From 9c39f4e330c97a3c9713c685726e1e25d5dd4545 Mon Sep 17 00:00:00 2001 From: zhouyan Date: Sat, 12 Jul 2025 12:10:45 +0800 Subject: [PATCH] =?UTF-8?q?=E5=9B=9E=E9=80=80=E6=94=AF=E6=8C=81=E6=A0=A1?= =?UTF-8?q?=E9=AA=8C=E5=BA=94=E7=94=A8=E7=94=B3=E8=AF=B7=E4=BC=81=E4=B8=9A?= =?UTF-8?q?=E6=99=AE=E9=80=9A=E6=9D=83=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: zhouyan Change-Id: Id03dbefb68d25d76589aa45210b9dfaf2e3e9b44 --- .../accesstoken/include/access_token.h | 12 +- .../HapTokenTest/init_hap_token_test.cpp | 204 ---------------- .../HapTokenTest/update_hap_token_test.cpp | 220 ------------------ services/accesstokenmanager/idl/IdlCommon.idl | 3 +- .../include/permission/permission_manager.h | 7 +- .../service/accesstoken_manager_service.h | 8 +- .../include/token/accesstoken_info_manager.h | 4 +- .../cpp/src/permission/permission_manager.cpp | 37 +-- .../service/accesstoken_manager_service.cpp | 14 +- .../src/token/accesstoken_info_manager.cpp | 10 +- .../permission_manager_coverage_test.cpp | 10 +- .../accesstoken_info_manager_test.cpp | 62 +---- .../accesstoken_manager_service_test.cpp | 30 +-- .../accesstoken_manager_service_test.h | 2 +- .../grantpermissionservice_fuzzer.cpp | 2 +- .../deleteremotedevicetokensstub_fuzzer.cpp | 2 +- .../deleteremotetokenstub_fuzzer.cpp | 2 +- .../gethaptokeninfofromremotestub_fuzzer.cpp | 2 +- .../getremotenativetokenidstub_fuzzer.cpp | 2 +- .../grantpermissionstub_fuzzer.cpp | 2 +- .../setremotehaptokeninfostub_fuzzer.cpp | 2 +- 21 files changed, 58 insertions(+), 579 deletions(-) diff --git a/interfaces/innerkits/accesstoken/include/access_token.h b/interfaces/innerkits/accesstoken/include/access_token.h index e43cceca1..32d49bf73 100644 --- a/interfaces/innerkits/accesstoken/include/access_token.h +++ b/interfaces/innerkits/accesstoken/include/access_token.h @@ -333,8 +333,7 @@ typedef enum TypeOptType { */ typedef enum TypePermissionRulesEnum { PERMISSION_EDM_RULE = 0, - PERMISSION_ACL_RULE, - PERMISSION_ENTERPRISE_NORMAL_RULE + PERMISSION_ACL_RULE } PermissionRulesEnum; /** @@ -357,15 +356,6 @@ typedef enum HapPolicyCheckIgnoreType { ACL_IGNORE_CHECK, } HapPolicyCheckIgnore; -/** - * @brief Apl and isSystemApp info about tokenId - */ -typedef struct { - /** apl for tokenId */ - int32_t apl; - /** is system app */ - bool isSystemApp; -} TokenIdInfo; } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp index 0430eeaa0..1a34227ba 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp @@ -42,7 +42,6 @@ static constexpr int32_t THIRTY_TIME_CYCLES = 30; static constexpr int32_t MAX_EXTENDED_MAP_SIZE = 512; static constexpr int32_t MAX_VALUE_LENGTH = 1024; const std::string APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM = "enterprise_mdm"; -const std::string APP_DISTRIBUTION_TYPE_ENTERPRISE_NORMAL = "enterprise_normal"; const std::string APP_DISTRIBUTION_TYPE_NONE = "none"; const std::string OVER_SIZE_STR = "AAANSUhEUgAAABUAAAAXCAIAAABrvZPKAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAEXRFWHRTb2Z0d2FyZQBTbmlwYXN0ZV0Xzt0A" @@ -1048,209 +1047,6 @@ HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest014, TestSize.Level0) ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); } -/** - * @tc.name: InitHapTokenSpecsTest015 - * @tc.desc: Initialize ENTERPRISE_NORMAL permission for a enterprise_mdm hap. - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest015, TestSize.Level0) -{ - LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenSpecsTest015"); - MockNativeToken mock("foundation"); - - HapInfoParams infoParams; - HapPolicyParams policyParams; - TestCommon::GetHapParams(infoParams, policyParams); - policyParams.apl = APL_SYSTEM_CORE; - infoParams.isSystemApp = false; - infoParams.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM; - PermissionStateFull permissionStateFull001 = { - .permissionName = "ohos.permission.FILE_GUARD_MANAGER", - .isGeneral = true, - .resDeviceID = {"local"}, - .grantStatus = {PERMISSION_DENIED}, - .grantFlags = {PERMISSION_SYSTEM_FIXED} - }; - policyParams.permStateList = {permissionStateFull001}; - AccessTokenIDEx fullTokenId; - int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); - AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; - ASSERT_EQ(RET_SUCCESS, ret); - - ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.FILE_GUARD_MANAGER"); - EXPECT_EQ(PERMISSION_GRANTED, ret); - - uint32_t flag; - ret = AccessTokenKit::GetPermissionFlag(tokenID, "ohos.permission.FILE_GUARD_MANAGER", flag); - EXPECT_EQ(RET_SUCCESS, ret); - EXPECT_EQ(PERMISSION_SYSTEM_FIXED, flag); - - ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); -} - -/** - * @tc.name: InitHapTokenSpecsTest016 - * @tc.desc: Initialize ENTERPRISE_NORMAL permission for a enterprise_normal hap. - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest016, TestSize.Level0) -{ - LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenSpecsTest016"); - MockNativeToken mock("foundation"); - - HapInfoParams infoParams; - HapPolicyParams policyParams; - TestCommon::GetHapParams(infoParams, policyParams); - policyParams.apl = APL_SYSTEM_CORE; - infoParams.isSystemApp = false; - infoParams.