), hasStarted(%{public}d).", + ACCESSTOKEN_LOG_INFO(LABEL, "Id(%{public}d), opCode(%{public}d), hasStarted(%{public}d).", record.tokenId, record.opCode, hasStarted); if (!hasStarted) { startRecordList_.emplace_back(record); @@ -1432,7 +1432,7 @@ void PermissionRecordManager::InitializeMuteState(const std::string& permissionN std::lock_guard lock(camLoadMutex_); if (!isCamLoad_) { bool isEdmMute = false; - ModifyMuteStatus(CAMERA_PERMISSION_NAME, EDM, isEdmMute); + ModifyMuteStatus(CAMERA_PERMISSION_NAME, EDM, isEdmMute); } } } -- Gitee From f845404106a9e0f14bf3777d7c65248daefa7d86 Mon Sep 17 00:00:00 2001 From: zengsiyu Date: Fri, 23 Aug 2024 17:35:22 +0800 Subject: [PATCH 047/473] fix kit ut Signed-off-by: zengsiyu Change-Id: I0c409e9dcab681b88262b0036dab489bed0d95e9 --- .../test/unittest/src/el5_filekey_manager_kit_unittest.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/interfaces/innerkits/el5filekeymanager/test/unittest/src/el5_filekey_manager_kit_unittest.cpp b/interfaces/innerkits/el5filekeymanager/test/unittest/src/el5_filekey_manager_kit_unittest.cpp index 33969199f..ef7828f33 100644 --- a/interfaces/innerkits/el5filekeymanager/test/unittest/src/el5_filekey_manager_kit_unittest.cpp +++ b/interfaces/innerkits/el5filekeymanager/test/unittest/src/el5_filekey_manager_kit_unittest.cpp @@ -168,7 +168,7 @@ HWTEST_F(El5FilekeyManagerKitTest, SetFilePathPolicy001, TestSize.Level1) */ HWTEST_F(El5FilekeyManagerKitTest, RegisterCallback001, TestSize.Level1) { - ASSERT_EQ(El5FilekeyManagerKit::RegisterCallback((new TestEl5FilekeyCallback())), EFM_ERR_IPC_READ_DATA); + ASSERT_NE(El5FilekeyManagerKit::RegisterCallback((new TestEl5FilekeyCallback())), EFM_SUCCESS); } /** -- Gitee From 50539a2fab88b63eac65b645a822bb9fa2ef3df8 Mon Sep 17 00:00:00 2001 From: wuliushuan Date: Sat, 24 Aug 2024 03:16:56 +0000 Subject: [PATCH 048/473] =?UTF-8?q?InitHapTokenInner=20fuzz=E7=94=A8?= =?UTF-8?q?=E4=BE=8B=E8=A1=A5=E5=85=85?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: wuliushuan Change-Id: I3237c7c3135c6cfe21b3bf93003939d0ebeaf2a3 --- test/fuzztest/services/accesstoken/BUILD.gn | 1 + .../initHapTokenstub_fuzzer/BUILD.gn | 51 ++++++++ .../initHapTokenstub_fuzzer/corpus/init | 14 +++ .../initHapTokenstub_fuzzer.cpp | 119 ++++++++++++++++++ .../initHapTokenstub_fuzzer.h | 21 ++++ .../initHapTokenstub_fuzzer/project.xml | 25 ++++ 6 files changed, 231 insertions(+) create mode 100644 test/fuzztest/services/accesstoken/initHapTokenstub_fuzzer/BUILD.gn create mode 100644 test/fuzztest/services/accesstoken/initHapTokenstub_fuzzer/corpus/init create mode 100644 test/fuzztest/services/accesstoken/initHapTokenstub_fuzzer/initHapTokenstub_fuzzer.cpp create mode 100644 test/fuzztest/services/accesstoken/initHapTokenstub_fuzzer/initHapTokenstub_fuzzer.h create mode 100644 test/fuzztest/services/accesstoken/initHapTokenstub_fuzzer/project.xml diff --git a/test/fuzztest/services/accesstoken/BUILD.gn b/test/fuzztest/services/accesstoken/BUILD.gn index 02738c39e..8f2d80e28 100644 --- a/test/fuzztest/services/accesstoken/BUILD.gn +++ b/test/fuzztest/services/accesstoken/BUILD.gn @@ -42,6 +42,7 @@ group("fuzztest") { "gettokentypestub_fuzzer:GetTokenTypeStubFuzzTest", "getusergrantedpermissionusedtypestub_fuzzer:GetUserGrantedPermissionUsedTypeStubFuzzTest", "grantpermissionstub_fuzzer:GrantPermissionStubFuzzTest", + "initHapTokenstub_fuzzer:InitHapTokenStubFuzzTest", "registerpermstatechangecallbackstub_fuzzer:RegisterPermStateChangeCallbackStubFuzzTest", "reloadnativetokeninfostub_fuzzer:ReloadNativeTokenInfoStubFuzzTest", "revokepermissionstub_fuzzer:RevokePermissionStubFuzzTest", diff --git a/test/fuzztest/services/accesstoken/initHapTokenstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/initHapTokenstub_fuzzer/BUILD.gn new file mode 100644 index 000000000..dafa23d05 --- /dev/null +++ b/test/fuzztest/services/accesstoken/initHapTokenstub_fuzzer/BUILD.gn @@ -0,0 +1,51 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../access_token.gni") +import("../access_token_service_fuzz.gni") + +ohos_fuzztest("InitHapTokenStubFuzzTest") { + module_out_path = module_output_path_service_access_token + fuzz_config_file = "." + + sources = [ "initHapTokenstub_fuzzer.cpp" ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + include_dirs = access_token_include_dirs + + deps = access_token_deps + + configs = [ "${access_token_path}/config:coverage_flags" ] + + external_deps = access_token_external_deps + + include_dirs += access_token_impl_include_dirs + + cflags_cc = access_token_cflags_cc + + sources += access_token_sources + + sources += access_token_impl_sources + + if (eventhandler_enable == true) { + sources += [ "${access_token_path}/services/common/handler/src/access_event_handler.cpp" ] + } +} diff --git a/test/fuzztest/services/accesstoken/initHapTokenstub_fuzzer/corpus/init b/test/fuzztest/services/accesstoken/initHapTokenstub_fuzzer/corpus/init new file mode 100644 index 000000000..e7c3fecd8 --- /dev/null +++ b/test/fuzztest/services/accesstoken/initHapTokenstub_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/services/accesstoken/initHapTokenstub_fuzzer/initHapTokenstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/initHapTokenstub_fuzzer/initHapTokenstub_fuzzer.cpp new file mode 100644 index 000000000..56332abe8 --- /dev/null +++ b/test/fuzztest/services/accesstoken/initHapTokenstub_fuzzer/initHapTokenstub_fuzzer.cpp @@ -0,0 +1,119 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "initHapTokenstub_fuzzer.h" +#include +#include +#include +#include +#include +#include +#include "accesstoken_fuzzdata.h" +#undef private +#include "accesstoken_manager_service.h" +#include "hap_info_parcel.h" +#include "i_accesstoken_manager.h" + +using namespace std; +using namespace OHOS::Security::AccessToken; +const int CONSTANTS_NUMBER_TWO = 2; +static const int32_t ROOT_UID = 0; + +namespace OHOS { + void ConstructorParam(AccessTokenFuzzData& fuzzData, HapInfoParcel& hapInfoParcel, HapPolicyParcel& hapPolicyParcel) + { + std::string permissionName = fuzzData.GenerateRandomString(); + std::string bundleName = fuzzData.GenerateRandomString(); + PermissionDef testPermDef = { + .permissionName = permissionName, + .bundleName = bundleName, + .grantMode = 1, + .availableLevel = APL_NORMAL, + .label = fuzzData.GenerateRandomString(), + .labelId = 1, + .description = fuzzData.GenerateRandomString(), + .descriptionId = 1}; + PermissionStateFull TestState = { + .permissionName = permissionName, + .isGeneral = true, + .resDeviceID = {fuzzData.GenerateRandomString()}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {1}, + }; + HapInfoParams TestInfoParms = { + .userID = 1, + .bundleName = bundleName, + .instIndex = 0, + .appIDDesc = fuzzData.GenerateRandomString()}; + PreAuthorizationInfo info1 = { + .permissionName = permissionName, + .userCancelable = true + }; + HapPolicyParams TestPolicyPrams = { + .apl = APL_NORMAL, + .domain = fuzzData.GenerateRandomString(), + .permList = {testPermDef}, + .permStateList = {TestState}, + .aclRequestedList = {permissionName}, + .preAuthorizationInfo = {info1} + }; + + hapInfoParcel.hapInfoParameter = TestInfoParms; + hapPolicyParcel.hapPolicyParameter = TestPolicyPrams; + } + + bool InitHapTokenStubFuzzTest(const uint8_t* data, size_t size) + { + if ((data == nullptr) || (size == 0)) { + return false; + } + + AccessTokenFuzzData fuzzData(data, size); + HapInfoParcel hapInfoParcel; + HapPolicyParcel hapPolicyParcel; + ConstructorParam(fuzzData, hapInfoParcel, hapPolicyParcel); + + MessageParcel datas; + datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + if (!datas.WriteParcelable(&hapInfoParcel)) { + return false; + } + if (!datas.WriteParcelable(&hapPolicyParcel)) { + return false; + } + + uint32_t code = static_cast( + AccessTokenInterfaceCode::INIT_TOKEN_HAP); + + MessageParcel reply; + MessageOption option; + bool enable = ((size % CONSTANTS_NUMBER_TWO) == 0); + if (enable) { + setuid(CONSTANTS_NUMBER_TWO); + } + DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); + setuid(ROOT_UID); + + return true; + } +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::InitHapTokenStubFuzzTest(data, size); + return 0; +} diff --git a/test/fuzztest/services/accesstoken/initHapTokenstub_fuzzer/initHapTokenstub_fuzzer.h b/test/fuzztest/services/accesstoken/initHapTokenstub_fuzzer/initHapTokenstub_fuzzer.h new file mode 100644 index 000000000..12da2460a --- /dev/null +++ b/test/fuzztest/services/accesstoken/initHapTokenstub_fuzzer/initHapTokenstub_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_INITHAPTOKENSTUB_FUZZER_H +#define TEST_FUZZTEST_INITHAPTOKENSTUB_FUZZER_H + +#define FUZZ_PROJECT_NAME "initHapTokenstub_fuzzer" + +#endif // TEST_FUZZTEST_INITHAPTOKENSTUB_FUZZER_H diff --git a/test/fuzztest/services/accesstoken/initHapTokenstub_fuzzer/project.xml b/test/fuzztest/services/accesstoken/initHapTokenstub_fuzzer/project.xml new file mode 100644 index 000000000..7133b2b92 --- /dev/null +++ b/test/fuzztest/services/accesstoken/initHapTokenstub_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + -- Gitee From 0c9dcd7886a98fa9128c1612e1e55b952989e26a Mon Sep 17 00:00:00 2001 From: AXYChen Date: Sun, 25 Aug 2024 15:44:15 +0800 Subject: [PATCH 049/473] Signed-off-by: AXYChen Change-Id: I2c2e7cdaaeb68338bf7c1f436354437b05c6ea3e --- .../include/i_accesstoken_manager.h | 2 +- .../accesstoken/src/accesstoken_kit.cpp | 16 +++--- .../src/accesstoken_manager_client.cpp | 22 ++++---- .../src/accesstoken_manager_client.h | 2 +- .../src/accesstoken_manager_proxy.cpp | 48 ++++++++--------- .../src/accesstoken_manager_proxy.h | 2 +- .../service/accesstoken_manager_service.h | 2 +- .../service/accesstoken_manager_stub.h | 2 +- .../service/accesstoken_manager_service.cpp | 14 ++--- .../src/service/accesstoken_manager_stub.cpp | 52 +++++++++---------- 10 files changed, 83 insertions(+), 79 deletions(-) diff --git a/frameworks/accesstoken/include/i_accesstoken_manager.h b/frameworks/accesstoken/include/i_accesstoken_manager.h index 3a0c0e7d1..56ed1dcd8 100644 --- a/frameworks/accesstoken/include/i_accesstoken_manager.h +++ b/frameworks/accesstoken/include/i_accesstoken_manager.h @@ -83,6 +83,7 @@ public: virtual int32_t UnRegisterPermStateChangeCallback(const sptr& callback) = 0; #ifndef ATM_BUILD_VARIANT_USER_ENABLE virtual int32_t ReloadNativeTokenInfo() = 0; + virtual int32_t DumpPermDefInfo(std::string& tokenInfo) = 0; #endif virtual AccessTokenID GetNativeTokenId(const std::string& processName) = 0; @@ -103,7 +104,6 @@ public: virtual int SetPermDialogCap(const HapBaseInfoParcel& hapBaseInfoParcel, bool enable) = 0; virtual void DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& tokenInfo) = 0; - virtual int32_t DumpPermDefInfo(std::string& tokenInfo) = 0; virtual int32_t GetVersion(uint32_t& version) = 0; virtual void GetPermissionManagerInfo(PermissionGrantInfoParcel& infoParcel) = 0; virtual int32_t GetNativeTokenName(AccessTokenID tokenID, std::string& name) = 0; diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp index f550662cd..fdf4595dd 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp @@ -482,6 +482,16 @@ int32_t AccessTokenKit::ReloadNativeTokenInfo() #endif } +int32_t AccessTokenKit::DumpPermDefInfo(std::string& dumpInfo) +{ +#ifndef ATM_BUILD_VARIANT_USER_ENABLE + ACCESSTOKEN_LOG_DEBUG(LABEL, "Called."); + return AccessTokenManagerClient::GetInstance().DumpPermDefInfo(dumpInfo); +#else + return 0; +#endif +} + AccessTokenID AccessTokenKit::GetNativeTokenId(const std::string& processName) { if (!DataValidator::IsProcessNameValid(processName)) { @@ -565,12 +575,6 @@ void AccessTokenKit::DumpTokenInfo(const AtmToolsParamInfo& info, std::string& d AccessTokenManagerClient::GetInstance().DumpTokenInfo(info, dumpInfo); } -int32_t AccessTokenKit::DumpPermDefInfo(std::string& dumpInfo) -{ - ACCESSTOKEN_LOG_DEBUG(LABEL, "Called."); - return AccessTokenManagerClient::GetInstance().DumpPermDefInfo(dumpInfo); -} - int32_t AccessTokenKit::GetVersion(uint32_t& version) { return AccessTokenManagerClient::GetInstance().GetVersion(version); diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp index b37fbe187..43ababe98 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp @@ -490,6 +490,17 @@ int32_t AccessTokenManagerClient::ReloadNativeTokenInfo() } return proxy->ReloadNativeTokenInfo(); } + +int32_t AccessTokenManagerClient::DumpPermDefInfo(std::string& dumpInfo) +{ + auto proxy = GetProxy(); + if (proxy == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); + return AccessTokenError::ERR_SERVICE_ABNORMAL; + } + + return proxy->DumpPermDefInfo(dumpInfo); +} #endif AccessTokenID AccessTokenManagerClient::GetNativeTokenId(const std::string& processName) @@ -671,17 +682,6 @@ int32_t AccessTokenManagerClient::GetVersion(uint32_t& version) return proxy->GetVersion(version); } -int32_t AccessTokenManagerClient::DumpPermDefInfo(std::string& dumpInfo) -{ - auto proxy = GetProxy(); - if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); - return AccessTokenError::ERR_SERVICE_ABNORMAL; - } - - return proxy->DumpPermDefInfo(dumpInfo); -} - void AccessTokenManagerClient::InitProxy() { if (proxy_ == nullptr) { diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h index 7dbb33c4c..8db50df40 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h @@ -76,6 +76,7 @@ public: int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfo& nativeTokenInfoRes); #ifndef ATM_BUILD_VARIANT_USER_ENABLE int32_t ReloadNativeTokenInfo(); + int32_t DumpPermDefInfo(std::string& dumpInfo); #endif AccessTokenID GetNativeTokenId(const std::string& processName); int32_t RegisterPermStateChangeCallback( @@ -97,7 +98,6 @@ public: #endif void DumpTokenInfo(const AtmToolsParamInfo& info, std::string& dumpInfo); - int32_t DumpPermDefInfo(std::string& dumpInfo); int32_t GetVersion(uint32_t& version); void OnRemoteDiedHandle(); int32_t SetPermDialogCap(const HapBaseInfo& hapBaseInfo, bool enable); diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp index 274436c40..fe8f10727 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp @@ -873,6 +873,30 @@ int32_t AccessTokenManagerProxy::ReloadNativeTokenInfo() ACCESSTOKEN_LOG_INFO(LABEL, "Result from server (error=%{public}d).", result); return result; } + +int32_t AccessTokenManagerProxy::DumpPermDefInfo(std::string& dumpInfo) +{ + MessageParcel data; + if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { + ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + return ERR_WRITE_PARCEL_FAILED; + } + + MessageParcel reply; + if (!SendRequest(AccessTokenInterfaceCode::DUMP_PERM_DEFINITION_INFO, data, reply)) { + return ERR_SERVICE_ABNORMAL; + } + int32_t result = reply.ReadInt32(); + ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result); + if (result != RET_SUCCESS) { + return result; + } + if (!reply.ReadString(dumpInfo)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "ReadString failed."); + return ERR_READ_PARCEL_FAILED; + } + return result; +} #endif AccessTokenID AccessTokenManagerProxy::GetNativeTokenId(const std::string& processName) @@ -1183,30 +1207,6 @@ int32_t AccessTokenManagerProxy::GetVersion(uint32_t& version) return result; } -int32_t AccessTokenManagerProxy::DumpPermDefInfo(std::string& dumpInfo) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::DUMP_PERM_DEFINITION_INFO, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result); - if (result != RET_SUCCESS) { - return result; - } - if (!reply.ReadString(dumpInfo)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadString failed."); - return ERR_READ_PARCEL_FAILED; - } - return result; -} - int32_t AccessTokenManagerProxy::SetPermDialogCap(const HapBaseInfoParcel& hapBaseInfo, bool enable) { MessageParcel data; diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h index fd00b563a..33551cb18 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h @@ -76,6 +76,7 @@ public: int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoParcel& nativeTokenInfoRes) override; #ifndef ATM_BUILD_VARIANT_USER_ENABLE int32_t ReloadNativeTokenInfo() override; + int32_t DumpPermDefInfo(std::string& dumpInfo) override; #endif int32_t RegisterPermStateChangeCallback( const PermStateChangeScopeParcel& scope, const sptr& callback) override; @@ -97,7 +98,6 @@ public: int32_t SetPermDialogCap(const HapBaseInfoParcel& hapBaseInfo, bool enable) override; void DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& dumpInfo) override; - int32_t DumpPermDefInfo(std::string& dumpInfo) override; int32_t GetVersion(uint32_t& version) override; void GetPermissionManagerInfo(PermissionGrantInfoParcel& infoParcel) override; int32_t GetNativeTokenName(AccessTokenID tokenId, std::string& name) override; diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h index 7cf7d7519..09ac81b9d 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h @@ -79,6 +79,7 @@ public: int32_t UnRegisterPermStateChangeCallback(const sptr& callback) override; #ifndef ATM_BUILD_VARIANT_USER_ENABLE int32_t ReloadNativeTokenInfo() override; + int32_t DumpPermDefInfo(std::string& dumpInfo) override; #endif AccessTokenID GetNativeTokenId(const std::string& processName) override; @@ -99,7 +100,6 @@ public: void GetPermissionManagerInfo(PermissionGrantInfoParcel& infoParcel) override; int32_t GetNativeTokenName(AccessTokenID tokenID, std::string& name) override; void DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& dumpInfo) override; - int32_t DumpPermDefInfo(std::string& dumpInfo) override; int32_t GetVersion(uint32_t& version) override; int Dump(int fd, const std::vector& args) override; diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h index 7804b8a28..6ac0ce348 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h @@ -61,6 +61,7 @@ private: void UnRegisterPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply); #ifndef ATM_BUILD_VARIANT_USER_ENABLE void ReloadNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply); + void DumpPermDefInfoInner(MessageParcel& data, MessageParcel& reply); #endif void GetNativeTokenIdInner(MessageParcel& data, MessageParcel& reply); @@ -79,7 +80,6 @@ private: void SetPermissionOpFuncInMap(); void SetLocalTokenOpFuncInMap(); void DumpTokenInfoInner(MessageParcel& data, MessageParcel& reply); - void DumpPermDefInfoInner(MessageParcel& data, MessageParcel& reply); void GetVersionInner(MessageParcel& data, MessageParcel& reply); void SetPermDialogCapInner(MessageParcel& data, MessageParcel& reply); void GetPermissionManagerInfoInner(MessageParcel& data, MessageParcel& reply); diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index 2c2e7354c..80d30d830 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -432,6 +432,13 @@ int32_t AccessTokenManagerService::ReloadNativeTokenInfo() DumpTokenIfNeeded(); return ret; } + +int32_t AccessTokenManagerService::DumpPermDefInfo(std::string& dumpInfo) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "Called"); + + return PermissionManager::GetInstance().DumpPermDefInfo(dumpInfo); +} #endif AccessTokenID AccessTokenManagerService::GetNativeTokenId(const std::string& processName) @@ -541,13 +548,6 @@ int32_t AccessTokenManagerService::GetVersion(uint32_t& version) return RET_SUCCESS; } -int32_t AccessTokenManagerService::DumpPermDefInfo(std::string& dumpInfo) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "Called"); - - return PermissionManager::GetInstance().DumpPermDefInfo(dumpInfo); -} - int32_t AccessTokenManagerService::SetPermDialogCap(const HapBaseInfoParcel& hapBaseInfoParcel, bool enable) { AccessTokenIDEx tokenIdEx = AccessTokenInfoManager::GetInstance().GetHapTokenID( diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp index c2ff855ce..f0afe8e9f 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp @@ -622,6 +622,30 @@ void AccessTokenManagerStub::ReloadNativeTokenInfoInner(MessageParcel& data, Mes int32_t result = this->ReloadNativeTokenInfo(); reply.WriteInt32(result); } + +void AccessTokenManagerStub::DumpPermDefInfoInner(MessageParcel& data, MessageParcel& reply) +{ + if (!IsShellProcessCalling()) { + ACCESSTOKEN_LOG_ERROR(LABEL, "permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); + return; + } + std::string dumpInfo = ""; + int32_t result = this->DumpPermDefInfo(dumpInfo); + if (!reply.WriteInt32(result)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Write result failed."); + } + if (result != RET_SUCCESS) { + return; + } + + if (!reply.SetDataCapacity(DUMP_CAPACITY_SIZE)) { + ACCESSTOKEN_LOG_WARN(LABEL, "Set DataCapacity failed."); + } + if (!reply.WriteString(dumpInfo)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Write String failed."); + } +} #endif void AccessTokenManagerStub::GetNativeTokenIdInner(MessageParcel& data, MessageParcel& reply) @@ -818,30 +842,6 @@ void AccessTokenManagerStub::GetVersionInner(MessageParcel& data, MessageParcel& } } -void AccessTokenManagerStub::DumpPermDefInfoInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsShellProcessCalling()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); - return; - } - std::string dumpInfo = ""; - int32_t result = this->DumpPermDefInfo(dumpInfo); - if (!reply.WriteInt32(result)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Write result failed."); - } - if (result != RET_SUCCESS) { - return; - } - - if (!reply.SetDataCapacity(DUMP_CAPACITY_SIZE)) { - ACCESSTOKEN_LOG_WARN(LABEL, "Set DataCapacity failed."); - } - if (!reply.WriteString(dumpInfo)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Write String failed."); - } -} - void AccessTokenManagerStub::DumpTokenInfoInner(MessageParcel& data, MessageParcel& reply) { if (!IsShellProcessCalling()) { @@ -1002,6 +1002,8 @@ void AccessTokenManagerStub::SetLocalTokenOpFuncInMap() #ifndef ATM_BUILD_VARIANT_USER_ENABLE requestFuncMap_[static_cast(AccessTokenInterfaceCode::RELOAD_NATIVE_TOKEN_INFO)] = &AccessTokenManagerStub::ReloadNativeTokenInfoInner; + requestFuncMap_[static_cast(AccessTokenInterfaceCode::DUMP_PERM_DEFINITION_INFO)] = + &AccessTokenManagerStub::DumpPermDefInfoInner; #endif requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_NATIVE_TOKEN_ID)] = &AccessTokenManagerStub::GetNativeTokenIdInner; @@ -1045,8 +1047,6 @@ void AccessTokenManagerStub::SetPermissionOpFuncInMap() &AccessTokenManagerStub::UnRegisterPermStateChangeCallbackInner; requestFuncMap_[static_cast(AccessTokenInterfaceCode::DUMP_TOKENINFO)] = &AccessTokenManagerStub::DumpTokenInfoInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::DUMP_PERM_DEFINITION_INFO)] = - &AccessTokenManagerStub::DumpPermDefInfoInner; requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_VERSION)] = &AccessTokenManagerStub::GetVersionInner; requestFuncMap_[static_cast(AccessTokenInterfaceCode::SET_PERMISSION_REQUEST_TOGGLE_STATUS)] = -- Gitee From 9c564f5d0423966c098938cbf07dc24c93c034b3 Mon Sep 17 00:00:00 2001 From: lsq Date: Mon, 26 Aug 2024 17:59:23 +0800 Subject: [PATCH 050/473] =?UTF-8?q?=E8=A1=A5=E5=85=85=E6=B5=8B=E8=AF=95?= =?UTF-8?q?=E5=9C=BA=E6=99=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: lsq Change-Id: I6b4caa44d9777fd658b8387fbb3ef627d55a3490 --- .../test/unittest/src/edm_policy_set_test.cpp | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/edm_policy_set_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/edm_policy_set_test.cpp index eddf82b9d..02c51a3dc 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/edm_policy_set_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/edm_policy_set_test.cpp @@ -363,15 +363,20 @@ HWTEST_F(EdmPolicySetTest, UpdateUserPolicy004, TestSize.Level1) g_testHapInfoParams.userID = MOCK_USER_ID_10002; AccessTokenIDEx fullIdUser2; EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser2)); + g_testHapInfoParams.userID = MOCK_USER_ID_10003; + AccessTokenIDEx fullIdUser3; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser3)); UserState user1 = {.userId = MOCK_USER_ID_10001, .isActive = false}; UserState user2 = {.userId = MOCK_USER_ID_10002, .isActive = true}; - std::vector userListBefore = { user1, user2 }; + UserState user3 = {.userId = MOCK_USER_ID_10003, .isActive = true}; + std::vector userListBefore = { user1, user2, user3 }; std::vector permList = { INTERNET, LOCATION }; int32_t ret = AccessTokenKit::InitUserPolicy(userListBefore, permList); EXPECT_EQ(ret, 0); EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET), PERMISSION_DENIED); EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser3.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, LOCATION), PERMISSION_DENIED); EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, LOCATION), @@ -385,6 +390,7 @@ HWTEST_F(EdmPolicySetTest, UpdateUserPolicy004, TestSize.Level1) EXPECT_EQ(ret, 0); EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET), PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser3.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, LOCATION), PERMISSION_DENIED); EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, LOCATION), @@ -392,6 +398,7 @@ HWTEST_F(EdmPolicySetTest, UpdateUserPolicy004, TestSize.Level1) EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser1.tokenIdExStruct.tokenID)); EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser2.tokenIdExStruct.tokenID)); + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser3.tokenIdExStruct.tokenID)); int32_t res = AccessTokenKit::ClearUserPolicy(); EXPECT_EQ(res, 0); -- Gitee From 9d95b957df722cc9ebbaad9f1176b2a38637344d Mon Sep 17 00:00:00 2001 From: z00850677 Date: Thu, 22 Aug 2024 14:31:59 +0800 Subject: [PATCH 051/473] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E5=88=86=E5=B8=83?= =?UTF-8?q?=E5=BC=8F=E9=80=9A=E4=BF=A1=E6=9D=83=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: z00850677 --- frameworks/common/src/permission_map.cpp | 1 + .../accesstokenmanager/permission_definitions.json | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/frameworks/common/src/permission_map.cpp b/frameworks/common/src/permission_map.cpp index 1d06a9b4a..7e96af740 100644 --- a/frameworks/common/src/permission_map.cpp +++ b/frameworks/common/src/permission_map.cpp @@ -494,6 +494,7 @@ const static std::vector> g_permMap = { {"ohos.permission.ACCESS_IDM_WIDGET", false}, {"ohos.permission.MANAGE_ACCESSORY", false}, {"ohos.permission.COLLECT_ACCESSORY_LOG", false}, + {"ohos.permission.ACCESS_DISTRIBUTED_MODEM", false}, {"ohos.permission.GET_ETHERNET_LOCAL_MAC", false}, }; diff --git a/services/accesstokenmanager/permission_definitions.json b/services/accesstokenmanager/permission_definitions.json index 8ad497ea5..49941405b 100644 --- a/services/accesstokenmanager/permission_definitions.json +++ b/services/accesstokenmanager/permission_definitions.json @@ -4994,6 +4994,16 @@ "provisionEnable": true, "distributedSceneEnable": false }, + { + "name": "ohos.permission.ACCESS_DISTRIBUTED_MODEM", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 13, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, { "name": "ohos.permission.GET_ETHERNET_LOCAL_MAC", "grantMode": "system_grant", -- Gitee From 8cb721f7ca8aed6fe193a378c09fe79d101adb48 Mon Sep 17 00:00:00 2001 From: zengsiyu Date: Mon, 26 Aug 2024 22:03:57 +0800 Subject: [PATCH 052/473] adjust log level Signed-off-by: zengsiyu Change-Id: Ifdbd1131b4c746a12fa7fbf95228b9e54f4be96c --- .../src/el5_filekey_manager_service.cpp | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/services/el5filekeymanager/src/el5_filekey_manager_service.cpp b/services/el5filekeymanager/src/el5_filekey_manager_service.cpp index b663f4a3d..13e00a5ae 100644 --- a/services/el5filekeymanager/src/el5_filekey_manager_service.cpp +++ b/services/el5filekeymanager/src/el5_filekey_manager_service.cpp @@ -93,7 +93,7 @@ int32_t El5FilekeyManagerService::Init() #ifdef THEME_SCREENLOCK_MGR_ENABLE // screen is unlocked, sa is called by USER_REMOVED, auto stop in 30s. if (!ScreenLock::ScreenLockManager::GetInstance()->IsScreenLocked()) { - LOG_DEBUG("Init when screen is unlocked."); + LOG_INFO("Init when screen is unlocked."); PostDelayedUnloadTask(SCREEN_ON_DELAY_TIME); } #endif @@ -149,7 +149,7 @@ void El5FilekeyManagerService::CancelDelayedUnloadTask() int32_t El5FilekeyManagerService::AcquireAccess(DataLockType type) { - LOG_DEBUG("Acquire type %{public}d.", type); + LOG_INFO("Acquire type %{public}d.", type); bool isApp = true; int32_t ret = CheckReqLockPermission(type, isApp); if (ret != EFM_SUCCESS) { @@ -167,7 +167,7 @@ int32_t El5FilekeyManagerService::AcquireAccess(DataLockType type) int32_t El5FilekeyManagerService::ReleaseAccess(DataLockType type) { - LOG_DEBUG("Release type %{public}d.", type); + LOG_INFO("Release type %{public}d.", type); bool isApp = true; int32_t ret = CheckReqLockPermission(type, isApp); if (ret != EFM_SUCCESS) { @@ -185,7 +185,7 @@ int32_t El5FilekeyManagerService::ReleaseAccess(DataLockType type) int32_t El5FilekeyManagerService::GenerateAppKey(uint32_t uid, const std::string& bundleName, std::string& keyId) { - LOG_DEBUG("Generate app key for %{public}s.", bundleName.c_str()); + LOG_INFO("Generate app key for %{public}s.", bundleName.c_str()); if (IPCSkeleton::GetCallingUid() != INSTALLS_UID) { LOG_ERROR("Generate app key permission denied."); return EFM_ERR_NO_PERMISSION; @@ -202,7 +202,7 @@ int32_t El5FilekeyManagerService::GenerateAppKey(uint32_t uid, const std::string int32_t El5FilekeyManagerService::DeleteAppKey(const std::string& bundleName, int32_t userId) { - LOG_DEBUG("Delete %{public}d's %{public}s app key.", userId, bundleName.c_str()); + LOG_INFO("Delete %{public}d's %{public}s app key.", userId, bundleName.c_str()); if (userId < 0) { LOG_ERROR("UserId is invalid!"); return EFM_ERR_INVALID_PARAMETER; @@ -224,7 +224,7 @@ int32_t El5FilekeyManagerService::DeleteAppKey(const std::string& bundleName, in int32_t El5FilekeyManagerService::GetUserAppKey(int32_t userId, bool getAllFlag, std::vector> &keyInfos) { - LOG_DEBUG("Get user %{public}d app key.", userId); + LOG_INFO("Get user %{public}d app key.", userId); if (userId < 0) { LOG_ERROR("UserId is invalid!"); return EFM_ERR_INVALID_PARAMETER; @@ -246,7 +246,7 @@ int32_t El5FilekeyManagerService::GetUserAppKey(int32_t userId, bool getAllFlag, int32_t El5FilekeyManagerService::ChangeUserAppkeysLoadInfo(int32_t userId, std::vector> &loadInfos) { - LOG_DEBUG("Change user %{public}d load infos.", userId); + LOG_INFO("Change user %{public}d load infos.", userId); if (userId < 0) { LOG_ERROR("UserId is invalid!"); return EFM_ERR_INVALID_PARAMETER; @@ -268,7 +268,7 @@ int32_t El5FilekeyManagerService::ChangeUserAppkeysLoadInfo(int32_t userId, int32_t El5FilekeyManagerService::SetFilePathPolicy() { int32_t userId = IPCSkeleton::GetCallingUid() / USERID_MASK; - LOG_DEBUG("Set user %{public}d file path policy.", userId); + LOG_INFO("Set user %{public}d file path policy.", userId); if (!VerifyHapCallingProcess(userId, SET_POLICY_CALLER, IPCSkeleton::GetCallingTokenID())) { LOG_ERROR("Set file path policy permission denied."); return EFM_ERR_NO_PERMISSION; @@ -285,7 +285,7 @@ int32_t El5FilekeyManagerService::SetFilePathPolicy() int32_t El5FilekeyManagerService::RegisterCallback(const sptr &callback) { - LOG_DEBUG("Register callback."); + LOG_INFO("Register callback."); if (!VerifyNativeCallingProcess(FOUNDATION, IPCSkeleton::GetCallingTokenID())) { LOG_ERROR("Register callback permission denied."); return EFM_ERR_NO_PERMISSION; -- Gitee From f04a33a82516bec76035ae3e83b0d969f2484590 Mon Sep 17 00:00:00 2001 From: yeyuning Date: Mon, 26 Aug 2024 17:13:42 +0800 Subject: [PATCH 053/473] add permission Signed-off-by: yeyuning Change-Id: I8c79d5f1f344a98b4dc6a4d7e45866961e53ab26 --- frameworks/common/src/permission_map.cpp | 1 + .../accesstokenmanager/permission_definitions.json | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/frameworks/common/src/permission_map.cpp b/frameworks/common/src/permission_map.cpp index 30cf3ee2d..a54b059ef 100644 --- a/frameworks/common/src/permission_map.cpp +++ b/frameworks/common/src/permission_map.cpp @@ -497,6 +497,7 @@ const static std::vector> g_permMap = { {"ohos.permission.COLLECT_ACCESSORY_LOG", false}, {"ohos.permission.GET_ETHERNET_LOCAL_MAC", false}, {"ohos.permission.ALLOW_SHOW_NON_SECURE_WINDOWS", false}, + {"ohos.permission.GRANT_SHORT_TERM_WRITE_MEDIAVIDEO", false}, }; bool TransferPermissionToOpcode(const std::string& permission, uint32_t& opCode) diff --git a/services/accesstokenmanager/permission_definitions.json b/services/accesstokenmanager/permission_definitions.json index ce3844a9e..960b9c010 100644 --- a/services/accesstokenmanager/permission_definitions.json +++ b/services/accesstokenmanager/permission_definitions.json @@ -5023,6 +5023,16 @@ "deprecated": "", "provisionEnable": true, "distributedSceneEnable": false + }, + { + "name": "ohos.permission.GRANT_SHORT_TERM_WRITE_MEDIAVIDEO", + "grantMode": "system_grant", + "availableLevel": "system_core", + "availableType": "SYSTEM", + "since": 13, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false } ] } -- Gitee From a981cad0a26e4e2b7a4be5ebfcfddb609c7e95f6 Mon Sep 17 00:00:00 2001 From: y1585740638 Date: Tue, 27 Aug 2024 09:59:30 +0800 Subject: [PATCH 054/473] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E9=87=8D=E5=A4=8D?= =?UTF-8?q?=E7=94=B3=E8=AF=B7=E5=BC=B9=E7=AA=97=E9=97=AE=E9=A2=98=20?= =?UTF-8?q?