From b51cf93e103ff4cc7f28bee9b2ffb7b5e79af84a Mon Sep 17 00:00:00 2001 From: chennian Date: Mon, 29 Aug 2022 09:15:02 +0800 Subject: [PATCH] =?UTF-8?q?VerifyNativeToken=E6=8E=A5=E5=8F=A3=E4=B8=8B?= =?UTF-8?q?=E6=9E=B6=20Signed-off-by:chennian?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: chennian --- .../include/i_accesstoken_manager.h | 56 ++++++++------- .../accesstoken/include/accesstoken_kit.h | 1 - .../accesstoken/src/accesstoken_kit.cpp | 15 ---- .../src/accesstoken_manager_client.cpp | 10 --- .../src/accesstoken_manager_client.h | 1 - .../src/accesstoken_manager_proxy.cpp | 32 --------- .../src/accesstoken_manager_proxy.h | 1 - .../include/permission/permission_manager.h | 1 - .../service/accesstoken_manager_service.h | 1 - .../service/accesstoken_manager_stub.h | 1 - .../cpp/src/permission/permission_manager.cpp | 24 ------- .../service/accesstoken_manager_service.cpp | 7 -- .../src/service/accesstoken_manager_stub.cpp | 10 --- .../cpp/src/native_token_receptor_test.cpp | 69 ------------------- 14 files changed, 27 insertions(+), 202 deletions(-) diff --git a/frameworks/accesstoken/include/i_accesstoken_manager.h b/frameworks/accesstoken/include/i_accesstoken_manager.h index d5216bf64..ca2892f6f 100644 --- a/frameworks/accesstoken/include/i_accesstoken_manager.h +++ b/frameworks/accesstoken/include/i_accesstoken_manager.h @@ -43,7 +43,6 @@ public: DECLARE_INTERFACE_DESCRIPTOR(u"ohos.security.accesstoken.IAccessTokenManager"); virtual int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) = 0; - virtual int VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName) = 0; virtual int GetDefPermission(const std::string& permissionName, PermissionDefParcel& permissionDefResult) = 0; virtual int GetDefPermissions(AccessTokenID tokenID, std::vector& permList) = 0; virtual int GetReqPermissions( @@ -85,36 +84,35 @@ public: enum class InterfaceCode { VERIFY_ACCESSTOKEN = 0xff10, - GET_DEF_PERMISSION = 0xff11, - GET_DEF_PERMISSIONS = 0xff12, - GET_REQ_PERMISSIONS = 0xff13, - GET_PERMISSION_FLAG = 0xff14, - GRANT_PERMISSION = 0xff15, - REVOKE_PERMISSION = 0xff16, - CLEAR_USER_GRANT_PERMISSION = 0xff17, - ALLOC_TOKEN_HAP = 0xff18, - TOKEN_DELETE = 0xff19, - GET_TOKEN_TYPE = 0xff20, - CHECK_NATIVE_DCAP = 0xff21, - GET_HAP_TOKEN_ID = 0xff22, - ALLOC_LOCAL_TOKEN_ID = 0xff23, - GET_NATIVE_TOKENINFO = 0xff24, - GET_HAP_TOKENINFO = 0xff25, - UPDATE_HAP_TOKEN = 0xff26, + GET_DEF_PERMISSION, + GET_DEF_PERMISSIONS, + GET_REQ_PERMISSIONS, + GET_PERMISSION_FLAG, + GRANT_PERMISSION, + REVOKE_PERMISSION, + CLEAR_USER_GRANT_PERMISSION, + ALLOC_TOKEN_HAP, + TOKEN_DELETE, + GET_TOKEN_TYPE, + CHECK_NATIVE_DCAP, + GET_HAP_TOKEN_ID, + ALLOC_LOCAL_TOKEN_ID, + GET_NATIVE_TOKENINFO, + GET_HAP_TOKENINFO, + UPDATE_HAP_TOKEN, - GET_HAP_TOKEN_FROM_REMOTE = 0xff27, - GET_ALL_NATIVE_TOKEN_FROM_REMOTE = 0xff28, - SET_REMOTE_HAP_TOKEN_INFO = 0xff29, - SET_REMOTE_NATIVE_TOKEN_INFO = 0xff2a, - DELETE_REMOTE_TOKEN_INFO = 0xff2b, - DELETE_REMOTE_DEVICE_TOKEN = 0xff2c, - VERIFY_NATIVETOKEN = 0xff2d, - GET_NATIVE_REMOTE_TOKEN = 0xff2f, + GET_HAP_TOKEN_FROM_REMOTE, + GET_ALL_NATIVE_TOKEN_FROM_REMOTE, + SET_REMOTE_HAP_TOKEN_INFO, + SET_REMOTE_NATIVE_TOKEN_INFO, + DELETE_REMOTE_TOKEN_INFO, + DELETE_REMOTE_DEVICE_TOKEN, + GET_NATIVE_REMOTE_TOKEN, - DUMP_TOKENINFO = 0xff30, - GET_PERMISSION_OPER_STATE = 0xff31, - REGISTER_PERM_STATE_CHANGE_CALLBACK = 0xff32, - UNREGISTER_PERM_STATE_CHANGE_CALLBACK = 0xff33, + DUMP_TOKENINFO, + GET_PERMISSION_OPER_STATE, + REGISTER_PERM_STATE_CHANGE_CALLBACK, + UNREGISTER_PERM_STATE_CHANGE_CALLBACK, }; }; } // namespace AccessToken diff --git a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h index ba1ebc0eb..816787e5e 100644 --- a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h +++ b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h @@ -47,7 +47,6 @@ public: static int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& hapTokenInfoRes); static int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfo& nativeTokenInfoRes); static int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName); - static int VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName); static int VerifyAccessToken( AccessTokenID callerTokenID, AccessTokenID firstTokenID, const std::string& permissionName); static int GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult); diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp index 73a0e5ce8..40c682d81 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp @@ -181,21 +181,6 @@ int AccessTokenKit::VerifyAccessToken( return AccessTokenKit::VerifyAccessToken(firstTokenID, permissionName); } -int AccessTokenKit::VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName) -{ - ACCESSTOKEN_LOG_DEBUG(LABEL, "called, tokenID=%{public}d, permissionName=%{public}s", - tokenID, permissionName.c_str()); - if (tokenID == 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID=%{public}d is invalid", tokenID); - return PERMISSION_DENIED; - } - if (!DataValidator::IsPermissionNameValid(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "permissionName is invalid"); - return PERMISSION_DENIED; - } - return AccessTokenManagerClient::GetInstance().VerifyNativeToken(tokenID, permissionName); -} - int AccessTokenKit::GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult) { ACCESSTOKEN_LOG_DEBUG(LABEL, "called, permissionName=%{public}s", permissionName.c_str()); diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp index 59fea9d54..5bfd25d77 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp @@ -56,16 +56,6 @@ int AccessTokenManagerClient::VerifyAccessToken(AccessTokenID tokenID, const std return proxy->VerifyAccessToken(tokenID, permissionName); } -int AccessTokenManagerClient::VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName) -{ - auto proxy = GetProxy(); - if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null"); - return PERMISSION_DENIED; - } - return proxy->VerifyNativeToken(tokenID, permissionName); -} - int AccessTokenManagerClient::GetDefPermission( const std::string& permissionName, PermissionDef& permissionDefResult) { diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h index 8a0e14df3..1526569b7 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h @@ -44,7 +44,6 @@ public: virtual ~AccessTokenManagerClient(); int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName); - int VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName); int GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult); int GetDefPermissions(AccessTokenID tokenID, std::vector& permList); int GetReqPermissions( diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp index 078f8e4e8..81086d86c 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp @@ -66,38 +66,6 @@ int AccessTokenManagerProxy::VerifyAccessToken(AccessTokenID tokenID, const std: return result; } -int AccessTokenManagerProxy::VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName) -{ - MessageParcel data; - data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); - if (!data.WriteUint32(tokenID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID"); - return PERMISSION_DENIED; - } - if (!data.WriteString(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write permissionName"); - return PERMISSION_DENIED; - } - - MessageParcel reply; - MessageOption option(MessageOption::TF_SYNC); - sptr remote = Remote(); - if (remote == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "remote service null."); - return PERMISSION_DENIED; - } - int32_t requestResult = remote->SendRequest( - static_cast(IAccessTokenManager::InterfaceCode::VERIFY_NATIVETOKEN), data, reply, option); - if (requestResult != NO_ERROR) { - ACCESSTOKEN_LOG_ERROR(LABEL, "request fail, result: %{public}d", requestResult); - return PERMISSION_DENIED; - } - - int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result); - return result; -} - int AccessTokenManagerProxy::GetDefPermission( const std::string& permissionName, PermissionDefParcel& permissionDefResult) { diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h index 809061d35..f133fddae 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h @@ -41,7 +41,6 @@ public: ~AccessTokenManagerProxy() override; int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) override; - int VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName) override; int GetDefPermission(const std::string& permissionName, PermissionDefParcel& permissionDefResult) override; int GetDefPermissions(AccessTokenID tokenID, std::vector& permList) override; int GetReqPermissions( diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h index c910b06da..1f3a7da40 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h @@ -50,7 +50,6 @@ public: int VerifyNativeAccessToken(AccessTokenID tokenID, const std::string& permissionName); int VerifyHapAccessToken(AccessTokenID tokenID, const std::string& permissionName); int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName); - int VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName); int GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult); int GetDefPermissions(AccessTokenID tokenID, std::vector& permList); int GetReqPermissions( diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h index 2b46210f1..6a930dcb1 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h @@ -42,7 +42,6 @@ public: AccessTokenIDEx AllocHapToken(const HapInfoParcel& info, const HapPolicyParcel& policy) override; int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) override; - int VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName) override; int GetDefPermission(const std::string& permissionName, PermissionDefParcel& permissionDefResult) override; int GetDefPermissions(AccessTokenID tokenID, std::vector& permList) override; int GetReqPermissions( diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h index e95fa76f9..129a29bc5 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h @@ -35,7 +35,6 @@ public: private: void VerifyAccessTokenInner(MessageParcel& data, MessageParcel& reply); - void VerifyNativeTokenInner(MessageParcel& data, MessageParcel& reply); void GetDefPermissionInner(MessageParcel& data, MessageParcel& reply); void GetDefPermissionsInner(MessageParcel& data, MessageParcel& reply); void GetReqPermissionsInner(MessageParcel& data, MessageParcel& reply); diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index 90f65aefe..ab54a0bcf 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -160,30 +160,6 @@ int PermissionManager::VerifyAccessToken(AccessTokenID tokenID, const std::strin return PERMISSION_DENIED; } -int PermissionManager::VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName) -{ - ACCESSTOKEN_LOG_INFO(LABEL, - "%{public}s called, tokenID: %{public}u, permissionName: %{public}s", __func__, - tokenID, permissionName.c_str()); - - PermissionDef permissionInfo; - NativeTokenInfo nativeTokenInfo; - int res = PermissionManager::GetDefPermission(permissionName, permissionInfo); - if (res != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GetDefPermission in %{public}s failed", __func__); - return PERMISSION_DENIED; - } - res = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(tokenID, nativeTokenInfo); - if (res != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GetNativeTokenInfo in %{public}s failed", __func__); - return PERMISSION_DENIED; - } - if (permissionInfo.availableLevel > nativeTokenInfo.apl) { - return PERMISSION_DENIED; - } - return PERMISSION_GRANTED; -} - int PermissionManager::GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, permissionName: %{public}s", __func__, permissionName.c_str()); diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index 7065736bf..b9da95668 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -98,13 +98,6 @@ int AccessTokenManagerService::VerifyAccessToken(AccessTokenID tokenID, const st return res; } -int AccessTokenManagerService::VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "called, tokenID: 0x%{public}x, permissionName: %{public}s", - tokenID, permissionName.c_str()); - return PermissionManager::GetInstance().VerifyNativeToken(tokenID, permissionName); -} - int AccessTokenManagerService::GetDefPermission( const