From 276c28e3484a3602fc81163bb7200dfbee32d834 Mon Sep 17 00:00:00 2001 From: ligongshao Date: Wed, 18 Oct 2023 17:05:08 +0800 Subject: [PATCH 1/2] =?UTF-8?q?=E6=94=AF=E6=8C=81=E5=BE=80=E7=AD=BE?= =?UTF-8?q?=E5=90=8D=E4=BF=A1=E6=81=AF=E4=B8=AD=E6=B7=BB=E5=8A=A0owner=20I?= =?UTF-8?q?D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: ligongshao --- interfaces/innerkits/code_sign_utils/BUILD.gn | 5 + .../code_sign_utils/include/code_sign_utils.h | 8 +- .../code_sign_utils/src/code_sign_utils.cpp | 7 ++ interfaces/innerkits/common/include/errcode.h | 7 +- .../include/local_code_sign_client.h | 2 +- .../include/local_code_sign_interface.h | 2 +- .../include/local_code_sign_kit.h | 8 ++ .../include/local_code_sign_proxy.h | 2 +- .../src/local_code_sign_client.cpp | 4 +- .../src/local_code_sign_kit.cpp | 8 +- .../src/local_code_sign_proxy.cpp | 9 +- .../include/local_code_sign_service.h | 2 +- .../src/local_code_sign_service.cpp | 4 +- .../src/local_code_sign_stub.cpp | 6 +- .../local_code_sign/src/local_sign_key.cpp | 2 +- test/unittest/BUILD.gn | 6 +- test/unittest/code_sign_utils_test.cpp | 17 +++ test/unittest/local_code_sign_test.cpp | 82 +++++++++++++- .../unittest/multi_thread_local_sign_test.cpp | 32 ++++++ test/unittest/resources/ohos_test.xml | 2 + utils/include/openssl_utils.h | 14 ++- utils/include/pkcs7_generator.h | 2 +- utils/include/signer_info.h | 11 +- utils/src/openssl_utils.cpp | 9 +- utils/src/pkcs7_generator.cpp | 8 +- utils/src/signer_info.cpp | 105 ++++++++++++++++-- 26 files changed, 323 insertions(+), 41 deletions(-) diff --git a/interfaces/innerkits/code_sign_utils/BUILD.gn b/interfaces/innerkits/code_sign_utils/BUILD.gn index 5f99c6c..f52febd 100644 --- a/interfaces/innerkits/code_sign_utils/BUILD.gn +++ b/interfaces/innerkits/code_sign_utils/BUILD.gn @@ -30,6 +30,11 @@ ohos_shared_library("libcode_sign_utils") { ] configs = [ "${code_signature_root_dir}:common_utils_config" ] + deps = [ + "${code_signature_root_dir}/utils:fsverity_sign_src_set", + "${openssl_dir}:libcrypto_shared", + ] + external_deps = [ "ability_base:extractortool", "c_utils:utils", diff --git a/interfaces/innerkits/code_sign_utils/include/code_sign_utils.h b/interfaces/innerkits/code_sign_utils/include/code_sign_utils.h index 11f8d41..edce4d7 100644 --- a/interfaces/innerkits/code_sign_utils/include/code_sign_utils.h +++ b/interfaces/innerkits/code_sign_utils/include/code_sign_utils.h @@ -21,7 +21,6 @@ #include #include #include - #include "byte_buffer.h" #include "errcode.h" @@ -54,6 +53,13 @@ public: * @return err code, see err_code.h */ static int32_t EnforceCodeSignForFile(const std::string &path, const ByteBuffer &signature); + /** + * @brief Get owner ID from signature file + * @param sigbuffer buffer of the signature file + * @param ownerID string to abtain owner ID from the signature file + * @return err code, see err_code.h + */ + static int ParseOwnerIdFromSignature(const ByteBuffer &sigbuffer, std::string &ownerID); private: static int32_t IsSupportFsVerity(const std::string &path); static int32_t IsFsVerityEnabled(int fd); diff --git a/interfaces/innerkits/code_sign_utils/src/code_sign_utils.cpp