=EF=BC=88cherry=20picked=20commit=20from=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- interfaces/kits/napi/accesstoken/src/napi_request_permission.cpp | 1 - 1 file changed, 1 deletion(-) diff --git a/interfaces/kits/napi/accesstoken/src/napi_request_permission.cpp b/interfaces/kits/napi/accesstoken/src/napi_request_permission.cpp index f6b8cc5cb..39b0ebe32 100644 --- a/interfaces/kits/napi/accesstoken/src/napi_request_permission.cpp +++ b/interfaces/kits/napi/accesstoken/src/napi_request_permission.cpp @@ -921,7 +921,6 @@ void RequestAsyncInstanceControl::ExecCallback(int32_t id) if (iter->second.empty()) { ACCESSTOKEN_LOG_INFO(LABEL, "Id: %{public}d, map is empty", id); instanceIdMap_.erase(id); - return; } } if (isDynamic) { -- Gitee From 65e107c43de6021960433e51cbd4c155f6b53173 Mon Sep 17 00:00:00 2001 From: lsq Date: Tue, 27 Aug 2024 12:47:49 +0800 Subject: [PATCH 055/473] Add GrantPermissionForSpecifiedTime Signed-off-by: chennian Change-Id: I6228d3be59d681409e0c1074764178299e07ca71 Signed-off-by: lsq --- README_zh.md | 1 + .../accesstoken_service_ipc_interface_code.h | 1 + .../include/i_accesstoken_manager.h | 2 + .../accesstoken/include/accesstoken_kit.h | 11 + .../accesstoken/libaccesstoken_sdk.map | 1 + .../accesstoken/src/accesstoken_kit.cpp | 16 ++ .../src/accesstoken_manager_client.cpp | 11 + .../src/accesstoken_manager_client.h | 2 + .../src/accesstoken_manager_proxy.cpp | 35 +++ .../src/accesstoken_manager_proxy.h | 2 + .../innerkits/accesstoken/test/BUILD.gn | 1 + .../accesstoken_kit_test.cpp | 109 ++++++++ .../unittest/src/accesstoken_deny_test.cpp | 19 +- .../src/accesstoken_kit_extension_test.cpp | 21 ++ .../unittest/src/accesstoken_kit_test.cpp | 1 - ...accesstoken_short_time_permission_test.cpp | 252 ++++++++++++++++++ .../accesstoken_short_time_permission_test.h | 34 +++ services/accesstokenmanager/BUILD.gn | 1 + .../include/permission/permission_manager.h | 6 +- .../include/permission/short_grant_manager.h | 64 +++++ .../service/accesstoken_manager_service.h | 4 + .../service/accesstoken_manager_stub.h | 1 + .../cpp/src/permission/permission_manager.cpp | 110 ++++---- .../src/permission/short_grant_manager.cpp | 179 +++++++++++++ .../service/accesstoken_manager_service.cpp | 16 ++ .../src/service/accesstoken_manager_stub.cpp | 27 ++ .../accesstokenmanager/test/coverage/BUILD.gn | 1 + .../accesstokenmanager/test/unittest/BUILD.gn | 3 + .../test/unittest/permission_manager_test.cpp | 12 +- .../unittest/short_grant_manager_test.cpp | 214 +++++++++++++++ .../test/unittest/short_grant_manager_test.h | 48 ++++ .../privacymanager/include/common/constant.h | 1 + .../privacymanager/src/common/constant.cpp | 2 + .../accesstoken/access_token_service_fuzz.gni | 1 + 34 files changed, 1153 insertions(+), 56 deletions(-) create mode 100644 interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_short_time_permission_test.cpp create mode 100644 interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_short_time_permission_test.h create mode 100644 services/accesstokenmanager/main/cpp/include/permission/short_grant_manager.h create mode 100644 services/accesstokenmanager/main/cpp/src/permission/short_grant_manager.cpp create mode 100644 services/accesstokenmanager/test/unittest/short_grant_manager_test.cpp create mode 100644 services/accesstokenmanager/test/unittest/short_grant_manager_test.h diff --git a/README_zh.md b/README_zh.md index f36a711f2..b354efdbc 100644 --- a/README_zh.md +++ b/README_zh.md @@ -75,6 +75,7 @@ ATM部件的架构图如下所示: | int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName); | 查询指定tokenID的应用的指定权限 | | int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag); | 授予指定tokenID的应用的指定权限 | | int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag); | 撤销指定tokenID的应用的指定权限 | +| int GrantPermissionForSpecifiedTime(AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime, uint32_t maxTime); | 授权指定tokenID的应用固定授权时间的指定权限 | | int ClearUserGrantedPermissionState(AccessTokenID tokenID); | 清空指定tokenID的应用的user_grant权限状态 | | uint64_t GetAccessTokenId(const char *processname, const char **dcap, int32_t dacpNum, const char *aplStr); | 创建获取native进程的tokenId | diff --git a/frameworks/accesstoken/include/accesstoken_service_ipc_interface_code.h b/frameworks/accesstoken/include/accesstoken_service_ipc_interface_code.h index 1d7573ac9..5efbcf6ab 100644 --- a/frameworks/accesstoken/include/accesstoken_service_ipc_interface_code.h +++ b/frameworks/accesstoken/include/accesstoken_service_ipc_interface_code.h @@ -34,6 +34,7 @@ enum class AccessTokenInterfaceCode { INIT_TOKEN_HAP, SET_PERMISSION_REQUEST_TOGGLE_STATUS, GET_PERMISSION_REQUEST_TOGGLE_STATUS, + GRANT_PERMISSION_FOR_SPECIFIEDTIME, GET_TOKEN_TYPE = 0x0010, CHECK_NATIVE_DCAP, diff --git a/frameworks/accesstoken/include/i_accesstoken_manager.h b/frameworks/accesstoken/include/i_accesstoken_manager.h index 525047124..3f6fc0f5b 100644 --- a/frameworks/accesstoken/include/i_accesstoken_manager.h +++ b/frameworks/accesstoken/include/i_accesstoken_manager.h @@ -65,6 +65,8 @@ public: AccessTokenID tokenID, std::vector& permListParcel) = 0; virtual int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) = 0; virtual int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) = 0; + virtual int GrantPermissionForSpecifiedTime( + AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime) = 0; virtual int ClearUserGrantedPermissionState(AccessTokenID tokenID) = 0; virtual AccessTokenIDEx AllocHapToken(const HapInfoParcel& hapInfo, const HapPolicyParcel& policyParcel) = 0; virtual int32_t InitHapToken(const HapInfoParcel& info, HapPolicyParcel& policy, diff --git a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h index 4cfc73af5..b97259aa6 100644 --- a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h +++ b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h @@ -72,6 +72,17 @@ public: * @return enum PermUsedTypeEnum, see access_token.h */ static PermUsedTypeEnum GetPermissionUsedType(AccessTokenID tokenID, const std::string& permissionName); + + /** + * @brief Grant input permission to input tokenID flag for specified time. + * @param tokenID token id + * @param permissionName permission name quote + * @param onceTime the time it takes to work, the unit is second. + * @return error code, see access_token_error.h + */ + static int GrantPermissionForSpecifiedTime( + AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime); + /** * @brief Create a unique hap token by input values. * @param info struct HapInfoParams quote, see hap_token_info.h diff --git a/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map b/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map index fc0122447..1479510ad 100644 --- a/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map +++ b/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map @@ -77,6 +77,7 @@ "OHOS::Security::AccessToken::TokenSyncCallback::~TokenSyncCallback()"; "OHOS::Security::AccessToken::TokenSyncKitInterface::TokenSyncKitInterface()"; "OHOS::Security::AccessToken::TokenSyncKitInterface::~TokenSyncKitInterface()"; + "OHOS::Security::AccessToken::AccessTokenKit::GrantPermissionForSpecifiedTime(unsigned int, std::__h::basic_string, std::__h::allocator> const&, unsigned int)"; ""; ""; }; diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp index 6e5a58035..4b9f720a4 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp @@ -52,6 +52,22 @@ PermUsedTypeEnum AccessTokenKit::GetPermissionUsedType( return AccessTokenManagerClient::GetInstance().GetPermissionUsedType(tokenID, permissionName); } +int AccessTokenKit::GrantPermissionForSpecifiedTime( + AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "TokenID=%{public}d, permissionName=%{public}s, onceTime=%{public}d.", + tokenID, permissionName.c_str(), onceTime); + if (tokenID == INVALID_TOKENID) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid tokenID"); + return AccessTokenError::ERR_PARAM_INVALID; + } + if (!DataValidator::IsPermissionNameValid(permissionName)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid permissionName"); + return AccessTokenError::ERR_PARAM_INVALID; + } + return AccessTokenManagerClient::GetInstance().GrantPermissionForSpecifiedTime(tokenID, permissionName, onceTime); +} + AccessTokenIDEx AccessTokenKit::AllocHapToken(const HapInfoParams& info, const HapPolicyParams& policy) { AccessTokenIDEx res = {0}; diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp index aae827cd7..8f6a1e5c6 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp @@ -242,6 +242,17 @@ int AccessTokenManagerClient::RevokePermission(AccessTokenID tokenID, const std: return proxy->RevokePermission(tokenID, permissionName, flag); } +int AccessTokenManagerClient::GrantPermissionForSpecifiedTime( + AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime) +{ + auto proxy = GetProxy(); + if (proxy == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + return AccessTokenError::ERR_SERVICE_ABNORMAL; + } + return proxy->GrantPermissionForSpecifiedTime(tokenID, permissionName, onceTime); +} + int AccessTokenManagerClient::ClearUserGrantedPermissionState(AccessTokenID tokenID) { auto proxy = GetProxy(); diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h index d0098ef51..307b74c80 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h @@ -63,6 +63,8 @@ public: int32_t GetPermissionsStatus(AccessTokenID tokenID, std::vector& permList); int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag); int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag); + int GrantPermissionForSpecifiedTime( + AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime); int ClearUserGrantedPermissionState(AccessTokenID tokenID); AccessTokenIDEx AllocHapToken(const HapInfoParams& info, const HapPolicyParams& policy); int32_t InitHapToken(const HapInfoParams& info, HapPolicyParams& policy, AccessTokenIDEx& fullTokenId); diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp index f0da3dce1..470058183 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp @@ -478,6 +478,41 @@ int AccessTokenManagerProxy::RevokePermission(AccessTokenID tokenID, const std:: return result; } +int AccessTokenManagerProxy::GrantPermissionForSpecifiedTime( + AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime) +{ + MessageParcel data; + if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { + ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + return ERR_WRITE_PARCEL_FAILED; + } + if (!data.WriteUint32(tokenID)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "WriteUint32 failed."); + return ERR_WRITE_PARCEL_FAILED; + } + if (!data.WriteString(permissionName)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "WriteString failed."); + return ERR_WRITE_PARCEL_FAILED; + } + if (!data.WriteUint32(onceTime)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "WriteUint32 failed."); + return ERR_WRITE_PARCEL_FAILED; + } + + MessageParcel reply; + if (!SendRequest(AccessTokenInterfaceCode::GRANT_PERMISSION_FOR_SPECIFIEDTIME, data, reply)) { + return ERR_SERVICE_ABNORMAL; + } + + int32_t result; + if (!reply.ReadInt32(result)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "ReadInt32 failed."); + return ERR_READ_PARCEL_FAILED; + } + ACCESSTOKEN_LOG_INFO(LABEL, "Result from server (result=%{public}d).", result); + return result; +} + int AccessTokenManagerProxy::ClearUserGrantedPermissionState(AccessTokenID tokenID) { MessageParcel data; diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h index 861722eb2..6410cda50 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h @@ -57,6 +57,8 @@ public: int32_t userID) override; int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) override; int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) override; + int GrantPermissionForSpecifiedTime( + AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime) override; PermissionOper GetSelfPermissionsState(std::vector& permListParcel, PermissionGrantInfoParcel& infoParcel) override; int32_t GetPermissionsStatus( diff --git a/interfaces/innerkits/accesstoken/test/BUILD.gn b/interfaces/innerkits/accesstoken/test/BUILD.gn index 33d8ab225..dcc38a7a9 100644 --- a/interfaces/innerkits/accesstoken/test/BUILD.gn +++ b/interfaces/innerkits/accesstoken/test/BUILD.gn @@ -40,6 +40,7 @@ ohos_unittest("libaccesstoken_sdk_test") { "unittest/src/accesstoken_kit_extension_test.cpp", "unittest/src/accesstoken_kit_test.cpp", "unittest/src/accesstoken_location_request_test.cpp", + "unittest/src/accesstoken_short_time_permission_test.cpp", "unittest/src/app_installation_optimized_test.cpp", "unittest/src/clone_app_permission_test.cpp", "unittest/src/edm_policy_set_test.cpp", diff --git a/interfaces/innerkits/accesstoken/test/unittest/accesstoken_mock_test/accesstoken_kit_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/accesstoken_mock_test/accesstoken_kit_test.cpp index df72c3428..9227abe69 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/accesstoken_mock_test/accesstoken_kit_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/accesstoken_mock_test/accesstoken_kit_test.cpp @@ -36,6 +36,25 @@ HapPolicyParams g_infoManagerTestPolicyPrams = { .apl = APL_NORMAL, .domain = "test.domain", }; +#ifdef TOKEN_SYNC_ENABLE +static const int32_t FAKE_SYNC_RET = 0xabcdef; +class TokenSyncCallbackImpl : public TokenSyncKitInterface { + int32_t GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID) const override + { + return FAKE_SYNC_RET; + }; + + int32_t DeleteRemoteHapTokenInfo(AccessTokenID tokenID) const override + { + return FAKE_SYNC_RET; + }; + + int32_t UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& tokenInfo) const override + { + return FAKE_SYNC_RET; + }; +}; +#endif } void AccessTokenKitTest::SetUpTestCase() { @@ -53,6 +72,19 @@ void AccessTokenKitTest::TearDown() { } +/** + * @tc.name: InitHapToken001 + * @tc.desc: InitHapToken with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenKitTest, InitHapToken001, TestSize.Level1) +{ + AccessTokenIDEx tokenIdEx = {0}; + int32_t ret = AccessTokenKit::InitHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams, tokenIdEx); + ASSERT_EQ(ret, AccessTokenError::ERR_SERVICE_ABNORMAL); +} + /** * @tc.name: AllocHapToken001 * @tc.desc: AllocHapToken with proxy is null @@ -150,6 +182,21 @@ HWTEST_F(AccessTokenKitTest, GetHapTokenID001, TestSize.Level1) ASSERT_EQ(INVALID_TOKENID, tokenId); } +/** + * @tc.name: GetHapTokenID001 + * @tc.desc: GetHapTokenIDEx with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenKitTest, GetHapTokenIDEx001, TestSize.Level1) +{ + int32_t userID = 0; + std::string bundleName = "test"; + int32_t instIndex = 0; + AccessTokenIDEx tokenIdEx = AccessTokenKit::GetHapTokenIDEx(userID, bundleName, instIndex); + ASSERT_EQ(INVALID_TOKENID, tokenIdEx.tokenIdExStruct.tokenID); +} + /** * @tc.name: GetHapTokenInfo001 * @tc.desc: GetHapTokenInfo with proxy is null @@ -313,6 +360,25 @@ HWTEST_F(AccessTokenKitTest, GetSelfPermissionsState001, TestSize.Level1) ASSERT_EQ(INVALID_OPER, AccessTokenKit::GetSelfPermissionsState(permList, info)); } +/** + * @tc.name: GetPermissionsStatus001 + * @tc.desc: GetPermissionsStatus with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenKitTest, GetPermissionsStatus001, TestSize.Level1) +{ + AccessTokenID tokenId = 123; + std::vector permsList; + PermissionListState perm = { + .permissionName = "ohos.permission.testPermDef1", + .state = SETTING_OPER + }; + permsList.emplace_back(perm); + ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, + AccessTokenKit::GetPermissionsStatus(tokenId, permsList)); +} + /** * @tc.name: GrantPermission001 * @tc.desc: GrantPermission with proxy is null @@ -495,8 +561,36 @@ HWTEST_F(AccessTokenKitTest, DeleteRemoteDeviceTokens001, TestSize.Level1) std::string device = "device"; ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::DeleteRemoteDeviceTokens(device)); } + +/** + * @tc.name: RegisterTokenSyncCallback001 + * @tc.desc: RegisterTokenSyncCallback with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenKitTest, RegisterTokenSyncCallback001, TestSize.Level1) +{ + std::shared_ptr callback = std::make_shared(); + EXPECT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::RegisterTokenSyncCallback(callback)); + EXPECT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::UnRegisterTokenSyncCallback()); +} #endif +/** + * @tc.name: DumpTokenInfo001 + * @tc.desc: DumpTokenInfo with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenKitTest, DumpTokenInfo001, TestSize.Level1) +{ + std::string dumpInfo; + AtmToolsParamInfo info; + info.tokenId = 123; + AccessTokenKit::DumpTokenInfo(info, dumpInfo); + ASSERT_EQ("", dumpInfo); +} + /** * @tc.name: SetPermDialogCap001 * @tc.desc: SetPermDialogCap with proxy is null @@ -521,6 +615,21 @@ HWTEST_F(AccessTokenKitTest, GetPermissionManagerInfo001, TestSize.Level1) AccessTokenKit::GetPermissionManagerInfo(info); ASSERT_EQ(true, info.grantBundleName.empty()); } + +/** + * @tc.name: GrantPermissionForSpecifiedTime001 + * @tc.desc: GrantPermissionForSpecifiedTime with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenKitTest, GrantPermissionForSpecifiedTime001, TestSize.Level1) +{ + AccessTokenID tokenId = 123; + std::string permission = "permission"; + uint32_t onceTime = 1; + ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, permission, onceTime)); +} } // namespace AccessToken } // namespace Security } diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_deny_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_deny_test.cpp index a7ba2d2ac..305feee40 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_deny_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_deny_test.cpp @@ -115,12 +115,12 @@ HWTEST_F(AccessTokenDenyTest, InitUserPolicy001, TestSize.Level1) /** - * @tc.name: UpdateUserPolicy002 + * @tc.name: UpdateUserPolicy001 * @tc.desc: UpdateUserPolicy without authorized. * @tc.type: FUNC * @tc.require:Issue Number */ -HWTEST_F(AccessTokenDenyTest, UpdateUserPolicy002, TestSize.Level1) +HWTEST_F(AccessTokenDenyTest, UpdateUserPolicy001, TestSize.Level1) { UserState user = {.userId = 100, .isActive = true}; // 100 is userId const std::vector userList = { user }; @@ -572,6 +572,21 @@ HWTEST_F(AccessTokenDenyTest, SetPermDialogCap001, TestSize.Level1) HapBaseInfo hapBaseInfo; ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::SetPermDialogCap(hapBaseInfo, true)); } + +/** + * @tc.name: GrantPermissionForSpecifiedTime001 + * @tc.desc: GrantPermissionForSpecifiedTime with no permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenDenyTest, GrantPermissionForSpecifiedTime001, TestSize.Level1) +{ + AccessTokenID tokenId = 123; + std::string permission = "permission"; + uint32_t onceTime = 1; + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, permission, onceTime)); +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_extension_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_extension_test.cpp index 76ae4eb6d..42a9b58e6 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_extension_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_extension_test.cpp @@ -703,6 +703,27 @@ HWTEST_F(AccessTokenKitExtensionTest, GetSelfPermissionsState004, TestSize.Level ASSERT_EQ(INVALID_OPER, AccessTokenKit::GetSelfPermissionsState(permsList4, info)); } +/** + * @tc.name: GetSelfPermissionsState005 + * @tc.desc: test noexist token id + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenKitExtensionTest, GetSelfPermissionsState005, TestSize.Level1) +{ + AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + EXPECT_EQ(0, SetSelfTokenID(tokenId)); + std::vector permsList4; + PermissionListState tmp = { + .permissionName = "ohos.permission.SHORT_TERM_WRITE_IMAGEVIDEO", // todo + .state = PASS_OPER + }; + permsList4.emplace_back(tmp); + PermissionGrantInfo info; + ASSERT_EQ(PASS_OPER, AccessTokenKit::GetSelfPermissionsState(permsList4, info)); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenId)); +} + /** * @tc.name: GetPermissionsStatus001 * @tc.desc: get different permissions status diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp index 57d4ddac5..8fa2079a2 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp @@ -3341,7 +3341,6 @@ HWTEST_F(AccessTokenKitTest, UserPolicyTest, TestSize.Level1) ret = AccessTokenKit::ClearUserPolicy(); EXPECT_EQ(ret, 0); } - } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_short_time_permission_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_short_time_permission_test.cpp new file mode 100644 index 000000000..587ea5d10 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_short_time_permission_test.cpp @@ -0,0 +1,252 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "accesstoken_short_time_permission_test.h" +#include "accesstoken_kit.h" +#include "access_token_error.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static const int32_t INDEX_ZERO = 0; +static std::string SHORT_TEMP_PERMISSION = "ohos.permission.SHORT_TERM_WRITE_IMAGEVIDEO"; // todo +static PermissionStateFull g_permiState = { + .permissionName = SHORT_TEMP_PERMISSION, + .isGeneral = true, + .resDeviceID = {"localC"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {1} +}; + +static HapPolicyParams g_policyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain", + .permStateList = {g_permiState} +}; + +static HapInfoParams g_infoParms = { + .userID = 1, + .bundleName = "AccessTokenShortTimePermTest", + .instIndex = 0, + .appIDDesc = "test.bundle", + .isSystemApp = true +}; +} + +static uint64_t GetNativeTokenTest(const char *processName, const char **perms, int32_t permNum) +{ + uint64_t tokenId; + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = permNum, + .aclsNum = 0, + .dcaps = nullptr, + .perms = perms, + .acls = nullptr, + .aplStr = "system_core", + .processName = processName, + }; + + tokenId = GetAccessTokenId(&infoInstance); + AccessTokenKit::ReloadNativeTokenInfo(); + return tokenId; +} + +static void NativeTokenGet() +{ + uint64_t tokenID; + const char **perms = new const char *[1]; // 1: array size + // todo + perms[INDEX_ZERO] = "ohos.permission.DISTRIBUTED_DATASYNC"; + + tokenID = GetNativeTokenTest("AccessTokenShortTimePermTest", perms, 1); // 1: array size + EXPECT_EQ(0, SetSelfTokenID(tokenID)); + delete[] perms; +} + +using namespace testing::ext; + +void AccessTokenShortTimePermTest::SetUpTestCase() +{ + NativeTokenGet(); + GTEST_LOG_(INFO) << "tokenID is " << GetSelfTokenID(); + GTEST_LOG_(INFO) << "uid is " << getuid(); +} + +void AccessTokenShortTimePermTest::TearDownTestCase() +{ +} + +void AccessTokenShortTimePermTest::SetUp() +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoParms.userID, + g_infoParms.bundleName, + g_infoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + AccessTokenKit::AllocHapToken(g_infoParms, g_policyPrams); +} + +void AccessTokenShortTimePermTest::TearDown() +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoParms.userID, + g_infoParms.bundleName, + g_infoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); +} + +/** + * @tc.name: GrantPermissionForSpecifiedTime001 + * @tc.desc: GrantPermissionForSpecifiedTime without invalid parameter. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(AccessTokenShortTimePermTest, GrantPermissionForSpecifiedTime001, TestSize.Level1) +{ + AccessTokenID tokenId = INVALID_TOKENID; + uint32_t onceTime = 0; + + /* 0 is invalid token id */ + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, "permission", onceTime)); + + tokenId = 123; + /* 0 is invalid permissionName length */ + const std::string invalidPerm1 = ""; + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, invalidPerm1, onceTime)); + + /* 256 is invalid permissionName length */ + const std::string invalidPerm2 (257, 'x'); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, invalidPerm2, onceTime)); + + /* 0 is invalid time */ + uint32_t invalidOnceTime1 = 0; + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, SHORT_TEMP_PERMISSION, invalidOnceTime1)); + + /* 301 is invalid time */ + uint32_t invalidOnceTime2 = 301; + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, SHORT_TEMP_PERMISSION, invalidOnceTime2)); +} + +/** + * @tc.name: GrantPermissionForSpecifiedTime003 + * @tc.desc: permission is not request. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(AccessTokenShortTimePermTest, GrantPermissionForSpecifiedTime003, TestSize.Level1) +{ + HapPolicyParams policyPrams = g_policyPrams; + HapInfoParams infoParms = g_infoParms; + policyPrams.permStateList.clear(); + + AccessTokenKit::AllocHapToken(infoParms, policyPrams); + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(infoParms.userID, + infoParms.bundleName, + infoParms.instIndex); + ASSERT_NE(INVALID_TOKENID, tokenID); + uint32_t onceTime = 10; // 10: 10s + + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenID, SHORT_TEMP_PERMISSION, onceTime)); +} + +/** + * @tc.name: GrantPermissionForSpecifiedTime002 + * @tc.desc: test unsupport permission. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(AccessTokenShortTimePermTest, GrantPermissionForSpecifiedTime002, TestSize.Level1) +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoParms.userID, + g_infoParms.bundleName, + g_infoParms.instIndex); + ASSERT_NE(INVALID_TOKENID, tokenID); + uint32_t onceTime = 10; // 10: 10s + std::string permission = "ohos.permission.CAMERA"; + + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenID, permission, onceTime)); +} + +/** + * @tc.name: GrantPermissionForSpecifiedTime004 + * @tc.desc: 1. The permission is granted when onceTime is not reached; + * 2. The permission is revoked after onceTime is reached. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(AccessTokenShortTimePermTest, GrantPermissionForSpecifiedTime004, TestSize.Level1) +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoParms.userID, + g_infoParms.bundleName, + g_infoParms.instIndex); + ASSERT_NE(INVALID_TOKENID, tokenID); + uint32_t onceTime = 2; + + ASSERT_EQ(RET_SUCCESS, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenID, SHORT_TEMP_PERMISSION, onceTime)); + + ASSERT_EQ(PermissionState::PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); + + sleep(onceTime); + + ASSERT_EQ(PermissionState::PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); +} + +/** + * @tc.name: GrantPermissionForSpecifiedTime005 + * @tc.desc: 1. The permission is granted when onceTime is not reached; + * 2. onceTime is update when GrantPermissionForSpecifiedTime is called twice. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(AccessTokenShortTimePermTest, GrantPermissionForSpecifiedTime005, TestSize.Level1) +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoParms.userID, + g_infoParms.bundleName, + g_infoParms.instIndex); + ASSERT_NE(INVALID_TOKENID, tokenID); + uint32_t onceTime = 3; + + ASSERT_EQ(RET_SUCCESS, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenID, SHORT_TEMP_PERMISSION, onceTime)); + sleep(onceTime - 1); + ASSERT_EQ(PermissionState::PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); + + // update onceTime + onceTime = 5; + ASSERT_EQ(RET_SUCCESS, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenID, SHORT_TEMP_PERMISSION, onceTime)); + + // first onceTime is reached, permission is not revoked + sleep(1); + ASSERT_EQ(PermissionState::PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); + + // second onceTime is reached, permission is revoked + sleep(onceTime - 1); + ASSERT_EQ(PermissionState::PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_short_time_permission_test.h b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_short_time_permission_test.h new file mode 100644 index 000000000..582341796 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_short_time_permission_test.h @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ACCESSTOKEN_KIT_SHORT_TIME_PERM_TEST_H +#define ACCESSTOKEN_KIT_SHORT_TIME_PERM_TEST_H + +#include + +namespace OHOS { +namespace Security { +namespace AccessToken { +class AccessTokenShortTimePermTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // ACCESSTOKEN_KIT_SHORT_TIME_PERM_TEST_H \ No newline at end of file diff --git a/services/accesstokenmanager/BUILD.gn b/services/accesstokenmanager/BUILD.gn index d73d33efb..8fa113966 100644 --- a/services/accesstokenmanager/BUILD.gn +++ b/services/accesstokenmanager/BUILD.gn @@ -85,6 +85,7 @@ if (is_standard_system) { "main/cpp/src/permission/permission_manager.cpp", "main/cpp/src/permission/permission_policy_set.cpp", "main/cpp/src/permission/permission_validator.cpp", + "main/cpp/src/permission/short_grant_manager.cpp", "main/cpp/src/permission/temp_permission_observer.cpp", "main/cpp/src/service/accesstoken_manager_service.cpp", "main/cpp/src/service/accesstoken_manager_stub.cpp", diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h index 3e2408952..55f5c52c7 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h @@ -73,8 +73,12 @@ public: int32_t GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status, int32_t userID); int32_t CheckAndUpdatePermission(AccessTokenID tokenID, const std::string& permissionName, bool isGranted, uint32_t flag); + int32_t UpdatePermission(AccessTokenID tokenID, const std::string& permissionName, + bool isGranted, uint32_t flag, bool needKill); int32_t GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag); int32_t RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag); + int32_t GrantPermissionForSpecifiedTime( + AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime); void GetSelfPermissionState(const std::vector& permsList, PermissionListState& permState, int32_t apiVersion); int32_t AddPermStateChangeCallback( @@ -110,7 +114,7 @@ private: const std::vector& tokenIDs, const std::vector& permList); int32_t ScopeFilter(const PermStateChangeScope& scopeSrc, PermStateChangeScope& scopeRes); int32_t UpdateTokenPermissionState( - AccessTokenID tokenID, const std::string& permissionName, bool isGranted, uint32_t flag); + AccessTokenID id, const std::string& permission, bool isGranted, uint32_t flag, bool needKill); std::string TransferPermissionDefToString(const PermissionDef& inPermissionDef); bool IsPermissionVaild(const std::string& permissionName); bool GetLocationPermissionIndex(std::vector& reqPermList, LocationIndex& locationIndex); diff --git a/services/accesstokenmanager/main/cpp/include/permission/short_grant_manager.h b/services/accesstokenmanager/main/cpp/include/permission/short_grant_manager.h new file mode 100644 index 000000000..4a6d4bf8e --- /dev/null +++ b/services/accesstokenmanager/main/cpp/include/permission/short_grant_manager.h @@ -0,0 +1,64 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +#ifndef SHORT_GRANT_MANAGER_H +#define SHORT_GRANT_MANAGER_H + +#include +#include +#include +#include + +#include "access_event_handler.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { + +using AccessTokenID = uint32_t; + +typedef struct { + AccessTokenID tokenID; + std::string permissionName; + uint32_t firstGrantTimes; + uint32_t currGrantTimes; +} PermTimerData; + +class ShortGrantManager { +public: + static ShortGrantManager& GetInstance(); + + void InitEventHandler(const std::shared_ptr& eventHandler); + + int RefreshPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime); + +private: + ShortGrantManager(); + ~ShortGrantManager() = default; + uint32_t GetCurrentTime(); + void ScheduleRevokeTask(AccessTokenID tokenID, const std::string& permission, + const std::string& taskName, uint32_t cancelTimes); + void ClearShortPermissionData(AccessTokenID tokenID, const std::string& permission); + bool CancelTaskOfPermissionRevoking(const std::string& taskName); + uint32_t maxTime_; + std::vector shortGrantData_; + std::mutex shortGrantDataMutex_; + std::shared_ptr eventHandler_; +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // SHORT_GRANT_MANAGER_H diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h index 4e8354aec..7f8fb379c 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h @@ -64,6 +64,8 @@ public: int32_t userID) override; int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) override; int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) override; + int GrantPermissionForSpecifiedTime( + AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime) override; int ClearUserGrantedPermissionState(AccessTokenID tokenID) override; int DeleteToken(AccessTokenID tokenID) override; int GetTokenType(AccessTokenID tokenID) override; @@ -116,6 +118,8 @@ private: #ifdef EVENTHANDLER_ENABLE std::shared_ptr eventRunner_; std::shared_ptr eventHandler_; + std::shared_ptr shortGrantEventRunner_; + std::shared_ptr shortGrantEventHandler_; #endif ServiceRunningState state_; std::string grantBundleName_; diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h index 02254cea9..20cf7565a 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h @@ -46,6 +46,7 @@ private: void GetPermissionRequestToggleStatusInner(MessageParcel& data, MessageParcel& reply); void GrantPermissionInner(MessageParcel& data, MessageParcel& reply); void RevokePermissionInner(MessageParcel& data, MessageParcel& reply); + void GrantPermissionForSpecifiedTimeInner(MessageParcel& data, MessageParcel& reply); void ClearUserGrantedPermissionStateInner(MessageParcel& data, MessageParcel& reply); void AllocHapTokenInner(MessageParcel& data, MessageParcel& reply); void InitHapTokenInner(MessageParcel& data, MessageParcel& reply); diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index 0496e125b..30233ef16 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -34,6 +34,7 @@ #include "ipc_skeleton.h" #include "parameter.h" #include "permission_definition_cache.h" +#include "short_grant_manager.h" #include "permission_map.h" #include "permission_validator.h" #ifdef TOKEN_SYNC_ENABLE @@ -59,7 +60,8 @@ static const std::vector g_notDisplayedPerms = { "ohos.permission.RECEIVE_WAP_MESSAGES", "ohos.permission.SEND_MESSAGES", "ohos.permission.READ_CALL_LOG", - "ohos.permission.WRITE_CALL_LOG" + "ohos.permission.WRITE_CALL_LOG", + "ohos.permission.SHORT_TERM_WRITE_IMAGEVIDEO" }; constexpr const char* APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM = "enterprise_mdm"; } @@ -589,14 +591,6 @@ void PermissionManager::NotifyWhenPermissionStateUpdated(AccessTokenID tokenID, // To notify the client cache to update by resetting paramValue_. ParamUpdate(permissionName, flag, false); - // To notify kill process when perm is revoke - if ((flag != PERMISSION_ALLOW_THIS_TIME) && (flag != PERMISSION_COMPONENT_SET)) { - if (!isGranted) { - ACCESSTOKEN_LOG_INFO(LABEL, "Perm(%{public}s) is revoked, kill process(%{public}u).", - permissionName.c_str(), tokenID); - AppManagerAccessClient::GetInstance().KillProcessesByAccessTokenId(tokenID); - } - } // DFX. HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK_EVENT", HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "CODE", USER_GRANT_PERMISSION_EVENT, @@ -606,76 +600,64 @@ void PermissionManager::NotifyWhenPermissionStateUpdated(AccessTokenID tokenID, } int32_t PermissionManager::UpdateTokenPermissionState( - AccessTokenID tokenID, const std::string& permissionName, bool isGranted, uint32_t flag) + AccessTokenID id, const std::string& permission, bool isGranted, uint32_t flag, bool needKill) { - std::shared_ptr infoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenID); + std::shared_ptr infoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(id); if (infoPtr == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "tokenInfo is null, tokenId=%{public}u", tokenID); + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenInfo is null, tokenId=%{public}u", id); return AccessTokenError::ERR_TOKENID_NOT_EXIST; } if (infoPtr->IsRemote()) { ACCESSTOKEN_LOG_ERROR(LABEL, "Remote token can not update"); return AccessTokenError::ERR_IDENTITY_CHECK_FAILED; } - if (flag == PERMISSION_ALLOW_THIS_TIME) { - if (isGranted) { - if (!TempPermissionObserver::GetInstance().IsAllowGrantTempPermission(tokenID, permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Grant permission failed, id:%{public}d, permissionName:%{public}s", - tokenID, permissionName.c_str()); - return ERR_IDENTITY_CHECK_FAILED; - } + if ((flag == PERMISSION_ALLOW_THIS_TIME) && isGranted) { + if (!TempPermissionObserver::GetInstance().IsAllowGrantTempPermission(id, permission)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Id:%{public}d fail to grant permission:%{public}s", id, permission.c_str()); + return ERR_IDENTITY_CHECK_FAILED; } } std::shared_ptr permPolicySet = infoPtr->GetHapInfoPermissionPolicySet(); if (permPolicySet == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "PolicySet is null, TokenID=%{public}d.", tokenID); + ACCESSTOKEN_LOG_ERROR(LABEL, "PolicySet is null, TokenID=%{public}d.", id); return AccessTokenError::ERR_PARAM_INVALID; } #ifdef SUPPORT_SANDBOX_APP int32_t hapDlpType = infoPtr->GetDlpType(); if (hapDlpType != DLP_COMMON) { - int32_t permDlpMode = DlpPermissionSetManager::GetInstance().GetPermDlpMode(permissionName); + int32_t permDlpMode = DlpPermissionSetManager::GetInstance().GetPermDlpMode(permission); if (!DlpPermissionSetManager::GetInstance().IsPermDlpModeAvailableToDlpHap(hapDlpType, permDlpMode)) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}u is not allowed to be granted permissionName %{public}s", - tokenID, permissionName.c_str()); + ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s cannot to be granted to %{public}u", permission.c_str(), id); return AccessTokenError::ERR_IDENTITY_CHECK_FAILED; } } #endif - int32_t statusBefore = permPolicySet->VerifyPermissionStatus(permissionName); - int32_t ret = permPolicySet->UpdatePermissionStatus(permissionName, isGranted, flag); + int32_t statusBefore = permPolicySet->VerifyPermissionStatus(permission); + int32_t ret = permPolicySet->UpdatePermissionStatus(permission, isGranted, flag); if (ret != RET_SUCCESS) { return ret; } - int32_t statusAfter = permPolicySet->VerifyPermissionStatus(permissionName); + int32_t statusAfter = permPolicySet->VerifyPermissionStatus(permission); if (statusAfter != statusBefore) { - NotifyWhenPermissionStateUpdated(tokenID, permissionName, isGranted, flag, infoPtr); + NotifyWhenPermissionStateUpdated(id, permission, isGranted, flag, infoPtr); + // To notify kill process when perm is revoke + if (needKill) { + ACCESSTOKEN_LOG_INFO(LABEL, "(%{public}s) is revoked, kill process(%{public}u).", permission.c_str(), id); + AppManagerAccessClient::GetInstance().KillProcessesByAccessTokenId(id); + } } #ifdef TOKEN_SYNC_ENABLE - TokenModifyNotifier::GetInstance().NotifyTokenModify(tokenID); + TokenModifyNotifier::GetInstance().NotifyTokenModify(id); #endif - AccessTokenInfoManager::GetInstance().ModifyHapPermStateFromDb(tokenID, permissionName); + AccessTokenInfoManager::GetInstance().ModifyHapPermStateFromDb(id, permission); return RET_SUCCESS; } -int32_t PermissionManager::CheckAndUpdatePermission(AccessTokenID tokenID, const std::string& permissionName, - bool isGranted, uint32_t flag) +int32_t PermissionManager::UpdatePermission(AccessTokenID tokenID, const std::string& permissionName, + bool isGranted, uint32_t flag, bool needKill) { - if (!PermissionValidator::IsPermissionNameValid(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "permissionName: %{pubic}s, Invalid params!", permissionName.c_str()); - return AccessTokenError::ERR_PARAM_INVALID; - } - if (!PermissionDefinitionCache::GetInstance().HasDefinition(permissionName)) { - ACCESSTOKEN_LOG_ERROR( - LABEL, "No definition for permission: %{public}s!", permissionName.c_str()); - return AccessTokenError::ERR_PERMISSION_NOT_EXIST; - } - if (!PermissionValidator::IsPermissionFlagValid(flag)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "flag: %{public}d, Invalid params!", flag); - return AccessTokenError::ERR_PARAM_INVALID; - } - int32_t ret = UpdateTokenPermissionState(tokenID, permissionName, isGranted, flag); + int32_t ret = UpdateTokenPermissionState(tokenID, permissionName, isGranted, flag, needKill); if (ret != RET_SUCCESS) { return ret; } @@ -685,7 +667,7 @@ int32_t PermissionManager::CheckAndUpdatePermission(AccessTokenID tokenID, const std::vector tokenIdList; AccessTokenInfoManager::GetInstance().GetRelatedSandBoxHapList(tokenID, tokenIdList); for (const auto& id : tokenIdList) { - (void)UpdateTokenPermissionState(id, permissionName, isGranted, flag); + (void)UpdateTokenPermissionState(id, permissionName, isGranted, flag, needKill); } #endif @@ -696,6 +678,33 @@ int32_t PermissionManager::CheckAndUpdatePermission(AccessTokenID tokenID, const return RET_SUCCESS; } +int32_t PermissionManager::CheckAndUpdatePermission(AccessTokenID tokenID, const std::string& permissionName, + bool isGranted, uint32_t flag) +{ + if (!PermissionValidator::IsPermissionNameValid(permissionName)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "permissionName: %{public}s, Invalid params!", permissionName.c_str()); + return AccessTokenError::ERR_PARAM_INVALID; + } + if (!PermissionDefinitionCache::GetInstance().HasDefinition(permissionName)) { + ACCESSTOKEN_LOG_ERROR( + LABEL, "No definition for permission: %{public}s!", permissionName.c_str()); + return AccessTokenError::ERR_PERMISSION_NOT_EXIST; + } + if (!PermissionValidator::IsPermissionFlagValid(flag)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "flag: %{public}d, Invalid params!", flag); + return AccessTokenError::ERR_PARAM_INVALID; + } + bool needKill = false; + // To kill process when perm is revoke + if (!isGranted && (flag != PERMISSION_ALLOW_THIS_TIME) && (flag != PERMISSION_COMPONENT_SET)) { + ACCESSTOKEN_LOG_INFO(LABEL, "Perm(%{public}s) is revoked, kill process(%{public}u).", + permissionName.c_str(), tokenID); + needKill = true; + } + + return UpdatePermission(tokenID, permissionName, isGranted, flag, needKill); +} + int32_t PermissionManager::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) { ACCESSTOKEN_LOG_INFO(LABEL, @@ -712,6 +721,15 @@ int32_t PermissionManager::RevokePermission(AccessTokenID tokenID, const std::st return CheckAndUpdatePermission(tokenID, permissionName, false, flag); } +int32_t PermissionManager::GrantPermissionForSpecifiedTime( + AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime) +{ + ACCESSTOKEN_LOG_INFO(LABEL, + "%{public}s called, tokenID: %{public}u, permissionName: %{public}s, onceTime: %{public}d", + __func__, tokenID, permissionName.c_str(), onceTime); + return ShortGrantManager::GetInstance().RefreshPermission(tokenID, permissionName, onceTime); +} + void PermissionManager::ScopeToString( const std::vector& tokenIDs, const std::vector& permList) { diff --git a/services/accesstokenmanager/main/cpp/src/permission/short_grant_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/short_grant_manager.cpp new file mode 100644 index 000000000..ecc2f227f --- /dev/null +++ b/services/accesstokenmanager/main/cpp/src/permission/short_grant_manager.cpp @@ -0,0 +1,179 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "short_grant_manager.h" + +#include +#include +#include + +#include "access_token.h" +#include "access_token_error.h" +#include "permission_manager.