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_NORMAL; - PermissionStateFull permissionStateFull001 = { - .permissionName = "ohos.permission.FILE_GUARD_MANAGER", - .isGeneral = true, - .resDeviceID = {"local"}, - .grantStatus = {PERMISSION_DENIED}, - .grantFlags = {PERMISSION_SYSTEM_FIXED} - }; - policyParams.permStateList = {permissionStateFull001}; - AccessTokenIDEx fullTokenId; - int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); - AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; - ASSERT_EQ(RET_SUCCESS, ret); - - ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.FILE_GUARD_MANAGER"); - EXPECT_EQ(PERMISSION_GRANTED, ret); - - uint32_t flag; - ret = AccessTokenKit::GetPermissionFlag(tokenID, "ohos.permission.FILE_GUARD_MANAGER", flag); - EXPECT_EQ(RET_SUCCESS, ret); - EXPECT_EQ(PERMISSION_SYSTEM_FIXED, flag); - - ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); -} - -/** - * @tc.name: InitHapTokenSpecsTest017 - * @tc.desc: Initialize ENTERPRISE_NORMAL permission for a system hap. - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest017, TestSize.Level0) -{ - LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenSpecsTest017"); - MockNativeToken mock("foundation"); - - HapInfoParams infoParams; - HapPolicyParams policyParams; - TestCommon::GetHapParams(infoParams, policyParams); - policyParams.apl = APL_SYSTEM_CORE; - infoParams.isSystemApp = true; - PermissionStateFull permissionStateFull001 = { - .permissionName = "ohos.permission.FILE_GUARD_MANAGER", - .isGeneral = true, - .resDeviceID = {"local"}, - .grantStatus = {PERMISSION_DENIED}, - .grantFlags = {PERMISSION_SYSTEM_FIXED} - }; - policyParams.permStateList = {permissionStateFull001}; - AccessTokenIDEx fullTokenId; - int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); - AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; - ASSERT_EQ(RET_SUCCESS, ret); - - ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.FILE_GUARD_MANAGER"); - EXPECT_EQ(PERMISSION_GRANTED, ret); - - uint32_t flag; - ret = AccessTokenKit::GetPermissionFlag(tokenID, "ohos.permission.FILE_GUARD_MANAGER", flag); - EXPECT_EQ(RET_SUCCESS, ret); - EXPECT_EQ(PERMISSION_SYSTEM_FIXED, flag); - - ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); -} - -/** - * @tc.name: InitHapTokenSpecsTest018 - * @tc.desc: Initialize ENTERPRISE_NORMAL permission for a debug hap. - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest018, TestSize.Level0) -{ - LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenSpecsTest018"); - MockNativeToken mock("foundation"); - - HapInfoParams infoParams; - HapPolicyParams policyParams; - TestCommon::GetHapParams(infoParams, policyParams); - policyParams.apl = APL_SYSTEM_CORE; - infoParams.isSystemApp = false; - infoParams.appDistributionType = APP_DISTRIBUTION_TYPE_NONE; - PermissionStateFull permissionStateFull001 = { - .permissionName = "ohos.permission.FILE_GUARD_MANAGER", - .isGeneral = true, - .resDeviceID = {"local"}, - .grantStatus = {PERMISSION_DENIED}, - .grantFlags = {PERMISSION_SYSTEM_FIXED} - }; - policyParams.permStateList = {permissionStateFull001}; - AccessTokenIDEx fullTokenId; - int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); - AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; - ASSERT_EQ(RET_SUCCESS, ret); - - ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.FILE_GUARD_MANAGER"); - EXPECT_EQ(PERMISSION_GRANTED, ret); - - uint32_t flag; - ret = AccessTokenKit::GetPermissionFlag(tokenID, "ohos.permission.FILE_GUARD_MANAGER", flag); - EXPECT_EQ(RET_SUCCESS, ret); - EXPECT_EQ(PERMISSION_SYSTEM_FIXED, flag); - - ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); -} - -/** - * @tc.name: InitHapTokenSpecsTest019 - * @tc.desc: Initialize ENTERPRISE_NORMAL permission for a Non enterprise/system/debug hap. - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest019, TestSize.Level0) -{ - LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenSpecsTest019"); - MockNativeToken mock("foundation"); - - HapInfoParams infoParams; - HapPolicyParams policyParams; - TestCommon::GetHapParams(infoParams, policyParams); - infoParams.isSystemApp = false; - - PermissionStateFull permissionStateFull001 = { - .permissionName = "ohos.permission.FILE_GUARD_MANAGER", - .isGeneral = true, - .resDeviceID = {"local"}, - .grantStatus = {PERMISSION_DENIED}, - .grantFlags = {PERMISSION_SYSTEM_FIXED} - }; - policyParams.permStateList = {permissionStateFull001}; - policyParams.aclRequestedList = { "ohos.permission.FILE_GUARD_MANAGER" }; - AccessTokenIDEx fullTokenId; - int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); - AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; - ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, ret); - - HapInfoCheckResult result; - ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId, result); - ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, ret); - ASSERT_EQ(result.permCheckResult.permissionName, "ohos.permission.FILE_GUARD_MANAGER"); - ASSERT_EQ(result.permCheckResult.rule, PERMISSION_ENTERPRISE_NORMAL_RULE); - - ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.FILE_GUARD_MANAGER"); - EXPECT_EQ(PERMISSION_DENIED, ret); -} - /** * @tc.name: InitHapTokenAbnormalTest001 * @tc.desc: Invaild HapInfoParams. diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp index 7d74f47d4..06aea9862 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp @@ -43,8 +43,6 @@ static const int32_t INDEX_ZERO = 0; static uint64_t g_selfTokenId = 0; static constexpr int32_t API_VERSION_EIGHT = 8; const std::string APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM = "enterprise_mdm"; -const std::string APP_DISTRIBUTION_TYPE_ENTERPRISE_NORMAL = "enterprise_normal"; -const std::string APP_DISTRIBUTION_TYPE_NONE = "none"; const std::string OVER_SIZE_STR = "AAANSUhEUgAAABUAAAAXCAIAAABrvZPKAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAEXRFWHRTb2Z0d2FyZQBTbmlwYXN0ZV0Xzt0A" "FBSURBVDiN7ZQ/S8NQFMVPxU/QCx06GBzrkqUZ42rBbHWUBDqYxSnUoTxXydCSycVsgltfBiFDR8HNdHGxY4nQQAPvMzwHsWn+KM" @@ -1382,224 +1380,6 @@ HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest011, TestSize.Level0) EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); } -/** - * @tc.name: UpdateHapTokenSpecsTest012 - * @tc.desc: Update to a enterprise_normal app, system ENTERPRISE_NORMAL permission is available. - * 1.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM - * 2.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_NORMAL, Update success - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest012, TestSize.Level0) -{ - LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest012"); - - HapInfoParams infoParams; - HapPolicyParams policyParams; - TestCommon::GetHapParams(infoParams, policyParams); - policyParams.apl = APL_SYSTEM_CORE; - infoParams.isSystemApp = false; - infoParams.