diff --git a/frameworks/accesstoken/src/hap_info_parcel.cpp b/frameworks/accesstoken/src/hap_info_parcel.cpp index bac45bdb64d03a83769a46e9d46e0f4758580709..3025e37775cacde1ba4977f4cb718692723d5053 100644 --- a/frameworks/accesstoken/src/hap_info_parcel.cpp +++ b/frameworks/accesstoken/src/hap_info_parcel.cpp @@ -33,6 +33,7 @@ bool HapInfoParcel::Marshalling(Parcel& out) const if (this->hapInfoParameter.isRestore) { RETURN_IF_FALSE(out.WriteUint32(this->hapInfoParameter.tokenID)); } + RETURN_IF_FALSE(out.WriteBool(this->hapInfoParameter.isAtomicService)); return true; } @@ -54,6 +55,7 @@ HapInfoParcel* HapInfoParcel::Unmarshalling(Parcel& in) if (hapInfoParcel->hapInfoParameter.isRestore) { RELEASE_IF_FALSE(in.ReadUint32(hapInfoParcel->hapInfoParameter.tokenID), hapInfoParcel); } + RELEASE_IF_FALSE(in.ReadBool(hapInfoParcel->hapInfoParameter.isAtomicService), hapInfoParcel); return hapInfoParcel; } } // namespace AccessToken diff --git a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h index abe082293a887c66c856f5c35049e05dad7dc87d..2adaf8b46dbcfb7df97dfa1a2cd1adb144bbc10c 100644 --- a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h +++ b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h @@ -513,6 +513,13 @@ public: */ static int32_t GetReqPermissionByName( AccessTokenID tokenID, const std::string& permissionName, std::string& value); + + /** + * Whether it is a atomic service + * @param tokenId token id. + * @return bool + */ + static bool IsAtomicServiceByFullTokenID(uint64_t tokenId); }; } // namespace AccessToken } // namespace Security diff --git a/interfaces/innerkits/accesstoken/include/hap_token_info.h b/interfaces/innerkits/accesstoken/include/hap_token_info.h index 0292fc3954e2382b8d7190d5eb50e6c5666719d8..24e0982013a880771e3a01f4da4f8bfc48f65a4d 100644 --- a/interfaces/innerkits/accesstoken/include/hap_token_info.h +++ b/interfaces/innerkits/accesstoken/include/hap_token_info.h @@ -74,6 +74,8 @@ public: std::string appDistributionType; bool isRestore = false; AccessTokenID tokenID = INVALID_TOKENID; + /** Whether hap is a atomic-service */ + bool isAtomicService = false; }; /** @@ -88,6 +90,8 @@ public: bool isSystemApp; /* app type */ std::string appDistributionType; + /** Whether hap is a atomic-service */ + bool isAtomicService = false; }; /** diff --git a/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map b/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map index 19192e683f5cad787ad0a8a8e96f7b8781932543..934a97320d84fe799790d5c3f6bf3985d5671b51 100644 --- a/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map +++ b/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map @@ -85,6 +85,7 @@ "OHOS::Security::AccessToken::AccessTokenKit::GetKernelPermissions(unsigned int, std::__h::vector>&)"; OHOS::Security::AccessToken::AccessTokenKit::IsSystemAppByFullTokenID*; OHOS::Security::AccessToken::AccessTokenKit::GetRenderTokenID*; + OHOS::Security::AccessToken::AccessTokenKit::IsAtomicServiceByFullTokenID*; ""; ""; }; diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp index 83590b74dcc027e25f3547236cbe54183b556408..304228dbf1043b04161930baa22f87483bba009b 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp @@ -14,6 +14,7 @@ */ #include "accesstoken_kit.h" +#include #include #include #include "accesstoken_common_log.h" @@ -34,6 +35,7 @@ namespace Security { namespace AccessToken { namespace { static const uint64_t SYSTEM_APP_MASK = (static_cast(1) << 32); +static const uint64_t ATOMIC_SERVICE_MASK = (static_cast(1) << 33); static const uint64_t TOKEN_ID_LOWMASK = 0xffffffff; static const int INVALID_DLP_TOKEN_FLAG = -1; static const int FIRSTCALLER_TOKENID_DEFAULT = 0; @@ -89,8 +91,9 @@ AccessTokenIDEx AccessTokenKit::AllocHapToken(const HapInfoParams& info, const H { AccessTokenIDEx res = {0}; LOGI(ATM_DOMAIN, ATM_TAG, "UserID: %{public}d, bundleName :%{public}s, \ -permList: %{public}zu, stateList: %{public}zu, checkIgnore: %{public}d", - info.userID, info.bundleName.c_str(), policy.permList.size(), policy.permStateList.size(), policy.checkIgnore); +permList: %{public}zu, stateList: %{public}zu, checkIgnore: %{public}d, isAtomicService: %{public}d", + info.userID, info.bundleName.c_str(), policy.permList.size(), policy.permStateList.size(), policy.checkIgnore, + info.isAtomicService); if ((!DataValidator::IsUserIdValid(info.userID)) || !DataValidator::IsAppIDDescValid(info.appIDDesc) || !DataValidator::IsBundleNameValid(info.bundleName) || !DataValidator::IsAplNumValid(policy.apl) || !DataValidator::IsDomainValid(policy.domain) || !DataValidator::IsDlpTypeValid(info.dlpType)) { @@ -113,9 +116,9 @@ int32_t AccessTokenKit::InitHapToken(const HapInfoParams& info, HapPolicyParams& AccessTokenIDEx& fullTokenId, HapInfoCheckResult& result) { LOGI(ATM_DOMAIN, ATM_TAG, "UserID: %{public}d, bundleName :%{public}s, permList: %{public}zu, " - "stateList: %{public}zu, aclExtendedMap: %{public}zu, checkIgnore: %{public}d", + "stateList: %{public}zu, aclExtendedMap: %{public}zu, checkIgnore: %{public}d, isAtomicService: %{public}d", info.userID, info.bundleName.c_str(), policy.permList.size(), policy.permStateList.size(), - policy.aclExtendedMap.size(), policy.checkIgnore); + policy.aclExtendedMap.size(), policy.checkIgnore, info.isAtomicService); if ((!DataValidator::IsUserIdValid(info.userID)) || !DataValidator::IsAppIDDescValid(info.appIDDesc) || !DataValidator::IsBundleNameValid(info.bundleName) || !DataValidator::IsAplNumValid(policy.apl) || !DataValidator::IsDomainValid(policy.domain) || !DataValidator::IsDlpTypeValid(info.dlpType) || @@ -153,9 +156,10 @@ int32_t AccessTokenKit::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateH const HapPolicyParams& policy, HapInfoCheckResult& result) { LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d, isSystemApp: %{public}d, \ -permList: %{public}zu, stateList: %{public}zu, aclExtendedMap: %{public}zu, checkIgnore: %{public}d", +permList: %{public}zu, stateList: %{public}zu, aclExtendedMap: %{public}zu, checkIgnore: %{public}d, \ +isAtomicService: %{public}d", tokenIdEx.tokenIdExStruct.tokenID, info.isSystemApp, policy.permList.size(), policy.permStateList.size(), - policy.aclExtendedMap.size(), policy.checkIgnore); + policy.aclExtendedMap.size(), policy.checkIgnore, info.isAtomicService); if ((tokenIdEx.tokenIdExStruct.tokenID == INVALID_TOKENID) || (!DataValidator::IsAppIDDescValid(info.appIDDesc)) || (!DataValidator::IsAplNumValid(policy.apl)) || !DataValidator::IsAclExtendedMapSizeValid(policy.aclExtendedMap)) { @@ -821,6 +825,13 @@ int32_t AccessTokenKit::GetReqPermissionByName( } return AccessTokenManagerClient::GetInstance().GetReqPermissionByName(tokenID, permissionName, value); } + + +bool AccessTokenKit::IsAtomicServiceByFullTokenID(uint64_t tokenId) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "Called, tokenId=%{public}" PRId64, tokenId); + return (tokenId & ATOMIC_SERVICE_MASK) == ATOMIC_SERVICE_MASK; +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp index cc2de1369d28c3b7fd0b1cce2cab6b018ca118c3..bc0e1bbe3f7b4e23988da3154d50611dbd1c80df 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp @@ -662,6 +662,7 @@ int32_t AccessTokenManagerClient::UpdateHapToken(AccessTokenIDEx& tokenIdEx, con infoIdl.apiVersion = info.apiVersion; infoIdl.isSystemApp = info.isSystemApp; infoIdl.appDistributionType = info.appDistributionType; + infoIdl.isAtomicService = info.isAtomicService; HapInfoCheckResultIdl resultInfoIdl; uint64_t fullTokenId = tokenIdEx.tokenIDEx; int32_t res = proxy->UpdateHapToken(fullTokenId, infoIdl, hapPolicyParcel, resultInfoIdl); diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp index 