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "ShortGrantManager"}; +std::recursive_mutex g_instanceMutex; +static constexpr int32_t DEFAULT_MAX_TIME_MILLISECONDS = 30 * 60; // 30 minutes +static constexpr int32_t DEFAULT_MAX_ONCE_TIME_MILLISECONDS = 5 * 60; // 5 minutes +static const std::string TASK_NAME_SHORT_GRANT_PERMISSION = "atm_permission_manager_short_grant"; +static const std::vector g_shortGrantPermission = { + "ohos.permission.SHORT_TERM_WRITE_IMAGEVIDEO" +}; + +ShortGrantManager& ShortGrantManager::GetInstance() +{ + static ShortGrantManager* instance = nullptr; + if (instance == nullptr) { + std::lock_guard lock(g_instanceMutex); + if (instance == nullptr) { + instance = new ShortGrantManager(); + } + } + return *instance; +} + +void ShortGrantManager::InitEventHandler(const std::shared_ptr& eventHandler) +{ + eventHandler_ = eventHandler; +} + +bool ShortGrantManager::CancelTaskOfPermissionRevoking(const std::string& taskName) +{ +#ifdef EVENTHANDLER_ENABLE + if (eventHandler_ == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Fail to get EventHandler"); + return false; + } + + ACCESSTOKEN_LOG_INFO(LABEL, "Revoke permission task name:%{public}s", taskName.c_str()); + eventHandler_->ProxyRemoveTask(taskName); + return true; +#else + ACCESSTOKEN_LOG_WARN(LABEL, "EventHandler is not existed"); + return false; +#endif +} + +int ShortGrantManager::RefreshPermission(AccessTokenID tokenID, const std::string& permission, uint32_t onceTime) +{ + if (tokenID == 0 || onceTime == 0 || onceTime > DEFAULT_MAX_ONCE_TIME_MILLISECONDS || onceTime > maxTime_) { + ACCESSTOKEN_LOG_ERROR(LABEL, + "Input invalid, tokenID is: %{public}d, onceTime is %{public}u!", tokenID, onceTime); + return AccessTokenError::ERR_PARAM_INVALID; + } + std::string taskName = TASK_NAME_SHORT_GRANT_PERMISSION + std::to_string(tokenID) + permission; + std::unique_lock lck(shortGrantDataMutex_); + + auto iter = std::find_if( + shortGrantData_.begin(), shortGrantData_.end(), [tokenID, permission](const PermTimerData& data) { + return data.tokenID == tokenID && data.permissionName == permission; + }); + + if (iter == shortGrantData_.end()) { + auto iterator = std::find(g_shortGrantPermission.begin(), g_shortGrantPermission.end(), permission); + if (iterator == g_shortGrantPermission.end()) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Permission is not available to short grant: %{public}s!", permission.c_str()); + return AccessTokenError::ERR_PARAM_INVALID; + } + PermTimerData data; + data.tokenID = tokenID; + data.permissionName = permission; + data.firstGrantTimes = GetCurrentTime(); + data.currGrantTimes = data.firstGrantTimes; + shortGrantData_.emplace_back(data); + int32_t ret = PermissionManager::GetInstance().GrantPermission(tokenID, permission, PERMISSION_USER_FIXED); + if (ret != RET_SUCCESS) { + ACCESSTOKEN_LOG_ERROR(LABEL, "GrantPermission failed result %{public}d", ret); + return ret; + } + ShortGrantManager::GetInstance().ScheduleRevokeTask(tokenID, permission, taskName, onceTime); + return RET_SUCCESS; + } + + uint32_t maxRemainedTime = maxTime_ - (GetCurrentTime() - iter->firstGrantTimes); + uint32_t currRemainedTime = GetCurrentTime() - iter->currGrantTimes; + uint32_t cancelTimes = (maxRemainedTime > onceTime) ? onceTime : maxRemainedTime; + if (cancelTimes > currRemainedTime) { + iter->currGrantTimes = GetCurrentTime(); + ShortGrantManager::GetInstance().CancelTaskOfPermissionRevoking(taskName); + int32_t ret = PermissionManager::GetInstance().GrantPermission(tokenID, permission, PERMISSION_USER_FIXED); + if (ret != RET_SUCCESS) { + ACCESSTOKEN_LOG_ERROR(LABEL, "GrantPermission failed result %{public}d", ret); + return ret; + } + ShortGrantManager::GetInstance().ScheduleRevokeTask(iter->tokenID, iter->permissionName, taskName, cancelTimes); + } + return RET_SUCCESS; +} + +void ShortGrantManager::ClearShortPermissionData(AccessTokenID tokenID, const std::string& permission) +{ + std::unique_lock lck(shortGrantDataMutex_); + auto item = shortGrantData_.begin(); + while (item != shortGrantData_.end()) { + if (item->tokenID == tokenID && item->permissionName == permission) { + // revoke without kill the app + if (PermissionManager::GetInstance().UpdatePermission( + tokenID, permission, false, PERMISSION_USER_FIXED, false) != RET_SUCCESS) { + ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID:%{public}d revoke permission:%{public}s failed!", + tokenID, permission.c_str()); + return; + } + // clear data + shortGrantData_.erase(item); + break; + } else { + ++item; + } + } +} + +void ShortGrantManager::ScheduleRevokeTask(AccessTokenID tokenID, const std::string& permission, + const std::string& taskName, uint32_t cancelTimes) +{ +#ifdef EVENTHANDLER_ENABLE + if (eventHandler_ == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Fail to get EventHandler"); + return; + } + + ACCESSTOKEN_LOG_INFO(LABEL, "Add permission task name:%{public}s", taskName.c_str()); + + std::function delayed = ([tokenID, permission]() { + ShortGrantManager::GetInstance().ClearShortPermissionData(tokenID, permission); + ACCESSTOKEN_LOG_INFO(LABEL, + "Token: %{public}d, permission: %{public}s, delay revoke permission end.", tokenID, permission.c_str()); + }); + eventHandler_->ProxyPostTask(delayed, taskName, cancelTimes * 1000); // 1000 means to ms + return; +#else + ACCESSTOKEN_LOG_WARN(LABEL, "eventHandler is not existed"); + return; +#endif +} + +uint32_t ShortGrantManager::GetCurrentTime() +{ + return static_cast(std::chrono::system_clock::now().time_since_epoch() / std::chrono::seconds(1)); +} + +ShortGrantManager::ShortGrantManager() : maxTime_(DEFAULT_MAX_TIME_MILLISECONDS) +{} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index 7bb7605c0..fa9129419 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -44,6 +44,7 @@ #ifndef COMMON_EVENT_SERVICE_ENABLE #include "privacy_kit.h" #endif // COMMON_EVENT_SERVICE_ENABLE +#include "short_grant_manager.h" #include "string_ex.h" #include "system_ability_definition.h" #include "permission_definition_parser.h" @@ -288,6 +289,13 @@ int AccessTokenManagerService::RevokePermission(AccessTokenID tokenID, const std return PermissionManager::GetInstance().RevokePermission(tokenID, permissionName, flag); } +int AccessTokenManagerService::GrantPermissionForSpecifiedTime( + AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime) +{ + int32_t ret = PermissionManager::GetInstance().GrantPermissionForSpecifiedTime(tokenID, permissionName, onceTime); + return ret; +} + int AccessTokenManagerService::ClearUserGrantedPermissionState(AccessTokenID tokenID) { ACCESSTOKEN_LOG_INFO(LABEL, "TokenID: %{public}d", tokenID); @@ -678,6 +686,14 @@ bool AccessTokenManagerService::Initialize() } eventHandler_ = std::make_shared(eventRunner_); TempPermissionObserver::GetInstance().InitEventHandler(eventHandler_); + + shortGrantEventRunner_ = AppExecFwk::EventRunner::Create(true, AppExecFwk::ThreadMode::FFRT); + if (!shortGrantEventRunner_) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to create a shortGrantEventRunner_."); + return false; + } + shortGrantEventHandler_ = std::make_shared(shortGrantEventRunner_); + ShortGrantManager::GetInstance().InitEventHandler(shortGrantEventHandler_); #endif #ifdef SUPPORT_SANDBOX_APP diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp index a26a7f607..22f2654fe 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp @@ -43,6 +43,8 @@ const std::string GRANT_SENSITIVE_PERMISSIONS = "ohos.permission.GRANT_SENSITIVE const std::string REVOKE_SENSITIVE_PERMISSIONS = "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS"; const std::string GET_SENSITIVE_PERMISSIONS = "ohos.permission.GET_SENSITIVE_PERMISSIONS"; const std::string DISABLE_PERMISSION_DIALOG = "ohos.permission.DISABLE_PERMISSION_DIALOG"; +const std::string GRANT_SHORT_TERM_WRITE_MEDIAVIDEO = "ohos.permission.GRANT_SHORT_TERM_WRITE_MEDIAVIDEO"; + #ifdef HICOLLIE_ENABLE constexpr uint32_t TIMEOUT = 40; // 40s #endif // HICOLLIE_ENABLE @@ -383,6 +385,29 @@ void AccessTokenManagerStub::RevokePermissionInner(MessageParcel& data, MessageP reply.WriteInt32(result); } +void AccessTokenManagerStub::GrantPermissionForSpecifiedTimeInner(MessageParcel& data, MessageParcel& reply) +{ + unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP); + return; + } + AccessTokenID tokenID = data.ReadUint32(); + std::string permissionName = data.ReadString(); + uint32_t onceTime = data.ReadUint32(); + if (!IsPrivilegedCalling() && + VerifyAccessToken(callingTokenID, GRANT_SHORT_TERM_WRITE_MEDIAVIDEO) == PERMISSION_DENIED) { + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", + HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, + "CALLER_TOKENID", callingTokenID, "PERMISSION_NAME", permissionName); + ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID); + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); + return; + } + int result = this->GrantPermissionForSpecifiedTime(tokenID, permissionName, onceTime); + reply.WriteInt32(result); +} + void AccessTokenManagerStub::ClearUserGrantedPermissionStateInner(MessageParcel& data, MessageParcel& reply) { uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); @@ -1130,6 +1155,8 @@ void AccessTokenManagerStub::SetPermissionOpFuncInMap() &AccessTokenManagerStub::GrantPermissionInner; requestFuncMap_[static_cast(AccessTokenInterfaceCode::REVOKE_PERMISSION)] = &AccessTokenManagerStub::RevokePermissionInner; + requestFuncMap_[static_cast(AccessTokenInterfaceCode::GRANT_PERMISSION_FOR_SPECIFIEDTIME)] = + &AccessTokenManagerStub::GrantPermissionForSpecifiedTimeInner; requestFuncMap_[static_cast(AccessTokenInterfaceCode::CLEAR_USER_GRANT_PERMISSION)] = &AccessTokenManagerStub::ClearUserGrantedPermissionStateInner; requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_PERMISSION_OPER_STATE)] = diff --git a/services/accesstokenmanager/test/coverage/BUILD.gn b/services/accesstokenmanager/test/coverage/BUILD.gn index a7e483818..6b9b5e5b3 100644 --- a/services/accesstokenmanager/test/coverage/BUILD.gn +++ b/services/accesstokenmanager/test/coverage/BUILD.gn @@ -31,6 +31,7 @@ accesstoken_manager_service_source = [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_grant_event.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/short_grant_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_definition_parser.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp", diff --git a/services/accesstokenmanager/test/unittest/BUILD.gn b/services/accesstokenmanager/test/unittest/BUILD.gn index 9b79b7974..ca65c69eb 100644 --- a/services/accesstokenmanager/test/unittest/BUILD.gn +++ b/services/accesstokenmanager/test/unittest/BUILD.gn @@ -31,6 +31,7 @@ accesstoken_manager_service_source = [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_grant_event.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/short_grant_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_definition_parser.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp", @@ -87,7 +88,9 @@ ohos_unittest("libaccesstoken_manager_service_standard_test") { "permission_definition_parser_test.cpp", "permission_grant_event_test.cpp", "permission_manager_test.cpp", + "short_grant_manager_test.cpp", ] + sources += accesstoken_manager_service_source cflags_cc = [ "-DHILOG_ENABLE" ] diff --git a/services/accesstokenmanager/test/unittest/permission_manager_test.cpp b/services/accesstokenmanager/test/unittest/permission_manager_test.cpp index 6b0e4b587..c94f2603d 100644 --- a/services/accesstokenmanager/test/unittest/permission_manager_test.cpp +++ b/services/accesstokenmanager/test/unittest/permission_manager_test.cpp @@ -1371,7 +1371,7 @@ HWTEST_F(PermissionManagerTest, UpdateTokenPermissionState002, TestSize.Level1) uint32_t flag = 0; // tokenId invalid ASSERT_EQ(AccessTokenError::ERR_TOKENID_NOT_EXIST, PermissionManager::GetInstance().UpdateTokenPermissionState( - tokenId, permissionName, isGranted, flag)); + tokenId, permissionName, isGranted, flag, true)); HapInfoParams info = { .userID = USER_ID, @@ -1392,12 +1392,12 @@ HWTEST_F(PermissionManagerTest, UpdateTokenPermissionState002, TestSize.Level1) infoPtr->SetRemote(true); // remote token is true ASSERT_EQ(AccessTokenError::ERR_IDENTITY_CHECK_FAILED, PermissionManager::GetInstance().UpdateTokenPermissionState( - tokenId, permissionName, isGranted, flag)); + tokenId, permissionName, isGranted, flag, true)); infoPtr->SetRemote(false); // permission not in list ASSERT_EQ(ERR_PARAM_INVALID, PermissionManager::GetInstance().UpdateTokenPermissionState(tokenId, - permissionName, isGranted, flag)); + permissionName, isGranted, flag, true)); ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenId)); } @@ -1438,15 +1438,15 @@ HWTEST_F(PermissionManagerTest, UpdateTokenPermissionState003, TestSize.Level1) flag = PERMISSION_ALLOW_THIS_TIME; ASSERT_EQ(RET_SUCCESS, PermissionManager::GetInstance().UpdateTokenPermissionState( - tokenId, permissionName, false, flag)); + tokenId, permissionName, false, flag, true)); flag = PERMISSION_COMPONENT_SET; ASSERT_EQ(RET_SUCCESS, PermissionManager::GetInstance().UpdateTokenPermissionState( - tokenId, permissionName, false, flag)); + tokenId, permissionName, false, flag, true)); flag = PERMISSION_USER_FIXED; ASSERT_EQ(RET_SUCCESS, PermissionManager::GetInstance().UpdateTokenPermissionState( - tokenId, permissionName, false, flag)); + tokenId, permissionName, false, flag, true)); ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenId)); } diff --git a/services/accesstokenmanager/test/unittest/short_grant_manager_test.cpp b/services/accesstokenmanager/test/unittest/short_grant_manager_test.cpp new file mode 100644 index 000000000..b63ebdde0 --- /dev/null +++ b/services/accesstokenmanager/test/unittest/short_grant_manager_test.cpp @@ -0,0 +1,214 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "short_grant_manager_test.h" + +#include "access_token.h" +#include "access_token_error.h" +#include "accesstoken_info_manager.h" +#include "permission_definition_cache.h" + +#define private public +#include "short_grant_manager.h" +#undef private + +using namespace testing::ext; +using namespace OHOS; + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static std::string SHORT_TEMP_PERMISSION = "ohos.permission.SHORT_TERM_WRITE_IMAGEVIDEO"; // todo +static PermissionStateFull g_permiState = { + .permissionName = SHORT_TEMP_PERMISSION, + .isGeneral = true, + .resDeviceID = {"localC"}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .grantFlags = {1} +}; + +static HapPolicyParams g_policyParams = { + .apl = APL_NORMAL, + .domain = "test.domain", + .permStateList = {g_permiState} +}; + +static HapInfoParams g_infoParms = { + .userID = 1, + .bundleName = "AccessTokenShortTimePermTest", + .instIndex = 0, + .appIDDesc = "test.bundle", + .isSystemApp = true +}; +} + +void ShortGrantManagerTest::SetUpTestCase() +{ +} + +void ShortGrantManagerTest::TearDownTestCase() +{ +} + +void ShortGrantManagerTest::SetUp() +{ + shortGrantEventRunner_ = AppExecFwk::EventRunner::Create(true, AppExecFwk::ThreadMode::FFRT); + if (!shortGrantEventRunner_) { + return; + } + shortGrantEventHandler_ = std::make_shared(shortGrantEventRunner_); + ShortGrantManager::GetInstance().InitEventHandler(shortGrantEventHandler_); + + PermissionDef permDefAlpha = { + .permissionName = "ohos.permission.SHORT_TERM_WRITE_IMAGEVIDEO", + .bundleName = "accesstoken_test", + .grantMode = 1, + .availableLevel = APL_NORMAL, + .label = "label", + .labelId = 1, + .description = "annoying", + .descriptionId = 1 + }; + PermissionDefinitionCache::GetInstance().Insert(permDefAlpha, 537719865); // 537719865 means a tokenId. +} + +void ShortGrantManagerTest::TearDown() +{ +} + +/** + * @tc.name: RefreshPermission001 + * @tc.desc: 1. The permission is granted when onceTime is not reached; + * 2. The permission is revoked after onceTime is reached. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(ShortGrantManagerTest, RefreshPermission001, TestSize.Level1) +{ + AccessTokenIDEx tokenIdEx = {0}; + int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoParms, g_policyParams, tokenIdEx); + ASSERT_EQ(RET_SUCCESS, ret); + + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ASSERT_NE(INVALID_TOKENID, tokenID); + uint32_t onceTime = 10; + + ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, onceTime); + ASSERT_EQ(RET_SUCCESS, ret); + + ASSERT_EQ(PERMISSION_GRANTED, PermissionManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); + + sleep(onceTime + 1); + EXPECT_EQ(PERMISSION_DENIED, PermissionManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); + + ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); +} + +/** + * @tc.name: RefreshPermission002 + * @tc.desc: 1. set onceTime is equal to maxTime; + * 2. set onceTime is over maxTime. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(ShortGrantManagerTest, RefreshPermission002, TestSize.Level1) +{ + const uint32_t maxTime = 10; // 10s + ShortGrantManager::GetInstance().maxTime_ = maxTime; + AccessTokenIDEx tokenIdEx = {0}; + int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoParms, g_policyParams, tokenIdEx); + ASSERT_EQ(RET_SUCCESS, ret); + + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ASSERT_NE(INVALID_TOKENID, tokenID); + + // onceTime = maxTime + ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, maxTime); + ASSERT_EQ(RET_SUCCESS, ret); + + sleep(maxTime - 1); + ASSERT_EQ(PERMISSION_GRANTED, PermissionManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); + + sleep(1 + 1); + ASSERT_EQ(PERMISSION_DENIED, PermissionManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); + + // onceTime = maxTime + 1 + ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, maxTime + 1); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); + + sleep(maxTime + 2); + ASSERT_EQ(PERMISSION_DENIED, PermissionManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); + + ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); +} + +/** + * @tc.name: RefreshPermission003 + * @tc.desc: 1. remaminTime is less + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(ShortGrantManagerTest, RefreshPermission003, TestSize.Level1) +{ + const uint32_t maxTime = 10; // 10s + ShortGrantManager::GetInstance().maxTime_ = maxTime; + AccessTokenIDEx tokenIdEx = {0}; + int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoParms, g_policyParams, tokenIdEx); + ASSERT_EQ(RET_SUCCESS, ret); + + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ASSERT_NE(INVALID_TOKENID, tokenID); + + // first set 3s + uint32_t onceTime = 3; + ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, onceTime); + ASSERT_EQ(RET_SUCCESS, ret); + + sleep(onceTime - 1); + ASSERT_EQ(PERMISSION_GRANTED, PermissionManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); + + ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, onceTime); + ASSERT_EQ(RET_SUCCESS, ret); + + // second set 3s + ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, onceTime); + ASSERT_EQ(RET_SUCCESS, ret); + + sleep(onceTime - 1); + ASSERT_EQ(PERMISSION_GRANTED, PermissionManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); + + // thirdth set 3s + ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, onceTime); + ASSERT_EQ(RET_SUCCESS, ret); + + sleep(onceTime - 1); + ASSERT_EQ(PERMISSION_GRANTED, PermissionManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); + + // fourth set 5s + ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, onceTime); + ASSERT_EQ(RET_SUCCESS, ret); + + sleep(onceTime + 1); + ASSERT_EQ(PERMISSION_DENIED, PermissionManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); + + ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/services/accesstokenmanager/test/unittest/short_grant_manager_test.h b/services/accesstokenmanager/test/unittest/short_grant_manager_test.h new file mode 100644 index 000000000..0195b8e07 --- /dev/null +++ b/services/accesstokenmanager/test/unittest/short_grant_manager_test.h @@ -0,0 +1,48 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SHORT_GRANT_MANAGER_TEST_H +#define SHORT_GRANT_MANAGER_TEST_H + +#include +#define private public +#include "accesstoken_manager_service.h" +#include "permission_manager.h" +#undef private +#ifdef EVENTHANDLER_ENABLE +#include "access_event_handler.h" +#endif + +namespace OHOS { +namespace Security { +namespace AccessToken { +class ShortGrantManagerTest : public testing::Test { +public: + static void SetUpTestCase(); + + static void TearDownTestCase(); + + void SetUp(); + + void TearDown(); + + sptr accessTokenService_ = nullptr; + std::shared_ptr shortGrantEventRunner_; + std::shared_ptr shortGrantEventHandler_; +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // SHORT_GRANT_MANAGER_TEST_H diff --git a/services/privacymanager/include/common/constant.h b/services/privacymanager/include/common/constant.h index 2087ac6ba..6aa914720 100644 --- a/services/privacymanager/include/common/constant.h +++ b/services/privacymanager/include/common/constant.h @@ -68,6 +68,7 @@ public: OP_READ_WRITE_DESKTOP_DIRECTORY = 39, OP_ACCESS_NEARLINK = 40, OP_CAPTURE_SCREEN = 41, + SHORT_TERM_WRITE_IMAGEVIDEO = 42, }; enum ErrorCode { diff --git a/services/privacymanager/src/common/constant.cpp b/services/privacymanager/src/common/constant.cpp index 808ed58c4..0d4cb8d50 100644 --- a/services/privacymanager/src/common/constant.cpp +++ b/services/privacymanager/src/common/constant.cpp @@ -73,6 +73,8 @@ const std::map Constant::PERMISSION_OPCODE_MAP = { "ohos.permission.ACCESS_NEARLINK", Constant::OP_ACCESS_NEARLINK), std::map::value_type( "ohos.permission.CAPTURE_SCREEN", Constant::OP_CAPTURE_SCREEN), + std::map::value_type( + "ohos.permission.SHORT_TERM_WRITE_IMAGEVIDEO", Constant::SHORT_TERM_WRITE_IMAGEVIDEO), }; bool Constant::TransferPermissionToOpcode(const std::string& permissionName, int32_t& opCode) diff --git a/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni b/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni index 1a867366e..734549f3a 100644 --- a/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni +++ b/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni @@ -92,6 +92,7 @@ access_token_sources = [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/short_grant_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp", -- Gitee From 9e4bd9183d274513373c69538f0ab9d388fcd038 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=96=B9=E8=88=9F?= Date: Tue, 27 Aug 2024 17:03:17 +0800 Subject: [PATCH 056/473] add ohos.permission.READ_DFX_XPOWER MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 方舟 --- frameworks/common/src/permission_map.cpp | 1 + .../accesstokenmanager/permission_definitions.json | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/frameworks/common/src/permission_map.cpp b/frameworks/common/src/permission_map.cpp index c412f5348..61260635b 100644 --- a/frameworks/common/src/permission_map.cpp +++ b/frameworks/common/src/permission_map.cpp @@ -176,6 +176,7 @@ const static std::vector> g_permMap = { {"ohos.permission.MANAGE_SECURE_SETTINGS", false}, {"ohos.permission.READ_DFX_SYSEVENT", false}, {"ohos.permission.READ_HIVIEW_SYSTEM", false}, + {"ohos.permission.READ_DFX_XPOWER", false}, {"ohos.permission.WRITE_HIVIEW_SYSTEM", false}, {"ohos.permission.SUBSCRIBE_SWING_ABILITY", false}, {"ohos.permission.MANAGER_SWING_MOTION", false}, diff --git a/services/accesstokenmanager/permission_definitions.json b/services/accesstokenmanager/permission_definitions.json index d6342fffd..6d2b79d80 100644 --- a/services/accesstokenmanager/permission_definitions.json +++ b/services/accesstokenmanager/permission_definitions.json @@ -870,6 +870,16 @@ "provisionEnable": true, "distributedSceneEnable": false }, + { + "name": "ohos.permission.READ_DFX_XPOWER", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 11, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, { "name": "ohos.permission.NFC_CARD_EMULATION", "grantMode": "system_grant", -- Gitee From b372831d3e2a90d2f5e952b33c1c5a286e32ec7f Mon Sep 17 00:00:00 2001 From: yeyuning Date: Wed, 28 Aug 2024 09:10:59 +0800 Subject: [PATCH 057/473] change api version Signed-off-by: yeyuning Change-Id: I61e07d0bcb0a534c59c88d66d050fe0829c9b677 --- services/accesstokenmanager/permission_definitions.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/accesstokenmanager/permission_definitions.json b/services/accesstokenmanager/permission_definitions.json index 960b9c010..f53713518 100644 --- a/services/accesstokenmanager/permission_definitions.json +++ b/services/accesstokenmanager/permission_definitions.json @@ -5029,7 +5029,7 @@ "grantMode": "system_grant", "availableLevel": "system_core", "availableType": "SYSTEM", - "since": 13, + "since": 12, "deprecated": "", "provisionEnable": true, "distributedSceneEnable": false -- Gitee From 3754b3c557157277271317e2957b9c48c307c2f6 Mon Sep 17 00:00:00 2001 From: chennian Date: Tue, 27 Aug 2024 05:45:14 +0000 Subject: [PATCH 058/473] =?UTF-8?q?:=E6=9D=83=E9=99=90=E5=BC=B9=E6=A1=86?= =?UTF-8?q?=E6=B5=81=E7=A8=8B=E4=BC=98=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: chennian Change-Id: Id2836ddb39098d7c81f4a75ba96732bc63cc9a2a --- .../src/permission_grant_info_parcel.cpp | 2 + .../include/permission_grant_info.h | 4 ++ .../token_setproc/src/perm_setproc.cpp | 3 +- .../cj/accesstoken/src/at_manager_impl.cpp | 2 +- .../include/napi_request_permission.h | 2 +- .../src/napi_request_permission.cpp | 60 +++++++++---------- .../service/accesstoken_manager_service.h | 1 + .../service/accesstoken_manager_service.cpp | 5 ++ .../include/config_policy_loader.h | 1 + .../src/config_policy_loader.cpp | 27 +++++---- 10 files changed, 59 insertions(+), 48 deletions(-) diff --git a/frameworks/accesstoken/src/permission_grant_info_parcel.cpp b/frameworks/accesstoken/src/permission_grant_info_parcel.cpp index e447be6c0..a487ff682 100644 --- a/frameworks/accesstoken/src/permission_grant_info_parcel.cpp +++ b/frameworks/accesstoken/src/permission_grant_info_parcel.cpp @@ -23,6 +23,7 @@ bool PermissionGrantInfoParcel::Marshalling(Parcel& out) const { RETURN_IF_FALSE(out.WriteString(this->info.grantBundleName)); RETURN_IF_FALSE(out.WriteString(this->info.grantAbilityName)); + RETURN_IF_FALSE(out.WriteString(this->info.grantServiceAbilityName)); RETURN_IF_FALSE(out.WriteString(this->info.permStateAbilityName)); RETURN_IF_FALSE(out.WriteString(this->info.globalSwitchAbilityName)); return true; @@ -36,6 +37,7 @@ PermissionGrantInfoParcel* PermissionGrantInfoParcel::Unmarshalling(Parcel& in) } permissionGrantInfoParcel->info.grantBundleName = in.ReadString(); permissionGrantInfoParcel->info.grantAbilityName = in.ReadString(); + permissionGrantInfoParcel->info.grantServiceAbilityName = in.ReadString(); permissionGrantInfoParcel->info.permStateAbilityName = in.ReadString(); permissionGrantInfoParcel->info.globalSwitchAbilityName = in.ReadString(); return permissionGrantInfoParcel; diff --git a/interfaces/innerkits/accesstoken/include/permission_grant_info.h b/interfaces/innerkits/accesstoken/include/permission_grant_info.h index a706ab4c5..5b09266f6 100644 --- a/interfaces/innerkits/accesstoken/include/permission_grant_info.h +++ b/interfaces/innerkits/accesstoken/include/permission_grant_info.h @@ -58,6 +58,10 @@ public: * permission grant ability name */ std::string grantAbilityName; + /** + * permission grant service ability name + */ + std::string grantServiceAbilityName; /** * permission state sheet ability name */ diff --git a/interfaces/innerkits/token_setproc/src/perm_setproc.cpp b/interfaces/innerkits/token_setproc/src/perm_setproc.cpp index 611a69b1b..4338fb202 100644 --- a/interfaces/innerkits/token_setproc/src/perm_setproc.cpp +++ b/interfaces/innerkits/token_setproc/src/perm_setproc.cpp @@ -53,8 +53,7 @@ int32_t AddPermissionToKernel( } size_t size = opCodeList.size(); if (size == 0) { - RemovePermissionFromKernel(tokenID); - return ACCESS_TOKEN_OK; + return RemovePermissionFromKernel(tokenID); } struct IoctlAddPermData data; data.token = tokenID; diff --git a/interfaces/kits/cj/accesstoken/src/at_manager_impl.cpp b/interfaces/kits/cj/accesstoken/src/at_manager_impl.cpp index 441cfdcfc..4df312ce6 100644 --- a/interfaces/kits/cj/accesstoken/src/at_manager_impl.cpp +++ b/interfaces/kits/cj/accesstoken/src/at_manager_impl.cpp @@ -398,7 +398,7 @@ static int32_t StartServiceExtension(std::shared_ptr& async } AAFwk::Want want; - want.SetElementName(GRANT_ABILITY_BUNDLE_NAME, GRANT_ABILITY_ABILITY_NAME); + want.SetElementName(asyncContext->info.grantBundleName, asyncContext->info.grantServiceAbilityName); want.SetParam(PERMISSION_KEY, asyncContext->permissionList); want.SetParam(STATE_KEY, asyncContext->permissionsState); want.SetParam(TOKEN_KEY, asyncContext->abilityContext->GetToken()); diff --git a/interfaces/kits/napi/accesstoken/include/napi_request_permission.h b/interfaces/kits/napi/accesstoken/include/napi_request_permission.h index e04575c29..5723b6cba 100644 --- a/interfaces/kits/napi/accesstoken/include/napi_request_permission.h +++ b/interfaces/kits/napi/accesstoken/include/napi_request_permission.h @@ -36,6 +36,7 @@ struct RequestAsyncContext : public AtManagerAsyncWorkData { } AccessTokenID tokenId = 0; + std::string bundleName = ""; bool needDynamicRequest = true; int32_t result = RET_SUCCESS; int32_t instanceId = -1; @@ -128,7 +129,6 @@ private: RequestAsyncContext& asyncContext); static void GetPermissionsStatusExecute(napi_env env, void *data); static void GetPermissionsStatusComplete(napi_env env, napi_status status, void *data); - static void StartServiceExtension(std::shared_ptr& asyncContext); }; } // namespace AccessToken } // namespace Security diff --git a/interfaces/kits/napi/accesstoken/src/napi_request_permission.cpp b/interfaces/kits/napi/accesstoken/src/napi_request_permission.cpp index f6b8cc5cb..2ef2ccdca 100644 --- a/interfaces/kits/napi/accesstoken/src/napi_request_permission.cpp +++ b/interfaces/kits/napi/accesstoken/src/napi_request_permission.cpp @@ -40,7 +40,6 @@ const std::string RESULT_KEY = "ohos.user.grant.permission.result"; const std::string EXTENSION_TYPE_KEY = "ability.want.params.uiExtensionType"; const std::string UI_EXTENSION_TYPE = "sys/commonUI"; const std::string ORI_PERMISSION_MANAGER_BUNDLE_NAME = "com.ohos.permissionmanager"; -const std::string ORI_PERMISSION_MANAGER_ABILITY_NAME = "com.ohos.permissionmanager.GrantAbility"; const std::string TOKEN_KEY = "ohos.ability.params.token"; const std::string CALLBACK_KEY = "ohos.ability.params.callback"; @@ -110,6 +109,7 @@ static void GetInstanceId(std::shared_ptr& asyncContext) ACCESSTOKEN_LOG_ERROR(LABEL, "Get ui content failed!"); return; } + asyncContext->uiContentFlag = true; asyncContext->instanceId = uiContent->GetInstanceId(); }; #ifdef EVENTHANDLER_ENABLE @@ -121,7 +121,8 @@ static void GetInstanceId(std::shared_ptr& asyncContext) #else task(); #endif - ACCESSTOKEN_LOG_INFO(LABEL, "Instance id: %{public}d", asyncContext->instanceId); + ACCESSTOKEN_LOG_INFO(LABEL, "Instance id: %{public}d, uiContentFlag: %{public}d", + asyncContext->instanceId, asyncContext->uiContentFlag); } static void CreateUIExtensionMainThread(std::shared_ptr& asyncContext, const AAFwk::Want& want, @@ -205,6 +206,8 @@ static napi_value GetContext( AbilityRuntime::Context::ConvertTo(context); if (asyncContext->abilityContext != nullptr) { asyncContext->uiAbilityFlag = true; + asyncContext->tokenId = asyncContext->abilityContext->GetApplicationInfo()->accessTokenId; + asyncContext->bundleName = asyncContext->abilityContext->GetApplicationInfo()->bundleName; } else { ACCESSTOKEN_LOG_WARN(LABEL, "Convert to ability context failed"); asyncContext->uiExtensionContext = @@ -213,6 +216,8 @@ static napi_value GetContext( ACCESSTOKEN_LOG_ERROR(LABEL, "Convert to ui extension context failed"); return nullptr; } + asyncContext->tokenId = asyncContext->uiExtensionContext->GetApplicationInfo()->accessTokenId; + asyncContext->bundleName = asyncContext->uiExtensionContext->GetApplicationInfo()->bundleName; } return WrapVoidToJS(env); } @@ -398,7 +403,7 @@ static void CreateServiceExtension(std::shared_ptr asyncCon return; } AAFwk::Want want; - want.SetElementName(ORI_PERMISSION_MANAGER_BUNDLE_NAME, ORI_PERMISSION_MANAGER_ABILITY_NAME); + want.SetElementName(asyncContext->info.grantBundleName, asyncContext->info.grantServiceAbilityName); want.SetParam(PERMISSION_KEY, asyncContext->permissionList); want.SetParam(STATE_KEY, asyncContext->permissionsState); want.SetParam(TOKEN_KEY, asyncContext->abilityContext->GetToken()); @@ -421,19 +426,6 @@ static void CreateServiceExtension(std::shared_ptr asyncCon ret, asyncContext->tokenId, asyncContext->permissionList.size()); } -void NapiRequestPermission::StartServiceExtension(std::shared_ptr& asyncContext) -{ - asyncContext->result = RET_SUCCESS; - Ace::UIContent* uiContent = GetUIContent(asyncContext); - if (uiContent == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Get ui content failed!"); - CreateServiceExtension(asyncContext); - return; - } - asyncContext->uiContentFlag = true; - RequestAsyncInstanceControl::AddCallbackByInstanceId(asyncContext); -} - bool NapiRequestPermission::IsDynamicRequest(std::shared_ptr& asyncContext) { std::vector permList; @@ -443,13 +435,16 @@ bool NapiRequestPermission::IsDynamicRequest(std::shared_ptrtokenId); auto ret = AccessTokenKit::GetSelfPermissionsState(permList, asyncContext->info); if (ret == FORBIDDEN_OPER) { // if app is under control, change state from default -1 to 2 for (auto& perm : permList) { perm.state = INVALID_OPER; } } + ACCESSTOKEN_LOG_INFO(LABEL, + "TokenID: %{public}d, bundle: %{public}s, uiExAbility: %{public}s, serExAbility: %{public}s.", + asyncContext->tokenId, asyncContext->info.grantBundleName.c_str(), + asyncContext->info.grantAbilityName.c_str(), asyncContext->info.grantServiceAbilityName.c_str()); for (const auto& permState : permList) { ACCESSTOKEN_LOG_INFO(LABEL, "Permission: %{public}s: state: %{public}d", @@ -671,16 +666,6 @@ void NapiRequestPermission::RequestPermissionsFromUserExecute(napi_env env, void { // asyncContext release in complete RequestAsyncContextHandle* asyncContextHandle = reinterpret_cast(data); - std::string bundleName = ""; - if (asyncContextHandle->asyncContextPtr->uiAbilityFlag) { - asyncContextHandle->asyncContextPtr->tokenId = - asyncContextHandle->asyncContextPtr->abilityContext->GetApplicationInfo()->accessTokenId; - bundleName = asyncContextHandle->asyncContextPtr->abilityContext->GetApplicationInfo()->bundleName; - } else { - asyncContextHandle->asyncContextPtr->tokenId = - asyncContextHandle->asyncContextPtr->uiExtensionContext->GetApplicationInfo()->accessTokenId; - bundleName = asyncContextHandle->asyncContextPtr->uiExtensionContext->GetApplicationInfo()->bundleName; - } AccessTokenID selfTokenID = static_cast(GetSelfTokenID()); if (asyncContextHandle->asyncContextPtr->tokenId != selfTokenID) { ACCESSTOKEN_LOG_ERROR(LABEL, "The context tokenID: %{public}d, selfTokenID: %{public}d.", @@ -697,22 +682,31 @@ void NapiRequestPermission::RequestPermissionsFromUserExecute(napi_env env, void GetInstanceId(asyncContextHandle->asyncContextPtr); // service extension dialog if (asyncContextHandle->asyncContextPtr->info.grantBundleName == ORI_PERMISSION_MANAGER_BUNDLE_NAME) { - ACCESSTOKEN_LOG_INFO(LABEL, "Pop service extension dialog"); - StartServiceExtension(asyncContextHandle->asyncContextPtr); + ACCESSTOKEN_LOG_INFO(LABEL, "Pop service extension dialog, uiContentFlag=%{public}d", + asyncContextHandle->asyncContextPtr->uiContentFlag); + if (asyncContextHandle->asyncContextPtr->uiContentFlag) { + RequestAsyncInstanceControl::AddCallbackByInstanceId(asyncContextHandle->asyncContextPtr); + } else { + CreateServiceExtension(asyncContextHandle->asyncContextPtr); + } } else if (asyncContextHandle->asyncContextPtr->instanceId == -1) { + ACCESSTOKEN_LOG_INFO(LABEL, "Pop service extension dialog, instanceId is -1."); CreateServiceExtension(asyncContextHandle->asyncContextPtr); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "REQUEST_PERMISSIONS_FROM_USER", - HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "BUNDLENAME", bundleName, "UIEXTENSION_FLAG", false); + HiviewDFX::HiSysEvent::EventType::BEHAVIOR, + "BUNDLENAME", asyncContextHandle->asyncContextPtr->bundleName, + "UIEXTENSION_FLAG", false); } else { ACCESSTOKEN_LOG_INFO(LABEL, "Pop ui extension dialog"); asyncContextHandle->asyncContextPtr->uiExtensionFlag = true; RequestAsyncInstanceControl::AddCallbackByInstanceId(asyncContextHandle->asyncContextPtr); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "REQUEST_PERMISSIONS_FROM_USER", - HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "BUNDLENAME", bundleName, + HiviewDFX::HiSysEvent::EventType::BEHAVIOR, + "BUNDLENAME", asyncContextHandle->asyncContextPtr->bundleName, "UIEXTENSION_FLAG", asyncContextHandle->asyncContextPtr->uiExtensionFlag); if (!asyncContextHandle->asyncContextPtr->uiExtensionFlag) { - ACCESSTOKEN_LOG_WARN(LABEL, "Pop uiextension dialog fail, start to pop service extension dialog"); - StartServiceExtension(asyncContextHandle->asyncContextPtr); + ACCESSTOKEN_LOG_WARN(LABEL, "Pop uiextension dialog fail, start to pop service extension dialog."); + RequestAsyncInstanceControl::AddCallbackByInstanceId(asyncContextHandle->asyncContextPtr); } } } diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h index 4e8354aec..915302907 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h @@ -120,6 +120,7 @@ private: ServiceRunningState state_; std::string grantBundleName_; std::string grantAbilityName_; + std::string grantServiceAbilityName_; std::string permStateAbilityName_; std::string globalSwitchAbilityName_; }; diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index 7bb7605c0..7b6b6f3f4 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -185,6 +185,7 @@ PermissionOper AccessTokenManagerService::GetSelfPermissionsState(std::vector Date: Wed, 28 Aug 2024 10:49:01 +0800 Subject: [PATCH 059/473] modify start version MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 方舟 --- services/accesstokenmanager/permission_definitions.