std::string& permissionName, PermissionDefParcel& permissionDefResult) { diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp index 5039f472f..8e2ff6b15 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp @@ -73,14 +73,6 @@ void AccessTokenManagerStub::VerifyAccessTokenInner(MessageParcel& data, Message reply.WriteInt32(result); } -void AccessTokenManagerStub::VerifyNativeTokenInner(MessageParcel& data, MessageParcel& reply) -{ - AccessTokenID tokenID = data.ReadUint32(); - std::string permissionName = data.ReadString(); - int result = this->VerifyNativeToken(tokenID, permissionName); - reply.WriteInt32(result); -} - void AccessTokenManagerStub::GetDefPermissionInner(MessageParcel& data, MessageParcel& reply) { std::string permissionName = data.ReadString(); @@ -512,8 +504,6 @@ AccessTokenManagerStub::AccessTokenManagerStub() { requestFuncMap_[static_cast(IAccessTokenManager::InterfaceCode::VERIFY_ACCESSTOKEN)] = &AccessTokenManagerStub::VerifyAccessTokenInner; - requestFuncMap_[static_cast(IAccessTokenManager::InterfaceCode::VERIFY_NATIVETOKEN)] = - &AccessTokenManagerStub::VerifyNativeTokenInner; requestFuncMap_[static_cast(IAccessTokenManager::InterfaceCode::GET_DEF_PERMISSION)] = &AccessTokenManagerStub::GetDefPermissionInner; requestFuncMap_[static_cast(IAccessTokenManager::InterfaceCode::GET_DEF_PERMISSIONS)] = diff --git a/services/accesstokenmanager/test/unittest/cpp/src/native_token_receptor_test.cpp b/services/accesstokenmanager/test/unittest/cpp/src/native_token_receptor_test.cpp index ee7554514..3ff81802e 100644 --- a/services/accesstokenmanager/test/unittest/cpp/src/native_token_receptor_test.cpp +++ b/services/accesstokenmanager/test/unittest/cpp/src/native_token_receptor_test.cpp @@ -635,72 +635,3 @@ HWTEST_F(NativeTokenReceptorTest, init001, TestSize.Level1) ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(tokenId); ASSERT_EQ(ret, RET_SUCCESS); } - -/** - * @tc.name: ProcessNativeTokenInfos007 - * @tc.desc: test get native cfg - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos007, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "test ProcessNativeTokenInfos007!"); - - const char *dcaps[1]; - dcaps[0] = "AT_CAP_01"; - int dcapNum = 1; - - char apl3[32]; - (void)strcpy_s(apl3, sizeof(apl3), "system_core"); - char apl2[32]; - (void)strcpy_s(apl2, sizeof(apl2), "system_basic"); - char apl1[32]; - (void)strcpy_s(apl1, sizeof(apl1), "normal"); - - NativeTokenInfoParams infoInstance = { - .dcapsNum = dcapNum, - .permsNum = 0, - .aclsNum = 0, - .dcaps = dcaps, - .perms = nullptr, - .acls = nullptr, - }; - infoInstance.aplStr = apl3; - infoInstance.processName = "ProcessNativeTokenInfos007_003"; - uint64_t tokenIdApl3 = ::GetAccessTokenId(&infoInstance); - ASSERT_NE(tokenIdApl3, 0); - - infoInstance.aplStr = apl2; - infoInstance.processName = "ProcessNativeTokenInfos007_002"; - uint64_t tokenIdApl2 = ::GetAccessTokenId(&infoInstance); - ASSERT_NE(tokenIdApl2, 0); - - infoInstance.aplStr = apl1; - infoInstance.processName = "ProcessNativeTokenInfos007_001"; - uint64_t tokenIdApl1 = ::GetAccessTokenId(&infoInstance); - ASSERT_NE(tokenIdApl1, 0); - - NativeTokenReceptor& receptor = NativeTokenReceptor::GetInstance(); - receptor.ready_ = false; - - receptor.Init(); - // wait fresh tokens to sql. - sleep(3); - - const std::string permission = "ohos.permission.SEND_MESSAGES"; - int ret = PermissionManager::GetInstance().VerifyNativeToken(tokenIdApl3, permission); - ASSERT_EQ(ret, PERMISSION_GRANTED); - - ret = PermissionManager::GetInstance().VerifyNativeToken(tokenIdApl2, permission); - ASSERT_EQ(ret, PERMISSION_GRANTED); - - ret = PermissionManager::GetInstance().VerifyNativeToken(tokenIdApl1, permission); - ASSERT_EQ(ret, PERMISSION_DENIED); - - ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(tokenIdApl3); - ASSERT_EQ(ret, RET_SUCCESS); - ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(tokenIdApl2); - ASSERT_EQ(ret, RET_SUCCESS); - ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(tokenIdApl1); - ASSERT_EQ(ret, RET_SUCCESS); -} \ No newline at end of file -- Gitee