6f1c998883a8be0e9417733cda20b3c8d6e1aa87..491e6a074dc87c723e7e5a2d07f83970f97b45c0 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp @@ -34,6 +34,9 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { +static constexpr uint32_t NUMBER_ONE = 1; +static constexpr uint32_t NUMBER_TWO = 2; +static constexpr uint32_t NUMBER_THREE = 3; static uint64_t g_selfTokenId = 0; static constexpr int32_t THIRTY_TIME_CYCLES = 30; static constexpr int32_t MAX_EXTENDED_MAP_SIZE = 512; @@ -387,6 +390,88 @@ HWTEST_F(InitHapTokenTest, InitHapTokenFuncTest007, TestSize.Level1) ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); } +/** + * @tc.name: InitHapTokenFuncTest008 + * @tc.desc: Install atomic app success + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(InitHapTokenTest, InitHapTokenFuncTest008, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenFuncTest008"); + MockNativeToken mock("foundation"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + infoParams.isSystemApp = false; + infoParams.isAtomicService = true; + infoParams.bundleName = "install.atomic.service.test"; + AccessTokenIDEx fullTokenId; + HapInfoCheckResult result; + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId, result)); + ASSERT_TRUE(AccessTokenKit::IsAtomicServiceByFullTokenID(static_cast(fullTokenId.tokenIDEx))); + + AccessTokenIDEx tokenIDEx = AccessTokenKit::GetHapTokenIDEx( + infoParams.userID, infoParams.bundleName, infoParams.instIndex); + ASSERT_TRUE(AccessTokenKit::IsAtomicServiceByFullTokenID(static_cast(tokenIDEx.tokenIDEx))); + EXPECT_EQ(tokenIDEx.tokenIDEx, fullTokenId.tokenIDEx); + + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + HapTokenInfo hapTokenInfoRes; + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes)); + EXPECT_EQ(NUMBER_TWO, hapTokenInfoRes.tokenAttr); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: InitHapTokenFuncTest009 + * @tc.desc: Install the system service app and update it as a atomic service + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(InitHapTokenTest, InitHapTokenFuncTest009, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenFuncTest009"); + MockNativeToken mock("foundation"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + infoParams.isSystemApp = true; + infoParams.bundleName = "update.atomic.service.test"; + AccessTokenIDEx fullTokenId; + HapInfoCheckResult result; + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId, result)); + ASSERT_TRUE(AccessTokenKit::IsSystemAppByFullTokenID(static_cast(fullTokenId.tokenIDEx))); + ASSERT_FALSE(AccessTokenKit::IsAtomicServiceByFullTokenID(static_cast(fullTokenId.tokenIDEx))); + + UpdateHapInfoParams info; + info.appIDDesc = infoParams.appIDDesc; + info.apiVersion = infoParams.apiVersion; + info.isSystemApp = infoParams.isSystemApp; + info.appDistributionType = infoParams.appDistributionType; + info.isAtomicService = true; + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, info, policyParams)); + ASSERT_TRUE(AccessTokenKit::IsSystemAppByFullTokenID(static_cast(fullTokenId.tokenIDEx))); + ASSERT_TRUE(AccessTokenKit::IsAtomicServiceByFullTokenID(static_cast(fullTokenId.tokenIDEx))); + + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + HapTokenInfo hapTokenInfoRes; + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes)); + EXPECT_EQ(NUMBER_THREE, hapTokenInfoRes.tokenAttr); + + info.isAtomicService = false; + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, info, policyParams)); + ASSERT_TRUE(AccessTokenKit::IsSystemAppByFullTokenID(static_cast(fullTokenId.tokenIDEx))); + ASSERT_FALSE(AccessTokenKit::IsAtomicServiceByFullTokenID(static_cast(fullTokenId.tokenIDEx))); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes)); + EXPECT_EQ(NUMBER_ONE, hapTokenInfoRes.tokenAttr); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + /** * @tc.name: InitHapTokenSpecsTest001 * @tc.desc: Test request the high-level permission authorized by acl. diff --git a/services/accesstokenmanager/idl/IdlCommon.idl b/services/accesstokenmanager/idl/IdlCommon.idl index a95766a4e1728be9abb1ded8abaf319360d41fa9..384c7aee5594d7e4863c26f49e3738f7b1053f51 100644 --- a/services/accesstokenmanager/idl/IdlCommon.idl +++ b/services/accesstokenmanager/idl/IdlCommon.idl @@ -35,6 +35,8 @@ struct UpdateHapInfoParamsIdl { boolean isSystemApp; /* app type */ String appDistributionType; + /** Whether hap is a atomic service */ + boolean isAtomicService; }; enum PermissionRulesEnumIdl { diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index ccdf0fff3f08d0d1fed18c31dcd98fa0e3312ddf..cd900d5a707e7421a260d98ff6941cd80a94401c 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -864,6 +864,7 @@ int32_t AccessTokenManagerService::UpdateHapToken(uint64_t& fullTokenId, const U info.apiVersion = infoIdl.apiVersion; info.isSystemApp = infoIdl.isSystemApp; info.appDistributionType = infoIdl.appDistributionType; + info.isAtomicService = infoIdl.isAtomicService; int64_t beginTime = TimeUtil::GetCurrentTimestamp(); HapTokenInfo hapInfo; diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index 88a611f5af4faede89808bba33b832cab1ac8447..407c6775a39d457a5f6ab9b5614bb50c57af78d8 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -57,6 +57,7 @@ namespace AccessToken { namespace { std::recursive_mutex g_instanceMutex; static const unsigned int SYSTEM_APP_FLAG = 0x0001; +static const unsigned int ATOMIC_SERVICE_FLAG = 0x0002; static constexpr int32_t BASE_USER_RANGE = 200000; #ifdef TOKEN_SYNC_ENABLE static const int MAX_PTHREAD_NAME_LEN = 15; // pthread name max length @@ -616,6 +617,9 @@ int AccessTokenInfoManager::AllocAccessTokenIDEx( if (info.isSystemApp) { tokenIdEx.tokenIdExStruct.tokenAttr |= SYSTEM_APP_FLAG; } + if (info.isAtomicService) { + tokenIdEx.tokenIdExStruct.tokenAttr |= ATOMIC_SERVICE_FLAG; + } return RET_SUCCESS; } @@ -711,6 +715,11 @@ int32_t AccessTokenInfoManager::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const } else { tokenIdEx.tokenIdExStruct.tokenAttr &= ~SYSTEM_APP_FLAG; } + if (info.isAtomicService) { + tokenIdEx.tokenIdExStruct.tokenAttr |= ATOMIC_SERVICE_FLAG; + } else { + tokenIdEx.tokenIdExStruct.tokenAttr &= ~ATOMIC_SERVICE_FLAG; + } { Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); infoPtr->Update(info, permStateList, hapPolicy); diff --git a/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp b/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp index aac064b31fd811ce7e7ce55afd5b59d711fc0730..82b304acbcfa6bddb28cb584374850af3ac7acaf 100644 --- a/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp @@ -37,6 +37,7 @@ namespace AccessToken { namespace { static const std::string DEFAULT_DEVICEID = "0"; static const unsigned int SYSTEM_APP_FLAG = 0x0001; +static const unsigned int ATOMIC_SERVICE_FLAG = 0x0002; } HapTokenInfoInner::HapTokenInfoInner() : permUpdateTimestamp_(0), isRemote_(false) @@ -60,6 +61,9 @@ HapTokenInfoInner::HapTokenInfoInner(AccessTokenID id, if (info.isSystemApp) { tokenInfoBasic_.tokenAttr |= SYSTEM_APP_FLAG; } + if (info.isAtomicService) { + tokenInfoBasic_.tokenAttr |= ATOMIC_SERVICE_FLAG; + } tokenInfoBasic_.bundleName = info.bundleName; tokenInfoBasic_.apiVersion = GetApiVersion(info.apiVersion); tokenInfoBasic_.instIndex = info.instIndex; @@ -98,6 +102,11 @@ void HapTokenInfoInner::Update(const UpdateHapInfoParams& info, const std::vecto } else { tokenInfoBasic_.tokenAttr &= ~SYSTEM_APP_FLAG; } + if (info.isAtomicService) { + tokenInfoBasic_.tokenAttr |= ATOMIC_SERVICE_FLAG; + } else { + tokenInfoBasic_.tokenAttr &= ~ATOMIC_SERVICE_FLAG; + } Utils::UniqueWriteGuard infoGuard(this->policySetLock_); PermissionDataBrief::GetInstance().Update(tokenInfoBasic_.tokenID, permStateList, hapPolicy.aclExtendedMap); }