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/accesstokenmanager/permission_definitions.json b/services/accesstokenmanager/permission_definitions.json index 6d2b79d80..21fc51f4e 100644 --- a/services/accesstokenmanager/permission_definitions.json +++ b/services/accesstokenmanager/permission_definitions.json @@ -875,7 +875,7 @@ "grantMode": "system_grant", "availableLevel": "system_basic", "availableType": "SYSTEM", - "since": 11, + "since": 12, "deprecated": "", "provisionEnable": true, "distributedSceneEnable": false -- Gitee From 99f8e90314ac01fa4d3c8da28fe21404643c9998 Mon Sep 17 00:00:00 2001 From: xia-bubai Date: Wed, 28 Aug 2024 11:53:49 +0800 Subject: [PATCH 060/473] =?UTF-8?q?=E5=B0=86accesstoken.permission.init?= =?UTF-8?q?=E5=8F=82=E6=95=B0=E8=AE=BE=E7=BD=AE=E8=90=BD=E5=9C=A8publish?= =?UTF-8?q?=E4=B9=8B=E5=90=8E?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: xia-bubai --- .../main/cpp/src/service/accesstoken_manager_service.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index fa9129419..1aaa2879f 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -101,6 +101,7 @@ void AccessTokenManagerService::OnStart() ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to publish service!"); return; } + AccessTokenServiceParamSet(); (void)AddSystemAbilityListener(SECURITY_COMPONENT_SERVICE_ID); ACCESSTOKEN_LOG_INFO(LABEL, "Congratulations, AccessTokenManagerService start successfully!"); } @@ -703,7 +704,6 @@ bool AccessTokenManagerService::Initialize() HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "CODE", ACCESS_TOKEN_SERVICE_INIT_EVENT, "PID_INFO", getpid()); PermissionDefinitionParser::GetInstance().Init(); - AccessTokenServiceParamSet(); GetConfigValue(); TempPermissionObserver::GetInstance().GetConfigValue(); ACCESSTOKEN_LOG_INFO(LABEL, "Initialize success"); -- Gitee From 5edf5bc45456a8f3333e500a527efb94b5d5e514 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=AD=99=E6=8D=B7?= Date: Thu, 29 Aug 2024 16:10:27 +0800 Subject: [PATCH 061/473] =?UTF-8?q?=E7=9F=AD=E6=97=B6=E6=8E=88=E6=9D=83?= =?UTF-8?q?=E6=9D=83=E9=99=90=E6=B7=BB=E5=8A=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 孙捷 --- frameworks/common/src/permission_map.cpp | 1 + .../accesstokenmanager/permission_definitions.json | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/frameworks/common/src/permission_map.cpp b/frameworks/common/src/permission_map.cpp index 8277def24..8d85c28d8 100644 --- a/frameworks/common/src/permission_map.cpp +++ b/frameworks/common/src/permission_map.cpp @@ -68,6 +68,7 @@ const static std::vector> g_permMap = { {"ohos.permission.READ_WRITE_DOWNLOAD_DIRECTORY", true}, {"ohos.permission.READ_WRITE_DOCUMENTS_DIRECTORY", true}, {"ohos.permission.READ_WRITE_DESKTOP_DIRECTORY", true}, + {"ohos.permission.SHORT_TERM_WRITE_IMAGEVIDEO", true}, {"ohos.permission.USE_BLUETOOTH", false}, {"ohos.permission.DISCOVER_BLUETOOTH", false}, {"ohos.permission.MANAGE_BLUETOOTH", false}, diff --git a/services/accesstokenmanager/permission_definitions.json b/services/accesstokenmanager/permission_definitions.json index 512b5cf66..d566069c2 100644 --- a/services/accesstokenmanager/permission_definitions.json +++ b/services/accesstokenmanager/permission_definitions.json @@ -5083,6 +5083,16 @@ "deprecated": "", "provisionEnable": true, "distributedSceneEnable": false + }, + { + "name": "ohos.permission.SHORT_TERM_WRITE_IMAGEVIDEO", + "grantMode": "user_grant", + "availableLevel": "system_core", + "availableType": "SYSTEM", + "since": 12, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false } ] } -- Gitee From d03cfb1d8281f17b8c5c09714e975da2b942d5e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=AD=99=E6=8D=B7?= Date: Thu, 29 Aug 2024 17:18:47 +0800 Subject: [PATCH 062/473] =?UTF-8?q?=E6=9D=83=E9=99=90=E6=94=B9=E4=B8=BAuse?= =?UTF-8?q?r=5Fgrant?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 孙捷 --- services/accesstokenmanager/permission_definitions.json | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/services/accesstokenmanager/permission_definitions.json b/services/accesstokenmanager/permission_definitions.json index d566069c2..b0e4f54f5 100644 --- a/services/accesstokenmanager/permission_definitions.json +++ b/services/accesstokenmanager/permission_definitions.json @@ -5087,12 +5087,14 @@ { "name": "ohos.permission.SHORT_TERM_WRITE_IMAGEVIDEO", "grantMode": "user_grant", - "availableLevel": "system_core", - "availableType": "SYSTEM", + "availableLevel": "system_basic", + "availableType": "NORMAL", "since": 12, "deprecated": "", "provisionEnable": true, - "distributedSceneEnable": false + "distributedSceneEnable": false, + "label": "$string:ohos_lab_short_term_write_imagevideo", + "description": "$string:ohos_desc_short_term_write_imagevideo" } ] } -- Gitee From 0cb0c8e842db89d894d57c76be093103db553c7c Mon Sep 17 00:00:00 2001 From: chennian Date: Wed, 28 Aug 2024 11:11:37 +0000 Subject: [PATCH 063/473] Add test of GrantPermissionForSpecifiedTime Signed-off-by: chennian Change-Id: I2509b1069825f8c5e55cc9f2e67d79c9f7a91d33 --- .../innerkits/accesstoken/test/BUILD.gn | 2 + .../innerkits/accesstoken/test/tool/BUILD.gn | 45 ++++++++++ .../grant_short_term_write_imagevideo.cpp | 85 +++++++++++++++++++ .../test/tool/set_pern_dialog_cap.cpp | 1 + .../test/tool/verify_acesstoken.cpp | 61 +++++++++++++ interfaces/innerkits/privacy/test/BUILD.gn | 1 + .../innerkits/privacy/test/tool/BUILD.gn | 48 +++++++++++ .../test/tool/add_permission_used_record.cpp | 69 +++++++++++++++ .../include/permission/short_grant_manager.h | 2 +- .../src/permission/short_grant_manager.cpp | 10 ++- test/fuzztest/innerkits/accesstoken/BUILD.gn | 1 + .../BUILD.gn | 44 ++++++++++ .../corpus/init | 14 +++ ...grantpermissionforspecifiedtime_fuzzer.cpp | 50 +++++++++++ .../grantpermissionforspecifiedtime_fuzzer.h | 21 +++++ .../project.xml | 25 ++++++ test/fuzztest/services/accesstoken/BUILD.gn | 1 + .../BUILD.gn | 51 +++++++++++ .../corpus/init | 14 +++ ...tpermissionforspecifiedtimestub_fuzzer.cpp | 73 ++++++++++++++++ ...antpermissionforspecifiedtimestub_fuzzer.h | 21 +++++ .../project.xml | 25 ++++++ 22 files changed, 660 insertions(+), 4 deletions(-) create mode 100644 interfaces/innerkits/accesstoken/test/tool/grant_short_term_write_imagevideo.cpp create mode 100644 interfaces/innerkits/accesstoken/test/tool/verify_acesstoken.cpp create mode 100644 interfaces/innerkits/privacy/test/tool/BUILD.gn create mode 100644 interfaces/innerkits/privacy/test/tool/add_permission_used_record.cpp create mode 100644 test/fuzztest/innerkits/accesstoken/grantpermissionforspecifiedtime_fuzzer/BUILD.gn create mode 100644 test/fuzztest/innerkits/accesstoken/grantpermissionforspecifiedtime_fuzzer/corpus/init create mode 100644 test/fuzztest/innerkits/accesstoken/grantpermissionforspecifiedtime_fuzzer/grantpermissionforspecifiedtime_fuzzer.cpp create mode 100644 test/fuzztest/innerkits/accesstoken/grantpermissionforspecifiedtime_fuzzer/grantpermissionforspecifiedtime_fuzzer.h create mode 100644 test/fuzztest/innerkits/accesstoken/grantpermissionforspecifiedtime_fuzzer/project.xml create mode 100644 test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/BUILD.gn create mode 100644 test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/corpus/init create mode 100644 test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/grantpermissionforspecifiedtimestub_fuzzer.cpp create mode 100644 test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/grantpermissionforspecifiedtimestub_fuzzer.h create mode 100644 test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/project.xml diff --git a/interfaces/innerkits/accesstoken/test/BUILD.gn b/interfaces/innerkits/accesstoken/test/BUILD.gn index dcc38a7a9..80aa80edb 100644 --- a/interfaces/innerkits/accesstoken/test/BUILD.gn +++ b/interfaces/innerkits/accesstoken/test/BUILD.gn @@ -149,6 +149,8 @@ group("unittest") { deps = [ ":accesstoken_mock_test", ":libaccesstoken_sdk_test", + "tool:GrantShortTermWriteImageVideo", "tool:SetPermDialogCapTest", + "tool:VerifyAccessToken", ] } diff --git a/interfaces/innerkits/accesstoken/test/tool/BUILD.gn b/interfaces/innerkits/accesstoken/test/tool/BUILD.gn index 0c86e4cda..5e05c5810 100644 --- a/interfaces/innerkits/accesstoken/test/tool/BUILD.gn +++ b/interfaces/innerkits/accesstoken/test/tool/BUILD.gn @@ -39,3 +39,48 @@ ohos_executable("SetPermDialogCapTest") { subsystem_name = "security" part_name = "access_token" } + +ohos_executable("GrantShortTermWriteImageVideo") { + subsystem_name = "security" + part_name = "access_token" + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + } + branch_protector_ret = "pac_ret" + sources = [ "grant_short_term_write_imagevideo.cpp" ] + + include_dirs = [ + "${access_token_path}/interfaces/innerkits/nativetoken/include", + "${access_token_path}/interfaces/innerkits/token_setproc/include", + ] + + deps = [ + "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", + "${access_token_path}/interfaces/innerkits/nativetoken:libnativetoken", + "${access_token_path}/interfaces/innerkits/token_setproc:libtoken_setproc", + ] + + subsystem_name = "security" + part_name = "access_token" +} + +ohos_executable("VerifyAccessToken") { + subsystem_name = "security" + part_name = "access_token" + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + } + branch_protector_ret = "pac_ret" + sources = [ "verify_acesstoken.cpp" ] + + deps = [ + "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", + ] + + subsystem_name = "security" + part_name = "access_token" +} diff --git a/interfaces/innerkits/accesstoken/test/tool/grant_short_term_write_imagevideo.cpp b/interfaces/innerkits/accesstoken/test/tool/grant_short_term_write_imagevideo.cpp new file mode 100644 index 000000000..134d617e6 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/tool/grant_short_term_write_imagevideo.cpp @@ -0,0 +1,85 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include +#include +#include +#include +#include +#include +#include "accesstoken_kit.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" + +using namespace std; +using namespace OHOS::Security::AccessToken; + +static void NativeTokenGet() +{ + uint64_t tokenID; + const char **perms = new const char *[1]; // size of array + perms[0] = "ohos.permission.GRANT_SHORT_TERM_WRITE_MEDIAVIDEO"; // 0: index + + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = 1, // size of permission list + .aclsNum = 0, + .dcaps = nullptr, + .perms = perms, + .acls = nullptr, + .aplStr = "system_core", + }; + + infoInstance.processName = "GrantShortTermWriteImageVideo"; + tokenID = GetAccessTokenId(&infoInstance); + SetSelfTokenID(tokenID); + AccessTokenKit::ReloadNativeTokenInfo(); + delete[] perms; +} + +void PrintCurrentTime() +{ + std::chrono::milliseconds ms = std::chrono::duration_cast( + std::chrono::system_clock::now().time_since_epoch() + ); + + int64_t timestampMs = ms.count(); + time_t timestampS = static_cast(timestampMs / 1000); + struct tm t = {0}; + // localtime is not thread safe, localtime_r first param unit is second, timestamp unit is ms, so divided by 1000 + localtime_r(×tampS, &t); + + std::cout << "[" << t.tm_hour << ":" << t.tm_min << ":" << t.tm_sec << "] "; +} + +int32_t main(int argc, char *argv[]) +{ + if (argc < 4) { // 4: size + std::cout << "Help: ./GrantShortTermWriteImageVideo tokenid permisisionName time(s)\n" << std::endl; + return 0; + } + + NativeTokenGet(); + + uint32_t tokenId = static_cast(atoi(argv[1])); // 1: index + std::string permisisionName = argv[2]; // 2: index + uint32_t time = static_cast(atoi(argv[3])); // 3: index + + PrintCurrentTime(); + std::cout << "GrantPermissionForSpecifiedTime begin" << std::endl; + int32_t ret = AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, permisisionName, time); + PrintCurrentTime(); + std::cout << "GrantPermissionForSpecifiedTime end, " << ret << std::endl; + return 0; +} diff --git a/interfaces/innerkits/accesstoken/test/tool/set_pern_dialog_cap.cpp b/interfaces/innerkits/accesstoken/test/tool/set_pern_dialog_cap.cpp index beb9ae02a..671de4813 100644 --- a/interfaces/innerkits/accesstoken/test/tool/set_pern_dialog_cap.cpp +++ b/interfaces/innerkits/accesstoken/test/tool/set_pern_dialog_cap.cpp @@ -55,6 +55,7 @@ int32_t main(int argc, char *argv[]) { if (argc < 3) { // 3: size std::cout << "Help: ./SetPermDialogCapTest bundleName 0/1 (0: allow, 1: forbid)\n" << std::endl; + return 0; } NativeTokenGet(); diff --git a/interfaces/innerkits/accesstoken/test/tool/verify_acesstoken.cpp b/interfaces/innerkits/accesstoken/test/tool/verify_acesstoken.cpp new file mode 100644 index 000000000..1d3353e34 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/tool/verify_acesstoken.cpp @@ -0,0 +1,61 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include +#include +#include +#include +#include +#include +#include +#include "accesstoken_kit.h" + +using namespace std; +using namespace OHOS::Security::AccessToken; + +void PrintCurrentTime() +{ + std::chrono::milliseconds ms = std::chrono::duration_cast( + std::chrono::system_clock::now().time_since_epoch() + ); + + int64_t timestampMs = ms.count(); + time_t timestampS = static_cast(timestampMs / 1000); + struct tm t = {0}; + // localtime is not thread safe, localtime_r first param unit is second, timestamp unit is ms, so divided by 1000 + localtime_r(×tampS, &t); + + std::cout << "[" << t.tm_hour << ":" << t.tm_min << ":" << t.tm_sec << "] "; +} + +int32_t main(int argc, char *argv[]) +{ + if (argc < 4) { // 4: size + std::cout << "Help: ./VerifyAccessToken tokenid permisisionName\n" << std::endl; + return 0; + } + + uint32_t tokenId = static_cast(atoi(argv[1])); // 1: index + std::string permisisionName = argv[2]; // 2: index + uint32_t count = static_cast(atoi(argv[3])); // 3: index + uint32_t i = 0; + while (i < count) { + int32_t status = AccessTokenKit::VerifyAccessToken(tokenId, permisisionName); + PrintCurrentTime(); + std::cout << "tokenId: " << tokenId << ", perm: " << permisisionName << ", status: " << status << std::endl; + i++; + sleep(1); + } + return 0; +} diff --git a/interfaces/innerkits/privacy/test/BUILD.gn b/interfaces/innerkits/privacy/test/BUILD.gn index a9d1d3d3f..bfae3872f 100644 --- a/interfaces/innerkits/privacy/test/BUILD.gn +++ b/interfaces/innerkits/privacy/test/BUILD.gn @@ -154,5 +154,6 @@ group("unittest") { deps = [ ":libprivacy_mock_test", ":libprivacy_sdk_test", + "tool:AddPermissionUsedRecord", ] } diff --git a/interfaces/innerkits/privacy/test/tool/BUILD.gn b/interfaces/innerkits/privacy/test/tool/BUILD.gn new file mode 100644 index 000000000..5f1dea883 --- /dev/null +++ b/interfaces/innerkits/privacy/test/tool/BUILD.gn @@ -0,0 +1,48 @@ +# Copyright (C) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//base/security/access_token/access_token.gni") +import("//build/ohos.gni") + +ohos_executable("AddPermissionUsedRecord") { + subsystem_name = "security" + part_name = "access_token" + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + } + branch_protector_ret = "pac_ret" + sources = [ "add_permission_used_record.cpp" ] + + include_dirs = [ + "${access_token_path}/interfaces/innerkits/nativetoken/include", + "${access_token_path}/interfaces/innerkits/token_setproc/include", + "${access_token_path}/interfaces/innerkits/privacy/include", + ] + + deps = [ + "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", + "${access_token_path}/interfaces/innerkits/nativetoken:libnativetoken", + "${access_token_path}/interfaces/innerkits/privacy:libprivacy_sdk", + "${access_token_path}/interfaces/innerkits/token_setproc:libtoken_setproc", + ] + + external_deps = [ + "c_utils:utils", + "ipc:ipc_core", + ] + + subsystem_name = "security" + part_name = "access_token" +} diff --git a/interfaces/innerkits/privacy/test/tool/add_permission_used_record.cpp b/interfaces/innerkits/privacy/test/tool/add_permission_used_record.cpp new file mode 100644 index 000000000..a9129820c --- /dev/null +++ b/interfaces/innerkits/privacy/test/tool/add_permission_used_record.cpp @@ -0,0 +1,69 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include +#include +#include +#include +#include +#include "accesstoken_kit.h" +#include "nativetoken_kit.h" +#include "privacy_kit.h" +#include "token_setproc.h" + +using namespace std; +using namespace OHOS::Security::AccessToken; + +static void NativeTokenGet() +{ + uint64_t tokenID; + const char **perms = new const char *[1]; // size of array + perms[0] = "ohos.permission.PERMISSION_USED_STATS"; // 0: index + + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = 1, // size of permission list + .aclsNum = 0, + .dcaps = nullptr, + .perms = perms, + .acls = nullptr, + .aplStr = "system_core", + }; + + infoInstance.processName = "AddPermissionUsedRecord"; + tokenID = GetAccessTokenId(&infoInstance); + SetSelfTokenID(tokenID); + AccessTokenKit::ReloadNativeTokenInfo(); + delete[] perms; +} + +int32_t main(int argc, char *argv[]) +{ + if (argc < 3) { // 3: size + std::cout << "Help: ./AddPermissionUsedRecord tokenid permisisionName\n" << std::endl; + return 0; + } + + NativeTokenGet(); + + uint32_t tokenId = static_cast(atoi(argv[1])); // 1: index + std::string permisisionName = argv[2]; // 2: index + int32_t ret = PrivacyKit::AddPermissionUsedRecord(tokenId, permisisionName, 1, 0); + if (ret == 0) { + std::cout << "Success" << ret << std::endl; + } else { + std::cout << "Failed, error: " << ret << std::endl; + } + return 0; +} diff --git a/services/accesstokenmanager/main/cpp/include/permission/short_grant_manager.h b/services/accesstokenmanager/main/cpp/include/permission/short_grant_manager.h index 4a6d4bf8e..120d1efb2 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/short_grant_manager.h +++ b/services/accesstokenmanager/main/cpp/include/permission/short_grant_manager.h @@ -34,7 +34,7 @@ typedef struct { AccessTokenID tokenID; std::string permissionName; uint32_t firstGrantTimes; - uint32_t currGrantTimes; + uint32_t revokeTimes; } PermTimerData; class ShortGrantManager { diff --git a/services/accesstokenmanager/main/cpp/src/permission/short_grant_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/short_grant_manager.cpp index ecc2f227f..62bf4fb4e 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/short_grant_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/short_grant_manager.cpp @@ -94,7 +94,7 @@ int ShortGrantManager::RefreshPermission(AccessTokenID tokenID, const std::strin data.tokenID = tokenID; data.permissionName = permission; data.firstGrantTimes = GetCurrentTime(); - data.currGrantTimes = data.firstGrantTimes; + data.revokeTimes = data.firstGrantTimes + onceTime; shortGrantData_.emplace_back(data); int32_t ret = PermissionManager::GetInstance().GrantPermission(tokenID, permission, PERMISSION_USER_FIXED); if (ret != RET_SUCCESS) { @@ -106,10 +106,13 @@ int ShortGrantManager::RefreshPermission(AccessTokenID tokenID, const std::strin } uint32_t maxRemainedTime = maxTime_ - (GetCurrentTime() - iter->firstGrantTimes); - uint32_t currRemainedTime = GetCurrentTime() - iter->currGrantTimes; + uint32_t currRemainedTime = iter->revokeTimes > GetCurrentTime() ? + (iter->revokeTimes - GetCurrentTime()) : 0; uint32_t cancelTimes = (maxRemainedTime > onceTime) ? onceTime : maxRemainedTime; + ACCESSTOKEN_LOG_INFO(LABEL, "currRemainedTime %{public}d", currRemainedTime); if (cancelTimes > currRemainedTime) { - iter->currGrantTimes = GetCurrentTime(); + iter->revokeTimes = GetCurrentTime() + cancelTimes; + ACCESSTOKEN_LOG_INFO(LABEL, "iter->revokeTimes %{public}d", iter->revokeTimes); ShortGrantManager::GetInstance().CancelTaskOfPermissionRevoking(taskName); int32_t ret = PermissionManager::GetInstance().GrantPermission(tokenID, permission, PERMISSION_USER_FIXED); if (ret != RET_SUCCESS) { @@ -159,6 +162,7 @@ void ShortGrantManager::ScheduleRevokeTask(AccessTokenID tokenID, const std::str ACCESSTOKEN_LOG_INFO(LABEL, "Token: %{public}d, permission: %{public}s, delay revoke permission end.", tokenID, permission.c_str()); }); + ACCESSTOKEN_LOG_INFO(LABEL, "cancelTimes %{public}d", cancelTimes); eventHandler_->ProxyPostTask(delayed, taskName, cancelTimes * 1000); // 1000 means to ms return; #else diff --git a/test/fuzztest/innerkits/accesstoken/BUILD.gn b/test/fuzztest/innerkits/accesstoken/BUILD.gn index ed4bcd48e..8500530be 100644 --- a/test/fuzztest/innerkits/accesstoken/BUILD.gn +++ b/test/fuzztest/innerkits/accesstoken/BUILD.gn @@ -47,6 +47,7 @@ group("fuzztest") { "gettokentype_fuzzer:GetTokenTypeFuzzTest", "gettokentypeflag_fuzzer:GetTokenTypeFlagFuzzTest", "grantpermission_fuzzer:GrantPermissionFuzzTest", + "grantpermissionforspecifiedtime_fuzzer:GrantPermissionForSpecifiedTimeFuzzTest", "inithaptoken_fuzzer:InitHapTokenFuzzTest", "registerpermstatechangecallback_fuzzer:RegisterPermStateChangeCallbackFuzzTest", "registertokensynccallback_fuzzer:RegisterTokenSyncCallbackFuzzTest", diff --git a/test/fuzztest/innerkits/accesstoken/grantpermissionforspecifiedtime_fuzzer/BUILD.gn b/test/fuzztest/innerkits/accesstoken/grantpermissionforspecifiedtime_fuzzer/BUILD.gn new file mode 100644 index 000000000..175ec307f --- /dev/null +++ b/test/fuzztest/innerkits/accesstoken/grantpermissionforspecifiedtime_fuzzer/BUILD.gn @@ -0,0 +1,44 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../access_token.gni") + +ohos_fuzztest("GrantPermissionForSpecifiedTimeFuzzTest") { + module_out_path = module_output_path_interface_access_token + fuzz_config_file = "." + + include_dirs = [ + "${access_token_path}/interfaces/innerkits/accesstoken/include", + "${access_token_path}/test/fuzztest/common", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ "grantpermissionforspecifiedtime_fuzzer.cpp" ] + + deps = [ + "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", + ] + + configs = [ "${access_token_path}/config:coverage_flags" ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + ] +} diff --git a/test/fuzztest/innerkits/accesstoken/grantpermissionforspecifiedtime_fuzzer/corpus/init b/test/fuzztest/innerkits/accesstoken/grantpermissionforspecifiedtime_fuzzer/corpus/init new file mode 100644 index 000000000..e7c3fecd8 --- /dev/null +++ b/test/fuzztest/innerkits/accesstoken/grantpermissionforspecifiedtime_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/innerkits/accesstoken/grantpermissionforspecifiedtime_fuzzer/grantpermissionforspecifiedtime_fuzzer.cpp b/test/fuzztest/innerkits/accesstoken/grantpermissionforspecifiedtime_fuzzer/grantpermissionforspecifiedtime_fuzzer.cpp new file mode 100644 index 000000000..dec5afc86 --- /dev/null +++ b/test/fuzztest/innerkits/accesstoken/grantpermissionforspecifiedtime_fuzzer/grantpermissionforspecifiedtime_fuzzer.cpp @@ -0,0 +1,50 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "grantpermissionforspecifiedtime_fuzzer.h" + +#include +#include +#include +#include +#undef private +#include "accesstoken_fuzzdata.h" +#include "accesstoken_kit.h" + +using namespace std; +using namespace OHOS::Security::AccessToken; + +namespace OHOS { + bool AllocHapTokenFuzzTest(const uint8_t* data, size_t size) + { + if ((data == nullptr) || (size == 0)) { + return false; + } + + AccessTokenFuzzData fuzzData(data, size); + std::string permissionName(fuzzData.GenerateRandomString()); + int32_t result = AccessTokenKit::GrantPermissionForSpecifiedTime( + fuzzData.GetData(), permissionName, fuzzData.GetData()); + return result == RET_SUCCESS; + } +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::AllocHapTokenFuzzTest(data, size); + return 0; +} diff --git a/test/fuzztest/innerkits/accesstoken/grantpermissionforspecifiedtime_fuzzer/grantpermissionforspecifiedtime_fuzzer.h b/test/fuzztest/innerkits/accesstoken/grantpermissionforspecifiedtime_fuzzer/grantpermissionforspecifiedtime_fuzzer.h new file mode 100644 index 000000000..6a959947f --- /dev/null +++ b/test/fuzztest/innerkits/accesstoken/grantpermissionforspecifiedtime_fuzzer/grantpermissionforspecifiedtime_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_GRANT_SPECFIC_TIME_FUZZER_H +#define TEST_FUZZTEST_GRANT_SPECFIC_TIME_FUZZER_H + +#define FUZZ_PROJECT_NAME "grantpermissionforspecifiedtime_fuzzer" + +#endif // TEST_FUZZTEST_GRANT_SPECFIC_TIME_FUZZER_H diff --git a/test/fuzztest/innerkits/accesstoken/grantpermissionforspecifiedtime_fuzzer/project.xml b/test/fuzztest/innerkits/accesstoken/grantpermissionforspecifiedtime_fuzzer/project.xml new file mode 100644 index 000000000..7133b2b92 --- /dev/null +++ b/test/fuzztest/innerkits/accesstoken/grantpermissionforspecifiedtime_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/services/accesstoken/BUILD.gn b/test/fuzztest/services/accesstoken/BUILD.gn index 61357dd12..aa0d07bff 100644 --- a/test/fuzztest/services/accesstoken/BUILD.gn +++ b/test/fuzztest/services/accesstoken/BUILD.gn @@ -41,6 +41,7 @@ group("fuzztest") { "getreqpermissionsstub_fuzzer:GetReqPermissionsStubFuzzTest", "getselfpermissionsstatestub_fuzzer:GetSelfPermissionsStateStubFuzzTest", "gettokentypestub_fuzzer:GetTokenTypeStubFuzzTest", + "grantpermissionforspecifiedtimestub_fuzzer:GrantPermissionForSpecifiedTimeStubFuzzTest", "grantpermissionstub_fuzzer:GrantPermissionStubFuzzTest", "initHapTokenstub_fuzzer:InitHapTokenStubFuzzTest", "registerpermstatechangecallbackstub_fuzzer:RegisterPermStateChangeCallbackStubFuzzTest", diff --git a/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/BUILD.gn new file mode 100644 index 000000000..5416997fc --- /dev/null +++ b/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/BUILD.gn @@ -0,0 +1,51 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../access_token.gni") +import("../access_token_service_fuzz.gni") + +ohos_fuzztest("GrantPermissionForSpecifiedTimeStubFuzzTest") { + module_out_path = module_output_path_service_access_token + fuzz_config_file = "." + + sources = [ "grantpermissionforspecifiedtimestub_fuzzer.cpp" ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + include_dirs = access_token_include_dirs + + deps = access_token_deps + + configs = [ "${access_token_path}/config:coverage_flags" ] + + external_deps = access_token_external_deps + + include_dirs += access_token_impl_include_dirs + + cflags_cc = access_token_cflags_cc + + sources += access_token_sources + + sources += access_token_impl_sources + + if (eventhandler_enable == true) { + sources += [ "${access_token_path}/services/common/handler/src/access_event_handler.cpp" ] + } +} diff --git a/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/corpus/init b/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/corpus/init new file mode 100644 index 000000000..e7c3fecd8 --- /dev/null +++ b/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/grantpermissionforspecifiedtimestub_fuzzer.cpp b/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/grantpermissionforspecifiedtimestub_fuzzer.cpp new file mode 100644 index 000000000..766c8b653 --- /dev/null +++ b/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/grantpermissionforspecifiedtimestub_fuzzer.cpp @@ -0,0 +1,73 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "grantpermissionforspecifiedtimestub_fuzzer.h" +#include +#include +#include +#include +#include +#include +#include "accesstoken_fuzzdata.h" +#undef private +#include "accesstoken_manager_service.h" +#include "hap_info_parcel.h" +#include "i_accesstoken_manager.h" + +using namespace std; +using namespace OHOS::Security::AccessToken; +const int CONSTANTS_NUMBER_TWO = 2; +static const int32_t ROOT_UID = 0; + +namespace OHOS { + bool AllocHapTokenStubFuzzTest(const uint8_t* data, size_t size) + { + if ((data == nullptr) || (size == 0)) { + return false; + } + + AccessTokenFuzzData fuzzData(data, size); + AccessTokenID tokenId = fuzzData.GetData(); + std::string permissionName(fuzzData.GenerateRandomString()); + uint32_t onceTime = fuzzData.GetData(); + MessageParcel datas; + datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + if (!datas.WriteUint32(tokenId) || !datas.WriteString(permissionName) || + !datas.WriteUint32(onceTime)) { + return false; + } + uint32_t code = static_cast( + AccessTokenInterfaceCode::GRANT_PERMISSION_FOR_SPECIFIEDTIME); + + MessageParcel reply; + MessageOption option; + bool enable = ((size % CONSTANTS_NUMBER_TWO) == 0); + if (enable) { + setuid(CONSTANTS_NUMBER_TWO); + } + DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); + setuid(ROOT_UID); + + return true; + } +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::AllocHapTokenStubFuzzTest(data, size); + return 0; +} diff --git a/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/grantpermissionforspecifiedtimestub_fuzzer.h b/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/grantpermissionforspecifiedtimestub_fuzzer.h new file mode 100644 index 000000000..b521169fa --- /dev/null +++ b/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/grantpermissionforspecifiedtimestub_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_GRANT_SPECFIC_TIME_STUB_FUZZER_H +#define TEST_FUZZTEST_GRANT_SPECFIC_TIME_STUB_FUZZER_H + +#define FUZZ_PROJECT_NAME "grantpermissionforspecifiedtimestub_fuzzer" + +#endif // TEST_FUZZTEST_GRANT_SPECFIC_TIME_STUB_FUZZER_H diff --git a/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/project.xml b/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/project.xml new file mode 100644 index 000000000..7133b2b92 --- /dev/null +++ b/test/fuzztest/services/accesstoken/grantpermissionforspecifiedtimestub_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + -- Gitee From 7f97dd8825fc33f0d54612122f3c896d7c598c5e Mon Sep 17 00:00:00 2001 From: SunShine55 <18772101563@163.com> Date: Thu, 29 Aug 2024 18:17:50 +0800 Subject: [PATCH 064/473] add ohos.permission.ENTERPRISE_RECOVERY_KEY Signed-off-by: SunShine55 <18772101563@163.com> --- frameworks/common/src/permission_map.cpp | 1 + .../accesstokenmanager/permission_definitions.json | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/frameworks/common/src/permission_map.cpp b/frameworks/common/src/permission_map.cpp index 8277def24..86376639b 100644 --- a/frameworks/common/src/permission_map.cpp +++ b/frameworks/common/src/permission_map.cpp @@ -278,6 +278,7 @@ const static std::vector> g_permMap = { {"ohos.permission.GET_SCENE_CODE", false}, {"ohos.permission.FILE_GUARD_MANAGER", false}, {"ohos.permission.SET_FILE_GUARD_POLICY", false}, + {"ohos.permission.ENTERPRISE_RECOVERY_KEY", false}, {"ohos.permission.securityguard.SET_MODEL_STATE", false}, {"ohos.permission.hsdr.HSDR_ACCESS", false}, {"ohos.permission.SUPPORT_USER_AUTH", false}, diff --git a/services/accesstokenmanager/permission_definitions.json b/services/accesstokenmanager/permission_definitions.json index 512b5cf66..7ad8687f7 100644 --- a/services/accesstokenmanager/permission_definitions.json +++ b/services/accesstokenmanager/permission_definitions.json @@ -1930,6 +1930,16 @@ "provisionEnable": true, "distributedSceneEnable": false }, + { + "name": "ohos.permission.ENTERPRISE_RECOVERY_KEY", + "grantMode": "system_grant", + "availableLevel": "system_core", + "availableType": "MDM", + "since": 13, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, { "name": "ohos.permission.securityguard.SET_MODEL_STATE", "grantMode": "system_grant", -- Gitee From f6408282e52557b1859416e14409529d0f2476eb Mon Sep 17 00:00:00 2001 From: ligongshao Date: Thu, 29 Aug 2024 16:39:51 +0800 Subject: [PATCH 065/473] get el5 sa with retry Signed-off-by: ligongshao --- .../innerkits/el5filekeymanager/BUILD.gn | 2 - .../include/el5_filekey_manager_client.h | 8 -- .../src/el5_filekey_manager_client.cpp | 89 ++++--------------- .../el5_filekey_manager_death_recipient.cpp | 28 ------ .../src/el5_filekey_manager_death_recipient.h | 34 ------- .../src/el5_filekey_manager_load_callback.cpp | 35 -------- .../src/el5_filekey_manager_load_callback.h | 37 -------- 7 files changed, 16 insertions(+), 217 deletions(-) delete mode 100644 interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_death_recipient.cpp delete mode 100644 interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_death_recipient.h delete mode 100644 interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_load_callback.cpp delete mode 100644 interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_load_callback.h diff --git a/interfaces/innerkits/el5filekeymanager/BUILD.gn b/interfaces/innerkits/el5filekeymanager/BUILD.gn index 09cb33fb7..fa8858a3c 100644 --- a/interfaces/innerkits/el5filekeymanager/BUILD.gn +++ b/interfaces/innerkits/el5filekeymanager/BUILD.gn @@ -41,9 +41,7 @@ ohos_shared_library("el5_filekey_manager_sdk") { "src/app_key_info.cpp", "src/el5_filekey_callback_stub.cpp", "src/el5_filekey_manager_client.cpp", - "src/el5_filekey_manager_death_recipient.cpp", "src/el5_filekey_manager_kit.cpp", - "src/el5_filekey_manager_load_callback.cpp", "src/el5_filekey_manager_proxy.cpp", ] diff --git a/interfaces/innerkits/el5filekeymanager/include/el5_filekey_manager_client.h b/interfaces/innerkits/el5filekeymanager/include/el5_filekey_manager_client.h index 6364fec68..9bf474595 100644 --- a/interfaces/innerkits/el5filekeymanager/include/el5_filekey_manager_client.h +++ b/interfaces/innerkits/el5filekeymanager/include/el5_filekey_manager_client.h @@ -19,7 +19,6 @@ #include "el5_filekey_manager_interface.h" #include -#include "el5_filekey_manager_death_recipient.h" namespace OHOS { namespace Security { @@ -38,17 +37,10 @@ public: int32_t SetFilePathPolicy(); int32_t RegisterCallback(const sptr &callback); - void LoadSystemAbilitySuccess(const sptr &remoteObject); - void LoadSystemAbilityFail(); - void OnRemoteDiedHandle(); - private: El5FilekeyManagerClient(); DISALLOW_COPY_AND_MOVE(El5FilekeyManagerClient); std::mutex proxyMutex_; - sptr proxy_ = nullptr; - std::condition_variable proxyConVar_; - sptr deathRecipient_ = nullptr; sptr GetProxy(); }; } // namespace AccessToken diff --git a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_client.cpp b/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_client.cpp index 4e2e68f6d..82d804585 100644 --- a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_client.cpp +++ b/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_client.cpp @@ -15,7 +15,6 @@ #include "el5_filekey_manager_client.h" -#include "el5_filekey_manager_load_callback.h" #include "el5_filekey_manager_log.h" #include "el5_filekey_manager_proxy.h" #include "iservice_registry.h" @@ -25,7 +24,8 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { -constexpr int32_t LOAD_SA_TIMEOUT_MS = 60000; +constexpr int32_t LOAD_SA_TIMEOUT_SECOND = 4; +constexpr int32_t LOAD_SA_RETRY_TIMES = 5; } El5FilekeyManagerClient::El5FilekeyManagerClient() { @@ -131,81 +131,24 @@ sptr El5FilekeyManagerClient::GetProxy() LOG_ERROR("Get system ability manager failed."); return nullptr; } - if (proxy_ == nullptr) { - auto el5FilekeyService = systemAbilityManager->CheckSystemAbility(EL5_FILEKEY_MANAGER_SERVICE_ID); - if (el5FilekeyService != nullptr) { - deathRecipient_ = new (std::nothrow) El5FilekeyManagerDeathRecipient(); - if (deathRecipient_ != nullptr) { - el5FilekeyService->AddDeathRecipient(deathRecipient_); - } - - proxy_ = iface_cast(el5FilekeyService); - if (proxy_ == nullptr) { - LOG_ERROR("Cast proxy failed, iface_cast get null."); - } - return proxy_; - } - } - // LoadEl5FilekeyManagerService - sptr loadCallback = new El5FilekeyManagerLoadCallback(); - if (loadCallback == nullptr) { - LOG_ERROR("Load service failed, loadCallback is nullptr."); - return nullptr; - } - int32_t ret = systemAbilityManager->LoadSystemAbility(EL5_FILEKEY_MANAGER_SERVICE_ID, loadCallback); - if (ret != ERR_OK) { - LOG_ERROR("Load el5_filekey_service failed."); - return nullptr; + auto el5FilekeyService = systemAbilityManager->GetSystemAbility(EL5_FILEKEY_MANAGER_SERVICE_ID); + if (el5FilekeyService != nullptr) { + LOG_INFO("get el5 filekey manager proxy success"); + return iface_cast(el5FilekeyService); } - // wait for LoadSystemAbility - LOG_INFO("wait for LoadSystemAbility"); - auto waitStatus = proxyConVar_.wait_for(lock, std::chrono::milliseconds(LOAD_SA_TIMEOUT_MS), - [this]() { return proxy_ != nullptr; }); - if (!waitStatus) { - LOG_WARN("wait for LoadSystemAbility timeout"); - return nullptr; - } - LOG_INFO("El5FilekeyManagerClient GetProxy success"); - - return proxy_; -} -void El5FilekeyManagerClient::LoadSystemAbilitySuccess(const sptr &remoteObject) -{ - LOG_INFO("El5FilekeyManagerClient LoadSystemAbilitySuccess"); - std::lock_guard lock(proxyMutex_); - if (remoteObject == nullptr) { - LOG_ERROR("After loading el5_filekey_service, remoteObject is null."); - proxy_ = nullptr; - return; - } - - deathRecipient_ = new (std::nothrow) El5FilekeyManagerDeathRecipient(); - if (deathRecipient_ != nullptr) { - remoteObject->AddDeathRecipient(deathRecipient_); - } - - proxy_ = iface_cast(remoteObject); - if (proxy_ == nullptr) { - LOG_ERROR("After loading el5_filekey_service, iface_cast get null."); + for (int i = 0; i <= LOAD_SA_RETRY_TIMES; i++) { + auto el5FilekeyService = + systemAbilityManager->LoadSystemAbility(EL5_FILEKEY_MANAGER_SERVICE_ID, LOAD_SA_TIMEOUT_SECOND); + if (el5FilekeyService != nullptr) { + LOG_INFO("load el5 filekey manager success"); + return iface_cast(el5FilekeyService); + } + LOG_INFO("load el5 filekey manager failed, retry count:%{public}d", i); } - proxyConVar_.notify_one(); -} - -void El5FilekeyManagerClient::LoadSystemAbilityFail() -{ - std::lock_guard lock(proxyMutex_); - LOG_ERROR("Load el5_filekey_service failed."); - proxy_ = nullptr; - proxyConVar_.notify_one(); -} - -void El5FilekeyManagerClient::OnRemoteDiedHandle() -{ - LOG_INFO("Remote died."); - std::lock_guard lock(proxyMutex_); - proxy_ = nullptr; + LOG_ERROR("get el5 filekey manager proxy failed"); + return nullptr; } } // namespace AccessToken } // namespace Security diff --git a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_death_recipient.cpp b/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_death_recipient.cpp deleted file mode 100644 index 017814c4b..000000000 --- a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_death_recipient.cpp +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Copyright (c) 2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include "el5_filekey_manager_death_recipient.h" - -#include "el5_filekey_manager_client.