From a4aa0bbc7fb974fbd8beb1c60ed56ae16329b3a2 Mon Sep 17 00:00:00 2001 From: zhouyan Date: Wed, 21 May 2025 18:01:33 +0800 Subject: [PATCH] =?UTF-8?q?=E6=9C=AA=E7=94=9F=E6=95=88=E6=9D=83=E9=99=90?= =?UTF-8?q?=E5=A4=84=E7=90=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: zhouyan Change-Id: I12c2c6a299f0c3ce147370ab08e77ee062168075 --- frameworks/common/include/permission_map.h | 1 + .../common/permission_definition_parser.py | 30 +- frameworks/common/src/permission_map.cpp | 5 + .../accesstoken/include/hap_token_info.h | 13 + .../src/accesstoken_manager_client.cpp | 1 + services/accesstokenmanager/idl/IdlCommon.idl | 2 + .../cpp/include/database/access_token_db.h | 2 + .../include/database/access_token_db_util.h | 2 + .../database/access_token_open_callback.h | 7 + .../cpp/include/database/token_field_const.h | 3 + .../permission/permission_data_brief.h | 3 +- .../include/permission/permission_manager.h | 14 +- .../service/accesstoken_manager_service.h | 10 + .../include/token/accesstoken_info_manager.h | 18 +- .../main/cpp/src/database/access_token_db.cpp | 4 +- .../cpp/src/database/access_token_db_util.cpp | 6 +- .../database/access_token_open_callback.cpp | 146 +++- .../cpp/src/database/token_field_const.cpp | 3 + .../src/permission/permission_data_brief.cpp | 29 + .../cpp/src/permission/permission_manager.cpp | 116 ++- .../service/accesstoken_manager_service.cpp | 236 +++++- .../src/token/accesstoken_info_manager.cpp | 78 +- .../accesstoken_database_coverage_test.cpp | 61 +- .../permission_manager_coverage_test.cpp | 110 ++- .../accesstoken_info_manager_test.cpp | 98 ++- .../accesstoken_manager_service_test.cpp | 758 +++++++++++++++++- .../accesstoken_manager_service_test.h | 7 + .../test/unittest/permission_manager_test.cpp | 25 +- .../unittest/short_grant_manager_test.cpp | 16 +- .../test/unittest/json_parse_test.cpp | 18 +- .../grantpermissionservice_fuzzer.cpp | 3 +- .../deleteremotedevicetokensstub_fuzzer.cpp | 3 +- .../deleteremotetokenstub_fuzzer.cpp | 3 +- .../gethaptokeninfofromremotestub_fuzzer.cpp | 3 +- .../getremotenativetokenidstub_fuzzer.cpp | 3 +- .../grantpermissionstub_fuzzer.cpp | 3 +- .../setremotehaptokeninfostub_fuzzer.cpp | 3 +- 37 files changed, 1634 insertions(+), 209 deletions(-) diff --git a/frameworks/common/include/permission_map.h b/frameworks/common/include/permission_map.h index 4c8246f20..0dadaba12 100644 --- a/frameworks/common/include/permission_map.h +++ b/frameworks/common/include/permission_map.h @@ -46,6 +46,7 @@ void GetPermissionBriefDef(uint32_t code, PermissionBriefDef &permissionBriefDef void ConvertPermissionBriefToDef(const PermissionBriefDef& briefDef, PermissionDef &def); bool IsPermissionValidForHap(const std::string& permissionName); size_t GetDefPermissionsSize(); +const char* GetPermDefVersion(); } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/frameworks/common/permission_definition_parser.py b/frameworks/common/permission_definition_parser.py index 129aff028..dfd729dba 100755 --- a/frameworks/common/permission_definition_parser.py +++ b/frameworks/common/permission_definition_parser.py @@ -21,6 +21,7 @@ import json import argparse import os import stat +import hashlib PERMISSION_DEFINITION_PREFIX = ''' /* @@ -48,9 +49,11 @@ namespace Security { namespace AccessToken { ''' -PERMISSION_DEFINITION_SUFFIX = ''' +PERMISSION_DEFINITION_SUFFIX_1 = ''' }; +''' +PERMISSION_DEFINITION_SUFFIX_2 = ''' const uint32_t MAX_PERM_SIZE = sizeof(g_permList) / sizeof(PermissionBriefDef); } // namespace AccessToken } // namespace Security @@ -62,6 +65,8 @@ PERMISSION_NAME_STRING = "char PERMISSION_NAME_%i[] = \"%s\";\n" PERMISSION_LIST_DECLEARE = "const static PermissionBriefDef g_permList[] = {" +VERSION_STRING = "\nconst char* PERMISSION_DEFINITION_VERSION = \"%s\";" + PERMISSION_BRIEF_DEFINE_PATTERN = ''' { .permissionName = PERMISSION_NAME_%i, @@ -158,7 +163,7 @@ class PermissionDef(object): return False -def parse_json(path, platform): +def parse_json(path, platform, permission_list): extend_perm = { 'name' : 'ohos.permission.KERNEL_ATM_SELF_USE', 'grantMode' : 'system_grant', @@ -172,8 +177,6 @@ def parse_json(path, platform): 'hasValue' : True } - permission_list = [] - with open(path, "r", encoding="utf-8") as f: data = json.load(f) index = 0 @@ -187,7 +190,7 @@ def parse_json(path, platform): return permission_list -def convert_to_cpp(path, permission_list): +def convert_to_cpp(path, permission_list, hash_str): flags = os.O_WRONLY | os.O_CREAT | os.O_TRUNC mode = stat.S_IWUSR | stat.S_IRUSR with os.fdopen(os.open(path, flags, mode), "w") as f: @@ -197,7 +200,9 @@ def convert_to_cpp(path, permission_list): f.write(PERMISSION_LIST_DECLEARE) for perm in permission_list: f.write(perm.dump_struct()) - f.write(PERMISSION_DEFINITION_SUFFIX) + f.write(PERMISSION_DEFINITION_SUFFIX_1) + f.write(VERSION_STRING % (hash_str)) + f.write(PERMISSION_DEFINITION_SUFFIX_2) def parse_args(): @@ -208,10 +213,19 @@ def parse_args(): return parser.parse_args() +def get_file_hash(path): + hash_object = hashlib.sha256() + with open(path, 'rb') as f: + while line := f.read(4096): + hash_object.update(line) + return hash_object.hexdigest() + if __name__ == "__main__": input_args = parse_args() curr_platform = "general" if input_args.target_platform in CONVERT_TARGET_PLATFORM: curr_platform = CONVERT_TARGET_PLATFORM[input_args.target_platform] - permission_list = parse_json(input_args.input_json, curr_platform) - convert_to_cpp(input_args.output_path, permission_list) \ No newline at end of file + permission_list = [] + parse_json(input_args.input_json, curr_platform, permission_list) + hash_str = get_file_hash(input_args.input_json) + convert_to_cpp(input_args.output_path, permission_list, hash_str) diff --git a/frameworks/common/src/permission_map.cpp b/frameworks/common/src/permission_map.cpp index 7fd497395..9adb6fcdf 100644 --- a/frameworks/common/src/permission_map.cpp +++ b/frameworks/common/src/permission_map.cpp @@ -137,6 +137,11 @@ size_t GetDefPermissionsSize() { return MAX_PERM_SIZE; } + +const char* GetPermDefVersion() +{ + return PERMISSION_DEFINITION_VERSION; +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/include/hap_token_info.h b/interfaces/innerkits/accesstoken/include/hap_token_info.h index 24e098201..961bc19ab 100644 --- a/interfaces/innerkits/accesstoken/include/hap_token_info.h +++ b/interfaces/innerkits/accesstoken/include/hap_token_info.h @@ -92,6 +92,8 @@ public: std::string appDistributionType; /** Whether hap is a atomic-service */ bool isAtomicService = false; + /** ota refresh app */ + bool dataRefresh = false; }; /** @@ -211,6 +213,17 @@ public: std::map aclExtendedMap; }; +/** + * @brief Declares hap Init info class + */ +class HapInitInfo final { +public: + HapInfoParams installInfo; + UpdateHapInfoParams updateInfo; + HapPolicy policy; + bool isUpdate = false; +}; + /** * @brief Declares permission with value */ diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp index 6847c7a67..01c325b4d 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp @@ -684,6 +684,7 @@ int32_t AccessTokenManagerClient::UpdateHapToken(AccessTokenIDEx& tokenIdEx, con infoIdl.isSystemApp = info.isSystemApp; infoIdl.appDistributionType = info.appDistributionType; infoIdl.isAtomicService = info.isAtomicService; + infoIdl.dataRefresh = info.dataRefresh; HapInfoCheckResultIdl resultInfoIdl; uint64_t fullTokenId = tokenIdEx.tokenIDEx; int32_t res = proxy->UpdateHapToken(fullTokenId, infoIdl, hapPolicyParcel, resultInfoIdl); diff --git a/services/accesstokenmanager/idl/IdlCommon.idl b/services/accesstokenmanager/idl/IdlCommon.idl index 384c7aee5..29aa82f87 100644 --- a/services/accesstokenmanager/idl/IdlCommon.idl +++ b/services/accesstokenmanager/idl/IdlCommon.idl @@ -37,6 +37,8 @@ struct UpdateHapInfoParamsIdl { String appDistributionType; /** Whether hap is a atomic service */ boolean isAtomicService; + /** Whether ota update */ + boolean dataRefresh; }; enum PermissionRulesEnumIdl { diff --git a/services/accesstokenmanager/main/cpp/include/database/access_token_db.h b/services/accesstokenmanager/main/cpp/include/database/access_token_db.h index 41c5d9dfb..58ee06f4b 100644 --- a/services/accesstokenmanager/main/cpp/include/database/access_token_db.h +++ b/services/accesstokenmanager/main/cpp/include/database/access_token_db.h @@ -30,6 +30,8 @@ namespace OHOS { namespace Security { namespace AccessToken { +static constexpr const char* PERM_DEF_VERSION = "permission_definition_version"; + class AccessTokenDb final { public: static AccessTokenDb& GetInstance(); diff --git a/services/accesstokenmanager/main/cpp/include/database/access_token_db_util.h b/services/accesstokenmanager/main/cpp/include/database/access_token_db_util.h index 55e93b195..09a470476 100644 --- a/services/accesstokenmanager/main/cpp/include/database/access_token_db_util.h +++ b/services/accesstokenmanager/main/cpp/include/database/access_token_db_util.h @@ -35,6 +35,8 @@ enum AtmDataType { ACCESSTOKEN_PERMISSION_STATE, ACCESSTOKEN_PERMISSION_REQUEST_TOGGLE_STATUS, ACCESSTOKEN_PERMISSION_EXTEND_VALUE, + ACCESSTOKEN_HAP_UNDEFINE_INFO, + ACCESSTOKEN_SYSTEM_CONFIG, }; class AccessTokenDbUtil final { diff --git a/services/accesstokenmanager/main/cpp/include/database/access_token_open_callback.h b/services/accesstokenmanager/main/cpp/include/database/access_token_open_callback.h index db87493b4..40f84d553 100644 --- a/services/accesstokenmanager/main/cpp/include/database/access_token_open_callback.h +++ b/services/accesstokenmanager/main/cpp/include/database/access_token_open_callback.h @@ -31,6 +31,7 @@ static constexpr const int32_t DATABASE_VERSION_2 = 2; static constexpr const int32_t DATABASE_VERSION_3 = 3; static constexpr const int32_t DATABASE_VERSION_4 = 4; static constexpr const int32_t DATABASE_VERSION_5 = 5; +static constexpr const int32_t DATABASE_VERSION_6 = 6; class AccessTokenOpenCallback : public NativeRdb::RdbOpenCallback { public: @@ -56,8 +57,14 @@ private: int32_t CreateNativeTokenInfoTable(NativeRdb::RdbStore& rdbStore); int32_t CreatePermissionDefinitionTable(NativeRdb::RdbStore& rdbStore); int32_t CreatePermissionStateTable(NativeRdb::RdbStore& rdbStore); + int32_t CreateVersionOneTable(NativeRdb::RdbStore& rdbStore); int32_t CreatePermissionRequestToggleStatusTable(NativeRdb::RdbStore& rdbStore); + int32_t CreateVersionThreeTable(NativeRdb::RdbStore& rdbStore); int32_t CreatePermissionExtendValueTable(NativeRdb::RdbStore& rdbStore); + int32_t CreateVersionFiveTable(NativeRdb::RdbStore& rdbStore); + int32_t CreateHapUndefineInfoTable(NativeRdb::RdbStore& rdbStore); + int32_t CreateSystemConfigTable(NativeRdb::RdbStore& rdbStore); + int32_t CreateVersionSixTable(NativeRdb::RdbStore& rdbStore); // OnUpgrade int32_t AddAvailableTypeColumn(NativeRdb::RdbStore& rdbStore); diff --git a/services/accesstokenmanager/main/cpp/include/database/token_field_const.h b/services/accesstokenmanager/main/cpp/include/database/token_field_const.h index 74bb061e6..4b43c77cd 100644 --- a/services/accesstokenmanager/main/cpp/include/database/token_field_const.h +++ b/services/accesstokenmanager/main/cpp/include/database/token_field_const.h @@ -55,6 +55,9 @@ public: const static std::string FIELD_KERNEL_EFFECT; const static std::string FIELD_HAS_VALUE; const static std::string FIELD_VALUE; + const static std::string FIELD_ACL; + const static std::string FIELD_NAME; + const static std::string FIELD_APP_DISTRIBUTION_TYPE; }; } // namespace AccessToken } // namespace Security diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_data_brief.h b/services/accesstokenmanager/main/cpp/include/permission/permission_data_brief.h index 3348e7547..45a5d82ff 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_data_brief.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_data_brief.h @@ -53,7 +53,8 @@ public: virtual ~PermissionDataBrief() = default; int32_t DeleteBriefPermDataByTokenId(AccessTokenID tokenID); - int32_t SetBriefPermData(AccessTokenID tokenID, int32_t opCode, bool status, uint32_t flag); + int32_t AddBriefPermData(AccessTokenID tokenID, const std::string& permissionName, PermissionState grantStatus, + PermissionFlag grantFlag, const std::string& value); int32_t GetBriefPermDataByTokenId(AccessTokenID tokenID, std::vector& data); void ToString(std::string& info); PermUsedTypeEnum GetPermissionUsedType(AccessTokenID tokenID, int32_t opCode); diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h index 90b2b6f84..0f2c9fa84 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h @@ -22,6 +22,7 @@ #include "ability_manager_access_loader.h" #include "access_token.h" +#include "generic_values.h" #include "hap_token_info_inner.h" #include "iremote_broker.h" #include "libraryloader.h" @@ -29,6 +30,7 @@ #include "permission_grant_event.h" #include "permission_list_state.h" #include "permission_list_state_parcel.h" +#include "permission_map.h" #include "permission_state_change_info.h" #include "permission_status.h" #include "temp_permission_observer.h" @@ -93,14 +95,15 @@ public: void AddHapPermToKernel(AccessTokenID tokenID, const std::vector& permList); void RemovePermFromKernel(AccessTokenID tokenID); void SetPermToKernel(AccessTokenID tokenID, const std::string& permissionName, bool isGranted); - bool InitPermissionList(const std::string& appDistributionType, const HapPolicy& policy, - std::vector& initializedList, HapInfoCheckResult& result); + bool InitPermissionList(const HapInitInfo& initInfo, std::vector& initializedList, + HapInfoCheckResult& result, std::vector& undefValues); bool InitDlpPermissionList(const std::string& bundleName, int32_t userId, - std::vector& initializedList); + std::vector& initializedList, std::vector& undefValues); void GetStateOrFlagChangedList(std::vector& stateListBefore, std::vector& stateListAfter, std::vector& stateChangeList); void NotifyUpdatedPermList(const std::vector& grantedPermListBefore, const std::vector& grantedPermListAfter, AccessTokenID tokenID); + bool IsPermAvailableRangeSatisfied(const PermissionBriefDef& briefDef, const std::string& appDistributionType); protected: static void RegisterImpl(PermissionManager* implInstance); @@ -117,6 +120,11 @@ private: bool GetLocationPermissionState(AccessTokenID tokenID, std::vector& reqPermList, std::vector& permsList, int32_t apiVersion, const LocationIndex& locationIndex); bool IsPermissionStateOrFlagMatched(const PermissionStatus& stata1, const PermissionStatus& stata2); + void FillUndefinedPermVector(const std::string& permissionName, const std::string& appDistributionType, + const HapPolicy& policy, std::vector& undefValues); + bool AclAndEdmCheck(const PermissionBriefDef& briefDef, const HapPolicy& policy, const std::string& permissionName, + const std::string appDistributionType, HapInfoCheckResult& result); + void GetMasterAppUndValues(AccessTokenID tokenId, std::vector& undefValues); std::shared_ptr GetAbilityManager(); PermissionGrantEvent grantEvent_; diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h index cd14e79d9..41da54b3b 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h @@ -16,6 +16,7 @@ #ifndef ACCESSTOKEN_MANAGER_SERVICE_H #define ACCESSTOKEN_MANAGER_SERVICE_H +#include #include #include #include @@ -25,10 +26,12 @@ #include "access_event_handler.h" #endif #include "access_token.h" +#include "generic_values.h" #include "hap_token_info.h" #include "iremote_object.h" #include "json_parse_loader.h" #include "nocopyable.h" +#include "permission_map.h" #include "singleton.h" #include "system_ability.h" #include "thread_pool.h" @@ -143,6 +146,13 @@ private: void ReportAddHap(const HapInfoParcel& info, const HapPolicyParcel& policy); void ReportAddHapFinish(AccessTokenIDEx fullTokenId, const HapInfoParcel& info, int64_t beginTime, int32_t errorCode); + int32_t UpdatePermDefVersion(const std::string& permDefVersion); + bool IsPermissionValid(int32_t hapApl, const PermissionBriefDef& data, const std::string& value, bool isAcl); + int32_t UpdateUndefinedToDb(const std::vector& stateValues, + const std::vector& extendValues, const std::vector& validValueList); + int32_t UpdateUndefinedInfo(const std::vector& validValueList); + void HandleHapUndefinedInfo(std::map& tokenId2apl); + void HandlePermDefUpdate(std::map& tokenId2apl); ServiceRunningState state_; std::string grantBundleName_; diff --git a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h index 