diff --git a/interfaces/innerkits/nativetoken/include/nativetoken.h b/interfaces/innerkits/nativetoken/include/nativetoken.h index dc036b648e26cb19ba0f083365d839e728576d01..71c34e2c263d141b367f75750f31d7b4fe3cf74d 100644 --- a/interfaces/innerkits/nativetoken/include/nativetoken.h +++ b/interfaces/innerkits/nativetoken/include/nativetoken.h @@ -33,8 +33,8 @@ extern "C" { #endif #define MAX_PROCESS_NAME_LEN 256 -#define TOKEN_ID_CFG_PATH "/data/system/access_token/nativetoken.json" -#define SOCKET_FILE "/data/system/token_unix_socket.socket" +#define TOKEN_ID_CFG_FILE_PATH "/data/service/el0/access_token/nativetoken.json" +#define TOKEN_ID_CFG_DIR_PATH "/data/service/el0/access_token" #define TOKEN_NATIVE_TYPE 1 #define DEFAULT_AT_VERSION 1 #define TRANSFER_KEY_WORDS "NativeTokenInfo" diff --git a/interfaces/innerkits/nativetoken/src/nativetoken.c b/interfaces/innerkits/nativetoken/src/nativetoken.c index 5373e41a6527f160d6a757315a748f7d88f76965..f39d36eefd2275572dcf8810b6e97002c4d9561d 100644 --- a/interfaces/innerkits/nativetoken/src/nativetoken.c +++ b/interfaces/innerkits/nativetoken/src/nativetoken.c @@ -230,7 +230,7 @@ int32_t AtlibInit(void) } g_tokenListHead->next = NULL; - int32_t ret = ParseTokenInfoFromCfg(TOKEN_ID_CFG_PATH); + int32_t ret = ParseTokenInfoFromCfg(TOKEN_ID_CFG_FILE_PATH); if (ret != ATRET_SUCCESS) { free(g_tokenListHead); g_tokenListHead = NULL; @@ -294,6 +294,29 @@ int32_t GetAplLevel(const char *aplStr) ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:aplStr is invalid.", __func__); return 0; } +int32_t NeedSetUidGid(int16_t *uid, int16_t *gid, int *needSet) +{ + struct stat buf; + if (stat(TOKEN_ID_CFG_FILE_PATH, &buf) == 0) { + *needSet = 0; + return ATRET_SUCCESS; + } + if (errno != ENOENT) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:stat %s is invalid %d.", + __func__, TOKEN_ID_CFG_FILE_PATH, errno); + return ATRET_FAILED; + } + if (stat(TOKEN_ID_CFG_DIR_PATH, &buf) != 0) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:stat %s is invalid %d.", + __func__, TOKEN_ID_CFG_DIR_PATH, errno); + return ATRET_FAILED; + } + *uid = buf.st_uid; + *gid = buf.st_gid; + *needSet = 1; + ACCESSTOKEN_LOG_INFO("[ATLIB-%s]:needSet is true.", __func__); + return ATRET_SUCCESS; +} void WriteToFile(const cJSON *root) { @@ -308,7 +331,14 @@ void WriteToFile(const cJSON *root) } do { - int32_t fd = open(TOKEN_ID_CFG_PATH, O_RDWR | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR); + int16_t uid; + int16_t gid; + int needSet = 0; + if (NeedSetUidGid(&uid, &gid, &needSet) != ATRET_SUCCESS) { + break; + } + int32_t fd = open(TOKEN_ID_CFG_FILE_PATH, O_RDWR | O_CREAT | O_TRUNC, + S_IRUSR | S_IWUSR | S_IRGRP); if (fd < 0) { ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:open failed.", __func__); break; @@ -320,6 +350,10 @@ void WriteToFile(const cJSON *root) ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:write failed, writtenLen is %d.", __func__, writtenLen); break; } + if ((needSet == 1) && chown(TOKEN_ID_CFG_FILE_PATH, uid, gid) != 0) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:chown failed, errno is %d.", __func__, errno); + break; + } } while (0); cJSON_free(jsonStr); @@ -409,7 +443,7 @@ void SaveTokenIdToCfg(const NativeTokenList *curr) cJSON *record = NULL; int32_t ret; - ret = GetFileBuff(TOKEN_ID_CFG_PATH, &fileBuff); + ret = GetFileBuff(TOKEN_ID_CFG_FILE_PATH, &fileBuff); if (ret != ATRET_SUCCESS) { return; } @@ -627,7 +661,7 @@ int32_t UpdateTokenInfoInCfgFile(NativeTokenList *tokenNode) cJSON *record = NULL; char *fileBuff = NULL; - int32_t ret = GetFileBuff(TOKEN_ID_CFG_PATH, &fileBuff); + int32_t ret = GetFileBuff(TOKEN_ID_CFG_FILE_PATH, &fileBuff); if (ret != ATRET_SUCCESS) { return ret; } diff --git a/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.cpp b/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.cpp index a6782999ad14ede5b8452a6fef64e9abbc2bb2e8..3320426c3b7addd2953503f271806c1d7e56c1d8 100644 --- a/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.cpp +++ b/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.cpp @@ -24,16 +24,7 @@ using namespace OHOS::Security; extern NativeTokenList *g_tokenListHead; extern int32_t g_isNativeTokenInited; extern int32_t GetFileBuff(const char *cfg, char **retBuff); -namespace { -static string g_jsonStr = "[" - "{\"processName\":\"asdf\", \"tokenId\":15, \"APL\":3, \"version\":1, " - "\"tokenAttr\":0, \"dcaps\":[\"AT_CAP\", \"ST_CAP\"]}," - "{\"processName\":\"GetAccessTokenId008\", \"tokenId\":16, \"APL\":3, \"version\":1," - " \"tokenAttr\":0, \"dcaps\":[\"AT_CAP\", \"ST_CAP\"]}," - "{\"processName\":\"GetAccessTokenId009\", \"tokenId\":17, \"APL\":3, \"version\":1, " - "\"tokenAttr\":0, \"dcaps\":[\"AT_CAP\", \"ST_CAP\"]}" - "]"; -} + void TokenLibKitTest::SetUpTestCase() {} @@ -43,7 +34,7 @@ void TokenLibKitTest::TearDownTestCase() void TokenLibKitTest::SetUp() { g_isNativeTokenInited = 0; - ResetFile(); + (void)remove(TOKEN_ID_CFG_FILE_PATH); } void TokenLibKitTest::TearDown() @@ -56,21 +47,6 @@ void TokenLibKitTest::TearDown() } } -void TokenLibKitTest::ResetFile(void) -{ - int32_t fd = open(TOKEN_ID_CFG_PATH, O_RDWR | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR); - if (fd < 0) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:open failed.", __func__); - return; - } - int32_t strLen = strlen(g_jsonStr.c_str()); - int32_t writtenLen = write(fd, (void *)g_jsonStr.c_str(), strLen); - close(fd); - if (writtenLen != strLen) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:write failed, writtenLen is %d.", __func__, writtenLen); - } -} - int Start(const char *processName) { const char *processname = processName; @@ -253,7 +229,7 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId006, TestSize.Level1) ASSERT_EQ(tokenIdEx->tokenId, g_tokenListHead->next->tokenId); char *fileBuff = nullptr; - ret = GetFileBuff(TOKEN_ID_CFG_PATH, &fileBuff); + ret = GetFileBuff(TOKEN_ID_CFG_FILE_PATH, &fileBuff); ASSERT_EQ(ret, ATRET_SUCCESS); string s = "GetAccessTokenId006"; char *pos = strstr(fileBuff, s.c_str()); @@ -278,7 +254,7 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId007, TestSize.Level1) ASSERT_NE(tokenId, 0); } char *fileBuff = nullptr; - int ret = GetFileBuff(TOKEN_ID_CFG_PATH, &fileBuff); + int ret = GetFileBuff(TOKEN_ID_CFG_FILE_PATH, &fileBuff); ASSERT_EQ(ret, 0); for (int32_t i = 0; i < 200; i++) { char *pos = strstr(fileBuff, processName[i]); @@ -296,29 +272,31 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId007, TestSize.Level1) HWTEST_F(TokenLibKitTest, GetAccessTokenId008, TestSize.Level1) { char *fileBuff = nullptr; - int ret = GetFileBuff(TOKEN_ID_CFG_PATH, &fileBuff); + int ret = GetFileBuff(TOKEN_ID_CFG_FILE_PATH, &fileBuff); ASSERT_EQ(ret, 0); - char *pos = strstr(fileBuff, "process1"); - ASSERT_EQ(pos, nullptr); - pos = strstr(fileBuff, "process2"); - ASSERT_EQ(pos, nullptr); - pos = strstr(fileBuff, "process3"); - ASSERT_EQ(pos, nullptr); - pos = strstr(fileBuff, "process4"); - ASSERT_EQ(pos, nullptr); - pos = strstr(fileBuff, "process5"); - ASSERT_EQ(pos, nullptr); - pos = strstr(fileBuff, "process6"); - ASSERT_EQ(pos, nullptr); - pos = strstr(fileBuff, "process7"); - ASSERT_EQ(pos, nullptr); - pos = strstr(fileBuff, "process8"); - ASSERT_EQ(pos, nullptr); - pos = strstr(fileBuff, "process9"); - ASSERT_EQ(pos, nullptr); - pos = strstr(fileBuff, "foundation"); - ASSERT_EQ(pos, nullptr); - free(fileBuff); + if (fileBuff != nullptr) { + char *pos = strstr(fileBuff, "process1"); + ASSERT_EQ(pos, nullptr); + pos = strstr(fileBuff, "process2"); + ASSERT_EQ(pos, nullptr); + pos = strstr(fileBuff, "process3"); + ASSERT_EQ(pos, nullptr); + pos = strstr(fileBuff, "process4"); + ASSERT_EQ(pos, nullptr); + pos = strstr(fileBuff, "process5"); + ASSERT_EQ(pos, nullptr); + pos = strstr(fileBuff, "process6"); + ASSERT_EQ(pos, nullptr); + pos = strstr(fileBuff, "process7"); + ASSERT_EQ(pos, nullptr); + pos = strstr(fileBuff, "process8"); + ASSERT_EQ(pos, nullptr); + pos = strstr(fileBuff, "process9"); + ASSERT_EQ(pos, nullptr); + pos = strstr(fileBuff, "foundation"); + ASSERT_EQ(pos, nullptr); + free(fileBuff); + } Start("process1"); Start("process2"); @@ -337,10 +315,10 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId008, TestSize.Level1) Start("process18"); Start("process19"); - ret = GetFileBuff(TOKEN_ID_CFG_PATH, &fileBuff); + ret = GetFileBuff(TOKEN_ID_CFG_FILE_PATH, &fileBuff); ASSERT_EQ(ret, 0); GTEST_LOG_(INFO) << "fileBuff" << fileBuff; - pos = strstr(fileBuff, "process1"); + char *pos = strstr(fileBuff, "process1"); ASSERT_NE(pos, nullptr); pos = strstr(fileBuff, "process2"); ASSERT_NE(pos, nullptr); diff --git a/services/accesstokenmanager/access_token.cfg b/services/accesstokenmanager/access_token.cfg index 6c3deb61247fa60bf7eaa530ba643af4ee5c7b72..ba4b720b8b6b35b9bd6dc01dc7ab8f02f35087d1 100644 --- a/services/accesstokenmanager/access_token.cfg +++ b/services/accesstokenmanager/access_token.cfg @@ -2,7 +2,7 @@ "jobs" : [{ "name" : "pre-init", "cmds" : [ - "mkdir /data/system/access_token 0650 root system", + "mkdir /data/service/el0/access_token 0750 root system", "load_access_token_id " ] }, { diff --git a/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h b/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h index 491d09dc07956a74d61e0ca21ca6951550c40215..53097f3fc8586c8ae1ea11da979e666766f081a6 100644 --- a/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h +++ b/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h @@ -27,7 +27,7 @@ namespace OHOS { namespace Security { namespace AccessToken { -const std::string NATIVE_TOKEN_CONFIG_FILE = "/data/system/access_token/nativetoken.json"; +const std::string NATIVE_TOKEN_CONFIG_FILE = "/data/service/el0/access_token/nativetoken.json"; constexpr int MAX_NATIVE_CONFIG_FILE_SIZE = 5 * 1024 * 1024; // 5M constexpr size_t BUFFER_SIZE = 1024; class NativeTokenReceptor final { diff --git a/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp b/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp index 8bb01fd82fea14c999718e68ee3571c0549a75aa..d5ee4ac8ed76303fa0b8c187f25a6909d2b69b4c 100644 --- a/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp @@ -105,7 +105,7 @@ int NativeTokenReceptor::ReadCfgFile(std::string& nativeRawData) { int32_t fd = open(NATIVE_TOKEN_CONFIG_FILE.c_str(), O_RDONLY); if (fd < 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: open failed.", __func__); + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: open failed errno %{public}d.", __func__, errno); return RET_FAILED; } struct stat statBuffer;