From e50fe21d8dab74196451e6a3845b03eab00db301 Mon Sep 17 00:00:00 2001 From: fundavid Date: Wed, 9 Apr 2025 12:18:06 +0800 Subject: [PATCH] mock token id Signed-off-by: fundavid --- test/common/BUILD.gn | 56 +++++++++++++ test/common/include/code_sign_test_common.h | 29 +++++++ test/common/src/code_sign_test_common.cpp | 78 +++++++++++++++++++ test/unittest/BUILD.gn | 5 +- test/unittest/code_sign_utils_test.cpp | 6 +- test/unittest/local_code_sign_test.cpp | 51 +++++++----- .../unittest/multi_thread_local_sign_test.cpp | 13 ++-- test/unittest/sign_and_enforce_test.cpp | 8 +- 8 files changed, 215 insertions(+), 31 deletions(-) create mode 100644 test/common/BUILD.gn create mode 100644 test/common/include/code_sign_test_common.h create mode 100644 test/common/src/code_sign_test_common.cpp diff --git a/test/common/BUILD.gn b/test/common/BUILD.gn new file mode 100644 index 0000000..004e289 --- /dev/null +++ b/test/common/BUILD.gn @@ -0,0 +1,56 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/ohos.gni") + +config("code_signature") { + include_dirs = [ "include" ] +} + +ohos_source_set("code_sign_test_common_source_set") { + branch_protector_ret = "pac_ret" + + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + } + + sources = [ "src/code_sign_test_common.cpp" ] + + public_configs = [ ":code_signature" ] + + cflags = [ "-pipe" ] + cflags_cc = [ + "-Wdate-time", + "-Wformat=2", + "-Wfloat-equal", + "-Wshadow", + ] + + if (target_cpu == "arm64") { + defines = [ "_ARM64_" ] + } + + deps = [] + + external_deps = [ + "access_token:libaccesstoken_sdk", + "access_token:libtokenid_sdk", + "access_token:libtokensetproc_shared", + "c_utils:utils", + "hilog:libhilog", + ] + subsystem_name = "security" + part_name = "code_signature" +} diff --git a/test/common/include/code_sign_test_common.h b/test/common/include/code_sign_test_common.h new file mode 100644 index 0000000..31841ac --- /dev/null +++ b/test/common/include/code_sign_test_common.h @@ -0,0 +1,29 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef CODE_SIGN_TEST_COMMON_H +#define CODE_SIGN_TEST_COMMON_H + +#include + +namespace OHOS { +namespace Security { +namespace CodeSign { + uint64_t GetTokenIdFromProcess(const std::string &process); + bool MockTokenId(const std::string &process); +} // namespace CodeSign +} // namespace Security +} // namespace OHOS +#endif // CODE_SIGN_TEST_COMMON_H diff --git a/test/common/src/code_sign_test_common.cpp b/test/common/src/code_sign_test_common.cpp new file mode 100644 index 0000000..69ffdc3 --- /dev/null +++ b/test/common/src/code_sign_test_common.cpp @@ -0,0 +1,78 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "code_sign_test_common.h" +#include +#include "accesstoken_kit.h" +#include "ipc_skeleton.h" +#include "token_setproc.h" + +namespace OHOS { +namespace Security { +namespace CodeSign { +using namespace OHOS::Security::AccessToken; + +namespace { + static uint64_t g_shellTokenID = IPCSkeleton::GetSelfTokenID(); +} + +static uint64_t GetTokenId(const AtmToolsParamInfo &info) +{ + std::string dumpInfo; + AccessTokenKit::DumpTokenInfo(info, dumpInfo); + size_t pos = dumpInfo.find("\"tokenID\": "); + if (pos == std::string::npos) { + return 0; + } + pos += std::string("\"tokenID\": ").length(); + std::string numStr; + while (pos < dumpInfo.length() && std::isdigit(dumpInfo[pos])) { + numStr += dumpInfo[pos]; + ++pos; + } + + std::istringstream iss(numStr); + uint64_t tokenID; + iss >> tokenID; + return tokenID; +} + +uint64_t GetTokenIdFromProcess(const std::string &process) +{ + auto tokenId = IPCSkeleton::GetSelfTokenID(); + SetSelfTokenID(g_shellTokenID); // only shell can dump tokenid + + AtmToolsParamInfo info; + info.processName = process; + auto res = GetTokenId(info); + + SetSelfTokenID(tokenId); + return res; +} + +bool MockTokenId(const std::string &process) +{ + auto mockTokenId = GetTokenIdFromProcess(process); + if (mockTokenId == 0) { + return false; + } + if (SetSelfTokenID(mockTokenId) != 0) { + return false; + } + return IPCSkeleton::GetSelfTokenID() != 0; +} +} // namespace CodeSign +} // namespace Security +} // namespace OHOS diff --git a/test/unittest/BUILD.gn b/test/unittest/BUILD.gn index 3813e5b..0a3e441 100644 --- a/test/unittest/BUILD.gn +++ b/test/unittest/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023-2024 Huawei Device Co., Ltd. +# Copyright (c) 2023-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -134,6 +134,7 @@ ohos_unittest("local_code_sign_unittest") { deps = [ "${code_signature_root_dir}/interfaces/inner_api/code_sign_utils:libcode_sign_utils", "${code_signature_root_dir}/interfaces/inner_api/local_code_sign:liblocal_code_sign_sdk", + "${code_signature_root_dir}/test/common:code_sign_test_common_source_set", ] include_dirs = [ @@ -222,6 +223,7 @@ ohos_unittest("sign_and_enforce_unittest") { deps = [ "${code_signature_root_dir}/interfaces/inner_api/code_sign_utils:libcode_sign_utils", "${code_signature_root_dir}/interfaces/inner_api/local_code_sign:liblocal_code_sign_sdk", + "${code_signature_root_dir}/test/common:code_sign_test_common_source_set", ] include_dirs = [ @@ -251,6 +253,7 @@ ohos_unittest("multi_thread_local_sign_unittest") { deps = [ "${code_signature_root_dir}/interfaces/inner_api/code_sign_utils:libcode_sign_utils", "${code_signature_root_dir}/interfaces/inner_api/local_code_sign:liblocal_code_sign_sdk", + "${code_signature_root_dir}/test/common:code_sign_test_common_source_set", ] include_dirs = [ diff --git a/test/unittest/code_sign_utils_test.cpp b/test/unittest/code_sign_utils_test.cpp index aec1406..6c3089b 100644 --- a/test/unittest/code_sign_utils_test.cpp +++ b/test/unittest/code_sign_utils_test.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023-2024 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -579,6 +579,10 @@ HWTEST_F(CodeSignUtilsTest, CodeSignUtilsTest_0024, TestSize.Level0) if (!SaveStringToFile(XPM_DEBUG_FS_MODE_PATH, PERMISSIVE_MODE)) { return; } + if (!CodeSignUtils::InPermissiveMode()) { + SaveStringToFile(XPM_DEBUG_FS_MODE_PATH, ENFORCE_MODE); + return; + } EntryMap entryMap; CodeSignUtils utils; std::string hapRealPath = APP_BASE_PATH + "/demo_without_lib/demo_without_lib.hap"; diff --git a/test/unittest/local_code_sign_test.cpp b/test/unittest/local_code_sign_test.cpp index 07938da..2a0f228 100644 --- a/test/unittest/local_code_sign_test.cpp +++ b/test/unittest/local_code_sign_test.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -19,6 +19,7 @@ #include "access_token_setter.h" #include "byte_buffer.h" +#include "code_sign_test_common.h" #include "code_sign_utils.h" #include "local_code_sign_client.h" #include "local_code_sign_kit.h" @@ -57,9 +58,10 @@ public: HWTEST_F(LocalCodeSignTest, LocalCodeSignTest_0001, TestSize.Level0) { ByteBuffer cert; - uint64_t selfTokenId = NativeTokenSet("key_enable"); + uint64_t selfTokenId = GetSelfTokenID(); + EXPECT_TRUE(MockTokenId("key_enable")); int ret = LocalCodeSignKit::InitLocalCertificate(cert); - NativeTokenReset(selfTokenId); + EXPECT_EQ(0, SetSelfTokenID(selfTokenId)); EXPECT_EQ(ret, CS_SUCCESS); } @@ -85,9 +87,10 @@ HWTEST_F(LocalCodeSignTest, LocalCodeSignTest_0002, TestSize.Level0) HWTEST_F(LocalCodeSignTest, LocalCodeSignTest_0003, TestSize.Level0) { ByteBuffer sig; - uint64_t selfTokenId = NativeTokenSet("compiler_service"); + uint64_t