0242c1154..901317a83 100644 --- a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h +++ b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h @@ -46,7 +46,8 @@ class AccessTokenInfoManager final { public: static AccessTokenInfoManager& GetInstance(); ~AccessTokenInfoManager(); - void Init(uint32_t& hapSize, uint32_t& nativeSize, uint32_t& pefDefSize, uint32_t& dlpSize); + void Init(uint32_t& hapSize, uint32_t& nativeSize, uint32_t& pefDefSize, uint32_t& dlpSize, + std::map& tokenId2apl); void InitNativeTokenInfos(const std::vector& tokenInfos); int32_t GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenIdList); std::shared_ptr GetHapTokenInfoInner(AccessTokenID id); @@ -56,11 +57,13 @@ public: int RemoveHapTokenInfo(AccessTokenID id); int RemoveNativeTokenInfo(AccessTokenID id); int32_t GetHapAppIdByTokenId(AccessTokenID tokenID, std::string& appId); - int CreateHapTokenInfo(const HapInfoParams& info, const HapPolicy& policy, AccessTokenIDEx& tokenIdEx); + int CreateHapTokenInfo(const HapInfoParams& info, const HapPolicy& policy, AccessTokenIDEx& tokenIdEx, + std::vector& undefValues); AccessTokenIDEx GetHapTokenID(int32_t userID, const std::string& bundleName, int32_t instIndex); AccessTokenID AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID); int32_t UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, - const std::vector& permStateList, const HapPolicy& hapPolicy); + const std::vector& permStateList, const HapPolicy& hapPolicy, + std::vector& undefValues); void DumpTokenInfo(const AtmToolsParamInfo& info, std::string& dumpInfo); bool IsTokenIdExist(AccessTokenID id); AccessTokenID GetNativeTokenId(const std::string& processName); @@ -106,14 +109,17 @@ private: int32_t AddHapInfoToCache(const GenericValues& tokenValue, const std::vector& permStateRes, const std::vector& extendedPermRes); - void InitHapTokenInfos(uint32_t& hapSize); + void InitHapTokenInfos(uint32_t& hapSize, std::map& tokenId2apl); void ReportAddHapIdChange(const std::shared_ptr& hapInfo, AccessTokenID oriTokenId); int AddHapTokenInfo(const std::shared_ptr& info, AccessTokenID& oriTokenId); std::string GetHapUniqueStr(const std::shared_ptr& info) const; std::string GetHapUniqueStr(const int& userID, const std::string& bundleName, const int& instIndex) const; int32_t RegisterTokenId(const HapInfoParams& info, AccessTokenID& tokenId); - int AddHapTokenInfoToDb(const std::shared_ptr& hapInfo, - const std::string& appId, const HapPolicy& policy, bool isUpdate); + void FillDelValues(AccessTokenID tokenID, bool isSystemRes, const std::vector& permExtendValues, + const std::vector& undefValues, std::vector& deleteValues); + void AddTokenIdToUndefValues(AccessTokenID tokenId, std::vector& undefValues); + int AddHapTokenInfoToDb(const std::shared_ptr& hapInfo, const std::string& appId, + const HapPolicy& policy, bool isUpdate, const std::vector& undefValues); int RemoveHapTokenInfoFromDb(const std::shared_ptr& info); int CreateRemoteHapTokenInfo(AccessTokenID mapID, HapTokenInfoForSync& hapSync); int UpdateRemoteHapTokenInfo(AccessTokenID mapID, HapTokenInfoForSync& hapSync); diff --git a/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp b/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp index 6a85638f8..73e2f2572 100644 --- a/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp +++ b/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp @@ -92,7 +92,7 @@ void AccessTokenDb::InitRdb() AccessTokenOpenCallback callback; int32_t res = NativeRdb::E_OK; // pragma user_version will done by rdb, they store path and db_ as pair in RdbStoreManager - db_ = NativeRdb::RdbHelper::GetRdbStore(config, DATABASE_VERSION_5, callback, res); + db_ = NativeRdb::RdbHelper::GetRdbStore(config, DATABASE_VERSION_6, callback, res); if ((res != NativeRdb::E_OK) || (db_ == nullptr)) { LOGE(ATM_DOMAIN, ATM_TAG, "Failed to init rdb, res is %{public}d.", res); } @@ -449,7 +449,7 @@ int32_t AccessTokenDb::DeleteAndInsertValues( } int64_t endTime = TimeUtil::GetCurrentTimestamp(); - LOGI(ATM_DOMAIN, ATM_TAG, "DeleteAndInsertNative cost %{public}" PRId64 ".", endTime - beginTime); + LOGI(ATM_DOMAIN, ATM_TAG, "DeleteAndInsertValues cost %{public}" PRId64 ".", endTime - beginTime); return 0; } diff --git a/services/accesstokenmanager/main/cpp/src/database/access_token_db_util.cpp b/services/accesstokenmanager/main/cpp/src/database/access_token_db_util.cpp index 7b47a11e7..998b53077 100644 --- a/services/accesstokenmanager/main/cpp/src/database/access_token_db_util.cpp +++ b/services/accesstokenmanager/main/cpp/src/database/access_token_db_util.cpp @@ -22,8 +22,8 @@ namespace Security { namespace AccessToken { namespace { static const std::vector g_StringTypeColumns = { - "description", "permission_name", "device_id", "bundle_name", - "app_id", "process_name", "dcap", "native_acls", "label", "value", + "description", "permission_name", "device_id", "bundle_name", "app_id", + "process_name", "dcap", "native_acls", "label", "value", "name", "app_distribution_type" }; static const std::map g_DateTypeToTableName = { @@ -33,6 +33,8 @@ static const std::map g_DateTypeToTableName = { {AtmDataType::ACCESSTOKEN_PERMISSION_STATE, "permission_state_table"}, {AtmDataType::ACCESSTOKEN_PERMISSION_REQUEST_TOGGLE_STATUS, "permission_request_toggle_status_table"}, {AtmDataType::ACCESSTOKEN_PERMISSION_EXTEND_VALUE, "permission_extend_value_table"}, + {AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO, "hap_undefine_info_table"}, + {AtmDataType::ACCESSTOKEN_SYSTEM_CONFIG, "system_config_table"}, }; } diff --git a/services/accesstokenmanager/main/cpp/src/database/access_token_open_callback.cpp b/services/accesstokenmanager/main/cpp/src/database/access_token_open_callback.cpp index 29d5fb6ef..7132680d3 100644 --- a/services/accesstokenmanager/main/cpp/src/database/access_token_open_callback.cpp +++ b/services/accesstokenmanager/main/cpp/src/database/access_token_open_callback.cpp @@ -33,6 +33,7 @@ constexpr const uint32_t FLAG_HANDLE_FROM_ONE_TO_TWO = 1; constexpr const uint32_t FLAG_HANDLE_FROM_TWO_TO_THREE = 1 << 1; constexpr const uint32_t FLAG_HANDLE_FROM_THREE_TO_FOUR = 1 << 2; constexpr const uint32_t FLAG_HANDLE_FROM_FOUR_TO_FIVE = 1 << 3; +constexpr const uint32_t FLAG_HANDLE_FROM_FIVE_TO_SIX = 1 << 4; } int32_t AccessTokenOpenCallback::CreateHapTokenInfoTable(NativeRdb::RdbStore& rdbStore) @@ -174,6 +175,35 @@ int32_t AccessTokenOpenCallback::CreatePermissionStateTable(NativeRdb::RdbStore& return rdbStore.ExecuteSql(sql); } +int32_t AccessTokenOpenCallback::CreateVersionOneTable(NativeRdb::RdbStore& rdbStore) +{ + int32_t res = CreateHapTokenInfoTable(rdbStore); + if (res != NativeRdb::E_OK) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to create table hap_token_info_table."); + return res; + } + + res = CreateNativeTokenInfoTable(rdbStore); + if (res != NativeRdb::E_OK) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to create table native_token_info_table."); + return res; + } + + res = CreatePermissionDefinitionTable(rdbStore); + if (res != NativeRdb::E_OK) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to create table permission_definition_table."); + return res; + } + + res = CreatePermissionStateTable(rdbStore); + if (res != NativeRdb::E_OK) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to create table permission_state_table."); + return res; + } + + return 0; +} + int32_t AccessTokenOpenCallback::CreatePermissionRequestToggleStatusTable(NativeRdb::RdbStore& rdbStore) { std::string tableName; @@ -196,6 +226,17 @@ int32_t AccessTokenOpenCallback::CreatePermissionRequestToggleStatusTable(Native return rdbStore.ExecuteSql(sql); } +int32_t AccessTokenOpenCallback::CreateVersionThreeTable(NativeRdb::RdbStore& rdbStore) +{ + int32_t res = CreatePermissionRequestToggleStatusTable(rdbStore); + if (res != NativeRdb::E_OK) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to create table permission_request_toggle_status_table."); + return res; + } + + return 0; +} + int32_t AccessTokenOpenCallback::CreatePermissionExtendValueTable(NativeRdb::RdbStore& rdbStore) { std::string tableName; @@ -220,43 +261,99 @@ int32_t AccessTokenOpenCallback::CreatePermissionExtendValueTable(NativeRdb::Rdb return rdbStore.ExecuteSql(sql); } -int32_t AccessTokenOpenCallback::OnCreate(NativeRdb::RdbStore& rdbStore) +int32_t AccessTokenOpenCallback::CreateVersionFiveTable(NativeRdb::RdbStore& rdbStore) { - LOGI(ATM_DOMAIN, ATM_TAG, "DB OnCreate."); + int32_t res = CreatePermissionExtendValueTable(rdbStore); + if (res != NativeRdb::E_OK) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to create table permission_extend_value_table."); + return res; + } - int32_t res = CreateHapTokenInfoTable(rdbStore); + return 0; +} + +int32_t AccessTokenOpenCallback::CreateHapUndefineInfoTable(NativeRdb::RdbStore& rdbStore) +{ + std::string tableName; + AccessTokenDbUtil::GetTableNameByType(AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO, tableName); + + std::string sql = "create table if not exists " + tableName; + sql.append(" (") + .append(TokenFiledConst::FIELD_TOKEN_ID) + .append(INTEGER_STR) + .append(TokenFiledConst::FIELD_PERMISSION_NAME) + .append(TEXT_STR) + .append(TokenFiledConst::FIELD_ACL) + .append(INTEGER_STR) + .append(TokenFiledConst::FIELD_APP_DISTRIBUTION_TYPE) + .append(" text, ") + .append(TokenFiledConst::FIELD_VALUE) + .append(" text, ") + .append("primary key(") + .append(TokenFiledConst::FIELD_TOKEN_ID) + .append(",") + .append(TokenFiledConst::FIELD_PERMISSION_NAME) + .append("))"); + + return rdbStore.ExecuteSql(sql); +} + +int32_t AccessTokenOpenCallback::CreateSystemConfigTable(NativeRdb::RdbStore& rdbStore) +{ + std::string tableName; + AccessTokenDbUtil::GetTableNameByType(AtmDataType::ACCESSTOKEN_SYSTEM_CONFIG, tableName); + + std::string sql = "create table if not exists " + tableName; + sql.append(" (") + .append(TokenFiledConst::FIELD_NAME) + .append(TEXT_STR) + .append(TokenFiledConst::FIELD_VALUE) + .append(TEXT_STR) + .append("primary key(") + .append(TokenFiledConst::FIELD_NAME) + .append("))"); + + return rdbStore.ExecuteSql(sql); +} + +int32_t AccessTokenOpenCallback::CreateVersionSixTable(NativeRdb::RdbStore& rdbStore) +{ + int32_t res = CreateHapUndefineInfoTable(rdbStore); if (res != NativeRdb::E_OK) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to create table hap_token_info_table."); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to create table hap_undefine_info_table."); return res; } - res = CreateNativeTokenInfoTable(rdbStore); + res = CreateSystemConfigTable(rdbStore); if (res != NativeRdb::E_OK) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to create table native_token_info_table."); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to create table system_config_table."); return res; } - res = CreatePermissionDefinitionTable(rdbStore); + return 0; +} + +int32_t AccessTokenOpenCallback::OnCreate(NativeRdb::RdbStore& rdbStore) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "DB OnCreate."); + + int32_t res = CreateVersionOneTable(rdbStore); if (res != NativeRdb::E_OK) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to create table permission_definition_table."); return res; } - - res = CreatePermissionStateTable(rdbStore); + + res = CreateVersionThreeTable(rdbStore); if (res != NativeRdb::E_OK) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to create table permission_state_table."); return res; } - - res = CreatePermissionRequestToggleStatusTable(rdbStore); + + res = CreateVersionFiveTable(rdbStore); if (res != NativeRdb::E_OK) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to create table permission_request_toggle_status_table."); return res; } - res = CreatePermissionExtendValueTable(rdbStore); + res = CreateVersionSixTable(rdbStore); if (res != NativeRdb::E_OK) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to create table permission_extend_value_table."); return res; } @@ -442,13 +539,20 @@ int32_t AccessTokenOpenCallback::HandleUpgradeWithFlag(NativeRdb::RdbStore& rdbS } if ((flag & FLAG_HANDLE_FROM_FOUR_TO_FIVE) == FLAG_HANDLE_FROM_FOUR_TO_FIVE) { - res = CreatePermissionExtendValueTable(rdbStore); + res = CreateVersionFiveTable(rdbStore); if (res != NativeRdb::E_OK) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to create table permission_extend_bool_table."); return res; } - return AddKernelEffectAndHasValueColumn(rdbStore); + res = AddKernelEffectAndHasValueColumn(rdbStore); + if (res != NativeRdb::E_OK) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to add column kernel_effect or has_value."); + return res; + } + } + + if ((flag & FLAG_HANDLE_FROM_FIVE_TO_SIX) == FLAG_HANDLE_FROM_FIVE_TO_SIX) { + return CreateVersionSixTable(rdbStore); } return res; @@ -471,6 +575,10 @@ void AccessTokenOpenCallback::GetUpgradeFlag(int32_t currentVersion, int32_t tar if ((targetVersion >= DATABASE_VERSION_5) && (currentVersion < DATABASE_VERSION_5)) { flag += FLAG_HANDLE_FROM_FOUR_TO_FIVE; } + + if ((targetVersion >= DATABASE_VERSION_6) && (currentVersion < DATABASE_VERSION_6)) { + flag += FLAG_HANDLE_FROM_FIVE_TO_SIX; + } } int32_t AccessTokenOpenCallback::OnUpgrade(NativeRdb::RdbStore& rdbStore, int32_t currentVersion, int32_t targetVersion) diff --git a/services/accesstokenmanager/main/cpp/src/database/token_field_const.cpp b/services/accesstokenmanager/main/cpp/src/database/token_field_const.cpp index 4a09e0314..bb70d6d4d 100644 --- a/services/accesstokenmanager/main/cpp/src/database/token_field_const.cpp +++ b/services/accesstokenmanager/main/cpp/src/database/token_field_const.cpp @@ -49,6 +49,9 @@ const std::string TokenFiledConst::FIELD_REQUEST_TOGGLE_STATUS = "status"; const std::string TokenFiledConst::FIELD_KERNEL_EFFECT = "kernel_effect"; const std::string TokenFiledConst::FIELD_HAS_VALUE = "has_value"; const std::string TokenFiledConst::FIELD_VALUE = "value"; +const std::string TokenFiledConst::FIELD_ACL = "acl"; +const std::string TokenFiledConst::FIELD_NAME = "name"; +const std::string TokenFiledConst::FIELD_APP_DISTRIBUTION_TYPE = "app_distribution_type"; } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp index f9f9ca828..cc6cd8367 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp @@ -888,6 +888,35 @@ int32_t PermissionDataBrief::RefreshPermStateToKernel(const std::vector(grantStatus); + status.grantFlag = static_cast(grantFlag); + + std::map aclExtendedMap; + aclExtendedMap[permissionName] = value; + + Utils::UniqueWriteGuard infoGuard(this->permissionStateDataLock_); + BriefPermData data; + if (!GetPermissionBriefData(tokenID, status, aclExtendedMap, data)) { + return AccessTokenError::ERR_PERMISSION_NOT_EXIST; + } + + std::vector list; + int32_t res = GetBriefPermDataByTokenIdInner(tokenID, list); + if (res != RET_SUCCESS) { + return res; + } + + MergePermBriefData(list, data); + AddBriefPermDataByTokenId(tokenID, list); + + return RET_SUCCESS; +} } // namespace AccessToken } // namespace Security } // namespace OHOS \ No newline at end of file diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index 7f60382a8..386ebc3b9 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -886,7 +886,8 @@ bool IsAclSatisfied(const PermissionBriefDef& briefDef, const HapPolicy& policy) return true; } -bool IsPermAvailableRangeSatisfied(const PermissionBriefDef& briefDef, const std::string& appDistributionType) +bool PermissionManager::IsPermAvailableRangeSatisfied(const PermissionBriefDef& briefDef, + const std::string& appDistributionType) { if (briefDef.availableType == ATokenAvailableTypeEnum::MDM) { if (appDistributionType == "none") { @@ -918,8 +919,29 @@ bool IsUserGrantPermPreAuthorized(const std::vector &list, return true; } +void PermissionManager::GetMasterAppUndValues(AccessTokenID tokenId, std::vector& undefValues) +{ + GenericValues conditionValue; + conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenId)); + std::vector results; + int32_t res = AccessTokenDb::GetInstance().Find( + AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO, conditionValue, results); // get master app hap undefined data + if (res != 0) { + return; + } + + if (results.empty()) { + return; + } + + for (auto& value : results) { + value.Remove(TokenFiledConst::FIELD_TOKEN_ID); + undefValues.emplace_back(value); + } +} + bool PermissionManager::InitDlpPermissionList(const std::string& bundleName, int32_t