b/interfaces/innerkits/code_sign_utils/src/code_sign_utils.cpp index 8fa22ec..6cf368d 100644 --- a/interfaces/innerkits/code_sign_utils/src/code_sign_utils.cpp +++ b/interfaces/innerkits/code_sign_utils/src/code_sign_utils.cpp @@ -36,6 +36,7 @@ #include "file_helper.h" #include "log.h" #include "stat_utils.h" +#include "signer_info.h" namespace OHOS { namespace Security { @@ -192,6 +193,12 @@ int32_t CodeSignUtils::EnforceCodeSignForFile(const std::string &path, const uin LOG_INFO(LABEL, "Enforcing file complete"); return ret; } + +int CodeSignUtils::ParseOwnerIdFromSignature(const ByteBuffer &sigbuffer, std::string &ownerID) +{ + return SignerInfo::ParseOwnerIdFromSignature(sigbuffer, ownerID); +} + } } } diff --git a/interfaces/innerkits/common/include/errcode.h b/interfaces/innerkits/common/include/errcode.h index 8e43a9d..023a5ab 100644 --- a/interfaces/innerkits/common/include/errcode.h +++ b/interfaces/innerkits/common/include/errcode.h @@ -40,13 +40,16 @@ enum SignErrCode { CS_ERR_HUKS_OBTAIN_CERT = -0x201, CS_ERR_HUKS_SIGN = -0x202, CS_ERR_HUKS_INIT_KEY = -0x203, - CS_ERR_COMPUTE_DIGEST = -0x204 + CS_ERR_COMPUTE_DIGEST = -0x204, + CS_ERR_NO_OWNER_ID = -0x205 }; enum OpenSSLErrCode { CS_ERR_OPENSSL_LOAD_CERT = -0x210, CS_ERR_OPENSSL_CREATE_PKCS7_DATA = -0x211, - CS_ERR_OPENSSL_PKCS7 = -0x212 + CS_ERR_OPENSSL_PKCS7 = -0x212, + CS_ERR_OPENSSL_OID = -0x213, + CS_ERR_OPENSSL_BIO = -0x214, }; enum FsverityErrCode { diff --git a/interfaces/innerkits/local_code_sign/include/local_code_sign_client.h b/interfaces/innerkits/local_code_sign/include/local_code_sign_client.h index 2400ced..a20e609 100644 --- a/interfaces/innerkits/local_code_sign/include/local_code_sign_client.h +++ b/interfaces/innerkits/local_code_sign/include/local_code_sign_client.h @@ -37,7 +37,7 @@ class LocalCodeSignClient { public: static LocalCodeSignClient &GetInstance(); int32_t InitLocalCertificate(ByteBuffer &cert); - int32_t SignLocalCode(const std::string &path, ByteBuffer &signature); + int32_t SignLocalCode(const std::string &ownerID, const std::string &path, ByteBuffer &signature); void OnRemoteLocalCodeSignSvrDied(const wptr &remote); void FinishStartSA(const sptr &remoteObject); void FailStartSA(); diff --git a/interfaces/innerkits/local_code_sign/include/local_code_sign_interface.h b/interfaces/innerkits/local_code_sign/include/local_code_sign_interface.h index c78b0b2..2deb584 100644 --- a/interfaces/innerkits/local_code_sign/include/local_code_sign_interface.h +++ b/interfaces/innerkits/local_code_sign/include/local_code_sign_interface.h @@ -30,7 +30,7 @@ class LocalCodeSignInterface : public OHOS::IRemoteBroker { public: DECLARE_INTERFACE_DESCRIPTOR(u"OHOS.Security.LocalCodeSignInterface"); virtual int32_t InitLocalCertificate(ByteBuffer &cert) = 0; - virtual int32_t SignLocalCode(const std::string &filePath, ByteBuffer &signature) = 0; + virtual int32_t SignLocalCode(const std::string &ownerID, const std::string &filePath, ByteBuffer &signature) = 0; }; } } diff --git a/interfaces/innerkits/local_code_sign/include/local_code_sign_kit.h b/interfaces/innerkits/local_code_sign/include/local_code_sign_kit.h index 