selfTokenId = GetSelfTokenID(); + EXPECT_TRUE(MockTokenId("compiler_service")); int ret = LocalCodeSignKit::SignLocalCode(DEMO_AN_PATH, sig); - NativeTokenReset(selfTokenId); + EXPECT_EQ(0, SetSelfTokenID(selfTokenId)); EXPECT_EQ(ret, CS_SUCCESS); std::string retOwnerID; ret = CodeSignUtils::ParseOwnerIdFromSignature(sig, retOwnerID); @@ -119,9 +122,10 @@ HWTEST_F(LocalCodeSignTest, LocalCodeSignTest_0004, TestSize.Level0) HWTEST_F(LocalCodeSignTest, LocalCodeSignTest_0005, TestSize.Level0) { ByteBuffer sig; - uint64_t selfTokenId = NativeTokenSet("compiler_service"); + uint64_t selfTokenId = GetSelfTokenID(); + EXPECT_TRUE(MockTokenId("compiler_service")); int ret = LocalCodeSignKit::SignLocalCode(DEMO_AN_PATH + "invalid", sig); - NativeTokenReset(selfTokenId); + EXPECT_EQ(0, SetSelfTokenID(selfTokenId)); EXPECT_EQ(ret, CS_ERR_FILE_PATH); } @@ -152,10 +156,11 @@ HWTEST_F(LocalCodeSignTest, LocalCodeSignTest_0006, TestSize.Level0) HWTEST_F(LocalCodeSignTest, LocalCodeSignTest_0007, TestSize.Level0) { ByteBuffer sig; - uint64_t selfTokenId = NativeTokenSet("compiler_service"); + uint64_t selfTokenId = GetSelfTokenID(); + EXPECT_TRUE(MockTokenId("compiler_service")); std::string ownerID = "AppName123"; int ret = LocalCodeSignKit::SignLocalCode(ownerID, DEMO_AN_PATH2, sig); - NativeTokenReset(selfTokenId); + EXPECT_EQ(0, SetSelfTokenID(selfTokenId)); EXPECT_EQ(ret, CS_SUCCESS); std::string retOwnerID; @@ -174,10 +179,11 @@ HWTEST_F(LocalCodeSignTest, LocalCodeSignTest_0007, TestSize.Level0) HWTEST_F(LocalCodeSignTest, LocalCodeSignTest_0008, TestSize.Level0) { ByteBuffer sig; - uint64_t selfTokenId = NativeTokenSet("compiler_service"); + uint64_t selfTokenId = GetSelfTokenID(); + EXPECT_TRUE(MockTokenId("compiler_service")); std::string ownerID = ""; int ret = LocalCodeSignKit::SignLocalCode(ownerID, DEMO_AN_PATH2, sig); - NativeTokenReset(selfTokenId); + EXPECT_EQ(0, SetSelfTokenID(selfTokenId)); EXPECT_EQ(ret, CS_SUCCESS); std::string retOwnerID; ret = CodeSignUtils::ParseOwnerIdFromSignature(sig, retOwnerID); @@ -194,10 +200,11 @@ HWTEST_F(LocalCodeSignTest, LocalCodeSignTest_0008, TestSize.Level0) HWTEST_F(LocalCodeSignTest, LocalCodeSignTest_0009, TestSize.Level0) { ByteBuffer sig; - uint64_t selfTokenId = NativeTokenSet("compiler_service"); + uint64_t selfTokenId = GetSelfTokenID(); + EXPECT_TRUE(MockTokenId("compiler_service")); std::string ownerID = "AppName123"; int ret = LocalCodeSignKit::SignLocalCode(ownerID, DEMO_AN_PATH2 + "invalid", sig); - NativeTokenReset(selfTokenId); + EXPECT_EQ(0, SetSelfTokenID(selfTokenId)); EXPECT_EQ(ret, CS_ERR_FILE_PATH); } @@ -224,10 +231,11 @@ HWTEST_F(LocalCodeSignTest, LocalCodeSignTest_0010, TestSize.Level0) HWTEST_F(LocalCodeSignTest, LocalCodeSignTest_0011, TestSize.Level0) { ByteBuffer sig; - uint64_t selfTokenId = NativeTokenSet("compiler_service"); + uint64_t selfTokenId = GetSelfTokenID(); + EXPECT_TRUE(MockTokenId("compiler_service")); std::string ownerID(33, 'a'); int ret = LocalCodeSignKit::SignLocalCode(ownerID, DEMO_AN_PATH2, sig); - NativeTokenReset(selfTokenId); + EXPECT_EQ(0, SetSelfTokenID(selfTokenId)); EXPECT_EQ(ret, CS_ERR_INVALID_OWNER_ID); } @@ -240,20 +248,21 @@ HWTEST_F(LocalCodeSignTest, LocalCodeSignTest_0011, TestSize.Level0) HWTEST_F(LocalCodeSignTest, LocalCodeSignTest_0012, TestSize.Level0) { ByteBuffer sig; - uint64_t selfTokenId = NativeTokenSet("compiler_service"); + uint64_t selfTokenId = GetSelfTokenID(); + EXPECT_TRUE(MockTokenId("compiler_service")); std::string ownerID = "AppName123"; - + int ret = LocalCodeSignKit::SignLocalCode(ownerID, DEMO_AN_PATH2, sig); - - NativeTokenSet("local_code_sign"); + + EXPECT_TRUE(MockTokenId("local_code_sign")); sptr