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM; - PermissionStateFull permissionStateFull001 = { - .permissionName = "ohos.permission.FILE_GUARD_MANAGER", - .isGeneral = true, - .resDeviceID = {"local"}, - .grantStatus = {PERMISSION_DENIED}, - .grantFlags = {PERMISSION_SYSTEM_FIXED} - }; - policyParams.permStateList = {permissionStateFull001}; - AccessTokenIDEx fullTokenId; - ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId)); - AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; - EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.FILE_GUARD_MANAGER")); - - UpdateHapInfoParams updateHapInfoParams = { - .appIDDesc = infoParams.appIDDesc, - .apiVersion = infoParams.apiVersion, - .isSystemApp = false, - .appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_NORMAL - }; - ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams)); - tokenID = fullTokenId.tokenIdExStruct.tokenID; - EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.FILE_GUARD_MANAGER")); - ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); -} - -/** - * @tc.name: UpdateHapTokenSpecsTest013 - * @tc.desc: Update to a system app, system ENTERPRISE_NORMAL permission is available. - * 1.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM - * 2.appDistributionType = "", isSystemApp = true, Update success - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest013, TestSize.Level0) -{ - LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest013"); - - HapInfoParams infoParams; - HapPolicyParams policyParams; - TestCommon::GetHapParams(infoParams, policyParams); - policyParams.apl = APL_SYSTEM_CORE; - infoParams.isSystemApp = false; - infoParams.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM; - PermissionStateFull permissionStateFull001 = { - .permissionName = "ohos.permission.FILE_GUARD_MANAGER", - .isGeneral = true, - .resDeviceID = {"local"}, - .grantStatus = {PERMISSION_DENIED}, - .grantFlags = {PERMISSION_SYSTEM_FIXED} - }; - policyParams.permStateList = {permissionStateFull001}; - AccessTokenIDEx fullTokenId; - ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId)); - AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; - EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.FILE_GUARD_MANAGER")); - - UpdateHapInfoParams updateHapInfoParams = { - .appIDDesc = infoParams.appIDDesc, - .apiVersion = infoParams.apiVersion, - .isSystemApp = true, - .appDistributionType = "" - }; - ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams)); - tokenID = fullTokenId.tokenIdExStruct.tokenID; - EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.FILE_GUARD_MANAGER")); - ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); -} - -/** - * @tc.name: UpdateHapTokenSpecsTest014 - * @tc.desc: Update to a debug app, system ENTERPRISE_NORMAL permission is available. - * 1.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM - * 2.appDistributionType = APP_DISTRIBUTION_TYPE_NONE, Update success - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest014, TestSize.Level0) -{ - LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest014"); - - HapInfoParams infoParams; - HapPolicyParams policyParams; - TestCommon::GetHapParams(infoParams, policyParams); - policyParams.apl = APL_SYSTEM_CORE; - infoParams.isSystemApp = false; - infoParams.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM; - PermissionStateFull permissionStateFull001 = { - .permissionName = "ohos.permission.FILE_GUARD_MANAGER", - .isGeneral = true, - .resDeviceID = {"local"}, - .grantStatus = {PERMISSION_DENIED}, - .grantFlags = {PERMISSION_SYSTEM_FIXED} - }; - policyParams.permStateList = {permissionStateFull001}; - AccessTokenIDEx fullTokenId; - ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId)); - AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; - EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.FILE_GUARD_MANAGER")); - - UpdateHapInfoParams updateHapInfoParams = { - .appIDDesc = infoParams.appIDDesc, - .apiVersion = infoParams.apiVersion, - .isSystemApp = false, - .appDistributionType = APP_DISTRIBUTION_TYPE_NONE - }; - ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams)); - tokenID = fullTokenId.tokenIdExStruct.tokenID; - EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.FILE_GUARD_MANAGER")); - ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); -} - -/** - * @tc.name: UpdateHapTokenSpecsTest015 - * @tc.desc: Update to a non enterprise/system/debug app, ENTERPRISE_NORMAL permission is unavailable. - * 1.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM, permission is GRANTED. - * 2.appDistributionType ="", Update failed. - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest015, TestSize.Level0) -{ - LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest015"); - - HapInfoParams infoParams; - HapPolicyParams policyParams; - TestCommon::GetHapParams(infoParams, policyParams); - policyParams.apl = APL_SYSTEM_CORE; - infoParams.isSystemApp = false; - infoParams.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM; - PermissionStateFull permissionStateFull001 = { - .permissionName = "ohos.permission.FILE_GUARD_MANAGER", - .isGeneral = true, - .resDeviceID = {"local"}, - .grantStatus = {PERMISSION_DENIED}, - .grantFlags = {PERMISSION_SYSTEM_FIXED} - }; - policyParams.permStateList = {permissionStateFull001}; - AccessTokenIDEx fullTokenId; - ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId)); - AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; - EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.FILE_GUARD_MANAGER")); - - UpdateHapInfoParams updateHapInfoParams = { - .appIDDesc = infoParams.appIDDesc, - .apiVersion = infoParams.apiVersion, - .isSystemApp = false, - .appDistributionType = "" - }; - ASSERT_EQ( - ERR_PERM_REQUEST_CFG_FAILED, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams)); - HapInfoCheckResult result; - ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, - AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams, result)); - EXPECT_EQ(result.permCheckResult.permissionName, "ohos.permission.FILE_GUARD_MANAGER"); - EXPECT_EQ(result.permCheckResult.rule, PERMISSION_ENTERPRISE_NORMAL_RULE); - EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); -} - -/** - * @tc.name: UpdateHapTokenSpecsTest016 - * @tc.desc: Update to a non enterprise/system/debug app, ENTERPRISE_NORMAL permission is unavailable. - * 1.