diff --git a/frameworks/accesstoken/include/i_accesstoken_manager.h b/frameworks/accesstoken/include/i_accesstoken_manager.h index d5216bf647b3a3e34ed332314c8ad51d14ca6067..ca2892f6f418a51745d7511359b2ca0cbafcc3c4 100644 --- a/frameworks/accesstoken/include/i_accesstoken_manager.h +++ b/frameworks/accesstoken/include/i_accesstoken_manager.h @@ -43,7 +43,6 @@ public: DECLARE_INTERFACE_DESCRIPTOR(u"ohos.security.accesstoken.IAccessTokenManager"); virtual int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) = 0; - virtual int VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName) = 0; virtual int GetDefPermission(const std::string& permissionName, PermissionDefParcel& permissionDefResult) = 0; virtual int GetDefPermissions(AccessTokenID tokenID, std::vector& permList) = 0; virtual int GetReqPermissions( @@ -85,36 +84,35 @@ public: enum class InterfaceCode { VERIFY_ACCESSTOKEN = 0xff10, - GET_DEF_PERMISSION = 0xff11, - GET_DEF_PERMISSIONS = 0xff12, - GET_REQ_PERMISSIONS = 0xff13, - GET_PERMISSION_FLAG = 0xff14, - GRANT_PERMISSION = 0xff15, - REVOKE_PERMISSION = 0xff16, - CLEAR_USER_GRANT_PERMISSION = 0xff17, - ALLOC_TOKEN_HAP = 0xff18, - TOKEN_DELETE = 0xff19, - GET_TOKEN_TYPE = 0xff20, - CHECK_NATIVE_DCAP = 0xff21, - GET_HAP_TOKEN_ID = 0xff22, - ALLOC_LOCAL_TOKEN_ID = 0xff23, - GET_NATIVE_TOKENINFO = 0xff24, - GET_HAP_TOKENINFO = 0xff25, - UPDATE_HAP_TOKEN = 0xff26, + GET_DEF_PERMISSION, + GET_DEF_PERMISSIONS, + GET_REQ_PERMISSIONS, + GET_PERMISSION_FLAG, + GRANT_PERMISSION, + REVOKE_PERMISSION, + CLEAR_USER_GRANT_PERMISSION, + ALLOC_TOKEN_HAP, + TOKEN_DELETE, + GET_TOKEN_TYPE, + CHECK_NATIVE_DCAP, + GET_HAP_TOKEN_ID, + ALLOC_LOCAL_TOKEN_ID, + GET_NATIVE_TOKENINFO, + GET_HAP_TOKENINFO, + UPDATE_HAP_TOKEN, - GET_HAP_TOKEN_FROM_REMOTE = 0xff27, - GET_ALL_NATIVE_TOKEN_FROM_REMOTE = 0xff28, - SET_REMOTE_HAP_TOKEN_INFO = 0xff29, - SET_REMOTE_NATIVE_TOKEN_INFO = 0xff2a, - DELETE_REMOTE_TOKEN_INFO = 0xff2b, - DELETE_REMOTE_DEVICE_TOKEN = 0xff2c, - VERIFY_NATIVETOKEN = 0xff2d, - GET_NATIVE_REMOTE_TOKEN = 0xff2f, + GET_HAP_TOKEN_FROM_REMOTE, + GET_ALL_NATIVE_TOKEN_FROM_REMOTE, + SET_REMOTE_HAP_TOKEN_INFO, + SET_REMOTE_NATIVE_TOKEN_INFO, + DELETE_REMOTE_TOKEN_INFO, + DELETE_REMOTE_DEVICE_TOKEN, + GET_NATIVE_REMOTE_TOKEN, - DUMP_TOKENINFO = 0xff30, - GET_PERMISSION_OPER_STATE = 0xff31, - REGISTER_PERM_STATE_CHANGE_CALLBACK = 0xff32, - UNREGISTER_PERM_STATE_CHANGE_CALLBACK = 0xff33, + DUMP_TOKENINFO, + GET_PERMISSION_OPER_STATE, + REGISTER_PERM_STATE_CHANGE_CALLBACK, + UNREGISTER_PERM_STATE_CHANGE_CALLBACK, }; }; } // namespace AccessToken diff --git a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h index ba1ebc0ebae558272e164f2edc049accf3052336..816787e5e9fe5eeae8969fe53731a97ef138bd32 100644 --- a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h +++ b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h @@ -47,7 +47,6 @@ public: static int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& hapTokenInfoRes); static int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfo& nativeTokenInfoRes); static int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName); - static int VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName); static int VerifyAccessToken( AccessTokenID callerTokenID, AccessTokenID firstTokenID, const std::string& permissionName); static int GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult); diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp index 73a0e5ce837b8750cac77b26cb219967132338df..40c682d81eb16dce769741cf75ff5c3407bf23f7 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp @@ -181,21 +181,6 @@ int AccessTokenKit::VerifyAccessToken( return AccessTokenKit::VerifyAccessToken(firstTokenID, permissionName); } -int AccessTokenKit::VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName) -{ - ACCESSTOKEN_LOG_DEBUG(LABEL, "called, tokenID=%{public}d, permissionName=%{public}s", - tokenID, permissionName.c_str()); - if (tokenID == 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID=%{public}d