userId, - std::vector& initializedList) + std::vector& initializedList, std::vector& undefValues) { // get dlp original app AccessTokenIDEx tokenId = AccessTokenInfoManager::GetInstance().GetHapTokenID(userId, bundleName, 0); @@ -930,38 +952,90 @@ bool PermissionManager::InitDlpPermissionList(const std::string& bundleName, int return false; } (void)infoPtr->GetPermissionStateList(initializedList); + GetMasterAppUndValues(tokenId.tokenIdExStruct.tokenID, undefValues); + return true; +} + +void PermissionManager::FillUndefinedPermVector(const std::string& permissionName, + const std::string& appDistributionType, const HapPolicy& policy, std::vector& undefValues) +{ + GenericValues value; + value.Put(TokenFiledConst::FIELD_PERMISSION_NAME, permissionName); + value.Put(TokenFiledConst::FIELD_APP_DISTRIBUTION_TYPE, appDistributionType); + + auto it = std::find_if( + policy.aclRequestedList.begin(), policy.aclRequestedList.end(), [permissionName](const std::string& perm) { + return permissionName == perm; + }); + if (it != policy.aclRequestedList.end()) { + value.Put(TokenFiledConst::FIELD_ACL, 1); + } else { + value.Put(TokenFiledConst::FIELD_ACL, 0); + } + + auto iter = std::find_if(policy.aclExtendedMap.begin(), policy.aclExtendedMap.end(), + [permissionName](const std::map::value_type item) { + return permissionName == item.first; + }); + if (iter != policy.aclExtendedMap.end()) { + value.Put(TokenFiledConst::FIELD_VALUE, iter->second); + } + + undefValues.emplace_back(value); + + return; +} + +bool PermissionManager::AclAndEdmCheck(const PermissionBriefDef& briefDef, const HapPolicy& policy, + const std::string& permissionName, const std::string appDistributionType, HapInfoCheckResult& result) +{ + // acl check + if (!IsAclSatisfied(briefDef, policy)) { + result.permCheckResult.permissionName = permissionName; + result.permCheckResult.rule = PERMISSION_ACL_RULE; + LOGC(ATM_DOMAIN, ATM_TAG, "Acl of %{public}s is invalid.", briefDef.permissionName); + return false; + } + + // edm check + if (!IsPermAvailableRangeSatisfied(briefDef, appDistributionType)) { + result.permCheckResult.permissionName = permissionName; + result.permCheckResult.rule = PERMISSION_EDM_RULE; + LOGC(ATM_DOMAIN, ATM_TAG, "Available range of %{public}s is invalid.", briefDef.permissionName); + + return false; + } + return true; } -bool PermissionManager::InitPermissionList(const std::string& appDistributionType, const HapPolicy& policy, - std::vector& initializedList, HapInfoCheckResult& result) +bool PermissionManager::InitPermissionList(const HapInitInfo& initInfo, std::vector& initializedList, + HapInfoCheckResult& result, std::vector& undefValues) { LOGI(ATM_DOMAIN, ATM_TAG, "Before, request perm list size: %{public}zu, preAuthorizationInfo size %{public}zu, " - "ACLRequestedList size %{public}zu.", - policy.permStateList.size(), policy.preAuthorizationInfo.size(), policy.aclRequestedList.size()); + "ACLRequestedList size %{public}zu.", initInfo.policy.permStateList.size(), + initInfo.policy.preAuthorizationInfo.size(), initInfo.policy.aclRequestedList.size()); + std::string appDistributionType = (initInfo.isUpdate) ? + initInfo.updateInfo.appDistributionType : initInfo.installInfo.appDistributionType; - for (auto state : policy.permStateList) { + for (auto state : initInfo.policy.permStateList) { PermissionBriefDef briefDef; if (!GetPermissionBriefDef(state.permissionName, briefDef)) { LOGE(ATM_DOMAIN, ATM_TAG, "Get definition of %{public}s failed.", state.permissionName.c_str()); + FillUndefinedPermVector(state.permissionName, appDistributionType, initInfo.policy, undefValues); continue; } - if (!IsAclSatisfied(briefDef, policy)) { - result.permCheckResult.permissionName = state.permissionName; - result.permCheckResult.rule = PERMISSION_ACL_RULE; - LOGC(ATM_DOMAIN, ATM_TAG, "Acl of %{public}s is invalid.", briefDef.permissionName); - return false; + if (!AclAndEdmCheck(briefDef, initInfo.policy, state.permissionName, appDistributionType, result)) { + if (initInfo.updateInfo.dataRefresh) { + FillUndefinedPermVector(state.permissionName, appDistributionType, initInfo.policy, undefValues); + continue; + } else { + return false; + } } - // edm check - if (!IsPermAvailableRangeSatisfied(briefDef, appDistributionType)) { - result.permCheckResult.permissionName = state.permissionName; - result.permCheckResult.rule = PERMISSION_EDM_RULE; - LOGC(ATM_DOMAIN, ATM_TAG, "Available range of %{public}s is invalid.", briefDef.permissionName); - return false; - } state.grantFlag = PERMISSION_DEFAULT_FLAG; state.grantStatus = PERMISSION_DENIED; @@ -971,12 +1045,12 @@ bool PermissionManager::InitPermissionList(const std::string& appDistributionTyp initializedList.emplace_back(state); continue; } - if (policy.preAuthorizationInfo.size() == 0) { + if (initInfo.policy.preAuthorizationInfo.size() == 0) { initializedList.emplace_back(state); continue; } bool userCancelable = true; - if (IsUserGrantPermPreAuthorized(policy.preAuthorizationInfo, state.permissionName, userCancelable)) { + if (IsUserGrantPermPreAuthorized(initInfo.policy.preAuthorizationInfo, state.permissionName, userCancelable)) { state.grantFlag = userCancelable ? PERMISSION_GRANTED_BY_POLICY : PERMISSION_SYSTEM_FIXED; state.grantStatus = PERMISSION_GRANTED; } diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index 0fa0febd3..fb5b17e37 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -41,7 +41,6 @@ #include "parameters.h" #include "permission_list_state.h" #include "permission_manager.h" -#include "permission_map.h" #include "permission_validator.h" #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE #include "sec_comp_enhance_agent.h" @@ -610,8 +609,9 @@ int32_t AccessTokenManagerService::AllocHapToken(const HapInfoParcel& info, cons return ERR_OK; } + std::vector undefValues; int ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo( - info.hapInfoParameter, policy.hapPolicy, tokenIdEx); + info.hapInfoParameter, policy.hapPolicy, tokenIdEx, undefValues); if (ret != RET_SUCCESS) { LOGE(ATM_DOMAIN, ATM_TAG, "Hap token info create failed"); } @@ -710,10 +710,14 @@ int32_t AccessTokenManagerService::InitHapToken(const HapInfoParcel& info, const resultInfoIdl.realResult = ERR_OK; std::vector initializedList; + std::vector undefValues; if (info.hapInfoParameter.dlpType == DLP_COMMON) { HapInfoCheckResult permCheckResult; - if (!PermissionManager::GetInstance().InitPermissionList(info.hapInfoParameter.appDistributionType, - policyCopy.hapPolicy, initializedList, permCheckResult)) { + HapInitInfo initInfo; + initInfo.installInfo = info.hapInfoParameter; + initInfo.policy = policyCopy.hapPolicy; + if (!PermissionManager::GetInstance().InitPermissionList(initInfo, initializedList, permCheckResult, + undefValues)) { resultInfoIdl.realResult = ERROR; resultInfoIdl.permissionName = permCheckResult.permCheckResult.permissionName; int32_t rule = permCheckResult.permCheckResult.rule; @@ -723,7 +727,7 @@ int32_t AccessTokenManagerService::InitHapToken(const HapInfoParcel& info, const } } else { if (!PermissionManager::GetInstance().InitDlpPermissionList( - info.hapInfoParameter.bundleName, info.hapInfoParameter.userID, initializedList)) { + info.hapInfoParameter.bundleName, info.hapInfoParameter.userID, initializedList, undefValues)) { ReportAddHapFinish({0}, info, beginTime, ERR_PERM_REQUEST_CFG_FAILED); return ERR_PERM_REQUEST_CFG_FAILED; } @@ -732,7 +736,7 @@ int32_t AccessTokenManagerService::InitHapToken(const HapInfoParcel& info, const AccessTokenIDEx tokenIdEx; int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo( - info.hapInfoParameter, policyCopy.hapPolicy, tokenIdEx); + info.hapInfoParameter, policyCopy.hapPolicy, tokenIdEx, undefValues); fullTokenId = tokenIdEx.tokenIDEx; ReportAddHapFinish(tokenIdEx, info, beginTime, ret); @@ -823,8 +827,12 @@ int32_t AccessTokenManagerService::UpdateHapTokenCore(AccessTokenIDEx& tokenIdEx std::vector InitializedList; resultInfoIdl.realResult = ERR_OK; HapInfoCheckResult permCheckResult; - if (!PermissionManager::GetInstance().InitPermissionList( - info.appDistributionType, policyParcel.hapPolicy, InitializedList, permCheckResult)) { + std::vector undefValues; + HapInitInfo initInfo; + initInfo.updateInfo = info; + initInfo.policy = policyParcel.hapPolicy; + initInfo.isUpdate = true; + if (!PermissionManager::GetInstance().InitPermissionList(initInfo, InitializedList, permCheckResult, undefValues)) { resultInfoIdl.realResult = ERROR; resultInfoIdl.permissionName = permCheckResult.permCheckResult.permissionName; int32_t rule = permCheckResult.permCheckResult.rule; @@ -836,7 +844,7 @@ int32_t AccessTokenManagerService::UpdateHapTokenCore(AccessTokenIDEx& tokenIdEx } int32_t ret = AccessTokenInfoManager::GetInstance().UpdateHapToken(tokenIdEx, info, - InitializedList, policyParcel.hapPolicy); + InitializedList, policyParcel.hapPolicy, undefValues); return ret; } @@ -885,6 +893,7 @@ int32_t AccessTokenManagerService::UpdateHapToken(uint64_t& fullTokenId, const U info.isSystemApp = infoIdl.isSystemApp; info.appDistributionType = infoIdl.appDistributionType; info.isAtomicService = infoIdl.isAtomicService; + info.dataRefresh = infoIdl.dataRefresh; int64_t beginTime = TimeUtil::GetCurrentTimestamp(); HapTokenInfo hapInfo; @@ -1385,6 +1394,211 @@ int32_t AccessTokenManagerService::GetReqPermissionByName( tokenId, permissionName, value); } +int32_t AccessTokenManagerService::UpdatePermDefVersion(const std::string& permDefVersion) +{ + GenericValues delValue; + delValue.Put(TokenFiledConst::FIELD_NAME, PERM_DEF_VERSION); + + GenericValues addValue; + addValue.Put(TokenFiledConst::FIELD_NAME, PERM_DEF_VERSION); + addValue.Put(TokenFiledConst::FIELD_VALUE, permDefVersion); + std::vector values; + values.emplace_back(addValue); + + std::vector deleteDataTypes; + deleteDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_SYSTEM_CONFIG); + std::vector deleteValues; + deleteValues.emplace_back(delValue); + std::vector addDataTypes; + addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_SYSTEM_CONFIG); + std::vector> addValues; + addValues.emplace_back(values); + + return AccessTokenDb::GetInstance().DeleteAndInsertValues(deleteDataTypes, deleteValues, addDataTypes, addValues); +} + +int32_t AccessTokenManagerService::UpdateUndefinedToDb(const std::vector& stateValues, + const std::vector& extendValues, const std::vector& validValueList) +{ + std::vector deleteDataTypes; + std::vector deleteValues; + + for (const auto& value : validValueList) { + deleteDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO); + deleteValues.emplace_back(value); + } + + std::vector addDataTypes; + addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_STATE); + addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_EXTEND_VALUE); + std::vector> addValues; + addValues.emplace_back(stateValues); + addValues.emplace_back(extendValues); + + return AccessTokenDb::GetInstance().DeleteAndInsertValues(deleteDataTypes, deleteValues, addDataTypes, addValues); +} + +int32_t AccessTokenManagerService::UpdateUndefinedInfo(const std::vector& validValueList) +{ + std::string permissionName; + PermissionState grantStatus; + PermissionFlag grantFlag; + AccessTokenID tokenId = 0; + std::string value; + std::vector stateValues; + std::vector extendValues; + + for (const auto& validValue : validValueList) { + permissionName = validValue.GetString(TokenFiledConst::FIELD_PERMISSION_NAME); + PermissionBriefDef data; + if (!GetPermissionBriefDef(permissionName, data)) { + continue; + } + + if (data.grantMode == GrantMode::USER_GRANT) { + grantStatus = PermissionState::PERMISSION_DENIED; + grantFlag = PermissionFlag::PERMISSION_DEFAULT_FLAG; + } else { + grantStatus = PermissionState::PERMISSION_GRANTED; + grantFlag = PermissionFlag::PERMISSION_SYSTEM_FIXED; + } + + tokenId = static_cast(validValue.GetInt(TokenFiledConst::FIELD_TOKEN_ID)); + value = validValue.GetString(TokenFiledConst::FIELD_VALUE); + + int32_t res = PermissionDataBrief::GetInstance().AddBriefPermData(tokenId, permissionName, grantStatus, + grantFlag, value); + if (res != RET_SUCCESS) { + continue; + } + + PermissionManager::GetInstance().SetPermToKernel(tokenId, permissionName, + (grantStatus == PermissionState::PERMISSION_GRANTED)); + + GenericValues stateValue; + stateValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenId)); + stateValue.Put(TokenFiledConst::FIELD_PERMISSION_NAME, permissionName); + stateValue.Put(TokenFiledConst::FIELD_DEVICE_ID, ""); + stateValue.Put(TokenFiledConst::FIELD_GRANT_IS_GENERAL, 1); + stateValue.Put(TokenFiledConst::FIELD_GRANT_STATE, static_cast(grantStatus)); + stateValue.Put(TokenFiledConst::FIELD_GRANT_FLAG, static_cast(grantFlag)); + stateValues.emplace_back(stateValue); + + if ((data.hasValue) && !value.empty()) { + GenericValues extendValue; + extendValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenId)); + extendValue.Put(TokenFiledConst::FIELD_PERMISSION_NAME, permissionName); + extendValue.Put(TokenFiledConst::FIELD_VALUE, value); + extendValues.emplace_back(extendValue); + } + } + + return UpdateUndefinedToDb(stateValues, extendValues, validValueList); +} + +bool AccessTokenManagerService::IsPermissionValid(int32_t hapApl, const PermissionBriefDef& data, + const std::string& value, bool isAcl) +{ + if (hapApl >= static_cast(data.availableLevel)) { + return true; // not cross apl, this is valid + } + + if (isAcl) { + return true; // cross apl but request by acl, this is valid + } else { + if (data.hasValue) { + return !value.empty(); // permission hasValue is true and request with value, this is valid + } + return false; + } + + return false; +} + +void AccessTokenManagerService::HandleHapUndefinedInfo(std::map& tokenId2apl) +{ + GenericValues conditionValue; + std::vector results; + int32_t res = AccessTokenDb::GetInstance().Find( + AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO, conditionValue, results); // get all hap undefined data + if (res != 0) { + return; + } + + if (results.empty()) { + return; + } + + AccessTokenID tokenId = 0; + std::string permissionName; + std::string appDistributionType; + int32_t apl = 0; + std::string value; + PermissionBriefDef data; + std::vector validValueList; + + // filter invalid data + for (const auto& result : results) { + tokenId = result.GetInt(TokenFiledConst::FIELD_TOKEN_ID); + if (tokenId2apl.count(tokenId) == 0) { + continue; + } + + permissionName = result.GetString(TokenFiledConst::FIELD_PERMISSION_NAME); + if (!GetPermissionBriefDef(permissionName, data)) { + LOGI(ATM_DOMAIN, ATM_TAG, "permission %{public}s is still invalid!", permissionName.c_str()); + continue; + } + + appDistributionType = result.GetString(TokenFiledConst::FIELD_APP_DISTRIBUTION_TYPE); + if (!PermissionManager::GetInstance().IsPermAvailableRangeSatisfied(data, appDistributionType)) { + continue; + } + + apl = result.GetInt(TokenFiledConst::FIELD_ACL); + value = result.GetString(TokenFiledConst::FIELD_VALUE); + if (!IsPermissionValid(tokenId2apl[tokenId], data, value, (apl == 1))) { + // hap apl less than perm apl without acl is invalid now, keep them in db, maybe valid someday + continue; + } + + validValueList.emplace_back(result); + } + + UpdateUndefinedInfo(validValueList); +} + +void AccessTokenManagerService::HandlePermDefUpdate(std::map& tokenId2apl) +{ + std::string dbPermDefVersion; + GenericValues conditionValue; + conditionValue.Put(TokenFiledConst::FIELD_NAME, PERM_DEF_VERSION); + std::vector results; + int32_t res = AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_SYSTEM_CONFIG, conditionValue, results); + if (res != 0) { + return; + } + + if (!results.empty()) { + dbPermDefVersion = results[0].GetString(TokenFiledConst::FIELD_VALUE); + } + + const char* curPermDefVersion = GetPermDefVersion(); + bool isUpdate = dbPermDefVersion != curPermDefVersion; + if (isUpdate) { + LOGI(ATM_DOMAIN, ATM_TAG, + "Permission definition version from db %{public}s is not same with current version %{public}s.", + dbPermDefVersion.c_str(), curPermDefVersion); + int32_t res = UpdatePermDefVersion(std::string(curPermDefVersion)); + if (res != 0) { + return; + } + if (!dbPermDefVersion.empty()) { // dbPermDefVersion empty means undefine table is empty + HandleHapUndefinedInfo(tokenId2apl); + } + } +} + bool AccessTokenManagerService::Initialize() { MemoryGuard guard; @@ -1394,7 +1608,9 @@ bool AccessTokenManagerService::Initialize() uint32_t nativeSize = 0; uint32_t pefDefSize = 0; uint32_t dlpSize = 0; - AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize); + std::map tokenId2apl; + AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize, tokenId2apl); + HandlePermDefUpdate(tokenId2apl); #ifdef EVENTHANDLER_ENABLE TempPermissionObserver::GetInstance().InitEventHandler(); diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index 608bae333..330764b26 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -86,7 +86,8 @@ AccessTokenInfoManager::~AccessTokenInfoManager() this->hasInited_ = false; } -void AccessTokenInfoManager::Init(uint32_t& hapSize, uint32_t& nativeSize, uint32_t& pefDefSize, uint32_t& dlpSize) +void AccessTokenInfoManager::Init(uint32_t& hapSize, uint32_t& nativeSize, uint32_t& pefDefSize, uint32_t& dlpSize, + std::map& tokenId2apl) { OHOS::Utils::UniqueWriteGuard lk(this->managerLock_); if (hasInited_) { @@ -117,7 +118,7 @@ void AccessTokenInfoManager::Init(uint32_t& hapSize, uint32_t& nativeSize, uint3 } #endif - InitHapTokenInfos(hapSize); + InitHapTokenInfos(hapSize, tokenId2apl); nativeSize = tokenInfos.size(); InitNativeTokenInfos(tokenInfos); pefDefSize = GetDefPermissionsSize(); @@ -206,7 +207,7 @@ int32_t AccessTokenInfoManager::AddHapInfoToCache(const GenericValues& tokenValu return RET_SUCCESS; } -void AccessTokenInfoManager::InitHapTokenInfos(uint32_t& hapSize) +void AccessTokenInfoManager::InitHapTokenInfos(uint32_t& hapSize, std::map& tokenId2apl) { GenericValues conditionValue; std::vector hapTokenRes; @@ -226,11 +227,14 @@ void AccessTokenInfoManager::InitHapTokenInfos(uint32_t& hapSize) ReportSysEventServiceStartError(INIT_HAP_TOKENINFO_ERROR, "Load exetended value from db fail.", ret); } for (const GenericValues& tokenValue : hapTokenRes) { + int32_t tokenId = tokenValue.GetInt(TokenFiledConst::FIELD_TOKEN_ID); + int32_t apl = tokenValue.GetInt(TokenFiledConst::FIELD_APL); ret = AddHapInfoToCache(tokenValue, permStateRes, extendedPermRes); if (ret != RET_SUCCESS) { continue; } hapSize++; + tokenId2apl[tokenId] = apl; } } @@ -562,8 +566,15 @@ int32_t AccessTokenInfoManager::RegisterTokenId(const HapInfoParams& info, Acces return res; } -int AccessTokenInfoManager::CreateHapTokenInfo( - const HapInfoParams& info, const HapPolicy& policy, AccessTokenIDEx& tokenIdEx) +void AccessTokenInfoManager::AddTokenIdToUndefValues(AccessTokenID tokenId, std::vector& undefValues) +{ + for (auto& value : undefValues) { + value.