From b3cbfa420e757088a298cad7cc81e57ddc7c14d7 Mon Sep 17 00:00:00 2001 From: AXYChen Date: Fri, 28 Mar 2025 14:39:39 +0800 Subject: [PATCH] seccomp idl 3.28 Signed-off-by: AXYChen Change-Id: Id70dcca9e5525381e603928501198edfa86eee4c --- .../include/sec_comp_rawdata.h} | 55 ++- .../src/sec_comp_enhance_adapter.cpp | 46 +- .../src/sec_comp_enhance_adapter_test.cpp | 13 +- .../inner_api/security_component/BUILD.gn | 7 +- .../include/sec_comp_client.h | 13 +- .../src/sec_comp_client.cpp | 254 ++++++++++- .../security_component/src/sec_comp_kit.cpp | 5 - .../src/sec_comp_load_callback.cpp | 3 +- .../security_component/src/sec_comp_proxy.cpp | 412 ------------------ .../security_component/test/BUILD.gn | 7 +- .../test/unittest/src/sec_comp_kit_test.cpp | 1 + .../include/sec_comp_enhance_adapter.h | 25 +- .../security_component/include/sec_comp_kit.h | 1 - .../include/sec_comp_rawdata.h | 56 ++- .../security_component_service/sa/BUILD.gn | 90 +++- .../sa/ISecCompService.idl | 27 ++ .../sa/sa_main/sec_comp_entity.cpp | 3 +- .../sa/sa_main/sec_comp_manager.cpp | 3 +- .../sa/sa_main/sec_comp_service.cpp | 380 +++++++++++++++- .../sa/sa_main/sec_comp_service.h | 42 +- .../sa/sa_main/sec_comp_stub.cpp | 353 --------------- .../sa/sa_main/sec_comp_stub.h | 52 --- .../sa/test/BUILD.gn | 28 +- .../mock/include/ability_manager_client.h | 73 ++-- .../sa/test/mock/include/bundle_info.h | 58 +++ .../sa/test/mock/include/bundle_mgr_client.h | 43 ++ .../sa/test/mock/include/display.h | 24 +- .../sa/test/mock/include/display_info.h | 80 ++-- .../sa/test/mock/include/display_manager.h | 35 +- .../mock/src/sec_comp_enhance_adapter.cpp | 115 +++-- .../src/sec_comp_service_mock_test.cpp | 57 +-- .../unittest/src/sec_comp_service_test.cpp | 31 +- .../unittest/src/sec_comp_stub_mock_test.cpp | 202 +-------- .../unittest/src/sec_comp_stub_mock_test.h | 25 +- .../test/unittest/src/sec_comp_stub_test.cpp | 23 +- .../sa/test/unittest/src/sec_comp_stub_test.h | 24 +- test/fuzztest/security_component/BUILD.gn | 2 - .../getenhanceremoteobject_fuzzer/BUILD.gn | 45 -- .../getenhanceremoteobject_fuzzer/corpus/init | 14 - .../getenhanceremoteobject_fuzzer/project.xml | 25 -- .../BUILD.gn | 43 -- .../corpus/init | 14 - .../project.xml | 25 -- .../BUILD.gn | 5 +- .../preregisterseccompprocessstub_fuzz.cpp | 9 +- .../preregisterseccompprocessstub_fuzz.h | 2 +- .../BUILD.gn | 5 +- .../registersecuritycomponentstub_fuzzer.cpp | 9 +- .../registersecuritycomponentstub_fuzzer.h | 2 +- .../BUILD.gn | 5 +- ...securitycomponentclickeventstub_fuzzer.cpp | 31 +- ...rtsecuritycomponentclickeventstub_fuzzer.h | 2 +- .../service/security_component_fuzz.gni | 4 +- .../BUILD.gn | 5 +- ...unregistersecuritycomponentstub_fuzzer.cpp | 31 +- .../unregistersecuritycomponentstub_fuzzer.h | 2 +- .../BUILD.gn | 5 +- .../updatesecuritycomponentstub_fuzzer.cpp | 31 +- .../updatesecuritycomponentstub_fuzzer.h | 2 +- .../verifysavepermissionstub_fuzzer/BUILD.gn | 5 +- .../verifysavepermissionstub_fuzzer.cpp | 7 +- .../verifysavepermissionstub_fuzzer.h | 2 +- 62 files changed, 1374 insertions(+), 1624 deletions(-) rename frameworks/{inner_api/security_component/include/i_sec_comp_service.h => common/include/sec_comp_rawdata.h} (38%) delete mode 100644 frameworks/inner_api/security_component/src/sec_comp_proxy.cpp rename frameworks/inner_api/security_component/include/sec_comp_proxy.h => interfaces/inner_api/security_component/include/sec_comp_rawdata.h (37%) create mode 100644 services/security_component_service/sa/ISecCompService.idl delete mode 100644 services/security_component_service/sa/sa_main/sec_comp_stub.cpp delete mode 100644 services/security_component_service/sa/sa_main/sec_comp_stub.h rename test/fuzztest/security_component/innerkits/getenhanceremoteobject_fuzzer/getenhanceremoteobject_fuzzer.cpp => services/security_component_service/sa/test/mock/include/ability_manager_client.h (32%) create mode 100644 services/security_component_service/sa/test/mock/include/bundle_info.h create mode 100644 services/security_component_service/sa/test/mock/include/bundle_mgr_client.h rename test/fuzztest/security_component/service/getenhanceremoteobjectstub_fuzzer/getenhanceremoteobjectstub_fuzzer.h => services/security_component_service/sa/test/mock/include/display.h (57%) rename test/fuzztest/security_component/service/getenhanceremoteobjectstub_fuzzer/getenhanceremoteobjectstub_fuzzer.cpp => services/security_component_service/sa/test/mock/include/display_info.h (30%) rename test/fuzztest/security_component/innerkits/getenhanceremoteobject_fuzzer/getenhanceremoteobject_fuzzer.h => services/security_component_service/sa/test/mock/include/display_manager.h (42%) delete mode 100644 test/fuzztest/security_component/innerkits/getenhanceremoteobject_fuzzer/BUILD.gn delete mode 100644 test/fuzztest/security_component/innerkits/getenhanceremoteobject_fuzzer/corpus/init delete mode 100644 test/fuzztest/security_component/innerkits/getenhanceremoteobject_fuzzer/project.xml delete mode 100644 test/fuzztest/security_component/service/getenhanceremoteobjectstub_fuzzer/BUILD.gn delete mode 100644 test/fuzztest/security_component/service/getenhanceremoteobjectstub_fuzzer/corpus/init delete mode 100644 test/fuzztest/security_component/service/getenhanceremoteobjectstub_fuzzer/project.xml diff --git a/frameworks/inner_api/security_component/include/i_sec_comp_service.h b/frameworks/common/include/sec_comp_rawdata.h similarity index 38% rename from frameworks/inner_api/security_component/include/i_sec_comp_service.h rename to frameworks/common/include/sec_comp_rawdata.h index 2a28352..c0b7f47 100644 --- a/frameworks/inner_api/security_component/include/i_sec_comp_service.h +++ b/frameworks/common/include/sec_comp_rawdata.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -12,36 +12,47 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -#ifndef I_SECURITY_COMPONENT_SERVICE_H -#define I_SECURITY_COMPONENT_SERVICE_H -#include +#ifndef SEC_COMP_RAWDATA_H +#define SEC_COMP_RAWDATA_H -#include "access_token.h" -#include "iremote_broker.h" -#include "sec_comp_info.h" -#include "security_component_service_ipc_interface_code.h" +#include "securec.h" namespace OHOS { namespace Security { namespace SecurityComponent { -constexpr int32_t SA_ID_SECURITY_COMPONENT_SERVICE = 3506; - -class ISecCompService : public IRemoteBroker { +constexpr int32_t MAX_RAW_DATA_SIZE = 4096; +class SecCompRawdata { public: - DECLARE_INTERFACE_DESCRIPTOR(u"ohos.security.ISecCompService"); + uint32_t size = 0; + const void* data = nullptr; + + ~SecCompRawdata() + { + if (data != nullptr) { + delete[] static_cast(const_cast(data)); + } + } - virtual int32_t RegisterSecurityComponent(SecCompType type, - const std::string& componentInfo, int32_t& scId) = 0; - virtual int32_t UpdateSecurityComponent(int32_t scId, const std::string& componentInfo) = 0; - virtual int32_t UnregisterSecurityComponent(int32_t scId) = 0; - virtual int32_t ReportSecurityComponentClickEvent(SecCompInfo& secCompInfo, - sptr callerToken, sptr dialogCallback, std::string& message) = 0; - virtual bool VerifySavePermission(AccessToken::AccessTokenID tokenId) = 0; - virtual sptr GetEnhanceRemoteObject() = 0; - virtual int32_t PreRegisterSecCompProcess() = 0; + int32_t RawDataCpy(const void* readData) + { + if ((size == 0) || (size >= MAX_RAW_DATA_SIZE)) { + return -1; + } + uint8_t* buffer = new (std::nothrow) uint8_t[size]; + if (buffer == nullptr) { + return -1; + } + errno_t ret = memcpy_s(buffer, size, readData, size); + if (ret != EOK) { + delete[] buffer; + return -1; + } + data = reinterpret_cast(buffer); + return 0; + } }; } // namespace SecurityComponent } // namespace Security } // namespace OHOS -#endif // I_SECURITY_COMPONENT_SERVICE_H +#endif // SEC_COMP_RAWDATA_H \ No newline at end of file diff --git a/frameworks/enhance_adapter/src/sec_comp_enhance_adapter.cpp b/frameworks/enhance_adapter/src/sec_comp_enhance_adapter.cpp index 633389b..9c9c4f4 100644 --- a/frameworks/enhance_adapter/src/sec_comp_enhance_adapter.cpp +++ b/frameworks/enhance_adapter/src/sec_comp_enhance_adapter.cpp @@ -160,7 +160,7 @@ bool SecCompEnhanceAdapter::EnhanceDataPreprocess(int32_t scId, std::string& com return true; } -static bool WriteMessageParcel(MessageParcel& tmpData, MessageParcel& data) +static bool WriteMessageParcel(MessageParcel& tmpData, SecCompRawdata& data) { size_t bufferLength = tmpData.GetDataSize(); if (bufferLength == 0) { @@ -174,27 +174,20 @@ static bool WriteMessageParcel(MessageParcel& tmpData, MessageParcel& data) return false; } - if (!data.WriteInt32(bufferLength)) { - SC_LOG_ERROR(LABEL, "Write bufferLength failed."); - return false; - } - - if (!data.WriteRawData(reinterpret_cast(buffer), bufferLength)) { - SC_LOG_ERROR(LABEL, "Write data failed."); + data.size = bufferLength; + int32_t ret = data.RawDataCpy(reinterpret_cast(buffer)); + if (ret != SC_OK) { + SC_LOG_ERROR(LABEL, "Copy tmpData to rawdata failed."); return false; } return true; } -static bool ReadMessageParcel(MessageParcel& tmpData, MessageParcel& data) +static bool ReadMessageParcel(SecCompRawdata& tmpData, MessageParcel& data) { - int32_t size; - if (!tmpData.ReadInt32(size)) { - SC_LOG_ERROR(LABEL, "Read size failed."); - return false; - } + int32_t size = tmpData.size; - const void *iter = tmpData.ReadRawData(size); + const void *iter = tmpData.data; if (iter == nullptr) { SC_LOG_ERROR(LABEL, "Read const void failed."); return false; @@ -208,7 +201,7 @@ static bool ReadMessageParcel(MessageParcel& tmpData, MessageParcel& data) return true; } -bool SecCompEnhanceAdapter::EnhanceClientSerialize(MessageParcel& input, MessageParcel& output) +bool SecCompEnhanceAdapter::EnhanceClientSerialize(MessageParcel& input, SecCompRawdata& output) { if (!isEnhanceClientHandlerInit) { InitEnhanceHandler(SEC_COMP_ENHANCE_CLIENT_INTERFACE); @@ -222,7 +215,7 @@ bool SecCompEnhanceAdapter::EnhanceClientSerialize(MessageParcel& input, Message return WriteMessageParcel(input, output); } -bool SecCompEnhanceAdapter::EnhanceClientDeserialize(MessageParcel& input, MessageParcel& output) +bool SecCompEnhanceAdapter::EnhanceClientDeserialize(SecCompRawdata& input, MessageParcel& output) { if (!isEnhanceClientHandlerInit) { InitEnhanceHandler(SEC_COMP_ENHANCE_CLIENT_INTERFACE); @@ -236,7 +229,7 @@ bool SecCompEnhanceAdapter::EnhanceClientDeserialize(MessageParcel& input, Messa return ReadMessageParcel(input, output); } -bool SecCompEnhanceAdapter::EnhanceSrvSerialize(MessageParcel& input, MessageParcel& output) +bool SecCompEnhanceAdapter::EnhanceSrvSerialize(MessageParcel& input, SecCompRawdata& output) { if (!isEnhanceSrvHandlerInit) { InitEnhanceHandler(SEC_COMP_ENHANCE_SRV_INTERFACE); @@ -248,14 +241,13 @@ bool SecCompEnhanceAdapter::EnhanceSrvSerialize(MessageParcel& input, MessagePar return WriteMessageParcel(input, output); } -bool SecCompEnhanceAdapter::EnhanceSrvDeserialize(MessageParcel& input, MessageParcel& output, - MessageParcel& reply) +bool SecCompEnhanceAdapter::EnhanceSrvDeserialize(SecCompRawdata& input, MessageParcel& output) { if (!isEnhanceSrvHandlerInit) { InitEnhanceHandler(SEC_COMP_ENHANCE_SRV_INTERFACE); } if (srvHandler != nullptr) { - return srvHandler->EnhanceSrvDeserialize(input, output, reply); + return srvHandler->EnhanceSrvDeserialize(input, output); } return ReadMessageParcel(input, output); @@ -348,18 +340,6 @@ int32_t SecCompEnhanceAdapter::CheckComponentInfoEnhance(int32_t pid, } return SC_OK; } - -sptr SecCompEnhanceAdapter::GetEnhanceRemoteObject() -{ - if (!isEnhanceSrvHandlerInit) { - InitEnhanceHandler(SEC_COMP_ENHANCE_SRV_INTERFACE); - } - if (srvHandler != nullptr) { - auto service = srvHandler->GetEnhanceRemoteObject(); - return service; - } - return nullptr; -} } // namespace SecurityComponent } // namespace Security } // namespace OHOS diff --git a/frameworks/enhance_adapter/test/unittest/src/sec_comp_enhance_adapter_test.cpp b/frameworks/enhance_adapter/test/unittest/src/sec_comp_enhance_adapter_test.cpp index ba8ab23..377f74e 100644 --- a/frameworks/enhance_adapter/test/unittest/src/sec_comp_enhance_adapter_test.cpp +++ b/frameworks/enhance_adapter/test/unittest/src/sec_comp_enhance_adapter_test.cpp @@ -81,9 +81,6 @@ HWTEST_F(SecCompEnhanceAdapterTest, EnhanceAdapter001, TestSize.Level1) std::string componentInfo; SecCompEnhanceAdapter::EnhanceDataPreprocess(1, componentInfo); - SecCompEnhanceAdapter::isEnhanceSrvHandlerInit = false; - ASSERT_EQ(nullptr, SecCompEnhanceAdapter::GetEnhanceRemoteObject()); - SecCompEnhanceAdapter::isEnhanceSrvHandlerInit = false; SecCompEnhanceAdapter::StartEnhanceService(); SecCompEnhanceAdapter::isEnhanceSrvHandlerInit = false; @@ -101,14 +98,16 @@ HWTEST_F(SecCompEnhanceAdapterTest, EnhanceAdapter001, TestSize.Level1) OHOS::MessageParcel input; OHOS::MessageParcel output; OHOS::MessageParcel reply; + SecCompRawdata inputData; + SecCompRawdata outputData; SecCompEnhanceAdapter::isEnhanceClientHandlerInit = false; - SecCompEnhanceAdapter::EnhanceClientSerialize(input, output); + SecCompEnhanceAdapter::EnhanceClientSerialize(input, outputData); SecCompEnhanceAdapter::isEnhanceClientHandlerInit = false; - SecCompEnhanceAdapter::EnhanceClientDeserialize(input, output); + SecCompEnhanceAdapter::EnhanceClientDeserialize(inputData, output); SecCompEnhanceAdapter::isEnhanceSrvHandlerInit = false; - SecCompEnhanceAdapter::EnhanceSrvSerialize(input, output); + SecCompEnhanceAdapter::EnhanceSrvSerialize(input, outputData); SecCompEnhanceAdapter::isEnhanceSrvHandlerInit = false; - SecCompEnhanceAdapter::EnhanceSrvDeserialize(input, output, reply); + SecCompEnhanceAdapter::EnhanceSrvDeserialize(inputData, output); std::shared_ptr compInfo; const nlohmann::json jsonComponent; ASSERT_EQ(SC_OK, SecCompEnhanceAdapter::CheckComponentInfoEnhance(0, compInfo, jsonComponent)); diff --git a/frameworks/inner_api/security_component/BUILD.gn b/frameworks/inner_api/security_component/BUILD.gn index c5ad087..10afe67 100644 --- a/frameworks/inner_api/security_component/BUILD.gn +++ b/frameworks/inner_api/security_component/BUILD.gn @@ -47,7 +47,6 @@ ohos_shared_library("libsecurity_component_sdk") { "src/sec_comp_dialog_callback_stub.cpp", "src/sec_comp_kit.cpp", "src/sec_comp_load_callback.cpp", - "src/sec_comp_proxy.cpp", "src/sec_comp_ui_register.cpp", ] @@ -55,9 +54,13 @@ ohos_shared_library("libsecurity_component_sdk") { "${sec_comp_root_dir}/frameworks:security_component_no_cfi_enhance_adapter_src_set", "${sec_comp_root_dir}/frameworks:security_component_no_cfi_framework_src_set", "${sec_comp_root_dir}/frameworks/inner_api/enhance_kits:security_component_no_cfi_enhance_sdk_src_set", + "${sec_comp_root_dir}/services/security_component_service/sa:sec_comp_service_proxy", ] - configs = [ "${sec_comp_root_dir}/config:coverage_flags" ] + configs = [ + "${sec_comp_root_dir}/config:coverage_flags", + "${sec_comp_root_dir}/services/security_component_service/sa:sec_comp_service_gen_config", + ] external_deps = [ "access_token:libaccesstoken_sdk", diff --git a/frameworks/inner_api/security_component/include/sec_comp_client.h b/frameworks/inner_api/security_component/include/sec_comp_client.h index e4c91c4..a48f18b 100644 --- a/frameworks/inner_api/security_component/include/sec_comp_client.h +++ b/frameworks/inner_api/security_component/include/sec_comp_client.h @@ -19,9 +19,13 @@ #include #include #include -#include "i_sec_comp_service.h" +#include "access_token.h" +#include "isec_comp_service.h" #include "sec_comp_death_recipient.h" +#include "sec_comp_enhance_adapter.h" #include "sec_comp_err.h" +#include "sec_comp_info.h" +#include "security_component_service_ipc_interface_code.h" namespace OHOS { namespace Security { @@ -30,13 +34,17 @@ class SecCompClient final { public: static SecCompClient& GetInstance(); + int32_t RegisterWriteToRawdata(SecCompType type, const std::string& componentInfo, SecCompRawdata& rawData); + int32_t UpdateWriteToRawdata(int32_t scId, const std::string& componentInfo, SecCompRawdata& rawData); + int32_t UnregisterWriteToRawdata(int32_t scId, SecCompRawdata& rawData); + int32_t ReportWriteToRawdata(SecCompInfo& secCompInfo, SecCompRawdata& rawData); + int32_t PreRegisterWriteToRawdata(SecCompRawdata& rawData); int32_t RegisterSecurityComponent(SecCompType type, const std::string& componentInfo, int32_t& scId); int32_t UpdateSecurityComponent(int32_t scId, const std::string& componentInfo); int32_t UnregisterSecurityComponent(int32_t scId); int32_t ReportSecurityComponentClickEvent(SecCompInfo& secCompInfo, sptr callerToken, sptr dialogCallback, std::string& message); bool VerifySavePermission(AccessToken::AccessTokenID tokenId); - sptr GetEnhanceRemoteObject(bool doLoadSa); int32_t PreRegisterSecCompProcess(); bool IsServiceExist(); bool LoadService(); @@ -45,6 +53,7 @@ public: void FinishStartSASuccess(const sptr& remoteObject); void FinishStartSAFail(); void OnRemoteDiedHandle(); + std::mutex useIPCMutex_; private: SecCompClient(); diff --git a/frameworks/inner_api/security_component/src/sec_comp_client.cpp b/frameworks/inner_api/security_component/src/sec_comp_client.cpp index b7815d6..c6c4959 100644 --- a/frameworks/inner_api/security_component/src/sec_comp_client.cpp +++ b/frameworks/inner_api/security_component/src/sec_comp_client.cpp @@ -16,9 +16,10 @@ #include "ipc_skeleton.h" #include "iservice_registry.h" +#include "sec_comp_click_event_parcel.h" #include "sec_comp_load_callback.h" #include "sec_comp_log.h" -#include "sec_comp_proxy.h" +#include "sec_comp_service_proxy.h" #include "tokenid_kit.h" namespace OHOS { @@ -26,6 +27,7 @@ namespace Security { namespace SecurityComponent { namespace { static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_SECURITY_COMPONENT, "SecCompClient"}; +constexpr int32_t SA_ID_SECURITY_COMPONENT_SERVICE = 3506; static std::mutex g_instanceMutex; } // namespace @@ -55,6 +57,28 @@ SecCompClient::~SecCompClient() } } +int32_t SecCompClient::RegisterWriteToRawdata(SecCompType type, const std::string& componentInfo, + SecCompRawdata& rawData) +{ + MessageParcel dataParcel; + + if (!dataParcel.WriteUint32(type)) { + SC_LOG_ERROR(LABEL, "Register write type failed."); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + + if (!dataParcel.WriteString(componentInfo)) { + SC_LOG_ERROR(LABEL, "Register write componentInfo failed."); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + + if (!SecCompEnhanceAdapter::EnhanceClientSerialize(dataParcel, rawData)) { + SC_LOG_ERROR(LABEL, "Register serialize session info failed."); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + return SC_OK; +} + int32_t SecCompClient::RegisterSecurityComponent(SecCompType type, const std::string& componentInfo, int32_t& scId) { @@ -64,7 +88,55 @@ int32_t SecCompClient::RegisterSecurityComponent(SecCompType type, return SC_SERVICE_ERROR_VALUE_INVALID; } - return proxy->RegisterSecurityComponent(type, componentInfo, scId); + std::lock_guard lock(useIPCMutex_); + SecCompRawdata rawData; + if (RegisterWriteToRawdata(type, componentInfo, rawData) != SC_OK) { + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + + SecCompRawdata rawReply; + int32_t res = proxy->RegisterSecurityComponent(rawData, rawReply); + MessageParcel deserializedReply; + if (!SecCompEnhanceAdapter::EnhanceClientDeserialize(rawReply, deserializedReply)) { + SC_LOG_ERROR(LABEL, "Register deserialize session info failed."); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + + if (!deserializedReply.ReadInt32(res)) { + SC_LOG_ERROR(LABEL, "Register read res failed."); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + + if (res != SC_OK) { + scId = INVALID_SC_ID; + SC_LOG_ERROR(LABEL, "Register request failed, result: %{public}d.", res); + return res; + } + + if (!deserializedReply.ReadInt32(scId)) { + SC_LOG_ERROR(LABEL, "Register read scId failed."); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + return res; +} + +int32_t SecCompClient::UpdateWriteToRawdata(int32_t scId, const std::string& componentInfo, SecCompRawdata& rawData) +{ + MessageParcel dataParcel; + if (!dataParcel.WriteInt32(scId)) { + SC_LOG_ERROR(LABEL, "Update write scId failed."); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + if (!dataParcel.WriteString(componentInfo)) { + SC_LOG_ERROR(LABEL, "Update write componentInfo failed."); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + + if (!SecCompEnhanceAdapter::EnhanceClientSerialize(dataParcel, rawData)) { + SC_LOG_ERROR(LABEL, "Update serialize session info failed."); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + return SC_OK; } int32_t SecCompClient::UpdateSecurityComponent(int32_t scId, const std::string& componentInfo) @@ -75,7 +147,49 @@ int32_t SecCompClient::UpdateSecurityComponent(int32_t scId, const std::string& return SC_SERVICE_ERROR_VALUE_INVALID; } - return proxy->UpdateSecurityComponent(scId, componentInfo); + std::lock_guard lock(useIPCMutex_); + SecCompRawdata rawData; + int32_t res = UpdateWriteToRawdata(scId, componentInfo, rawData); + if (res != SC_OK) { + return res; + } + + SecCompRawdata rawReply; + res = proxy->UpdateSecurityComponent(rawData, rawReply); + + MessageParcel deserializedReply; + if (!SecCompEnhanceAdapter::EnhanceClientDeserialize(rawReply, deserializedReply)) { + SC_LOG_ERROR(LABEL, "Update deserialize session info failed."); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + + if (!deserializedReply.ReadInt32(res)) { + SC_LOG_ERROR(LABEL, "Update read res failed."); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + + if (res != SC_OK) { + SC_LOG_ERROR(LABEL, "Update request failed, result: %{public}d.", res); + return res; + } + + return res; +} + +int32_t SecCompClient::UnregisterWriteToRawdata(int32_t scId, SecCompRawdata& rawData) +{ + MessageParcel dataParcel; + + if (!dataParcel.WriteInt32(scId)) { + SC_LOG_ERROR(LABEL, "Unregister write scId failed."); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + + if (!SecCompEnhanceAdapter::EnhanceClientSerialize(dataParcel, rawData)) { + SC_LOG_ERROR(LABEL, "Unregister serialize session info failed."); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + return SC_OK; } int32_t SecCompClient::UnregisterSecurityComponent(int32_t scId) @@ -86,7 +200,64 @@ int32_t SecCompClient::UnregisterSecurityComponent(int32_t scId) return SC_SERVICE_ERROR_VALUE_INVALID; } - return proxy->UnregisterSecurityComponent(scId); + std::lock_guard lock(useIPCMutex_); + SecCompRawdata rawData; + int32_t res = UnregisterWriteToRawdata(scId, rawData); + if (res != SC_OK) { + return res; + } + + SecCompRawdata rawReply; + res = proxy->UnregisterSecurityComponent(rawData, rawReply); + + MessageParcel deserializedReply; + if (!SecCompEnhanceAdapter::EnhanceClientDeserialize(rawReply, deserializedReply)) { + SC_LOG_ERROR(LABEL, "Unregister deserialize session info failed."); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + + if (!deserializedReply.ReadInt32(res)) { + SC_LOG_ERROR(LABEL, "Unregister read res failed."); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + + if (res != SC_OK) { + SC_LOG_ERROR(LABEL, "Unregister request failed, result: %{public}d.", res); + return res; + } + return res; +} + +int32_t SecCompClient::ReportWriteToRawdata(SecCompInfo& secCompInfo, SecCompRawdata& rawData) +{ + MessageParcel dataParcel; + + if (!dataParcel.WriteInt32(secCompInfo.scId)) { + SC_LOG_ERROR(LABEL, "Report write scId failed."); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + + if (!dataParcel.WriteString(secCompInfo.componentInfo)) { + SC_LOG_ERROR(LABEL, "Report write componentInfo failed."); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + + sptr parcel = new (std::nothrow) SecCompClickEventParcel(); + if (parcel == nullptr) { + SC_LOG_ERROR(LABEL, "Report new click event parcel failed."); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + parcel->clickInfoParams_ = secCompInfo.clickInfo; + if (!dataParcel.WriteParcelable(parcel)) { + SC_LOG_ERROR(LABEL, "Report write clickInfo failed."); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + + if (!SecCompEnhanceAdapter::EnhanceClientSerialize(dataParcel, rawData)) { + SC_LOG_ERROR(LABEL, "Unregister serialize session info failed."); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + return SC_OK; } int32_t SecCompClient::ReportSecurityComponentClickEvent(SecCompInfo& secCompInfo, @@ -98,7 +269,36 @@ int32_t SecCompClient::ReportSecurityComponentClickEvent(SecCompInfo& secCompInf return SC_SERVICE_ERROR_VALUE_INVALID; } - return proxy->ReportSecurityComponentClickEvent(secCompInfo, callerToken, dialogCallback, message); + std::lock_guard lock(useIPCMutex_); + SecCompRawdata rawData; + int32_t res = ReportWriteToRawdata(secCompInfo, rawData); + if (res != SC_OK) { + return res; + } + + SecCompRawdata rawReply; + res = proxy->ReportSecurityComponentClickEvent(callerToken, dialogCallback, rawData, rawReply); + MessageParcel deserializedReply; + if (!SecCompEnhanceAdapter::EnhanceClientDeserialize(rawReply, deserializedReply)) { + SC_LOG_ERROR(LABEL, "Report deserialize session info failed."); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + + if (!deserializedReply.ReadInt32(res)) { + SC_LOG_ERROR(LABEL, "Report read res failed."); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + + if (res != SC_OK) { + SC_LOG_ERROR(LABEL, "Report request failed, result: %{public}d.", res); + return res; + } + + if (!deserializedReply.ReadString(message)) { + SC_LOG_ERROR(LABEL, "Report read error message failed."); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + return res; } bool SecCompClient::VerifySavePermission(AccessToken::AccessTokenID tokenId) @@ -109,7 +309,13 @@ bool SecCompClient::VerifySavePermission(AccessToken::AccessTokenID tokenId) return false; } - return proxy->VerifySavePermission(tokenId); + bool isGranted; + int32_t res = proxy->VerifySavePermission(tokenId, isGranted); + if (res != SC_OK) { + SC_LOG_ERROR(LABEL, "Verify save permission fail"); + return false; + } + return isGranted; } bool SecCompClient::IsSystemAppCalling() @@ -118,14 +324,15 @@ bool SecCompClient::IsSystemAppCalling() return Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(selfToken); } -sptr SecCompClient::GetEnhanceRemoteObject(bool doLoadSa) +int32_t SecCompClient::PreRegisterWriteToRawdata(SecCompRawdata& rawData) { - auto proxy = GetProxy(doLoadSa); - if (proxy == nullptr) { - return nullptr; + MessageParcel dataParcel; + if (!SecCompEnhanceAdapter::EnhanceClientSerialize(dataParcel, rawData)) { + SC_LOG_ERROR(LABEL, "PreRegister serialize session info failed."); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; } - return proxy->GetEnhanceRemoteObject(); + return SC_OK; } int32_t SecCompClient::PreRegisterSecCompProcess() @@ -135,8 +342,31 @@ int32_t SecCompClient::PreRegisterSecCompProcess() SC_LOG_ERROR(LABEL, "Proxy is null"); return SC_SERVICE_ERROR_VALUE_INVALID; } + std::lock_guard lock(useIPCMutex_); + SecCompRawdata rawData; + int32_t res = PreRegisterWriteToRawdata(rawData); + if (res != SC_OK) { + return res; + } - return proxy->PreRegisterSecCompProcess(); + SecCompRawdata rawReply; + res = proxy->PreRegisterSecCompProcess(rawData, rawReply); + MessageParcel deserializedReply; + if (!SecCompEnhanceAdapter::EnhanceClientDeserialize(rawReply, deserializedReply)) { + SC_LOG_ERROR(LABEL, "PreRegister deserialize session info failed."); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + + if (!deserializedReply.ReadInt32(res)) { + SC_LOG_ERROR(LABEL, "PreRegister read res failed."); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + + if (res != SC_OK) { + SC_LOG_ERROR(LABEL, "PreRegister request failed, result: %{public}d.", res); + return res; + } + return res; } bool SecCompClient::IsServiceExist() diff --git a/frameworks/inner_api/security_component/src/sec_comp_kit.cpp b/frameworks/inner_api/security_component/src/sec_comp_kit.cpp index 4bc6662..970abec 100644 --- a/frameworks/inner_api/security_component/src/sec_comp_kit.cpp +++ b/frameworks/inner_api/security_component/src/sec_comp_kit.cpp @@ -151,11 +151,6 @@ bool SecCompKit::VerifySavePermission(AccessToken::AccessTokenID tokenId) return res; } -sptr SecCompKit::GetEnhanceRemoteObject(bool isLoad) -{ - return SecCompClient::GetInstance().GetEnhanceRemoteObject(isLoad); -} - int32_t SecCompKit::PreRegisterSecCompProcess() { return SecCompClient::GetInstance().PreRegisterSecCompProcess(); diff --git a/frameworks/inner_api/security_component/src/sec_comp_load_callback.cpp b/frameworks/inner_api/security_component/src/sec_comp_load_callback.cpp index 8fd9f26..2b8bedc 100644 --- a/frameworks/inner_api/security_component/src/sec_comp_load_callback.cpp +++ b/frameworks/inner_api/security_component/src/sec_comp_load_callback.cpp @@ -14,7 +14,7 @@ */ #include "sec_comp_load_callback.h" -#include "i_sec_comp_service.h" +#include "isec_comp_service.h" #include "sec_comp_client.h" #include "sec_comp_log.h" @@ -23,6 +23,7 @@ namespace Security { namespace SecurityComponent { namespace { static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_SECURITY_COMPONENT, "SecCompClient"}; +constexpr int32_t SA_ID_SECURITY_COMPONENT_SERVICE = 3506; } // namespace SecCompLoadCallback::SecCompLoadCallback() {} diff --git a/frameworks/inner_api/security_component/src/sec_comp_proxy.cpp b/frameworks/inner_api/security_component/src/sec_comp_proxy.cpp deleted file mode 100644 index 7cd7798..0000000 --- a/frameworks/inner_api/security_component/src/sec_comp_proxy.cpp +++ /dev/null @@ -1,412 +0,0 @@ -/* - * Copyright (c) 2023 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include "sec_comp_proxy.h" - -#include "sec_comp_click_event_parcel.h" -#include "sec_comp_enhance_adapter.h" -#include "sec_comp_err.h" -#include "sec_comp_log.h" -#include - -namespace OHOS { -namespace Security { -namespace SecurityComponent { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_SECURITY_COMPONENT, "SecCompProxy"}; -} - -SecCompProxy::SecCompProxy(const sptr& impl) : IRemoteProxy(impl) -{} - -SecCompProxy::~SecCompProxy() -{} - -int32_t SecCompProxy::RegisterSecurityComponent(SecCompType type, - const std::string& componentInfo, int32_t& scId) -{ - std::lock_guard lock(useIPCMutex_); - MessageParcel rawData; - MessageParcel data; - if (!data.WriteInterfaceToken(SecCompProxy::GetDescriptor())) { - SC_LOG_ERROR(LABEL, "Register write descriptor failed."); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - if (!rawData.WriteUint32(type)) { - SC_LOG_ERROR(LABEL, "Register write type failed."); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - if (!rawData.WriteString(componentInfo)) { - SC_LOG_ERROR(LABEL, "Register write componentInfo failed."); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - if (!SecCompEnhanceAdapter::EnhanceClientSerialize(rawData, data)) { - SC_LOG_ERROR(LABEL, "Register serialize session info failed."); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - MessageParcel reply; - MessageParcel deserializedReply; - MessageOption option(MessageOption::TF_SYNC); - sptr remote = Remote(); - if (remote == nullptr) { - SC_LOG_ERROR(LABEL, "Register remote service is null."); - return SC_SERVICE_ERROR_IPC_REQUEST_FAIL; - } - int32_t requestResult = remote->SendRequest( - static_cast(SecurityComponentServiceInterfaceCode::REGISTER_SECURITY_COMPONENT), - data, reply, option); - - if (!SecCompEnhanceAdapter::EnhanceClientDeserialize(reply, deserializedReply)) { - SC_LOG_ERROR(LABEL, "Register deserialize session info failed."); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - if (requestResult != SC_OK) { - SC_LOG_ERROR(LABEL, "Register request failed, result: %{public}d.", requestResult); - return requestResult; - } - - int32_t res; - if (!deserializedReply.ReadInt32(res)) { - SC_LOG_ERROR(LABEL, "Register read res failed."); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - if (!deserializedReply.ReadInt32(scId)) { - SC_LOG_ERROR(LABEL, "Register read scId failed."); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - return res; -} - -int32_t SecCompProxy::UpdateSecurityComponent(int32_t scId, const std::string& componentInfo) -{ - std::lock_guard lock(useIPCMutex_); - MessageParcel rawData; - MessageParcel data; - if (!data.WriteInterfaceToken(SecCompProxy::GetDescriptor())) { - SC_LOG_ERROR(LABEL, "Update write descriptor failed."); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - if (!rawData.WriteInt32(scId)) { - SC_LOG_ERROR(LABEL, "Update write scId failed."); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - if (!rawData.WriteString(componentInfo)) { - SC_LOG_ERROR(LABEL, "Update write componentInfo failed."); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - if (!SecCompEnhanceAdapter::EnhanceClientSerialize(rawData, data)) { - SC_LOG_ERROR(LABEL, "Update serialize session info failed."); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - MessageParcel reply; - MessageParcel deserializedReply; - MessageOption option(MessageOption::TF_SYNC); - sptr remote = Remote(); - if (remote == nullptr) { - SC_LOG_ERROR(LABEL, "Update remote update service is null."); - return SC_SERVICE_ERROR_IPC_REQUEST_FAIL; - } - int32_t requestResult = remote->SendRequest( - static_cast(SecurityComponentServiceInterfaceCode::UPDATE_SECURITY_COMPONENT), data, reply, option); - - if (!SecCompEnhanceAdapter::EnhanceClientDeserialize(reply, deserializedReply)) { - SC_LOG_ERROR(LABEL, "Update deserialize session info failed."); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - if (requestResult != SC_OK) { - SC_LOG_ERROR(LABEL, "Update request failed, result: %{public}d.", requestResult); - return requestResult; - } - - int32_t res; - if (!deserializedReply.ReadInt32(res)) { - SC_LOG_ERROR(LABEL, "Update read res failed."); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - return res; -} - -int32_t SecCompProxy::UnregisterSecurityComponent(int32_t scId) -{ - std::lock_guard lock(useIPCMutex_); - MessageParcel rawData; - MessageParcel data; - if (!data.WriteInterfaceToken(SecCompProxy::GetDescriptor())) { - SC_LOG_ERROR(LABEL, "Unregister write descriptor failed."); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - if (!rawData.WriteInt32(scId)) { - SC_LOG_ERROR(LABEL, "Unregister write scId failed."); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - if (!SecCompEnhanceAdapter::EnhanceClientSerialize(rawData, data)) { - SC_LOG_ERROR(LABEL, "Unregister serialize session info failed."); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - MessageParcel reply; - MessageParcel deserializedReply; - MessageOption option(MessageOption::TF_SYNC); - sptr remote = Remote(); - if (remote == nullptr) { - SC_LOG_ERROR(LABEL, "Unregister remote service is null."); - return SC_SERVICE_ERROR_IPC_REQUEST_FAIL; - } - int32_t requestResult = remote->SendRequest( - static_cast(SecurityComponentServiceInterfaceCode::UNREGISTER_SECURITY_COMPONENT), - data, reply, option); - - if (!SecCompEnhanceAdapter::EnhanceClientDeserialize(reply, deserializedReply)) { - SC_LOG_ERROR(LABEL, "Unregister deserialize session info failed."); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - if (requestResult != SC_OK) { - SC_LOG_ERROR(LABEL, "Unregister request failed, result: %{public}d.", requestResult); - return requestResult; - } - - int32_t res; - if (!deserializedReply.ReadInt32(res)) { - SC_LOG_ERROR(LABEL, "Unregister read res failed."); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - return res; -} - -int32_t SecCompProxy::SendReportClickEventRequest(MessageParcel& data, std::string& message) -{ - MessageParcel reply; - MessageParcel deserializedReply; - MessageOption option(MessageOption::TF_SYNC); - sptr remote = Remote(); - if (remote == nullptr) { - SC_LOG_ERROR(LABEL, "Report remote service is null."); - return SC_SERVICE_ERROR_IPC_REQUEST_FAIL; - } - int32_t requestResult = remote->SendRequest( - static_cast(SecurityComponentServiceInterfaceCode::REPORT_SECURITY_COMPONENT_CLICK_EVENT), - data, reply, option); - - if (!SecCompEnhanceAdapter::EnhanceClientDeserialize(reply, deserializedReply)) { - SC_LOG_ERROR(LABEL, "Report deserialize session info failed."); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - if (requestResult != SC_OK) { - SC_LOG_ERROR(LABEL, "Report request failed, result: %{public}d.", requestResult); - return requestResult; - } - - int32_t res; - if (!deserializedReply.ReadInt32(res)) { - SC_LOG_ERROR(LABEL, "Report read res failed."); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - if (!deserializedReply.ReadString(message)) { - SC_LOG_ERROR(LABEL, "Report read error message failed."); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - return res; -} - -int32_t SecCompProxy::ReportSecurityComponentClickEvent(SecCompInfo& secCompInfo, - sptr callerToken, sptr dialogCallback, std::string& message) -{ - std::lock_guard lock(useIPCMutex_); - MessageParcel rawData; - MessageParcel data; - if (!data.WriteInterfaceToken(SecCompProxy::GetDescriptor())) { - SC_LOG_ERROR(LABEL, "Report write descriptor failed."); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - if (!rawData.WriteInt32(secCompInfo.scId)) { - SC_LOG_ERROR(LABEL, "Report write scId failed."); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - if (!rawData.WriteString(secCompInfo.componentInfo)) { - SC_LOG_ERROR(LABEL, "Report write componentInfo failed."); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - sptr parcel = new (std::nothrow) SecCompClickEventParcel(); - if (parcel == nullptr) { - SC_LOG_ERROR(LABEL, "Report new click event parcel failed."); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - parcel->clickInfoParams_ = secCompInfo.clickInfo; - if (!rawData.WriteParcelable(parcel)) { - SC_LOG_ERROR(LABEL, "Report write clickInfo failed."); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - if ((callerToken != nullptr) && !data.WriteRemoteObject(callerToken)) { - SC_LOG_ERROR(LABEL, "Report write caller token failed."); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - if ((dialogCallback != nullptr) && !data.WriteRemoteObject(dialogCallback)) { - SC_LOG_ERROR(LABEL, "Report write caller token failed."); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - if (!SecCompEnhanceAdapter::EnhanceClientSerialize(rawData, data)) { - SC_LOG_ERROR(LABEL, "Report serialize session info failed."); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - return SendReportClickEventRequest(data, message); -} - -bool SecCompProxy::VerifySavePermission(AccessToken::AccessTokenID tokenId) -{ - std::lock_guard lock(useIPCMutex_); - MessageParcel data; - if (!data.WriteInterfaceToken(SecCompProxy::GetDescriptor())) { - SC_LOG_ERROR(LABEL, "Verify write descriptor failed."); - return false; - } - if (!data.WriteUint32(tokenId)) { - SC_LOG_ERROR(LABEL, "Verify write tokenId failed."); - return false; - } - - MessageParcel reply; - MessageOption option(MessageOption::TF_SYNC); - sptr remote = Remote(); - if (remote == nullptr) { - SC_LOG_ERROR(LABEL, "Verify remote service is null."); - return false; - } - int32_t requestResult = remote->SendRequest( - static_cast(SecurityComponentServiceInterfaceCode::VERIFY_TEMP_SAVE_PERMISSION), - data, reply, option); - if (requestResult != SC_OK) { - SC_LOG_ERROR(LABEL, "Verify request failed, result: %{public}d.", requestResult); - return false; - } - bool res; - if (!reply.ReadBool(res)) { - SC_LOG_ERROR(LABEL, "Verify read res failed."); - return false; - } - return res; -} - -sptr SecCompProxy::GetEnhanceRemoteObject() -{ - std::lock_guard lock(useIPCMutex_); - MessageParcel rawData; - MessageParcel data; - if (!data.WriteInterfaceToken(SecCompProxy::GetDescriptor())) { - SC_LOG_ERROR(LABEL, "Get enhance write descriptor failed."); - return nullptr; - } - - if (!SecCompEnhanceAdapter::EnhanceClientSerialize(rawData, data)) { - SC_LOG_ERROR(LABEL, "Get enhance serialize session info failed."); - return nullptr; - } - - MessageParcel reply; - MessageParcel deserializedReply; - MessageOption option(MessageOption::TF_SYNC); - sptr remote = Remote(); - if (remote == nullptr) { - SC_LOG_ERROR(LABEL, "Get enhance remote service is null."); - return nullptr; - } - int32_t requestResult = remote->SendRequest( - static_cast(SecurityComponentServiceInterfaceCode::GET_SECURITY_COMPONENT_ENHANCE_OBJECT), - data, reply, option); - - sptr callback; - if (requestResult == SC_OK) { - callback = reply.ReadRemoteObject(); - if (callback == nullptr) { - SC_LOG_ERROR(LABEL, "Get enhance read callback failed."); - } - } else { - SC_LOG_ERROR(LABEL, "Get enhance request failed, result: %{public}d.", requestResult); - } - - if (!SecCompEnhanceAdapter::EnhanceClientDeserialize(reply, deserializedReply)) { - SC_LOG_ERROR(LABEL, "Get enhance deserialize session info failed."); - } - - return callback; -} - -int32_t SecCompProxy::PreRegisterSecCompProcess() -{ - std::lock_guard lock(useIPCMutex_); - MessageParcel rawData; - MessageParcel data; - if (!data.WriteInterfaceToken(SecCompProxy::GetDescriptor())) { - SC_LOG_ERROR(LABEL, "PreRegister write descriptor failed."); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - if (!SecCompEnhanceAdapter::EnhanceClientSerialize(rawData, data)) { - SC_LOG_ERROR(LABEL, "PreRegister serialize session info failed."); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - MessageParcel reply; - MessageParcel deserializedReply; - MessageOption option(MessageOption::TF_SYNC); - sptr remote = Remote(); - if (remote == nullptr) { - SC_LOG_ERROR(LABEL, "PreRegister remote service is null."); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - int32_t requestResult = remote->SendRequest( - static_cast(SecurityComponentServiceInterfaceCode::PRE_REGISTER_PROCESS), - data, reply, option); - - if (!SecCompEnhanceAdapter::EnhanceClientDeserialize(reply, deserializedReply)) { - SC_LOG_ERROR(LABEL, "PreRegister deserialize session info failed."); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - if (requestResult != SC_OK) { - SC_LOG_ERROR(LABEL, "PreRegister request failed, result: %{public}d.", requestResult); - return requestResult; - } - - int32_t res; - if (!deserializedReply.ReadInt32(res)) { - SC_LOG_ERROR(LABEL, "PreRegister read res failed."); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - return res; -} -} // namespace SecurityComponent -} // namespace Security -} // namespace OHOS diff --git a/frameworks/inner_api/security_component/test/BUILD.gn b/frameworks/inner_api/security_component/test/BUILD.gn index cfa52e3..acf7ed8 100644 --- a/frameworks/inner_api/security_component/test/BUILD.gn +++ b/frameworks/inner_api/security_component/test/BUILD.gn @@ -36,7 +36,6 @@ ohos_unittest("sec_comp_sdk_test") { "${sec_comp_root_dir}/frameworks/inner_api/security_component/src/sec_comp_dialog_callback_stub.cpp", "${sec_comp_root_dir}/frameworks/inner_api/security_component/src/sec_comp_kit.cpp", "${sec_comp_root_dir}/frameworks/inner_api/security_component/src/sec_comp_load_callback.cpp", - "${sec_comp_root_dir}/frameworks/inner_api/security_component/src/sec_comp_proxy.cpp", "${sec_comp_root_dir}/frameworks/inner_api/security_component/src/sec_comp_ui_register.cpp", "unittest/src/location_button_test.cpp", "unittest/src/paste_button_test.cpp", @@ -44,7 +43,10 @@ ohos_unittest("sec_comp_sdk_test") { "unittest/src/sec_comp_kit_test.cpp", "unittest/src/test_common.cpp", ] - configs = [ "${sec_comp_root_dir}/config:coverage_flags" ] + configs = [ + "${sec_comp_root_dir}/config:coverage_flags", + "${sec_comp_root_dir}/services/security_component_service/sa:sec_comp_service_gen_config", + ] cflags_cc = [ "-DHILOG_ENABLE" ] if (security_component_enhance_enable) { @@ -55,6 +57,7 @@ ohos_unittest("sec_comp_sdk_test") { "${sec_comp_root_dir}/frameworks:security_component_no_cfi_enhance_adapter_src_set", "${sec_comp_root_dir}/frameworks:security_component_no_cfi_framework_src_set", "${sec_comp_root_dir}/frameworks/inner_api/enhance_kits:security_component_no_cfi_enhance_sdk_src_set", + "${sec_comp_root_dir}/services/security_component_service/sa:sec_comp_service_proxy", ] external_deps = [ diff --git a/frameworks/inner_api/security_component/test/unittest/src/sec_comp_kit_test.cpp