8981b8f..c19181d 100644 --- a/interfaces/innerkits/local_code_sign/include/local_code_sign_kit.h +++ b/interfaces/innerkits/local_code_sign/include/local_code_sign_kit.h @@ -42,6 +42,14 @@ public: * @return err code, see err_code.h */ static int32_t SignLocalCode(const std::string &filePath, ByteBuffer &signature); + /** + * @brief sign local code with owner ID to the signature, so we can identify signature files using owner ID + * @param ownerID owner ID written to the signature + * @param filePath file path to sign + * @param signature signature from local code sign SA + * @return err code, see err_code.h + */ + static int32_t SignLocalCode(const std::string &ownerID, const std::string &filePath, ByteBuffer &signature); }; } } diff --git a/interfaces/innerkits/local_code_sign/include/local_code_sign_proxy.h b/interfaces/innerkits/local_code_sign/include/local_code_sign_proxy.h index 5845328..12b56c5 100644 --- a/interfaces/innerkits/local_code_sign/include/local_code_sign_proxy.h +++ b/interfaces/innerkits/local_code_sign/include/local_code_sign_proxy.h @@ -29,7 +29,7 @@ public: : IRemoteProxy(impl) {} ~LocalCodeSignProxy() {} int32_t InitLocalCertificate(ByteBuffer &cert) override; - int32_t SignLocalCode(const std::string &filePath, ByteBuffer &signature) override; + int32_t SignLocalCode(const std::string &ownerID, const std::string &filePath, ByteBuffer &signature) override; private: static inline BrokerDelegator delegator_; int32_t ReadResultFromReply(MessageParcel &reply, ByteBuffer &buffer); diff --git a/interfaces/innerkits/local_code_sign/src/local_code_sign_client.cpp b/interfaces/innerkits/local_code_sign/src/local_code_sign_client.cpp index 974981f..a1043ed 100644 --- a/interfaces/innerkits/local_code_sign/src/local_code_sign_client.cpp +++ b/interfaces/innerkits/local_code_sign/src/local_code_sign_client.cpp @@ -139,7 +139,7 @@ int32_t LocalCodeSignClient::InitLocalCertificate(ByteBuffer &cert) return CS_SUCCESS; } -int32_t LocalCodeSignClient::SignLocalCode(const std::string &path, ByteBuffer &signature) +int32_t LocalCodeSignClient::SignLocalCode(const std::string &ownerID, const std::string &path, ByteBuffer &signature) { LOG_DEBUG(LABEL, "SignLocalCode called"); CheckLocalCodeSignProxy(); @@ -147,7 +147,7 @@ int32_t LocalCodeSignClient::SignLocalCode(const std::string &path, ByteBuffer & if (localCodeSignProxy_ == nullptr) { return CS_ERR_SA_GET_PROXY; } - int32_t ret = localCodeSignProxy_->SignLocalCode(path, signature); + int32_t ret = localCodeSignProxy_->SignLocalCode(ownerID, path, signature); if (ret != CS_SUCCESS) { LOG_ERROR(LABEL, "SignLocalCode err, error code = %{public}d", ret); return ret; diff --git a/interfaces/innerkits/local_code_sign/src/local_code_sign_kit.cpp b/interfaces/innerkits/local_code_sign/src/local_code_sign_kit.cpp index dfe0632..e416692 100644 --- a/interfaces/innerkits/local_code_sign/src/local_code_sign_kit.cpp +++ b/interfaces/innerkits/local_code_sign/src/local_code_sign_kit.cpp @@ -27,8 +27,14 @@ int32_t LocalCodeSignKit::InitLocalCertificate(ByteBuffer &cert) int32_t LocalCodeSignKit::SignLocalCode(const std::string &filePath, ByteBuffer &signature) { - return