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenId)); + } +} + +int AccessTokenInfoManager::CreateHapTokenInfo(const HapInfoParams& info, const HapPolicy& policy, + AccessTokenIDEx& tokenIdEx, std::vector& undefValues) { if (CheckHapInfoParam(info, policy) != ERR_OK) { return AccessTokenError::ERR_PARAM_INVALID; @@ -573,6 +584,7 @@ int AccessTokenInfoManager::CreateHapTokenInfo( if (ret != RET_SUCCESS) { return ret; } + AddTokenIdToUndefValues(tokenId, undefValues); #ifdef SUPPORT_SANDBOX_APP std::shared_ptr tokenInfo; HapPolicy policyNew = policy; @@ -583,7 +595,7 @@ int AccessTokenInfoManager::CreateHapTokenInfo( #else std::shared_ptr tokenInfo = std::make_shared(tokenId, info, policy); #endif - ret = AddHapTokenInfoToDb(tokenInfo, info.appIDDesc, policy, false); + ret = AddHapTokenInfoToDb(tokenInfo, info.appIDDesc, policy, false, undefValues); if (ret != RET_SUCCESS) { LOGC(ATM_DOMAIN, ATM_TAG, "AddHapTokenInfoToDb failed, errCode is %{public}d.", ret); AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); @@ -693,7 +705,8 @@ void AccessTokenInfoManager::InitNativeTokenInfos(const std::vector& permStateList, const HapPolicy& hapPolicy) + const std::vector& permStateList, const HapPolicy& hapPolicy, + std::vector& undefValues) { AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; if (!DataValidator::IsAppIDDescValid(info.appIDDesc)) { @@ -725,7 +738,8 @@ int32_t AccessTokenInfoManager::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const infoPtr->Update(info, permStateList, hapPolicy); } - int32_t ret = AddHapTokenInfoToDb(infoPtr, info.appIDDesc, hapPolicy, true); + AddTokenIdToUndefValues(tokenID, undefValues); + int32_t ret = AddHapTokenInfoToDb(infoPtr, info.appIDDesc, hapPolicy, true, undefValues); if (ret != RET_SUCCESS) { LOGC(ATM_DOMAIN, ATM_TAG, "Add hap info %{public}u to db failed!", tokenID); return ret; @@ -1035,8 +1049,31 @@ static void GetUserGrantPermFromDef(const std::vector& permList, } } +void AccessTokenInfoManager::FillDelValues(AccessTokenID tokenID, bool isSystemRes, + const std::vector& permExtendValues, const std::vector& undefValues, + std::vector& deleteValues) +{ + GenericValues conditionValue; + conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenID)); + deleteValues.emplace_back(conditionValue); // hap_token_info_table + deleteValues.emplace_back(conditionValue); // permission_state_table + + if (isSystemRes) { + deleteValues.emplace_back(conditionValue); // permission_definition_table + } + + if (!permExtendValues.empty()) { + deleteValues.emplace_back(conditionValue); // permission_extend_value_table + } + + if (!undefValues.empty()) { + deleteValues.emplace_back(conditionValue); // hap_undefine_info_table + } + return; +} + int AccessTokenInfoManager::AddHapTokenInfoToDb(const std::shared_ptr& hapInfo, - const std::string& appId, const HapPolicy& policy, bool isUpdate) + const std::string& appId, const HapPolicy& policy, bool isUpdate, const std::vector& undefValues) { if (hapInfo == nullptr) { LOGC(ATM_DOMAIN, ATM_TAG, "Token info is null!"); @@ -1064,12 +1101,10 @@ int AccessTokenInfoManager::AddHapTokenInfoToDb(const std::shared_ptr addDataTypes; addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_HAP_INFO); addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_STATE); - addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_EXTEND_VALUE); std::vector> addValues; addValues.emplace_back(hapInfoValues); addValues.emplace_back(permStateValues); - addValues.emplace_back(permExtendValues); if (isSystemRes) { std::vector permDefValues; @@ -1078,19 +1113,22 @@ int AccessTokenInfoManager::AddHapTokenInfoToDb(const std::shared_ptr delDataTypes; std::vector deleteValues; if (isUpdate) { // udapte: delete and add; otherwise add only delDataTypes.assign(addDataTypes.begin(), addDataTypes.end()); - GenericValues conditionValue; - conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenID)); - deleteValues.emplace_back(conditionValue); - deleteValues.emplace_back(conditionValue); - deleteValues.emplace_back(conditionValue); - if (isSystemRes) { - deleteValues.emplace_back(conditionValue); - } + FillDelValues(tokenID, isSystemRes, permExtendValues, undefValues, deleteValues); } return AccessTokenDb::GetInstance().DeleteAndInsertValues(delDataTypes, deleteValues, addDataTypes, addValues); @@ -1106,11 +1144,13 @@ int AccessTokenInfoManager::RemoveHapTokenInfoFromDb(const std::shared_ptr deleteValues; deleteValues.emplace_back(condition); deleteValues.emplace_back(condition); deleteValues.emplace_back(condition); + deleteValues.emplace_back(condition); if (IsSystemResource(info->GetBundleName())) { deleteDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_DEF); diff --git a/services/accesstokenmanager/test/coverage/accesstoken_database_coverage_test.cpp b/services/accesstokenmanager/test/coverage/accesstoken_database_coverage_test.cpp index 6d78206d9..0a303cf3c 100644 --- a/services/accesstokenmanager/test/coverage/accesstoken_database_coverage_test.cpp +++ b/services/accesstokenmanager/test/coverage/accesstoken_database_coverage_test.cpp @@ -31,16 +31,6 @@ namespace Security { namespace AccessToken { namespace { static constexpr uint32_t NOT_EXSIT_ATM_TYPE = 9; -static constexpr uint32_t UPDATE_FLAG_1 = 1; -static constexpr uint32_t UPDATE_FLAG_2 = 2; -static constexpr uint32_t UPDATE_FLAG_3 = 3; -static constexpr uint32_t UPDATE_FLAG_4 = 4; -static constexpr uint32_t UPDATE_FLAG_6 = 6; -static constexpr uint32_t UPDATE_FLAG_7 = 7; -static constexpr uint32_t UPDATE_FLAG_8 = 8; -static constexpr uint32_t UPDATE_FLAG_12 = 12; -static constexpr uint32_t UPDATE_FLAG_14 = 14; -static constexpr uint32_t UPDATE_FLAG_15 = 15; } class AccessTokenDatabaseCoverageTest : public testing::Test { public: @@ -107,46 +97,27 @@ HWTEST_F(AccessTokenDatabaseCoverageTest, TranslationIntoPermissionStatus001, Te */ HWTEST_F(AccessTokenDatabaseCoverageTest, OnUpgrade001, TestSize.Level4) { + std::shared_ptr db = AccessTokenDb::GetInstance().GetRdb(); AccessTokenOpenCallback callback; - uint32_t flag = 0; - callback.GetUpgradeFlag(DATABASE_VERSION_1, DATABASE_VERSION_2, flag); - ASSERT_EQ(UPDATE_FLAG_1, flag); - - flag = 0; - callback.GetUpgradeFlag(DATABASE_VERSION_1, DATABASE_VERSION_3, flag); - ASSERT_EQ(UPDATE_FLAG_3, flag); - - flag = 0; - callback.GetUpgradeFlag(DATABASE_VERSION_1, DATABASE_VERSION_4, flag); - ASSERT_EQ(UPDATE_FLAG_7, flag); - - flag = 0; - callback.GetUpgradeFlag(DATABASE_VERSION_1, DATABASE_VERSION_5, flag); - ASSERT_EQ(UPDATE_FLAG_15, flag); - - flag = 0; - callback.GetUpgradeFlag(DATABASE_VERSION_2, DATABASE_VERSION_3, flag); - ASSERT_EQ(UPDATE_FLAG_2, flag); - - flag = 0; - callback.GetUpgradeFlag(DATABASE_VERSION_2, DATABASE_VERSION_4, flag); - ASSERT_EQ(UPDATE_FLAG_6, flag); + ASSERT_EQ(NativeRdb::E_OK, callback.OnUpgrade(*(db.get()), DATABASE_VERSION_1, DATABASE_VERSION_2)); + ASSERT_EQ(NativeRdb::E_OK, callback.OnUpgrade(*(db.get()), DATABASE_VERSION_1, DATABASE_VERSION_3)); + ASSERT_EQ(NativeRdb::E_OK, callback.OnUpgrade(*(db.get()), DATABASE_VERSION_1, DATABASE_VERSION_4)); + ASSERT_EQ(NativeRdb::E_OK, callback.OnUpgrade(*(db.get()), DATABASE_VERSION_1, DATABASE_VERSION_5)); + ASSERT_EQ(NativeRdb::E_OK, callback.OnUpgrade(*(db.get()), DATABASE_VERSION_1, DATABASE_VERSION_6)); - flag = 0; - callback.GetUpgradeFlag(DATABASE_VERSION_2, DATABASE_VERSION_5, flag); - ASSERT_EQ(UPDATE_FLAG_14, flag); + ASSERT_EQ(NativeRdb::E_OK, callback.OnUpgrade(*(db.get()), DATABASE_VERSION_2, DATABASE_VERSION_3)); + ASSERT_EQ(NativeRdb::E_OK, callback.OnUpgrade(*(db.get()), DATABASE_VERSION_2, DATABASE_VERSION_4)); + ASSERT_EQ(NativeRdb::E_OK, callback.OnUpgrade(*(db.get()), DATABASE_VERSION_2, DATABASE_VERSION_5)); + ASSERT_EQ(NativeRdb::E_OK, callback.OnUpgrade(*(db.get()), DATABASE_VERSION_2, DATABASE_VERSION_6)); - flag = 0; - callback.GetUpgradeFlag(DATABASE_VERSION_3, DATABASE_VERSION_4, flag); - ASSERT_EQ(UPDATE_FLAG_4, flag); + ASSERT_EQ(NativeRdb::E_OK, callback.OnUpgrade(*(db.get()), DATABASE_VERSION_3, DATABASE_VERSION_4)); + ASSERT_EQ(NativeRdb::E_OK, callback.OnUpgrade(*(db.get()), DATABASE_VERSION_3, DATABASE_VERSION_5)); + ASSERT_EQ(NativeRdb::E_OK, callback.OnUpgrade(*(db.get()), DATABASE_VERSION_3, DATABASE_VERSION_6)); - flag = 0; - callback.GetUpgradeFlag(DATABASE_VERSION_3, DATABASE_VERSION_5, flag); - ASSERT_EQ(UPDATE_FLAG_12, flag); + ASSERT_EQ(NativeRdb::E_OK, callback.OnUpgrade(*(db.get()), DATABASE_VERSION_4, DATABASE_VERSION_5)); + ASSERT_EQ(NativeRdb::E_OK, callback.OnUpgrade(*(db.get()), DATABASE_VERSION_4, DATABASE_VERSION_6)); - flag = 0; - callback.GetUpgradeFlag(DATABASE_VERSION_4, DATABASE_VERSION_5, flag); - ASSERT_EQ(UPDATE_FLAG_8, flag); + ASSERT_EQ(NativeRdb::E_OK, callback.OnUpgrade(*(db.get()), DATABASE_VERSION_5, DATABASE_VERSION_6)); } /* diff --git a/services/accesstokenmanager/test/coverage/permission_manager_coverage_test.cpp b/services/accesstokenmanager/test/coverage/permission_manager_coverage_test.cpp index 6dda09ac9..e4529d6b8 100644 --- a/services/accesstokenmanager/test/coverage/permission_manager_coverage_test.cpp +++ b/services/accesstokenmanager/test/coverage/permission_manager_coverage_test.cpp @@ -22,6 +22,7 @@ #define private public #include "accesstoken_info_manager.h" #include "form_manager_access_client.h" +#include "permission_manager.h" #undef private #include "accesstoken_callback_stubs.h" #include "callback_death_recipients.h" @@ -38,6 +39,7 @@ namespace { static const std::string FORM_VISIBLE_NAME = "#1"; static constexpr int USER_ID = 100; static constexpr int INST_INDEX = 0; +static constexpr int32_t RANDOM_TOKENID = 123; static constexpr int INVALID_IPC_CODE = 0; static PermissionStatus g_permState = { @@ -59,7 +61,7 @@ static HapPolicy g_policy = { .permStateList = {g_permState} }; } -class PermissionRecordManagerCoverageTest : public testing::Test { +class PermissionManagerCoverageTest : public testing::Test { public: static void SetUpTestCase(); @@ -70,20 +72,21 @@ public: void TearDown(); }; -void PermissionRecordManagerCoverageTest::SetUpTestCase() +void PermissionManagerCoverageTest::SetUpTestCase() { uint32_t hapSize = 0; uint32_t nativeSize = 0; uint32_t pefDefSize = 0; uint32_t dlpSize = 0; - AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize); + std::map tokenId2apl; + AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize, tokenId2apl); } -void PermissionRecordManagerCoverageTest::TearDownTestCase() {} +void PermissionManagerCoverageTest::TearDownTestCase() {} -void PermissionRecordManagerCoverageTest::SetUp() {} +void PermissionManagerCoverageTest::SetUp() {} -void PermissionRecordManagerCoverageTest::TearDown() {} +void PermissionManagerCoverageTest::TearDown() {} /* * @tc.name: RegisterAddObserverTest001 @@ -91,7 +94,7 @@ void PermissionRecordManagerCoverageTest::TearDown() {} * @tc.type: FUNC * @tc.require: issueI5RWXF */ -HWTEST_F(PermissionRecordManagerCoverageTest, RegisterAddObserverTest001, TestSize.Level4) +HWTEST_F(PermissionManagerCoverageTest, RegisterAddObserverTest001, TestSize.Level4) { AccessTokenID selfTokenId = GetSelfTokenID(); AccessTokenID nativeToken = AccessTokenInfoManager::GetInstance().GetNativeTokenId("privacy_service"); @@ -116,7 +119,7 @@ HWTEST_F(PermissionRecordManagerCoverageTest, RegisterAddObserverTest001, TestSi * @tc.type: FUNC * @tc.require: issueI5RWXF */ -HWTEST_F(PermissionRecordManagerCoverageTest, FormMgrDiedHandle001, TestSize.Level4) +HWTEST_F(PermissionManagerCoverageTest, FormMgrDiedHandle001, TestSize.Level4) { FormManagerAccessClient::GetInstance().OnRemoteDiedHandle(); ASSERT_EQ(nullptr, FormManagerAccessClient::GetInstance().proxy_); @@ -144,7 +147,7 @@ public: * @tc.type: FUNC * @tc.require: */ -HWTEST_F(PermissionRecordManagerCoverageTest, OnRemoteRequest001, TestSize.Level4) +HWTEST_F(PermissionManagerCoverageTest, OnRemoteRequest001, TestSize.Level4) { PermissionRecordManagerCoverTestCb1 callback; @@ -184,10 +187,12 @@ HWTEST_F(PermissionRecordManagerCoverageTest, OnRemoteRequest001, TestSize.Level * @tc.type: FUNC * @tc.require: */ -HWTEST_F(PermissionRecordManagerCoverageTest, UpdateCapStateToDatabase001, TestSize.Level4) +HWTEST_F(PermissionManagerCoverageTest, UpdateCapStateToDatabase001, TestSize.Level4) { AccessTokenIDEx tokenIdEx = {0}; - ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_info, g_policy, tokenIdEx)); + std::vector undefValues; + ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_info, g_policy, tokenIdEx, + undefValues)); AccessTokenID tokenId = tokenIdEx.tokenIdExStruct.tokenID; ASSERT_NE(INVALID_TOKENID, tokenId); @@ -202,15 +207,15 @@ HWTEST_F(PermissionRecordManagerCoverageTest, UpdateCapStateToDatabase001, TestS * @tc.type: FUNC * @tc.require: */ -HWTEST_F(PermissionRecordManagerCoverageTest, RestorePermissionPolicy001, TestSize.Level4) +HWTEST_F(PermissionManagerCoverageTest, RestorePermissionPolicy001, TestSize.Level4) { GenericValues value1; - value1.Put(TokenFiledConst::FIELD_TOKEN_ID, 123); // 123 is random input + value1.Put(TokenFiledConst::FIELD_TOKEN_ID, RANDOM_TOKENID); value1.Put(TokenFiledConst::FIELD_PERMISSION_NAME, "ohos.permission.CAMERA"); value1.Put(TokenFiledConst::FIELD_GRANT_STATE, static_cast(3)); value1.Put(TokenFiledConst::FIELD_GRANT_FLAG, PermissionFlag::PERMISSION_DEFAULT_FLAG); - AccessTokenID tokenId = 123; // 123 is random input + AccessTokenID tokenId = RANDOM_TOKENID; std::vector permStateRes1; permStateRes1.emplace_back(value1); std::vector extendedPermRes1; @@ -221,12 +226,12 @@ HWTEST_F(PermissionRecordManagerCoverageTest, RestorePermissionPolicy001, TestSi GenericValues value2; - value2.Put(TokenFiledConst::FIELD_TOKEN_ID, 123); // 123 is random input + value2.Put(TokenFiledConst::FIELD_TOKEN_ID, RANDOM_TOKENID); value2.Put(TokenFiledConst::FIELD_PERMISSION_NAME, "ohos.permission.CAMERA"); value2.Put(TokenFiledConst::FIELD_GRANT_STATE, PermissionState::PERMISSION_DENIED); value2.Put(TokenFiledConst::FIELD_GRANT_FLAG, PermissionFlag::PERMISSION_DEFAULT_FLAG); GenericValues