is invalid", tokenID); - return PERMISSION_DENIED; - } - if (!DataValidator::IsPermissionNameValid(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "permissionName is invalid"); - return PERMISSION_DENIED; - } - return AccessTokenManagerClient::GetInstance().VerifyNativeToken(tokenID, permissionName); -} - int AccessTokenKit::GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult) { ACCESSTOKEN_LOG_DEBUG(LABEL, "called, permissionName=%{public}s", permissionName.c_str()); diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp index 59fea9d5492bc56dd023a5a2d87570d4f9068b95..5bfd25d77fa3377981cebb291ff526f8f3542d7a 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp @@ -56,16 +56,6 @@ int AccessTokenManagerClient::VerifyAccessToken(AccessTokenID tokenID, const std return proxy->VerifyAccessToken(tokenID, permissionName); } -int AccessTokenManagerClient::VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName) -{ - auto proxy = GetProxy(); - if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null"); - return PERMISSION_DENIED; - } - return proxy->VerifyNativeToken(tokenID, permissionName); -} - int AccessTokenManagerClient::GetDefPermission( const std::string& permissionName, PermissionDef& permissionDefResult) { diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h index 8a0e14df3336098fe0699e87bb5652cb4b0b151d..1526569b7b84909ec28326776d6fe358976ee09d 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h @@ -44,7 +44,6 @@ public: virtual ~AccessTokenManagerClient(); int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName); - int VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName); int GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult); int GetDefPermissions(AccessTokenID tokenID, std::vector& permList); int GetReqPermissions( diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp index 078f8e4e8303993a35b15650245b5b14ac244827..81086d86c309adfa1a98a5584e4178b9e1009217 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp @@ -66,38 +66,6 @@ int AccessTokenManagerProxy::VerifyAccessToken(AccessTokenID tokenID, const std: return result; } -int AccessTokenManagerProxy::VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName) -{ - MessageParcel data; - data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); - if (!data.WriteUint32(tokenID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID"); - return PERMISSION_DENIED; - } - if (!data.WriteString(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write permissionName"); - return PERMISSION_DENIED; - } - - MessageParcel reply; - MessageOption option(MessageOption::TF_SYNC); - sptr remote = Remote(); - if (remote == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "remote service null."); - return PERMISSION_DENIED; - } - int32_t requestResult = remote->SendRequest( - static_cast(IAccessTokenManager::InterfaceCode::VERIFY_NATIVETOKEN), data, reply, option); - if (requestResult != NO_ERROR) { - ACCESSTOKEN_LOG_ERROR(LABEL, "request fail, result: %{public}d", requestResult); - return PERMISSION_DENIED; - } - - int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result); - return result; -} - int AccessTokenManagerProxy::GetDefPermission( const std::string& permissionName, PermissionDefParcel& permissionDefResult) { diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h index 809061d35d05cd394cb33188e16ebf1bfef055ef..f133fddae37bcd3adbef8ab2e5ed2fabc933f8fa 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h @@ -41,7 +41,6 @@ public: ~AccessTokenManagerProxy() override; int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) override; - int VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName) override; int GetDefPermission(const std::string& permissionName, PermissionDefParcel& permissionDefResult) override; int GetDefPermissions(AccessTokenID tokenID, std::vector& permList) override; int GetReqPermissions( diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h index c910b06da4ae4025dd1cc057389f1a0eee47cec2..1f3a7da40bce49afffdca9b61957c9c7e95fb1b8 