LocalCodeSignClient::GetInstance().SignLocalCode(filePath, signature); + return LocalCodeSignClient::GetInstance().SignLocalCode("", filePath, signature); } + +int32_t LocalCodeSignKit::SignLocalCode(const std::string &ownerID, const std::string &filePath, ByteBuffer &signature) +{ + return LocalCodeSignClient::GetInstance().SignLocalCode(ownerID, filePath, signature); +} + } } } \ No newline at end of file diff --git a/interfaces/innerkits/local_code_sign/src/local_code_sign_proxy.cpp b/interfaces/innerkits/local_code_sign/src/local_code_sign_proxy.cpp index c4808ee..67e9348 100644 --- a/interfaces/innerkits/local_code_sign/src/local_code_sign_proxy.cpp +++ b/interfaces/innerkits/local_code_sign/src/local_code_sign_proxy.cpp @@ -43,7 +43,7 @@ int32_t LocalCodeSignProxy::InitLocalCertificate(ByteBuffer &cert) return ReadResultFromReply(reply, cert); } -int32_t LocalCodeSignProxy::SignLocalCode(const std::string &filePath, ByteBuffer &signature) +int32_t LocalCodeSignProxy::SignLocalCode(const std::string &ownerID, const std::string &filePath, ByteBuffer &signature) { MessageParcel data; MessageParcel reply; @@ -60,6 +60,13 @@ int32_t LocalCodeSignProxy::SignLocalCode(const std::string &filePath, ByteBuffe LOG_ERROR(LABEL, "Write string failed."); return CS_ERR_IPC_WRITE_DATA; } + + if (!ownerID.empty()) { + if (!data.WriteString(ownerID)) { + LOG_ERROR(LABEL, "Write ownerID string failed."); + return CS_ERR_IPC_WRITE_DATA; + } + } if (remote->SendRequest(static_cast(LocalCodeSignInterfaceCode::SIGN_LOCAL_CODE), data, reply, option) != NO_ERROR) { return CS_ERR_IPC_MSG_INVALID; diff --git a/services/local_code_sign/include/local_code_sign_service.h b/services/local_code_sign/include/local_code_sign_service.h index fd89d7f..f665f67 100644 --- a/services/local_code_sign/include/local_code_sign_service.h +++ b/services/local_code_sign/include/local_code_sign_service.h @@ -34,7 +34,7 @@ public: void OnStop() override; int32_t InitLocalCertificate(ByteBuffer &cert) override; - int32_t SignLocalCode(const std::string &filePath, ByteBuffer &signature) override; + int32_t SignLocalCode(const std::string &ownerID, const std::string &filePath, ByteBuffer &signature) override; void DelayUnloadTask() override; private: bool Init(); diff --git a/services/local_code_sign/src/local_code_sign_service.cpp b/services/local_code_sign/src/local_code_sign_service.cpp index cafbe33..da27c8a 100644 --- a/services/local_code_sign/src/local_code_sign_service.cpp +++ b/services/local_code_sign/src/local_code_sign_service.cpp @@ -113,7 +113,7 @@ int32_t LocalCodeSignService::InitLocalCertificate(ByteBuffer &cert) return CS_SUCCESS; } -int32_t LocalCodeSignService::SignLocalCode(const std::string &filePath, ByteBuffer &signature) +int32_t LocalCodeSignService::SignLocalCode(const std::string &ownerID, const std::string &filePath, ByteBuffer &signature) { ByteBuffer digest; std::string realPath; @@ -125,7 +125,7 @@ int32_t LocalCodeSignService::SignLocalCode(const std::string &filePath, ByteBuf LOG_ERROR(LABEL, "Generate formatted fsverity digest failed."); return CS_ERR_COMPUTE_DIGEST; } - return