value3; - value3.Put(TokenFiledConst::FIELD_TOKEN_ID, 123); // 123 is random input + value3.Put(TokenFiledConst::FIELD_TOKEN_ID, RANDOM_TOKENID); value3.Put(TokenFiledConst::FIELD_PERMISSION_NAME, "ohos.permission.MICROPHONE"); value3.Put(TokenFiledConst::FIELD_GRANT_STATE, PermissionState::PERMISSION_DENIED); value3.Put(TokenFiledConst::FIELD_GRANT_FLAG, PermissionFlag::PERMISSION_DEFAULT_FLAG); @@ -240,6 +245,79 @@ HWTEST_F(PermissionRecordManagerCoverageTest, RestorePermissionPolicy001, TestSi ASSERT_EQ(RET_SUCCESS, PermissionDataBrief::GetInstance().GetBriefPermDataByTokenId(tokenId, briefPermDataList)); ASSERT_EQ(static_cast(2), briefPermDataList.size()); } + +/** + * @tc.name: AddBriefPermData001 + * @tc.desc: PermissionDataBrief::AddBriefPermData function test + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionManagerCoverageTest, AddBriefPermData001, TestSize.Level4) +{ + PermissionDataBrief::GetInstance().DeleteBriefPermDataByTokenId(RANDOM_TOKENID); + std::string permissionName = "ohos.permission.INVALID"; + PermissionState grantStatus = PermissionState::PERMISSION_DENIED; + PermissionFlag grantFlag = PermissionFlag::PERMISSION_DEFAULT_FLAG; + std::string value = "test"; + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, PermissionDataBrief::GetInstance().AddBriefPermData( + RANDOM_TOKENID, permissionName, grantStatus, grantFlag, value)); + + permissionName = "ohos.permission.READ_MEDIA"; + ASSERT_EQ(AccessTokenError::ERR_TOKEN_INVALID, PermissionDataBrief::GetInstance().AddBriefPermData( + RANDOM_TOKENID, permissionName, grantStatus, grantFlag, value)); +} + +/** + * @tc.name: GetMasterAppUndValues001 + * @tc.desc: PermissionManager::GetMasterAppUndValues function test + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionManagerCoverageTest, GetMasterAppUndValues001, TestSize.Level4) +{ + AccessTokenID tokenID = RANDOM_TOKENID; + std::vector undefValues; + PermissionManager::GetInstance().GetMasterAppUndValues(tokenID, undefValues); + ASSERT_EQ(true, undefValues.empty()); +} + +/** + * @tc.name: FillDelValues001 + * @tc.desc: AccessTokenInfoManager::FillDelValues function test + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionManagerCoverageTest, FillDelValues001, TestSize.Level4) +{ + AccessTokenID tokenID = RANDOM_TOKENID; + bool isSystemRes = false; + std::vector permExtendValues; + std::vector undefValues; + std::vector deleteValues; + AccessTokenInfoManager::GetInstance().FillDelValues(tokenID, isSystemRes, permExtendValues, undefValues, + deleteValues); + ASSERT_EQ(2, deleteValues.size()); + + isSystemRes = true; + std::vector deleteValues2; + AccessTokenInfoManager::GetInstance().FillDelValues(tokenID, isSystemRes, permExtendValues, undefValues, + deleteValues2); + ASSERT_EQ(3, deleteValues2.size()); + + GenericValues conditionValue; + conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenID)); + permExtendValues.emplace_back(conditionValue); + std::vector deleteValues3; + AccessTokenInfoManager::GetInstance().FillDelValues(tokenID, isSystemRes, permExtendValues, undefValues, + deleteValues3); + ASSERT_EQ(4, deleteValues3.size()); + + undefValues.emplace_back(conditionValue); + std::vector deleteValues4; + AccessTokenInfoManager::GetInstance().FillDelValues(tokenID, isSystemRes, permExtendValues, undefValues, + deleteValues4); + ASSERT_EQ(5, deleteValues4.size()); +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp b/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp index 9a35bce8f..01cb1666a 100644 --- a/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp +++ b/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp @@ -130,7 +130,8 @@ void AccessTokenInfoManagerTest::SetUpTestCase() uint32_t nativeSize = 0; uint32_t pefDefSize = 0; uint32_t dlpSize = 0; - AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize); + std::map tokenId2apl; + AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize, tokenId2apl); } void AccessTokenInfoManagerTest::TearDownTestCase() @@ -190,8 +191,9 @@ HWTEST_F(AccessTokenInfoManagerTest, HapTokenInfoInner001, TestSize.Level0) HWTEST_F(AccessTokenInfoManagerTest, CreateHapTokenInfo001, TestSize.Level0) { AccessTokenIDEx tokenIdEx = {0}; + std::vector undefValues; int ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoManagerTestInfoParms, - g_infoManagerTestPolicyPrams1, tokenIdEx); + g_infoManagerTestPolicyPrams1, tokenIdEx, undefValues); ASSERT_EQ(RET_SUCCESS, ret); GTEST_LOG_(INFO) << "add a hap token"; @@ -219,14 +221,15 @@ HWTEST_F(AccessTokenInfoManagerTest, CreateHapTokenInfo001, TestSize.Level0) HWTEST_F(AccessTokenInfoManagerTest, CreateHapTokenInfo002, TestSize.Level0) { AccessTokenIDEx tokenIdEx = {0}; + std::vector undefValues; int ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoManagerTestInfoParms, - g_infoManagerTestPolicyPrams1, tokenIdEx); + g_infoManagerTestPolicyPrams1, tokenIdEx, undefValues); ASSERT_EQ(RET_SUCCESS, ret); GTEST_LOG_(INFO) << "add a hap token"; AccessTokenIDEx tokenIdEx1 = {0}; ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoManagerTestInfoParms, - g_infoManagerTestPolicyPrams1, tokenIdEx1); + g_infoManagerTestPolicyPrams1, tokenIdEx1, undefValues); ASSERT_EQ(RET_SUCCESS, ret); ASSERT_NE(tokenIdEx.tokenIdExStruct.tokenID, tokenIdEx1.tokenIdExStruct.tokenID); GTEST_LOG_(INFO) << "add same hap token"; @@ -257,8 +260,10 @@ HWTEST_F(AccessTokenInfoManagerTest, CreateHapTokenInfo003, TestSize.Level0) }; HapPolicy policy; AccessTokenIDEx tokenIdEx; + std::vector undefValues; - ASSERT_NE(RET_SUCCESS, AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(info, policy, tokenIdEx)); + ASSERT_NE(RET_SUCCESS, AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(info, policy, tokenIdEx, + undefValues)); } /** @@ -275,8 +280,10 @@ HWTEST_F(AccessTokenInfoManagerTest, CreateHapTokenInfo004, TestSize.Level0) }; HapPolicy policy; AccessTokenIDEx tokenIdEx; + std::vector undefValues; - ASSERT_NE(RET_SUCCESS, AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(info, policy, tokenIdEx)); + ASSERT_NE(RET_SUCCESS, AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(info, policy, tokenIdEx, + undefValues)); } /** @@ -294,8 +301,10 @@ HWTEST_F(AccessTokenInfoManagerTest, CreateHapTokenInfo005, TestSize.Level0) }; HapPolicy policy; AccessTokenIDEx tokenIdEx; + std::vector undefValues; - ASSERT_NE(RET_SUCCESS, AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(info, policy, tokenIdEx)); + ASSERT_NE(RET_SUCCESS, AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(info, policy, tokenIdEx, + undefValues)); } /** @@ -315,8 +324,10 @@ HWTEST_F(AccessTokenInfoManagerTest, CreateHapTokenInfo006, TestSize.Level0) .domain = "" }; AccessTokenIDEx tokenIdEx; + std::vector undefValues; - ASSERT_NE(RET_SUCCESS, AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(info, policy, tokenIdEx)); + ASSERT_NE(RET_SUCCESS, AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(info, policy, tokenIdEx, + undefValues)); } /** @@ -337,8 +348,10 @@ HWTEST_F(AccessTokenInfoManagerTest, CreateHapTokenInfo007, TestSize.Level0) .domain = "who cares" }; AccessTokenIDEx tokenIdEx; + std::vector undefValues; - ASSERT_NE(RET_SUCCESS, AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(info, policy, tokenIdEx)); + ASSERT_NE(RET_SUCCESS, AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(info, policy, tokenIdEx, + undefValues)); } /** @@ -372,7 +385,9 @@ HWTEST_F(AccessTokenInfoManagerTest, CreateHapTokenInfo008, TestSize.Level0) .permList = {permDef} }; AccessTokenIDEx tokenIdEx; - ASSERT_NE(RET_SUCCESS, AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(info, policy, tokenIdEx)); + std::vector undefValues; + ASSERT_NE(RET_SUCCESS, AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(info, policy, tokenIdEx, + undefValues)); } /** @@ -694,8 +709,9 @@ HWTEST_F(AccessTokenInfoManagerTest, GetHapTokenInfo001, TestSize.Level0) result = AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID, hapInfo); ASSERT_EQ(result, ERR_TOKENID_NOT_EXIST); + std::vector undefValues; result = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo( - g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams1, tokenIdEx); + g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams1, tokenIdEx, undefValues); ASSERT_EQ(RET_SUCCESS, result); GTEST_LOG_(INFO) << "add a hap token"; result = AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID, hapInfo); @@ -756,8 +772,9 @@ HWTEST_F(AccessTokenInfoManagerTest, RemoveHapTokenInfo001, TestSize.Level0) HWTEST_F(AccessTokenInfoManagerTest, GetHapTokenID001, TestSize.Level0) { AccessTokenIDEx tokenIdEx = {0}; + std::vector undefValues; int ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoManagerTestInfoParms, - g_infoManagerTestPolicyPrams1, tokenIdEx); + g_infoManagerTestPolicyPrams1, tokenIdEx, undefValues); ASSERT_EQ(RET_SUCCESS, ret); GTEST_LOG_(INFO) << "add a hap token"; @@ -786,8 +803,9 @@ HWTEST_F(AccessTokenInfoManagerTest, GetHapTokenID001, TestSize.Level0) HWTEST_F(AccessTokenInfoManagerTest, UpdateHapToken001, TestSize.Level0) { AccessTokenIDEx tokenIdEx = {0}; + std::vector undefValues; int ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoManagerTestInfoParms, - g_infoManagerTestPolicyPrams1, tokenIdEx); + g_infoManagerTestPolicyPrams1, tokenIdEx, undefValues); ASSERT_EQ(RET_SUCCESS, ret); GTEST_LOG_(INFO) << "add a hap token"; @@ -798,7 +816,7 @@ HWTEST_F(AccessTokenInfoManagerTest, UpdateHapToken001, TestSize.Level0) info.apiVersion = DEFAULT_API_VERSION; info.isSystemApp = false; ret = AccessTokenInfoManager::GetInstance().UpdateHapToken( - tokenIdEx, info, policy.permStateList, policy); + tokenIdEx, info, policy.permStateList, policy, undefValues); ASSERT_EQ(RET_SUCCESS, ret); GTEST_LOG_(INFO) << "update the hap token"; @@ -829,13 +847,14 @@ HWTEST_F(AccessTokenInfoManagerTest, UpdateHapToken002, TestSize.Level0) info.appIDDesc = std::string(""); info.apiVersion = DEFAULT_API_VERSION; info.isSystemApp = false; + std::vector undefValues; int ret = AccessTokenInfoManager::GetInstance().UpdateHapToken( - tokenIdEx, info, policy.permStateList, policy); + tokenIdEx, info, policy.permStateList, policy, undefValues); ASSERT_EQ(ERR_PARAM_INVALID, ret); info.appIDDesc = std::string("updateAppId"); ret = AccessTokenInfoManager::GetInstance().UpdateHapToken( - tokenIdEx, info, policy.permStateList, policy); + tokenIdEx, info, policy.permStateList, policy, undefValues); ASSERT_EQ(ERR_TOKENID_NOT_EXIST, ret); } @@ -858,8 +877,9 @@ HWTEST_F(AccessTokenInfoManagerTest, UpdateHapToken003, TestSize.Level0) hapInfoParams.appIDDesc = "who cares"; hapInfoParams.apiVersion = DEFAULT_API_VERSION; hapInfoParams.isSystemApp = false; + std::vector undefValues; ASSERT_EQ(ERR_IDENTITY_CHECK_FAILED, AccessTokenInfoManager::GetInstance().UpdateHapToken( - tokenIdEx, hapInfoParams, policy.permStateList, policy)); + tokenIdEx, hapInfoParams, policy.permStateList, policy, undefValues)); AccessTokenInfoManager::GetInstance().hapTokenInfoMap_.erase(tokenId); } @@ -919,8 +939,9 @@ HWTEST_F(AccessTokenInfoManagerTest, GetHapTokenSync001, TestSize.Level0) { AccessTokenIDEx tokenIdEx = {0}; int result; + std::vector undefValues; result = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo( - g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams1, tokenIdEx); + g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams1, tokenIdEx, undefValues); ASSERT_EQ(RET_SUCCESS, result); GTEST_LOG_(INFO) << "add a hap token"; @@ -961,8 +982,9 @@ HWTEST_F(AccessTokenInfoManagerTest, GetHapTokenSync002, TestSize.Level0) HWTEST_F(AccessTokenInfoManagerTest, GetHapTokenInfoFromRemote001, TestSize.Level0) { AccessTokenIDEx tokenIdEx = {0}; + std::vector undefValues; int ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo( - g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams1, tokenIdEx); + g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams1, tokenIdEx, undefValues); ASSERT_EQ(RET_SUCCESS, ret); GTEST_LOG_(INFO) << "add a hap token"; @@ -984,8 +1006,9 @@ HWTEST_F(AccessTokenInfoManagerTest, GetHapTokenInfoFromRemote001, TestSize.Leve HWTEST_F(AccessTokenInfoManagerTest, RemoteHapTest001, TestSize.Level0) { AccessTokenIDEx tokenIdEx = {0}; + std::vector undefValues; int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo( - g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams1, tokenIdEx); + g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams1, tokenIdEx, undefValues); ASSERT_EQ(RET_SUCCESS, ret); GTEST_LOG_(INFO) << "add a hap token"; @@ -1018,8 +1041,9 @@ HWTEST_F(AccessTokenInfoManagerTest, RemoteHapTest001, TestSize.Level0) HWTEST_F(AccessTokenInfoManagerTest, DeleteRemoteToken001, TestSize.Level0) { AccessTokenIDEx tokenIdEx = {0}; + std::vector undefValues; int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo( - g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams1, tokenIdEx); + g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams1, tokenIdEx, undefValues); ASSERT_EQ(RET_SUCCESS, ret); GTEST_LOG_(INFO) << "add a hap token"; @@ -1212,8 +1236,9 @@ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenSyncCallback002, TestSize.Leve // add a hap token AccessTokenIDEx tokenIdEx = {123}; + std::vector undefValues; int32_t result = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo( - g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams1, tokenIdEx); + g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams1, tokenIdEx, undefValues); EXPECT_EQ(RET_SUCCESS, result); HapTokenInfoForSync hapSync; @@ -1463,8 +1488,9 @@ HWTEST_F(AccessTokenInfoManagerTest, DumpTokenInfo001, TestSize.Level0) HWTEST_F(AccessTokenInfoManagerTest, DumpTokenInfo002, TestSize.Level0) { AccessTokenIDEx tokenIdEx = {0}; + std::vector undefValues; AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoManagerTestInfoParms, - g_infoManagerTestPolicyPrams1, tokenIdEx); + g_infoManagerTestPolicyPrams1, tokenIdEx, undefValues); tokenIdEx = AccessTokenInfoManager::GetInstance().GetHapTokenID(g_infoManagerTestInfoParms.userID, g_infoManagerTestInfoParms.bundleName, g_infoManagerTestInfoParms.instIndex); @@ -1536,8 +1562,9 @@ HWTEST_F(AccessTokenInfoManagerTest, DumpTokenInfo006, TestSize.Level0) HWTEST_F(AccessTokenInfoManagerTest, DumpTokenInfo007, TestSize.Level0) { AccessTokenIDEx tokenIdEx = {0}; + std::vector undefValues; AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoManagerTestInfoParms, - g_infoManagerTestPolicyPrams1, tokenIdEx); + g_infoManagerTestPolicyPrams1, tokenIdEx, undefValues); tokenIdEx = AccessTokenInfoManager::GetInstance().GetHapTokenID(g_infoManagerTestInfoParms.userID, g_infoManagerTestInfoParms.bundleName, g_infoManagerTestInfoParms.instIndex); @@ -1568,7 +1595,8 @@ HWTEST_F(AccessTokenInfoManagerTest, AccessTokenInfoManager001, TestSize.Level0) uint32_t nativeSize = 0; uint32_t pefDefSize = 0; uint32_t dlpSize = 0; - AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize); + std::map tokenId2apl; + AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize, tokenId2apl); AccessTokenInfoManager::GetInstance().hasInited_ = false; ASSERT_EQ(false, AccessTokenInfoManager::GetInstance().hasInited_); } @@ -1617,7 +1645,9 @@ HWTEST_F(AccessTokenInfoManagerTest, AddHapTokenInfo002, TestSize.Level0) .domain = "domain" }; AccessTokenIDEx tokenIdEx = {0}; - ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(info, policy, tokenIdEx)); + std::vector undefValues; + ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(info, policy, tokenIdEx, + undefValues)); AccessTokenID tokenId = tokenIdEx.tokenIdExStruct.tokenID; ASSERT_NE(static_cast(0), tokenId); @@ -1984,8 +2014,9 @@ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenId001, TestSize.Level0) ASSERT_NE(RET_SUCCESS, AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, type)); AccessTokenIDEx tokenIdEx = {0}; + std::vector undefValues; ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoManagerTestInfoParms, - g_infoManagerTestPolicyPrams1, tokenIdEx)); + g_infoManagerTestPolicyPrams1, tokenIdEx, undefValues)); // register repeat ASSERT_NE(RET_SUCCESS, AccessTokenIDManager::GetInstance().RegisterTokenId( @@ -2002,8 +2033,9 @@ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenId001, TestSize.Level0) HWTEST_F(AccessTokenInfoManagerTest, ClearAllSecCompGrantedPerm001, TestSize.Level0) { AccessTokenIDEx tokenIdEx = {0}; + std::vector