diff --git a/frameworks/BUILD.gn b/frameworks/BUILD.gn index 07ba260c5eb973c7dc6b9f169c87043bb9549fef..a287271ea0709549fc3e014adcd3a9a883da26a8 100644 --- a/frameworks/BUILD.gn +++ b/frameworks/BUILD.gn @@ -106,6 +106,7 @@ ohos_source_set("security_component_enhance_adapter_src_set") { } ohos_source_set("security_component_no_cfi_framework_src_set") { + branch_protector_ret = "pac_ret" subsystem_name = "security" part_name = "security_component_manager" include_dirs = [ @@ -141,6 +142,7 @@ ohos_source_set("security_component_no_cfi_framework_src_set") { } ohos_source_set("security_component_no_cfi_enhance_adapter_src_set") { + branch_protector_ret = "pac_ret" subsystem_name = "security" part_name = "security_component_manager" include_dirs = [ diff --git a/frameworks/common/src/sec_comp_tool.cpp b/frameworks/common/src/sec_comp_tool.cpp index 824ac4d7494a6c19998f9a46002d2c2a7cf82cff..8868d48c32692db2581c37d107baf38d27de4c9c 100644 --- a/frameworks/common/src/sec_comp_tool.cpp +++ b/frameworks/common/src/sec_comp_tool.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2024 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -35,7 +35,7 @@ static constexpr double TWO_HUNDREDS_FORTY_ANGLE = 240.0; static constexpr double THREE_HUNDREDS_SIXTY_ANGLE = 360.0; static constexpr double DEFAULT_R = 100.0; static const uint8_t MAX_ALPHA = 0xFF; -static const double MIN_CONTRACST_ALPHA = 0.5; +static const double MIN_CONTRAST_ALPHA = 0.5; constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_SECURITY_COMPONENT, "SecCompTool"}; } @@ -129,7 +129,7 @@ static bool IsColorAplhaSimilar(const SecCompColor& fgColor, const SecCompColor& double bgAlpha = static_cast(bgColor.argb.alpha) / MAX_ALPHA; double mixAlpha = fgAlpha + bgAlpha - fgAlpha * bgAlpha; - if (GreatNotEqual(bgAlpha / mixAlpha, MIN_CONTRACST_ALPHA)) { + if (GreatNotEqual(bgAlpha / mixAlpha, MIN_CONTRAST_ALPHA)) { SC_LOG_ERROR(LABEL, "FgAlpha=%{public}x BgAlpha=%{public}x is similar, check failed", fgColor.argb.alpha, bgColor.argb.alpha); return true; diff --git a/frameworks/enhance_adapter/src/sec_comp_enhance_adapter.cpp b/frameworks/enhance_adapter/src/sec_comp_enhance_adapter.cpp index f0ee25b174dba27fb4bd937fddb92423952d891c..633389bbd02ecad12ade55a829e330a7afe6638e 100644 --- a/frameworks/enhance_adapter/src/sec_comp_enhance_adapter.cpp +++ b/frameworks/enhance_adapter/src/sec_comp_enhance_adapter.cpp @@ -30,17 +30,9 @@ namespace { static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { LOG_CORE, SECURITY_DOMAIN_SECURITY_COMPONENT, "SecCompEnhanceAdapter"}; -#if defined(__LP64__) -static const std::string LIB_PATH = "/system/lib64/"; -#else -static const std::string LIB_PATH = "/system/lib/"; -#endif -static const std::string INNER_PATH = "platformsdk/"; -static const std::string ENHANCE_INPUT_INTERFACE_LIB = - LIB_PATH + INNER_PATH + "libsecurity_component_client_enhance.z.so"; -static const std::string ENHANCE_SRV_INTERFACE_LIB = LIB_PATH + "libsecurity_component_service_enhance.z.so"; -static const std::string ENHANCE_CLIENT_INTERFACE_LIB = - LIB_PATH + INNER_PATH + "libsecurity_component_client_enhance.z.so"; +static const std::string ENHANCE_INPUT_INTERFACE_LIB = "libsecurity_component_client_enhance.z.so"; +static const std::string ENHANCE_SRV_INTERFACE_LIB = "libsecurity_component_service_enhance.z.so"; +static const std::string ENHANCE_CLIENT_INTERFACE_LIB = "libsecurity_component_client_enhance.z.so"; } SecCompInputEnhanceInterface* SecCompEnhanceAdapter::inputHandler = nullptr; diff --git a/frameworks/security_component/src/sec_comp_base.cpp b/frameworks/security_component/src/sec_comp_base.cpp index 4e3cba14204558991a3f86e510fa62b9463c7a11..84b3a78e86abe9febf705cac8c65ab490cd55f83 100644 --- a/frameworks/security_component/src/sec_comp_base.cpp +++ b/frameworks/security_component/src/sec_comp_base.cpp @@ -345,7 +345,6 @@ bool SecCompBase::CompareComponentBasicInfo(SecCompBase *other, bool isRectCheck bool SecCompBase::ParseStyle(const nlohmann::json& json, const std::string& tag) { - SC_LOG_ERROR(LABEL, "1111"); if ((json.find(tag) == json.end()) || !json.at(tag).is_object()) { SC_LOG_ERROR(LABEL, "json: %{public}s tag invalid.", tag.c_str()); return false; @@ -377,7 +376,6 @@ bool SecCompBase::ParseStyle(const nlohmann::json& json, const std::string& tag) SC_LOG_ERROR(LABEL, "bg is invalid."); return false; } - SC_LOG_ERROR(LABEL, "2222"); return true; } } // namespace base diff --git a/hisysevent.yaml b/hisysevent.yaml index 8a49236447a48838e0456ca594890e5032ed2d30..276653122afd67f460fc31df96e6bea8580f196b 100644 --- a/hisysevent.yaml +++ b/hisysevent.yaml @@ -17,6 +17,7 @@ CALLBACK_FAILED: __BASE: {type: SECURITY, level: CRITICAL, desc: Failed to execute the callback} CALLER_PID: {type: INT32, desc: caller pid} CALLER_UID: {type: INT32, desc: caller uid} + CALLER_BUNDLE_NAME: {type: STRING, desc: caller bundle name} CALL_SCENE: {type: STRING, desc: call scene} REASON: {type: STRING, desc: callback execution failure cause} SC_ID: {type: INT32, desc: security component id} @@ -26,12 +27,14 @@ CALLER_CHECK_FAILED: __BASE: {type: SECURITY, level: CRITICAL, desc: Illegal invocation} CALLER_PID: {type: INT32, desc: caller pid} CALLER_UID: {type: INT32, desc: caller uid} + CALLER_BUNDLE_NAME: {type: STRING, desc: caller bundle name} CALL_SCENE: {type: STRING, desc: call scene} CHALLENGE_CHECK_FAILED: __BASE: {type: SECURITY, level: CRITICAL, desc: Challenge value verification failed} CALLER_PID: {type: INT32, desc: caller pid} CALLER_UID: {type: INT32, desc: caller uid} + CALLER_BUNDLE_NAME: {type: STRING, desc: caller bundle name} CALL_SCENE: {type: STRING, desc: call scene} SC_ID: {type: INT32, desc: security component id} SC_TYPE: {type: STRING, desc: security component type} @@ -40,6 +43,7 @@ CLICK_INFO_CHECK_FAILED: __BASE: {type: SECURITY, level: CRITICAL, desc: Failed to verify the click event} CALLER_PID: {type: INT32, desc: caller pid} CALLER_UID: {type: INT32, desc: caller uid} + CALLER_BUNDLE_NAME: {type: STRING, desc: caller bundle name} SC_ID: {type: INT32, desc: security component id} SC_TYPE: {type: STRING, desc: security component type} @@ -47,6 +51,7 @@ COMPONENT_INFO_CHECK_FAILED: __BASE: {type: SECURITY, level: CRITICAL, desc: Failed to verify the component information} CALLER_PID: {type: INT32, desc: caller pid} CALLER_UID: {type: INT32, desc: caller uid} + CALLER_BUNDLE_NAME: {type: STRING, desc: caller bundle name} CALL_SCENE: {type: STRING, desc: call scene} SC_ID: {type: INT32, desc: security component id} SC_TYPE: {type: STRING, desc: security component type} @@ -55,6 +60,7 @@ INIT_FAILED: __BASE: {type: FAULT, level: CRITICAL, desc: Failed to initialize the security component environment} CALLER_PID: {type: INT32, desc: caller pid} CALLER_UID: {type: INT32, desc: caller uid} + CALLER_BUNDLE_NAME: {type: STRING, desc: caller bundle name} REASON: {type: STRING, desc: callback execution failure cause} REGISTER_SUCCESS: @@ -79,6 +85,7 @@ TEMP_GRANT_FAILED: __BASE: {type: FAULT, level: CRITICAL, desc: Security component authorization failed} CALLER_PID: {type: INT32, desc: caller pid} CALLER_UID: {type: INT32, desc: caller uid} + CALLER_BUNDLE_NAME: {type: STRING, desc: caller bundle name} SC_ID: {type: INT32, desc: security component id} SC_TYPE: {type: STRING, desc: security component type} @@ -98,6 +105,7 @@ UNREGISTER_SUCCESS: SESSION_INFO_CHECK_FAILED: __BASE: {type: BEHAVIOR, level: MINOR, desc: Failed to verify session information} CALLER_PID: {type: INT32, desc: caller pid} + CALLER_BUNDLE_NAME: {type: STRING, desc: caller bundle name} CLIENT_SESSION_ID: {type: INT32, desc: session id stored in client} CLIENT_SEQ_NUM: {type: INT32, desc: sequence number stored in client} SERVICE_SESSION_ID: {type: INT32, desc: session id stored in server} @@ -106,6 +114,7 @@ SESSION_INFO_CHECK_FAILED: CALLBACK_INFO_CHECK_FAILED: __BASE: {type: BEHAVIOR, level: MINOR, desc: Failed to verify session information} CALLER_PID: {type: INT32, desc: caller pid} + CALLER_BUNDLE_NAME: {type: STRING, desc: caller bundle name} CLIENT_SESSION_ID: {type: INT32, desc: session id stored in client} CLIENT_SEQ_NUM: {type: INT32, desc: sequence number stored in client} SERVICE_SESSION_ID: {type: INT32, desc: session id stored in server} @@ -115,5 +124,6 @@ PREPROCESS_MESSAGE_FAILED: __BASE: {type: BEHAVIOR, level: MINOR, desc: Failed to verify session information} PREPROCESS_TYPE: {type: INT32, desc: preprocess type} CALLER_PID: {type: INT32, desc: caller pid} + CALLER_BUNDLE_NAME: {type: STRING, desc: caller bundle name} CLIENT_SESSION_ID: {type: INT32, desc: session id stored in client} CLIENT_SEQ_NUM: {type: INT32, desc: sequence number stored in client} diff --git a/interfaces/inner_api/enhance_kits/BUILD.gn b/interfaces/inner_api/enhance_kits/BUILD.gn index d7d812a270151a3638e62a5aa73641b6bc75aa81..49f1699f182b4608b8a2043688788d4d8c089b44 100644 --- a/interfaces/inner_api/enhance_kits/BUILD.gn +++ b/interfaces/inner_api/enhance_kits/BUILD.gn @@ -60,6 +60,7 @@ ohos_source_set("security_component_enhance_sdk_src_set") { } ohos_source_set("security_component_no_cfi_enhance_sdk_src_set") { + branch_protector_ret = "pac_ret" subsystem_name = "security" part_name = "security_component_manager" public_configs = [ ":sec_comp_enhance_config" ] diff --git a/interfaces/inner_api/enhance_kits/test/unittest/src/sec_comp_enhance_test.cpp b/interfaces/inner_api/enhance_kits/test/unittest/src/sec_comp_enhance_test.cpp index b2987cebc63a2349cc7eb43c8ed416eae847e8a2..b0d70fc6c00f00082e1ffc79367f19c3a689b188 100644 --- a/interfaces/inner_api/enhance_kits/test/unittest/src/sec_comp_enhance_test.cpp +++ b/interfaces/inner_api/enhance_kits/test/unittest/src/sec_comp_enhance_test.cpp @@ -13,6 +13,7 @@ * limitations under the License. */ #include "sec_comp_enhance_test.h" +#include #include #include "sec_comp_err.h" #include "sec_comp_log.h" @@ -27,27 +28,24 @@ static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { static bool g_inputEnhanceExist = false; static bool g_srvEnhanceExist = false; static constexpr uint32_t SEC_COMP_ENHANCE_CFG_SIZE = 76; -#if defined(__LP64__) -static const std::string LIB_PATH = "/system/lib64/"; -#else -static const std::string LIB_PATH = "/system/lib/"; -#endif -static const std::string INNER_PATH = "platformsdk/"; -static const std::string ENHANCE_INPUT_INTERFACE_LIB = - LIB_PATH + INNER_PATH + "libsecurity_component_client_enhance.z.so"; -static const std::string ENHANCE_SRV_INTERFACE_LIB = LIB_PATH + "libsecurity_component_service_enhance.z.so"; +static const std::string ENHANCE_INPUT_INTERFACE_LIB = "libsecurity_component_client_enhance.z.so"; +static const std::string ENHANCE_SRV_INTERFACE_LIB = "libsecurity_component_service_enhance.z.so"; static constexpr uint32_t MAX_HMAC_SIZE = 64; } // namespace void SecCompEnhanceTest::SetUpTestCase() { - if (access(ENHANCE_INPUT_INTERFACE_LIB.c_str(), F_OK) == 0) { + void *handle = dlopen(ENHANCE_INPUT_INTERFACE_LIB.c_str(), RTLD_LAZY); + if (handle != nullptr) { g_inputEnhanceExist = true; } + dlclose(handle); - if (access(ENHANCE_SRV_INTERFACE_LIB.c_str(), F_OK) == 0) { + handle = dlopen(ENHANCE_SRV_INTERFACE_LIB.c_str(), RTLD_LAZY); + if (handle != nullptr) { g_srvEnhanceExist = true; } + dlclose(handle); system("kill -9 `pidof security_component_service`"); SC_LOG_INFO(LABEL, "SetUpTestCase."); } diff --git a/interfaces/inner_api/security_component/BUILD.gn b/interfaces/inner_api/security_component/BUILD.gn index 902358ee7e81059749df90de133e97d57f9d092a..89faa9748ae45a837a60fa5634f97d9b58eff441 100644 --- a/interfaces/inner_api/security_component/BUILD.gn +++ b/interfaces/inner_api/security_component/BUILD.gn @@ -26,6 +26,7 @@ config("sec_comp_config") { } ohos_shared_library("libsecurity_component_sdk") { + branch_protector_ret = "pac_ret" subsystem_name = "security" part_name = "security_component_manager" output_name = "libsecurity_component_sdk" @@ -62,6 +63,8 @@ ohos_shared_library("libsecurity_component_sdk") { external_deps = [ "access_token:libaccesstoken_sdk", + "bundle_framework:appexecfwk_base", + "bundle_framework:appexecfwk_core", "c_utils:utils", "hilog:libhilog", "hisysevent:libhisysevent", diff --git a/interfaces/inner_api/security_component/include/save_button.h b/interfaces/inner_api/security_component/include/save_button.h index 59ead6578cd89632db37003ec83299ea86198dbc..e0000de310c8525b57591b2aea910f5b0975e59a 100644 --- a/interfaces/inner_api/security_component/include/save_button.h +++ b/interfaces/inner_api/security_component/include/save_button.h @@ -33,6 +33,9 @@ enum class SaveDesc : int32_t { RECEIVE = 6, CONTINUE_TO_RECEIVE = 7, SAVE_TO_GALLERY = 8, + EXPORT_TO_GALLERY = 9, + QUICK_SAVE_TO_GALLERY = 10, + RESAVE_TO_GALLERY = 11, MAX_LABEL_TYPE }; diff --git a/interfaces/inner_api/security_component/src/sec_comp_kit.cpp b/interfaces/inner_api/security_component/src/sec_comp_kit.cpp index c7a9e9431267a66700d7b7e20ed2a6a5a00925a4..6df28a158b61794794c47b5f8feb5698d3e67825 100644 --- a/interfaces/inner_api/security_component/src/sec_comp_kit.cpp +++ b/interfaces/inner_api/security_component/src/sec_comp_kit.cpp @@ -14,6 +14,7 @@ */ #include "sec_comp_kit.h" +#include "bundle_mgr_client.h" #include "hisysevent.h" #include "ipc_skeleton.h" #include "sec_comp_caller_authorization.h" @@ -35,8 +36,12 @@ int32_t SecCompKit::RegisterSecurityComponent(SecCompType type, if (!SecCompCallerAuthorization::GetInstance().IsKitCaller( reinterpret_cast(__builtin_return_address(0)))) { SC_LOG_ERROR(LABEL, "register security component fail, caller invalid"); + int32_t uid = IPCSkeleton::GetCallingUid(); + OHOS::AppExecFwk::BundleMgrClient bmsClient; + std::string bundleName = ""; + bmsClient.GetNameForUid(uid, bundleName); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "CALLER_CHECK_FAILED", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", IPCSkeleton::GetCallingUid(), + HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", uid, "CALLER_BUNDLE_NAME", bundleName, "CALLER_PID", IPCSkeleton::GetCallingRealPid(), "CALL_SCENE", "REGITSTER"); return SC_SERVICE_ERROR_CALLER_INVALID; } @@ -60,8 +65,12 @@ int32_t SecCompKit::UpdateSecurityComponent(int32_t scId, std::string& component if (!SecCompCallerAuthorization::GetInstance().IsKitCaller( reinterpret_cast(__builtin_return_address(0)))) { SC_LOG_ERROR(LABEL, "update security component fail, caller invalid"); + int32_t uid = IPCSkeleton::GetCallingUid(); + OHOS::AppExecFwk::BundleMgrClient bmsClient; + std::string bundleName = ""; + bmsClient.GetNameForUid(uid, bundleName); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "CALLER_CHECK_FAILED", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", IPCSkeleton::GetCallingUid(), + HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", uid, "CALLER_BUNDLE_NAME", bundleName, "CALLER_PID", IPCSkeleton::GetCallingRealPid(), "CALL_SCENE", "UPDATE"); return SC_SERVICE_ERROR_CALLER_INVALID; } @@ -99,8 +108,12 @@ int32_t SecCompKit::ReportSecurityComponentClickEvent(int32_t scId, if (!SecCompCallerAuthorization::GetInstance().IsKitCaller( reinterpret_cast(__builtin_return_address(0)))) { SC_LOG_ERROR(LABEL, "report click event fail, caller invalid"); + int32_t uid = IPCSkeleton::GetCallingUid(); + OHOS::AppExecFwk::BundleMgrClient bmsClient; + std::string bundleName = ""; + bmsClient.GetNameForUid(uid, bundleName); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "CALLER_CHECK_FAILED", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", IPCSkeleton::GetCallingUid(), + HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", uid, "CALLER_BUNDLE_NAME", bundleName, "CALLER_PID", IPCSkeleton::GetCallingRealPid(), "CALL_SCENE", "CLICK"); return SC_SERVICE_ERROR_CALLER_INVALID; } diff --git a/interfaces/inner_api/security_component/src/sec_comp_proxy.cpp b/interfaces/inner_api/security_component/src/sec_comp_proxy.cpp index 85e48191d05640752dc048f974ae7999aad8f350..f8eb8029cdb4b74d222bb51bbcf1229b30b7c98f 100644 --- a/interfaces/inner_api/security_component/src/sec_comp_proxy.cpp +++ b/interfaces/inner_api/security_component/src/sec_comp_proxy.cpp @@ -283,25 +283,17 @@ int32_t SecCompProxy::ReportSecurityComponentClickEvent(int32_t scId, bool SecCompProxy::VerifySavePermission(AccessToken::AccessTokenID tokenId) { std::lock_guard lock(useIPCMutex_); - MessageParcel rawData; MessageParcel data; if (!data.WriteInterfaceToken(SecCompProxy::GetDescriptor())) { SC_LOG_ERROR(LABEL, "Verify write descriptor failed."); return false; } - - if (!rawData.WriteUint32(tokenId)) { + if (!data.WriteUint32(tokenId)) { SC_LOG_ERROR(LABEL, "Verify write tokenId failed."); return false; } - if (!SecCompEnhanceAdapter::EnhanceClientSerialize(rawData, data)) { - SC_LOG_ERROR(LABEL, "Verify serialize session info failed."); - return false; - } - MessageParcel reply; - MessageParcel deserializedReply; MessageOption option(MessageOption::TF_SYNC); sptr remote = Remote(); if (remote == nullptr) { @@ -311,19 +303,12 @@ bool SecCompProxy::VerifySavePermission(AccessToken::AccessTokenID tokenId) int32_t requestResult = remote->SendRequest( static_cast(SecurityComponentServiceInterfaceCode::VERIFY_TEMP_SAVE_PERMISSION), data, reply, option); - - if (!SecCompEnhanceAdapter::EnhanceClientDeserialize(reply, deserializedReply)) { - SC_LOG_ERROR(LABEL, "Verify deserialize session info failed."); - return false; - } - if (requestResult != SC_OK) { SC_LOG_ERROR(LABEL, "Verify request failed, result: %{public}d.", requestResult); return false; } - bool res; - if (!deserializedReply.ReadBool(res)) { + if (!reply.ReadBool(res)) { SC_LOG_ERROR(LABEL, "Verify read res failed."); return false; } diff --git a/interfaces/inner_api/security_component/test/BUILD.gn b/interfaces/inner_api/security_component/test/BUILD.gn index cf8b6c89e2780d1d688fbff18273b9814987e104..a9a039b34d9806db47c971a91a9566f81496772c 100644 --- a/interfaces/inner_api/security_component/test/BUILD.gn +++ b/interfaces/inner_api/security_component/test/BUILD.gn @@ -58,6 +58,8 @@ ohos_unittest("sec_comp_sdk_test") { external_deps = [ "access_token:libaccesstoken_sdk", + "bundle_framework:appexecfwk_base", + "bundle_framework:appexecfwk_core", "c_utils:utils", "hilog:libhilog", "hisysevent:libhisysevent", @@ -96,6 +98,8 @@ ohos_unittest("sec_comp_register_callback_test") { external_deps = [ "access_token:libaccesstoken_sdk", "access_token:libtoken_setproc", + "bundle_framework:appexecfwk_base", + "bundle_framework:appexecfwk_core", "c_utils:utils", "hilog:libhilog", "hisysevent:libhisysevent", diff --git a/services/security_component_service/sa/sa_main/first_use_dialog.cpp b/services/security_component_service/sa/sa_main/first_use_dialog.cpp index fef00695131fb1083c015005143ab3c0a909f5ee..8fd4cd1dd6baa8fe8f8553b44bdbfdd3a6652d28 100644 --- a/services/security_component_service/sa/sa_main/first_use_dialog.cpp +++ b/services/security_component_service/sa/sa_main/first_use_dialog.cpp @@ -21,6 +21,7 @@ #include #include "ability_manager_client.h" #include "accesstoken_kit.h" +#include "bundle_mgr_client.h" #include "hisysevent.h" #include "sec_comp_dialog_callback_proxy.h" #include "sec_comp_err.h" @@ -270,8 +271,11 @@ int32_t FirstUseDialog::GrantDialogWaitEntity(int32_t scId) } int32_t res = sc->GrantTempPermission(); if (res != SC_OK) { + OHOS::AppExecFwk::BundleMgrClient bmsClient; + std::string bundleName = ""; + bmsClient.GetNameForUid(sc->uid_, bundleName); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "TEMP_GRANT_FAILED", - HiviewDFX::HiSysEvent::EventType::FAULT, "CALLER_UID", sc->uid_, + HiviewDFX::HiSysEvent::EventType::FAULT, "CALLER_UID", sc->uid_, "CALLER_BUNDLE_NAME", bundleName, "CALLER_PID", sc->pid_, "SC_ID", scId, "SC_TYPE", sc->GetType()); } else { HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "TEMP_GRANT_SUCCESS", diff --git a/services/security_component_service/sa/sa_main/sec_comp_entity.cpp b/services/security_component_service/sa/sa_main/sec_comp_entity.cpp index b366ac3062f299c0de3f912b09f57ce4cf80e982..1894daa16464eb1d3013c780895effe980eaf4b7 100644 --- a/services/security_component_service/sa/sa_main/sec_comp_entity.cpp +++ b/services/security_component_service/sa/sa_main/sec_comp_entity.cpp @@ -15,6 +15,7 @@ #include "sec_comp_entity.h" #include +#include "bundle_mgr_client.h" #include "datashare_helper.h" #include "hisysevent.h" #include "ipc_skeleton.h" @@ -122,8 +123,12 @@ int32_t SecCompEntity::CheckClickInfo(const SecCompClickEvent& clickInfo) const if ((res != SC_OK) && (res != SC_ENHANCE_ERROR_NOT_EXIST_ENHANCE)) { SC_LOG_ERROR(LABEL, "HMAC checkout failed"); + int32_t uid = IPCSkeleton::GetCallingUid(); + OHOS::AppExecFwk::BundleMgrClient bmsClient; + std::string bundleName = ""; + bmsClient.GetNameForUid(uid, bundleName); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "CLICK_INFO_CHECK_FAILED", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", IPCSkeleton::GetCallingUid(), + HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", uid, "CALLER_BUNDLE_NAME", bundleName, "CALLER_PID", IPCSkeleton::GetCallingPid(), "SC_ID", scId_, "SC_TYPE", componentInfo_->type_); return SC_ENHANCE_ERROR_CLICK_EXTRA_CHECK_FAIL; } diff --git a/services/security_component_service/sa/sa_main/sec_comp_info_helper.cpp b/services/security_component_service/sa/sa_main/sec_comp_info_helper.cpp index 101a902958e23ed18fd8ad9e71993c90e151fa30..bdd3a3bbd04e58dd410f1c46323e5fb37e23a6ee 100644 --- a/services/security_component_service/sa/sa_main/sec_comp_info_helper.cpp +++ b/services/security_component_service/sa/sa_main/sec_comp_info_helper.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2024 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -34,7 +34,6 @@ namespace { constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_SECURITY_COMPONENT, "SecCompInfoHelper"}; static constexpr double MAX_RECT_PERCENT = 0.1F; // 10% static constexpr double ZERO_OFFSET = 0.0F; -static std::mutex g_renderLock; } void SecCompInfoHelper::AdjustSecCompRect(SecCompBase* comp, float scale) @@ -249,6 +248,7 @@ int32_t SecCompInfoHelper::GrantTempPermission(AccessToken::AccessTokenID tokenI tokenId, "ohos.permission.APPROXIMATELY_LOCATION"); return SC_SERVICE_ERROR_PERMISSION_OPER_FAIL; } + SC_LOG_INFO(LABEL, "Grant location permission, scid = %{public}d.", componentInfo->nodeId_); return SC_OK; } case PASTE_COMPONENT: @@ -256,14 +256,14 @@ int32_t SecCompInfoHelper::GrantTempPermission(AccessToken::AccessTokenID tokenI if (res != SC_OK) { return SC_SERVICE_ERROR_PERMISSION_OPER_FAIL; } - SC_LOG_DEBUG(LABEL, "grant paste permission"); + SC_LOG_INFO(LABEL, "Grant paste permission, scid = %{public}d.", componentInfo->nodeId_); return SC_OK; case SAVE_COMPONENT: if (IsDlpSandboxCalling(tokenId)) { SC_LOG_INFO(LABEL, "Dlp sandbox app are not allowed to use save component."); return SC_SERVICE_ERROR_PERMISSION_OPER_FAIL; } - SC_LOG_DEBUG(LABEL, "grant save permission"); + SC_LOG_INFO(LABEL, "Grant save permission, scid = %{public}d.", componentInfo->nodeId_); return SecCompPermManager::GetInstance().GrantTempSavePermission(tokenId); default: SC_LOG_ERROR(LABEL, "Parse component type unknown"); diff --git a/services/security_component_service/sa/sa_main/sec_comp_manager.cpp b/services/security_component_service/sa/sa_main/sec_comp_manager.cpp index 42552696f0962ff980a8d80e82ea06113a3c9374..cd388f381e27db84d3516ac0fa783f97a1f94d41 100644 --- a/services/security_component_service/sa/sa_main/sec_comp_manager.cpp +++ b/services/security_component_service/sa/sa_main/sec_comp_manager.cpp @@ -14,6 +14,7 @@ */ #include "sec_comp_manager.h" +#include "bundle_mgr_client.h" #include "delay_exit_task.h" #include "hisysevent.h" #include "i_sec_comp_service.h" @@ -21,6 +22,7 @@ #include "iservice_registry.h" #include "sec_comp_enhance_adapter.h" #include "sec_comp_err.h" +#include "sec_comp_info.h" #include "sec_comp_info_helper.h" #include "sec_comp_log.h" @@ -296,14 +298,18 @@ void SecCompManager::ExitWhenAppMgrDied() void SecCompManager::SendCheckInfoEnhanceSysEvent(int32_t scId, SecCompType type, const std::string& scene, int32_t res) { + int32_t uid = IPCSkeleton::GetCallingUid(); + OHOS::AppExecFwk::BundleMgrClient bmsClient; + std::string bundleName = ""; + bmsClient.GetNameForUid(uid, bundleName); if (res == SC_ENHANCE_ERROR_CHALLENGE_CHECK_FAIL) { HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "CHALLENGE_CHECK_FAILED", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", IPCSkeleton::GetCallingUid(), + HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", uid, "CALLER_BUNDLE_NAME", bundleName, "CALLER_PID", IPCSkeleton::GetCallingPid(), "SC_ID", scId, "SC_TYPE", type, "CALL_SCENE", scene); } else { HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "CALLBACK_FAILED", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", IPCSkeleton::GetCallingUid(), + HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", uid, "CALLER_BUNDLE_NAME", bundleName, "CALLER_PID", IPCSkeleton::GetCallingPid(), "SC_TYPE", type, "CALL_SCENE", scene, "REASON", TransformCallBackResult(static_cast(res))); } @@ -345,8 +351,12 @@ int32_t SecCompManager::RegisterSecurityComponent(SecCompType type, std::shared_ptr component(componentPtr); if (component == nullptr) { SC_LOG_ERROR(LABEL, "Parse component info invalid"); + int32_t uid = IPCSkeleton::GetCallingUid(); + OHOS::AppExecFwk::BundleMgrClient bmsClient; + std::string bundleName = ""; + bmsClient.GetNameForUid(uid, bundleName); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "COMPONENT_INFO_CHECK_FAILED", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", IPCSkeleton::GetCallingUid(), + HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", uid, "CALLER_BUNDLE_NAME", bundleName, "CALLER_PID", IPCSkeleton::GetCallingPid(), "SC_ID", scId, "CALL_SCENE", "REGITSTER", "SC_TYPE", type); return SC_SERVICE_ERROR_COMPONENT_INFO_INVALID; } @@ -392,8 +402,12 @@ int32_t SecCompManager::UpdateSecurityComponent(int32_t scId, const nlohmann::js std::shared_ptr reportComponentInfo(report); if (reportComponentInfo == nullptr) { SC_LOG_ERROR(LABEL, "Update component info invalid"); + int32_t uid = IPCSkeleton::GetCallingUid(); + OHOS::AppExecFwk::BundleMgrClient bmsClient; + std::string bundleName = ""; + bmsClient.GetNameForUid(uid, bundleName); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "COMPONENT_INFO_CHECK_FAILED", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", IPCSkeleton::GetCallingUid(), + HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", uid, "CALLER_BUNDLE_NAME", bundleName, "CALLER_PID", IPCSkeleton::GetCallingPid(), "SC_ID", scId, "CALL_SCENE", "UPDATE", "SC_TYPE", sc->GetType()); return SC_SERVICE_ERROR_COMPONENT_INFO_INVALID; @@ -430,16 +444,24 @@ int32_t SecCompManager::CheckClickSecurityComponentInfo(std::shared_ptr reportComponentInfo(report); if ((reportComponentInfo == nullptr) || (!reportComponentInfo->GetValid())) { SC_LOG_ERROR(LABEL, "report component info invalid"); + int32_t uid = IPCSkeleton::GetCallingUid(); + OHOS::AppExecFwk::BundleMgrClient bmsClient; + std::string bundleName = ""; + bmsClient.GetNameForUid(uid, bundleName); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "COMPONENT_INFO_CHECK_FAILED", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", IPCSkeleton::GetCallingUid(), + HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", uid, "CALLER_BUNDLE_NAME", bundleName, "CALLER_PID", IPCSkeleton::GetCallingPid(), "SC_ID", scId, "CALL_SCENE", "CLICK", "SC_TYPE", sc->GetType()); return SC_SERVICE_ERROR_COMPONENT_INFO_INVALID; } if ((!SecCompInfoHelper::CheckRectValid(reportComponentInfo->rect_, reportComponentInfo->windowRect_))) { SC_LOG_ERROR(LABEL, "compare component info failed."); + int32_t uid = IPCSkeleton::GetCallingUid(); + OHOS::AppExecFwk::BundleMgrClient bmsClient; + std::string bundleName = ""; + bmsClient.GetNameForUid(uid, bundleName); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "COMPONENT_INFO_CHECK_FAILED", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", IPCSkeleton::GetCallingUid(), + HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", uid, "CALLER_BUNDLE_NAME", bundleName, "CALLER_PID", IPCSkeleton::GetCallingPid(), "SC_ID", scId, "CALL_SCENE", "CLICK", "SC_TYPE", sc->GetType()); return SC_SERVICE_ERROR_COMPONENT_INFO_INVALID; @@ -457,6 +479,18 @@ int32_t SecCompManager::CheckClickSecurityComponentInfo(std::shared_ptr>& remote) @@ -486,9 +520,8 @@ int32_t SecCompManager::ReportSecurityComponentClickEvent(int32_t scId, res = sc->CheckClickInfo(clickInfo); if (res != SC_OK) { - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "CLICK_INFO_CHECK_FAILED", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", IPCSkeleton::GetCallingUid(), - "CALLER_PID", IPCSkeleton::GetCallingPid(), "SC_ID", scId, "SC_TYPE", sc->GetType()); + ReportEvent("CLICK_INFO_CHECK_FAILED", HiviewDFX::HiSysEvent::EventType::SECURITY, + scId, sc->GetType()); if (res == SC_ENHANCE_ERROR_CLICK_EXTRA_CHECK_FAIL) { malicious_.AddAppToMaliciousAppList(caller.pid); } @@ -504,9 +537,8 @@ int32_t SecCompManager::ReportSecurityComponentClickEvent(int32_t scId, res = sc->GrantTempPermission(); if (res != SC_OK) { - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "TEMP_GRANT_FAILED", - HiviewDFX::HiSysEvent::EventType::FAULT, "CALLER_UID", IPCSkeleton::GetCallingUid(), - "CALLER_PID", IPCSkeleton::GetCallingPid(), "SC_ID", scId, "SC_TYPE", sc->GetType()); + ReportEvent("TEMP_GRANT_FAILED", HiviewDFX::HiSysEvent::EventType::FAULT, + scId, sc->GetType()); return res; } HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "TEMP_GRANT_SUCCESS", diff --git a/services/security_component_service/sa/sa_main/sec_comp_stub.cpp b/services/security_component_service/sa/sa_main/sec_comp_stub.cpp index b9aaabcc5f23d3c0d824fc731d292beeb540c663..b50d9322353aa9cf397563511941478fb1df058c 100644 --- a/services/security_component_service/sa/sa_main/sec_comp_stub.cpp +++ b/services/security_component_service/sa/sa_main/sec_comp_stub.cpp @@ -232,13 +232,8 @@ int32_t SecCompStub::VerifySavePermissionInner(MessageParcel& data, MessageParce SC_LOG_ERROR(LABEL, "Not medialibrary called"); return SC_SERVICE_ERROR_CALLER_INVALID; } - MessageParcel deserializedData; - if (!SecCompEnhanceAdapter::EnhanceSrvDeserialize(data, deserializedData, reply)) { - SC_LOG_ERROR(LABEL, "Verify deserialize session info failed"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } uint32_t tokenId; - if (!deserializedData.ReadUint32(tokenId)) { + if (!data.ReadUint32(tokenId)) { SC_LOG_ERROR(LABEL, "Verify read component id failed"); return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; } @@ -249,17 +244,11 @@ int32_t SecCompStub::VerifySavePermissionInner(MessageParcel& data, MessageParce } bool res = this->VerifySavePermission(tokenId); - MessageParcel rawReply; - if (!rawReply.WriteBool(res)) { + if (!reply.WriteBool(res)) { SC_LOG_ERROR(LABEL, "Verify temp save permission result failed"); return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; } - if (!SecCompEnhanceAdapter::EnhanceSrvSerialize(rawReply, reply)) { - SC_LOG_ERROR(LABEL, "Verify serialize session info failed"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - return SC_OK; } diff --git a/services/security_component_service/sa/sa_main/window_info_helper.cpp b/services/security_component_service/sa/sa_main/window_info_helper.cpp index 0076626d497d3c085f83e6341b96ce87fb8990cd..fd4e9021b7daff06fe33c0e9d8ea0dd572c21b30 100644 --- a/services/security_component_service/sa/sa_main/window_info_helper.cpp +++ b/services/security_component_service/sa/sa_main/window_info_helper.cpp @@ -39,6 +39,7 @@ float WindowInfoHelper::GetWindowScale(int32_t windowId) return windowId == info->wid_; }); if ((iter == infos.end()) || (*iter == nullptr)) { + SC_LOG_WARN(LABEL, "Cannot find AccessibilityWindowInfo, return default scale"); return scale; } scale = (*iter)->scaleVal_; @@ -73,7 +74,8 @@ bool WindowInfoHelper::CheckOtherWindowCoverComp(int32_t compWinId, const SecCom } int32_t compLayer = INVALID_WINDOW_LAYER; - std::vector layerList; + // {windowId, zOrder} + std::vector> layerList; for (auto& info : infos) { if (info == nullptr) { continue; @@ -88,7 +90,7 @@ bool WindowInfoHelper::CheckOtherWindowCoverComp(int32_t compWinId, const SecCom info->windowRect_.height_ *= info->floatingScale_; } if (IsRectInWindRect(info->windowRect_, secRect)) { - layerList.emplace_back(info->zOrder_); + layerList.emplace_back(std::make_pair(info->windowId_, info->zOrder_)); } } @@ -101,11 +103,13 @@ bool WindowInfoHelper::CheckOtherWindowCoverComp(int32_t compWinId, const SecCom return true; } - auto iter = std::find_if(layerList.begin(), layerList.end(), [compLayer](const int layer) { - return layer >= compLayer; + auto iter = std::find_if(layerList.begin(), layerList.end(), + [compLayer](const std::pair layer) { + return layer.second >= compLayer; }); if (iter != layerList.end()) { - SC_LOG_ERROR(LABEL, "component window %{public}d is covered, click check failed", compWinId); + SC_LOG_ERROR(LABEL, "component window %{public}d is covered by %{public}d, click check failed", + compWinId, iter->first); return false; } return true; diff --git a/services/security_component_service/sa/test/BUILD.gn b/services/security_component_service/sa/test/BUILD.gn index 303038300435a771a231675adbeda79b7a6e6ef6..528b6fdfd1dda0a9e43ac765069859ae42c74fd4 100644 --- a/services/security_component_service/sa/test/BUILD.gn +++ b/services/security_component_service/sa/test/BUILD.gn @@ -57,6 +57,7 @@ ohos_unittest("sec_comp_service_test") { "unittest/src/sec_comp_stub_test.cpp", "unittest/src/service_test_common.cpp", "unittest/src/window_info_helper_test.cpp", + "unittest/src/zzenv_exit_operate.cpp", ] configs = [ "${sec_comp_root_dir}/config:coverage_flags" ] diff --git a/services/security_component_service/sa/test/unittest/src/first_use_dialog_test.cpp b/services/security_component_service/sa/test/unittest/src/first_use_dialog_test.cpp index bc89beb3836015b9a2c4d6c1f5f144f9ac559f24..fc4d4a08e16eaa825de11b6f6dece6b6a88447f2 100644 --- a/services/security_component_service/sa/test/unittest/src/first_use_dialog_test.cpp +++ b/services/security_component_service/sa/test/unittest/src/first_use_dialog_test.cpp @@ -14,6 +14,7 @@ */ #include "first_use_dialog_test.h" +#include #include "accesstoken_kit.h" #include "location_button.h" #include "save_button.h" @@ -42,6 +43,23 @@ void FirstUseDialogTest::SetUpTestCase() void FirstUseDialogTest::TearDownTestCase() { + struct stat fstatJson = {}; + if (stat(SEC_COMP_SRV_CFG_FILE.c_str(), &fstatJson) != 0) { + return; + } + // if json file is created by root, delete it + if (fstatJson.st_uid == 0) { + std::string cmdline = "rm -f " + SEC_COMP_SRV_CFG_FILE; + system(cmdline.c_str()); + } + struct stat fstatDir = {}; + if (stat(SEC_COMP_SRV_CFG_PATH.c_str(), &fstatDir) != 0) { + return; + } + if (fstatDir.st_uid == 0) { + std::string cmdline = "chown security_component:security_component " + SEC_COMP_SRV_CFG_PATH; + system(cmdline.c_str()); + } } void FirstUseDialogTest::SetUp() diff --git a/services/security_component_service/sa/test/unittest/src/sec_comp_info_helper_test.cpp b/services/security_component_service/sa/test/unittest/src/sec_comp_info_helper_test.cpp index 8504ace88a518cafe05f119945a4b78c145ccace..37aa15007ac22d5f0c73840d9b1a0cb124eef925 100644 --- a/services/security_component_service/sa/test/unittest/src/sec_comp_info_helper_test.cpp +++ b/services/security_component_service/sa/test/unittest/src/sec_comp_info_helper_test.cpp @@ -24,6 +24,7 @@ #include "save_button.h" #include "sec_comp_log.h" #include "sec_comp_err.h" +#include "sec_comp_tool.h" #include "service_test_common.h" #include "window_manager.h" @@ -620,3 +621,31 @@ HWTEST_F(SecCompInfoHelperTest, GrantTempPermission001, TestSize.Level1) EXPECT_EQ(SC_SERVICE_ERROR_PERMISSION_OPER_FAIL, SecCompInfoHelper::GrantTempPermission(*tokenid, shared_comp)); } + +/** + * @tc.name: IsColorSimilar001 + * @tc.desc: Test IsColorSimilar + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SecCompInfoHelperTest, IsColorSimilar001, TestSize.Level1) +{ + SecCompColor color1 = { + .argb = { + .red = 0xFF, + .green = 0xFF, + .blue = 0xFF, + .alpha = 0xFF, + } + }; + + SecCompColor color2 = { + .argb = { + .red = 0xFF, + .green = 0xFF, + .blue = 0xFF, + .alpha = 0xF0, // different alpha + } + }; + EXPECT_TRUE(IsColorSimilar(color1, color2)); +} diff --git a/services/security_component_service/sa/test/unittest/src/sec_comp_manager_test.cpp b/services/security_component_service/sa/test/unittest/src/sec_comp_manager_test.cpp index e659faf11eb080c648b04bfe2589dabbc1b4d738..8845ecb7931ed14d75dd4e0328fc2ec09a072cd0 100644 --- a/services/security_component_service/sa/test/unittest/src/sec_comp_manager_test.cpp +++ b/services/security_component_service/sa/test/unittest/src/sec_comp_manager_test.cpp @@ -703,3 +703,28 @@ HWTEST_F(SecCompManagerTest, TransformCallBackResult001, TestSize.Level1) res = SC_SERVICE_ERROR_VALUE_INVALID; SecCompManager::GetInstance().SendCheckInfoEnhanceSysEvent(scId, LOCATION_COMPONENT, scene, res); } + +/** + * @tc.name: AddSecurityComponentProcess001 + * @tc.desc: Test AddSecurityComponentProcess + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SecCompManagerTest, AddSecurityComponentProcess001, TestSize.Level1) +{ + bool isSaExit = SecCompManager::GetInstance().isSaExit_; + SecCompManager::GetInstance().isSaExit_ = true; + SecCompCallerInfo info = { + .pid = 0, + .tokenId = 0, + .uid = 0, + }; + EXPECT_EQ(SC_SERVICE_ERROR_SERVICE_NOT_EXIST, + SecCompManager::GetInstance().AddSecurityComponentProcess(info)); + auto oldmap = SecCompManager::GetInstance().componentMap_; + SecCompManager::GetInstance().componentMap_.clear(); + SecCompManager::GetInstance().isSaExit_ = false; + EXPECT_EQ(SC_OK, SecCompManager::GetInstance().AddSecurityComponentProcess(info)); + SecCompManager::GetInstance().componentMap_ = oldmap; + SecCompManager::GetInstance().isSaExit_ = isSaExit; +} \ No newline at end of file diff --git a/services/security_component_service/sa/test/unittest/src/sec_comp_stub_mock_test.cpp b/services/security_component_service/sa/test/unittest/src/sec_comp_stub_mock_test.cpp index 6491b6856d0f75d520a7ac424e70946d12fb4a20..87d02efdd387ebecb6d3c398c20b4fe243b32a1d 100644 --- a/services/security_component_service/sa/test/unittest/src/sec_comp_stub_mock_test.cpp +++ b/services/security_component_service/sa/test/unittest/src/sec_comp_stub_mock_test.cpp @@ -15,6 +15,7 @@ #include "sec_comp_stub_mock_test.h" +#include "sec_comp_dialog_callback.h" #include "sec_comp_log.h" #include "sec_comp_err.h" #include "sec_comp_click_event_parcel.h" @@ -249,3 +250,19 @@ HWTEST_F(SecCompStubMockTest, UnmarshallingMock001, TestSize.Level1) in.WriteBuffer(data, 32); EXPECT_NE(nullptr, clickParcel->Unmarshalling(in)); } + +/** + * @tc.name: PreRegisterSecCompProcessMock001 + * @tc.desc: Test PreRegisterSecCompProcessInner + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SecCompStubMockTest, PreRegisterSecCompProcessMock001, TestSize.Level1) +{ + MessageParcel data; + MessageParcel reply; + data.FlushBuffer(); + reply.FlushBuffer(); + data.WriteInt32(1); + ASSERT_EQ(SC_OK, stub_->PreRegisterSecCompProcessInner(data, reply)); +} \ No newline at end of file diff --git a/services/security_component_service/sa/test/unittest/src/zzenv_exit_operate.cpp b/services/security_component_service/sa/test/unittest/src/zzenv_exit_operate.cpp new file mode 100644 index 0000000000000000000000000000000000000000..55fc51ebdcf9fa8bcfad5ff6bb4eb764c2d32b8e --- /dev/null +++ b/services/security_component_service/sa/test/unittest/src/zzenv_exit_operate.cpp @@ -0,0 +1,71 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#define private public +#include "event_handler.h" +#include "event_runner.h" +#include "sec_comp_manager.h" +#undef private + +using namespace testing::ext; + +namespace OHOS { +namespace Security { +namespace SecurityComponent { +/** + * @brief This test class is used to release resources before process end to avoid crash + */ +class ZZEnvExitOperate : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); +}; + +void ZZEnvExitOperate::SetUpTestCase() +{} + +void ZZEnvExitOperate::TearDownTestCase() +{} + +void ZZEnvExitOperate::SetUp() +{} + +void ZZEnvExitOperate::TearDown() +{} + +/** + * @tc.name: ZExitOperateTest001 + * @tc.desc: remove ffrt handler to avoid uaf crash + * @tc.type: FUNC + * @tc.require: None + */ +HWTEST_F(ZZEnvExitOperate, ZExitOperateTest001, TestSize.Level1) +{ + if (SecCompManager::GetInstance().secRunner_ != nullptr) { + SecCompManager::GetInstance().secRunner_->queue_.reset(); + SecCompManager::GetInstance().secRunner_ = nullptr; + } + if (SecCompManager::GetInstance().secHandler_ != nullptr) { + SecCompManager::GetInstance().secHandler_->eventRunner_.reset(); + SecCompManager::GetInstance().secHandler_ = nullptr; + } + sleep(5); +} +} +} +} \ No newline at end of file