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -void El5FilekeyManagerDeathRecipient::OnRemoteDied(const wptr& object) -{ - El5FilekeyManagerClient::GetInstance().OnRemoteDiedHandle(); -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS diff --git a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_death_recipient.h b/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_death_recipient.h deleted file mode 100644 index 65ec8202f..000000000 --- a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_death_recipient.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright (c) 2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - - -#ifndef EL5_FILEKEY_MANAGER_DEATH_RECIPIENT_H -#define EL5_FILEKEY_MANAGER_DEATH_RECIPIENT_H - -#include "iremote_object.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -class El5FilekeyManagerDeathRecipient : public IRemoteObject::DeathRecipient { -public: - El5FilekeyManagerDeathRecipient() {} - ~El5FilekeyManagerDeathRecipient() override = default; - void OnRemoteDied(const wptr& object) override; -}; -} // namespace AccessToken -} // namespace Security -} // namespace OHOS -#endif // EL5_FILEKEY_MANAGER_DEATH_RECIPIENT_H diff --git a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_load_callback.cpp b/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_load_callback.cpp deleted file mode 100644 index 9f10e49fe..000000000 --- a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_load_callback.cpp +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) 2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "el5_filekey_manager_load_callback.h" - -#include "el5_filekey_manager_client.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -void El5FilekeyManagerLoadCallback::OnLoadSystemAbilitySuccess(int32_t systemAbilityId, - const sptr &remoteObject) -{ - El5FilekeyManagerClient::GetInstance().LoadSystemAbilitySuccess(remoteObject); -} - -void El5FilekeyManagerLoadCallback::OnLoadSystemAbilityFail(int32_t systemAbilityId) -{ - El5FilekeyManagerClient::GetInstance().LoadSystemAbilityFail(); -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS diff --git a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_load_callback.h b/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_load_callback.h deleted file mode 100644 index 1771249a4..000000000 --- a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_load_callback.h +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (c) 2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef EL5_FILEKEY_MANAGER_LOAD_CALLBACK_H -#define EL5_FILEKEY_MANAGER_LOAD_CALLBACK_H - -#include -#include - -#include "refbase.h" -#include "system_ability_load_callback_stub.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -class El5FilekeyManagerLoadCallback : public SystemAbilityLoadCallbackStub { -public: - void OnLoadSystemAbilitySuccess(int32_t systemAbilityId, - const sptr &remoteObject) override; - void OnLoadSystemAbilityFail(int32_t systemAbilityId) override; -}; -} // namespace AccessToken -} // namespace Security -} // namespace OHOS -#endif // EL5_FILEKEY_MANAGER_LOAD_CALLBACK_H -- Gitee From 229ca38749df0f8bb26767fab7a5b726ab8a87a2 Mon Sep 17 00:00:00 2001 From: yuan78 Date: Fri, 16 Aug 2024 11:08:39 +0800 Subject: [PATCH 066/473] =?UTF-8?q?=E6=96=B0=E5=A2=9EGET=5FETHERNET=5FLOCA?= =?UTF-8?q?L=5FMAC=E6=9D=83=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: yuan78 --- services/accesstokenmanager/permission_definitions.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/accesstokenmanager/permission_definitions.json b/services/accesstokenmanager/permission_definitions.json index 835936e34..df657673d 100644 --- a/services/accesstokenmanager/permission_definitions.json +++ b/services/accesstokenmanager/permission_definitions.json @@ -4979,7 +4979,7 @@ "grantMode": "system_grant", "availableLevel": "system_basic", "availableType": "SYSTEM", - "since": 12, + "since": 13, "deprecated": "", "provisionEnable": true, "distributedSceneEnable": false -- Gitee From 02747e7f65645f020cfe5afab282b0146dbd74d3 Mon Sep 17 00:00:00 2001 From: zhouyan Date: Sat, 31 Aug 2024 17:37:43 +0800 Subject: [PATCH 067/473] =?UTF-8?q?=E5=88=A0=E9=99=A4=E5=86=97=E4=BD=99?= =?UTF-8?q?=E7=9A=84=E5=90=8C=E6=AD=A5nativetoken=E6=8E=A5=E5=8F=A3?= =?UTF-8?q?=E4=B8=8E=E4=BB=A3=E7=A0=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: zhouyan Change-Id: I081e1df233e047946ee0efaa02a344e7525dfe9c --- .../include/i_accesstoken_manager.h | 3 - .../accesstoken/include/accesstoken_kit.h | 15 -- .../accesstoken/libaccesstoken_sdk.map | 2 - .../accesstoken/src/accesstoken_kit.cpp | 14 -- .../src/accesstoken_manager_client.cpp | 37 ---- .../src/accesstoken_manager_client.h | 3 - .../src/accesstoken_manager_proxy.cpp | 65 ------ .../src/accesstoken_manager_proxy.h | 3 - .../accesstoken_kit_test.cpp | 25 --- .../unittest/src/accesstoken_deny_test.cpp | 25 --- .../unittest/src/remote_token_kit_test.cpp | 76 ------- .../service/accesstoken_manager_service.h | 3 - .../service/accesstoken_manager_stub.h | 2 - .../include/token/accesstoken_info_manager.h | 3 - .../service/accesstoken_manager_service.cpp | 27 --- .../src/service/accesstoken_manager_stub.cpp | 58 ------ .../src/token/accesstoken_info_manager.cpp | 84 -------- .../accesstoken_info_manager_test.cpp | 36 ---- .../unittest/native_token_receptor_test.cpp | 39 ---- services/tokensyncmanager/BUILD.gn | 1 - .../sync_remote_native_token_command.h | 55 ----- .../include/remote/remote_command_factory.h | 4 - .../sync_remote_native_token_command.cpp | 126 ------------ .../src/remote/remote_command_factory.cpp | 10 - .../src/remote/remote_command_manager.cpp | 1 - .../tokensyncmanager/test/coverage/BUILD.gn | 1 - .../tokensyncmanager/test/unittest/BUILD.gn | 1 - .../test/unittest/token_sync_service_test.cpp | 188 ------------------ test/fuzztest/innerkits/accesstoken/BUILD.gn | 2 - .../getallnativetokeninfo_fuzzer/BUILD.gn | 45 ----- .../getallnativetokeninfo_fuzzer/corpus/init | 14 -- .../getallnativetokeninfo_fuzzer.cpp | 48 ----- .../getallnativetokeninfo_fuzzer.h | 21 -- .../getallnativetokeninfo_fuzzer/project.xml | 25 --- .../setremotenativetokeninfo_fuzzer/BUILD.gn | 47 ----- .../corpus/init | 14 -- .../project.xml | 25 --- .../setremotenativetokeninfo_fuzzer.cpp | 64 ------ .../setremotenativetokeninfo_fuzzer.h | 21 -- test/fuzztest/services/accesstoken/BUILD.gn | 2 - .../accesstoken/access_token_service_fuzz.gni | 1 - .../getallnativetokeninfostub_fuzzer/BUILD.gn | 48 ----- .../corpus/init | 14 -- .../getallnativetokeninfostub_fuzzer.cpp | 73 ------- .../getallnativetokeninfostub_fuzzer.h | 21 -- .../project.xml | 25 --- .../BUILD.gn | 47 ----- .../corpus/init | 14 -- .../project.xml | 25 --- .../setremotenativetokeninfostub_fuzzer.cpp | 96 --------- .../setremotenativetokeninfostub_fuzzer.h | 21 -- 51 files changed, 1620 deletions(-) delete mode 100644 services/tokensyncmanager/include/command/sync_remote_native_token_command.h delete mode 100644 services/tokensyncmanager/src/command/sync_remote_native_token_command.cpp delete mode 100644 test/fuzztest/innerkits/accesstoken/getallnativetokeninfo_fuzzer/BUILD.gn delete mode 100644 test/fuzztest/innerkits/accesstoken/getallnativetokeninfo_fuzzer/corpus/init delete mode 100644 test/fuzztest/innerkits/accesstoken/getallnativetokeninfo_fuzzer/getallnativetokeninfo_fuzzer.cpp delete mode 100644 test/fuzztest/innerkits/accesstoken/getallnativetokeninfo_fuzzer/getallnativetokeninfo_fuzzer.h delete mode 100644 test/fuzztest/innerkits/accesstoken/getallnativetokeninfo_fuzzer/project.xml delete mode 100644 test/fuzztest/innerkits/accesstoken/setremotenativetokeninfo_fuzzer/BUILD.gn delete mode 100644 test/fuzztest/innerkits/accesstoken/setremotenativetokeninfo_fuzzer/corpus/init delete mode 100644 test/fuzztest/innerkits/accesstoken/setremotenativetokeninfo_fuzzer/project.xml delete mode 100644 test/fuzztest/innerkits/accesstoken/setremotenativetokeninfo_fuzzer/setremotenativetokeninfo_fuzzer.cpp delete mode 100644 test/fuzztest/innerkits/accesstoken/setremotenativetokeninfo_fuzzer/setremotenativetokeninfo_fuzzer.h delete mode 100644 test/fuzztest/services/accesstoken/getallnativetokeninfostub_fuzzer/BUILD.gn delete mode 100644 test/fuzztest/services/accesstoken/getallnativetokeninfostub_fuzzer/corpus/init delete mode 100644 test/fuzztest/services/accesstoken/getallnativetokeninfostub_fuzzer/getallnativetokeninfostub_fuzzer.cpp delete mode 100644 test/fuzztest/services/accesstoken/getallnativetokeninfostub_fuzzer/getallnativetokeninfostub_fuzzer.h delete mode 100644 test/fuzztest/services/accesstoken/getallnativetokeninfostub_fuzzer/project.xml delete mode 100644 test/fuzztest/services/accesstoken/setremotenativetokeninfostub_fuzzer/BUILD.gn delete mode 100644 test/fuzztest/services/accesstoken/setremotenativetokeninfostub_fuzzer/corpus/init delete mode 100644 test/fuzztest/services/accesstoken/setremotenativetokeninfostub_fuzzer/project.xml delete mode 100644 test/fuzztest/services/accesstoken/setremotenativetokeninfostub_fuzzer/setremotenativetokeninfostub_fuzzer.cpp delete mode 100644 test/fuzztest/services/accesstoken/setremotenativetokeninfostub_fuzzer/setremotenativetokeninfostub_fuzzer.h diff --git a/frameworks/accesstoken/include/i_accesstoken_manager.h b/frameworks/accesstoken/include/i_accesstoken_manager.h index 3f6fc0f5b..295bad7f0 100644 --- a/frameworks/accesstoken/include/i_accesstoken_manager.h +++ b/frameworks/accesstoken/include/i_accesstoken_manager.h @@ -92,11 +92,8 @@ public: #ifdef TOKEN_SYNC_ENABLE virtual int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSyncParcel& hapSyncParcel) = 0; - virtual int GetAllNativeTokenInfo(std::vector& nativeTokenInfoRes) = 0; virtual int SetRemoteHapTokenInfo(const std::string& deviceID, HapTokenInfoForSyncParcel& hapSyncParcel) = 0; - virtual int SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoForSyncParcel) = 0; virtual int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) = 0; virtual AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID) = 0; virtual int DeleteRemoteDeviceTokens(const std::string& deviceID) = 0; diff --git a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h index b97259aa6..1a70ba736 100644 --- a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h +++ b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h @@ -354,13 +354,6 @@ public: * @return error code, see access_token_error.h */ static int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSync& hapSync); - /** - * @brief Get all native token infos. - * @param nativeTokenInfosRes NativeTokenInfoForSync list quote - * as input and query result - * @return error code, see access_token_error.h - */ - static int GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes); /** * @brief Set remote hap token info with remote deviceID. * @param deviceID remote deviceID @@ -368,14 +361,6 @@ public: * @return error code, see access_token_error.h */ static int SetRemoteHapTokenInfo(const std::string& deviceID, const HapTokenInfoForSync& hapSync); - /** - * @brief Set remote native token info list with remote deviceID. - * @param deviceID remote deviceID - * @param nativeTokenInfoList native token info list to set - * @return error code, see access_token_error.h - */ - static int SetRemoteNativeTokenInfo(const std::string& deviceID, - const std::vector& nativeTokenInfoList); /** * @brief Delete remote token by remote deviceID and remote tokenID. * @param deviceID remote deviceID diff --git a/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map b/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map index 1479510ad..0bfe6bb1b 100644 --- a/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map +++ b/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map @@ -36,9 +36,7 @@ "OHOS::Security::AccessToken::AccessTokenKit::DumpTokenInfo(OHOS::Security::AccessToken::AtmToolsParamInfo const&, std::__h::basic_string, std::__h::allocator>&)"; "OHOS::Security::AccessToken::AccessTokenKit::DumpPermDefInfo(std::__h::basic_string, std::__h::allocator>&)"; "OHOS::Security::AccessToken::AccessTokenKit::GetHapTokenInfoFromRemote(unsigned int, OHOS::Security::AccessToken::HapTokenInfoForSync&)"; - "OHOS::Security::AccessToken::AccessTokenKit::GetAllNativeTokenInfo(std::__h::vector>&)"; "OHOS::Security::AccessToken::AccessTokenKit::SetRemoteHapTokenInfo(std::__h::basic_string, std::__h::allocator> const&, OHOS::Security::AccessToken::HapTokenInfoForSync const&)"; - "OHOS::Security::AccessToken::AccessTokenKit::SetRemoteNativeTokenInfo(std::__h::basic_string, std::__h::allocator> const&, std::__h::vector> const&)"; "OHOS::Security::AccessToken::AccessTokenKit::DeleteRemoteToken(std::__h::basic_string, std::__h::allocator> const&, unsigned int)"; "OHOS::Security::AccessToken::AccessTokenKit::GetRemoteNativeTokenID(std::__h::basic_string, std::__h::allocator> const&, unsigned int)"; "OHOS::Security::AccessToken::AccessTokenKit::DeleteRemoteDeviceTokens(std::__h::basic_string, std::__h::allocator> const&)"; diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp index 4b9f720a4..9ff76c3d9 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp @@ -528,13 +528,6 @@ int AccessTokenKit::GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInf return AccessTokenManagerClient::GetInstance().GetHapTokenInfoFromRemote(tokenID, hapSync); } -int AccessTokenKit::GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes) -{ - ACCESSTOKEN_LOG_DEBUG(LABEL, "Called"); - - return AccessTokenManagerClient::GetInstance().GetAllNativeTokenInfo(nativeTokenInfosRes); -} - int AccessTokenKit::SetRemoteHapTokenInfo(const std::string& deviceID, const HapTokenInfoForSync& hapSync) { @@ -543,13 +536,6 @@ int AccessTokenKit::SetRemoteHapTokenInfo(const std::string& deviceID, return AccessTokenManagerClient::GetInstance().SetRemoteHapTokenInfo(deviceID, hapSync); } -int AccessTokenKit::SetRemoteNativeTokenInfo(const std::string& deviceID, - const std::vector& nativeTokenInfoList) -{ - ACCESSTOKEN_LOG_DEBUG(LABEL, "DeviceID=%{public}s.", ConstantCommon::EncryptDevId(deviceID).c_str()); - return AccessTokenManagerClient::GetInstance().SetRemoteNativeTokenInfo(deviceID, nativeTokenInfoList); -} - int AccessTokenKit::DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) { ACCESSTOKEN_LOG_DEBUG(LABEL, "DeviceID=%{public}s, tokenID=%{public}d.", diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp index 8f6a1e5c6..b82b60387 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp @@ -540,24 +540,6 @@ int AccessTokenManagerClient::GetHapTokenInfoFromRemote(AccessTokenID tokenID, H return res; } -int AccessTokenManagerClient::GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes) -{ - auto proxy = GetProxy(); - if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); - return AccessTokenError::ERR_SERVICE_ABNORMAL; - } - - std::vector parcelList; - int result = proxy->GetAllNativeTokenInfo(parcelList); - for (const auto& nativeTokenParcel : parcelList) { - NativeTokenInfoForSync native = nativeTokenParcel.nativeTokenInfoForSyncParams; - nativeTokenInfosRes.emplace_back(native); - } - - return result; -} - int AccessTokenManagerClient::SetRemoteHapTokenInfo(const std::string& deviceID, const HapTokenInfoForSync& hapSync) { auto proxy = GetProxy(); @@ -573,25 +555,6 @@ int AccessTokenManagerClient::SetRemoteHapTokenInfo(const std::string& deviceID, return res; } -int AccessTokenManagerClient::SetRemoteNativeTokenInfo(const std::string& deviceID, - const std::vector& nativeTokenInfoList) -{ - auto proxy = GetProxy(); - if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); - return AccessTokenError::ERR_SERVICE_ABNORMAL; - } - std::vector nativeTokenInfoParcels; - for (const auto& native : nativeTokenInfoList) { - NativeTokenInfoForSyncParcel nativeTokenInfoForSyncParcel; - nativeTokenInfoForSyncParcel.nativeTokenInfoForSyncParams = native; - nativeTokenInfoParcels.emplace_back(nativeTokenInfoForSyncParcel); - } - PermissionStateFullParcel permStateParcel; - int res = proxy->SetRemoteNativeTokenInfo(deviceID, nativeTokenInfoParcels); - return res; -} - int AccessTokenManagerClient::DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) { auto proxy = GetProxy(); diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h index 307b74c80..e4d7f2b19 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h @@ -88,10 +88,7 @@ public: #ifdef TOKEN_SYNC_ENABLE int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSync& hapSync); - int GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes); int SetRemoteHapTokenInfo(const std::string& deviceID, const HapTokenInfoForSync& hapSync); - int SetRemoteNativeTokenInfo(const std::string& deviceID, - const std::vector& nativeTokenInfoList); int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID); AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID); int DeleteRemoteDeviceTokens(const std::string& deviceID); diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp index 470058183..6deb5dbc0 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp @@ -28,9 +28,6 @@ namespace { static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "ATMProxy"}; static const int MAX_PERMISSION_SIZE = 1000; static const int32_t MAX_USER_POLICY_SIZE = 1024; -#ifdef TOKEN_SYNC_ENABLE -static const int MAX_NATIVE_TOKEN_INFO_SIZE = 20480; -#endif } AccessTokenManagerProxy::AccessTokenManagerProxy(const sptr& impl) @@ -998,38 +995,6 @@ int AccessTokenManagerProxy::GetHapTokenInfoFromRemote(AccessTokenID tokenID, return result; } -int AccessTokenManagerProxy::GetAllNativeTokenInfo(std::vector& nativeTokenInfoRes) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_ALL_NATIVE_TOKEN_FROM_REMOTE, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - uint32_t size = 0; - int32_t result = reply.ReadInt32(); - if (result == RET_SUCCESS) { - size = reply.ReadUint32(); - if (size > MAX_NATIVE_TOKEN_INFO_SIZE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Size(%{public}d) is oversize.", size); - return ERR_OVERSIZE; - } - for (uint32_t i = 0; i < size; i++) { - sptr nativeResult = reply.ReadParcelable(); - if (nativeResult != nullptr) { - nativeTokenInfoRes.emplace_back(*nativeResult); - } - } - } - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server (error=%{public}d, size=%{public}d).", result, size); - return result; -} - int AccessTokenManagerProxy::SetRemoteHapTokenInfo(const std::string& deviceID, HapTokenInfoForSyncParcel& hapSyncParcel) { @@ -1055,36 +1020,6 @@ int AccessTokenManagerProxy::SetRemoteHapTokenInfo(const std::string& deviceID, return result; } -int AccessTokenManagerProxy::SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoForSyncParcel) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteString(deviceID)) { - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(nativeTokenInfoForSyncParcel.size())) { - return ERR_WRITE_PARCEL_FAILED; - } - for (const NativeTokenInfoForSyncParcel& parcel : nativeTokenInfoForSyncParcel) { - if (!data.WriteParcelable(&parcel)) { - return ERR_WRITE_PARCEL_FAILED; - } - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::SET_REMOTE_NATIVE_TOKEN_INFO, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server (error=%{public}d).", result); - return result; -} - int AccessTokenManagerProxy::DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) { MessageParcel data; diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h index 6410cda50..bcd60dbcc 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h @@ -90,10 +90,7 @@ public: #ifdef TOKEN_SYNC_ENABLE int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSyncParcel& hapSyncParcel) override; - int GetAllNativeTokenInfo(std::vector& nativeTokenInfoRes) override; int SetRemoteHapTokenInfo(const std::string& deviceID, HapTokenInfoForSyncParcel& hapSyncParcel) override; - int SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoForSyncParcel) override; int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) override; AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID) override; int DeleteRemoteDeviceTokens(const std::string& deviceID) override; diff --git a/interfaces/innerkits/accesstoken/test/unittest/accesstoken_mock_test/accesstoken_kit_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/accesstoken_mock_test/accesstoken_kit_test.cpp index 9227abe69..65173d36b 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/accesstoken_mock_test/accesstoken_kit_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/accesstoken_mock_test/accesstoken_kit_test.cpp @@ -486,18 +486,6 @@ HWTEST_F(AccessTokenKitTest, GetHapTokenInfoFromRemote001, TestSize.Level1) ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::GetHapTokenInfoFromRemote(tokenId, hapSync)); } -/** - * @tc.name: GetAllNativeTokenInfo001 - * @tc.desc: GetAllNativeTokenInfo with proxy is null - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenKitTest, GetAllNativeTokenInfo001, TestSize.Level1) -{ - std::vector nativeTokenInfosRes; - ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::GetAllNativeTokenInfo(nativeTokenInfosRes)); -} - /** * @tc.name: SetRemoteHapTokenInfo001 * @tc.desc: SetRemoteHapTokenInfo with proxy is null @@ -511,19 +499,6 @@ HWTEST_F(AccessTokenKitTest, SetRemoteHapTokenInfo001, TestSize.Level1) ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::SetRemoteHapTokenInfo(device, hapSync)); } -/** - * @tc.name: SetRemoteNativeTokenInfo001 - * @tc.desc: SetRemoteNativeTokenInfo with proxy is null - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenKitTest, SetRemoteNativeTokenInfo001, TestSize.Level1) -{ - std::string device = "device"; - std::vector nativeToken; - ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::SetRemoteNativeTokenInfo(device, nativeToken)); -} - /** * @tc.name: DeleteRemoteToken001 * @tc.desc: DeleteRemoteToken with proxy is null diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_deny_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_deny_test.cpp index 305feee40..95aa3bc63 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_deny_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_deny_test.cpp @@ -477,18 +477,6 @@ HWTEST_F(AccessTokenDenyTest, GetHapTokenInfoFromRemote001, TestSize.Level1) ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::GetHapTokenInfoFromRemote(tokenId, hapSync)); } -/** - * @tc.name: GetAllNativeTokenInfo001 - * @tc.desc: GetAllNativeTokenInfo with no permission - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenDenyTest, GetAllNativeTokenInfo001, TestSize.Level1) -{ - std::vector nativeTokenInfosRes; - ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::GetAllNativeTokenInfo(nativeTokenInfosRes)); -} - /** * @tc.name: SetRemoteHapTokenInfo001 * @tc.desc: SetRemoteHapTokenInfo with no permission @@ -502,19 +490,6 @@ HWTEST_F(AccessTokenDenyTest, SetRemoteHapTokenInfo001, TestSize.Level1) ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::SetRemoteHapTokenInfo(device, hapSync)); } -/** - * @tc.name: SetRemoteNativeTokenInfo001 - * @tc.desc: SetRemoteNativeTokenInfo with no permission - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenDenyTest, SetRemoteNativeTokenInfo001, TestSize.Level1) -{ - std::string device = "device"; - std::vector nativeToken; - ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::SetRemoteNativeTokenInfo(device, nativeToken)); -} - /** * @tc.name: DeleteRemoteToken001 * @tc.desc: DeleteRemoteToken with no permission diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/remote_token_kit_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/remote_token_kit_test.cpp index d63b3c67c..47866d12c 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/remote_token_kit_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/remote_token_kit_test.cpp @@ -1054,82 +1054,6 @@ HWTEST_F(RemoteTokenKitTest, AllocLocalTokenID001, TestSize.Level1) ASSERT_NE(mapID, 0); } -/** - * @tc.name: GetAllNativeTokenInfo001 - * @tc.desc: get all native token with dcaps - * @tc.type: FUNC - * @tc.require:issue I5R4UF - */ -HWTEST_F(RemoteTokenKitTest, GetAllNativeTokenInfo001, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "GetAllNativeTokenInfo001 start."); - - std::vector nativeTokenInfosRes; - int ret = AccessTokenKit::GetAllNativeTokenInfo(nativeTokenInfosRes); - ASSERT_EQ(ret, RET_SUCCESS); -} - -/** - * @tc.name: GetAllNativeTokenInfo002 - * @tc.desc: GetAllNativeTokenInfo function test. - * @tc.type: FUNC - * @tc.require: issueI61NS6 - */ -HWTEST_F(RemoteTokenKitTest, GetAllNativeTokenInfo002, TestSize.Level1) -{ - AccessTokenID tokenId = AccessTokenKit::GetNativeTokenId("token_sync_service"); - EXPECT_EQ(0, SetSelfTokenID(tokenId)); - std::vector nativeTokenInfoRes; - int res = AccessTokenKit::GetAllNativeTokenInfo(nativeTokenInfoRes); - ASSERT_EQ(0, res); -} - -/** - * @tc.name: SetRemoteNativeTokenInfo001 - * @tc.desc: set already mapping tokenInfo - * @tc.type: FUNC - * @tc.require:issue I5R4UF - */ -HWTEST_F(RemoteTokenKitTest, SetRemoteNativeTokenInfo001, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteNativeTokenInfo001 start."); - std::string deviceID = udid_; - - NativeTokenInfoForSync native1 = { - .baseInfo.apl = APL_NORMAL, - .baseInfo.ver = 1, - .baseInfo.processName = "native_test1", - .baseInfo.dcap = {"SYSDCAP", "DMSDCAP"}, - .baseInfo.tokenID = 0x28000000, - .baseInfo.tokenAttr = 0, - .baseInfo.nativeAcls = {"ohos.permission.DISTRIBUTED_DATASYNC"}, - }; - - std::vector nativeTokenInfoList; - nativeTokenInfoList.emplace_back(native1); - - int ret = AccessTokenKit::SetRemoteNativeTokenInfo(deviceID, nativeTokenInfoList); - ASSERT_EQ(ret, RET_SUCCESS); - - AccessTokenID mapID = AccessTokenKit::GetRemoteNativeTokenID(deviceID, 0x28000000); - ASSERT_NE(mapID, 0); - - NativeTokenInfo resultInfo; - ret = AccessTokenKit::GetNativeTokenInfo(mapID, resultInfo); - ASSERT_EQ(ret, RET_SUCCESS); - - ASSERT_EQ(resultInfo.apl, native1.baseInfo.apl); - ASSERT_EQ(resultInfo.ver, native1.baseInfo.ver); - ASSERT_EQ(resultInfo.processName, native1.baseInfo.processName); - ASSERT_EQ(resultInfo.dcap.size(), 2); - ASSERT_EQ(resultInfo.dcap[0], "SYSDCAP"); - ASSERT_EQ(resultInfo.dcap[1], "DMSDCAP"); - ASSERT_EQ(resultInfo.nativeAcls.size(), 1); - ASSERT_EQ(resultInfo.nativeAcls[0], "ohos.permission.DISTRIBUTED_DATASYNC"); - ASSERT_EQ(resultInfo.tokenID, mapID); - ASSERT_EQ(resultInfo.tokenAttr, native1.baseInfo.tokenAttr); -} - /** * @tc.name: DeleteRemoteToken001 * @tc.desc: DeleteRemoteToken with invalid parameters. diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h index c2f46f56e..7f9c2fe45 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h @@ -87,10 +87,7 @@ public: #ifdef TOKEN_SYNC_ENABLE int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSyncParcel& hapSyncParcel) override; - int GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes) override; int SetRemoteHapTokenInfo(const std::string& deviceID, HapTokenInfoForSyncParcel& hapSyncParcel) override; - int SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoForSyncParcel) override; int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) override; AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID) override; int DeleteRemoteDeviceTokens(const std::string& deviceID) override; diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h index 20cf7565a..33e86ddec 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h @@ -68,9 +68,7 @@ private: #ifdef TOKEN_SYNC_ENABLE void GetHapTokenInfoFromRemoteInner(MessageParcel& data, MessageParcel& reply); - void GetAllNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply); void SetRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply); - void SetRemoteNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply); void DeleteRemoteTokenInner(MessageParcel& data, MessageParcel& reply); void DeleteRemoteDeviceTokensInner(MessageParcel& data, MessageParcel& reply); void GetRemoteNativeTokenIDInner(MessageParcel& data, MessageParcel& reply); diff --git a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h index d41ccc6b4..3459a0945 100644 --- a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h +++ b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h @@ -96,10 +96,7 @@ public: int GetHapTokenSync(AccessTokenID tokenID, HapTokenInfoForSync& hapSync); int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSync& hapSync); - void GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes); int SetRemoteHapTokenInfo(const std::string& deviceID, HapTokenInfoForSync& hapSync); - int SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoList); bool IsRemoteHapTokenValid(const std::string& deviceID, const HapTokenInfoForSync& hapSync); int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID); AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID); diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index c13987932..b8d98f425 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -455,21 +455,6 @@ int AccessTokenManagerService::GetHapTokenInfoFromRemote(AccessTokenID tokenID, hapSyncParcel.hapTokenInfoForSyncParams); } -int AccessTokenManagerService::GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "Called"); - - std::vector nativeVec; - AccessTokenInfoManager::GetInstance().GetAllNativeTokenInfo(nativeVec); - for (const auto& native : nativeVec) { - NativeTokenInfoForSyncParcel nativeParcel; - nativeParcel.nativeTokenInfoForSyncParams = native; - nativeTokenInfosRes.emplace_back(nativeParcel); - } - - return RET_SUCCESS; -} - int AccessTokenManagerService::SetRemoteHapTokenInfo(const std::string& deviceID, HapTokenInfoForSyncParcel& hapSyncParcel) { @@ -479,18 +464,6 @@ int AccessTokenManagerService::SetRemoteHapTokenInfo(const std::string& deviceID return ret; } -int AccessTokenManagerService::SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoForSyncParcel) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "DeviceID: %{public}s", ConstantCommon::EncryptDevId(deviceID).c_str()); - - std::vector nativeList; - std::transform(nativeTokenInfoForSyncParcel.begin(), - nativeTokenInfoForSyncParcel.end(), std::back_inserter(nativeList), - [](const auto& nativeParcel) { return nativeParcel.nativeTokenInfoForSyncParams; }); - return AccessTokenInfoManager::GetInstance().SetRemoteNativeTokenInfo(deviceID, nativeList); -} - int AccessTokenManagerService::DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) { ACCESSTOKEN_LOG_INFO(LABEL, "DeviceID: %{public}s, token id %{public}d", diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp index 22f2654fe..bf78ed4d4 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp @@ -36,9 +36,6 @@ const std::string MANAGE_HAP_TOKENID_PERMISSION = "ohos.permission.MANAGE_HAP_TO static const int32_t DUMP_CAPACITY_SIZE = 2 * 1024 * 1000; static const int MAX_PERMISSION_SIZE = 1000; static const int32_t MAX_USER_POLICY_SIZE = 1024; -#ifdef TOKEN_SYNC_ENABLE -static const int MAX_NATIVE_TOKEN_INFO_SIZE = 20480; -#endif const std::string GRANT_SENSITIVE_PERMISSIONS = "ohos.permission.GRANT_SENSITIVE_PERMISSIONS"; const std::string REVOKE_SENSITIVE_PERMISSIONS = "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS"; const std::string GET_SENSITIVE_PERMISSIONS = "ohos.permission.GET_SENSITIVE_PERMISSIONS"; @@ -709,25 +706,6 @@ void AccessTokenManagerStub::GetHapTokenInfoFromRemoteInner(MessageParcel& data, reply.WriteParcelable(&hapTokenParcel); } -void AccessTokenManagerStub::GetAllNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsAccessTokenCalling()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); - return; - } - std::vector nativeTokenInfosRes; - int result = this->GetAllNativeTokenInfo(nativeTokenInfosRes); - reply.WriteInt32(result); - if (result != RET_SUCCESS) { - return; - } - reply.WriteUint32(nativeTokenInfosRes.size()); - for (const auto& native : nativeTokenInfosRes) { - reply.WriteParcelable(&native); - } -} - void AccessTokenManagerStub::SetRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply) { if (!IsAccessTokenCalling()) { @@ -746,36 +724,6 @@ void AccessTokenManagerStub::SetRemoteHapTokenInfoInner(MessageParcel& data, Mes reply.WriteInt32(result); } -void AccessTokenManagerStub::SetRemoteNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsAccessTokenCalling()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); - return; - } - std::string deviceID = data.ReadString(); - - std::vector nativeParcelList; - uint32_t size = data.ReadUint32(); - if (size > MAX_NATIVE_TOKEN_INFO_SIZE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Size %{public}u is invalid", size); - reply.WriteInt32(AccessTokenError::ERR_OVERSIZE); - return; - } - for (uint32_t i = 0; i < size; i++) { - sptr nativeParcel = data.ReadParcelable(); - if (nativeParcel == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "NativeParcel read faild"); - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED); - return; - } - nativeParcelList.emplace_back(*nativeParcel); - } - - int result = this->SetRemoteNativeTokenInfo(deviceID, nativeParcelList); - reply.WriteInt32(result); -} - void AccessTokenManagerStub::DeleteRemoteTokenInner(MessageParcel& data, MessageParcel& reply) { if (!IsAccessTokenCalling()) { @@ -1072,14 +1020,8 @@ void AccessTokenManagerStub::SetTokenSyncFuncInMap() { requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_HAP_TOKEN_FROM_REMOTE)] = &AccessTokenManagerStub::GetHapTokenInfoFromRemoteInner; - requestFuncMap_[ - static_cast(AccessTokenInterfaceCode::GET_ALL_NATIVE_TOKEN_FROM_REMOTE)] = - &AccessTokenManagerStub::GetAllNativeTokenInfoInner; requestFuncMap_[static_cast(AccessTokenInterfaceCode::SET_REMOTE_HAP_TOKEN_INFO)] = &AccessTokenManagerStub::SetRemoteHapTokenInfoInner; - requestFuncMap_[ - static_cast(AccessTokenInterfaceCode::SET_REMOTE_NATIVE_TOKEN_INFO)] = - &AccessTokenManagerStub::SetRemoteNativeTokenInfoInner; requestFuncMap_[static_cast(AccessTokenInterfaceCode::DELETE_REMOTE_TOKEN_INFO)] = &AccessTokenManagerStub::DeleteRemoteTokenInner; requestFuncMap_[static_cast(AccessTokenInterfaceCode::DELETE_REMOTE_DEVICE_TOKEN)] = diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index f03315084..b13cce7ae 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -767,33 +767,6 @@ int AccessTokenInfoManager::GetHapTokenInfoFromRemote(AccessTokenID tokenID, return ret; } -void AccessTokenInfoManager::GetAllNativeTokenInfo( - std::vector& nativeTokenInfosRes) -{ - Utils::UniqueReadGuard infoGuard(this->nativeTokenInfoLock_); - for (const auto& nativeTokenInner : nativeTokenInfoMap_) { - std::shared_ptr nativeTokenInnerPtr = nativeTokenInner.second; - if (nativeTokenInnerPtr == nullptr || nativeTokenInnerPtr->IsRemote() - || nativeTokenInnerPtr->GetDcap().empty()) { - continue; - } - NativeTokenInfoForSync token; - nativeTokenInnerPtr->TranslateToNativeTokenInfo(token.baseInfo); - - std::shared_ptr permSetPtr = - nativeTokenInnerPtr->GetNativeInfoPermissionPolicySet(); - if (permSetPtr == nullptr) { - ACCESSTOKEN_LOG_ERROR( - LABEL, "Token %{public}u permSet is invalid.", token.baseInfo.tokenID); - return; - } - permSetPtr->GetPermissionStateList(token.permStateList); - - nativeTokenInfosRes.emplace_back(token); - } - return; -} - int AccessTokenInfoManager::UpdateRemoteHapTokenInfo(AccessTokenID mapID, HapTokenInfoForSync& hapSync) { std::shared_ptr infoPtr = GetHapTokenInfoInner(mapID); @@ -900,63 +873,6 @@ int AccessTokenInfoManager::SetRemoteHapTokenInfo(const std::string& deviceID, H return RET_SUCCESS; } -int AccessTokenInfoManager::SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoList) -{ - if (!DataValidator::IsDeviceIdValid(deviceID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Device %{public}s parms invalid", ConstantCommon::EncryptDevId(deviceID).c_str()); - return AccessTokenError::ERR_PARAM_INVALID; - } - - for (NativeTokenInfoForSync& nativeToken : nativeTokenInfoList) { - AccessTokenID remoteID = nativeToken.baseInfo.tokenID; - auto encryptDevId = ConstantCommon::EncryptDevId(deviceID); - ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(remoteID); - if (!DataValidator::IsAplNumValid(nativeToken.baseInfo.apl) || - nativeToken.baseInfo.ver != DEFAULT_TOKEN_VERSION || - !DataValidator::IsProcessNameValid(nativeToken.baseInfo.processName) || - nativeToken.baseInfo.dcap.empty() || - (type != TOKEN_NATIVE && type != TOKEN_SHELL)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Device %{public}s token %{public}u is invalid.", - encryptDevId.c_str(), remoteID); - continue; - } - - AccessTokenID mapID = AccessTokenRemoteTokenManager::GetInstance().GetDeviceMappingTokenID(deviceID, remoteID); - if (mapID != 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Device %{public}s token %{public}u has maped, no need update it.", - encryptDevId.c_str(), remoteID); - continue; - } - - mapID = AccessTokenRemoteTokenManager::GetInstance().MapRemoteDeviceTokenToLocal(deviceID, remoteID); - if (mapID == 0) { - AccessTokenRemoteTokenManager::GetInstance().RemoveDeviceMappingTokenID(deviceID, mapID); - ACCESSTOKEN_LOG_ERROR(LABEL, "Device %{public}s token %{public}u map failed.", - encryptDevId.c_str(), remoteID); - continue; - } - nativeToken.baseInfo.tokenID = mapID; - ACCESSTOKEN_LOG_INFO(LABEL, "Device %{public}s token %{public}u map to local token %{public}u.", - encryptDevId.c_str(), remoteID, mapID); - - std::shared_ptr nativePtr = - std::make_shared(nativeToken.baseInfo, nativeToken.permStateList); - nativePtr->SetRemote(true); - int ret = AddNativeTokenInfo(nativePtr); - if (ret != RET_SUCCESS) { - AccessTokenRemoteTokenManager::GetInstance().RemoveDeviceMappingTokenID(deviceID, mapID); - ACCESSTOKEN_LOG_ERROR(LABEL, "Device %{public}s tokenId %{public}u add local token failed.", - encryptDevId.c_str(), remoteID); - continue; - } - ACCESSTOKEN_LOG_INFO(LABEL, "Device %{public}s token %{public}u map token %{public}u add success.", - encryptDevId.c_str(), remoteID, mapID); - } - - return RET_SUCCESS; -} - int AccessTokenInfoManager::DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) { if (!DataValidator::IsDeviceIdValid(deviceID)) { diff --git a/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp b/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp index 42feaa1cc..b3b4fce17 100644 --- a/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp +++ b/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp @@ -1135,42 +1135,6 @@ HWTEST_F(AccessTokenInfoManagerTest, CreateRemoteHapTokenInfo001, TestSize.Level AccessTokenInfoManager::GetInstance().hapTokenInfoMap_.erase(123); } -/** - * @tc.name: SetRemoteNativeTokenInfo001 - * @tc.desc: AccessTokenInfoManager::SetRemoteNativeTokenInfo function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenInfoManagerTest, SetRemoteNativeTokenInfo001, TestSize.Level1) -{ - std::string deviceID; - std::vector nativeTokenInfoList; - - ASSERT_EQ(ERR_PARAM_INVALID, AccessTokenInfoManager::GetInstance().SetRemoteNativeTokenInfo(deviceID, - nativeTokenInfoList)); // deviceID invalid - - deviceID = "dev-001"; - NativeTokenInfo info; - info.apl = ATokenAplEnum::APL_NORMAL; - info.ver = DEFAULT_TOKEN_VERSION; - info.processName = "what's this"; - info.dcap = {"what's this"}; - info.tokenID = 672137215; // 672137215 is max native tokenId: 001 01 0 000000 11111111111111111111 - NativeTokenInfoForSync sync; - sync.baseInfo = info; - nativeTokenInfoList.emplace_back(sync); - - AccessTokenRemoteDevice device; - device.DeviceID_ = deviceID; - // 672137215 is remoteID 123 is mapID - device.MappingTokenIDPairMap_.insert(std::pair(672137215, 123)); - AccessTokenRemoteTokenManager::GetInstance().remoteDeviceMap_[deviceID] = device; - - ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().SetRemoteNativeTokenInfo(deviceID, - nativeTokenInfoList)); // has maped - AccessTokenRemoteTokenManager::GetInstance().remoteDeviceMap_.erase(deviceID); -} - /** * @tc.name: DeleteRemoteToken002 * @tc.desc: AccessTokenInfoManager::DeleteRemoteToken function test diff --git a/services/accesstokenmanager/test/unittest/native_token_receptor_test.cpp b/services/accesstokenmanager/test/unittest/native_token_receptor_test.cpp index bdd478736..29db9090c 100644 --- a/services/accesstokenmanager/test/unittest/native_token_receptor_test.cpp +++ b/services/accesstokenmanager/test/unittest/native_token_receptor_test.cpp @@ -379,45 +379,6 @@ HWTEST_F(NativeTokenReceptorTest, CheckNativeDCap001, TestSize.Level1) ASSERT_EQ(ret, RET_SUCCESS); } -#ifdef TOKEN_SYNC_ENABLE -/** - * @tc.name: GetAllNativeTokenInfo001 - * @tc.desc: Verify GetAllNativeTokenInfo normal and abnormal branch - * @tc.type: FUNC - * @tc.require: Issue I5RJBB - */ -HWTEST_F(NativeTokenReceptorTest, GetAllNativeTokenInfo001, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "GetAllNativeTokenInfo001!"); - - // test nativetokenInfo = nullptr - std::vector nativeVec; - std::vector> tokenInfos; - AccessTokenInfoManager::GetInstance().GetAllNativeTokenInfo(nativeVec); - ASSERT_EQ(nativeVec.empty(), false); - - // test process one - NativeTokenInfo info = {.apl = APL_NORMAL, - .ver = 1, - .processName = "GetAllNativeTokenInfo001", - .dcap = {"AT_CAP", "ST_CAP"}, - .tokenID = 0x28100000, - .tokenAttr = 0}; - - std::vector permStateList = {}; - std::shared_ptr nativeToken = std::make_shared(info, permStateList); - tokenInfos.emplace_back(nativeToken); - AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); - AccessTokenInfoManager::GetInstance().GetAllNativeTokenInfo(nativeVec); - ASSERT_EQ(!nativeVec.empty(), true); - AccessTokenID resultTokenId = AccessTokenInfoManager::GetInstance().GetNativeTokenId("GetAllNativeTokenInfo001"); - ASSERT_EQ(resultTokenId, info.tokenID); - - int32_t ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info.tokenID); - ASSERT_EQ(ret, RET_SUCCESS); -} -#endif - static void PermStateListSet(std::vector &permStateList) { PermissionStateFull infoManagerTestState1 = { diff --git a/services/tokensyncmanager/BUILD.gn b/services/tokensyncmanager/BUILD.gn index 5eec9e56f..f5bb13fd7 100644 --- a/services/tokensyncmanager/BUILD.gn +++ b/services/tokensyncmanager/BUILD.gn @@ -66,7 +66,6 @@ if (token_sync_enable == true) { "src/command/base_remote_command.cpp", "src/command/delete_remote_token_command.cpp", "src/command/sync_remote_hap_token_command.cpp", - "src/command/sync_remote_native_token_command.cpp", "src/command/update_remote_hap_token_command.cpp", "src/common/constant.cpp", "src/device/device_info_manager.cpp", diff --git a/services/tokensyncmanager/include/command/sync_remote_native_token_command.h b/services/tokensyncmanager/include/command/sync_remote_native_token_command.h deleted file mode 100644 index 6f700fb69..000000000 --- a/services/tokensyncmanager/include/command/sync_remote_native_token_command.h +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef SYNC_REMOTE_NATIVE_TOKEN_COMMAND_H -#define SYNC_REMOTE_NATIVE_TOKEN_COMMAND_H - -#include -#include - -#include "base_remote_command.h" -#include "native_token_info.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -/** - * Command which used to get all native token info from other device. - */ -class SyncRemoteNativeTokenCommand : public BaseRemoteCommand { -public: - void Prepare() override; - - void Execute() override; - - void Finish() override; - - std::string ToJsonPayload() override; - - explicit SyncRemoteNativeTokenCommand(const std::string &json); - SyncRemoteNativeTokenCommand(const std::string &srcDeviceId, const std::string &dstDeviceId); - virtual ~SyncRemoteNativeTokenCommand() override = default; - -private: - /** - * The command name. Should be equal to class name. - */ - const std::string COMMAND_NAME = "SyncRemoteNativeTokenCommand"; - std::vector nativeTokenInfo_; -}; -} // namespace AccessToken -} // namespace Security -} // namespace OHOS -#endif diff --git a/services/tokensyncmanager/include/remote/remote_command_factory.h b/services/tokensyncmanager/include/remote/remote_command_factory.h index f9967cc20..5c88b41fa 100644 --- a/services/tokensyncmanager/include/remote/remote_command_factory.h +++ b/services/tokensyncmanager/include/remote/remote_command_factory.h @@ -24,7 +24,6 @@ #include "delete_remote_token_command.h" #include "hap_token_info.h" #include "sync_remote_hap_token_command.h" -#include "sync_remote_native_token_command.h" #include "update_remote_hap_token_command.h" namespace OHOS { @@ -43,9 +42,6 @@ public: std::shared_ptr NewUpdateRemoteHapTokenCommand(const std::string &srcDeviceId, const std::string &dstDeviceId, const HapTokenInfoForSync& tokenInfo); - std::shared_ptr NewSyncRemoteNativeTokenCommand(const std::string &srcDeviceId, - const std::string &dstDeviceId); - std::shared_ptr NewRemoteCommandFromJson( const std::string &commandName, const std::string &commandJsonString); diff --git a/services/tokensyncmanager/src/command/sync_remote_native_token_command.cpp b/services/tokensyncmanager/src/command/sync_remote_native_token_command.cpp deleted file mode 100644 index 72edd4f0e..000000000 --- a/services/tokensyncmanager/src/command/sync_remote_native_token_command.cpp +++ /dev/null @@ -1,126 +0,0 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "sync_remote_native_token_command.h" - -#include "accesstoken_kit.h" -#include "accesstoken_log.h" -#include "access_token_error.h" -#include "base_remote_command.h" -#include "constant_common.h" -#include "device_info_manager.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, - SECURITY_DOMAIN_ACCESSTOKEN, "SyncRemoteNativeTokenCommand"}; -} - -SyncRemoteNativeTokenCommand::SyncRemoteNativeTokenCommand( - const std::string &srcDeviceId, const std::string &dstDeviceId) -{ - remoteProtocol_.commandName = COMMAND_NAME; - remoteProtocol_.uniqueId = COMMAND_NAME; - remoteProtocol_.srcDeviceId = srcDeviceId; - remoteProtocol_.dstDeviceId = dstDeviceId; - remoteProtocol_.responseVersion = Constant::DISTRIBUTED_ACCESS_TOKEN_SERVICE_VERSION; - remoteProtocol_.requestVersion = Constant::DISTRIBUTED_ACCESS_TOKEN_SERVICE_VERSION; -} - -SyncRemoteNativeTokenCommand::SyncRemoteNativeTokenCommand(const std::string &json) -{ - nlohmann::json jsonObject = nlohmann::json::parse(json, nullptr, false); - if (jsonObject.is_discarded()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "JsonObject is invalid."); - return; - } - BaseRemoteCommand::FromRemoteProtocolJson(jsonObject); - - if (jsonObject.find("NativeTokenInfos") != jsonObject.end() && jsonObject.at("NativeTokenInfos").is_array()) { - nlohmann::json nativeTokenListJson = jsonObject.at("NativeTokenInfos"); - for (const auto& tokenJson : nativeTokenListJson) { - NativeTokenInfoForSync token; - BaseRemoteCommand::FromNativeTokenInfoJson(tokenJson, token); - nativeTokenInfo_.emplace_back(token); - } - } -} - -std::string SyncRemoteNativeTokenCommand::ToJsonPayload() -{ - nlohmann::json j = BaseRemoteCommand::ToRemoteProtocolJson(); - nlohmann::json nativeTokensJson; - for (const auto& token : nativeTokenInfo_) { - nlohmann::json tokenJson = BaseRemoteCommand::ToNativeTokenInfoJson(token); - nativeTokensJson.emplace_back(tokenJson); - } - j["NativeTokenInfos"] = nativeTokensJson; - return j.dump(); -} - -void SyncRemoteNativeTokenCommand::Prepare() -{ - remoteProtocol_.statusCode = Constant::SUCCESS; - remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS; - ACCESSTOKEN_LOG_DEBUG(LABEL, "End as: SyncRemoteNativeTokenCommand"); -} - -void SyncRemoteNativeTokenCommand::Execute() -{ - ACCESSTOKEN_LOG_INFO(LABEL, "Execute: start as: SyncRemoteNativeTokenCommand"); - remoteProtocol_.responseDeviceId = ConstantCommon::GetLocalDeviceId(); - remoteProtocol_.responseVersion = Constant::DISTRIBUTED_ACCESS_TOKEN_SERVICE_VERSION; - - int ret = AccessTokenKit::GetAllNativeTokenInfo(nativeTokenInfo_); - if (ret != RET_SUCCESS) { - remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY; - remoteProtocol_.message = Constant::COMMAND_RESULT_FAILED; - } else { - remoteProtocol_.statusCode = Constant::SUCCESS; - remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS; - } - - ACCESSTOKEN_LOG_INFO(LABEL, "Execute: end as: SyncRemoteNativeTokenCommand"); -} - -void SyncRemoteNativeTokenCommand::Finish() -{ - if (remoteProtocol_.statusCode != Constant::SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Finish: end as: SyncRemoteHapTokenCommand get remote result error."); - return; - } - - DeviceInfo devInfo; - bool result = DeviceInfoManager::GetInstance().GetDeviceInfo(remoteProtocol_.dstDeviceId, - DeviceIdType::UNKNOWN, devInfo); - if (!result) { - ACCESSTOKEN_LOG_ERROR(LABEL, "SyncRemoteNativeTokenCommand: get remote uniqueDeviceId failed"); - remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY; - return; - } - int ret = AccessTokenKit::SetRemoteNativeTokenInfo(devInfo.deviceId.uniqueDeviceId, nativeTokenInfo_); - if (ret == RET_SUCCESS) { - remoteProtocol_.statusCode = Constant::SUCCESS; - } else { - remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY; - } - ACCESSTOKEN_LOG_INFO(LABEL, "Finish: end as: SyncRemoteNativeTokenCommand ret %{public}d", ret); -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS - diff --git a/services/tokensyncmanager/src/remote/remote_command_factory.cpp b/services/tokensyncmanager/src/remote/remote_command_factory.cpp index 31a0ced8e..67db3cc0f 100644 --- a/services/tokensyncmanager/src/remote/remote_command_factory.cpp +++ b/services/tokensyncmanager/src/remote/remote_command_factory.cpp @@ -54,19 +54,12 @@ std::shared_ptr RemoteCommandFactory::NewUpdateRemo return std::make_shared(srcDeviceId, dstDeviceId, tokenInfo); } -std::shared_ptr RemoteCommandFactory::NewSyncRemoteNativeTokenCommand( - const std::string &srcDeviceId, const std::string &dstDeviceId) -{ - return std::make_shared(srcDeviceId, dstDeviceId); -} - std::shared_ptr RemoteCommandFactory::NewRemoteCommandFromJson( const std::string &commandName, const std::string &commandJsonString) { const std::string SYNC_HAP_COMMAND_NAME = "SyncRemoteHapTokenCommand"; const std::string DELETE_TOKEN_COMMAND_NAME = "DeleteRemoteTokenCommand"; const std::string UPDATE_HAP_COMMAND_NAME = "UpdateRemoteHapTokenCommand"; - const std::string SYNC_NATIVE_COMMAND_NAME = "SyncRemoteNativeTokenCommand"; if (commandName == SYNC_HAP_COMMAND_NAME) { return std::make_shared(commandJsonString); @@ -77,9 +70,6 @@ std::shared_ptr RemoteCommandFactory::NewRemoteCommandFromJso if (commandName == UPDATE_HAP_COMMAND_NAME) { return std::make_shared(commandJsonString); } - if (commandName == SYNC_NATIVE_COMMAND_NAME) { - return std::make_shared(commandJsonString); - } return nullptr; } } // namespace AccessToken diff --git a/services/tokensyncmanager/src/remote/remote_command_manager.cpp b/services/tokensyncmanager/src/remote/remote_command_manager.cpp index 149b0370c..6641c8d5b 100644 --- a/services/tokensyncmanager/src/remote/remote_command_manager.cpp +++ b/services/tokensyncmanager/src/remote/remote_command_manager.cpp @@ -19,7 +19,6 @@ #include "access_event_handler.h" #endif #include "device_info_manager.h" -#include "sync_remote_native_token_command.h" #include "remote_command_factory.h" #include "token_sync_manager_service.h" #include "accesstoken_kit.h" diff --git a/services/tokensyncmanager/test/coverage/BUILD.gn b/services/tokensyncmanager/test/coverage/BUILD.gn index beaa58cf0..546617560 100644 --- a/services/tokensyncmanager/test/coverage/BUILD.gn +++ b/services/tokensyncmanager/test/coverage/BUILD.gn @@ -29,7 +29,6 @@ ohos_unittest("libtoken_sync_service_coverage_test") { "../../src/command/base_remote_command.cpp", "../../src/command/delete_remote_token_command.cpp", "../../src/command/sync_remote_hap_token_command.cpp", - "../../src/command/sync_remote_native_token_command.cpp", "../../src/command/update_remote_hap_token_command.cpp", "../../src/device/device_info_manager.cpp", "../../src/device/device_info_repository.cpp", diff --git a/services/tokensyncmanager/test/unittest/BUILD.gn b/services/tokensyncmanager/test/unittest/BUILD.gn index 692949315..a8f0cf4e6 100644 --- a/services/tokensyncmanager/test/unittest/BUILD.gn +++ b/services/tokensyncmanager/test/unittest/BUILD.gn @@ -29,7 +29,6 @@ ohos_unittest("libtoken_sync_service_standard_test") { "../../src/command/base_remote_command.cpp", "../../src/command/delete_remote_token_command.cpp", "../../src/command/sync_remote_hap_token_command.cpp", - "../../src/command/sync_remote_native_token_command.cpp", "../../src/command/update_remote_hap_token_command.cpp", "../../src/device/device_info_manager.cpp", "../../src/device/device_info_repository.cpp", diff --git a/services/tokensyncmanager/test/unittest/token_sync_service_test.cpp b/services/tokensyncmanager/test/unittest/token_sync_service_test.cpp index f8b493ef4..85a82fec7 100644 --- a/services/tokensyncmanager/test/unittest/token_sync_service_test.cpp +++ b/services/tokensyncmanager/test/unittest/token_sync_service_test.cpp @@ -860,166 +860,6 @@ HWTEST_F(TokenSyncServiceTest, GetRemoteHapTokenInfo008, TestSize.Level1) ASSERT_EQ(mapID, static_cast(0)); } -/** - * @tc.name: SyncNativeTokens001 - * @tc.desc: when device is online, sync remote nativetoken which has no dcaps - * @tc.type: FUNC - * @tc.require:AR000GK6T6 - */ -HWTEST_F(TokenSyncServiceTest, SyncNativeTokens001, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "SyncNativeTokens001 start."); - g_jsonBefore = "{\"commandName\":\"SyncRemoteNativeTokenCommand\", \"id\":\""; - // 0x28000001 token has no dcaps - g_jsonAfter = - "\",\"jsonPayload\":\"{\\\"NativeTokenInfos\\\":[{\\\"apl\\\":3,\\\"processName\\\":\\\"attest\\\"," - "\\\"tokenAttr\\\":0,\\\"tokenId\\\":671088640,\\\"version\\\":1," - "\\\"dcaps\\\":[\\\"SYSDCAP\\\",\\\"DMSDCAP\\\"]}," - "{\\\"apl\\\":3,\\\"processName\\\":\\\"attest1\\\",\\\"tokenAttr\\\":0,\\\"tokenId\\\":671088641," - "\\\"version\\\":1,\\\"dcaps\\\":[]}]," - "\\\"commandName\\\":\\\"SyncRemoteNativeTokenCommand\\\"," - "\\\"dstDeviceId\\\":\\\"deviceid-1\\\",\\\"dstDeviceLevel\\\":\\\"\\\",\\\"message\\\":\\\"success\\\"," - "\\\"requestVersion\\\":2,\\\"responseDeviceId\\\":\\\"deviceid-1:udid-001\\\"," - "\\\"responseVersion\\\":2,\\\"srcDeviceId\\\":\\\"local:udid-001\\\"," - "\\\"srcDeviceLevel\\\":\\\"\\\",\\\"statusCode\\\":0,\\\"uniqueId\\\":\\\"SyncRemoteNativeTokenCommand\\\"}\"," - "\"type\":\"response\"}"; - - g_ptrDeviceStateCallback->OnDeviceOnline(g_devInfo); - sleep(3); - - ResetSendMessFlagMock(); - threads_.emplace_back(std::thread(SendTaskThread)); - sleep(6); - - AccessTokenID mapID = AccessTokenKit::GetRemoteNativeTokenID(g_udid, 0x28000000); - ASSERT_EQ(mapID, static_cast(0)); - int ret = AccessTokenKit::CheckNativeDCap(mapID, "SYSDCAP"); - ASSERT_EQ(ret, AccessTokenError::ERR_PARAM_INVALID); - ret = AccessTokenKit::CheckNativeDCap(mapID, "DMSDCAP"); - ASSERT_EQ(ret, AccessTokenError::ERR_PARAM_INVALID); - - mapID = AccessTokenKit::GetRemoteNativeTokenID(g_udid, 0x28000001); - ASSERT_EQ(mapID, static_cast(0)); -} - -/** - * @tc.name: SyncNativeTokens002 - * @tc.desc: when device is online, sync remote nativetokens status failed - * @tc.type: FUNC - * @tc.require:AR000GK6T6 - */ -HWTEST_F(TokenSyncServiceTest, SyncNativeTokens002, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "SyncNativeTokens002 start."); - g_jsonBefore = "{\"commandName\":\"SyncRemoteNativeTokenCommand\", \"id\":\""; - g_jsonAfter = - "\",\"jsonPayload\":\"{\\\"NativeTokenInfos\\\":[{\\\"apl\\\":3,\\\"processName\\\":\\\"attest\\\"," - "\\\"tokenAttr\\\":0,\\\"tokenId\\\":671088640,\\\"version\\\":1," - "\\\"dcaps\\\":[\\\"SYSDCAP\\\",\\\"DMSDCAP\\\"]}," - "{\\\"apl\\\":3,\\\"processName\\\":\\\"attest1\\\",\\\"tokenAttr\\\":0,\\\"tokenId\\\":671088641," - "\\\"version\\\":1,\\\"dcaps\\\":[\\\"SYSDCAP\\\",\\\"DMSDCAP\\\"]}]," - "\\\"commandName\\\":\\\"SyncRemoteNativeTokenCommand\\\"," - "\\\"dstDeviceId\\\":\\\"deviceid-1\\\",\\\"dstDeviceLevel\\\":\\\"\\\",\\\"message\\\":\\\"success\\\"," - "\\\"requestVersion\\\":2,\\\"responseDeviceId\\\":\\\"deviceid-1:udid-001\\\"," - "\\\"responseVersion\\\":2,\\\"srcDeviceId\\\":\\\"local:udid-001\\\"," - "\\\"srcDeviceLevel\\\":\\\"\\\",\\\"statusCode\\\":-2," - "\\\"uniqueId\\\":\\\"SyncRemoteNativeTokenCommand\\\"}\",\"type\":\"response\"}"; - - - threads_.emplace_back(std::thread(SendTaskThread)); - g_ptrDeviceStateCallback->OnDeviceOnline(g_devInfo); - - sleep(6); - - AccessTokenID mapID = AccessTokenKit::GetRemoteNativeTokenID(g_udid, 0x28000000); - ASSERT_EQ(mapID, static_cast(0)); - - mapID = AccessTokenKit::GetRemoteNativeTokenID(g_udid, 0x28000001); - ASSERT_EQ(mapID, static_cast(0)); -} - -/** - * @tc.name: SyncNativeTokens003 - * @tc.desc: when device is online, sync remote nativetokens which parameter is wrong - * @tc.type: FUNC - * @tc.require:AR000GK6T6 - */ -HWTEST_F(TokenSyncServiceTest, SyncNativeTokens003, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "SyncNativeTokens003 start."); - g_jsonBefore = "{\"commandName\":\"SyncRemoteNativeTokenCommand\", \"id\":\""; - // apl is error - g_jsonAfter = - "\",\"jsonPayload\":\"{\\\"NativeTokenInfos\\\":[{\\\"apl\\\":11,\\\"processName\\\":\\\"attest\\\"," - "\\\"tokenAttr\\\":0,\\\"tokenId\\\":671088640,\\\"version\\\":1," - "\\\"dcaps\\\":[\\\"SYSDCAP\\\",\\\"DMSDCAP\\\"]}," - "{\\\"apl\\\":11,\\\"processName\\\":\\\"attest1\\\",\\\"tokenAttr\\\":0,\\\"tokenId\\\":671088641," - "\\\"version\\\":1,\\\"dcaps\\\":[\\\"SYSDCAP\\\",\\\"DMSDCAP\\\"]}]," - "\\\"commandName\\\":\\\"SyncRemoteNativeTokenCommand\\\"," - "\\\"dstDeviceId\\\":\\\"deviceid-1\\\",\\\"dstDeviceLevel\\\":\\\"\\\",\\\"message\\\":\\\"success\\\"," - "\\\"requestVersion\\\":2,\\\"responseDeviceId\\\":\\\"deviceid-1:udid-001\\\"," - "\\\"responseVersion\\\":2,\\\"srcDeviceId\\\":\\\"local:udid-001\\\"," - "\\\"srcDeviceLevel\\\":\\\"\\\",\\\"statusCode\\\":0,\\\"uniqueId\\\":\\\"SyncRemoteNativeTokenCommand\\\"}\"," - "\"type\":\"response\"}"; - - threads_.emplace_back(std::thread(SendTaskThread)); - - g_ptrDeviceStateCallback->OnDeviceOnline(g_devInfo); - - sleep(6); - - AccessTokenID mapID = AccessTokenKit::GetRemoteNativeTokenID(g_udid, 0x28000000); - ASSERT_EQ(mapID, static_cast(0)); - - mapID = AccessTokenKit::GetRemoteNativeTokenID(g_udid, 0x28000001); - ASSERT_EQ(mapID, static_cast(0)); -} - -/** - * @tc.name: SyncNativeTokens004 - * @tc.desc: test remote hap recv func - * @tc.type: FUNC - * @tc.require:AR000GK6T5 - */ -HWTEST_F(TokenSyncServiceTest, SyncNativeTokens004, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "SyncNativeTokens004 start."); - - ResetUuidMock(); - - std::string recvJson = - "{\"commandName\":\"SyncRemoteNativeTokenCommand\",\"id\":\"ec23cd2d-\",\"jsonPayload\":" - "\"{\\\"NativeTokenInfos\\\":null,\\\"commandName\\\":\\\"SyncRemoteNativeTokenCommand\\\"," - "\\\"dstDeviceId\\\":\\\"local:udid-001\\\",\\\"dstDeviceLevel\\\":\\\"\\\",\\\"message\\\":\\\"success\\\"," - "\\\"requestTokenId\\\":,\\\"requestVersion\\\":2,\\\"responseDeviceId\\\":\\\"\\\",\\\"responseVersion\\\":2," - "\\\"srcDeviceId\\\":\\\"deviceid-1\\\",\\\"srcDeviceLevel\\\":\\\"\\\",\\\"statusCode\\\":100001," - "\\\"uniqueId\\\":\\\"SyncRemoteNativeTokenCommand\\\"}\",\"type\":\"request\"}"; - - unsigned char *recvBuffer = (unsigned char *)malloc(0x1000); - int recvLen = 0x1000; - CompressMock(recvJson, recvBuffer, recvLen); - - ResetSendMessFlagMock(); - g_ptrDeviceStateCallback->OnDeviceOnline(g_devInfo); - char networkId[DEVICEID_MAX_LEN + 1]; - strcpy_s(networkId, DEVICEID_MAX_LEN, "deviceid-1:udid-001"); - - PeerSocketInfo info = { - .networkId = networkId, - }; - SoftBusSocketListener::OnBind(1, info); - SoftBusSocketListener::OnClientBytes(1, recvBuffer, recvLen); - int count = 0; - while (!GetSendMessFlagMock() && count < MAX_RETRY_TIMES) { - sleep(1); - count++; - } - free(recvBuffer); - - std::string uuidMessage = GetUuidMock(); - ASSERT_EQ(uuidMessage, "ec23cd2d-"); -} - /** * @tc.name: DeleteRemoteTokenCommand001 * @tc.desc: test delete remote token command @@ -1049,34 +889,6 @@ HWTEST_F(TokenSyncServiceTest, DeleteRemoteTokenCommand001, TestSize.Level1) ASSERT_EQ(deleteRemoteTokenCommand->remoteProtocol_.statusCode, Constant::SUCCESS); } -/** - * @tc.name: NewSyncRemoteNativeTokenCommand001 - * @tc.desc: test delete remote token command - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(TokenSyncServiceTest, NewSyncRemoteNativeTokenCommand001, TestSize.Level1) -{ - std::string srcDeviceId = "001"; - std::string dstDeviceId = "002"; - std::shared_ptr nativeTokenCommand = - RemoteCommandFactory::GetInstance().NewSyncRemoteNativeTokenCommand(srcDeviceId, dstDeviceId); - ASSERT_EQ(nativeTokenCommand->remoteProtocol_.commandName, "SyncRemoteNativeTokenCommand"); - ASSERT_EQ(nativeTokenCommand->remoteProtocol_.uniqueId, "SyncRemoteNativeTokenCommand"); - ASSERT_EQ(nativeTokenCommand->remoteProtocol_.srcDeviceId, srcDeviceId); - ASSERT_EQ(nativeTokenCommand->remoteProtocol_.dstDeviceId, dstDeviceId); - ASSERT_EQ( - // 2 is DISTRIBUTED_ACCESS_TOKEN_SERVICE_VERSION - nativeTokenCommand->remoteProtocol_.responseVersion, 2); - ASSERT_EQ( - // 2 is DISTRIBUTED_ACCESS_TOKEN_SERVICE_VERSION - nativeTokenCommand->remoteProtocol_.requestVersion, 2); - nativeTokenCommand->Finish(); - nativeTokenCommand->Prepare(); - ASSERT_EQ(nativeTokenCommand->remoteProtocol_.statusCode, Constant::SUCCESS); - nativeTokenCommand->Finish(); -} - /** * @tc.name: NewUpdateRemoteHapTokenCommand001 * @tc.desc: test delete remote token command diff --git a/test/fuzztest/innerkits/accesstoken/BUILD.gn b/test/fuzztest/innerkits/accesstoken/BUILD.gn index 8500530be..31a4a4ba8 100644 --- a/test/fuzztest/innerkits/accesstoken/BUILD.gn +++ b/test/fuzztest/innerkits/accesstoken/BUILD.gn @@ -26,7 +26,6 @@ group("fuzztest") { "deleteremotetoken_fuzzer:DeleteRemoteTokenFuzzTest", "deletetoken_fuzzer:DeleteTokenFuzzTest", "dumptokeninfo_fuzzer:DumpTokenInfoFuzzTest", - "getallnativetokeninfo_fuzzer:GetAllNativeTokenInfoFuzzTest", "getdefpermission_fuzzer:GetDefPermissionFuzzTest", "getdefpermissions_fuzzer:GetDefPermissionsFuzzTest", "gethapdlpflag_fuzzer:GetHapDlpFlagFuzzTest", @@ -55,7 +54,6 @@ group("fuzztest") { "setpermdialogcap_fuzzer:SetPermDialogCapFuzzTest", "setpermissionrequesttogglestatus_fuzzer:SetPermissionRequestToggleStatusFuzzTest", "setremotehaptokeninfo_fuzzer:SetRemoteHapTokenInfoFuzzTest", - "setremotenativetokeninfo_fuzzer:SetRemoteNativeTokenInfoFuzzTest", "unregisterpermstatechangecallback_fuzzer:UnRegisterPermStateChangeCallbackFuzzTest", "unregistertokensynccallback_fuzzer:UnRegisterTokenSyncCallbackFuzzTest", "updatehaptoken_fuzzer:UpdateHapTokenFuzzTest", diff --git a/test/fuzztest/innerkits/accesstoken/getallnativetokeninfo_fuzzer/BUILD.gn b/test/fuzztest/innerkits/accesstoken/getallnativetokeninfo_fuzzer/BUILD.gn deleted file mode 100644 index 1362287d3..000000000 --- a/test/fuzztest/innerkits/accesstoken/getallnativetokeninfo_fuzzer/BUILD.gn +++ /dev/null @@ -1,45 +0,0 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import("//build/config/features.gni") -import("//build/test.gni") -import("../../../../../access_token.gni") - -ohos_fuzztest("GetAllNativeTokenInfoFuzzTest") { - module_out_path = module_output_path_interface_access_token - fuzz_config_file = "." - include_dirs = - [ "${access_token_path}/interfaces/innerkits/accesstoken/include" ] - cflags = [ - "-g", - "-O0", - "-Wno-unused-variable", - "-fno-omit-frame-pointer", - ] - sources = [ "getallnativetokeninfo_fuzzer.cpp" ] - - deps = [ - "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", - ] - - if (token_sync_enable == true) { - cflags_cc = [ "-DTOKEN_SYNC_ENABLE" ] - } - - configs = [ "${access_token_path}/config:coverage_flags" ] - - external_deps = [ - "c_utils:utils", - "hilog:libhilog", - ] -} diff --git a/test/fuzztest/innerkits/accesstoken/getallnativetokeninfo_fuzzer/corpus/init b/test/fuzztest/innerkits/accesstoken/getallnativetokeninfo_fuzzer/corpus/init deleted file mode 100644 index e7c3fecd8..000000000 --- a/test/fuzztest/innerkits/accesstoken/getallnativetokeninfo_fuzzer/corpus/init +++ /dev/null @@ -1,14 +0,0 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -FUZZ \ No newline at end of file diff --git a/test/fuzztest/innerkits/accesstoken/getallnativetokeninfo_fuzzer/getallnativetokeninfo_fuzzer.cpp b/test/fuzztest/innerkits/accesstoken/getallnativetokeninfo_fuzzer/getallnativetokeninfo_fuzzer.cpp deleted file mode 100644 index 34c21f062..000000000 --- a/test/fuzztest/innerkits/accesstoken/getallnativetokeninfo_fuzzer/getallnativetokeninfo_fuzzer.cpp +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright (c) 2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "getallnativetokeninfo_fuzzer.h" - -#include -#include -#include -#undef private -#include "accesstoken_kit.h" - -using namespace std; -using namespace OHOS::Security::AccessToken; - -namespace OHOS { -bool GetAllNativeTokenInfoFuzzTest(const uint8_t* data, size_t size) -{ -#ifdef TOKEN_SYNC_ENABLE - - std::vector nativeTokenInfosRes; - int32_t result = AccessTokenKit::GetAllNativeTokenInfo(nativeTokenInfosRes); - return result == RET_SUCCESS; -#else - return true; -#endif -} -} - -/* Fuzzer entry point */ -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) -{ - /* Run your code on data */ - OHOS::GetAllNativeTokenInfoFuzzTest(data, size); - return 0; -} - diff --git a/test/fuzztest/innerkits/accesstoken/getallnativetokeninfo_fuzzer/getallnativetokeninfo_fuzzer.h b/test/fuzztest/innerkits/accesstoken/getallnativetokeninfo_fuzzer/getallnativetokeninfo_fuzzer.h deleted file mode 100644 index 1ab5bb2f4..000000000 --- a/test/fuzztest/innerkits/accesstoken/getallnativetokeninfo_fuzzer/getallnativetokeninfo_fuzzer.h +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright (c) 2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef TEST_FUZZTEST_DELETEREMOTETOKEN_FUZZER_H -#define TEST_FUZZTEST_DELETEREMOTETOKEN_FUZZER_H - -#define FUZZ_PROJECT_NAME "deleteremotetoken_fuzzer" - -#endif // TEST_FUZZTEST_DELETEREMOTETOKEN_FUZZER_H diff --git a/test/fuzztest/innerkits/accesstoken/getallnativetokeninfo_fuzzer/project.xml b/test/fuzztest/innerkits/accesstoken/getallnativetokeninfo_fuzzer/project.xml deleted file mode 100644 index 7133b2b92..000000000 --- a/test/fuzztest/innerkits/accesstoken/getallnativetokeninfo_fuzzer/project.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - - - - 1000 - - 300 - - 4096 - - diff --git a/test/fuzztest/innerkits/accesstoken/setremotenativetokeninfo_fuzzer/BUILD.gn b/test/fuzztest/innerkits/accesstoken/setremotenativetokeninfo_fuzzer/BUILD.gn deleted file mode 100644 index 52fe8d49e..000000000 --- a/test/fuzztest/innerkits/accesstoken/setremotenativetokeninfo_fuzzer/BUILD.gn +++ /dev/null @@ -1,47 +0,0 @@ -# Copyright (c) 2022-2024 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import("//build/config/features.gni") -import("//build/test.gni") -import("../../../../../access_token.gni") - -ohos_fuzztest("SetRemoteNativeTokenInfoFuzzTest") { - module_out_path = module_output_path_interface_access_token - fuzz_config_file = "." - include_dirs = [ - "${access_token_path}/interfaces/innerkits/accesstoken/include", - "${access_token_path}/test/fuzztest/common", - ] - cflags = [ - "-g", - "-O0", - "-Wno-unused-variable", - "-fno-omit-frame-pointer", - ] - sources = [ "setremotenativetokeninfo_fuzzer.cpp" ] - - deps = [ - "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", - ] - - if (token_sync_enable == true) { - cflags_cc = [ "-DTOKEN_SYNC_ENABLE" ] - } - - configs = [ "${access_token_path}/config:coverage_flags" ] - - external_deps = [ - "c_utils:utils", - "hilog:libhilog", - ] -} diff --git a/test/fuzztest/innerkits/accesstoken/setremotenativetokeninfo_fuzzer/corpus/init b/test/fuzztest/innerkits/accesstoken/setremotenativetokeninfo_fuzzer/corpus/init deleted file mode 100644 index bc977bd97..000000000 --- a/test/fuzztest/innerkits/accesstoken/setremotenativetokeninfo_fuzzer/corpus/init +++ /dev/null @@ -1,14 +0,0 @@ -# Copyright (c) 2022 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -FUZZ \ No newline at end of file diff --git a/test/fuzztest/innerkits/accesstoken/setremotenativetokeninfo_fuzzer/project.xml b/test/fuzztest/innerkits/accesstoken/setremotenativetokeninfo_fuzzer/project.xml deleted file mode 100644 index 6e8ad2cfd..000000000 --- a/test/fuzztest/innerkits/accesstoken/setremotenativetokeninfo_fuzzer/project.