undefValues; int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo( - g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams1, tokenIdEx); + g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams1, tokenIdEx, undefValues); ASSERT_EQ(RET_SUCCESS, ret); AccessTokenID tokenId = tokenIdEx.tokenIdExStruct.tokenID; @@ -2043,8 +2075,9 @@ HWTEST_F(AccessTokenInfoManagerTest, SetPermDialogCap001, TestSize.Level0) HWTEST_F(AccessTokenInfoManagerTest, SetPermDialogCap002, TestSize.Level0) { AccessTokenIDEx tokenIdEx = {0}; + std::vector undefValues; int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo( - g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams1, tokenIdEx); + g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams1, tokenIdEx, undefValues); ASSERT_EQ(RET_SUCCESS, ret); AccessTokenID tokenId = tokenIdEx.tokenIdExStruct.tokenID; @@ -2093,8 +2126,9 @@ HWTEST_F(AccessTokenInfoManagerTest, GetPermDialogCap001, TestSize.Level0) .instIndex = g_infoManagerTestInfoParms.instIndex, }; AccessTokenIDEx tokenIdEx = {0}; + std::vector undefValues; int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo( - g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams1, tokenIdEx); + g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams1, tokenIdEx, undefValues); ASSERT_EQ(RET_SUCCESS, ret); AccessTokenID tokenId = tokenIdEx.tokenIdExStruct.tokenID; std::shared_ptr back = AccessTokenInfoManager::GetInstance().hapTokenInfoMap_[tokenId]; @@ -2248,7 +2282,9 @@ HWTEST_F(AccessTokenInfoManagerTest, GetAppId001, TestSize.Level0) .domain = "domain" }; AccessTokenIDEx tokenIdEx = {0}; - ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(info, policy, tokenIdEx)); + std::vector undefValues; + ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(info, policy, tokenIdEx, + undefValues)); std::string appId; int ret = AccessTokenInfoManager::GetInstance().GetHapAppIdByTokenId(tokenIdEx.tokenIdExStruct.tokenID, appId); ASSERT_EQ(ret, RET_SUCCESS); diff --git a/services/accesstokenmanager/test/unittest/accesstoken_manager_service_test.cpp b/services/accesstokenmanager/test/unittest/accesstoken_manager_service_test.cpp index e3bafe605..83253f22c 100644 --- a/services/accesstokenmanager/test/unittest/accesstoken_manager_service_test.cpp +++ b/services/accesstokenmanager/test/unittest/accesstoken_manager_service_test.cpp @@ -16,10 +16,12 @@ #include "accesstoken_manager_service_test.h" #include "gtest/gtest.h" -#include "parameters.h" -#include "accesstoken_manager_service.h" +#include "access_token_db.h" #include "access_token_error.h" #include "atm_tools_param_info_parcel.h" +#include "parameters.h" +#include "permission_map.h" +#include "token_field_const.h" const char* DEVELOPER_MODE_STATE = "const.security.developermode.state"; @@ -29,6 +31,67 @@ using namespace OHOS; namespace OHOS { namespace Security { namespace AccessToken { +namespace { +static constexpr int32_t USER_ID = 100; +static constexpr int32_t INST_INDEX = 0; +static constexpr int32_t API_VERSION_9 = 9; +static constexpr int32_t RANDOM_TOKENID = 123; + +static PermissionStatus g_state1 = { // kernel permission + .permissionName = "ohos.permission.KERNEL_ATM_SELF_USE", + .grantStatus = static_cast(PermissionState::PERMISSION_GRANTED), + .grantFlag = static_cast(PermissionFlag::PERMISSION_SYSTEM_FIXED) +}; + +static PermissionStatus g_state2 = { // invalid permission + .permissionName = "ohos.permission.INVALIDA", + .grantStatus = PermissionState::PERMISSION_DENIED, + .grantFlag = PermissionFlag::PERMISSION_DEFAULT_FLAG +}; + +static PermissionStatus g_state3 = { // invalid permission + .permissionName = "ohos.permission.INVALIDB", + .grantStatus = PermissionState::PERMISSION_DENIED, + .grantFlag = PermissionFlag::PERMISSION_DEFAULT_FLAG +}; + +static PermissionStatus g_state4 = { // user grant permission + .permissionName = "ohos.permission.READ_MEDIA", + .grantStatus = static_cast(PermissionState::PERMISSION_GRANTED), + .grantFlag = static_cast(PermissionFlag::PERMISSION_USER_FIXED) +}; + +static PermissionStatus g_state5 = { // system grant permission + .permissionName = "ohos.permission.REFRESH_USER_ACTION", + .grantStatus = static_cast(PermissionState::PERMISSION_DENIED), + .grantFlag = static_cast(PermissionFlag::PERMISSION_DEFAULT_FLAG) +}; + +static PermissionStatus g_state6 = { // system core + .permissionName = "ohos.permission.POWER_MANAGER", + .grantStatus = static_cast(PermissionState::PERMISSION_DENIED), + .grantFlag = static_cast(PermissionFlag::PERMISSION_DEFAULT_FLAG) +}; + +static HapInfoParams g_info = { + .userID = USER_ID, + .bundleName = "accesstoken_manager_service_test", + .instIndex = INST_INDEX, + .dlpType = static_cast(HapDlpType::DLP_COMMON), + .apiVersion = API_VERSION_9, + .isSystemApp = false, + .appIDDesc = "accesstoken_manager_service_test", +}; + +static HapPolicy g_policy = { + .apl = ATokenAplEnum::APL_SYSTEM_BASIC, + .domain = "test.domain", + .permStateList = {g_state1, g_state2}, + .aclRequestedList = { "ohos.permission.INVALIDA" }, // kernel permission with value no need acl + .aclExtendedMap = { std::make_pair("ohos.permission.KERNEL_ATM_SELF_USE", "test") }, +}; +} + void AccessTokenManagerServiceTest::SetUpTestCase() { } @@ -39,10 +102,13 @@ void AccessTokenManagerServiceTest::TearDownTestCase() void AccessTokenManagerServiceTest::SetUp() { + atManagerService_ = DelayedSingleton::GetInstance(); + EXPECT_NE(nullptr, atManagerService_); } void AccessTokenManagerServiceTest::TearDown() { + atManagerService_ = nullptr; } /** @@ -73,6 +139,694 @@ HWTEST_F(AccessTokenManagerServiceTest, DumpTokenInfoFuncTest001, TestSize.Level ASSERT_NE("", dumpInfo); } +void AccessTokenManagerServiceTest::CreateHapToken(const HapInfoParcel& infoParCel, const HapPolicyParcel& policyParcel, + AccessTokenID& tokenId, std::map& tokenId2apl, bool hasInit) +{ + if (!hasInit) { + atManagerService_->Initialize(); + } + + uint64_t fullTokenId; + HapInfoCheckResultIdl result; + int32_t res = atManagerService_->InitHapToken(infoParCel, policyParcel, fullTokenId, result); + ASSERT_EQ(RET_SUCCESS, res); + + AccessTokenIDEx tokenIDEx; + tokenIDEx.tokenIDEx = fullTokenId; + tokenId = tokenIDEx.tokenIdExStruct.tokenID; + ASSERT_NE(INVALID_TOKENID, tokenId); + tokenId2apl[static_cast(tokenId)] = g_policy.apl; +} + +/** + * @tc.name: SystemConfigTest001 + * @tc.desc: test permission define version from db same with permission define version from rodata + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenManagerServiceTest, SystemConfigTest001, TestSize.Level1) +{ + GenericValues conditionValue; + conditionValue.Put(TokenFiledConst::FIELD_NAME, PERM_DEF_VERSION); + std::vector results; + ASSERT_EQ(0, AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_SYSTEM_CONFIG, conditionValue, results)); + ASSERT_EQ(false, results.empty()); + + std::string dbPermDefVersion = results[0].GetString(TokenFiledConst::FIELD_VALUE); + const char* curPermDefVersion = GetPermDefVersion(); + ASSERT_EQ(true, dbPermDefVersion == curPermDefVersion); +} + +/** + * @tc.name: InitHapTokenTest001 + * @tc.desc: test insert or remove data to undefine table when install or uninstall hap + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenManagerServiceTest, InitHapTokenTest001, TestSize.Level1) +{ + HapInfoParcel infoParCel; + infoParCel.hapInfoParameter = g_info; + HapPolicyParcel policyParcel; + policyParcel.hapPolicy = g_policy; // KERNEL_ATM_SELF_USE(hasValue is true) + INVALIDA + AccessTokenID tokenId; + std::map tokenId2apl; + CreateHapToken(infoParCel, policyParcel, tokenId, tokenId2apl); + + // query undefine table + GenericValues conditionValue; + conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenId)); + std::vector results; + ASSERT_EQ(0, AccessTokenDb::GetInstance().Find( + AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO, conditionValue, results)); + ASSERT_EQ(1, results.size()); + ASSERT_EQ(static_cast(tokenId), results[0].GetInt(TokenFiledConst::FIELD_TOKEN_ID)); + ASSERT_EQ(g_state2.permissionName, results[0].GetString(TokenFiledConst::FIELD_PERMISSION_NAME)); + ASSERT_EQ(1, results[0].GetInt(TokenFiledConst::FIELD_ACL)); + ASSERT_EQ(g_policy.aclExtendedMap[g_state2.permissionName], results[0].GetString(TokenFiledConst::FIELD_VALUE)); + + ASSERT_EQ(0, atManagerService_->DeleteToken(tokenId)); // delete token + + // after delete token, data remove from undefine table + std::vector results1; + ASSERT_EQ(0, AccessTokenDb::GetInstance().Find( + AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO, conditionValue, results1)); + ASSERT_EQ(0, results1.size()); +} + +/** + * @tc.name: InitHapTokenTest002 + * @tc.desc: test dlp app has same undefined info with the master app + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenManagerServiceTest, InitHapTokenTest002, TestSize.Level1) +{ + HapInfoParcel infoParCel; + infoParCel.hapInfoParameter = g_info; + HapPolicyParcel policyParcel; + policyParcel.hapPolicy = g_policy; // KERNEL_ATM_SELF_USE + INVALIDA + AccessTokenID tokenId; + std::map tokenId2apl; + CreateHapToken(infoParCel, policyParcel, tokenId, tokenId2apl); // create master app + + HapInfoParcel infoParCel2; + infoParCel2.hapInfoParameter = g_info; + infoParCel2.hapInfoParameter.instIndex = INST_INDEX + 1; + infoParCel2.hapInfoParameter.dlpType = static_cast(HapDlpType::DLP_FULL_CONTROL); + HapPolicyParcel policyParcel2; + policyParcel2.hapPolicy = g_policy; // KERNEL_ATM_SELF_USE + INVALIDB, INVALIDB diff from INVALIDA in master app + policyParcel2.hapPolicy.permStateList = {g_state1, g_state3}; + AccessTokenID tokenId2; + CreateHapToken(infoParCel2, policyParcel2, tokenId2, tokenId2apl, true); // create dlp app + + // query undefine table for dlp app + GenericValues conditionValue; + conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenId2)); + std::vector results; + ASSERT_EQ(0, AccessTokenDb::GetInstance().Find( + AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO, conditionValue, results)); + ASSERT_EQ(1, results.size()); + ASSERT_EQ(static_cast(tokenId2), results[0].GetInt(TokenFiledConst::FIELD_TOKEN_ID)); + // dlp app has the same undefine data with mater app, INVALIDB change to INVALIDA + ASSERT_EQ(g_state2.permissionName, results[0].GetString(TokenFiledConst::FIELD_PERMISSION_NAME)); + + ASSERT_EQ(0, atManagerService_->DeleteToken(tokenId)); + ASSERT_EQ(0, atManagerService_->DeleteToken(tokenId2)); +} + +/** + * @tc.name: UpdateHapTokenTest001 + * @tc.desc: test update undefine permission change + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenManagerServiceTest, UpdateHapTokenTest001, TestSize.Level1) +{ + HapInfoParcel infoParCel; + infoParCel.hapInfoParameter = g_info; + HapPolicyParcel policyParcel; + policyParcel.hapPolicy = g_policy; // KERNEL_ATM_SELF_USE + INVALIDA + AccessTokenID tokenId; + std::map tokenId2apl; + CreateHapToken(infoParCel, policyParcel, tokenId, tokenId2apl); + + // query undefine table + GenericValues conditionValue; + conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenId)); + std::vector results; + ASSERT_EQ(0, AccessTokenDb::GetInstance().Find( + AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO, conditionValue, results)); + ASSERT_EQ(1, results.size()); + ASSERT_EQ(g_state2.permissionName, results[0].GetString(TokenFiledConst::FIELD_PERMISSION_NAME)); // INVALIDA + + // update hap + uint64_t fullTokenId; + AccessTokenIDEx tokenIDEx; + tokenIDEx.tokenIdExStruct.tokenID = tokenId; + fullTokenId = tokenIDEx.tokenIDEx; + policyParcel.hapPolicy.permStateList = {g_state1, g_state3}; // KERNEL_ATM_SELF_USE + INVALIDB + UpdateHapInfoParamsIdl infoIdl; + infoIdl.appIDDesc = g_info.appIDDesc; + infoIdl.apiVersion = g_info.apiVersion; + infoIdl.isSystemApp = g_info.isSystemApp; + infoIdl.appDistributionType = g_info.appDistributionType; + infoIdl.isAtomicService = g_info.isAtomicService; + HapInfoCheckResultIdl resultInfoIdl; + ASSERT_EQ(0, atManagerService_->UpdateHapToken(fullTokenId, infoIdl, policyParcel, resultInfoIdl)); + + std::vector results2; + ASSERT_EQ(0, AccessTokenDb::GetInstance().Find( + AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO, conditionValue, results2)); + ASSERT_EQ(1, results2.size()); + ASSERT_EQ(static_cast(tokenId), results2[0].GetInt(TokenFiledConst::FIELD_TOKEN_ID)); + // undefine permission change from INVALIDA to INVALIDB + ASSERT_EQ(g_state3.permissionName, results2[0].GetString(TokenFiledConst::FIELD_PERMISSION_NAME)); + + ASSERT_EQ(0, atManagerService_->DeleteToken(tokenId)); +} + +/** + * @tc.name: UpdateHapTokenTest002 + * @tc.desc: test ota update acl check fail return success and permission store in undefine table + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenManagerServiceTest, UpdateHapTokenTest002, TestSize.Level1) +{ + HapInfoParcel infoParCel; + infoParCel.hapInfoParameter = g_info; + HapPolicyParcel policyParcel; + policyParcel.hapPolicy = g_policy; // KERNEL_ATM_SELF_USE + INVALIDA + AccessTokenID tokenId; + std::map tokenId2apl; + CreateHapToken(infoParCel, policyParcel, tokenId, tokenId2apl); + + // query undefine table + GenericValues conditionValue; + conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenId)); + std::vector results; + ASSERT_EQ(0, AccessTokenDb::GetInstance().Find( + AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO, conditionValue, results)); + ASSERT_EQ(1, results.size()); + ASSERT_EQ(g_state2.permissionName, results[0].GetString(TokenFiledConst::FIELD_PERMISSION_NAME)); // INVALIDA + + // update hap + uint64_t fullTokenId; + AccessTokenIDEx tokenIDEx; + tokenIDEx.tokenIdExStruct.tokenID = tokenId; + fullTokenId = tokenIDEx.tokenIDEx; + policyParcel.hapPolicy.permStateList = {g_state1}; // KERNEL_ATM_SELF_USE support value without value need acl + policyParcel.hapPolicy.aclExtendedMap = {}; // without value + UpdateHapInfoParamsIdl infoIdl; + infoIdl.appIDDesc = g_info.appIDDesc; + infoIdl.apiVersion = g_info.apiVersion; + infoIdl.isSystemApp = g_info.isSystemApp; + infoIdl.appDistributionType = g_info.appDistributionType; + infoIdl.isAtomicService = g_info.isAtomicService; + infoIdl.dataRefresh = true; + HapInfoCheckResultIdl resultInfoIdl; + ASSERT_EQ(0, atManagerService_->UpdateHapToken(fullTokenId, infoIdl, policyParcel, resultInfoIdl)); + + std::vector results2; + ASSERT_EQ(0, AccessTokenDb::GetInstance().Find( + AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO, conditionValue, results2)); + ASSERT_EQ(1, results2.size()); + ASSERT_EQ(static_cast(tokenId), results2[0].GetInt(TokenFiledConst::FIELD_TOKEN_ID)); + // undefine permission change from INVALIDA to INVALIDB + ASSERT_EQ(g_state1.permissionName, results2[0].GetString(TokenFiledConst::FIELD_PERMISSION_NAME)); + + ASSERT_EQ(0, atManagerService_->DeleteToken(tokenId)); +} + +/** + * @tc.name: OTATest001 + * @tc.desc: test after ota invalid tokenId remain + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenManagerServiceTest, OTATest001, TestSize.Level1) +{ + HapInfoParcel infoParCel; + infoParCel.hapInfoParameter = g_info; + HapPolicyParcel policyParcel; + policyParcel.hapPolicy = g_policy; + policyParcel.hapPolicy.permStateList = {g_state4}; + policyParcel.hapPolicy.aclExtendedMap = {}; + AccessTokenID tokenId; + std::map tokenId2apl; + CreateHapToken(infoParCel, policyParcel, tokenId, tokenId2apl); + + GenericValues value; // system grant + value.Put(TokenFiledConst::FIELD_TOKEN_ID, RANDOM_TOKENID); + value.Put(TokenFiledConst::FIELD_PERMISSION_NAME, g_state2.permissionName); // INVALIDA + value.Put(TokenFiledConst::FIELD_ACL, 0); + std::vector values; + values.emplace_back(value); + + std::vector deleteDataTypes; + std::vector deleteValues; + std::vector addDataTypes; + addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO); + std::vector> addValues; + addValues.emplace_back(values); + ASSERT_EQ(0, AccessTokenDb::GetInstance().DeleteAndInsertValues( + deleteDataTypes, deleteValues, addDataTypes, addValues)); + atManagerService_->HandleHapUndefinedInfo(tokenId2apl); + + GenericValues conditionValue; + conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, RANDOM_TOKENID); + std::vector results; + ASSERT_EQ(0, AccessTokenDb::GetInstance().Find( + AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO, conditionValue, results)); + ASSERT_EQ(false, results.empty()); // undefine table is not empty + + GenericValues delValue; // system grant + delValue.Put(TokenFiledConst::FIELD_TOKEN_ID, RANDOM_TOKENID); + std::vector deleteDataTypes2; + deleteDataTypes2.emplace_back(AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO); + std::vector deleteValues2; + deleteValues2.emplace_back(delValue); + std::vector addDataTypes2; + std::vector> addValues2; + ASSERT_EQ(0, AccessTokenDb::GetInstance().DeleteAndInsertValues( + deleteDataTypes2, deleteValues2, addDataTypes2, addValues2)); + ASSERT_EQ(0, atManagerService_->DeleteToken(tokenId)); +} + +/** + * @tc.name: OTATest002 + * @tc.desc: test after ota invalid permission remain + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenManagerServiceTest, OTATest002, TestSize.Level1) +{ + HapInfoParcel infoParCel; + infoParCel.hapInfoParameter = g_info; + HapPolicyParcel policyParcel; + policyParcel.hapPolicy = g_policy; + policyParcel.hapPolicy.permStateList = {g_state4}; + policyParcel.hapPolicy.aclExtendedMap = {}; + AccessTokenID tokenId; + std::map tokenId2apl; + CreateHapToken(infoParCel, policyParcel, tokenId, tokenId2apl); + + GenericValues value; // system grant + value.