From b25adeefdb2b5075fe25a4a272e0b3fcb8bda2a5 Mon Sep 17 00:00:00 2001 From: xia-bubai Date: Sat, 15 Mar 2025 21:02:21 +0800 Subject: [PATCH] fix the problem that Failing to revoke the permission when secure_component grant permission twice or more Signed-off-by: xia-bubai Change-Id: Id7607843a9cd6b834ce53b19711125413fdc9219 --- .../PermissionsTest/grant_permission_test.cpp | 34 ++++++++++++++++++- .../src/permission/permission_data_brief.cpp | 25 ++++++++------ 2 files changed, 47 insertions(+), 12 deletions(-) diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/grant_permission_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/grant_permission_test.cpp index f9b5774fb..776a4b25b 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/grant_permission_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/grant_permission_test.cpp @@ -275,6 +275,38 @@ HWTEST_F(GrantPermissionTest, GrantPermissionSpecsTest003, TestSize.Level0) ASSERT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenID)); } + +/** + * @tc.name: GrantPermissionSpecsTest004 + * @tc.desc: success to revoke permission when granting permission twice by secure component. + * @tc.type: FUNC + * @tc.require: issueI66BH3 + */ +HWTEST_F(GrantPermissionTest, GrantPermissionSpecsTest004, TestSize.Level0) +{ + std::vector reqPerm; + reqPerm.emplace_back("ohos.permission.GRANT_SENSITIVE_PERMISSIONS"); + reqPerm.emplace_back("ohos.permission.REVOKE_SENSITIVE_PERMISSIONS"); + MockHapToken mock("GrantPermissionSpecsTest004", reqPerm, true); + + AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + int ret = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.SECURE_PASTE", PERMISSION_COMPONENT_SET); + ASSERT_EQ(RET_SUCCESS, ret); + ret = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.SECURE_PASTE", PERMISSION_COMPONENT_SET); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.SECURE_PASTE", false); + ASSERT_EQ(PERMISSION_GRANTED, ret); + + ret = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.SECURE_PASTE", PERMISSION_COMPONENT_SET); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.SECURE_PASTE", false); + ASSERT_EQ(PERMISSION_DENIED, ret); + + ASSERT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenID)); +} } // namespace AccessToken } // namespace Security -} // namespace OHOS \ No newline at end of file +} // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp index cf48922ca..845a52f24 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp @@ -779,19 +779,22 @@ void PermissionDataBrief::SecCompGrantedPermListUpdated( LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is invalid %{public}u.", tokenID); return; } - + std::list::iterator secCompDataIter; + for (secCompDataIter = secCompList_.begin(); secCompDataIter != secCompList_.end(); ++secCompDataIter) { + if (secCompDataIter->tokenId == tokenID && secCompDataIter->permCode == opCode) { + break; + } + } if (isAdded) { - BriefSecCompData secCompData = { 0 }; - secCompData.permCode = opCode; - secCompData.tokenId = tokenID; - secCompList_.push_back(secCompData); + if (secCompDataIter == secCompList_.end()) { + BriefSecCompData secCompData = { 0 }; + secCompData.permCode = opCode; + secCompData.tokenId = tokenID; + secCompList_.emplace_back(secCompData); + } } else { - std::list::iterator secCompData; - for (secCompData = secCompList_.begin(); secCompData != secCompList_.end(); ++secCompData) { - if (secCompData->tokenId == tokenID && secCompData->permCode == opCode) { - secCompList_.erase(secCompData); - break; - } + if (secCompDataIter != secCompList_.end()) { + secCompList_.erase(secCompDataIter); } } -- Gitee