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - - - - 1000 - - 300 - - 4096 - - diff --git a/test/fuzztest/innerkits/accesstoken/setremotenativetokeninfo_fuzzer/setremotenativetokeninfo_fuzzer.cpp b/test/fuzztest/innerkits/accesstoken/setremotenativetokeninfo_fuzzer/setremotenativetokeninfo_fuzzer.cpp deleted file mode 100644 index 2f455549a..000000000 --- a/test/fuzztest/innerkits/accesstoken/setremotenativetokeninfo_fuzzer/setremotenativetokeninfo_fuzzer.cpp +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright (c) 2022-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "setremotenativetokeninfo_fuzzer.h" - -#include -#include -#include -#include "accesstoken_fuzzdata.h" -#undef private -#include "accesstoken_kit.h" - -using namespace std; -using namespace OHOS::Security::AccessToken; - -namespace OHOS { - bool SetRemoteNativeTokenInfoFuzzTest(const uint8_t* data, size_t size) - { -#ifdef TOKEN_SYNC_ENABLE - if ((data == nullptr) || (size == 0)) { - return false; - } - - AccessTokenFuzzData fuzzData(data, size); - NativeTokenInfoForSync native1 = { - .baseInfo.apl = APL_NORMAL, - .baseInfo.ver = 1, - .baseInfo.processName = fuzzData.GenerateRandomString(), - .baseInfo.dcap = {fuzzData.GenerateRandomString(), fuzzData.GenerateRandomString()}, - .baseInfo.tokenID = fuzzData.GetData(), - .baseInfo.tokenAttr = 0, - .baseInfo.nativeAcls = {fuzzData.GenerateRandomString()}, - }; - - std::vector nativeTokenInfoList; - nativeTokenInfoList.emplace_back(native1); - - int32_t result = AccessTokenKit::SetRemoteNativeTokenInfo(fuzzData.GenerateRandomString(), nativeTokenInfoList); - return result == RET_SUCCESS; -#else - return true; -#endif - } -} - -/* Fuzzer entry point */ -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) -{ - /* Run your code on data */ - OHOS::SetRemoteNativeTokenInfoFuzzTest(data, size); - return 0; -} diff --git a/test/fuzztest/innerkits/accesstoken/setremotenativetokeninfo_fuzzer/setremotenativetokeninfo_fuzzer.h b/test/fuzztest/innerkits/accesstoken/setremotenativetokeninfo_fuzzer/setremotenativetokeninfo_fuzzer.h deleted file mode 100644 index 4c681fd78..000000000 --- a/test/fuzztest/innerkits/accesstoken/setremotenativetokeninfo_fuzzer/setremotenativetokeninfo_fuzzer.h +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef TEST_FUZZTEST_SETREMOTENATIVETOKENINFO_FUZZER_H -#define TEST_FUZZTEST_SETREMOTENATIVETOKENINFO_FUZZER_H - -#define FUZZ_PROJECT_NAME "setremotenativetokeninfo_fuzzer" - -#endif // TEST_FUZZTEST_SETREMOTENATIVETOKENINFO_FUZZER_H diff --git a/test/fuzztest/services/accesstoken/BUILD.gn b/test/fuzztest/services/accesstoken/BUILD.gn index aa0d07bff..97772af43 100644 --- a/test/fuzztest/services/accesstoken/BUILD.gn +++ b/test/fuzztest/services/accesstoken/BUILD.gn @@ -24,7 +24,6 @@ group("fuzztest") { "deleteremotetokenstub_fuzzer:DeleteRemoteTokenStubFuzzTest", "deletetokenstub_fuzzer:DeleteTokenStubFuzzTest", "dumptokeninfostub_fuzzer:DumpTokenInfoStubFuzzTest", - "getallnativetokeninfostub_fuzzer:GetAllNativeTokenInfoStubFuzzTest", "getdefpermissionsstub_fuzzer:GetDefPermissionsStubFuzzTest", "getdefpermissionstub_fuzzer:GetDefPermissionStubFuzzTest", "gethaptokenidstub_fuzzer:GetHapTokenIDStubFuzzTest", @@ -50,7 +49,6 @@ group("fuzztest") { "setpermdialogcap_fuzzer:SetPermDialogCapFuzzTest", "setpermissionrequesttogglestatusstub_fuzzer:SetPermissionRequestToggleStatusStubFuzzTest", "setremotehaptokeninfostub_fuzzer:SetRemoteHapTokenInfoStubFuzzTest", - "setremotenativetokeninfostub_fuzzer:SetRemoteNativeTokenInfoStubFuzzTest", "unregisterpermstatechangecallbackstub_fuzzer:UnRegisterPermStateChangeCallbackStubFuzzTest", "updatehaptokenstub_fuzzer:UpdateHapTokenStubFuzzTest", "verifyaccesstokenstub_fuzzer:VerifyAccessTokenStubFuzzTest", diff --git a/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni b/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni index 734549f3a..656f633ee 100644 --- a/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni +++ b/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni @@ -108,7 +108,6 @@ token_sync_sources = [ "${access_token_path}/services/tokensyncmanager/src/command/base_remote_command.cpp", "${access_token_path}/services/tokensyncmanager/src/command/delete_remote_token_command.cpp", "${access_token_path}/services/tokensyncmanager/src/command/sync_remote_hap_token_command.cpp", - "${access_token_path}/services/tokensyncmanager/src/command/sync_remote_native_token_command.cpp", "${access_token_path}/services/tokensyncmanager/src/command/update_remote_hap_token_command.cpp", "${access_token_path}/services/tokensyncmanager/src/common/constant.cpp", "${access_token_path}/services/tokensyncmanager/src/device/device_info_manager.cpp", diff --git a/test/fuzztest/services/accesstoken/getallnativetokeninfostub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getallnativetokeninfostub_fuzzer/BUILD.gn deleted file mode 100644 index 82a680291..000000000 --- a/test/fuzztest/services/accesstoken/getallnativetokeninfostub_fuzzer/BUILD.gn +++ /dev/null @@ -1,48 +0,0 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import("//build/config/features.gni") -import("//build/test.gni") -import("../../../../../access_token.gni") -import("../access_token_service_fuzz.gni") - -ohos_fuzztest("GetAllNativeTokenInfoStubFuzzTest") { - module_out_path = module_output_path_service_access_token - fuzz_config_file = "." - - sources = [ "getallnativetokeninfostub_fuzzer.cpp" ] - - cflags = [ - "-g", - "-O0", - "-Wno-unused-variable", - "-fno-omit-frame-pointer", - ] - - include_dirs = access_token_include_dirs - - deps = access_token_deps - - configs = [ "${access_token_path}/config:coverage_flags" ] - - external_deps = access_token_external_deps - external_deps += [ "openssl:libcrypto_shared" ] - - include_dirs += access_token_impl_include_dirs - - cflags_cc = access_token_cflags_cc - - sources += access_token_sources - - sources += access_token_impl_sources -} diff --git a/test/fuzztest/services/accesstoken/getallnativetokeninfostub_fuzzer/corpus/init b/test/fuzztest/services/accesstoken/getallnativetokeninfostub_fuzzer/corpus/init deleted file mode 100644 index e4ceac1bc..000000000 --- a/test/fuzztest/services/accesstoken/getallnativetokeninfostub_fuzzer/corpus/init +++ /dev/null @@ -1,14 +0,0 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -FUZZ \ No newline at end of file diff --git a/test/fuzztest/services/accesstoken/getallnativetokeninfostub_fuzzer/getallnativetokeninfostub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getallnativetokeninfostub_fuzzer/getallnativetokeninfostub_fuzzer.cpp deleted file mode 100644 index 27dcebe7d..000000000 --- a/test/fuzztest/services/accesstoken/getallnativetokeninfostub_fuzzer/getallnativetokeninfostub_fuzzer.cpp +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright (c) 2023 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "getallnativetokeninfostub_fuzzer.h" - -#include -#include -#include -#undef private -#include "accesstoken_info_manager.h" -#include "accesstoken_kit.h" -#include "i_accesstoken_manager.h" -#include "service/accesstoken_manager_service.h" -#include "token_setproc.h" - -using namespace std; -using namespace OHOS::Security::AccessToken; -#ifdef TOKEN_SYNC_ENABLE -const int CONSTANTS_NUMBER_TWO = 2; -#endif - -namespace OHOS { - bool GetAllNativeTokenInfoFuzzTest(const uint8_t* data, size_t size) - { -#ifdef TOKEN_SYNC_ENABLE - if ((data == nullptr) || (size == 0)) { - return false; - } - - MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); - - uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_ALL_NATIVE_TOKEN_FROM_REMOTE); - - MessageParcel reply; - MessageOption option; - bool enable = ((size % CONSTANTS_NUMBER_TWO) == 0); - if (enable) { - AccessTokenID accesstoken = AccessTokenKit::GetNativeTokenId("token_sync_service"); - SetSelfTokenID(accesstoken); - AccessTokenInfoManager::GetInstance().Init(); - } - DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); - AccessTokenID hdcd = AccessTokenKit::GetNativeTokenId("hdcd"); - SetSelfTokenID(hdcd); - - return true; -#else - return true; -#endif - } -} - -/* Fuzzer entry point */ -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) -{ - /* Run your code on data */ - OHOS::GetAllNativeTokenInfoFuzzTest(data, size); - return 0; -} diff --git a/test/fuzztest/services/accesstoken/getallnativetokeninfostub_fuzzer/getallnativetokeninfostub_fuzzer.h b/test/fuzztest/services/accesstoken/getallnativetokeninfostub_fuzzer/getallnativetokeninfostub_fuzzer.h deleted file mode 100644 index 1120226a4..000000000 --- a/test/fuzztest/services/accesstoken/getallnativetokeninfostub_fuzzer/getallnativetokeninfostub_fuzzer.h +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright (c) 2023 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef TEST_FUZZTEST_GETALLNATIVETOKENINFOSTUB_FUZZER_H -#define TEST_FUZZTEST_GETALLNATIVETOKENINFOSTUB_FUZZER_H - -#define FUZZ_PROJECT_NAME "getallnativetokeninfostub_fuzzer" - -#endif // TEST_FUZZTEST_GETALLNATIVETOKENINFOSTUB_FUZZER_H diff --git a/test/fuzztest/services/accesstoken/getallnativetokeninfostub_fuzzer/project.xml b/test/fuzztest/services/accesstoken/getallnativetokeninfostub_fuzzer/project.xml deleted file mode 100644 index 4fdbc407f..000000000 --- a/test/fuzztest/services/accesstoken/getallnativetokeninfostub_fuzzer/project.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - - - - 1000 - - 300 - - 4096 - - diff --git a/test/fuzztest/services/accesstoken/setremotenativetokeninfostub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/setremotenativetokeninfostub_fuzzer/BUILD.gn deleted file mode 100644 index aba3ef43e..000000000 --- a/test/fuzztest/services/accesstoken/setremotenativetokeninfostub_fuzzer/BUILD.gn +++ /dev/null @@ -1,47 +0,0 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import("//build/config/features.gni") -import("//build/test.gni") -import("../../../../../access_token.gni") -import("../access_token_service_fuzz.gni") - -ohos_fuzztest("SetRemoteNativeTokenInfoStubFuzzTest") { - module_out_path = module_output_path_service_access_token - fuzz_config_file = "." - - sources = [ "setremotenativetokeninfostub_fuzzer.cpp" ] - - cflags = [ - "-g", - "-O0", - "-Wno-unused-variable", - "-fno-omit-frame-pointer", - ] - - include_dirs = access_token_include_dirs - - deps = access_token_deps - - configs = [ "${access_token_path}/config:coverage_flags" ] - - external_deps = access_token_external_deps - - include_dirs += access_token_impl_include_dirs - - cflags_cc = access_token_cflags_cc - - sources += access_token_sources - - sources += access_token_impl_sources -} diff --git a/test/fuzztest/services/accesstoken/setremotenativetokeninfostub_fuzzer/corpus/init b/test/fuzztest/services/accesstoken/setremotenativetokeninfostub_fuzzer/corpus/init deleted file mode 100644 index e4ceac1bc..000000000 --- a/test/fuzztest/services/accesstoken/setremotenativetokeninfostub_fuzzer/corpus/init +++ /dev/null @@ -1,14 +0,0 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -FUZZ \ No newline at end of file diff --git a/test/fuzztest/services/accesstoken/setremotenativetokeninfostub_fuzzer/project.xml b/test/fuzztest/services/accesstoken/setremotenativetokeninfostub_fuzzer/project.xml deleted file mode 100644 index 4fdbc407f..000000000 --- a/test/fuzztest/services/accesstoken/setremotenativetokeninfostub_fuzzer/project.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - - - - 1000 - - 300 - - 4096 - - diff --git a/test/fuzztest/services/accesstoken/setremotenativetokeninfostub_fuzzer/setremotenativetokeninfostub_fuzzer.cpp b/test/fuzztest/services/accesstoken/setremotenativetokeninfostub_fuzzer/setremotenativetokeninfostub_fuzzer.cpp deleted file mode 100644 index 3c9668e5b..000000000 --- a/test/fuzztest/services/accesstoken/setremotenativetokeninfostub_fuzzer/setremotenativetokeninfostub_fuzzer.cpp +++ /dev/null @@ -1,96 +0,0 @@ -/* - * Copyright (c) 2023 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "setremotenativetokeninfostub_fuzzer.h" - -#include -#include -#include -#undef private -#include "accesstoken_fuzzdata.h" -#include "accesstoken_info_manager.h" -#include "accesstoken_kit.h" -#include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" -#include "token_setproc.h" - -using namespace std; -using namespace OHOS::Security::AccessToken; -#ifdef TOKEN_SYNC_ENABLE -const int CONSTANTS_NUMBER_TWO = 2; -#endif - -namespace OHOS { - bool SetRemoteNativeTokenInfoStubFuzzTest(const uint8_t* data, size_t size) - { - #ifdef TOKEN_SYNC_ENABLE - if ((data == nullptr) || (size == 0)) { - return false; - } - - AccessTokenFuzzData fuzzData(data, size); - AccessTokenID tokenId = fuzzData.GetData(); - NativeTokenInfoForSync native = { - .baseInfo.apl = APL_NORMAL, - .baseInfo.ver = 1, - .baseInfo.processName = fuzzData.GenerateRandomString(), - .baseInfo.dcap = {fuzzData.GenerateRandomString(), fuzzData.GenerateRandomString(), "xxxx"}, - .baseInfo.tokenID = tokenId, - .baseInfo.tokenAttr = 0, - .baseInfo.nativeAcls = {fuzzData.GenerateRandomString()}, - }; - NativeTokenInfoForSyncParcel nativeTokenInfoForSyncParcel; - nativeTokenInfoForSyncParcel.nativeTokenInfoForSyncParams = native; - - MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); - if (!datas.WriteString(fuzzData.GenerateRandomString())) { - return false; - } - if (!datas.WriteUint32(1)) { - return false; - } - if (!datas.WriteParcelable(&nativeTokenInfoForSyncParcel)) { - return false; - } - - uint32_t code = static_cast(AccessTokenInterfaceCode::SET_REMOTE_NATIVE_TOKEN_INFO); - - MessageParcel reply; - MessageOption option; - bool enable = ((size % CONSTANTS_NUMBER_TWO) == 0); - if (enable) { - AccessTokenID accesstoken = AccessTokenKit::GetNativeTokenId("token_sync_service"); - SetSelfTokenID(accesstoken); - AccessTokenInfoManager::GetInstance().Init(); - } - DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); - AccessTokenID hdcd = AccessTokenKit::GetNativeTokenId("hdcd"); - SetSelfTokenID(hdcd); - - return true; - #else - return true; - #endif - } -} // namespace OHOS - -/* Fuzzer entry point */ -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) -{ - /* Run your code on data */ - OHOS::SetRemoteNativeTokenInfoStubFuzzTest(data, size); - return 0; -} diff --git a/test/fuzztest/services/accesstoken/setremotenativetokeninfostub_fuzzer/setremotenativetokeninfostub_fuzzer.h b/test/fuzztest/services/accesstoken/setremotenativetokeninfostub_fuzzer/setremotenativetokeninfostub_fuzzer.h deleted file mode 100644 index ed6c271be..000000000 --- a/test/fuzztest/services/accesstoken/setremotenativetokeninfostub_fuzzer/setremotenativetokeninfostub_fuzzer.h +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright (c) 2023 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef TEST_FUZZTEST_SETREMOTENATIVETOKENINFOSTUB_FUZZER_H -#define TEST_FUZZTEST_SETREMOTENATIVETOKENINFOSTUB_FUZZER_H - -#define FUZZ_PROJECT_NAME "setremotenativetokeninfostub_fuzzer" - -#endif // TEST_FUZZTEST_SETREMOTENATIVETOKENINFOSTUB_FUZZER_H -- Gitee From bd5c5aa1cb83ec6028d86677b546eb28c93aef95 Mon Sep 17 00:00:00 2001 From: wuliushuan Date: Sat, 31 Aug 2024 07:45:35 +0000 Subject: [PATCH 068/473] =?UTF-8?q?remote()=20=E6=B7=BB=E5=8A=A0=E5=88=A4?= =?UTF-8?q?=E7=A9=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: wuliushuan Change-Id: I43d1502e448fbdc980515cb16f0c02e4c79ca997 --- .../accesstoken/include/access_token_error.h | 1 + .../innerkits/privacy/include/privacy_error.h | 1 + .../form_manager_access_proxy.cpp | 21 ++++++++++++-- .../src/ability_manager_access_proxy.cpp | 7 ++++- .../src/ams_manager_access_proxy.cpp | 7 ++++- .../src/app_manager_access_proxy.cpp | 28 ++++++++++++++++--- .../background_task_manager_access_proxy.cpp | 21 ++++++++++++-- .../power_manager/src/power_manager_proxy.cpp | 7 ++++- ...ivacy_scene_session_manager_lite_proxy.cpp | 14 ++++++++-- .../src/privacy_session_manager_proxy.cpp | 14 ++++++++-- .../src/privacy_window_manager_proxy.cpp | 14 ++++++++-- .../audio_manager_privacy_proxy.cpp | 14 ++++++++-- .../camera_manager_privacy_proxy.cpp | 14 ++++++++-- 13 files changed, 140 insertions(+), 23 deletions(-) diff --git a/interfaces/innerkits/accesstoken/include/access_token_error.h b/interfaces/innerkits/accesstoken/include/access_token_error.h index 2aad05255..2b1c0ed0c 100644 --- a/interfaces/innerkits/accesstoken/include/access_token_error.h +++ b/interfaces/innerkits/accesstoken/include/access_token_error.h @@ -76,6 +76,7 @@ enum AccessTokenError { ERR_LOAD_SO_FAILED, ERR_USER_POLICY_INITIALIZED, ERR_USER_POLICY_NOT_INITIALIZED, + ERR_REMOTE_CONNECTION, }; } // namespace AccessToken } // namespace Security diff --git a/interfaces/innerkits/privacy/include/privacy_error.h b/interfaces/innerkits/privacy/include/privacy_error.h index bab714d96..dd56f19e5 100644 --- a/interfaces/innerkits/privacy/include/privacy_error.h +++ b/interfaces/innerkits/privacy/include/privacy_error.h @@ -62,6 +62,7 @@ enum PrivacyError { ERR_WINDOW_CALLBACK_FAILED, ERR_EDM_POLICY_CHECK_FAILED, ERR_PRIVACY_POLICY_CHECK_FAILED, + ERR_REMOTE_CONNECTION, }; } // namespace AccessToken } // namespace Security diff --git a/services/accesstokenmanager/main/cpp/src/form_manager/form_manager_access_proxy.cpp b/services/accesstokenmanager/main/cpp/src/form_manager/form_manager_access_proxy.cpp index 9728235c6..141cb3c50 100644 --- a/services/accesstokenmanager/main/cpp/src/form_manager/form_manager_access_proxy.cpp +++ b/services/accesstokenmanager/main/cpp/src/form_manager/form_manager_access_proxy.cpp @@ -42,7 +42,12 @@ int32_t FormManagerAccessProxy::RegisterAddObserver( ACCESSTOKEN_LOG_ERROR(LABEL, "Write callerToken failed."); return ERROR; } - int32_t error = Remote()->SendRequest( + sptr remote = Remote(); + if (remote == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Remote service is null."); + return ERROR; + } + int32_t error = remote->SendRequest( static_cast(IFormMgr::Message::FORM_MGR_REGISTER_ADD_OBSERVER), data, reply, option); if (error != ERR_NONE) { ACCESSTOKEN_LOG_ERROR(LABEL, "RegisterAddObserver failed, error: %{public}d", error); @@ -69,7 +74,12 @@ int32_t FormManagerAccessProxy::RegisterRemoveObserver( ACCESSTOKEN_LOG_ERROR(LABEL, "Write callerToken failed."); return ERROR; } - int32_t error = Remote()->SendRequest( + sptr remote = Remote(); + if (remote == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Remote service is null."); + return ERROR; + } + int32_t error = remote->SendRequest( static_cast(IFormMgr::Message::FORM_MGR_REGISTER_REMOVE_OBSERVER), data, reply, option); if (error != ERR_NONE) { ACCESSTOKEN_LOG_ERROR(LABEL, "UnregisterAddObserver failed, error: %d", error); @@ -92,7 +102,12 @@ bool FormManagerAccessProxy::HasFormVisible(const uint32_t tokenId) return false; } - int32_t error = Remote()->SendRequest( + sptr remote = Remote(); + if (remote == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Remote service is null."); + return false; + } + int32_t error = remote->SendRequest( static_cast(IFormMgr::Message::FORM_MGR_HAS_FORM_VISIBLE_WITH_TOKENID), data, reply, option); if (error != ERR_NONE) { ACCESSTOKEN_LOG_ERROR(LABEL, "Get form visibility failed, error: %{public}d", error); diff --git a/services/common/ability_manager/src/ability_manager_access_proxy.cpp b/services/common/ability_manager/src/ability_manager_access_proxy.cpp index 6abbc09f5..f459b7856 100644 --- a/services/common/ability_manager/src/ability_manager_access_proxy.cpp +++ b/services/common/ability_manager/src/ability_manager_access_proxy.cpp @@ -60,7 +60,12 @@ int AbilityManagerAccessProxy::StartAbility(const AAFwk::Want &want, const sptr< return AccessTokenError::ERR_WRITE_PARCEL_FAILED; } - int error = Remote()->SendRequest( + sptr remote = Remote(); + if (remote == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Remote service is null."); + return AccessTokenError::ERR_REMOTE_CONNECTION; + } + int error = remote->SendRequest( static_cast(AccessAbilityServiceInterfaceCode::START_ABILITY_ADD_CALLER), data, reply, option); if (error != 0) { ACCESSTOKEN_LOG_ERROR(LABEL, "Send request error: %{public}d", error); diff --git a/services/common/app_manager/src/ams_manager_access_proxy.cpp b/services/common/app_manager/src/ams_manager_access_proxy.cpp index d0ace69e5..4f1d6a064 100644 --- a/services/common/app_manager/src/ams_manager_access_proxy.cpp +++ b/services/common/app_manager/src/ams_manager_access_proxy.cpp @@ -37,7 +37,12 @@ int32_t AmsManagerAccessProxy::KillProcessesByAccessTokenId(const uint32_t acces ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInt32 failed."); return ERROR; } - int32_t error = Remote()->SendRequest( + sptr remote = Remote(); + if (remote == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Remote service is null."); + return ERROR; + } + int32_t error = remote->SendRequest( static_cast(IAmsMgr::Message::FORCE_KILL_APPLICATION_BY_ACCESS_TOKEN_ID), data, reply, option); if (error != ERR_NONE) { ACCESSTOKEN_LOG_ERROR(LABEL, "KillProcessesByAccessTokenId failed, error: %{public}d", error); diff --git a/services/common/app_manager/src/app_manager_access_proxy.cpp b/services/common/app_manager/src/app_manager_access_proxy.cpp index 186a5d2c6..08749de44 100644 --- a/services/common/app_manager/src/app_manager_access_proxy.cpp +++ b/services/common/app_manager/src/app_manager_access_proxy.cpp @@ -33,7 +33,12 @@ sptr AppManagerAccessProxy::GetAmsMgr() if (!data.WriteInterfaceToken(GetDescriptor())) { return nullptr; } - int32_t error = Remote()->SendRequest( + sptr remote = Remote(); + if (remote == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Remote service is null."); + return nullptr; + } + int32_t error = remote->SendRequest( static_cast(IAppMgr::Message::APP_GET_MGR_INSTANCE), data, reply, option); if (error != ERR_NONE) { ACCESSTOKEN_LOG_ERROR(LABEL, "GetAmsMgr failed, error: %{public}d", error); @@ -66,7 +71,12 @@ int32_t AppManagerAccessProxy::RegisterApplicationStateObserver(const sptrSendRequest( + sptr remote = Remote(); + if (remote == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Remote service is null."); + return ERROR; + } + int32_t error = remote->SendRequest( static_cast(IAppMgr::Message::REGISTER_APPLICATION_STATE_OBSERVER), data, reply, option); if (error != ERR_NONE) { ACCESSTOKEN_LOG_ERROR(LABEL, "RegisterAppStatus failed, error: %{public}d", error); @@ -89,7 +99,12 @@ int32_t AppManagerAccessProxy::UnregisterApplicationStateObserver( ACCESSTOKEN_LOG_ERROR(LABEL, "Observer write failed."); return ERROR; } - int32_t error = Remote()->SendRequest( + sptr remote = Remote(); + if (remote == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Remote service is null."); + return ERROR; + } + int32_t error = remote->SendRequest( static_cast(IAppMgr::Message::UNREGISTER_APPLICATION_STATE_OBSERVER), data, reply, option); if (error != ERR_NONE) { ACCESSTOKEN_LOG_ERROR(LABEL, "Set microphoneMute failed, error: %d", error); @@ -107,7 +122,12 @@ int32_t AppManagerAccessProxy::GetForegroundApplications(std::vectorSendRequest( + sptr remote = Remote(); + if (remote == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Remote service is null."); + return ERROR; + } + int32_t error = remote->SendRequest( static_cast(IAppMgr::Message::GET_FOREGROUND_APPLICATIONS), data, reply, option); if (error != ERR_NONE) { ACCESSTOKEN_LOG_ERROR(LABEL, "GetForegroundApplications failed, error: %{public}d", error); diff --git a/services/common/background_task_manager/src/background_task_manager_access_proxy.cpp b/services/common/background_task_manager/src/background_task_manager_access_proxy.cpp index 8c43d5080..a6a465ca0 100644 --- a/services/common/background_task_manager/src/background_task_manager_access_proxy.cpp +++ b/services/common/background_task_manager/src/background_task_manager_access_proxy.cpp @@ -39,7 +39,12 @@ int32_t BackgroundTaskManagerAccessProxy::SubscribeBackgroundTask(const sptrSendRequest( + sptr remote = Remote(); + if (remote == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Remote service is null."); + return ERROR; + } + int32_t error = remote->SendRequest( static_cast(IBackgroundTaskMgr::Message::SUBSCRIBE_BACKGROUND_TASK), data, reply, option); if (error != ERR_NONE) { ACCESSTOKEN_LOG_ERROR(LABEL, "Regist background task observer failed, error: %{public}d", error); @@ -66,7 +71,12 @@ int32_t BackgroundTaskManagerAccessProxy::UnsubscribeBackgroundTask(const sptrSendRequest( + sptr remote = Remote(); + if (remote == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Remote service is null."); + return ERROR; + } + int32_t error = remote->SendRequest( static_cast(IBackgroundTaskMgr::Message::UNSUBSCRIBE_BACKGROUND_TASK), data, reply, option); if (error != ERR_NONE) { ACCESSTOKEN_LOG_ERROR(LABEL, "Unregist background task observer failed, error: %d", error); @@ -90,7 +100,12 @@ int32_t BackgroundTaskManagerAccessProxy::GetContinuousTaskApps( ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed"); return ERROR; } - int32_t error = Remote()->SendRequest( + sptr remote = Remote(); + if (remote == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Remote service is null."); + return ERROR; + } + int32_t error = remote->SendRequest( static_cast(IBackgroundTaskMgr::Message::GET_CONTINUOUS_TASK_APPS), data, reply, option); if (error != ERR_NONE) { ACCESSTOKEN_LOG_ERROR(LABEL, "Get continuous task apps failed, error: %{public}d", error); diff --git a/services/common/power_manager/src/power_manager_proxy.cpp b/services/common/power_manager/src/power_manager_proxy.cpp index 99276f193..4641634a8 100644 --- a/services/common/power_manager/src/power_manager_proxy.cpp +++ b/services/common/power_manager/src/power_manager_proxy.cpp @@ -37,7 +37,12 @@ bool PowerMgrProxy::IsScreenOn() ACCESSTOKEN_LOG_ERROR(LABEL, "WriteBool failed"); return false; } - int32_t error = Remote()->SendRequest(static_cast(IPowerMgr::Message::IS_SCREEN_ON), data, reply, option); + sptr remote = Remote(); + if (remote == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Remote service is null."); + return false; + } + int32_t error = remote->SendRequest(static_cast(IPowerMgr::Message::IS_SCREEN_ON), data, reply, option); if (error != ERR_NONE) { ACCESSTOKEN_LOG_ERROR(LABEL, "IsScreenOn failed, error: %{public}d", error); return false; diff --git a/services/common/window_manager/src/privacy_scene_session_manager_lite_proxy.cpp b/services/common/window_manager/src/privacy_scene_session_manager_lite_proxy.cpp index 7e2921b80..38c257b80 100644 --- a/services/common/window_manager/src/privacy_scene_session_manager_lite_proxy.cpp +++ b/services/common/window_manager/src/privacy_scene_session_manager_lite_proxy.cpp @@ -46,7 +46,12 @@ int32_t PrivacySceneSessionManagerLiteProxy::RegisterWindowManagerAgent(WindowMa return ERR_WRITE_PARCEL_FAILED; } - int32_t error = Remote()->SendRequest(static_cast( + sptr remote = Remote(); + if (remote == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Remote service is null."); + return ERR_REMOTE_CONNECTION; + } + int32_t error = remote->SendRequest(static_cast( SceneSessionManagerLiteMessage::TRANS_ID_REGISTER_WINDOW_MANAGER_AGENT), data, reply, option); if (error != ERR_NONE) { @@ -78,7 +83,12 @@ int32_t PrivacySceneSessionManagerLiteProxy::UnregisterWindowManagerAgent(Window return ERR_WRITE_PARCEL_FAILED; } - int32_t error = Remote()->SendRequest(static_cast( + sptr remote = Remote(); + if (remote == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Remote service is null."); + return ERR_REMOTE_CONNECTION; + } + int32_t error = remote->SendRequest(static_cast( SceneSessionManagerLiteMessage::TRANS_ID_UNREGISTER_WINDOW_MANAGER_AGENT), data, reply, option); if (error != ERR_NONE) { diff --git a/services/common/window_manager/src/privacy_session_manager_proxy.cpp b/services/common/window_manager/src/privacy_session_manager_proxy.cpp index 01b0da5eb..113f87fa1 100644 --- a/services/common/window_manager/src/privacy_session_manager_proxy.cpp +++ b/services/common/window_manager/src/privacy_session_manager_proxy.cpp @@ -35,7 +35,12 @@ sptr PrivacySessionManagerProxy::GetSceneSessionManager() return nullptr; } - auto ret = Remote()->SendRequest( + sptr remote = Remote(); + if (remote == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Remote service is null."); + return nullptr; + } + auto ret = remote->SendRequest( static_cast(SessionManagerServiceMessage::TRANS_ID_GET_SCENE_SESSION_MANAGER), data, reply, option); if (ret != ERR_NONE) { @@ -57,7 +62,12 @@ sptr PrivacySessionManagerProxy::GetSceneSessionManagerLite() return nullptr; } - auto ret = Remote()->SendRequest( + sptr remote = Remote(); + if (remote == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Remote service is null."); + return nullptr; + } + auto ret = remote->SendRequest( static_cast(SessionManagerServiceMessage::TRANS_ID_GET_SCENE_SESSION_MANAGER_LITE), data, reply, option); if (ret != ERR_NONE) { diff --git a/services/common/window_manager/src/privacy_window_manager_proxy.cpp b/services/common/window_manager/src/privacy_window_manager_proxy.cpp index 77a3e4594..097ab3af6 100644 --- a/services/common/window_manager/src/privacy_window_manager_proxy.cpp +++ b/services/common/window_manager/src/privacy_window_manager_proxy.cpp @@ -44,7 +44,12 @@ int32_t PrivacyWindowManagerProxy::RegisterWindowManagerAgent(WindowManagerAgent ACCESSTOKEN_LOG_ERROR(LABEL, "Write IWindowManagerAgent failed"); return ERR_WRITE_PARCEL_FAILED; } - int32_t error = Remote()->SendRequest( + sptr remote = Remote(); + if (remote == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Remote service is null."); + return ERR_REMOTE_CONNECTION; + } + int32_t error = remote->SendRequest( static_cast(IWindowManager::WindowManagerMessage::TRANS_ID_REGISTER_WINDOW_MANAGER_AGENT), data, reply, option); if (error != ERR_NONE) { @@ -75,7 +80,12 @@ int32_t PrivacyWindowManagerProxy::UnregisterWindowManagerAgent(WindowManagerAge return ERR_WRITE_PARCEL_FAILED; } - int32_t error = Remote()->SendRequest( + sptr remote = Remote(); + if (remote == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Remote service is null."); + return ERR_REMOTE_CONNECTION; + } + int32_t error = remote->SendRequest( static_cast(IWindowManager::WindowManagerMessage::TRANS_ID_UNREGISTER_WINDOW_MANAGER_AGENT), data, reply, option); if (error != ERR_NONE) { diff --git a/services/privacymanager/src/sensitive/audio_manager/audio_manager_privacy_proxy.cpp b/services/privacymanager/src/sensitive/audio_manager/audio_manager_privacy_proxy.cpp index 693330bbd..a9637e011 100644 --- a/services/privacymanager/src/sensitive/audio_manager/audio_manager_privacy_proxy.cpp +++ b/services/privacymanager/src/sensitive/audio_manager/audio_manager_privacy_proxy.cpp @@ -35,7 +35,12 @@ bool AudioManagerPrivacyProxy::GetPersistentMicMuteState() ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed"); return false; } - int32_t error = Remote()->SendRequest(static_cast( + sptr remote = Remote(); + if (remote == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Remote service is null."); + return false; + } + int32_t error = remote->SendRequest(static_cast( AudioStandard::AudioPolicyInterfaceCode::GET_MICROPHONE_MUTE_PERSISTENT), data, reply, option); if (error != ERR_NONE) { ACCESSTOKEN_LOG_ERROR(LABEL, "GetPersistentMicMuteState failed, error: %{public}d", error); @@ -57,7 +62,12 @@ int32_t AudioManagerPrivacyProxy::SetMicrophoneMutePersistent(const bool isMute, } data.WriteBool(isMute); data.WriteInt32(static_cast(type)); - int32_t error = Remote()->SendRequest(static_cast( + sptr remote = Remote(); + if (remote == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Remote service is null."); + return ERROR; + } + int32_t error = remote->SendRequest(static_cast( AudioStandard::AudioPolicyInterfaceCode::SET_MICROPHONE_MUTE_PERSISTENT), data, reply, option); if (error != ERR_NONE) { ACCESSTOKEN_LOG_ERROR(LABEL, "Set microphoneMute failed, error: %d", error); diff --git a/services/privacymanager/src/sensitive/camera_manager/camera_manager_privacy_proxy.cpp b/services/privacymanager/src/sensitive/camera_manager/camera_manager_privacy_proxy.cpp index 196baba49..211650419 100644 --- a/services/privacymanager/src/sensitive/camera_manager/camera_manager_privacy_proxy.cpp +++ b/services/privacymanager/src/sensitive/camera_manager/camera_manager_privacy_proxy.cpp @@ -41,7 +41,12 @@ int32_t CameraManagerPrivacyProxy::MuteCameraPersist(PolicyType policyType, bool ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write bool"); return ERROR; } - int32_t error = Remote()->SendRequest( + sptr remote = Remote(); + if (remote == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Remote service is null."); + return ERROR; + } + int32_t error = remote->SendRequest( static_cast(CAMERA_SERVICE_MUTE_CAMERA_PERSIST), data, reply, option); if (error != ERR_NONE) { ACCESSTOKEN_LOG_ERROR(LABEL, "SendRequest failed, error: %{public}d", error); @@ -62,7 +67,12 @@ int32_t CameraManagerPrivacyProxy::IsCameraMuted(bool &muteMode) ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write bool"); return ERROR; } - int32_t error = Remote()->SendRequest(static_cast(CAMERA_SERVICE_IS_CAMERA_MUTED), data, reply, option); + sptr remote = Remote(); + if (remote == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Remote service is null."); + return ERROR; + } + int32_t error = remote->SendRequest(static_cast(CAMERA_SERVICE_IS_CAMERA_MUTED), data, reply, option); if (error != ERR_NONE) { ACCESSTOKEN_LOG_ERROR(LABEL, "SendRequest failed, error: %{public}d", error); return ERROR; -- Gitee From fee22f58c7def13645c96827032048ce8ba1367b Mon Sep 17 00:00:00 2001 From: SongChunPeng Date: Mon, 2 Sep 2024 10:44:11 +0800 Subject: [PATCH 069/473] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E7=9B=B8=E6=9C=BA?= =?UTF-8?q?=E5=90=8E=E5=8F=B0=E8=BF=90=E8=A1=8C=E6=9D=83=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: SongChunPeng --- frameworks/common/src/permission_map.cpp | 1 + .../accesstokenmanager/permission_definitions.json | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/frameworks/common/src/permission_map.cpp b/frameworks/common/src/permission_map.cpp index 19e19e05d..f00142814 100644 --- a/frameworks/common/src/permission_map.cpp +++ b/frameworks/common/src/permission_map.cpp @@ -505,6 +505,7 @@ const static std::vector> g_permMap = { {"ohos.permission.GET_ETHERNET_LOCAL_MAC", false}, {"ohos.permission.ALLOW_SHOW_NON_SECURE_WINDOWS", false}, {"ohos.permission.GRANT_SHORT_TERM_WRITE_MEDIAVIDEO", false}, + {"ohos.permission.CAMERA_BACKGROUND", false}, }; bool TransferPermissionToOpcode(const std::string& permission, uint32_t& opCode) diff --git a/services/accesstokenmanager/permission_definitions.json b/services/accesstokenmanager/permission_definitions.json index 4d4642af8..39db94f81 100644 --- a/services/accesstokenmanager/permission_definitions.json +++ b/services/accesstokenmanager/permission_definitions.json @@ -3969,6 +3969,16 @@ "deprecated": "", "provisionEnable": true, "distributedSceneEnable": false + }, + { + "name": "ohos.permission.CAMERA_BACKGROUND", + "grantMode": "system_grant", + "availableLevel": "system_core", + "availableType": "SYSTEM", + "since": 13, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false } ], "userGrantPermissions": [ -- Gitee From 73356341ae2472354cf12ca5618d559dcd2a4ada Mon Sep 17 00:00:00 2001 From: zengsiyu Date: Mon, 26 Aug 2024 12:43:38 +0800 Subject: [PATCH 070/473] start sa after booting Signed-off-by: zengsiyu Change-Id: Iee1e4aee2808e455d56c18334f5d7e281f7e56df --- services/el5filekeymanager/el5_filekey_manager.cfg | 3 ++- services/el5filekeymanager/sa_profile/8250.json | 3 +++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/services/el5filekeymanager/el5_filekey_manager.cfg b/services/el5filekeymanager/el5_filekey_manager.cfg index a11b32b9c..3d3a5c4f1 100644 --- a/services/el5filekeymanager/el5_filekey_manager.cfg +++ b/services/el5filekeymanager/el5_filekey_manager.cfg @@ -28,7 +28,8 @@ "ohos.permission.PUBLISH_SYSTEM_COMMON_EVENT", "ohos.permission.STORAGE_MANAGER_CRYPT", "ohos.permission.MANAGE_LOCAL_ACCOUNTS", - "ohos.permission.USE_USER_IDM" + "ohos.permission.USE_USER_IDM", + "ohos.permission.RECEIVER_STARTUP_COMPLETED" ], "permission_acls": [ "ohos.permission.MONITOR_DEVICE_NETWORK_STATE", diff --git a/services/el5filekeymanager/sa_profile/8250.json b/services/el5filekeymanager/sa_profile/8250.json index f7341c6c3..17e23278b 100644 --- a/services/el5filekeymanager/sa_profile/8250.json +++ b/services/el5filekeymanager/sa_profile/8250.json @@ -18,6 +18,9 @@ }, { "name": "usual.event.USER_STOPPED" + }, + { + "name":"usual.event.BOOT_COMPLETED" } ] } -- Gitee From 120b1c0188de2e6eaed15304d0b1b7bcbbb2e07b Mon Sep 17 00:00:00 2001 From: lsq Date: Tue, 3 Sep 2024 10:59:27 +0800 Subject: [PATCH 071/473] =?UTF-8?q?=E5=A4=A7=E5=87=BD=E6=95=B0=E4=BF=AE?= =?UTF-8?q?