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM, permission is GRANTED. - * 2.appDistributionType ="", dataRefresh = true, Update success. - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest016, TestSize.Level0) -{ - LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest016"); - - HapInfoParams infoParams; - HapPolicyParams policyParams; - TestCommon::GetHapParams(infoParams, policyParams); - policyParams.apl = APL_SYSTEM_CORE; - infoParams.isSystemApp = false; - infoParams.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM; - PermissionStateFull permissionStateFull001 = { - .permissionName = "ohos.permission.FILE_GUARD_MANAGER", - .isGeneral = true, - .resDeviceID = {"local"}, - .grantStatus = {PERMISSION_DENIED}, - .grantFlags = {PERMISSION_SYSTEM_FIXED} - }; - policyParams.permStateList = {permissionStateFull001}; - AccessTokenIDEx fullTokenId; - ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId)); - AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; - EXPECT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.FILE_GUARD_MANAGER")); - - UpdateHapInfoParams updateHapInfoParams = { - .appIDDesc = infoParams.appIDDesc, - .apiVersion = infoParams.apiVersion, - .isSystemApp = false, - .appDistributionType = "", - .dataRefresh = true - }; - ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams)); - EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); -} - /** * @tc.name: UpdateHapTokenAbnormalTest001 * @tc.desc: cannot update hap token info with invalid appIDDesc. diff --git a/services/accesstokenmanager/idl/IdlCommon.idl b/services/accesstokenmanager/idl/IdlCommon.idl index 66d520822..29aa82f87 100644 --- a/services/accesstokenmanager/idl/IdlCommon.idl +++ b/services/accesstokenmanager/idl/IdlCommon.idl @@ -43,8 +43,7 @@ struct UpdateHapInfoParamsIdl { enum PermissionRulesEnumIdl { PERMISSION_EDM_RULE = 0, - PERMISSION_ACL_RULE, - PERMISSION_ENTERPRISE_NORMAL_RULE + PERMISSION_ACL_RULE }; struct HapInfoCheckResultIdl { diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h index 175fa2f0d..f2d8d6a26 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h @@ -109,8 +109,7 @@ public: std::vector& initializedList, std::vector& undefValues); void NotifyUpdatedPermList(const std::vector& grantedPermListBefore, const std::vector& grantedPermListAfter, AccessTokenID tokenID); - bool IsPermAvailableRangeSatisfied(const PermissionBriefDef& briefDef, const std::string& appDistributionType, - bool isSystemApp, PermissionRulesEnum& rule); + bool IsPermAvailableRangeSatisfied(const PermissionBriefDef& briefDef, const std::string& appDistributionType); protected: static void RegisterImpl(PermissionManager* implInstance); @@ -134,8 +133,8 @@ private: std::vector& permsList, int32_t apiVersion, const LocationIndex& locationIndex); void FillUndefinedPermVector(const std::string& permissionName, const std::string& appDistributionType, const HapPolicy& policy, std::vector& undefValues); - bool AclAndEdmCheck(const PermissionBriefDef& briefDef, const HapInitInfo& initInfo, - const std::string& permissionName, const std::string& appDistributionType, HapInfoCheckResult& result); + bool AclAndEdmCheck(const PermissionBriefDef& briefDef, const HapPolicy& policy, const std::string& permissionName, + const std::string& appDistributionType, HapInfoCheckResult& result); void GetMasterAppUndValues(AccessTokenID tokenId, std::vector& undefValues); std::shared_ptr GetAbilityManager(); bool HandlePermissionDeniedCase(uint32_t goalGrantFlag, PermissionListState& permState); diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h index 9768d9a84..b94a93d69 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h @@ -150,17 +150,17 @@ private: void ReportAddHapFinish(AccessTokenIDEx fullTokenId, const HapInfoParcel& info, int64_t beginTime, int32_t errorCode); bool IsPermissionValid(int32_t hapApl, const PermissionBriefDef& data, const std::string& value, bool isAcl); - void FilterInvalidData(const std::vector& results, - const std::map& tokenIdAplMap, std::vector& validValueList); + void FilterInvalidData(const std::vector& results, const std::map& tokenIdAplMap, + std::vector& validValueList); void UpdateUndefinedInfoCache(const std::vector& validValueList, std::vector& stateValues, std::vector& extendValues); - void HandleHapUndefinedInfo(const std::map& tokenIdAplMap, + void HandleHapUndefinedInfo(const std::map& tokenIdAplMap, std::vector& deleteDataTypes, std::vector& deleteValues, std::vector& addDataTypes, std::vector>& addValues); void UpdateDatabaseAsync(const std::vector& deleteDataTypes, const std::vector& deleteValues, const std::vector& addDataTypes, const std::vector>& addValues); - void HandlePermDefUpdate(const std::map& tokenIdAplMap); + void HandlePermDefUpdate(const std::map& tokenIdAplMap); ServiceRunningState state_; std::string grantBundleName_; diff --git a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h index 56a08d945..d067a5347 100644 --- a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h +++ b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h @@ -47,7 +47,7 @@ public: static AccessTokenInfoManager& GetInstance(); ~AccessTokenInfoManager(); void Init(uint32_t& hapSize, uint32_t& nativeSize, uint32_t& pefDefSize, uint32_t& dlpSize, - std::map& tokenIdAplMap); + std::map& tokenIdAplMap); void InitNativeTokenInfos(const std::vector& tokenInfos); int32_t GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenIdList); std::shared_ptr GetHapTokenInfoInner(AccessTokenID id); @@ -109,7 +109,7 @@ private: int32_t AddHapInfoToCache(const GenericValues& tokenValue, const std::vector& permStateRes, const std::vector& extendedPermRes); - void InitHapTokenInfos(uint32_t& hapSize, std::map& tokenIdAplMap); + void InitHapTokenInfos(uint32_t& hapSize, std::map& tokenIdAplMap); void ReportAddHapIdChange(const std::shared_ptr& hapInfo, AccessTokenID oriTokenId); int AddHapTokenInfo(const std::shared_ptr& info, AccessTokenID& oriTokenId); std::string GetHapUniqueStr(const std::shared_ptr& info) const; diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index 6dfc15720..0a639ff58 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -66,8 +66,6 @@ static const std::vector g_notDisplayedPerms = { "ohos.permission.SHORT_TERM_WRITE_IMAGEVIDEO" }; constexpr const char* APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM = "enterprise_mdm"; -constexpr const char* APP_DISTRIBUTION_TYPE_ENTERPRISE_NORMAL = "enterprise_normal"; -constexpr const char* APP_DISTRIBUTION_TYPE_DEBUG = "none"; } PermissionManager* PermissionManager::implInstance_ = nullptr; std::recursive_mutex PermissionManager::mutex_; @@ -1075,7 +1073,7 @@ bool IsAclSatisfied(const PermissionBriefDef& briefDef, const HapPolicy& policy) } bool PermissionManager::IsPermAvailableRangeSatisfied(const PermissionBriefDef& briefDef, - const std::string& appDistributionType, bool isSystemApp, PermissionRulesEnum& rule) + const std::string& appDistributionType) { if (briefDef.availableType == ATokenAvailableTypeEnum::MDM) { if (appDistributionType == "none") { @@ -1086,22 +1084,9 @@ bool PermissionManager::IsPermAvailableRangeSatisfied(const PermissionBriefDef& if (appDistributionType != APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM) { LOGE(ATM_DOMAIN, ATM_TAG, "%{public}s is a mdm permission, the hap is not a mdm application.", briefDef.permissionName); - rule = PERMISSION_EDM_RULE; return false; } } - if (briefDef.availableType == ATokenAvailableTypeEnum::ENTERPRISE_NORMAL) { - if (appDistributionType == APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM || - appDistributionType == APP_DISTRIBUTION_TYPE_ENTERPRISE_NORMAL || - isSystemApp || - appDistributionType == APP_DISTRIBUTION_TYPE_DEBUG) { - return true; - } - LOGE(ATM_DOMAIN, ATM_TAG, "permission %{public}s is only enable in enterpriseApp, systemApp, debugApp", - briefDef.permissionName); - rule = PERMISSION_ENTERPRISE_NORMAL_RULE; - return false; - } return true; } @@ -1187,29 +1172,21 @@ void PermissionManager::FillUndefinedPermVector(const std::string& permissionNam return; } -bool PermissionManager::AclAndEdmCheck(const PermissionBriefDef& briefDef, const HapInitInfo& initInfo, +bool PermissionManager::AclAndEdmCheck(const PermissionBriefDef& briefDef, const HapPolicy& policy, const std::string& permissionName, const std::string& appDistributionType, HapInfoCheckResult& result) { // acl check - if (!IsAclSatisfied(briefDef, initInfo.policy)) { + if (!IsAclSatisfied(briefDef, policy)) { result.permCheckResult.permissionName = permissionName; result.permCheckResult.rule = PERMISSION_ACL_RULE; LOGC(ATM_DOMAIN, ATM_TAG, "Acl of %{public}s is invalid.", briefDef.permissionName); return false; } - // edm and enterprise_normal check - bool isSystemApp = initInfo.isUpdate? initInfo.updateInfo.isSystemApp : initInfo.installInfo.isSystemApp; - PermissionRulesEnum rule = PERMISSION_ACL_RULE; - if (!IsPermAvailableRangeSatisfied(briefDef, appDistributionType, isSystemApp, rule)) { + // edm check + if (!IsPermAvailableRangeSatisfied(briefDef, appDistributionType)) { result.permCheckResult.permissionName = permissionName; - if (rule == PERMISSION_EDM_RULE) { - LOGE(ATM_DOMAIN, ATM_TAG, "mdm permission check failed."); - result.permCheckResult.rule = PERMISSION_EDM_RULE; - } else if (rule == PERMISSION_ENTERPRISE_NORMAL_RULE) { - LOGE(ATM_DOMAIN, ATM_TAG, "enterprise_normal permission check failed."); - result.permCheckResult.rule = PERMISSION_ENTERPRISE_NORMAL_RULE; - } + result.permCheckResult.rule = PERMISSION_EDM_RULE; LOGC(ATM_DOMAIN, ATM_TAG, "Available range of %{public}s is invalid.", briefDef.permissionName); return false; @@ -1238,7 +1215,7 @@ bool PermissionManager::InitPermissionList(const HapInitInfo& initInfo, std::vec continue; } - if (!AclAndEdmCheck(briefDef, initInfo, state.permissionName, appDistributionType, result)) { + if (!AclAndEdmCheck(briefDef, initInfo.policy, state.permissionName, appDistributionType, result)) { if (initInfo.updateInfo.dataRefresh) { FillUndefinedPermVector(state.permissionName, appDistributionType, initInfo.policy, undefValues); continue; diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index b47ea8fe6..36c4d4785 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -1421,7 +1421,7 @@ int32_t AccessTokenManagerService::GetReqPermissionByName( } void AccessTokenManagerService::FilterInvalidData(const std::vector& results, - const std::map& tokenIdAplMap, std::vector& validValueList) + const std::map& tokenIdAplMap, std::vector& validValueList) { int32_t tokenId = 0; std::string permissionName; @@ -1443,16 +1443,14 @@ void AccessTokenManagerService::FilterInvalidData(const std::vectorsecond.isSystemApp, rule)) { + if (!PermissionManager::GetInstance().IsPermAvailableRangeSatisfied(data, appDistributionType)) { continue; } acl = result.GetInt(TokenFiledConst::FIELD_ACL); value = result.GetString(TokenFiledConst::FIELD_VALUE); - if (!IsPermissionValid(iter->second.apl, data, value, (acl == 1))) { + if (!IsPermissionValid(iter->second, data, value, (acl == 1))) { // hap apl less than perm apl without acl is invalid now, keep them in db, maybe valid someday continue; } @@ -1535,7 +1533,7 @@ bool AccessTokenManagerService::IsPermissionValid(int32_t hapApl, const Permissi return false; } -void AccessTokenManagerService::HandleHapUndefinedInfo(const std::map& tokenIdAplMap, +void AccessTokenManagerService::HandleHapUndefinedInfo(const