PKCS7Generator::GenerateSignature(LocalSignKey::GetInstance(), DEFAULT_HASH_ALGORITHM.c_str(), + return PKCS7Generator::GenerateSignature(ownerID, LocalSignKey::GetInstance(), DEFAULT_HASH_ALGORITHM.c_str(), digest, signature); } } diff --git a/services/local_code_sign/src/local_code_sign_stub.cpp b/services/local_code_sign/src/local_code_sign_stub.cpp index f2b9dda..7b723d0 100644 --- a/services/local_code_sign/src/local_code_sign_stub.cpp +++ b/services/local_code_sign/src/local_code_sign_stub.cpp @@ -85,9 +85,13 @@ int32_t LocalCodeSignStub::SignLocalCodeInner(MessageParcel &data, MessageParcel return CS_ERR_NO_PERMISSION; } std::string filePath = data.ReadString(); + std::string ownerID; + if (data.GetReadableBytes() > 0) { + ownerID = data.ReadString(); + } StartTrace(HITRACE_TAG_ACCESS_CONTROL, CODE_SIGN_ENABLE_START); ByteBuffer signature; - int32_t result = SignLocalCode(filePath, signature); + int32_t result = SignLocalCode(ownerID, filePath, signature); FinishTrace(HITRACE_TAG_ACCESS_CONTROL); if (!reply.WriteInt32(result)) { return CS_ERR_IPC_WRITE_DATA; diff --git a/services/local_code_sign/src/local_sign_key.cpp b/services/local_code_sign/src/local_sign_key.cpp index 85d94ad..7bbf54e 100644 --- a/services/local_code_sign/src/local_sign_key.cpp +++ b/services/local_code_sign/src/local_sign_key.cpp @@ -36,7 +36,7 @@ static const uint32_t CHALLENGE_LEN = 32; static const uint32_t SIGNATURE_COMMON_SIZE = 512; static const std::string SUPPORTED_SIGN_ALGORITHM = "ECDSA256"; -static constexpr uint32_t MAX_SIGN_SIZE = 128; +static constexpr uint32_t MAX_SIGN_SIZE = 65535; static const struct HksParam ECC_KEY_PRARAM[] = { { .tag = HKS_TAG_KEY_STORAGE_FLAG, .uint32Param = HKS_STORAGE_PERSISTENT }, diff --git a/test/unittest/BUILD.gn b/test/unittest/BUILD.gn index 86f8e1b..cffc478 100644 --- a/test/unittest/BUILD.gn +++ b/test/unittest/BUILD.gn @@ -28,7 +28,11 @@ ohos_unittest("code_sign_utils_unittest") { "${code_signature_root_dir}/interfaces/innerkits/code_sign_utils/include", ] - external_deps = [ "hilog:libhilog" ] + external_deps = [ + "hilog:libhilog", + "c_utils:utils", + ] + } ohos_unittest("local_code_sign_unittest") { diff --git a/test/unittest/code_sign_utils_test.cpp b/test/unittest/code_sign_utils_test.cpp index fd4c39b..ca81d7f 100644 --- a/test/unittest/code_sign_utils_test.cpp +++ b/test/unittest/code_sign_utils_test.cpp @@ -321,6 +321,23 @@ HWTEST_F(CodeSignUtilsTest, CodeSignUtilsTest_0012, TestSize.Level0) ret = CodeSignUtils::EnforceCodeSignForApp(g_hapWithMultiLibRetSuc, g_sigWithMultiLibRetSucPath); EXPECT_EQ(ret, CS_SUCCESS); } + +/** + * @tc.name: CodeSignUtilsTest_0013 + * @tc.desc: parse owner ID from signature failed, reason = invalid signature + * @tc.type: Func + * @tc.require: issueI88PPA + */ +HWTEST_F(CodeSignUtilsTest, CodeSignUtilsTest_0013, TestSize.Level0) +{ + ByteBuffer buffer; + std::string ownerID; + std::string invalid = "invalid msg"; + buffer.CopyFrom((const uint8_t *)invalid.c_str(), invalid.length()); + int ret = CodeSignUtils::ParseOwnerIdFromSignature(buffer, ownerID); + EXPECT_EQ(ret, CS_ERR_OPENSSL_PKCS7); +} + } // namespace CodeSign } // namespace Security } // namespace OHOS \ No newline at end of file diff --git a/test/unittest/local_code_sign_test.cpp b/test/unittest/local_code_sign_test.cpp index b1542dd..c2a42c0 100644 --- a/test/unittest/local_code_sign_test.cpp +++ b/test/unittest/local_code_sign_test.cpp @@ -23,6 +23,7 @@ #include "local_code_sign_client.h" #include "local_code_sign_kit.h" #include "local_code_sign_load_callback.h" +#include "signer_info.h" #include "log.h" using namespace OHOS::Security::CodeSign; @@ -34,6 +35,7 @@ namespace Security { namespace CodeSign { static const std::string AN_BASE_PATH = "/data/local/ark-cache/tmp/"; static const std::string DEMO_AN_PATH = AN_BASE_PATH + "demo.an"; +static const std::string DEMO_AN_PATH2 = AN_BASE_PATH + "demo2.an"; class LocalCodeSignTest : public testing::Test { public: @@ -75,7 +77,7 @@ HWTEST_F(LocalCodeSignTest, LocalCodeSignTest_0002, TestSize.Level0) /** * @tc.name: LocalCodeSignTest_0003 - * @tc.desc: sign local code successfully + * @tc.desc: sign local code successfully, owner ID is empty * @tc.type: Func * @tc.require: */ @@ -86,6 +88,10 @@ HWTEST_F(LocalCodeSignTest, LocalCodeSignTest_0003, TestSize.Level0) int ret = LocalCodeSignKit::SignLocalCode(DEMO_AN_PATH, sig); NativeTokenReset(selfTokenId); EXPECT_EQ(ret, CS_SUCCESS); + std::string retOwnerID; + ret = CodeSignUtils::ParseOwnerIdFromSignature(sig, retOwnerID); + EXPECT_EQ(ret, CS_ERR_NO_OWNER_ID); + EXPECT_EQ(retOwnerID, ""); ret = CodeSignUtils::EnforceCodeSignForFile(DEMO_AN_PATH, sig); EXPECT_EQ(ret, CS_SUCCESS); } @@ -171,6 +177,80 @@ HWTEST_F(LocalCodeSignTest, LocalCodeSignTest_0009, TestSize.Level0) LocalCodeSignLoadCallback cb; cb.OnLoadSystemAbilitySuccess(LOCAL_CODE_SIGN_SA_ID, nullptr); } + +/** + * @tc.name: LocalCodeSignTest_0010 + * @tc.desc: sign local code with owner ID successfully, parse owner ID from signature success + * @tc.type: Func + * @tc.require: issueI88PPA + */ +HWTEST_F(LocalCodeSignTest, LocalCodeSignTest_0010, TestSize.Level0) +{ + ByteBuffer sig; + uint64_t selfTokenId = NativeTokenSet("installs"); + std::string ownerID = "AppName123"; + int ret = LocalCodeSignKit::SignLocalCode(ownerID, DEMO_AN_PATH2, sig); + NativeTokenReset(selfTokenId); + EXPECT_EQ(ret, CS_SUCCESS); + + std::string retOwnerID; + ret = CodeSignUtils::ParseOwnerIdFromSignature(sig, retOwnerID); + EXPECT_EQ(ownerID, retOwnerID); + ret = CodeSignUtils::EnforceCodeSignForFile(DEMO_AN_PATH2, sig); + EXPECT_EQ(ret, CS_SUCCESS); +} + +/** + * @tc.name: LocalCodeSignTest_0011 + * @tc.desc: sign local code with empty owner ID successfully + * @tc.type: Func + * @tc.require: issueI88PPA + */ +HWTEST_F(LocalCodeSignTest, LocalCodeSignTest_0011, TestSize.Level0) +{ + ByteBuffer sig; + uint64_t selfTokenId = NativeTokenSet("installs"); + std::string ownerID = ""; + int ret = LocalCodeSignKit::SignLocalCode(ownerID, DEMO_AN_PATH2, sig); + NativeTokenReset(selfTokenId); + EXPECT_EQ(ret, CS_SUCCESS); + std::string retOwnerID; + ret = CodeSignUtils::ParseOwnerIdFromSignature(sig, retOwnerID); + EXPECT_EQ(ret, CS_ERR_NO_OWNER_ID); + EXPECT_EQ(retOwnerID, ""); +} + +/** + * @tc.name: LocalCodeSignTest_0012 + * @tc.desc: sign local code with owner ID