b/frameworks/inner_api/security_component/test/unittest/src/sec_comp_kit_test.cpp index d4cec20..ea81088 100644 --- a/frameworks/inner_api/security_component/test/unittest/src/sec_comp_kit_test.cpp +++ b/frameworks/inner_api/security_component/test/unittest/src/sec_comp_kit_test.cpp @@ -32,6 +32,7 @@ using namespace OHOS::Security::SecurityComponent; namespace { static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { LOG_CORE, SECURITY_DOMAIN_SECURITY_COMPONENT, "SecCompKitTest"}; +constexpr int32_t SA_ID_SECURITY_COMPONENT_SERVICE = 3506; static void TestInCallerNotCheckList() { diff --git a/interfaces/inner_api/security_component/include/sec_comp_enhance_adapter.h b/interfaces/inner_api/security_component/include/sec_comp_enhance_adapter.h index c54a575..9e224be 100644 --- a/interfaces/inner_api/security_component/include/sec_comp_enhance_adapter.h +++ b/interfaces/inner_api/security_component/include/sec_comp_enhance_adapter.h @@ -20,6 +20,7 @@ #include "nlohmann/json.hpp" #include "sec_comp_base.h" #include "sec_comp_info.h" +#include "sec_comp_rawdata.h" namespace OHOS { namespace Security { @@ -57,9 +58,6 @@ public: virtual int32_t CheckComponentInfoEnhance(int32_t pid, std::shared_ptr& compInfo, const nlohmann::json& jsonComponent) = 0; - // get RemoteObject of enhance service to connect it - virtual sptr GetEnhanceRemoteObject() = 0; - // start enhance service virtual void StartEnhanceService() = 0; @@ -72,9 +70,8 @@ public: // notify process registered virtual void AddSecurityComponentProcess(int32_t pid) = 0; - virtual bool EnhanceSrvSerialize(MessageParcel& input, MessageParcel& output) = 0; - virtual bool EnhanceSrvDeserialize(MessageParcel& input, MessageParcel& output, - MessageParcel& reply) = 0; + virtual bool EnhanceSrvSerialize(MessageParcel& input, SecCompRawdata& output) = 0; + virtual bool EnhanceSrvDeserialize(SecCompRawdata& input, MessageParcel& output) = 0; }; // for client @@ -84,10 +81,8 @@ public: virtual bool EnhanceDataPreprocess(const uintptr_t caller, std::string& componentInfo) = 0; virtual bool EnhanceDataPreprocess(const uintptr_t caller, int32_t scId, std::string& componentInfo) = 0; - virtual bool EnhanceClientSerialize(const uintptr_t caller, - MessageParcel& input, MessageParcel& output) = 0; - virtual bool EnhanceClientDeserialize(const uintptr_t caller, MessageParcel& input, - MessageParcel& output) = 0; + virtual bool EnhanceClientSerialize(const uintptr_t caller, MessageParcel& input, SecCompRawdata& output) = 0; + virtual bool EnhanceClientDeserialize(const uintptr_t caller, SecCompRawdata& input, MessageParcel& output) = 0; // regiter scid to enhance client virtual void RegisterScIdEnhance(const uintptr_t caller, int32_t scId) = 0; @@ -111,23 +106,21 @@ public: static int32_t DisableInputEnhance(); static int32_t CheckComponentInfoEnhance(int32_t pid, std::shared_ptr& compInfo, const nlohmann::json& jsonComponent); - static sptr GetEnhanceRemoteObject(); static void StartEnhanceService(); static void ExitEnhanceService(); static void NotifyProcessDied(int32_t pid); static bool EnhanceDataPreprocess(std::string& componentInfo); static bool EnhanceDataPreprocess(int32_t scId, std::string& componentInfo); - static bool EnhanceClientSerialize(MessageParcel& input, MessageParcel& output); - static bool EnhanceClientDeserialize(MessageParcel& input, MessageParcel& output); + static bool EnhanceClientSerialize(MessageParcel& input, SecCompRawdata& output); + static bool EnhanceClientDeserialize(SecCompRawdata& input, MessageParcel& output); static void RegisterScIdEnhance(int32_t scId); static void UnregisterScIdEnhance(int32_t scId); static void AddSecurityComponentProcess(int32_t pid); - static bool EnhanceSrvSerialize(MessageParcel& input, MessageParcel& output); - static bool EnhanceSrvDeserialize(MessageParcel& input, MessageParcel& output, - MessageParcel& reply); + static bool EnhanceSrvSerialize(MessageParcel& input, SecCompRawdata& output); + static bool EnhanceSrvDeserialize(SecCompRawdata& input, MessageParcel& output); static __attribute__((visibility("default"))) SecCompInputEnhanceInterface* inputHandler; static bool isEnhanceInputHandlerInit; diff --git a/interfaces/inner_api/security_component/include/sec_comp_kit.h b/interfaces/inner_api/security_component/include/sec_comp_kit.h index bfa8d08..7b0db4d 100644 --- a/interfaces/inner_api/security_component/include/sec_comp_kit.h +++ b/interfaces/inner_api/security_component/include/sec_comp_kit.h @@ -32,7 +32,6 @@ public: static int32_t ReportSecurityComponentClickEvent(SecCompInfo& SecCompInfo, sptr callerToken, OnFirstUseDialogCloseFunc&& callback, std::string& message); static bool VerifySavePermission(AccessToken::AccessTokenID tokenId); - static sptr GetEnhanceRemoteObject(bool isLoad); static int32_t PreRegisterSecCompProcess(); static bool IsServiceExist(); static bool LoadService(); diff --git a/frameworks/inner_api/security_component/include/sec_comp_proxy.h b/interfaces/inner_api/security_component/include/sec_comp_rawdata.h similarity index 37% rename from frameworks/inner_api/security_component/include/sec_comp_proxy.h rename to interfaces/inner_api/security_component/include/sec_comp_rawdata.h index cc1b213..c0b7f47 100644 --- a/frameworks/inner_api/security_component/include/sec_comp_proxy.h +++ b/interfaces/inner_api/security_component/include/sec_comp_rawdata.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -12,35 +12,47 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -#ifndef SECURITY_COMPONENT_PROXY_H -#define SECURITY_COMPONENT_PROXY_H -#include -#include "i_sec_comp_service.h" -#include "iremote_proxy.h" +#ifndef SEC_COMP_RAWDATA_H +#define SEC_COMP_RAWDATA_H + +#include "securec.h" namespace OHOS { namespace Security { namespace SecurityComponent { -class SecCompProxy : public IRemoteProxy { +constexpr int32_t MAX_RAW_DATA_SIZE = 4096; +class SecCompRawdata { public: - explicit SecCompProxy(const sptr& impl); - ~SecCompProxy() override; - int32_t RegisterSecurityComponent(SecCompType type, const std::string& componentInfo, int32_t& scId) override; - int32_t UpdateSecurityComponent(int32_t scId, const std::string& componentInfo) override; - int32_t UnregisterSecurityComponent(int32_t scId) override; - int32_t ReportSecurityComponentClickEvent(SecCompInfo& secCompInfo, sptr callerToken, - sptr dialogCallback, std::string& message) override; - bool VerifySavePermission(AccessToken::AccessTokenID tokenId) override; - sptr GetEnhanceRemoteObject() override; - int32_t PreRegisterSecCompProcess() override; + uint32_t size = 0; + const void* data = nullptr; + + ~SecCompRawdata() + { + if (data != nullptr) { + delete[] static_cast(const_cast(data)); + } + } -private: - int32_t SendReportClickEventRequest(MessageParcel& data, std::string& message); - static inline BrokerDelegator delegator_; - std::mutex useIPCMutex_; + int32_t RawDataCpy(const void* readData) + { + if ((size == 0) || (size >= MAX_RAW_DATA_SIZE)) { + return -1; + } + uint8_t* buffer = new (std::nothrow) uint8_t[size]; + if (buffer == nullptr) { + return -1; + } + errno_t ret = memcpy_s(buffer, size, readData, size); + if (ret != EOK) { + delete[] buffer; + return -1; + } + data = reinterpret_cast(buffer); + return 0; + } }; } // namespace SecurityComponent } // namespace Security } // namespace OHOS -#endif // SECURITY_COMPONENT_PROXY_H +#endif // SEC_COMP_RAWDATA_H \ No newline at end of file diff --git a/services/security_component_service/sa/BUILD.gn b/services/security_component_service/sa/BUILD.gn index 73c5072..ccae705 100644 --- a/services/security_component_service/sa/BUILD.gn +++ b/services/security_component_service/sa/BUILD.gn @@ -11,6 +11,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +import("//build/config/components/idl_tool/idl.gni") import("//build/ohos.gni") sec_comp_root_dir = "../../.." @@ -22,6 +23,88 @@ config("security_component_common_config") { ] } +idl_gen_interface("sec_comp_service_interface") { + sources = [ "ISecCompService.idl" ] + subsystem_name = "security" + part_name = "security_component_manager" +} + +config("sec_comp_service_gen_config") { + include_dirs = [ "${target_gen_dir}" ] +} + +ohos_source_set("sec_comp_service_proxy") { + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + } + + output_values = get_target_outputs(":sec_comp_service_interface") + + include_dirs = [ "${sec_comp_root_dir}/frameworks/common/include" ] + + sources = filter_include(output_values, [ "*_proxy.cpp" ]) + + deps = [ ":sec_comp_service_interface" ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + "ipc:ipc_single", + "samgr:samgr_proxy", + ] + + subsystem_name = "security" + part_name = "security_component_manager" +} + +ohos_source_set("sec_comp_service_stub") { + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + } + + output_values = get_target_outputs(":sec_comp_service_interface") + + include_dirs = [ "${sec_comp_root_dir}/frameworks/common/include" ] + + sources = filter_include(output_values, [ "*_stub.cpp" ]) + + deps = [ ":sec_comp_service_interface" ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + "ipc:ipc_single", + "samgr:samgr_proxy", + ] + + subsystem_name = "security" + part_name = "security_component_manager" +} + +ohos_source_set("sec_comp_service_stub_no_cfi") { + output_values = get_target_outputs(":sec_comp_service_interface") + + include_dirs = [ "${sec_comp_root_dir}/frameworks/common/include" ] + + sources = filter_include(output_values, [ "*_stub.cpp" ]) + + deps = [ ":sec_comp_service_interface" ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + "ipc:ipc_single", + "samgr:samgr_proxy", + ] + + subsystem_name = "security" + part_name = "security_component_manager" +} + ohos_shared_library("security_component_common") { subsystem_name = "security" part_name = "security_component_manager" @@ -127,7 +210,6 @@ ohos_source_set("security_component_service_src_set") { "sa_main/sec_comp_manager.cpp", "sa_main/sec_comp_perm_manager.cpp", "sa_main/sec_comp_service.cpp", - "sa_main/sec_comp_stub.cpp", ] cflags_cc = [ @@ -141,9 +223,13 @@ ohos_source_set("security_component_service_src_set") { ":security_component_common", ":security_component_service.rc", "${sec_comp_root_dir}/frameworks:security_component_framework_src_set", + "${sec_comp_root_dir}/services/security_component_service/sa:sec_comp_service_stub", ] - configs = [ "${sec_comp_root_dir}/config:coverage_flags" ] + configs = [ + "${sec_comp_root_dir}/config:coverage_flags", + "${sec_comp_root_dir}/services/security_component_service/sa:sec_comp_service_gen_config", + ] public_configs = [ ":security_component_service_config" ] external_deps = [ diff --git a/services/security_component_service/sa/ISecCompService.idl b/services/security_component_service/sa/ISecCompService.idl new file mode 100644 index 0000000..5973e7e --- /dev/null +++ b/services/security_component_service/sa/ISecCompService.idl @@ -0,0 +1,27 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +sequenceable OHOS.IRemoteObject; +rawdata OHOS.Security.SecurityComponent.SecCompRawdata; + +interface OHOS.Security.SecurityComponent.ISecCompService { + void RegisterSecurityComponent([in] SecCompRawdata rawData, [out] SecCompRawdata rawReply); + void UpdateSecurityComponent([in] SecCompRawdata rawData, [out] SecCompRawdata rawReply); + void UnregisterSecurityComponent([in] SecCompRawdata rawData, [out] SecCompRawdata rawReply); + void ReportSecurityComponentClickEvent([in] IRemoteObject callerToken, [in] IRemoteObject dialogCallback, + [in] SecCompRawdata rawData, [out] SecCompRawdata rawReply); + void VerifySavePermission([in] unsigned int tokenId, [out] boolean ret); + void PreRegisterSecCompProcess([in] SecCompRawdata rawData, [out] SecCompRawdata rawReply); +} \ No newline at end of file diff --git a/services/security_component_service/sa/sa_main/sec_comp_entity.cpp b/services/security_component_service/sa/sa_main/sec_comp_entity.cpp index 66924a4..d6a4d22 100644 --- a/services/security_component_service/sa/sa_main/sec_comp_entity.cpp +++ b/services/security_component_service/sa/sa_main/sec_comp_entity.cpp @@ -20,7 +20,7 @@ #include "hisysevent.h" #include "ipc_skeleton.h" #include "iservice_registry.h" -#include "i_sec_comp_service.h" +#include "isec_comp_service.h" #include "sec_comp_err.h" #include "sec_comp_enhance_adapter.h" #include "sec_comp_info_helper.h" @@ -44,6 +44,7 @@ constexpr const char *SETTINGS_DATASHARE_SEARCH_URI = constexpr const char *ADVANCED_DATA_COLUMN_KEYWORD = "KEYWORD"; constexpr const char *ADVANCED_DATA_COLUMN_VALUE = "VALUE"; constexpr const char *QUERY_KEYWORD = "accessibility_screenreader_enabled"; +constexpr int32_t SA_ID_SECURITY_COMPONENT_SERVICE = 3506; static bool IsScreenReadMode(); } diff --git a/services/security_component_service/sa/sa_main/sec_comp_manager.cpp b/services/security_component_service/sa/sa_main/sec_comp_manager.cpp index 90b488b..a1ae81c 100644 --- a/services/security_component_service/sa/sa_main/sec_comp_manager.cpp +++ b/services/security_component_service/sa/sa_main/sec_comp_manager.cpp @@ -21,7 +21,7 @@ #include "display_manager.h" #include "first_use_dialog.h" #include "hisysevent.h" -#include "i_sec_comp_service.h" +#include "isec_comp_service.h" #include "ipc_skeleton.h" #include "iservice_registry.h" #include "sec_comp_enhance_adapter.h" @@ -41,6 +41,7 @@ static constexpr int32_t MAX_SINGLE_PROC_COMP_SIZE = 500; static constexpr unsigned long REPORT_REMOTE_OBJECT_SIZE = 2UL; static std::mutex g_instanceMutex; const std::string START_DIALOG = "start dialog, onclick will be trap after dialog closed."; +constexpr int32_t SA_ID_SECURITY_COMPONENT_SERVICE = 3506; } SecCompManager::SecCompManager() diff --git a/services/security_component_service/sa/sa_main/sec_comp_service.cpp b/services/security_component_service/sa/sa_main/sec_comp_service.cpp index 35cce28..56b2223 100644 --- a/services/security_component_service/sa/sa_main/sec_comp_service.cpp +++ b/services/security_component_service/sa/sa_main/sec_comp_service.cpp @@ -23,6 +23,7 @@ #include "hitrace_meter.h" #include "ipc_skeleton.h" #include "iservice_registry.h" +#include "sec_comp_click_event_parcel.h" #include "sec_comp_enhance_adapter.h" #include "sec_comp_err.h" #include "sec_comp_manager.h" @@ -36,6 +37,9 @@ namespace { constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_SECURITY_COMPONENT, "SecCompService"}; static const int32_t ROOT_UID = 0; static constexpr int32_t BASE_USER_RANGE = 200000; +#ifndef SA_ID_SECURITY_COMPONENT_SERVICE +constexpr int32_t SA_ID_SECURITY_COMPONENT_SERVICE = 3506; +#endif } REGISTER_SYSTEM_ABILITY_BY_ID(SecCompService, SA_ID_SECURITY_COMPONENT_SERVICE, true); @@ -184,7 +188,49 @@ int32_t SecCompService::ParseParams(const std::string& componentInfo, return SC_OK; } -int32_t SecCompService::RegisterSecurityComponent(SecCompType type, +int32_t SecCompService::WriteError(int32_t res, SecCompRawdata& rawReply) +{ + MessageParcel replyParcel; + if (!replyParcel.WriteUint32(res)) { + SC_LOG_ERROR(LABEL, "Write error res failed."); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + + if (!SecCompEnhanceAdapter::EnhanceSrvSerialize(replyParcel, rawReply)) { + SC_LOG_ERROR(LABEL, "Serialize error session info failed"); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + return SC_OK; +} + +int32_t SecCompService::RegisterReadFromRawdata(SecCompRawdata& rawData, SecCompType& type, std::string& componentInfo) +{ + MessageParcel deserializedData; + if (!SecCompEnhanceAdapter::EnhanceSrvDeserialize(rawData, deserializedData)) { + SC_LOG_ERROR(LABEL, "Register deserialize session info failed"); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + + uint32_t uintType; + if (!deserializedData.ReadUint32(uintType)) { + SC_LOG_ERROR(LABEL, "Register read component type failed"); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + + if (uintType <= UNKNOWN_SC_TYPE || uintType >= MAX_SC_TYPE) { + SC_LOG_ERROR(LABEL, "Register security component type invalid"); + return SC_SERVICE_ERROR_VALUE_INVALID; + } + type = static_cast(uintType); + + if (!deserializedData.ReadString(componentInfo)) { + SC_LOG_ERROR(LABEL, "Register read component info failed"); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + return SC_OK; +} + +int32_t SecCompService::RegisterSecurityComponentBody(SecCompType type, const std::string& componentInfo, int32_t& scId) { StartTrace(HITRACE_TAG_ACCESS_CONTROL, "SecurityComponentRegister"); @@ -224,7 +270,79 @@ int32_t SecCompService::RegisterSecurityComponent(SecCompType type, return res; } -int32_t SecCompService::UpdateSecurityComponent(int32_t scId, const std::string& componentInfo) +int32_t SecCompService::RegisterWriteToRawdata(int32_t res, int32_t scId, SecCompRawdata& rawReply) +{ + MessageParcel replyParcel; + if (!replyParcel.WriteInt32(res)) { + SC_LOG_ERROR(LABEL, "Register security component result failed"); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + + if (!replyParcel.WriteInt32(scId)) { + SC_LOG_ERROR(LABEL, "Register security component result failed"); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + + if (!SecCompEnhanceAdapter::EnhanceSrvSerialize(replyParcel, rawReply)) { + SC_LOG_ERROR(LABEL, "Register serialize session info failed"); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + return SC_OK; +} + +int32_t SecCompService::RegisterSecurityComponent(const SecCompRawdata& rawData, SecCompRawdata& rawReply) +{ + SecCompType type; + std::string componentInfo; + int32_t res; + do { + res = RegisterReadFromRawdata(const_cast(rawData), type, componentInfo); + if (res != SC_OK) { + break; + } + int32_t scId = INVALID_SC_ID; + + res = RegisterSecurityComponentBody(type, componentInfo, scId); + if (res != SC_OK) { + break; + } + res = RegisterWriteToRawdata(res, scId, rawReply); + } while (0); + if (res != SC_OK) { + if (WriteError(res, rawReply) != SC_OK) { + SC_LOG_ERROR(LABEL, "Write rawReply error."); + return res; + } + } + return SC_OK; +} + +int32_t SecCompService::UpdateReadFromRawdata(SecCompRawdata& rawData, int32_t& scId, std::string& componentInfo) +{ + MessageParcel deserializedData; + if (!SecCompEnhanceAdapter::EnhanceSrvDeserialize(rawData, deserializedData)) { + SC_LOG_ERROR(LABEL, "Update deserialize session info failed"); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + + if (!deserializedData.ReadInt32(scId)) { + SC_LOG_ERROR(LABEL, "Update read component id failed"); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + + if (scId < 0) { + SC_LOG_ERROR(LABEL, "Update security component id invalid"); + return SC_SERVICE_ERROR_VALUE_INVALID; + } + + if (!deserializedData.ReadString(componentInfo)) { + SC_LOG_ERROR(LABEL, "Update read component info failed"); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + return SC_OK; +} + +int32_t SecCompService::UpdateSecurityComponentBody(int32_t scId, const std::string& componentInfo) { SecCompCallerInfo caller; nlohmann::json jsonRes; @@ -234,7 +352,66 @@ int32_t SecCompService::UpdateSecurityComponent(int32_t scId, const std::string& return SecCompManager::GetInstance().UpdateSecurityComponent(scId, jsonRes, caller); } -int32_t SecCompService::UnregisterSecurityComponent(int32_t scId) +int32_t SecCompService::UpdateWriteToRawdata(int32_t res, SecCompRawdata& rawReply) +{ + MessageParcel replyParcel; + if (!replyParcel.WriteInt32(res)) { + SC_LOG_ERROR(LABEL, "Update security component result failed"); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + + if (!SecCompEnhanceAdapter::EnhanceSrvSerialize(replyParcel, rawReply)) { + SC_LOG_ERROR(LABEL, "Update serialize session info failed"); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + return SC_OK; +} + +int32_t SecCompService::UpdateSecurityComponent(const SecCompRawdata& rawData, SecCompRawdata& rawReply) +{ + int32_t scId; + std::string componentInfo; + int32_t res; + do { + res = UpdateReadFromRawdata(const_cast(rawData), scId, componentInfo); + if (res != SC_OK) { + break; + } + res = UpdateSecurityComponentBody(scId, componentInfo); + if (res != SC_OK) { + break; + } + res = UpdateWriteToRawdata(res, rawReply); + } while (0); + if (res != SC_OK) { + if (WriteError(res, rawReply) != SC_OK) { + SC_LOG_ERROR(LABEL, "Write rawReply error."); + return res; + } + } + return SC_OK; +} + +int32_t SecCompService::UnregisterReadFromRawdata(SecCompRawdata& rawData, int32_t& scId) +{ + MessageParcel deserializedData; + if (!SecCompEnhanceAdapter::EnhanceSrvDeserialize(rawData, deserializedData)) { + SC_LOG_ERROR(LABEL, "Unreigster deserialize session info failed"); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + if (!deserializedData.ReadInt32(scId)) { + SC_LOG_ERROR(LABEL, "Unreigster read component id failed"); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + + if (scId < 0) { + SC_LOG_ERROR(LABEL, "Unreigster security component id invalid"); + return SC_SERVICE_ERROR_VALUE_INVALID; + } + return SC_OK; +} + +int32_t SecCompService::UnregisterSecurityComponentBody(int32_t scId) { SecCompCallerInfo caller; caller.tokenId = IPCSkeleton::GetCallingTokenID(); @@ -244,7 +421,47 @@ int32_t SecCompService::UnregisterSecurityComponent(int32_t scId) return SecCompManager::GetInstance().UnregisterSecurityComponent(scId, caller); } -int32_t SecCompService::ReportSecurityComponentClickEvent(SecCompInfo& secCompInfo, +int32_t SecCompService::UnregisterWriteToRawdata(int32_t res, SecCompRawdata& rawReply) +{ + MessageParcel replyParcel; + if (!replyParcel.WriteInt32(res)) { + SC_LOG_ERROR(LABEL, "Unregister security component result failed"); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + + if (!SecCompEnhanceAdapter::EnhanceSrvSerialize(replyParcel, rawReply)) { + SC_LOG_ERROR(LABEL, "Unreigster serialize session info failed"); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + return SC_OK; +} + +int32_t SecCompService::UnregisterSecurityComponent(const SecCompRawdata& rawData, SecCompRawdata& rawReply) +{ + int32_t scId; + int32_t res; + do { + res = UnregisterReadFromRawdata(const_cast(rawData), scId); + if (res != SC_OK) { + break; + } + + res = UnregisterSecurityComponentBody(scId); + if (res != SC_OK) { + break; + } + res = UnregisterWriteToRawdata(res, rawReply); + } while (0); + if (res != SC_OK) { + if (WriteError(res, rawReply) != SC_OK) { + SC_LOG_ERROR(LABEL, "Write rawReply error."); + return res; + } + } + return SC_OK; +} + +int32_t SecCompService::ReportSecurityComponentClickEventBody(SecCompInfo& secCompInfo, sptr callerToken, sptr dialogCallback, std::string& message) { StartTrace(HITRACE_TAG_ACCESS_CONTROL, "SecurityComponentClick"); @@ -262,7 +479,93 @@ int32_t SecCompService::ReportSecurityComponentClickEvent(SecCompInfo& secCompIn return res; } -int32_t SecCompService::PreRegisterSecCompProcess() +int32_t SecCompService::ReportWriteToRawdata(int32_t res, std::string message, SecCompRawdata& rawReply) +{ + MessageParcel replyParcel; + if (!replyParcel.WriteInt32(res)) { + SC_LOG_ERROR(LABEL, "Report security component result failed"); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + + if (!replyParcel.WriteString(message)) { + SC_LOG_ERROR(LABEL, "Report security component error message failed"); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + + if (!SecCompEnhanceAdapter::EnhanceSrvSerialize(replyParcel, rawReply)) { + SC_LOG_ERROR(LABEL, "Report serialize session info failed"); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + + return SC_OK; +} + +int32_t SecCompService::ReportSecurityComponentClickEvent(const sptr& callerToken, + const sptr& dialogCallback, const SecCompRawdata& rawData, SecCompRawdata& rawReply) +{ + int32_t res; + do { + MessageParcel deserializedData; + if (!SecCompEnhanceAdapter::EnhanceSrvDeserialize(const_cast(rawData), deserializedData)) { + SC_LOG_ERROR(LABEL, "Report deserialize session info failed"); + res = SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + break; + } + + int32_t scId; + if (!deserializedData.ReadInt32(scId)) { + SC_LOG_ERROR(LABEL, "Report read component id failed"); + res = SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + break; + } + + if (scId < 0) { + SC_LOG_ERROR(LABEL, "Report security component id invalid"); + res = SC_SERVICE_ERROR_VALUE_INVALID; + break; + } + + std::string componentInfo; + if (!deserializedData.ReadString(componentInfo)) { + SC_LOG_ERROR(LABEL, "Report read component info failed"); + res = SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + break; + } + sptr clickInfoParcel = deserializedData.ReadParcelable(); + if (clickInfoParcel == nullptr) { + SC_LOG_ERROR(LABEL, "Report read clickInfo info failed"); + res = SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + break; + } + + SecCompInfo secCompInfo{ scId, componentInfo, clickInfoParcel->clickInfoParams_ }; + std::string message; + res = ReportSecurityComponentClickEventBody(secCompInfo, callerToken, dialogCallback, message); + if (res != SC_OK) { + break; + } + res = ReportWriteToRawdata(res, message, rawReply); + } while (0); + if (res != SC_OK) { + if (WriteError(res, rawReply) != SC_OK) { + SC_LOG_ERROR(LABEL, "Write rawReply error."); + return res; + } + } + return SC_OK; +} + +int32_t SecCompService::PreRegisterReadFromRawdata(SecCompRawdata& rawData) +{ + MessageParcel deserializedData; + if (!SecCompEnhanceAdapter::EnhanceSrvDeserialize(rawData, deserializedData)) { + SC_LOG_ERROR(LABEL, "preRegister deserialize session info failed"); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + return SC_OK; +} + +int32_t SecCompService::PreRegisterSecCompProcessBody() { SecCompCallerInfo caller; if (!GetCallerInfo(caller)) { @@ -272,14 +575,73 @@ int32_t SecCompService::PreRegisterSecCompProcess() return SecCompManager::GetInstance().AddSecurityComponentProcess(caller); } -bool SecCompService::VerifySavePermission(AccessToken::AccessTokenID tokenId) +int32_t SecCompService::PreRegisterWriteToRawdata(int32_t res, SecCompRawdata& rawReply) +{ + MessageParcel replyParcel; + if (!replyParcel.WriteInt32(res)) { + SC_LOG_ERROR(LABEL, "preRegister write result failed"); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + + if (!SecCompEnhanceAdapter::EnhanceSrvSerialize(replyParcel, rawReply)) { + SC_LOG_ERROR(LABEL, "preRegister serialize session info failed"); + return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; + } + return SC_OK; +} + +int32_t SecCompService::PreRegisterSecCompProcess(const SecCompRawdata& rawData, SecCompRawdata& rawReply) +{ + int32_t res; + do { + res = PreRegisterReadFromRawdata(const_cast(rawData)); + if (res != SC_OK) { + break; + } + + res = PreRegisterSecCompProcessBody(); + if (res != SC_OK) { + break; + } + res = PreRegisterWriteToRawdata(res, rawReply); + } while (0); + if (res != SC_OK) { + if (WriteError(res, rawReply) != SC_OK) { + SC_LOG_ERROR(LABEL, "Write rawReply error."); + return res; + } + } + return SC_OK; +} + +int32_t SecCompService::VerifySavePermission(AccessToken::AccessTokenID tokenId, bool& isGranted) { - return SecCompPermManager::GetInstance().VerifySavePermission(tokenId); + if (!IsMediaLibraryCalling()) { + SC_LOG_ERROR(LABEL, "Not medialibrary called"); + return SC_SERVICE_ERROR_CALLER_INVALID; + } + + if (tokenId == 0) { + SC_LOG_ERROR(LABEL, "Verify AccessTokenId invalid"); + return SC_SERVICE_ERROR_VALUE_INVALID; + } + isGranted = SecCompPermManager::GetInstance().VerifySavePermission(tokenId); + return SC_OK; } -sptr SecCompService::GetEnhanceRemoteObject() +bool SecCompService::IsMediaLibraryCalling() { - return SecCompEnhanceAdapter::GetEnhanceRemoteObject(); + int32_t uid = IPCSkeleton::GetCallingUid(); + if (uid == ROOT_UID) { + return true; + } + int32_t userId = uid / BASE_USER_RANGE; + uint32_t tokenCaller = IPCSkeleton::GetCallingTokenID(); + if (mediaLibraryTokenId_ != tokenCaller) { + mediaLibraryTokenId_ = AccessToken::AccessTokenKit::GetHapTokenID( + userId, "com.ohos.medialibrary.medialibrarydata", 0); + } + return tokenCaller == mediaLibraryTokenId_; } int SecCompService::Dump(int fd, const std::vector& args) diff --git a/services/security_component_service/sa/sa_main/sec_comp_service.h b/services/security_component_service/sa/sa_main/sec_comp_service.h index 9a45410..10bfd0e 100644 --- a/services/security_component_service/sa/sa_main/sec_comp_service.h +++ b/services/security_component_service/sa/sa_main/sec_comp_service.h @@ -17,12 +17,17 @@ #include #include +#include "access_token.h" #include "app_state_observer.h" #include "iremote_object.h" #include "nlohmann/json.hpp" #include "nocopyable.h" +#include "sec_comp_base.h" +#include "sec_comp_click_event_parcel.h" +#include "sec_comp_info.h" #include "sec_comp_manager.h" -#include "sec_comp_stub.h" +#include "sec_comp_service_stub.h" +#include "security_component_service_ipc_interface_code.h" #include "singleton.h" #include "system_ability.h" @@ -30,7 +35,7 @@ namespace OHOS { namespace Security { namespace SecurityComponent { enum class ServiceRunningState { STATE_NOT_START, STATE_RUNNING }; -class __attribute__((visibility("default"))) SecCompService final : public SystemAbility, public SecCompStub { +class __attribute__((visibility("default"))) SecCompService final : public SystemAbility, public SecCompServiceStub { DECLARE_DELAYED_SINGLETON(SecCompService); DECLEAR_SYSTEM_ABILITY(SecCompService); @@ -40,27 +45,44 @@ public: void OnStart() override; void OnStop() override; - int32_t