std::map& tokenIdAplMap, std::vector& deleteDataTypes, std::vector& deleteValues, std::vector& addDataTypes, std::vector>& addValues) { @@ -1583,7 +1581,7 @@ void AccessTokenManagerService::UpdateDatabaseAsync(const std::vector& tokenIdAplMap) +void AccessTokenManagerService::HandlePermDefUpdate(const std::map& tokenIdAplMap) { std::string dbPermDefVersion; GenericValues conditionValue; @@ -1640,7 +1638,7 @@ bool AccessTokenManagerService::Initialize() uint32_t nativeSize = 0; uint32_t pefDefSize = 0; uint32_t dlpSize = 0; - std::map tokenIdAplMap; + std::map tokenIdAplMap; AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize, tokenIdAplMap); HandlePermDefUpdate(tokenIdAplMap); diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index 55f91e5d5..f10f89e4e 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -87,7 +87,7 @@ AccessTokenInfoManager::~AccessTokenInfoManager() } void AccessTokenInfoManager::Init(uint32_t& hapSize, uint32_t& nativeSize, uint32_t& pefDefSize, uint32_t& dlpSize, - std::map& tokenIdAplMap) + std::map& tokenIdAplMap) { OHOS::Utils::UniqueWriteGuard lk(this->managerLock_); if (hasInited_) { @@ -207,7 +207,7 @@ int32_t AccessTokenInfoManager::AddHapInfoToCache(const GenericValues& tokenValu return RET_SUCCESS; } -void AccessTokenInfoManager::InitHapTokenInfos(uint32_t& hapSize, std::map& tokenIdAplMap) +void AccessTokenInfoManager::InitHapTokenInfos(uint32_t& hapSize, std::map& tokenIdAplMap) { GenericValues conditionValue; std::vector hapTokenRes; @@ -228,15 +228,13 @@ void AccessTokenInfoManager::InitHapTokenInfos(uint32_t& hapSize, std::map tokenIdAplMap; + std::map tokenIdAplMap; AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize, tokenIdAplMap); } @@ -434,7 +434,7 @@ HWTEST_F(PermissionManagerCoverageTest, HandleHapUndefinedInfo001, TestSize.Leve DelayedSingleton::GetInstance(); EXPECT_NE(nullptr, atManagerService_); - std::map tokenIdAplMap; + std::map tokenIdAplMap; std::vector deleteDataTypes2; std::vector deleteValues2; std::vector addDataTypes2; @@ -491,7 +491,7 @@ HWTEST_F(PermissionManagerCoverageTest, HandleHapUndefinedInfo002, TestSize.Leve DelayedSingleton::GetInstance(); EXPECT_NE(nullptr, atManagerService_); - std::map tokenIdAplMap; + std::map tokenIdAplMap; std::vector deleteDataTypes2; std::vector deleteValues2; std::vector addDataTypes2; @@ -532,7 +532,7 @@ HWTEST_F(PermissionManagerCoverageTest, HandlePermDefUpdate001, TestSize.Level4) DelayedSingleton::GetInstance(); EXPECT_NE(nullptr, atManagerService_); - std::map tokenIdAplMap; + std::map tokenIdAplMap; atManagerService_->HandlePermDefUpdate(tokenIdAplMap); // dbPermDefVersion is empty addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_SYSTEM_CONFIG); @@ -579,7 +579,7 @@ HWTEST_F(PermissionManagerCoverageTest, HandlePermDefUpdate002, TestSize.Level4) DelayedSingleton::GetInstance(); EXPECT_NE(nullptr, atManagerService_); - std::map tokenIdAplMap; + std::map tokenIdAplMap; atManagerService_->HandlePermDefUpdate(tokenIdAplMap); // dbPermDefVersion is not empty addValues.emplace_back(results); diff --git a/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp b/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp index 288ec1105..c83b1187c 100644 --- a/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp +++ b/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp @@ -130,7 +130,7 @@ void AccessTokenInfoManagerTest::SetUpTestCase() uint32_t nativeSize = 0; uint32_t pefDefSize = 0; uint32_t dlpSize = 0; - std::map tokenIdAplMap; + std::map tokenIdAplMap; AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize, tokenIdAplMap); } @@ -683,64 +683,6 @@ HWTEST_F(AccessTokenInfoManagerTest, InitHapToken007, TestSize.Level0) ASSERT_EQ(RET_SUCCESS, atManagerService_->DeleteToken(tokenID)); } -/** - * @tc.name: InitHapToken008 - * @tc.desc: InitHapToken function test with invalid apl permission - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenInfoManagerTest, InitHapToken008, TestSize.Level0) -{ - HapInfoParcel info; - info.hapInfoParameter = { - .userID = 0, - .bundleName = "accesstoken_test", - .instIndex = 0, - .dlpType = DLP_COMMON, - .appIDDesc = "testtesttesttest", - .apiVersion = DEFAULT_API_VERSION, - .isSystemApp = false, - }; - HapPolicyParcel policy; - PermissionStatus permissionStateA = { - .permissionName = "ohos.permission.GET_ALL_APP_ACCOUNTS", - .grantStatus = 1, - .grantFlag = 1 - }; - PermissionStatus permissionStateB = { - .permissionName = "ohos.permission.test", - .grantStatus = 1, - .grantFlag = 1 - }; - policy.hapPolicy = { - .apl = APL_NORMAL, - .domain = "test", - .permList = {}, - .permStateList = { permissionStateA, permissionStateB } - }; - uint64_t fullTokenId; - HapInfoCheckResultIdl resultInfoIdl; - HapInfoCheckResult result; - - ASSERT_EQ(0, - atManagerService_->InitHapToken(info, policy, fullTokenId, resultInfoIdl)); - - PermissionInfoCheckResult permCheckResult; - permCheckResult.permissionName = resultInfoIdl.permissionName; - int32_t rule = static_cast(resultInfoIdl.rule); - permCheckResult.rule = PermissionRulesEnum(rule); - result.permCheckResult = permCheckResult; - ASSERT_EQ(result.permCheckResult.permissionName, "ohos.permission.GET_ALL_APP_ACCOUNTS"); - ASSERT_EQ(result.permCheckResult.rule, PERMISSION_ACL_RULE); - permissionStateA.permissionName = "ohos.permission.FILE_GUARD_MANAGER"; - policy.hapPolicy.aclRequestedList = { "ohos.permission.FILE_GUARD_MANAGER" }; - policy.hapPolicy.permStateList = { permissionStateA, permissionStateB }; - ASSERT_EQ(0, atManagerService_->InitHapToken(info, policy, fullTokenId, resultInfoIdl)); - ASSERT_EQ(resultInfoIdl.permissionName, "ohos.permission.FILE_GUARD_MANAGER"); - rule = static_cast(resultInfoIdl.rule); - ASSERT_EQ(PermissionRulesEnum(rule), PERMISSION_ENTERPRISE_NORMAL_RULE); -} - /** * @tc.name: IsTokenIdExist001 * @tc.desc: Verify the IsTokenIdExist exist accesstokenid. @@ -1652,7 +1594,7 @@ HWTEST_F(AccessTokenInfoManagerTest, AccessTokenInfoManager001, TestSize.Level0) uint32_t nativeSize = 0; uint32_t pefDefSize = 