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h @@ -50,7 +50,6 @@ public: int VerifyNativeAccessToken(AccessTokenID tokenID, const std::string& permissionName); int VerifyHapAccessToken(AccessTokenID tokenID, const std::string& permissionName); int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName); - int VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName); int GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult); int GetDefPermissions(AccessTokenID tokenID, std::vector& permList); int GetReqPermissions( diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h index 2b46210f17abee76a7783b2370990cbb3b2edf68..6a930dcb14e230fa8634ca0e260853181b725cfc 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h @@ -42,7 +42,6 @@ public: AccessTokenIDEx AllocHapToken(const HapInfoParcel& info, const HapPolicyParcel& policy) override; int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) override; - int VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName) override; int GetDefPermission(const std::string& permissionName, PermissionDefParcel& permissionDefResult) override; int GetDefPermissions(AccessTokenID tokenID, std::vector& permList) override; int GetReqPermissions( diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h index e95fa76f9324f036f53b23e64dbac58691f7a69f..129a29bc5fab5b6747034e9fd3528224eb730cb0 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h @@ -35,7 +35,6 @@ public: private: void VerifyAccessTokenInner(MessageParcel& data, MessageParcel& reply); - void VerifyNativeTokenInner(MessageParcel& data, MessageParcel& reply); void GetDefPermissionInner(MessageParcel& data, MessageParcel& reply); void GetDefPermissionsInner(MessageParcel& data, MessageParcel& reply); void GetReqPermissionsInner(MessageParcel& data, MessageParcel& reply); diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index 90f65aefe59d4d5e157b12579b6699ee37553229..ab54a0bcfd261456410e759aa7d9c10e239f28b7 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -160,30 +160,6 @@ int PermissionManager::VerifyAccessToken(AccessTokenID tokenID, const std::strin return PERMISSION_DENIED; } -int PermissionManager::VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName) -{ - ACCESSTOKEN_LOG_INFO(LABEL, - "%{public}s called, tokenID: %{public}u, permissionName: %{public}s", __func__, - tokenID, permissionName.c_str()); - - PermissionDef permissionInfo; - NativeTokenInfo nativeTokenInfo; - int res = PermissionManager::GetDefPermission(permissionName, permissionInfo); - if (res != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GetDefPermission in %{public}s failed", __func__); - return PERMISSION_DENIED; - } - res = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(tokenID, nativeTokenInfo); - if (res != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GetNativeTokenInfo in %{public}s failed", __func__); - return PERMISSION_DENIED; - } - if (permissionInfo.availableLevel > nativeTokenInfo.apl) { - return PERMISSION_DENIED; - } - return PERMISSION_GRANTED; -} - int PermissionManager::GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, permissionName: %{public}s", __func__, permissionName.c_str()); diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index 7065736bf3a084376c5f500adcf6e51485b3cd5d..b9da95668fee9cdd9d457dfc8f55909cac9d1b7a 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -98,13 +98,6 @@ int AccessTokenManagerService::VerifyAccessToken(AccessTokenID tokenID, const st return res; } -int AccessTokenManagerService::VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "called, tokenID: 0x%{public}x, permissionName: %{public}s", - tokenID, permissionName.c_str()); - return PermissionManager::GetInstance().VerifyNativeToken(tokenID, permissionName); -} - int AccessTokenManagerService::GetDefPermission( const std::string& permissionName, PermissionDefParcel& permissionDefResult) { diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp index 