RegisterSecurityComponent(SecCompType type, const std::string& componentInfo, int32_t& scId) override; - int32_t UpdateSecurityComponent(int32_t scId, const std::string& componentInfo) override; - int32_t UnregisterSecurityComponent(int32_t scId) override; - int32_t ReportSecurityComponentClickEvent(SecCompInfo& secCompInfo, sptr callerToken, - sptr dialogCallback, std::string& message) override; - bool VerifySavePermission(AccessToken::AccessTokenID tokenId) override; - sptr GetEnhanceRemoteObject() override; - int32_t PreRegisterSecCompProcess() override; + int32_t RegisterSecurityComponent(const SecCompRawdata& rawData, SecCompRawdata& rawReply) override; + int32_t UpdateSecurityComponent(const SecCompRawdata& rawData, SecCompRawdata& rawReply) override; + int32_t UnregisterSecurityComponent(const SecCompRawdata& rawData, SecCompRawdata& rawReply) override; + int32_t ReportSecurityComponentClickEvent(const sptr& callerToken, + const sptr& dialogCallback, const SecCompRawdata& rawData, SecCompRawdata& rawReply) override; + int32_t VerifySavePermission(AccessToken::AccessTokenID tokenId, bool& isGranted) override; + int32_t PreRegisterSecCompProcess(const SecCompRawdata& rawData, SecCompRawdata& rawReply) override; int Dump(int fd, const std::vector& args) override; private: + int32_t WriteError(int32_t res, SecCompRawdata& rawReply); + int32_t RegisterReadFromRawdata(SecCompRawdata& rawData, SecCompType& type, std::string& componentInfo); + int32_t RegisterSecurityComponentBody(SecCompType type, const std::string& componentInfo, int32_t& scId); + int32_t RegisterWriteToRawdata(int32_t res, int32_t scId, SecCompRawdata& rawReply); + int32_t UpdateReadFromRawdata(SecCompRawdata& rawData, int32_t& scId, std::string& componentInfo); + int32_t UpdateSecurityComponentBody(int32_t scId, const std::string& componentInfo); + int32_t UpdateWriteToRawdata(int32_t res, SecCompRawdata& rawReply); + int32_t UnregisterReadFromRawdata(SecCompRawdata& rawData, int32_t& scId); + int32_t UnregisterSecurityComponentBody(int32_t scId); + int32_t UnregisterWriteToRawdata(int32_t res, SecCompRawdata& rawReply); + int32_t ReportSecurityComponentClickEventBody(SecCompInfo& secCompInfo, + sptr callerToken, sptr dialogCallback, std::string& message); + int32_t ReportWriteToRawdata(int32_t res, std::string message, SecCompRawdata& rawReply); + int32_t PreRegisterReadFromRawdata(SecCompRawdata& rawData); + int32_t PreRegisterSecCompProcessBody(); + int32_t PreRegisterWriteToRawdata(int32_t res, SecCompRawdata& rawReply); int32_t ParseParams(const std::string& componentInfo, SecCompCallerInfo& caller, nlohmann::json& jsonRes); bool Initialize() const; bool RegisterAppStateObserver(); void UnregisterAppStateObserver(); bool GetCallerInfo(SecCompCallerInfo& caller); + bool IsMediaLibraryCalling(); ServiceRunningState state_; sptr iAppMgr_; sptr appStateObserver_; + AccessToken::AccessTokenID mediaLibraryTokenId_ = 0; }; } // namespace SecurityComponent } // namespace Security diff --git a/services/security_component_service/sa/sa_main/sec_comp_stub.cpp b/services/security_component_service/sa/sa_main/sec_comp_stub.cpp deleted file mode 100644 index 198b087..0000000 --- a/services/security_component_service/sa/sa_main/sec_comp_stub.cpp +++ /dev/null @@ -1,353 +0,0 @@ -/* - * Copyright (c) 2023 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include "sec_comp_stub.h" - -#include "accesstoken_kit.h" -#include "ipc_skeleton.h" -#include "sec_comp_click_event_parcel.h" -#include "sec_comp_enhance_adapter.h" -#include "sec_comp_err.h" -#include "sec_comp_log.h" - -namespace OHOS { -namespace Security { -namespace SecurityComponent { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_SECURITY_COMPONENT, "SecCompStub"}; -static constexpr int32_t ROOT_UID = 0; -static constexpr int32_t BASE_USER_RANGE = 200000; -} // namespace - -int32_t SecCompStub::OnRemoteRequest( - uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& option) -{ - std::u16string descripter = SecCompStub::GetDescriptor(); - std::u16string remoteDescripter = data.ReadInterfaceToken(); - if (descripter != remoteDescripter) { - SC_LOG_ERROR(LABEL, "Deal remote request failed, descriptor is not matched"); - return SC_SERVICE_ERROR_IPC_REQUEST_FAIL; - } - - auto funcIter = requestFuncMap_.find(code); - if (funcIter != requestFuncMap_.end()) { - auto func = funcIter->second; - if (func != nullptr) { - return (this->*func)(data, reply); - } - } - return IPCObjectStub::OnRemoteRequest(code, data, reply, option); -} - -int32_t SecCompStub::RegisterSecurityComponentInner(MessageParcel& data, MessageParcel& reply) -{ - MessageParcel deserializedData; - if (!SecCompEnhanceAdapter::EnhanceSrvDeserialize(data, deserializedData, reply)) { - SC_LOG_ERROR(LABEL, "Register deserialize session info failed"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - uint32_t type; - if (!deserializedData.ReadUint32(type)) { - SC_LOG_ERROR(LABEL, "Register read component type failed"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - if (type <= UNKNOWN_SC_TYPE || type >= MAX_SC_TYPE) { - SC_LOG_ERROR(LABEL, "Register security component type invalid"); - return SC_SERVICE_ERROR_VALUE_INVALID; - } - - std::string componentInfo; - if (!deserializedData.ReadString(componentInfo)) { - SC_LOG_ERROR(LABEL, "Register read component info failed"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - int32_t scId = INVALID_SC_ID; - int32_t res = this->RegisterSecurityComponent(static_cast(type), componentInfo, scId); - MessageParcel rawReply; - if (!rawReply.WriteInt32(res)) { - SC_LOG_ERROR(LABEL, "Register security component result failed"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - if (!rawReply.WriteInt32(scId)) { - SC_LOG_ERROR(LABEL, "Register security component result failed"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - if (!SecCompEnhanceAdapter::EnhanceSrvSerialize(rawReply, reply)) { - SC_LOG_ERROR(LABEL, "Register serialize session info failed"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - return SC_OK; -} - -int32_t SecCompStub::UpdateSecurityComponentInner(MessageParcel& data, MessageParcel& reply) -{ - MessageParcel deserializedData; - if (!SecCompEnhanceAdapter::EnhanceSrvDeserialize(data, deserializedData, reply)) { - SC_LOG_ERROR(LABEL, "Update deserialize session info failed"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - int32_t scId; - if (!deserializedData.ReadInt32(scId)) { - SC_LOG_ERROR(LABEL, "Update read component id failed"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - if (scId < 0) { - SC_LOG_ERROR(LABEL, "Update security component id invalid"); - return SC_SERVICE_ERROR_VALUE_INVALID; - } - - std::string componentInfo; - if (!deserializedData.ReadString(componentInfo)) { - SC_LOG_ERROR(LABEL, "Update read component info failed"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - int32_t res = this->UpdateSecurityComponent(scId, componentInfo); - MessageParcel rawReply; - if (!rawReply.WriteInt32(res)) { - SC_LOG_ERROR(LABEL, "Update security component result failed"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - if (!SecCompEnhanceAdapter::EnhanceSrvSerialize(rawReply, reply)) { - SC_LOG_ERROR(LABEL, "Update serialize session info failed"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - return res; -} - -int32_t SecCompStub::UnregisterSecurityComponentInner(MessageParcel& data, MessageParcel& reply) -{ - MessageParcel deserializedData; - if (!SecCompEnhanceAdapter::EnhanceSrvDeserialize(data, deserializedData, reply)) { - SC_LOG_ERROR(LABEL, "Unreigster deserialize session info failed"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - int32_t scId; - if (!deserializedData.ReadInt32(scId)) { - SC_LOG_ERROR(LABEL, "Unreigster read component id failed"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - if (scId < 0) { - SC_LOG_ERROR(LABEL, "Unreigster security component id invalid"); - return SC_SERVICE_ERROR_VALUE_INVALID; - } - - int32_t res = this->UnregisterSecurityComponent(scId); - MessageParcel rawReply; - if (!rawReply.WriteInt32(res)) { - SC_LOG_ERROR(LABEL, "Unregister security component result failed"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - if (!SecCompEnhanceAdapter::EnhanceSrvSerialize(rawReply, reply)) { - SC_LOG_ERROR(LABEL, "Unreigster serialize session info failed"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - return SC_OK; -} - -int32_t SecCompStub::WriteSecurityComponentClickEventResult(int32_t res, MessageParcel& reply, - const std::string& message) -{ - MessageParcel rawReply; - if (!rawReply.WriteInt32(res)) { - SC_LOG_ERROR(LABEL, "Report security component result failed"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - if (!rawReply.WriteString(message)) { - SC_LOG_ERROR(LABEL, "Report security component error message failed"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - if (!SecCompEnhanceAdapter::EnhanceSrvSerialize(rawReply, reply)) { - SC_LOG_ERROR(LABEL, "Report serialize session info failed"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - return SC_OK; -} - -int32_t SecCompStub::ReportSecurityComponentClickEventInner(MessageParcel& data, MessageParcel& reply) -{ - sptr callerToken = data.ReadRemoteObject(); - if (callerToken == nullptr) { - SC_LOG_ERROR(LABEL, "callerToken is nullptr"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - sptr dialogCallback = data.ReadRemoteObject(); - if (dialogCallback == nullptr) { - SC_LOG_ERROR(LABEL, "dialogCallback is nullptr"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - MessageParcel deserializedData; - if (!SecCompEnhanceAdapter::EnhanceSrvDeserialize(data, deserializedData, reply)) { - SC_LOG_ERROR(LABEL, "Report deserialize session info failed"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - int32_t scId; - if (!deserializedData.ReadInt32(scId)) { - SC_LOG_ERROR(LABEL, "Report read component id failed"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - if (scId < 0) { - SC_LOG_ERROR(LABEL, "Report security component id invalid"); - return SC_SERVICE_ERROR_VALUE_INVALID; - } - - std::string componentInfo; - if (!deserializedData.ReadString(componentInfo)) { - SC_LOG_ERROR(LABEL, "Report read component info failed"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - sptr clickInfoParcel = deserializedData.ReadParcelable(); - if (clickInfoParcel == nullptr) { - SC_LOG_ERROR(LABEL, "Report read clickInfo info failed"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - SecCompInfo secCompInfo{ scId, componentInfo, clickInfoParcel->clickInfoParams_ }; - std::string message; - int32_t res = this->ReportSecurityComponentClickEvent(secCompInfo, callerToken, dialogCallback, message); - return WriteSecurityComponentClickEventResult(res, reply, message); -} - -int32_t SecCompStub::VerifySavePermissionInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsMediaLibraryCalling()) { - SC_LOG_ERROR(LABEL, "Not medialibrary called"); - return SC_SERVICE_ERROR_CALLER_INVALID; - } - uint32_t tokenId; - if (!data.ReadUint32(tokenId)) { - SC_LOG_ERROR(LABEL, "Verify read component id failed"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - if (tokenId == 0) { - SC_LOG_ERROR(LABEL, "Verify AccessTokenId invalid"); - return SC_SERVICE_ERROR_VALUE_INVALID; - } - - bool res = this->VerifySavePermission(tokenId); - if (!reply.WriteBool(res)) { - SC_LOG_ERROR(LABEL, "Verify temp save permission result failed"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - return SC_OK; -} - -int32_t SecCompStub::GetEnhanceRemoteObjectInner(MessageParcel& data, MessageParcel& reply) -{ - MessageParcel deserializedData; - if (!SecCompEnhanceAdapter::EnhanceSrvDeserialize(data, deserializedData, reply)) { - SC_LOG_ERROR(LABEL, "Get remote obj deserialize session info failed"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - auto res = this->GetEnhanceRemoteObject(); - MessageParcel rawReply; - if (!reply.WriteRemoteObject(res)) { - SC_LOG_ERROR(LABEL, "Security component enhance remote object failed"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - if (!SecCompEnhanceAdapter::EnhanceSrvSerialize(rawReply, reply)) { - SC_LOG_ERROR(LABEL, "Get remote obj serialize session info failed"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - return SC_OK; -} - -int32_t SecCompStub::PreRegisterSecCompProcessInner(MessageParcel& data, MessageParcel& reply) -{ - MessageParcel deserializedData; - if (!SecCompEnhanceAdapter::EnhanceSrvDeserialize(data, deserializedData, reply)) { - SC_LOG_ERROR(LABEL, "preRegister deserialize session info failed"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - int32_t res = this->PreRegisterSecCompProcess(); - MessageParcel rawReply; - if (!rawReply.WriteInt32(res)) { - SC_LOG_ERROR(LABEL, "preRegister write result failed"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - if (!SecCompEnhanceAdapter::EnhanceSrvSerialize(rawReply, reply)) { - SC_LOG_ERROR(LABEL, "preRegister serialize session info failed"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - - return SC_OK; -} - -bool SecCompStub::IsMediaLibraryCalling() -{ - int32_t uid = IPCSkeleton::GetCallingUid(); - if (uid == ROOT_UID) { - return true; - } - int32_t userId = uid / BASE_USER_RANGE; - uint32_t tokenCaller = IPCSkeleton::GetCallingTokenID(); - if (mediaLibraryTokenId_ != tokenCaller) { - mediaLibraryTokenId_ = AccessToken::AccessTokenKit::GetHapTokenID( - userId, "com.ohos.medialibrary.medialibrarydata", 0); - } - return tokenCaller == mediaLibraryTokenId_; -} - -SecCompStub::SecCompStub() -{ - requestFuncMap_[static_cast(SecurityComponentServiceInterfaceCode::REGISTER_SECURITY_COMPONENT)] = - &SecCompStub::RegisterSecurityComponentInner; - requestFuncMap_[static_cast(SecurityComponentServiceInterfaceCode::UPDATE_SECURITY_COMPONENT)] = - &SecCompStub::UpdateSecurityComponentInner; - requestFuncMap_[static_cast(SecurityComponentServiceInterfaceCode::UNREGISTER_SECURITY_COMPONENT)] = - &SecCompStub::UnregisterSecurityComponentInner; - requestFuncMap_[static_cast( - SecurityComponentServiceInterfaceCode::REPORT_SECURITY_COMPONENT_CLICK_EVENT)] = - &SecCompStub::ReportSecurityComponentClickEventInner; - requestFuncMap_[static_cast(SecurityComponentServiceInterfaceCode::VERIFY_TEMP_SAVE_PERMISSION)] = - &SecCompStub::VerifySavePermissionInner; - requestFuncMap_[static_cast( - SecurityComponentServiceInterfaceCode::GET_SECURITY_COMPONENT_ENHANCE_OBJECT)] = - &SecCompStub::GetEnhanceRemoteObjectInner; - requestFuncMap_[static_cast( - SecurityComponentServiceInterfaceCode::PRE_REGISTER_PROCESS)] = - &SecCompStub::PreRegisterSecCompProcessInner; -} - -SecCompStub::~SecCompStub() -{ - SC_LOG_ERROR(LABEL, "~SecCompStub"); - requestFuncMap_.clear(); - SC_LOG_ERROR(LABEL, "~SecCompStub end"); -} -} // namespace SecurityComponent -} // namespace Security -} // namespace OHOS diff --git a/services/security_component_service/sa/sa_main/sec_comp_stub.h b/services/security_component_service/sa/sa_main/sec_comp_stub.h deleted file mode 100644 index 325ea41..0000000 --- a/services/security_component_service/sa/sa_main/sec_comp_stub.h +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright (c) 2023 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef SECURITY_COMPONENT_STUB_H -#define SECURITY_COMPONENT_STUB_H - -#include -#include "i_sec_comp_service.h" -#include "iremote_stub.h" -#include "nocopyable.h" - -namespace OHOS { -namespace Security { -namespace SecurityComponent { -class SecCompStub : public IRemoteStub { -public: - SecCompStub(); - virtual ~SecCompStub(); - - int OnRemoteRequest(uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& option) override; - -private: - int32_t RegisterSecurityComponentInner(MessageParcel& data, MessageParcel& reply); - int32_t UpdateSecurityComponentInner(MessageParcel& data, MessageParcel& reply); - int32_t UnregisterSecurityComponentInner(MessageParcel& data, MessageParcel& reply); - int32_t ReportSecurityComponentClickEventInner(MessageParcel& data, MessageParcel& reply); - int32_t VerifySavePermissionInner(MessageParcel& data, MessageParcel& reply); - int32_t GetEnhanceRemoteObjectInner(MessageParcel& data, MessageParcel& reply); - int32_t PreRegisterSecCompProcessInner(MessageParcel& data, MessageParcel& reply); - int32_t WriteSecurityComponentClickEventResult(int32_t res, MessageParcel& reply, - const std::string& message); - bool IsMediaLibraryCalling(); - - using RequestFuncType = int32_t (SecCompStub::*)(MessageParcel& data, MessageParcel& reply); - std::map requestFuncMap_; - AccessToken::AccessTokenID mediaLibraryTokenId_ = 0; -}; -} // namespace SecurityComponent -} // namespace Security -} // namespace OHOS -#endif // SECURITY_COMPONENT_STUB_H diff --git a/services/security_component_service/sa/test/BUILD.gn b/services/security_component_service/sa/test/BUILD.gn index 3d71a92..803e267 100644 --- a/services/security_component_service/sa/test/BUILD.gn +++ b/services/security_component_service/sa/test/BUILD.gn @@ -20,6 +20,7 @@ ohos_unittest("sec_comp_service_test") { subsystem_name = "security" part_name = "security_component_manager" module_out_path = part_name + "/" + part_name + include_dirs = [ "${sec_comp_root_dir}/frameworks/common/include", "${sec_comp_root_dir}/frameworks/enhance_adapter/include", @@ -42,7 +43,6 @@ ohos_unittest("sec_comp_service_test") { "${sec_comp_root_dir}/services/security_component_service/sa/sa_main/sec_comp_manager.cpp", "${sec_comp_root_dir}/services/security_component_service/sa/sa_main/sec_comp_perm_manager.cpp", "${sec_comp_root_dir}/services/security_component_service/sa/sa_main/sec_comp_service.cpp", - "${sec_comp_root_dir}/services/security_component_service/sa/sa_main/sec_comp_stub.cpp", "${sec_comp_root_dir}/services/security_component_service/sa/sa_main/sec_event_handler.cpp", "${sec_comp_root_dir}/services/security_component_service/sa/sa_main/window_info_helper.cpp", "${sec_comp_root_dir}/services/security_component_service/sa/test/mock/src/accesstoken_kit.cpp", @@ -59,7 +59,10 @@ ohos_unittest("sec_comp_service_test") { "unittest/src/window_info_helper_test.cpp", ] - configs = [ "${sec_comp_root_dir}/config:coverage_flags" ] + configs = [ + "${sec_comp_root_dir}/config:coverage_flags", + "${sec_comp_root_dir}/services/security_component_service/sa:sec_comp_service_gen_config", + ] cflags_cc = [ "-DHILOG_ENABLE" ] if (security_component_enhance_enable) { @@ -69,17 +72,15 @@ ohos_unittest("sec_comp_service_test") { deps = [ "${sec_comp_root_dir}/frameworks:security_component_no_cfi_enhance_adapter_src_set", "${sec_comp_root_dir}/frameworks:security_component_no_cfi_framework_src_set", + "${sec_comp_root_dir}/services/security_component_service/sa:sec_comp_service_stub_no_cfi", ] external_deps = [ "ability_base:base", "ability_base:want", "ability_base:zuri", - "ability_runtime:ability_manager", "ability_runtime:runtime", "access_token:libtoken_setproc", - "bundle_framework:appexecfwk_base", - "bundle_framework:appexecfwk_core", "c_utils:utils", "eventhandler:libeventhandler", "googletest:gmock_main", @@ -89,7 +90,6 @@ ohos_unittest("sec_comp_service_test") { "hitrace:hitrace_meter", "ipc:ipc_core", "json:nlohmann_json_static", - "window_manager:libdm", ] } @@ -125,7 +125,6 @@ ohos_unittest("sec_comp_service_mock_test") { "${sec_comp_root_dir}/services/security_component_service/sa/sa_main/sec_comp_manager.cpp", "${sec_comp_root_dir}/services/security_component_service/sa/sa_main/sec_comp_perm_manager.cpp", "${sec_comp_root_dir}/services/security_component_service/sa/sa_main/sec_comp_service.cpp", - "${sec_comp_root_dir}/services/security_component_service/sa/sa_main/sec_comp_stub.cpp", "${sec_comp_root_dir}/services/security_component_service/sa/sa_main/sec_event_handler.cpp", "${sec_comp_root_dir}/services/security_component_service/sa/sa_main/window_info_helper.cpp", "${sec_comp_root_dir}/services/security_component_service/sa/test/mock/src/accesstoken_kit.cpp", @@ -138,21 +137,23 @@ ohos_unittest("sec_comp_service_mock_test") { "unittest/src/service_test_common.cpp", ] - configs = [ "${sec_comp_root_dir}/config:coverage_flags" ] + configs = [ + "${sec_comp_root_dir}/config:coverage_flags", + "${sec_comp_root_dir}/services/security_component_service/sa:sec_comp_service_gen_config", + ] cflags_cc = [ "-DHILOG_ENABLE" ] - deps = - [ "${sec_comp_root_dir}/frameworks:security_component_framework_src_set" ] + deps = [ + "${sec_comp_root_dir}/frameworks:security_component_framework_src_set", + "${sec_comp_root_dir}/services/security_component_service/sa:sec_comp_service_stub", + ] external_deps = [ "ability_base:base", "ability_base:want", "ability_base:zuri", - "ability_runtime:ability_manager", "ability_runtime:runtime", "access_token:libtoken_setproc", - "bundle_framework:appexecfwk_base", - "bundle_framework:appexecfwk_core", "c_utils:utils", "eventhandler:libeventhandler", "googletest:gmock_main", @@ -162,7 +163,6 @@ ohos_unittest("sec_comp_service_mock_test") { "hitrace:hitrace_meter", "ipc:ipc_core", "json:nlohmann_json_static", - "window_manager:libdm", ] } diff --git a/test/fuzztest/security_component/innerkits/getenhanceremoteobject_fuzzer/getenhanceremoteobject_fuzzer.cpp b/services/security_component_service/sa/test/mock/include/ability_manager_client.h similarity index 32% rename from test/fuzztest/security_component/innerkits/getenhanceremoteobject_fuzzer/getenhanceremoteobject_fuzzer.cpp rename to services/security_component_service/sa/test/mock/include/ability_manager_client.h index dc0a656..76700dc 100644 --- a/test/fuzztest/security_component/innerkits/getenhanceremoteobject_fuzzer/getenhanceremoteobject_fuzzer.cpp +++ b/services/security_component_service/sa/test/mock/include/ability_manager_client.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -13,50 +13,35 @@ * limitations under the License. */ -#include -#include -#include -#include -#include "accesstoken_kit.h" -#include "securec.h" -#include "token_setproc.h" -#include "getenhanceremoteobject_fuzzer.h" +#ifndef OHOS_ABILITY_RUNTIME_ABILITY_MANAGER_CLIENT_H +#define OHOS_ABILITY_RUNTIME_ABILITY_MANAGER_CLIENT_H -using namespace OHOS::Security::SecurityComponent; -using namespace OHOS::Security::AccessToken; -namespace OHOS { -const uint8_t *BASE_FUZZ_DATA = nullptr; -size_t g_baseFuzzSize = 0; -size_t g_baseFuzzPos; +#include -template T GetData() -{ - T object{}; - size_t objectSize = sizeof(object); - if (BASE_FUZZ_DATA == nullptr || objectSize > g_baseFuzzSize - g_baseFuzzPos) { - return object; - } - errno_t ret = memcpy_s(&object, objectSize, BASE_FUZZ_DATA + g_baseFuzzPos, objectSize); - if (ret != EOK) { - return {}; - } - g_baseFuzzPos += objectSize; - return object; -} +#include "iremote_object.h" +#include "want.h" -static void GetEnhanceRemoteObjectFuzzTest(const uint8_t *data, size_t size) -{ - BASE_FUZZ_DATA = data; - g_baseFuzzSize = size; - g_baseFuzzPos = 0; - SecCompKit::GetEnhanceRemoteObject(GetData()); -} -} // namespace OHOS +namespace OHOS { +namespace AAFwk { +/** + * @class AbilityManagerClient + * AbilityManagerClient is used to access ability manager services. + */ +class AbilityManagerClient { +public: + AbilityManagerClient() = default; + virtual ~AbilityManagerClient() = default; + static std::shared_ptr GetInstance() + { + static std::shared_ptr instance_ = std::make_shared(); + return instance_; + } -/* Fuzzer entry point */ -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) -{ - /* Run your code on data */ - OHOS::GetEnhanceRemoteObjectFuzzTest(data, size); - return 0; -} + ErrCode StartExtensionAbility(const Want &want, sptr callerToken) + { + return 0; + } +}; +} // namespace AAFwk +} // namespace OHOS +#endif // OHOS_ABILITY_RUNTIME_ABILITY_MANAGER_CLIENT_H \ No newline at end of file diff --git a/services/security_component_service/sa/test/mock/include/bundle_info.h b/services/security_component_service/sa/test/mock/include/bundle_info.h new file mode 100644 index 0000000..1313452 --- /dev/null +++ b/services/security_component_service/sa/test/mock/include/bundle_info.h @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FOUNDATION_APPEXECFWK_INTERFACES_INNERKITS_APPEXECFWK_BASE_INCLUDE_BUNDLE_INFO_H +#define FOUNDATION_APPEXECFWK_INTERFACES_INNERKITS_APPEXECFWK_BASE_INCLUDE_BUNDLE_INFO_H + +#include +#include + +namespace OHOS { +namespace AppExecFwk { +enum BundleFlag { + // get bundle info except abilityInfos + GET_BUNDLE_DEFAULT = 0x00000000, + // get bundle info include abilityInfos + GET_BUNDLE_WITH_ABILITIES = 0x00000001, + // get bundle info include request permissions + GET_BUNDLE_WITH_REQUESTED_PERMISSION = 0x00000010, + // get bundle info include extension info + GET_BUNDLE_WITH_EXTENSION_INFO = 0x00000020, + // get bundle info include hash value + GET_BUNDLE_WITH_HASH_VALUE = 0x00000030, + // get bundle info inlcude menu, only for dump usage + GET_BUNDLE_WITH_MENU = 0x00000040, + // get bundle info inlcude router map, only for dump usage + GET_BUNDLE_WITH_ROUTER_MAP = 0x00000080, + // get bundle info include skill info + GET_BUNDLE_WITH_SKILL = 0x00000800, +}; + +// configuration information about a bundle +struct BundleInfo { + bool isNewVersion = false; + bool isKeepAlive = false; + bool singleton = false; + bool isPreInstallApp = false; + + bool isNativeApp = false; + + bool entryInstallationFree = false; // application : false; atomic service : true + bool isDifferentName = false; + std::string versionName; +}; +} // namespace AppExecFwk +} // namespace OHOS +#endif // FOUNDATION_APPEXECFWK_INTERFACES_INNERKITS_APPEXECFWK_BASE_INCLUDE_BUNDLE_INFO_H diff --git a/services/security_component_service/sa/test/mock/include/bundle_mgr_client.h b/services/security_component_service/sa/test/mock/include/bundle_mgr_client.h new file mode 100644 index 0000000..ea0a395 --- /dev/null +++ b/services/security_component_service/sa/test/mock/include/bundle_mgr_client.h @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FOUNDATION_APPEXECFWK_INTERFACES_INNERKITS_APPEXECFWK_CORE_INCLUDE_BUNDLEMGR_BUNDLE_MGR_CLIENT_H +#define FOUNDATION_APPEXECFWK_INTERFACES_INNERKITS_APPEXECFWK_CORE_INCLUDE_BUNDLEMGR_BUNDLE_MGR_CLIENT_H + +#include "bundle_info.h" +#include "want.h" + +namespace OHOS { +namespace AppExecFwk { + +class BundleMgrClient { +public: + BundleMgrClient() = default; + virtual ~BundleMgrClient() = default; + + ErrCode GetNameForUid(const int uid, std::string &name) + { + return 0; + } + bool GetBundleInfo(const std::string &bundleName, const BundleFlag flag, BundleInfo &bundleInfo, + int32_t userId = 0) + { + return true; + } +}; +} // namespace AppExecFwk +} // namespace OHOS + +#endif // FOUNDATION_APPEXECFWK_INTERFACES_INNERKITS_APPEXECFWK_CORE_INCLUDE_BUNDLEMGR_BUNDLE_MGR_CLIENT_H diff --git a/test/fuzztest/security_component/service/getenhanceremoteobjectstub_fuzzer/getenhanceremoteobjectstub_fuzzer.h b/services/security_component_service/sa/test/mock/include/display.h similarity index 57% rename from test/fuzztest/security_component/service/getenhanceremoteobjectstub_fuzzer/getenhanceremoteobjectstub_fuzzer.h rename to services/security_component_service/sa/test/mock/include/display.h index ffd853a..0096773 100644 --- a/test/fuzztest/security_component/service/getenhanceremoteobjectstub_fuzzer/getenhanceremoteobjectstub_fuzzer.h +++ b/services/security_component_service/sa/test/mock/include/display.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -13,12 +13,18 @@ * limitations under the License. */ -#ifndef GET_ENHANCE_REMOTE_OBJECT_STUB_FUZZER_H -#define GET_ENHANCE_REMOTE_OBJECT_STUB_FUZZER_H +#ifndef SECURITY_COMPONENT_MANAGER_DISPLAY_MOCK_H +#define SECURITY_COMPONENT_MANAGER_DISPLAY_MOCK_H +#include "display_info.h" +#include "refbase.h" -#define FUZZ_PROJECT_NAME "securitycomponent_fuzzer" - -#include "sec_comp_stub.h" -#include "sec_comp_service.h" - -#endif +namespace OHOS::Rosen { +class Display : public RefBase { +public: + sptr GetDisplayInfo() const + { + return sptr::MakeSptr(); + } +}; +} +#endif // SECURITY_COMPONENT_MANAGER_DISPLAY_MOCK_H \ No newline at end of file diff --git a/test/fuzztest/security_component/service/getenhanceremoteobjectstub_fuzzer/getenhanceremoteobjectstub_fuzzer.cpp b/services/security_component_service/sa/test/mock/include/display_info.h similarity index 30% rename from test/fuzztest/security_component/service/getenhanceremoteobjectstub_fuzzer/getenhanceremoteobjectstub_fuzzer.cpp rename to services/security_component_service/sa/test/mock/include/display_info.h index 6645fbf..f6f8a21 100644 --- a/test/fuzztest/security_component/service/getenhanceremoteobjectstub_fuzzer/getenhanceremoteobjectstub_fuzzer.cpp +++ b/services/security_component_service/sa/test/mock/include/display_info.