0; uint32_t dlpSize = 0; - std::map tokenIdAplMap; + std::map tokenIdAplMap; AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize, tokenIdAplMap); AccessTokenInfoManager::GetInstance().hasInited_ = false; ASSERT_EQ(false, AccessTokenInfoManager::GetInstance().hasInited_); diff --git a/services/accesstokenmanager/test/unittest/accesstoken_manager_service_test.cpp b/services/accesstokenmanager/test/unittest/accesstoken_manager_service_test.cpp index 7630a3804..77010240f 100644 --- a/services/accesstokenmanager/test/unittest/accesstoken_manager_service_test.cpp +++ b/services/accesstokenmanager/test/unittest/accesstoken_manager_service_test.cpp @@ -144,7 +144,7 @@ HWTEST_F(AccessTokenManagerServiceTest, DumpTokenInfoFuncTest001, TestSize.Level } void AccessTokenManagerServiceTest::CreateHapToken(const HapInfoParcel& infoParCel, const HapPolicyParcel& policyParcel, - AccessTokenID& tokenId, std::map& tokenIdAplMap, bool hasInit) + AccessTokenID& tokenId, std::map& tokenIdAplMap, bool hasInit) { if (!hasInit) { atManagerService_->Initialize(); @@ -159,7 +159,7 @@ void AccessTokenManagerServiceTest::CreateHapToken(const HapInfoParcel& infoParC tokenIDEx.tokenIDEx = fullTokenId; tokenId = tokenIDEx.tokenIdExStruct.tokenID; ASSERT_NE(INVALID_TOKENID, tokenId); - tokenIdAplMap[static_cast(tokenId)].apl = g_policy.apl; + tokenIdAplMap[static_cast(tokenId)] = g_policy.apl; } /** @@ -194,7 +194,7 @@ HWTEST_F(AccessTokenManagerServiceTest, InitHapTokenTest001, TestSize.Level0) HapPolicyParcel policyParcel; policyParcel.hapPolicy = g_policy; // KERNEL_ATM_SELF_USE(hasValue is true) + INVALIDA AccessTokenID tokenId; - std::map tokenIdAplMap; + std::map tokenIdAplMap; CreateHapToken(infoParCel, policyParcel, tokenId, tokenIdAplMap); // query undefine table @@ -231,7 +231,7 @@ HWTEST_F(AccessTokenManagerServiceTest, InitHapTokenTest002, TestSize.Level0) HapPolicyParcel policyParcel; policyParcel.hapPolicy = g_policy; // KERNEL_ATM_SELF_USE + INVALIDA AccessTokenID tokenId; - std::map tokenIdAplMap; + std::map tokenIdAplMap; CreateHapToken(infoParCel, policyParcel, tokenId, tokenIdAplMap); // create master app HapInfoParcel infoParCel2; @@ -272,7 +272,7 @@ HWTEST_F(AccessTokenManagerServiceTest, UpdateHapTokenTest001, TestSize.Level0) HapPolicyParcel policyParcel; policyParcel.hapPolicy = g_policy; // KERNEL_ATM_SELF_USE + INVALIDA AccessTokenID tokenId; - std::map tokenIdAplMap; + std::map tokenIdAplMap; CreateHapToken(infoParCel, policyParcel, tokenId, tokenIdAplMap); // query undefine table @@ -323,7 +323,7 @@ HWTEST_F(AccessTokenManagerServiceTest, UpdateHapTokenTest002, TestSize.Level0) HapPolicyParcel policyParcel; policyParcel.hapPolicy = g_policy; // KERNEL_ATM_SELF_USE + INVALIDA AccessTokenID tokenId; - std::map tokenIdAplMap; + std::map tokenIdAplMap; CreateHapToken(infoParCel, policyParcel, tokenId, tokenIdAplMap); // update hap @@ -359,7 +359,7 @@ HWTEST_F(AccessTokenManagerServiceTest, UpdateHapTokenTest003, TestSize.Level0) HapPolicyParcel policyParcel; policyParcel.hapPolicy = g_policy; // KERNEL_ATM_SELF_USE + INVALIDA AccessTokenID tokenId; - std::map tokenIdAplMap; + std::map tokenIdAplMap; CreateHapToken(infoParCel, policyParcel, tokenId, tokenIdAplMap); // query undefine table @@ -414,7 +414,7 @@ HWTEST_F(AccessTokenManagerServiceTest, OTATest001, TestSize.Level0) policyParcel.hapPolicy.permStateList = {g_state4}; policyParcel.hapPolicy.aclExtendedMap = {}; AccessTokenID tokenId; - std::map tokenIdAplMap; + std::map tokenIdAplMap; CreateHapToken(infoParCel, policyParcel, tokenId, tokenIdAplMap); GenericValues value; // system grant @@ -477,7 +477,7 @@ HWTEST_F(AccessTokenManagerServiceTest, OTATest002, TestSize.Level0) policyParcel.hapPolicy.permStateList = {g_state4}; policyParcel.hapPolicy.aclExtendedMap = {}; AccessTokenID tokenId; - std::map tokenIdAplMap; + std::map tokenIdAplMap; CreateHapToken(infoParCel, policyParcel, tokenId, tokenIdAplMap); GenericValues value; // system grant @@ -555,7 +555,7 @@ HWTEST_F(AccessTokenManagerServiceTest, OTATest003, TestSize.Level0) policyParcel.hapPolicy = g_policy; policyParcel.hapPolicy.permStateList = {g_state1}; // KERNEL_ATM_SELF_USE AccessTokenID tokenId; - std::map tokenIdAplMap; + std::map tokenIdAplMap; CreateHapToken(infoParCel, policyParcel, tokenId, tokenIdAplMap); std::vector values; @@ -618,7 +618,7 @@ HWTEST_F(AccessTokenManagerServiceTest, OTATest004, TestSize.Level0) policyParcel.hapPolicy = g_policy; policyParcel.hapPolicy.permStateList = {g_state1}; // KERNEL_ATM_SELF_USE AccessTokenID tokenId; - std::map tokenIdAplMap; + std::map tokenIdAplMap; CreateHapToken(infoParCel, policyParcel, tokenId, tokenIdAplMap); GenericValues value; // system grant @@ -678,7 +678,7 @@ HWTEST_F(AccessTokenManagerServiceTest, OTATest005, TestSize.Level0) policyParcel.hapPolicy.permStateList = {g_state1}; // KERNEL_ATM_SELF_USE policyParcel.hapPolicy.aclRequestedList = { g_state6.permissionName }; AccessTokenID tokenId; - std::map tokenIdAplMap; + std::map tokenIdAplMap; CreateHapToken(infoParCel, policyParcel, tokenId, tokenIdAplMap); GenericValues value; // system grant @@ -751,7 +751,7 @@ HWTEST_F(AccessTokenManagerServiceTest, OTATest006, TestSize.Level0) policyParcel.hapPolicy.aclRequestedList = { g_state6.permissionName }; // POWER_MANAGER, hasValue is false policyParcel.hapPolicy.aclExtendedMap = { std::make_pair(g_state6.permissionName, "test") }; AccessTokenID tokenId; - std::map tokenIdAplMap; + std::map tokenIdAplMap; CreateHapToken(infoParCel, policyParcel, tokenId, tokenIdAplMap); std::vector values; @@ -824,7 +824,7 @@ HWTEST_F(AccessTokenManagerServiceTest, OTATest007, TestSize.Level0) policyParcel.hapPolicy.permStateList = {g_state4}; policyParcel.hapPolicy.aclExtendedMap = {}; AccessTokenID tokenId; - std::map tokenIdAplMap; + std::map tokenIdAplMap; CreateHapToken(infoParCel, policyParcel, tokenId, tokenIdAplMap); // KERNEL_ATM_SELF_USE, hasValue is true std::vector values; @@ -888,7 +888,7 @@ HWTEST_F(AccessTokenManagerServiceTest, OTATest008, TestSize.Level0) policyParcel.hapPolicy.permStateList = {g_state4}; policyParcel.hapPolicy.aclExtendedMap = {}; AccessTokenID tokenId; - std::map tokenIdAplMap; + std::map tokenIdAplMap; CreateHapToken(infoParCel, policyParcel, tokenId, tokenIdAplMap); GenericValues value; // system grant diff --git a/services/accesstokenmanager/test/unittest/accesstoken_manager_service_test.h b/services/accesstokenmanager/test/unittest/accesstoken_manager_service_test.h index c8571cdc3..f6045fe9f 100644 --- a/services/accesstokenmanager/test/unittest/accesstoken_manager_service_test.h +++ b/services/accesstokenmanager/test/unittest/accesstoken_manager_service_test.h @@ -33,7 +33,7 @@ public: void TearDown(); void CreateHapToken(const HapInfoParcel& infoParCel, const HapPolicyParcel& policyParcel, AccessTokenID& tokenId, - std::map& tokenIdAplMap, bool hasInit = false); + std::map& tokenIdAplMap, bool hasInit = false); std::shared_ptr atManagerService_; }; diff --git a/test/fuzztest/normalize_service/accesstoken/grantpermissionservice_fuzzer/grantpermissionservice_fuzzer.cpp b/test/fuzztest/normalize_service/accesstoken/grantpermissionservice_fuzzer/grantpermissionservice_fuzzer.cpp index ff212044b..974f0fb73 100644 --- a/test/fuzztest/normalize_service/accesstoken/grantpermissionservice_fuzzer/grantpermissionservice_fuzzer.cpp +++ b/test/fuzztest/normalize_service/accesstoken/grantpermissionservice_fuzzer/grantpermissionservice_fuzzer.cpp @@ -95,7 +95,7 @@ bool GrantPermissionServiceFuzzTest(const uint8_t* data, size_t size) uint32_t nativeSize = 0; uint32_t pefDefSize = 0; uint32_t dlpSize = 0; - std::map tokenIdAplMap; + std::map tokenIdAplMap; AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize, tokenIdAplMap); } bool enable = ((provider.ConsumeIntegral() % CONSTANTS_NUMBER_FIVE) == 0); diff --git a/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/deleteremotedevicetokensstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/deleteremotedevicetokensstub_fuzzer.cpp index 35de2db22..b7adfc1a9 100644 --- a/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/deleteremotedevicetokensstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/deleteremotedevicetokensstub_fuzzer.cpp @@ -63,7 +63,7 @@ namespace OHOS { uint32_t nativeSize = 0; uint32_t pefDefSize = 0; uint32_t dlpSize = 0; - std::map tokenIdAplMap; + std::map tokenIdAplMap; AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize, tokenIdAplMap); } DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); diff --git a/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/deleteremotetokenstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/deleteremotetokenstub_fuzzer.cpp index e9af186c9..ebb06b76b 100644 --- a/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/deleteremotetokenstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/deleteremotetokenstub_fuzzer.cpp @@ -67,7 +67,7 @@ namespace OHOS { uint32_t nativeSize = 0; uint32_t pefDefSize = 0; uint32_t dlpSize = 0; - std::map tokenIdAplMap; + std::map tokenIdAplMap; AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize, tokenIdAplMap); } DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); diff --git a/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/gethaptokeninfofromremotestub_fuzzer.cpp b/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/gethaptokeninfofromremotestub_fuzzer.cpp index 33a054910..c0a79f4a8 100644 --- a/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/gethaptokeninfofromremotestub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/gethaptokeninfofromremotestub_fuzzer.cpp @@ -63,7 +63,7 @@ namespace OHOS { uint32_t nativeSize = 0; uint32_t pefDefSize = 0; uint32_t dlpSize = 0; - std::map tokenIdAplMap; + std::map tokenIdAplMap; AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize, tokenIdAplMap); } DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); diff --git a/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/getremotenativetokenidstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/getremotenativetokenidstub_fuzzer.cpp index cb2f9c309..3c607f10a 100644 --- a/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/getremotenativetokenidstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/getremotenativetokenidstub_fuzzer.cpp @@ -67,7 +67,7 @@ namespace OHOS { uint32_t nativeSize = 0; uint32_t pefDefSize = 0; uint32_t dlpSize = 0; - std::map tokenIdAplMap; + std::map tokenIdAplMap; AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize, tokenIdAplMap); } DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); diff --git a/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/grantpermissionstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/grantpermissionstub_fuzzer.cpp index 10a54d423..b76a4f277 100644 --- a/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/grantpermissionstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/grantpermissionstub_fuzzer.cpp @@ -82,7 +82,7 @@ namespace OHOS { uint32_t nativeSize = 0; uint32_t pefDefSize = 0; uint32_t dlpSize = 0; - std::map tokenIdAplMap; + std::map tokenIdAplMap; AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize, tokenIdAplMap); } bool enable = ((size % CONSTANTS_NUMBER_TWO) == 0); diff --git a/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/setremotehaptokeninfostub_fuzzer.cpp b/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/setremotehaptokeninfostub_fuzzer.cpp index 56b7a11e6..0789b3080 100644 --- a/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/setremotehaptokeninfostub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/setremotehaptokeninfostub_fuzzer.cpp @@ -98,7 +98,7 @@ namespace OHOS { uint32_t nativeSize = 0; uint32_t pefDefSize = 0; uint32_t dlpSize = 0; - std::map tokenIdAplMap; + std::map tokenIdAplMap; AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize, tokenIdAplMap); } DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); -- Gitee