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenId)); + value.Put(TokenFiledConst::FIELD_PERMISSION_NAME, g_state2.permissionName); // INVALIDA + value.Put(TokenFiledConst::FIELD_ACL, 0); + std::vector values; + values.emplace_back(value); + + std::vector deleteDataTypes; + std::vector deleteValues; + std::vector addDataTypes; + addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO); + std::vector> addValues; + addValues.emplace_back(values); + ASSERT_EQ(0, AccessTokenDb::GetInstance().DeleteAndInsertValues( + deleteDataTypes, deleteValues, addDataTypes, addValues)); + atManagerService_->HandleHapUndefinedInfo(tokenId2apl); + + GenericValues conditionValue; + conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenId)); + std::vector results; + ASSERT_EQ(0, AccessTokenDb::GetInstance().Find( + AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO, conditionValue, results)); + ASSERT_EQ(false, results.empty()); // undefine table is not empty + + std::vector results2; + ASSERT_EQ(0, AccessTokenDb::GetInstance().Find( + AtmDataType::ACCESSTOKEN_PERMISSION_STATE, conditionValue, results2)); + for (const auto& value : results2) { + ASSERT_NE(value.GetString(TokenFiledConst::FIELD_PERMISSION_NAME), g_state2.permissionName); + } + + std::vector results3; + ASSERT_EQ(0, AccessTokenDb::GetInstance().Find( + AtmDataType::ACCESSTOKEN_PERMISSION_EXTEND_VALUE, conditionValue, results3)); + ASSERT_EQ(true, results3.empty()); // extend table is empty + + ASSERT_EQ(0, atManagerService_->DeleteToken(tokenId)); +} + +/** + * @tc.name: OTATest003 + * @tc.desc: test after ota valid user grant and system grant permissions move from undefine to permission state + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenManagerServiceTest, OTATest003, TestSize.Level1) +{ + HapInfoParcel infoParCel; + infoParCel.hapInfoParameter = g_info; + HapPolicyParcel policyParcel; + policyParcel.hapPolicy = g_policy; + policyParcel.hapPolicy.permStateList = {g_state1}; // KERNEL_ATM_SELF_USE + AccessTokenID tokenId; + std::map tokenId2apl; + CreateHapToken(infoParCel, policyParcel, tokenId, tokenId2apl); + + GenericValues value1; // user grant + value1.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenId)); + value1.Put(TokenFiledConst::FIELD_PERMISSION_NAME, g_state4.permissionName); + value1.Put(TokenFiledConst::FIELD_ACL, 0); + GenericValues value2; // system grant + value2.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenId)); + value2.Put(TokenFiledConst::FIELD_PERMISSION_NAME, g_state5.permissionName); + value2.Put(TokenFiledConst::FIELD_ACL, 0); + std::vector values; + values.emplace_back(value1); + values.emplace_back(value2); + + std::vector deleteDataTypes; + std::vector deleteValues; + std::vector addDataTypes; + addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO); + std::vector> addValues; + addValues.emplace_back(values); + ASSERT_EQ(0, AccessTokenDb::GetInstance().DeleteAndInsertValues( + deleteDataTypes, deleteValues, addDataTypes, addValues)); + atManagerService_->HandleHapUndefinedInfo(tokenId2apl); + + GenericValues conditionValue; + conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenId)); + std::vector results; + ASSERT_EQ(0, AccessTokenDb::GetInstance().Find( + AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO, conditionValue, results)); + ASSERT_EQ(true, results.empty()); // undefine table is empty + + ASSERT_EQ(0, AccessTokenDb::GetInstance().Find( + AtmDataType::ACCESSTOKEN_PERMISSION_STATE, conditionValue, results)); + + for (const auto& value : results) { + int32_t state = value.GetInt(TokenFiledConst::FIELD_GRANT_STATE); + int32_t flag = value.GetInt(TokenFiledConst::FIELD_GRANT_FLAG); + if (value.GetString(TokenFiledConst::FIELD_PERMISSION_NAME) == g_state4.permissionName) { // user grant + ASSERT_EQ(state, static_cast(PermissionState::PERMISSION_DENIED)); // state: 0 -> -1 + ASSERT_EQ(flag, static_cast(PermissionFlag::PERMISSION_DEFAULT_FLAG)); // flag: 4 -> 0 + } else if (value.GetString(TokenFiledConst::FIELD_PERMISSION_NAME) == g_state5.permissionName) { // system grant + ASSERT_EQ(state, static_cast(PermissionState::PERMISSION_GRANTED)); // state: -1 -> 0 + ASSERT_EQ(flag, static_cast(PermissionFlag::PERMISSION_SYSTEM_FIXED)); // flag: 0 -> 4 + } + } + + ASSERT_EQ(0, atManagerService_->DeleteToken(tokenId)); +} + +/** + * @tc.name: OTATest004 + * @tc.desc: test after ota valid system core permission without acl remain in undefine table + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenManagerServiceTest, OTATest004, TestSize.Level1) +{ + HapInfoParcel infoParCel; + infoParCel.hapInfoParameter = g_info; + HapPolicyParcel policyParcel; + policyParcel.hapPolicy = g_policy; + policyParcel.hapPolicy.permStateList = {g_state1}; // KERNEL_ATM_SELF_USE + AccessTokenID tokenId; + std::map tokenId2apl; + CreateHapToken(infoParCel, policyParcel, tokenId, tokenId2apl); + + GenericValues value; // system grant + value.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenId)); + value.Put(TokenFiledConst::FIELD_PERMISSION_NAME, g_state6.permissionName); + value.Put(TokenFiledConst::FIELD_ACL, 0); // system core permission without acl + std::vector values; + values.emplace_back(value); + + std::vector deleteDataTypes; + std::vector deleteValues; + std::vector addDataTypes; + addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO); + std::vector> addValues; + addValues.emplace_back(values); + ASSERT_EQ(0, AccessTokenDb::GetInstance().DeleteAndInsertValues( + deleteDataTypes, deleteValues, addDataTypes, addValues)); + atManagerService_->HandleHapUndefinedInfo(tokenId2apl); + + GenericValues conditionValue; + conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenId)); + std::vector results; + ASSERT_EQ(0, AccessTokenDb::GetInstance().Find( + AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO, conditionValue, results)); + ASSERT_EQ(false, results.empty()); // undefine table not empty + + std::vector results2; + ASSERT_EQ(0, AccessTokenDb::GetInstance().Find( + AtmDataType::ACCESSTOKEN_PERMISSION_STATE, conditionValue, results2)); + for (const auto& value : results2) { + ASSERT_NE(value.GetString(TokenFiledConst::FIELD_PERMISSION_NAME), g_state6.permissionName); + } + + ASSERT_EQ(0, atManagerService_->DeleteToken(tokenId)); +} + +/** + * @tc.name: OTATest005 + * @tc.desc: test after ota valid system core permission with acl move from undefine to permission state + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenManagerServiceTest, OTATest005, TestSize.Level1) +{ + HapInfoParcel infoParCel; + infoParCel.hapInfoParameter = g_info; + HapPolicyParcel policyParcel; + policyParcel.hapPolicy = g_policy; + policyParcel.hapPolicy.permStateList = {g_state1}; // KERNEL_ATM_SELF_USE + policyParcel.hapPolicy.aclRequestedList = { g_state6.permissionName }; + AccessTokenID tokenId; + std::map tokenId2apl; + CreateHapToken(infoParCel, policyParcel, tokenId, tokenId2apl); + + GenericValues value; // system grant + value.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenId)); + value.Put(TokenFiledConst::FIELD_PERMISSION_NAME, g_state6.permissionName); + value.Put(TokenFiledConst::FIELD_ACL, 1); // system core permission with acl + std::vector values; + values.emplace_back(value); + + std::vector deleteDataTypes; + std::vector deleteValues; + std::vector addDataTypes; + addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO); + std::vector> addValues; + addValues.emplace_back(values); + ASSERT_EQ(0, AccessTokenDb::GetInstance().DeleteAndInsertValues( + deleteDataTypes, deleteValues, addDataTypes, addValues)); + atManagerService_->HandleHapUndefinedInfo(tokenId2apl); + + GenericValues conditionValue; + conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenId)); + std::vector results; + ASSERT_EQ(0, AccessTokenDb::GetInstance().Find( + AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO, conditionValue, results)); + ASSERT_EQ(true, results.empty()); // undefine table is empty + + ASSERT_EQ(0, AccessTokenDb::GetInstance().Find( + AtmDataType::ACCESSTOKEN_PERMISSION_STATE, conditionValue, results)); + for (const auto& value : results) { + std::string permissionName = value.GetString(TokenFiledConst::FIELD_PERMISSION_NAME); + int32_t state = value.GetInt(TokenFiledConst::FIELD_GRANT_STATE); + int32_t flag = value.GetInt(TokenFiledConst::FIELD_GRANT_FLAG); + if (permissionName == g_state6.permissionName) { + ASSERT_EQ(state, static_cast(PermissionState::PERMISSION_GRANTED)); // state: -1 -> 0 + ASSERT_EQ(flag, static_cast(PermissionFlag::PERMISSION_SYSTEM_FIXED)); // flag: 0 -> 4 + } + } + + ASSERT_EQ(0, atManagerService_->DeleteToken(tokenId)); +} + +/** + * @tc.name: OTATest006 + * @tc.desc: test after ota valid permission which hasValue is false + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenManagerServiceTest, OTATest006, TestSize.Level1) +{ + HapInfoParcel infoParCel; + infoParCel.hapInfoParameter = g_info; + HapPolicyParcel policyParcel; + policyParcel.hapPolicy = g_policy; + policyParcel.hapPolicy.permStateList = {g_state4}; + policyParcel.hapPolicy.aclRequestedList = { g_state6.permissionName }; // POWER_MANAGER, hasValue is false + policyParcel.hapPolicy.aclExtendedMap = { std::make_pair(g_state6.permissionName, "test") }; + AccessTokenID tokenId; + std::map tokenId2apl; + CreateHapToken(infoParCel, policyParcel, tokenId, tokenId2apl); + + GenericValues value; // system grant + value.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenId)); + value.Put(TokenFiledConst::FIELD_PERMISSION_NAME, g_state6.permissionName); + value.Put(TokenFiledConst::FIELD_ACL, 1); // system core permission with acl + value.Put(TokenFiledConst::FIELD_VALUE, "test"); // system core permission with acl + std::vector values; + values.emplace_back(value); + + std::vector deleteDataTypes; + std::vector deleteValues; + std::vector addDataTypes; + addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO); + std::vector> addValues; + addValues.emplace_back(values); + ASSERT_EQ(0, AccessTokenDb::GetInstance().DeleteAndInsertValues( + deleteDataTypes, deleteValues, addDataTypes, addValues)); + atManagerService_->HandleHapUndefinedInfo(tokenId2apl); + + GenericValues conditionValue; + conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenId)); + std::vector results; + ASSERT_EQ(0, AccessTokenDb::GetInstance().Find( + AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO, conditionValue, results)); + ASSERT_EQ(true, results.empty()); // undefine table is empty + + ASSERT_EQ(0, AccessTokenDb::GetInstance().Find( + AtmDataType::ACCESSTOKEN_PERMISSION_STATE, conditionValue, results)); + for (const auto& value : results) { + std::string permissionName = value.GetString(TokenFiledConst::FIELD_PERMISSION_NAME); + int32_t state = value.GetInt(TokenFiledConst::FIELD_GRANT_STATE); + int32_t flag = value.GetInt(TokenFiledConst::FIELD_GRANT_FLAG); + if (permissionName == g_state6.permissionName) { + ASSERT_EQ(state, static_cast(PermissionState::PERMISSION_GRANTED)); // state: -1 -> 0 + ASSERT_EQ(flag, static_cast(PermissionFlag::PERMISSION_SYSTEM_FIXED)); // flag: 0 -> 4 + } + } + + std::vector results2; + ASSERT_EQ(0, AccessTokenDb::GetInstance().Find( + AtmDataType::ACCESSTOKEN_PERMISSION_EXTEND_VALUE, conditionValue, results2)); + ASSERT_EQ(true, results2.empty()); // undefine table is empty + + ASSERT_EQ(0, atManagerService_->DeleteToken(tokenId)); +} + +/** + * @tc.name: OTATest007 + * @tc.desc: test after ota valid permission which hasValue is true with value + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenManagerServiceTest, OTATest007, TestSize.Level1) +{ + HapInfoParcel infoParCel; + infoParCel.hapInfoParameter = g_info; + HapPolicyParcel policyParcel; + policyParcel.hapPolicy = g_policy; + policyParcel.hapPolicy.permStateList = {g_state4}; + policyParcel.hapPolicy.aclExtendedMap = {}; + AccessTokenID tokenId; + std::map tokenId2apl; + CreateHapToken(infoParCel, policyParcel, tokenId, tokenId2apl); // KERNEL_ATM_SELF_USE, hasValue is true + + GenericValues value; // system grant + value.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenId)); + value.Put(TokenFiledConst::FIELD_PERMISSION_NAME, g_state1.permissionName); + value.Put(TokenFiledConst::FIELD_ACL, 0); // system core permission without acl + value.Put(TokenFiledConst::FIELD_VALUE, "test"); // permission has value + std::vector values; + values.emplace_back(value); + + std::vector deleteDataTypes; + std::vector deleteValues; + std::vector addDataTypes; + addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO); + std::vector> addValues; + addValues.emplace_back(values); + ASSERT_EQ(0, AccessTokenDb::GetInstance().DeleteAndInsertValues( + deleteDataTypes, deleteValues, addDataTypes, addValues)); + atManagerService_->HandleHapUndefinedInfo(tokenId2apl); + + GenericValues conditionValue; + conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenId)); + std::vector results; + ASSERT_EQ(0, AccessTokenDb::GetInstance().Find( + AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO, conditionValue, results)); + ASSERT_EQ(true, results.empty()); // undefine table is empty + + ASSERT_EQ(0, AccessTokenDb::GetInstance().Find( + AtmDataType::ACCESSTOKEN_PERMISSION_STATE, conditionValue, results)); + for (const auto& value : results) { + std::string permissionName = value.GetString(TokenFiledConst::FIELD_PERMISSION_NAME); + int32_t state = value.GetInt(TokenFiledConst::FIELD_GRANT_STATE); + int32_t flag = value.GetInt(TokenFiledConst::FIELD_GRANT_FLAG); + if (permissionName == g_state1.permissionName) { + ASSERT_EQ(state, static_cast(PermissionState::PERMISSION_GRANTED)); // state: -1 -> 0 + ASSERT_EQ(flag, static_cast(PermissionFlag::PERMISSION_SYSTEM_FIXED)); // flag: 0 -> 4 + } + } + + std::vector results2; + ASSERT_EQ(0, AccessTokenDb::GetInstance().Find( + AtmDataType::ACCESSTOKEN_PERMISSION_EXTEND_VALUE, conditionValue, results2)); + ASSERT_EQ(false, results2.empty()); // extend table is not empty + ASSERT_EQ(g_state1.permissionName, results2[0].GetString(TokenFiledConst::FIELD_PERMISSION_NAME)); + + ASSERT_EQ(0, atManagerService_->DeleteToken(tokenId)); +} + +/** + * @tc.name: OTATest008 + * @tc.desc: test after ota valid permission which hasValue is true without value + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenManagerServiceTest, OTATest008, TestSize.Level1) +{ + HapInfoParcel infoParCel; + infoParCel.hapInfoParameter = g_info; + HapPolicyParcel policyParcel; + policyParcel.hapPolicy = g_policy; + policyParcel.hapPolicy.permStateList = {g_state4}; + policyParcel.hapPolicy.aclExtendedMap = {}; + AccessTokenID tokenId; + std::map tokenId2apl; + CreateHapToken(infoParCel, policyParcel, tokenId, tokenId2apl); + + GenericValues value; // system grant + value.