samgr = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); EXPECT_NE(samgr, nullptr); ret = samgr->UnloadSystemAbility(LOCAL_CODE_SIGN_SA_ID); EXPECT_EQ(ret, ERR_OK); - NativeTokenSet("compiler_service"); + EXPECT_TRUE(MockTokenId("compiler_service")); LocalCodeSignKit::SignLocalCode(ownerID, DEMO_AN_PATH2, sig); - NativeTokenReset(selfTokenId); + EXPECT_EQ(0, SetSelfTokenID(selfTokenId)); } /** diff --git a/test/unittest/multi_thread_local_sign_test.cpp b/test/unittest/multi_thread_local_sign_test.cpp index a111c4e..197dc8b 100644 --- a/test/unittest/multi_thread_local_sign_test.cpp +++ b/test/unittest/multi_thread_local_sign_test.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023-2024 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,6 +21,7 @@ #include "access_token_setter.h" #include "byte_buffer.h" +#include "code_sign_test_common.h" #include "code_sign_utils.h" #include "local_code_sign_kit.h" #include "local_key_helper.h" @@ -84,7 +85,8 @@ static bool DupFile(const std::string &path) void LocalCodeSignAndEnforce() { ByteBuffer sig; - uint64_t selfTokenId = NativeTokenSet(VALID_CALLER); + uint64_t selfTokenId = GetSelfTokenID(); + EXPECT_TRUE(MockTokenId(VALID_CALLER)); int ret = LocalCodeSignKit::SignLocalCode(ORIGIN_AN_FILE, sig); std::thread::id thisId = std::this_thread::get_id(); std::ostringstream oss; @@ -92,7 +94,7 @@ void LocalCodeSignAndEnforce() std::string thisIdStr = oss.str(); std::string tmpFileName = AN_BASE_PATH + thisIdStr + ".an"; EXPECT_EQ(DupFile(tmpFileName), true); - NativeTokenReset(selfTokenId); + EXPECT_EQ(0, SetSelfTokenID(selfTokenId)); EXPECT_EQ(ret, CS_SUCCESS); ret = CodeSignUtils::EnforceCodeSignForFile(tmpFileName, sig); EXPECT_EQ(ret, GetEnforceFileResult()); @@ -101,7 +103,8 @@ void LocalCodeSignAndEnforce() void LocalCodeSignAndEnforceWithOwnerID() { ByteBuffer sig; - uint64_t selfTokenId = NativeTokenSet(VALID_CALLER); + uint64_t selfTokenId = GetSelfTokenID(); + EXPECT_TRUE(MockTokenId(VALID_CALLER)); std::string ownerID = "AppName123"; int ret = LocalCodeSignKit::SignLocalCode(ownerID, DEMO_WITHOWNER_ID, sig); std::thread::id thisId = std::this_thread::get_id(); @@ -110,7 +113,7 @@ void LocalCodeSignAndEnforceWithOwnerID() std::string thisIdStr = oss.str(); std::string tmpFileName = AN_BASE_PATH + thisIdStr + "demoWithownerID.an"; EXPECT_EQ(DupFile(tmpFileName), true); - NativeTokenReset(selfTokenId); + EXPECT_EQ(0, SetSelfTokenID(selfTokenId)); EXPECT_EQ(ret, CS_SUCCESS); ret = CodeSignUtils::EnforceCodeSignForFile(tmpFileName, sig); EXPECT_EQ(ret, GetEnforceFileResult()); diff --git a/test/unittest/sign_and_enforce_test.cpp b/test/unittest/sign_and_enforce_test.cpp index c8204d2..5da5576 100644 --- a/test/unittest/sign_and_enforce_test.cpp +++ b/test/unittest/sign_and_enforce_test.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023-2024 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -22,6 +22,7 @@ #include #include "access_token_setter.h" #include "byte_buffer.h" +#include "code_sign_test_common.h" #include "code_sign_utils.h" #include "local_code_sign_kit.h" #include "local_key_helper.h" @@ -136,9 +137,10 @@ static bool ModifyPkcs7SignerwithTargetFunc(ByteBuffer &src, ByteBuffer &dst, static void InvokeLocalCodeSign(const std::string &filePath, ByteBuffer &sig) { - uint64_t selfTokenId = NativeTokenSet(VALID_CALLER); + uint64_t selfTokenId = GetSelfTokenID(); + EXPECT_TRUE(MockTokenId(VALID_CALLER)); int ret = LocalCodeSignKit::SignLocalCode(filePath, sig); - NativeTokenReset(selfTokenId); + EXPECT_EQ(0, SetSelfTokenID(selfTokenId)); EXPECT_EQ(ret, CS_SUCCESS); } -- Gitee