=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: lsq Change-Id: I58701d4a6fbc13e31af5015122b9312142b3c5cf --- .../main/cpp/src/permission/short_grant_manager.cpp | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/services/accesstokenmanager/main/cpp/src/permission/short_grant_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/short_grant_manager.cpp index 62bf4fb4e..b84d70385 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/short_grant_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/short_grant_manager.cpp @@ -72,8 +72,7 @@ bool ShortGrantManager::CancelTaskOfPermissionRevoking(const std::string& taskNa int ShortGrantManager::RefreshPermission(AccessTokenID tokenID, const std::string& permission, uint32_t onceTime) { if (tokenID == 0 || onceTime == 0 || onceTime > DEFAULT_MAX_ONCE_TIME_MILLISECONDS || onceTime > maxTime_) { - ACCESSTOKEN_LOG_ERROR(LABEL, - "Input invalid, tokenID is: %{public}d, onceTime is %{public}u!", tokenID, onceTime); + ACCESSTOKEN_LOG_ERROR(LABEL, "Input invalid, tokenID: %{public}d, onceTime %{public}u!", tokenID, onceTime); return AccessTokenError::ERR_PARAM_INVALID; } std::string taskName = TASK_NAME_SHORT_GRANT_PERMISSION + std::to_string(tokenID) + permission; @@ -106,8 +105,7 @@ int ShortGrantManager::RefreshPermission(AccessTokenID tokenID, const std::strin } uint32_t maxRemainedTime = maxTime_ - (GetCurrentTime() - iter->firstGrantTimes); - uint32_t currRemainedTime = iter->revokeTimes > GetCurrentTime() ? - (iter->revokeTimes - GetCurrentTime()) : 0; + uint32_t currRemainedTime = iter->revokeTimes > GetCurrentTime() ? (iter->revokeTimes - GetCurrentTime()) : 0; uint32_t cancelTimes = (maxRemainedTime > onceTime) ? onceTime : maxRemainedTime; ACCESSTOKEN_LOG_INFO(LABEL, "currRemainedTime %{public}d", currRemainedTime); if (cancelTimes > currRemainedTime) { -- Gitee From ad3dcfc6b36b48f95303948837b160089a76ac07 Mon Sep 17 00:00:00 2001 From: wuliushuan Date: Tue, 3 Sep 2024 06:40:10 +0000 Subject: [PATCH 072/473] =?UTF-8?q?=E7=94=A8=E4=BE=8B=E5=A4=B1=E8=B4=A5?= =?UTF-8?q?=E9=97=AE=E9=A2=98=E4=BF=AE=E5=A4=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: wuliushuan Change-Id: I75e2e1888fc8ea6a1fe8549b4ac281072dcba45c --- .../unittest/src/accesstoken_kit_test.cpp | 57 +++---------------- .../src/accesstoken_location_request_test.cpp | 1 + ...accesstoken_short_time_permission_test.cpp | 5 +- .../test/unittest/src/edm_policy_set_test.cpp | 2 +- interfaces/innerkits/privacy/test/BUILD.gn | 7 +-- .../mock/src/app_manager_access_client.cpp | 43 ++++++++++++++ .../test/mock/src/app_manager_access_client.h | 38 +++++++++++++ .../accesstoken_info_manager_test.cpp | 6 ++ 8 files changed, 102 insertions(+), 57 deletions(-) create mode 100644 interfaces/innerkits/privacy/test/mock/src/app_manager_access_client.cpp create mode 100644 interfaces/innerkits/privacy/test/mock/src/app_manager_access_client.h diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp index 8fa2079a2..80cc3823a 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp @@ -42,7 +42,6 @@ static const int32_t INDEX_ONE = 1; static const int32_t INDEX_TWO = 2; static const int32_t INDEX_THREE = 3; static const int32_t INDEX_FOUR = 4; -static const int32_t RANDOM_UID = 123; PermissionDef g_infoManagerTestPermDef1 = { .permissionName = "ohos.permission.test1", @@ -156,6 +155,7 @@ void NativeTokenGet() void AccessTokenKitTest::SetUpTestCase() { + setuid(0); // make test case clean AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, g_infoManagerTestInfoParms.bundleName, @@ -3274,55 +3274,6 @@ HWTEST_F(AccessTokenKitTest, GetSelfPermissionsState001, TestSize.Level1) ASSERT_EQ(INVALID_OPER, AccessTokenKit::GetSelfPermissionsState(permsList, info)); } -/** - * @tc.name: GetNativeTokenName001 - * @tc.desc: AccessTokenKit::GetNativeTokenName. - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenKitTest, GetNativeTokenName001, TestSize.Level1) -{ - std::string name; - // invalid tokenId - ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, AccessTokenKit::GetNativeTokenName(INVALID_TOKENID, name)); - - AccessTokenID tokenId = AllocTestToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); - ASSERT_NE(INVALID_TOKENID, tokenId); - ASSERT_EQ(ATokenTypeEnum::TOKEN_HAP, AccessTokenKit::GetTokenTypeFlag(tokenId)); - // invalid token type - ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, AccessTokenKit::GetNativeTokenName(tokenId, name)); - - std::string processName = "hdcd"; - tokenId = AccessTokenKit::GetNativeTokenId(processName); - ASSERT_NE(INVALID_TOKENID, tokenId); - ASSERT_EQ(0, AccessTokenKit::GetNativeTokenName(tokenId, name)); - ASSERT_EQ(processName, name); -} - -/** - * @tc.name: GetNativeTokenName002 - * @tc.desc: AccessTokenKit::GetNativeTokenName. - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenKitTest, GetNativeTokenName002, TestSize.Level1) -{ - AccessTokenID tokenId = AllocTestToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); - ASSERT_NE(INVALID_TOKENID, tokenId); - ASSERT_EQ(ATokenTypeEnum::TOKEN_HAP, AccessTokenKit::GetTokenTypeFlag(tokenId)); - EXPECT_EQ(0, SetSelfTokenID(tokenId)); // set self to hap - - std::string name; - std::string processName = "hdcd"; - tokenId = AccessTokenKit::GetNativeTokenId(processName); - - int32_t selfUid = getuid(); - setuid(RANDOM_UID); - // calling is not native token, permission denied - ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::GetNativeTokenName(tokenId, name)); - setuid(selfUid); -} - /** * @tc.name: UserPolicyTest * @tc.desc: UserPolicyTest. @@ -3331,6 +3282,12 @@ HWTEST_F(AccessTokenKitTest, GetNativeTokenName002, TestSize.Level1) */ HWTEST_F(AccessTokenKitTest, UserPolicyTest, TestSize.Level1) { + setuid(0); + const char **perms = new const char *[1]; + perms[INDEX_ZERO] = "ohos.permission.GET_SENSITIVE_PERMISSIONS"; + uint64_t tokenID = GetNativeTokenTest("TestCase", perms, 1); + EXPECT_EQ(0, SetSelfTokenID(tokenID)); + delete[] perms; UserState user = {.userId = 100, .isActive = true}; // 100 is userId const std::vector userList = { user }; const std::vector permList = { "ohos.permission.INTERNET" }; diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_location_request_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_location_request_test.cpp index 29ff4abfd..9b908dbaa 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_location_request_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_location_request_test.cpp @@ -121,6 +121,7 @@ PermissionStateFull g_locationTestStateBack12 = { void AccessTokenLocationRequestTest::SetUpTestCase() { + setuid(0); AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, TEST_INST_INDEX); AccessTokenKit::DeleteToken(tokenId); } diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_short_time_permission_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_short_time_permission_test.cpp index 587ea5d10..388a1045c 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_short_time_permission_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_short_time_permission_test.cpp @@ -211,7 +211,8 @@ HWTEST_F(AccessTokenShortTimePermTest, GrantPermissionForSpecifiedTime004, TestS sleep(onceTime); - ASSERT_EQ(PermissionState::PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); + ASSERT_EQ(PermissionState::PERMISSION_DENIED, + AccessTokenKit::VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION, true)); } /** @@ -244,7 +245,7 @@ HWTEST_F(AccessTokenShortTimePermTest, GrantPermissionForSpecifiedTime005, TestS ASSERT_EQ(PermissionState::PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); // second onceTime is reached, permission is revoked - sleep(onceTime - 1); + sleep(onceTime); ASSERT_EQ(PermissionState::PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); } } // namespace AccessToken diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/edm_policy_set_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/edm_policy_set_test.cpp index 02c51a3dc..804f23e24 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/edm_policy_set_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/edm_policy_set_test.cpp @@ -267,7 +267,7 @@ HWTEST_F(EdmPolicySetTest, InitUserPolicy008, TestSize.Level1) std::vector permStatList; res = AccessTokenKit::GetReqPermissions(fullIdUser2.tokenIdExStruct.tokenID, permStatList, true); EXPECT_EQ(RET_SUCCESS, res); - EXPECT_EQ(static_cast(2), permStatList.size()); + ASSERT_EQ(static_cast(2), permStatList.size()); EXPECT_EQ(INTERNET, permStatList[0].permissionName); EXPECT_EQ(PERMISSION_GRANTED, permStatList[0].grantStatus[0]); diff --git a/interfaces/innerkits/privacy/test/BUILD.gn b/interfaces/innerkits/privacy/test/BUILD.gn index bfae3872f..649ef0ceb 100644 --- a/interfaces/innerkits/privacy/test/BUILD.gn +++ b/interfaces/innerkits/privacy/test/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2022-2023 Huawei Device Co., Ltd. +# Copyright (c) 2022-2024 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -27,6 +27,7 @@ ohos_unittest("libprivacy_sdk_test") { include_dirs = [ "../src", + "mock/src", "unittest/app_manager_client", "${access_token_path}/frameworks/common/include", "${access_token_path}/frameworks/privacy/include", @@ -37,9 +38,7 @@ ohos_unittest("libprivacy_sdk_test") { ] sources = [ - "unittest/app_manager_client/app_manager_access_client.cpp", - "unittest/app_manager_client/app_manager_access_proxy.cpp", - "unittest/app_manager_client/app_state_data.cpp", + "mock/src/app_manager_access_client.cpp", "unittest/src/permission_deny_test.cpp", "unittest/src/privacy_kit_test.cpp", ] diff --git a/interfaces/innerkits/privacy/test/mock/src/app_manager_access_client.cpp b/interfaces/innerkits/privacy/test/mock/src/app_manager_access_client.cpp new file mode 100644 index 000000000..59de2e35d --- /dev/null +++ b/interfaces/innerkits/privacy/test/mock/src/app_manager_access_client.cpp @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "app_manager_access_client.h" +#include + +#include "accesstoken_log.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { + +AppManagerAccessClient& AppManagerAccessClient::GetInstance() +{ + static AppManagerAccessClient instance; + return instance; +} + +AppManagerAccessClient::AppManagerAccessClient() +{} + +AppManagerAccessClient::~AppManagerAccessClient() +{ +} + +int32_t AppManagerAccessClient::GetForegroundApplications(std::vector& list) +{ + return 0; +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/interfaces/innerkits/privacy/test/mock/src/app_manager_access_client.h b/interfaces/innerkits/privacy/test/mock/src/app_manager_access_client.h new file mode 100644 index 000000000..cca58e465 --- /dev/null +++ b/interfaces/innerkits/privacy/test/mock/src/app_manager_access_client.h @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ACCESS_APP_MANAGER_ACCESS_CLIENT_H +#define ACCESS_APP_MANAGER_ACCESS_CLIENT_H + +#include +#include +#include "app_state_data.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +class AppManagerAccessClient final { +public: + static AppManagerAccessClient& GetInstance(); + virtual ~AppManagerAccessClient(); + int32_t GetForegroundApplications(std::vector& list); + +private: + AppManagerAccessClient(); +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // ACCESS_APP_MANAGER_ACCESS_CLIENT_H \ No newline at end of file diff --git a/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp b/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp index b3b4fce17..387475c0b 100644 --- a/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp +++ b/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp @@ -990,6 +990,7 @@ HWTEST_F(AccessTokenInfoManagerTest, NotifyTokenSyncTask001, TestSize.Level1) */ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenSyncCallback001, TestSize.Level1) { + setuid(3020); sptr callback = new (std::nothrow) TokenSyncCallbackMock(); ASSERT_NE(nullptr, callback); EXPECT_EQ(RET_SUCCESS, @@ -1011,6 +1012,7 @@ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenSyncCallback001, TestSize.Leve atManagerService_->UnRegisterTokenSyncCallback()); EXPECT_EQ(nullptr, TokenModifyNotifier::GetInstance().tokenSyncCallbackObject_); EXPECT_EQ(nullptr, TokenModifyNotifier::GetInstance().tokenSyncCallbackDeathRecipient_); + setuid(0); } /** @@ -1021,6 +1023,7 @@ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenSyncCallback001, TestSize.Leve */ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenSyncCallback002, TestSize.Level1) { + setuid(3020); sptr callback = new (std::nothrow) TokenSyncCallbackMock(); ASSERT_NE(nullptr, callback); EXPECT_EQ(RET_SUCCESS, @@ -1063,6 +1066,7 @@ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenSyncCallback002, TestSize.Leve TokenModifyNotifier::GetInstance().deleteTokenList_ = deleteTokenList; EXPECT_EQ(RET_SUCCESS, atManagerService_->UnRegisterTokenSyncCallback()); + setuid(0); } /** @@ -1073,6 +1077,7 @@ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenSyncCallback002, TestSize.Leve */ HWTEST_F(AccessTokenInfoManagerTest, GetRemoteHapTokenInfo001, TestSize.Level1) { + setuid(3020); sptr callback = new (std::nothrow) TokenSyncCallbackMock(); ASSERT_NE(nullptr, callback); EXPECT_EQ(RET_SUCCESS, atManagerService_->RegisterTokenSyncCallback(callback->AsObject())); @@ -1087,6 +1092,7 @@ HWTEST_F(AccessTokenInfoManagerTest, GetRemoteHapTokenInfo001, TestSize.Level1) .GetRemoteHapTokenInfo("invalid_id", 0)); // this is a test input EXPECT_EQ(RET_SUCCESS, atManagerService_->UnRegisterTokenSyncCallback()); + setuid(0); } /** -- Gitee From 8a92fbfa4a60faaf002c760418c39805e30a9596 Mon Sep 17 00:00:00 2001 From: lsq Date: Tue, 3 Sep 2024 15:11:47 +0800 Subject: [PATCH 073/473] =?UTF-8?q?=E5=AE=89=E5=85=A8=E6=8E=A7=E4=BB=B6?= =?UTF-8?q?=E5=B7=B2=E6=8E=88=E6=9D=83=E6=97=B6=EF=BC=8C=E6=92=A4=E9=94=80?= =?UTF-8?q?=E6=9D=83=E9=99=90=E4=B8=8D=E6=9D=80=E8=BF=9B=E7=A8=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: lsq Change-Id: Ib426f0ef9387d3a9c5ce8c58d02e589ca61c13f3 --- .../permission/permission_policy_set.h | 1 + .../cpp/src/permission/permission_manager.cpp | 3 ++- .../src/permission/permission_policy_set.cpp | 27 +++++++++++++++++++ 3 files changed, 30 insertions(+), 1 deletion(-) diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h b/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h index fb8ad3eef..3bc6c76ad 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h @@ -48,6 +48,7 @@ public: int VerifyPermissionStatus(const std::string& permissionName); void GetDefPermissions(std::vector& permList); void GetPermissionStateFulls(std::vector& permList); + bool IsPermissionGrantedWithSecComp(const std::string& permissionName); int QueryPermissionFlag(const std::string& permissionName, int& flag); int32_t UpdatePermissionStatus(const std::string& permissionName, bool isGranted, uint32_t flag); void ToString(std::string& info); diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index 30233ef16..5badf53ae 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -633,6 +633,7 @@ int32_t PermissionManager::UpdateTokenPermissionState( } #endif int32_t statusBefore = permPolicySet->VerifyPermissionStatus(permission); + bool isSecCompGrantedBefore = permPolicySet->IsPermissionGrantedWithSecComp(permission); int32_t ret = permPolicySet->UpdatePermissionStatus(permission, isGranted, flag); if (ret != RET_SUCCESS) { return ret; @@ -641,7 +642,7 @@ int32_t PermissionManager::UpdateTokenPermissionState( if (statusAfter != statusBefore) { NotifyWhenPermissionStateUpdated(id, permission, isGranted, flag, infoPtr); // To notify kill process when perm is revoke - if (needKill) { + if (needKill && (!isGranted && !isSecCompGrantedBefore)) { ACCESSTOKEN_LOG_INFO(LABEL, "(%{public}s) is revoked, kill process(%{public}u).", permission.c_str(), id); AppManagerAccessClient::GetInstance().KillProcessesByAccessTokenId(id); } diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp index e2d9176f7..48a82d3b4 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp @@ -275,6 +275,33 @@ int PermissionPolicySet::VerifyPermissionStatus(const std::string& permissionNam return PERMISSION_DENIED; } + +bool PermissionPolicySet::IsPermissionGrantedWithSecComp(const std::string& permissionName) +{ + Utils::UniqueReadGuard infoGuard(this->permPolicySetLock_); + auto iter = std::find_if(permStateList_.begin(), permStateList_.end(), + [permissionName](const PermissionStateFull& permState) { + return permissionName == permState.permissionName; + }); + if (iter != permStateList_.end()) { + if (!iter->isGeneral) { + ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID: %{public}d, permission: %{public}s is not general", + tokenId_, permissionName.c_str()); + return false; + } + if (IsPermGrantedBySecComp(iter->grantFlags[0])) { + ACCESSTOKEN_LOG_INFO(LABEL, "TokenID: %{public}d, permission is granted by secComp", tokenId_); + return true; + } + } + + if (std::any_of(secCompGrantedPermList_.begin(), secCompGrantedPermList_.end(), + [permissionName](const auto& permission) { return permission == permissionName; })) { + return true; + } + return false; +} + void PermissionPolicySet::GetDefPermissions(std::vector& permList) { PermissionDefinitionCache::GetInstance().GetDefPermissionsByTokenId(permList, tokenId_); -- Gitee From 137eb44db16c82d3449a6b1d163d00c96afe9b82 Mon Sep 17 00:00:00 2001 From: wuliushuan Date: Tue, 3 Sep 2024 12:01:43 +0000 Subject: [PATCH 074/473] =?UTF-8?q?tdd=E4=BF=AE=E5=A4=8D&&=E6=8E=A5?= =?UTF-8?q?=E5=8F=A3=E4=B8=8B=E7=BA=BF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: wuliushuan Change-Id: I82634c0fed66263eaf98265da267bcc2bc180b17 --- .../accesstoken_service_ipc_interface_code.h | 1 - .../include/i_accesstoken_manager.h | 1 - .../accesstoken/include/accesstoken_kit.h | 6 --- .../accesstoken/libaccesstoken_sdk.map | 1 - .../accesstoken/src/accesstoken_kit.cpp | 10 ---- .../src/accesstoken_manager_client.cpp | 11 ---- .../src/accesstoken_manager_client.h | 1 - .../src/accesstoken_manager_proxy.cpp | 23 --------- .../src/accesstoken_manager_proxy.h | 1 - .../accesstoken_kit_test.cpp | 12 ----- .../unittest/src/accesstoken_deny_test.cpp | 13 ----- .../src/accesstoken_kit_extension_test.cpp | 50 ------------------- .../unittest/src/accesstoken_kit_test.cpp | 50 +++++++++++++++++++ .../include/permission/permission_manager.h | 1 - .../service/accesstoken_manager_service.h | 1 - .../cpp/src/permission/permission_manager.cpp | 29 ----------- .../service/accesstoken_manager_service.cpp | 6 --- .../src/service/accesstoken_manager_stub.cpp | 26 ---------- .../test/unittest/permission_manager_test.cpp | 13 ----- tools/accesstoken/src/atm_command.cpp | 9 ---- 20 files changed, 50 insertions(+), 215 deletions(-) diff --git a/frameworks/accesstoken/include/accesstoken_service_ipc_interface_code.h b/frameworks/accesstoken/include/accesstoken_service_ipc_interface_code.h index 5efbcf6ab..2a2a2bcb3 100644 --- a/frameworks/accesstoken/include/accesstoken_service_ipc_interface_code.h +++ b/frameworks/accesstoken/include/accesstoken_service_ipc_interface_code.h @@ -63,7 +63,6 @@ enum class AccessTokenInterfaceCode { GET_NATIVE_TOKEN_ID, SET_PERM_DIALOG_CAPABILITY, GET_USER_GRANTED_PERMISSION_USED_TYPE, - DUMP_PERM_DEFINITION_INFO, GET_VERSION, GET_PERMISSION_MANAGER_INFO, GET_NATIVE_TOKEN_NAME, diff --git a/frameworks/accesstoken/include/i_accesstoken_manager.h b/frameworks/accesstoken/include/i_accesstoken_manager.h index 295bad7f0..fdc2f2c34 100644 --- a/frameworks/accesstoken/include/i_accesstoken_manager.h +++ b/frameworks/accesstoken/include/i_accesstoken_manager.h @@ -85,7 +85,6 @@ public: virtual int32_t UnRegisterPermStateChangeCallback(const sptr& callback) = 0; #ifndef ATM_BUILD_VARIANT_USER_ENABLE virtual int32_t ReloadNativeTokenInfo() = 0; - virtual int32_t DumpPermDefInfo(std::string& tokenInfo) = 0; #endif virtual AccessTokenID GetNativeTokenId(const std::string& processName) = 0; diff --git a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h index 1a70ba736..61ccf4727 100644 --- a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h +++ b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h @@ -401,12 +401,6 @@ public: * @param dumpInfo all token info */ static void DumpTokenInfo(const AtmToolsParamInfo& info, std::string& dumpInfo); - /** - * @brief Dump all permission definition infos. - * @param dumpInfo all permission definition info - * @return error code, see access_token_error.h - */ - static int32_t DumpPermDefInfo(std::string& dumpInfo); /** * @brief Get application info of permission manager. * @param info application info of permission manager diff --git a/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map b/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map index 0bfe6bb1b..8ebb04bcd 100644 --- a/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map +++ b/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map @@ -34,7 +34,6 @@ "OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo()"; "OHOS::Security::AccessToken::AccessTokenKit::GetNativeTokenId(std::__h::basic_string, std::__h::allocator> const&)"; "OHOS::Security::AccessToken::AccessTokenKit::DumpTokenInfo(OHOS::Security::AccessToken::AtmToolsParamInfo const&, std::__h::basic_string, std::__h::allocator>&)"; - "OHOS::Security::AccessToken::AccessTokenKit::DumpPermDefInfo(std::__h::basic_string, std::__h::allocator>&)"; "OHOS::Security::AccessToken::AccessTokenKit::GetHapTokenInfoFromRemote(unsigned int, OHOS::Security::AccessToken::HapTokenInfoForSync&)"; "OHOS::Security::AccessToken::AccessTokenKit::SetRemoteHapTokenInfo(std::__h::basic_string, std::__h::allocator> const&, OHOS::Security::AccessToken::HapTokenInfoForSync const&)"; "OHOS::Security::AccessToken::AccessTokenKit::DeleteRemoteToken(std::__h::basic_string, std::__h::allocator> const&, unsigned int)"; diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp index 9ff76c3d9..5a8bf21e3 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp @@ -497,16 +497,6 @@ int32_t AccessTokenKit::ReloadNativeTokenInfo() #endif } -int32_t AccessTokenKit::DumpPermDefInfo(std::string& dumpInfo) -{ -#ifndef ATM_BUILD_VARIANT_USER_ENABLE - ACCESSTOKEN_LOG_DEBUG(LABEL, "Called."); - return AccessTokenManagerClient::GetInstance().DumpPermDefInfo(dumpInfo); -#else - return 0; -#endif -} - AccessTokenID AccessTokenKit::GetNativeTokenId(const std::string& processName) { if (!DataValidator::IsProcessNameValid(processName)) { diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp index b82b60387..eb8e30b68 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp @@ -502,17 +502,6 @@ int32_t AccessTokenManagerClient::ReloadNativeTokenInfo() } return proxy->ReloadNativeTokenInfo(); } - -int32_t AccessTokenManagerClient::DumpPermDefInfo(std::string& dumpInfo) -{ - auto proxy = GetProxy(); - if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); - return AccessTokenError::ERR_SERVICE_ABNORMAL; - } - - return proxy->DumpPermDefInfo(dumpInfo); -} #endif AccessTokenID AccessTokenManagerClient::GetNativeTokenId(const std::string& processName) diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h index e4d7f2b19..902e6e0e4 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h @@ -78,7 +78,6 @@ public: int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfo& nativeTokenInfoRes); #ifndef ATM_BUILD_VARIANT_USER_ENABLE int32_t ReloadNativeTokenInfo(); - int32_t DumpPermDefInfo(std::string& dumpInfo); #endif AccessTokenID GetNativeTokenId(const std::string& processName); int32_t RegisterPermStateChangeCallback( diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp index 6deb5dbc0..186dc5b74 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp @@ -913,29 +913,6 @@ int32_t AccessTokenManagerProxy::ReloadNativeTokenInfo() return result; } -int32_t AccessTokenManagerProxy::DumpPermDefInfo(std::string& dumpInfo) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::DUMP_PERM_DEFINITION_INFO, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result); - if (result != RET_SUCCESS) { - return result; - } - if (!reply.ReadString(dumpInfo)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadString failed."); - return ERR_READ_PARCEL_FAILED; - } - return result; -} #endif AccessTokenID AccessTokenManagerProxy::GetNativeTokenId(const std::string& processName) diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h index bcd60dbcc..438bb9ac8 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h @@ -78,7 +78,6 @@ public: int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoParcel& nativeTokenInfoRes) override; #ifndef ATM_BUILD_VARIANT_USER_ENABLE int32_t ReloadNativeTokenInfo() override; - int32_t DumpPermDefInfo(std::string& dumpInfo) override; #endif int32_t RegisterPermStateChangeCallback( const PermStateChangeScopeParcel& scope, const sptr& callback) override; diff --git a/interfaces/innerkits/accesstoken/test/unittest/accesstoken_mock_test/accesstoken_kit_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/accesstoken_mock_test/accesstoken_kit_test.cpp index 65173d36b..650d7f34b 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/accesstoken_mock_test/accesstoken_kit_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/accesstoken_mock_test/accesstoken_kit_test.cpp @@ -291,18 +291,6 @@ HWTEST_F(AccessTokenKitTest, GetReqPermissions001, TestSize.Level1) ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::GetReqPermissions(tokenId, permList, false)); } -/** - * @tc.name: DumpPermDefInfo001 - * @tc.desc: DumpPermDefInfo with proxy is null - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenKitTest, DumpPermDefInfo001, TestSize.Level1) -{ - std::string dumpInfo = ""; - ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::DumpPermDefInfo(dumpInfo)); -} - /** * @tc.name: GetPermissionFlag001 * @tc.desc: GetPermissionFlag with proxy is null diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_deny_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_deny_test.cpp index 95aa3bc63..835e911ca 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_deny_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_deny_test.cpp @@ -450,19 +450,6 @@ HWTEST_F(AccessTokenDenyTest, DumpTokenInfo001, TestSize.Level1) ASSERT_EQ("", dumpInfo); } -/** - * @tc.name: DumpPermDefInfo001 - * @tc.desc: Verify the DumpPermDefInfo abnormal branch return nullptr proxy. - * @tc.type: FUNC - * @tc.require:Issue Number - */ -HWTEST_F(AccessTokenDenyTest, DumpPermDefInfo001, TestSize.Level1) -{ - std::string dumpInfo; - int32_t res = AccessTokenKit::DumpPermDefInfo(dumpInfo); - ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, res); -} - #ifdef TOKEN_SYNC_ENABLE /** * @tc.name: GetHapTokenInfoFromRemote001 diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_extension_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_extension_test.cpp index 42a9b58e6..dc2f30877 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_extension_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_extension_test.cpp @@ -988,56 +988,6 @@ HWTEST_F(AccessTokenKitExtensionTest, GetPermissionFlag006, TestSize.Level1) ASSERT_EQ(RET_SUCCESS, ret); } -/** - * @tc.name: DumpPermDefInfo001 - * @tc.desc: Dump all the permission definition infos, that caller is shell app. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(AccessTokenKitExtensionTest, DumpPermDefInfo001, TestSize.Level1) -{ - SetSelfTokenID(g_selfShellTokenId); - std::string dumpInfo = ""; - int32_t ret = AccessTokenKit::DumpPermDefInfo(dumpInfo); - ASSERT_EQ(RET_SUCCESS, ret); -} - -/** - * @tc.name: DumpPermDefInfo002 - * @tc.desc: DumpPermDefInfo caller is a normal app. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(AccessTokenKitExtensionTest, DumpPermDefInfo002, TestSize.Level1) -{ - AccessTokenIDEx tokenIdEx = {0}; - tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestNormalInfoParms, g_infoManagerTestPolicyPrams); - ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx); - EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); - - std::string dumpInfo = ""; - int32_t ret = AccessTokenKit::DumpPermDefInfo(dumpInfo); - ASSERT_EQ(ERR_PERMISSION_DENIED, ret); -} - -/** - * @tc.name: DumpPermDefInfo003 - * @tc.desc: DumpPermDefInfo caller is a system app. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(AccessTokenKitExtensionTest, DumpPermDefInfo003, TestSize.Level1) -{ - AccessTokenIDEx tokenIdEx = {0}; - tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestSystemInfoParms, g_infoManagerTestPolicyPrams); - ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx); - EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); - - std::string dumpInfo = ""; - int32_t ret = AccessTokenKit::DumpPermDefInfo(dumpInfo); - ASSERT_EQ(ERR_PERMISSION_DENIED, ret); -} - /** * @tc.name: DumpTokenInfo001 * @tc.desc: Get dump token information with invalid tokenID diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp index 80cc3823a..528603440 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp @@ -42,6 +42,7 @@ static const int32_t INDEX_ONE = 1; static const int32_t INDEX_TWO = 2; static const int32_t INDEX_THREE = 3; static const int32_t INDEX_FOUR = 4; +static const int32_t RANDOM_UID = 123; PermissionDef g_infoManagerTestPermDef1 = { .permissionName = "ohos.permission.test1", @@ -3274,6 +3275,55 @@ HWTEST_F(AccessTokenKitTest, GetSelfPermissionsState001, TestSize.Level1) ASSERT_EQ(INVALID_OPER, AccessTokenKit::GetSelfPermissionsState(permsList, info)); } +/** + * @tc.name: GetNativeTokenName001 + * @tc.desc: AccessTokenKit::GetNativeTokenName. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenKitTest, GetNativeTokenName001, TestSize.Level1) +{ + std::string name; + // invalid tokenId + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, AccessTokenKit::GetNativeTokenName(INVALID_TOKENID, name)); + + AccessTokenID tokenId = AllocTestToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_NE(INVALID_TOKENID, tokenId); + ASSERT_EQ(ATokenTypeEnum::TOKEN_HAP, AccessTokenKit::GetTokenTypeFlag(tokenId)); + // invalid token type + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, AccessTokenKit::GetNativeTokenName(tokenId, name)); + + std::string processName = "hdcd"; + tokenId = AccessTokenKit::GetNativeTokenId(processName); + ASSERT_NE(INVALID_TOKENID, tokenId); + ASSERT_EQ(0, AccessTokenKit::GetNativeTokenName(tokenId, name)); + ASSERT_EQ(processName, name); +} + +/** + * @tc.name: GetNativeTokenName002 + * @tc.desc: AccessTokenKit::GetNativeTokenName. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenKitTest, GetNativeTokenName002, TestSize.Level1) +{ + AccessTokenID tokenId = AllocTestToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_NE(INVALID_TOKENID, tokenId); + ASSERT_EQ(ATokenTypeEnum::TOKEN_HAP, AccessTokenKit::GetTokenTypeFlag(tokenId)); + EXPECT_EQ(0, SetSelfTokenID(tokenId)); // set self to hap + + std::string name; + std::string processName = "hdcd"; + tokenId = AccessTokenKit::GetNativeTokenId(processName); + + int32_t selfUid = getuid(); + setuid(RANDOM_UID); + // calling is not native token, permission denied + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::GetNativeTokenName(tokenId, name)); + setuid(selfUid); +} + /** * @tc.name: UserPolicyTest * @tc.desc: UserPolicyTest. diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h index 55f5c52c7..1340c8e22 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h @@ -92,7 +92,6 @@ public: void ParamUpdate(const std::string& permissionName, uint32_t flag, bool filtered); void NotifyWhenPermissionStateUpdated(AccessTokenID tokenID, const std::string& permissionName, bool isGranted, uint32_t flag, const std::shared_ptr& infoPtr); - int32_t DumpPermDefInfo(std::string& dumpInfo); void AddPermToKernel(AccessTokenID tokenID, const std::shared_ptr& policy); void AddPermToKernel(AccessTokenID tokenID, const std::shared_ptr& policy, const std::vector& permList); diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h index 7f9c2fe45..62b9ce586 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h @@ -81,7 +81,6 @@ public: int32_t UnRegisterPermStateChangeCallback(const sptr& callback) override; #ifndef ATM_BUILD_VARIANT_USER_ENABLE int32_t ReloadNativeTokenInfo() override; - int32_t DumpPermDefInfo(std::string& dumpInfo) override; #endif AccessTokenID GetNativeTokenId(const std::string& processName) override; diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index 30233ef16..3e36fac94 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -428,35 +428,6 @@ void PermissionManager::PermDefToString(const PermissionDef& def, std::string& i info.append(R"( })"); } -int32_t PermissionManager::DumpPermDefInfo(std::string& dumpInfo) -{ - ACCESSTOKEN_LOG_DEBUG(LABEL, "Get all permission definition info."); - - std::vector permDefRes; - - dumpInfo.append(R"({)"); - dumpInfo.append("\n"); - dumpInfo.append(R"( "permDefList": [)"); - dumpInfo.append("\n"); - AccessTokenDb::GetInstance().Find(AccessTokenDb::ACCESSTOKEN_PERMISSION_DEF, permDefRes); - for (auto iter = permDefRes.begin(); iter != permDefRes.end(); iter++) { - PermissionDef def; - int32_t ret = DataTranslator::TranslationIntoPermissionDef(*iter, def); - if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "PermDef of %{public}s is wrong.", def.permissionName.c_str()); - return ret; - } - PermDefToString(def, dumpInfo); - if (iter != (permDefRes.end() - 1)) { - dumpInfo.append(",\n"); - } - dumpInfo.append("\n"); - } - dumpInfo.append("\n ]\n"); - dumpInfo.append("}"); - return RET_SUCCESS; -} - int32_t PermissionManager::FindPermRequestToggleStatusFromDb(int32_t userID, const std::string& permissionName) { std::vector permRequestToggleStatusRes; diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index b8d98f425..d823a8de6 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -432,12 +432,6 @@ int32_t AccessTokenManagerService::ReloadNativeTokenInfo() return NativeTokenReceptor::GetInstance().Init(); } -int32_t AccessTokenManagerService::DumpPermDefInfo(std::string& dumpInfo) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "Called"); - - return PermissionManager::GetInstance().DumpPermDefInfo(dumpInfo); -} #endif AccessTokenID AccessTokenManagerService::GetNativeTokenId(const std::string& processName) diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp index bf78ed4d4..8ce2a5e76 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp @@ -645,30 +645,6 @@ void AccessTokenManagerStub::ReloadNativeTokenInfoInner(MessageParcel& data, Mes int32_t result = this->ReloadNativeTokenInfo(); reply.WriteInt32(result); } - -void AccessTokenManagerStub::DumpPermDefInfoInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsShellProcessCalling()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); - return; - } - std::string dumpInfo = ""; - int32_t result = this->DumpPermDefInfo(dumpInfo); - if (!reply.WriteInt32(result)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Write result failed."); - } - if (result != RET_SUCCESS) { - return; - } - - if (!reply.SetDataCapacity(DUMP_CAPACITY_SIZE)) { - ACCESSTOKEN_LOG_WARN(LABEL, "Set DataCapacity failed."); - } - if (!reply.WriteString(dumpInfo)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Write String failed."); - } -} #endif void AccessTokenManagerStub::GetNativeTokenIdInner(MessageParcel& data, MessageParcel& reply) @@ -1060,8 +1036,6 @@ void AccessTokenManagerStub::SetLocalTokenOpFuncInMap() #ifndef ATM_BUILD_VARIANT_USER_ENABLE requestFuncMap_[static_cast(AccessTokenInterfaceCode::RELOAD_NATIVE_TOKEN_INFO)] = &AccessTokenManagerStub::ReloadNativeTokenInfoInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::DUMP_PERM_DEFINITION_INFO)] = - &AccessTokenManagerStub::DumpPermDefInfoInner; #endif requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_NATIVE_TOKEN_ID)] = &AccessTokenManagerStub::GetNativeTokenIdInner; diff --git a/services/accesstokenmanager/test/unittest/permission_manager_test.cpp b/services/accesstokenmanager/test/unittest/permission_manager_test.cpp index c94f2603d..3b17c08b7 100644 --- a/services/accesstokenmanager/test/unittest/permission_manager_test.cpp +++ b/services/accesstokenmanager/test/unittest/permission_manager_test.cpp @@ -1148,19 +1148,6 @@ HWTEST_F(PermissionManagerTest, GetSelfPermissionState003, TestSize.Level1) PermissionManager::GetInstance().SetPermissionRequestToggleStatus(permissionName, oriStatus, 0); } -/** - * @tc.name: DumpPermDefInfo001 - * @tc.desc: PermissionManager::DumpPermDefInfo function test. - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(PermissionManagerTest, DumpPermDefInfo001, TestSize.Level1) -{ - std::string dumpInfo = ""; - ASSERT_EQ(RET_SUCCESS, PermissionManager::GetInstance().DumpPermDefInfo(dumpInfo)); - EXPECT_EQ(false, dumpInfo.empty()); -} - /** * @tc.name: SetPermissionRequestToggleStatus001 * @tc.desc: PermissionManager::SetPermissionRequestToggleStatus function test with invalid permissionName, invalid diff --git a/tools/accesstoken/src/atm_command.cpp b/tools/accesstoken/src/atm_command.cpp index 8df6f5ba4..a2bff1235 100644 --- a/tools/accesstoken/src/atm_command.cpp +++ b/tools/accesstoken/src/atm_command.cpp @@ -44,7 +44,6 @@ static const std::string HELP_MSG_DUMP = "usage: atm dump