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenId)); + value.Put(TokenFiledConst::FIELD_PERMISSION_NAME, g_state1.permissionName); + value.Put(TokenFiledConst::FIELD_ACL, 0); // system core permission without acl and without value + std::vector values; + values.emplace_back(value); + + std::vector deleteDataTypes; + std::vector deleteValues; + std::vector addDataTypes; + addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO); + std::vector> addValues; + addValues.emplace_back(values); + ASSERT_EQ(0, AccessTokenDb::GetInstance().DeleteAndInsertValues( + deleteDataTypes, deleteValues, addDataTypes, addValues)); + atManagerService_->HandleHapUndefinedInfo(tokenId2apl); + + GenericValues conditionValue; + conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenId)); + std::vector results; + ASSERT_EQ(0, AccessTokenDb::GetInstance().Find( + AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO, conditionValue, results)); + ASSERT_EQ(false, results.empty()); // undefine table is not empty + + std::vector results2; + ASSERT_EQ(0, AccessTokenDb::GetInstance().Find( + AtmDataType::ACCESSTOKEN_PERMISSION_STATE, conditionValue, results2)); + for (const auto& value : results2) { + ASSERT_NE(value.GetString(TokenFiledConst::FIELD_PERMISSION_NAME), g_state1.permissionName); + } + + std::vector results3; + ASSERT_EQ(0, AccessTokenDb::GetInstance().Find( + AtmDataType::ACCESSTOKEN_PERMISSION_EXTEND_VALUE, conditionValue, results3)); + ASSERT_EQ(true, results3.empty()); // extend table is empty + + ASSERT_EQ(0, atManagerService_->DeleteToken(tokenId)); +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/accesstokenmanager/test/unittest/accesstoken_manager_service_test.h b/services/accesstokenmanager/test/unittest/accesstoken_manager_service_test.h index 2829c0ab7..1169c9c6d 100644 --- a/services/accesstokenmanager/test/unittest/accesstoken_manager_service_test.h +++ b/services/accesstokenmanager/test/unittest/accesstoken_manager_service_test.h @@ -16,6 +16,9 @@ #ifndef ACCESSTOKEN_MANAGER_SERVICE_TEST_H #define ACCESSTOKEN_MANAGER_SERVICE_TEST_H #include +#define private public +#include "accesstoken_manager_service.h" +#undef private namespace OHOS { namespace Security { @@ -29,6 +32,10 @@ public: void SetUp(); void TearDown(); + void CreateHapToken(const HapInfoParcel& infoParCel, const HapPolicyParcel& policyParcel, AccessTokenID& tokenId, + std::map& tokenId2apl, bool hasInit = false); + + std::shared_ptr atManagerService_; }; } // namespace AccessToken } // namespace Security diff --git a/services/accesstokenmanager/test/unittest/permission_manager_test.cpp b/services/accesstokenmanager/test/unittest/permission_manager_test.cpp index ae6e54427..3c043c824 100644 --- a/services/accesstokenmanager/test/unittest/permission_manager_test.cpp +++ b/services/accesstokenmanager/test/unittest/permission_manager_test.cpp @@ -263,8 +263,9 @@ static AccessTokenID CreateTempHapTokenInfo() }; // install hap AccessTokenIDEx tokenIdEx = {0}; + std::vector undefValues; AccessTokenInfoManager::GetInstance().CreateHapTokenInfo( - infoManagerTestInfoParms, infoManagerTestPolicyPrams, tokenIdEx); + infoManagerTestInfoParms, infoManagerTestPolicyPrams, tokenIdEx, undefValues); GTEST_LOG_(INFO) << "add a hap token"; AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; return tokenID; @@ -279,8 +280,9 @@ static AccessTokenID CreateTempHapTokenInfo() HWTEST_F(PermissionManagerTest, ScopeFilter001, TestSize.Level0) { AccessTokenIDEx tokenIdEx = {0}; + std::vector undefValues; AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoManagerTestInfoParms, - g_infoManagerTestPolicyPrams1, tokenIdEx); + g_infoManagerTestPolicyPrams1, tokenIdEx, undefValues); tokenIdEx = AccessTokenInfoManager::GetInstance().GetHapTokenID(g_infoManagerTestInfoParms.userID, g_infoManagerTestInfoParms.bundleName, g_infoManagerTestInfoParms.instIndex); @@ -464,8 +466,9 @@ HWTEST_F(PermissionManagerTest, GetReqPermissions001, TestSize.Level0) HWTEST_F(PermissionManagerTest, GetReqPermissions002, TestSize.Level0) { AccessTokenIDEx tokenIdEx = {0}; + std::vector undefValues; int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoManagerTestInfoParms, - g_infoManagerTestPolicyPrams1, tokenIdEx); + g_infoManagerTestPolicyPrams1, tokenIdEx, undefValues); ASSERT_EQ(RET_SUCCESS, ret); std::vector result; @@ -627,7 +630,9 @@ HWTEST_F(PermissionManagerTest, GetPermissionFlag002, TestSize.Level0) .permStateList = {permStat} }; AccessTokenIDEx tokenIdEx = {0}; - int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoParms, policyPrams, tokenIdEx); + std::vector undefValues; + int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoParms, policyPrams, tokenIdEx, + undefValues); ASSERT_EQ(RET_SUCCESS, ret); AccessTokenID tokenId = tokenIdEx.tokenIdExStruct.tokenID; uint32_t flag; @@ -668,7 +673,9 @@ HWTEST_F(PermissionManagerTest, UpdateTokenPermissionState002, TestSize.Level0) .domain = "domain" }; AccessTokenIDEx tokenIdEx = {0}; - ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(info, policy, tokenIdEx)); + std::vector undefValues; + ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(info, policy, tokenIdEx, + undefValues)); ASSERT_NE(static_cast(0), tokenIdEx.tokenIdExStruct.tokenID); tokenId = tokenIdEx.tokenIdExStruct.tokenID; @@ -714,7 +721,9 @@ HWTEST_F(PermissionManagerTest, UpdateTokenPermissionState003, TestSize.Level0) .permStateList = {permStat} }; AccessTokenIDEx tokenIdEx = {0}; - ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(info, policy, tokenIdEx)); + std::vector undefValues; + ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(info, policy, tokenIdEx, + undefValues)); ASSERT_NE(static_cast(0), tokenIdEx.tokenIdExStruct.tokenID); AccessTokenID tokenId = tokenIdEx.tokenIdExStruct.tokenID; @@ -791,7 +800,9 @@ HWTEST_F(PermissionManagerTest, GetPermissionState001, TestSize.Level0) .domain = "domain" }; AccessTokenIDEx tokenIdEx = {0}; - ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(info, policy, tokenIdEx)); + std::vector undefValues; + ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(info, policy, tokenIdEx, + undefValues)); ASSERT_NE(static_cast(0), tokenIdEx.tokenIdExStruct.tokenID); tokenId = tokenIdEx.tokenIdExStruct.tokenID; diff --git a/services/accesstokenmanager/test/unittest/short_grant_manager_test.cpp b/services/accesstokenmanager/test/unittest/short_grant_manager_test.cpp index de3d9c715..6b5590c7b 100644 --- a/services/accesstokenmanager/test/unittest/short_grant_manager_test.cpp +++ b/services/accesstokenmanager/test/unittest/short_grant_manager_test.cpp @@ -81,7 +81,9 @@ void ShortGrantManagerTest::TearDown() HWTEST_F(ShortGrantManagerTest, RefreshPermission001, TestSize.Level0) { AccessTokenIDEx tokenIdEx = {0}; - int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoParms, g_policyParams, tokenIdEx); + std::vector undefValues; + int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoParms, g_policyParams, tokenIdEx, + undefValues); ASSERT_EQ(RET_SUCCESS, ret); AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; @@ -114,7 +116,9 @@ HWTEST_F(ShortGrantManagerTest, RefreshPermission002, TestSize.Level0) const uint32_t maxTime = 10; // 10s ShortGrantManager::GetInstance().maxTime_ = maxTime; AccessTokenIDEx tokenIdEx = {0}; - int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoParms, g_policyParams, tokenIdEx); + std::vector undefValues; + int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoParms, g_policyParams, tokenIdEx, + undefValues); ASSERT_EQ(RET_SUCCESS, ret); AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; @@ -155,7 +159,9 @@ HWTEST_F(ShortGrantManagerTest, RefreshPermission003, TestSize.Level0) const uint32_t maxTime = 10; // 10s ShortGrantManager::GetInstance().maxTime_ = maxTime; AccessTokenIDEx tokenIdEx = {0}; - int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoParms, g_policyParams, tokenIdEx); + std::vector undefValues; + int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoParms, g_policyParams, tokenIdEx, + undefValues); ASSERT_EQ(RET_SUCCESS, ret); AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; @@ -211,7 +217,9 @@ HWTEST_F(ShortGrantManagerTest, RefreshPermission003, TestSize.Level0) HWTEST_F(ShortGrantManagerTest, RefreshPermission004, TestSize.Level0) { AccessTokenIDEx tokenIdEx = {0}; - int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoParms, g_policyParams, tokenIdEx); + std::vector undefValues; + int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoParms, g_policyParams, tokenIdEx, + undefValues); ASSERT_EQ(RET_SUCCESS, ret); AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; diff --git a/services/common/json_parse/test/unittest/json_parse_test.cpp b/services/common/json_parse/test/unittest/json_parse_test.cpp index 5678f12ca..d770d90be 100644 --- a/services/common/json_parse/test/unittest/json_parse_test.cpp +++ b/services/common/json_parse/test/unittest/json_parse_test.cpp @@ -324,8 +324,9 @@ HWTEST_F(PermissionManagerTest, DlpPermissionConfig001, TestSize.Level0) .appIDDesc = "DlpPermissionConfig001" }; AccessTokenIDEx tokenIdEx = {0}; + std::vector undefValues; int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms, - infoManagerTestPolicyPrams, tokenIdEx); + infoManagerTestPolicyPrams, tokenIdEx, undefValues); ASSERT_EQ(RET_SUCCESS, ret); GTEST_LOG_(INFO) << "add a hap token"; @@ -378,8 +379,9 @@ HWTEST_F(PermissionManagerTest, DlpPermissionConfig002, TestSize.Level0) .appIDDesc = "DlpPermissionConfig002" }; AccessTokenIDEx tokenIdEx = {0}; + std::vector undefValues; int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms, - infoManagerTestPolicyPrams, tokenIdEx); + infoManagerTestPolicyPrams, tokenIdEx, undefValues); ASSERT_EQ(RET_SUCCESS, ret); GTEST_LOG_(INFO) << "add a hap token"; @@ -432,8 +434,9 @@ HWTEST_F(PermissionManagerTest, DlpPermissionConfig003, TestSize.Level0) .appIDDesc = "DlpPermissionConfig003" }; AccessTokenIDEx tokenIdEx = {0}; + std::vector undefValues; int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms, - infoManagerTestPolicyPrams, tokenIdEx); + infoManagerTestPolicyPrams, tokenIdEx, undefValues); ASSERT_EQ(RET_SUCCESS, ret); GTEST_LOG_(INFO) << "add a hap token"; @@ -509,8 +512,9 @@ HWTEST_F(PermissionManagerTest, DlpPermissionConfig004, TestSize.Level0) .appIDDesc = "DlpPermissionConfig004" }; AccessTokenIDEx tokenIdEx = {0}; + std::vector undefValues; int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms, - infoManagerTestPolicyPrams, tokenIdEx); + infoManagerTestPolicyPrams, tokenIdEx, undefValues); ASSERT_EQ(RET_SUCCESS, ret); GTEST_LOG_(INFO) << "add a hap token"; @@ -567,8 +571,9 @@ HWTEST_F(PermissionManagerTest, DlpPermissionConfig005, TestSize.Level0) .appIDDesc = "DlpPermissionConfig005" }; AccessTokenIDEx tokenIdEx = {0}; + std::vector undefValues; int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms, - infoManagerTestPolicyPrams, tokenIdEx); + infoManagerTestPolicyPrams, tokenIdEx, undefValues); ASSERT_EQ(RET_SUCCESS, ret); GTEST_LOG_(INFO) << "add a hap token"; @@ -624,8 +629,9 @@ HWTEST_F(PermissionManagerTest, DlpPermissionConfig006, TestSize.Level0) .appIDDesc = "DlpPermissionConfig006" }; AccessTokenIDEx tokenIdEx = {0}; + std::vector undefValues; int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms, - infoManagerTestPolicyPrams, tokenIdEx); + infoManagerTestPolicyPrams, tokenIdEx, undefValues); ASSERT_EQ(RET_SUCCESS, ret); GTEST_LOG_(INFO) << "add a hap token"; diff --git a/test/fuzztest/normalize_service/accesstoken/grantpermissionservice_fuzzer/grantpermissionservice_fuzzer.cpp b/test/fuzztest/normalize_service/accesstoken/grantpermissionservice_fuzzer/grantpermissionservice_fuzzer.cpp index 37dc53095..3fdd08d70 100644 --- a/test/fuzztest/normalize_service/accesstoken/grantpermissionservice_fuzzer/grantpermissionservice_fuzzer.cpp +++ b/test/fuzztest/normalize_service/accesstoken/grantpermissionservice_fuzzer/grantpermissionservice_fuzzer.cpp @@ -93,7 +93,8 @@ bool GrantPermissionServiceFuzzTest(const uint8_t* data, size_t size) uint32_t nativeSize = 0; uint32_t pefDefSize = 0; uint32_t dlpSize = 0; - AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize); + std::map tokenId2apl; + AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize, tokenId2apl); } bool enable = ((fuzzData.GetData() % CONSTANTS_NUMBER_FIVE) == 0); if (enable) { diff --git a/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/deleteremotedevicetokensstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/deleteremotedevicetokensstub_fuzzer.cpp index fd45b2931..3aba8f5d8 100644 --- a/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/deleteremotedevicetokensstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/deleteremotedevicetokensstub_fuzzer.cpp @@ -62,7 +62,8 @@ namespace OHOS { uint32_t nativeSize = 0; uint32_t pefDefSize = 0; uint32_t dlpSize = 0; - AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize); + std::map tokenId2apl; + AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize, tokenId2apl); } DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); AccessTokenID hdcd = AccessTokenKit::GetNativeTokenId("hdcd"); diff --git a/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/deleteremotetokenstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/deleteremotetokenstub_fuzzer.cpp index cc7f7dca3..c5aa8e027 100644 --- a/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/deleteremotetokenstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/deleteremotetokenstub_fuzzer.cpp @@ -66,7 +66,8 @@ namespace OHOS { uint32_t nativeSize = 0; uint32_t pefDefSize = 0; uint32_t dlpSize = 0; - AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize); + std::map tokenId2apl; + AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize, tokenId2apl); } DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); AccessTokenID hdcd = AccessTokenKit::GetNativeTokenId("hdcd"); diff --git a/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/gethaptokeninfofromremotestub_fuzzer.cpp b/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/gethaptokeninfofromremotestub_fuzzer.cpp index 63a282eb8..38b3795f2 100644 --- a/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/gethaptokeninfofromremotestub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/gethaptokeninfofromremotestub_fuzzer.cpp @@ -61,7 +61,8 @@ namespace OHOS { uint32_t nativeSize = 0; uint32_t pefDefSize = 0; uint32_t dlpSize = 0; - AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize); + std::map tokenId2apl; + AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize, tokenId2apl); } DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); AccessTokenID hdcd = AccessTokenKit::GetNativeTokenId("hdcd"); diff --git a/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/getremotenativetokenidstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/getremotenativetokenidstub_fuzzer.cpp index d1aa64cfe..fe1e3b28f 100644 --- a/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/getremotenativetokenidstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/getremotenativetokenidstub_fuzzer.cpp @@ -66,7 +66,8 @@ namespace OHOS { uint32_t nativeSize = 0; uint32_t pefDefSize = 0; uint32_t dlpSize = 0; - AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize); + std::map tokenId2apl; + AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize, tokenId2apl); } DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); AccessTokenID hdcd = AccessTokenKit::GetNativeTokenId("hdcd"); diff --git a/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/grantpermissionstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/grantpermissionstub_fuzzer.cpp index 4aad6e7e3..0316bd0ce 100644 --- a/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/grantpermissionstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/grantpermissionstub_fuzzer.cpp @@ -79,7 +79,8 @@ namespace OHOS { uint32_t nativeSize = 0; uint32_t pefDefSize = 0; uint32_t dlpSize = 0; - AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize); + std::map tokenId2apl; + AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize, tokenId2apl); } bool enable = ((size % CONSTANTS_NUMBER_TWO) == 0); if (enable) { diff --git a/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/setremotehaptokeninfostub_fuzzer.cpp b/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/setremotehaptokeninfostub_fuzzer.cpp index 5e224d983..0ba6f0c6f 100644 --- a/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/setremotehaptokeninfostub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/setremotehaptokeninfostub_fuzzer.cpp @@ -100,7 +100,8 @@ namespace OHOS { uint32_t nativeSize = 0; uint32_t pefDefSize = 0; uint32_t dlpSize = 0; - AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize); + std::map tokenId2apl; + AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize, tokenId2apl); } DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); AccessTokenID hdcd = AccessTokenKit::GetNativeTokenId("hdcd"); -- Gitee