failed, reason = invalid path + * @tc.type: Func + * @tc.require: issueI88PPA + */ +HWTEST_F(LocalCodeSignTest, LocalCodeSignTest_0012, TestSize.Level0) +{ + ByteBuffer sig; + uint64_t selfTokenId = NativeTokenSet("installs"); + std::string ownerID = "AppName123"; + int ret = LocalCodeSignKit::SignLocalCode(ownerID, DEMO_AN_PATH2 + "invalid", sig); + NativeTokenReset(selfTokenId); + EXPECT_EQ(ret, CS_ERR_FILE_PATH); +} + +/** + * @tc.name: LocalCodeSignTest_0013 + * @tc.desc: sign local code failed with invalid caller + * @tc.type: Func + * @tc.require: issueI88PPA + */ +HWTEST_F(LocalCodeSignTest, LocalCodeSignTest_0013, TestSize.Level0) +{ + ByteBuffer sig; + std::string ownerID = "AppName123"; + int ret = LocalCodeSignKit::SignLocalCode(ownerID, DEMO_AN_PATH2, sig); + EXPECT_EQ(ret, CS_ERR_NO_PERMISSION); +} + + } // namespace CodeSign } // namespace Security } // namespace OHOS diff --git a/test/unittest/multi_thread_local_sign_test.cpp b/test/unittest/multi_thread_local_sign_test.cpp index d00be68..bec0c5b 100644 --- a/test/unittest/multi_thread_local_sign_test.cpp +++ b/test/unittest/multi_thread_local_sign_test.cpp @@ -37,6 +37,8 @@ static constexpr uint32_t MULTI_THREAD_NUM = 10; static constexpr int64_t BUFFER_SIZE = 1024; static const std::string AN_BASE_PATH = "/data/local/ark-cache/tmp/multi_thread/"; static const std::string ORIGIN_AN_FILE = AN_BASE_PATH + "demo.an"; +static const std::string DemoWithownerID = AN_BASE_PATH + "demoWithownerID.an"; + static const char *g_validCaller = "installs"; uint64_t GetFileSize(int32_t fd) @@ -95,6 +97,24 @@ void LocalCodeSignAndEnforce() EXPECT_EQ(ret, CS_SUCCESS); } +void LocalCodeSignAndEnforceWithOwnerID() +{ + ByteBuffer sig; + uint64_t selfTokenId = NativeTokenSet(g_validCaller); + std::string ownerID = "AppName123"; + int ret = LocalCodeSignKit::SignLocalCode(ownerID, DemoWithownerID, sig); + std::thread::id thisId = std::this_thread::get_id(); + std::ostringstream oss; + oss << thisId; + std::string thisIdStr = oss.str(); + std::string tmpFileName = AN_BASE_PATH + thisIdStr + "demoWithownerID.an"; + EXPECT_EQ(DupFile(tmpFileName), true); + NativeTokenReset(selfTokenId); + EXPECT_EQ(ret, CS_SUCCESS); + ret = CodeSignUtils::EnforceCodeSignForFile(tmpFileName, sig); + EXPECT_EQ(ret, CS_SUCCESS); +} + class MultiThreadLocalSignTest : public testing::Test { public: MultiThreadLocalSignTest() {}; @@ -115,6 +135,18 @@ HWMTEST_F(MultiThreadLocalSignTest, MultiThreadLocalSignTest_0001, TestSize.Leve { LocalCodeSignAndEnforce(); } + +/** + * @tc.name: MultiThreadLocalSignTest_0002 + * @tc.desc: sign AN files with owner ID and enforce using multi threads + * @tc.type: Func + * @tc.require: + */ +HWMTEST_F(MultiThreadLocalSignTest, MultiThreadLocalSignTest_0002, TestSize.Level1, MULTI_THREAD_NUM) +{ + LocalCodeSignAndEnforceWithOwnerID(); +} + } // namespace CodeSign } // namespace Security } // namespace OHOS \ No newline at end of file diff --git a/test/unittest/resources/ohos_test.xml b/test/unittest/resources/ohos_test.xml index cbbd037..6922514 100644 --- a/test/unittest/resources/ohos_test.xml +++ b/test/unittest/resources/ohos_test.xml @@ -67,6 +67,7 @@