5039f472f188d8ff01e5e46683368308927258e7..8e2ff6b15936137907a04a65ef5935f69bfe79a0 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp @@ -73,14 +73,6 @@ void AccessTokenManagerStub::VerifyAccessTokenInner(MessageParcel& data, Message reply.WriteInt32(result); } -void AccessTokenManagerStub::VerifyNativeTokenInner(MessageParcel& data, MessageParcel& reply) -{ - AccessTokenID tokenID = data.ReadUint32(); - std::string permissionName = data.ReadString(); - int result = this->VerifyNativeToken(tokenID, permissionName); - reply.WriteInt32(result); -} - void AccessTokenManagerStub::GetDefPermissionInner(MessageParcel& data, MessageParcel& reply) { std::string permissionName = data.ReadString(); @@ -512,8 +504,6 @@ AccessTokenManagerStub::AccessTokenManagerStub() { requestFuncMap_[static_cast(IAccessTokenManager::InterfaceCode::VERIFY_ACCESSTOKEN)] = &AccessTokenManagerStub::VerifyAccessTokenInner; - requestFuncMap_[static_cast(IAccessTokenManager::InterfaceCode::VERIFY_NATIVETOKEN)] = - &AccessTokenManagerStub::VerifyNativeTokenInner; requestFuncMap_[static_cast(IAccessTokenManager::InterfaceCode::GET_DEF_PERMISSION)] = &AccessTokenManagerStub::GetDefPermissionInner; requestFuncMap_[static_cast(IAccessTokenManager::InterfaceCode::GET_DEF_PERMISSIONS)] = diff --git a/services/accesstokenmanager/test/unittest/cpp/src/native_token_receptor_test.cpp b/services/accesstokenmanager/test/unittest/cpp/src/native_token_receptor_test.cpp index ee755451415d198c26b0b6787900b2f2ff6557b8..3ff81802ec61b3a8adf4a5fec6045356698c11d2 100644 --- a/services/accesstokenmanager/test/unittest/cpp/src/native_token_receptor_test.cpp +++ b/services/accesstokenmanager/test/unittest/cpp/src/native_token_receptor_test.cpp @@ -635,72 +635,3 @@ HWTEST_F(NativeTokenReceptorTest, init001, TestSize.Level1) ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(tokenId); ASSERT_EQ(ret, RET_SUCCESS); } - -/** - * @tc.name: ProcessNativeTokenInfos007 - * @tc.desc: test get native cfg - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos007, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "test ProcessNativeTokenInfos007!"); - - const char *dcaps[1]; - dcaps[0] = "AT_CAP_01"; - int dcapNum = 1; - - char apl3[32]; - (void)strcpy_s(apl3, sizeof(apl3), "system_core"); - char apl2[32]; - (void)strcpy_s(apl2, sizeof(apl2), "system_basic"); - char apl1[32]; - (void)strcpy_s(apl1, sizeof(apl1), "normal"); - - NativeTokenInfoParams infoInstance = { - .dcapsNum = dcapNum, - .permsNum = 0, - .aclsNum = 0, - .dcaps = dcaps, - .perms = nullptr, - .acls = nullptr, - }; - infoInstance.aplStr = apl3; - infoInstance.processName = "ProcessNativeTokenInfos007_003"; - uint64_t tokenIdApl3 = ::GetAccessTokenId(&infoInstance); - ASSERT_NE(tokenIdApl3, 0); - - infoInstance.aplStr = apl2; - infoInstance.processName = "ProcessNativeTokenInfos007_002"; - uint64_t tokenIdApl2 = ::GetAccessTokenId(&infoInstance); - ASSERT_NE(tokenIdApl2, 0); - - infoInstance.aplStr = apl1; - infoInstance.processName = "ProcessNativeTokenInfos007_001"; - uint64_t tokenIdApl1 = ::GetAccessTokenId(&infoInstance); - ASSERT_NE(tokenIdApl1, 0); - - NativeTokenReceptor& receptor = NativeTokenReceptor::GetInstance(); - receptor.ready_ = false; - - receptor.Init(); - // wait fresh tokens to sql. - sleep(3); - - const std::string permission = "ohos.permission.SEND_MESSAGES"; - int ret = PermissionManager::GetInstance().VerifyNativeToken(tokenIdApl3, permission); - ASSERT_EQ(ret, PERMISSION_GRANTED); - - ret = PermissionManager::GetInstance().VerifyNativeToken(tokenIdApl2, permission); - ASSERT_EQ(ret, PERMISSION_GRANTED); - - ret = PermissionManager::GetInstance().VerifyNativeToken(tokenIdApl1, permission); - ASSERT_EQ(ret, PERMISSION_DENIED); - - ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(tokenIdApl3); - ASSERT_EQ(ret, RET_SUCCESS); - ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(tokenIdApl2); - ASSERT_EQ(ret, RET_SUCCESS); - ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(tokenIdApl1); - ASSERT_EQ(ret, RET_SUCCESS); -} \ No newline at end of file