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -13,43 +13,47 @@ * limitations under the License. */ +#ifndef SECURITY_COMPONENT_MANAGER_DISPLAY_INFO_MOCK_H +#define SECURITY_COMPONENT_MANAGER_DISPLAY_INFO_MOCK_H +#include +#include -#include -#include -#include -#include -#include "accesstoken_kit.h" -#include "i_sec_comp_service.h" -#include "securec.h" -#include "sec_comp_enhance_adapter.h" -#include "sec_comp_service.h" -#include "token_setproc.h" -#include "getenhanceremoteobjectstub_fuzzer.h" - -using namespace OHOS::Security::SecurityComponent; -using namespace OHOS::Security::AccessToken; -namespace OHOS { -static void GetEnhanceRemoteObjectStubFuzzTest(const uint8_t *data, size_t size) -{ - uint32_t code = SecurityComponentServiceInterfaceCode::GET_SECURITY_COMPONENT_ENHANCE_OBJECT; - MessageParcel rawData; - MessageParcel input; - MessageParcel reply; - - if (!input.WriteInterfaceToken(ISecCompService::GetDescriptor())) { - return; +namespace OHOS::Rosen { +namespace { +static const int32_t DEFAULT_SCREEN_SIZE = 1500; +}; + +class DisplayInfo : public Parcelable { +public: + bool Marshalling(Parcel &parcel) const override + { + return true; } - SecCompEnhanceAdapter::EnhanceClientSerialize(rawData, input); - MessageOption option(MessageOption::TF_SYNC); - auto service = std::make_shared(SA_ID_SECURITY_COMPONENT_SERVICE, true); - service->OnRemoteRequest(code, input, reply, option); -} -} // namespace OHOS - -/* Fuzzer entry point */ -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) -{ - /* Run your code on data */ - OHOS::GetEnhanceRemoteObjectStubFuzzTest(data, size); - return 0; + + int32_t GetWidth() const + { + return DEFAULT_SCREEN_SIZE; + } + + int32_t GetHeight() const + { + return DEFAULT_SCREEN_SIZE; + } + + int32_t GetPhysicalHeight() const + { + return DEFAULT_SCREEN_SIZE; + } + + int32_t GetAvailableHeight() const + { + return DEFAULT_SCREEN_SIZE; + } + + std::vector GetCreaseRects() const + { + return std::vector(); + } +}; } +#endif // SECURITY_COMPONENT_MANAGER_DISPLAY_INFO_MOCK_H diff --git a/test/fuzztest/security_component/innerkits/getenhanceremoteobject_fuzzer/getenhanceremoteobject_fuzzer.h b/services/security_component_service/sa/test/mock/include/display_manager.h similarity index 42% rename from test/fuzztest/security_component/innerkits/getenhanceremoteobject_fuzzer/getenhanceremoteobject_fuzzer.h rename to services/security_component_service/sa/test/mock/include/display_manager.h index a907797..332b97a 100644 --- a/test/fuzztest/security_component/innerkits/getenhanceremoteobject_fuzzer/getenhanceremoteobject_fuzzer.h +++ b/services/security_component_service/sa/test/mock/include/display_manager.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -13,11 +13,34 @@ * limitations under the License. */ -#ifndef GET_ENHANCE_REMOTE_OBJECT_FUZZER_H -#define GET_ENHANCE_REMOTE_OBJECT_FUZZER_H +#ifndef SECURITY_COMPONENT_MANAGER_DISPLAY_MANAGER_MOCK_H +#define SECURITY_COMPONENT_MANAGER_DISPLAY_MANAGER_MOCK_H +#include "display.h" +#include "display_info.h" -#define FUZZ_PROJECT_NAME "securitycomponent_fuzzer" +namespace OHOS::Rosen { +class DisplayManager { +public: + static DisplayManager& GetInstance() + { + static DisplayManager instance; + return instance; + } -#include "sec_comp_kit.h" + sptr GetDefaultDisplaySync() + { + return sptr::MakeSptr(); + } -#endif + sptr GetDisplayById(uint64_t displayId) + { + return sptr::MakeSptr(); + } + + sptr GetCurrentFoldCreaseRegion() + { + return sptr::MakeSptr(); + } +}; +} +#endif // SECURITY_COMPONENT_MANAGER_DISPLAY_MANAGER_MOCK_H diff --git a/services/security_component_service/sa/test/mock/src/sec_comp_enhance_adapter.cpp b/services/security_component_service/sa/test/mock/src/sec_comp_enhance_adapter.cpp index ccfd718..e0756cc 100644 --- a/services/security_component_service/sa/test/mock/src/sec_comp_enhance_adapter.cpp +++ b/services/security_component_service/sa/test/mock/src/sec_comp_enhance_adapter.cpp @@ -69,123 +69,126 @@ bool SecCompEnhanceAdapter::EnhanceDataPreprocess(int32_t scId, std::string& com } #ifndef FUZZ_ENABLE -static bool CopyMessageParcel(MessageParcel& oldData, MessageParcel& newData) +static bool MessageParcelToRawdata(MessageParcel& input, SecCompRawdata& output) { - size_t bufferLength = oldData.GetDataSize(); - if (bufferLength == 0) { - SC_LOG_INFO(LABEL, "TmpData is empty."); - return true; + if (!input.ReadUint32(output.size)) { + SC_LOG_ERROR(LABEL, "Read size failed."); + return false; } - - char* buffer = reinterpret_cast(oldData.GetData()); - if (buffer == nullptr) { - SC_LOG_ERROR(LABEL, "Get tmpData data failed."); + auto readrawReply = input.ReadRawData(output.size); + if (readrawReply == nullptr) { + SC_LOG_ERROR(LABEL, "Read data failed."); return false; } + int32_t res = output.RawDataCpy(readrawReply); + if (res != SC_OK) { + SC_LOG_ERROR(LABEL, "Copy memory to output failed."); + return false; + } + return true; +} - if (!newData.WriteBuffer(reinterpret_cast(buffer), bufferLength)) { - SC_LOG_ERROR(LABEL, "Write rawData failed."); +static bool RawdataToMessageParcel(const SecCompRawdata& input, MessageParcel& output) +{ + if (!output.WriteUint32(input.size)) { + SC_LOG_ERROR(LABEL, "Write size failed."); + return false; + } + if (!output.WriteRawData(input.data, input.size)) { + SC_LOG_ERROR(LABEL, "Write data failed."); return false; } return true; } -bool SecCompEnhanceAdapter::EnhanceClientSerialize(MessageParcel& input, MessageParcel& output) +bool SecCompEnhanceAdapter::EnhanceClientSerialize(MessageParcel& input, SecCompRawdata& output) { SC_LOG_DEBUG(LABEL, "EnhanceClientSerialize successful."); - return CopyMessageParcel(input, output); + return MessageParcelToRawdata(input, output); } -bool SecCompEnhanceAdapter::EnhanceClientDeserialize(MessageParcel& input, MessageParcel& output) +bool SecCompEnhanceAdapter::EnhanceClientDeserialize(SecCompRawdata& input, MessageParcel& output) { SC_LOG_DEBUG(LABEL, "EnhanceClientDeserialize successful."); - return CopyMessageParcel(input, output); + return RawdataToMessageParcel(input, output); } -bool SecCompEnhanceAdapter::EnhanceSrvSerialize(MessageParcel& input, MessageParcel& output) +bool SecCompEnhanceAdapter::EnhanceSrvSerialize(MessageParcel& input, SecCompRawdata& output) { SC_LOG_DEBUG(LABEL, "EnhanceSrvSerialize successful."); - return CopyMessageParcel(input, output); + return MessageParcelToRawdata(input, output); } -bool SecCompEnhanceAdapter::EnhanceSrvDeserialize(MessageParcel& input, MessageParcel& output, - MessageParcel& reply) +bool SecCompEnhanceAdapter::EnhanceSrvDeserialize(SecCompRawdata& input, MessageParcel& output) { SC_LOG_DEBUG(LABEL, "EnhanceSrvDeserialize successful."); - return CopyMessageParcel(input, output); + return RawdataToMessageParcel(input, output); } #else -bool WriteMessageParcel(MessageParcel& input, MessageParcel& output) +bool WriteMessageParcel(MessageParcel& tmpData, SecCompRawdata& data) { - size_t bufLen = input.GetDataSize(); - if (!output.WriteInt32(bufLen)) { - SC_LOG_ERROR(LABEL, "Write buf len fail."); - return false; - } - - if (bufLen == 0) { - SC_LOG_INFO(LABEL, "Input data empty."); + size_t bufferLength = tmpData.GetDataSize(); + if (bufferLength == 0) { + SC_LOG_INFO(LABEL, "TmpData is empty."); return true; } - char* buf = reinterpret_cast(input.GetData()); - if (buf == nullptr) { - SC_LOG_ERROR(LABEL, "Get buf err."); + char* buffer = reinterpret_cast(tmpData.GetData()); + if (buffer == nullptr) { + SC_LOG_ERROR(LABEL, "Get tmpData data failed."); return false; } - if (!output.WriteRawData(reinterpret_cast(buf), bufLen)) { - SC_LOG_ERROR(LABEL, "Write buf fail."); + data.size = bufferLength; + int32_t ret = data.RawDataCpy(reinterpret_cast(buffer)); + if (ret != SC_OK) { + SC_LOG_ERROR(LABEL, "Copy tmpData to rawdata failed."); return false; } return true; } -bool ReadMessageParcel(MessageParcel& input, MessageParcel& output) +bool ReadMessageParcel(SecCompRawdata& tmpData, MessageParcel& data) { - int32_t size; - if (!input.ReadInt32(size)) { - SC_LOG_ERROR(LABEL, "Read buf len fail."); - return false; - } + int32_t size = tmpData.size; if (size == 0) { - SC_LOG_INFO(LABEL, "Read buf len empty."); + SC_LOG_INFO(LABEL, "Read tmpData length empty."); return true; } - - const void* it = input.ReadRawData(size); - if (it == nullptr) { - SC_LOG_ERROR(LABEL, "Read buf fail."); + + const void *iter = tmpData.data; + if (iter == nullptr) { + SC_LOG_ERROR(LABEL, "Read const void failed."); return false; } - char* ptr = reinterpret_cast(const_cast(it)); - if (!output.WriteBuffer(reinterpret_cast(ptr), size)) { - SC_LOG_ERROR(LABEL, "Write output buf fail."); + char* ptr = reinterpret_cast(const_cast(iter)); + + if (!data.WriteBuffer(reinterpret_cast(ptr), size)) { + SC_LOG_ERROR(LABEL, "Write buffer failed."); return false; } return true; } -bool SecCompEnhanceAdapter::EnhanceClientSerialize(MessageParcel& input, MessageParcel& output) +bool SecCompEnhanceAdapter::EnhanceClientSerialize(MessageParcel& input, SecCompRawdata& output) { SC_LOG_DEBUG(LABEL, "EnhanceClientSerialize successful."); return WriteMessageParcel(input, output); } -bool SecCompEnhanceAdapter::EnhanceClientDeserialize(MessageParcel& input, MessageParcel& output) +bool SecCompEnhanceAdapter::EnhanceClientDeserialize(SecCompRawdata& input, MessageParcel& output) { SC_LOG_DEBUG(LABEL, "EnhanceClientDeserialize successful."); return ReadMessageParcel(input, output); } -bool SecCompEnhanceAdapter::EnhanceSrvSerialize(MessageParcel& input, MessageParcel& output) +bool SecCompEnhanceAdapter::EnhanceSrvSerialize(MessageParcel& input, SecCompRawdata& output) { SC_LOG_DEBUG(LABEL, "EnhanceSrvSerialize successful."); return WriteMessageParcel(input, output); } -bool SecCompEnhanceAdapter::EnhanceSrvDeserialize(MessageParcel& input, MessageParcel& output, - MessageParcel& reply) +bool SecCompEnhanceAdapter::EnhanceSrvDeserialize(SecCompRawdata& input, MessageParcel& output) { SC_LOG_DEBUG(LABEL, "EnhanceSrvDeserialize successful."); return ReadMessageParcel(input, output); @@ -224,12 +227,6 @@ int32_t SecCompEnhanceAdapter::CheckComponentInfoEnhance(int32_t pid, return SC_OK; } -sptr SecCompEnhanceAdapter::GetEnhanceRemoteObject() -{ - SC_LOG_DEBUG(LABEL, "GetEnhanceRemoteObject success"); - return nullptr; -} - void SecCompEnhanceAdapter::AddSecurityComponentProcess(int32_t pid) { SC_LOG_DEBUG(LABEL, "AddSecurityComponentProcess success"); diff --git a/services/security_component_service/sa/test/unittest/src/sec_comp_service_mock_test.cpp b/services/security_component_service/sa/test/unittest/src/sec_comp_service_mock_test.cpp index 80d3384..12bf961 100644 --- a/services/security_component_service/sa/test/unittest/src/sec_comp_service_mock_test.cpp +++ b/services/security_component_service/sa/test/unittest/src/sec_comp_service_mock_test.cpp @@ -20,6 +20,7 @@ #include "location_button.h" #include "paste_button.h" #include "save_button.h" +#include "sec_comp_client.h" #include "sec_comp_err.h" #include "sec_comp_log.h" #include "sec_comp_tool.h" @@ -83,7 +84,7 @@ HWTEST_F(SecCompServiceMockTest, RegisterSecurityComponent001, TestSize.Level1) int32_t scId; secCompService_->state_ = ServiceRunningState::STATE_RUNNING; secCompService_->Initialize(); - EXPECT_EQ(SC_SERVICE_ERROR_VALUE_INVALID, secCompService_->RegisterSecurityComponent(SAVE_COMPONENT, "", scId)); + EXPECT_EQ(SC_SERVICE_ERROR_VALUE_INVALID, secCompService_->RegisterSecurityComponentBody(SAVE_COMPONENT, "", scId)); nlohmann::json jsonRes; ServiceTestCommon::BuildSaveComponentJson(jsonRes); std::string saveInfo = jsonRes.dump(); @@ -95,11 +96,12 @@ HWTEST_F(SecCompServiceMockTest, RegisterSecurityComponent001, TestSize.Level1) }; secCompService_->appStateObserver_->AddProcessToForegroundSet(stateData); // wrong json - EXPECT_EQ(SC_SERVICE_ERROR_VALUE_INVALID, secCompService_->RegisterSecurityComponent(SAVE_COMPONENT, "{a=", scId)); + EXPECT_EQ(SC_SERVICE_ERROR_VALUE_INVALID, + secCompService_->RegisterSecurityComponentBody(SAVE_COMPONENT, "{a=", scId)); // register security component ok - EXPECT_EQ(SC_OK, secCompService_->RegisterSecurityComponent(SAVE_COMPONENT, saveInfo, scId)); - EXPECT_EQ(SC_OK, secCompService_->UpdateSecurityComponent(scId, saveInfo)); + EXPECT_EQ(SC_OK, secCompService_->RegisterSecurityComponentBody(SAVE_COMPONENT, saveInfo, scId)); + EXPECT_EQ(SC_OK, secCompService_->UpdateSecurityComponentBody(scId, saveInfo)); uint8_t buffer[1] = { 0 }; struct SecCompClickEvent touch = { .type = ClickEventType::POINT_EVENT_TYPE, @@ -115,8 +117,8 @@ HWTEST_F(SecCompServiceMockTest, RegisterSecurityComponent001, TestSize.Level1) }; SecCompInfo secCompInfo{ scId, saveInfo, touch }; std::string message; - EXPECT_EQ(SC_OK, secCompService_->ReportSecurityComponentClickEvent(secCompInfo, nullptr, nullptr, message)); - EXPECT_EQ(SC_OK, secCompService_->UnregisterSecurityComponent(scId)); + EXPECT_EQ(SC_OK, secCompService_->ReportSecurityComponentClickEventBody(secCompInfo, nullptr, nullptr, message)); + EXPECT_EQ(SC_OK, secCompService_->UnregisterSecurityComponentBody(scId)); SecCompPermManager::GetInstance().applySaveCountMap_.clear(); } @@ -141,7 +143,7 @@ HWTEST_F(SecCompServiceMockTest, RegisterSecurityComponent002, TestSize.Level1) }; secCompService_->appStateObserver_->AddProcessToForegroundSet(stateData); // register security component ok - EXPECT_EQ(SC_OK, secCompService_->RegisterSecurityComponent(SAVE_COMPONENT, saveInfo, scId)); + EXPECT_EQ(SC_OK, secCompService_->RegisterSecurityComponentBody(SAVE_COMPONENT, saveInfo, scId)); struct SecCompClickEvent touch = { .type = ClickEventType::POINT_EVENT_TYPE, .point.touchX = 100, @@ -152,8 +154,8 @@ HWTEST_F(SecCompServiceMockTest, RegisterSecurityComponent002, TestSize.Level1) SecCompInfo secCompInfo{ scId, saveInfo, touch }; std::string message; EXPECT_EQ(SC_SERVICE_ERROR_CLICK_EVENT_INVALID, - secCompService_->ReportSecurityComponentClickEvent(secCompInfo, nullptr, nullptr, message)); - EXPECT_EQ(SC_OK, secCompService_->UnregisterSecurityComponent(scId)); + secCompService_->ReportSecurityComponentClickEventBody(secCompInfo, nullptr, nullptr, message)); + EXPECT_EQ(SC_OK, secCompService_->UnregisterSecurityComponentBody(scId)); SecCompPermManager::GetInstance().applySaveCountMap_.clear(); } @@ -178,7 +180,7 @@ HWTEST_F(SecCompServiceMockTest, RegisterSecurityComponent003, TestSize.Level1) }; secCompService_->appStateObserver_->AddProcessToForegroundSet(stateData); // register security component ok - EXPECT_EQ(SC_OK, secCompService_->RegisterSecurityComponent(SAVE_COMPONENT, saveInfo, scId)); + EXPECT_EQ(SC_OK, secCompService_->RegisterSecurityComponentBody(SAVE_COMPONENT, saveInfo, scId)); uint8_t buffer[1] = { 0 }; struct SecCompClickEvent touch = { .type = ClickEventType::POINT_EVENT_TYPE, @@ -195,8 +197,8 @@ HWTEST_F(SecCompServiceMockTest, RegisterSecurityComponent003, TestSize.Level1) SecCompInfo secCompInfo{ scId, saveInfo, touch }; std::string message; EXPECT_EQ(SC_SERVICE_ERROR_PERMISSION_OPER_FAIL, - secCompService_->ReportSecurityComponentClickEvent(secCompInfo, nullptr, nullptr, message)); - EXPECT_EQ(SC_OK, secCompService_->UnregisterSecurityComponent(scId)); + secCompService_->ReportSecurityComponentClickEventBody(secCompInfo, nullptr, nullptr, message)); + EXPECT_EQ(SC_OK, secCompService_->UnregisterSecurityComponentBody(scId)); SecCompPermManager::GetInstance().applySaveCountMap_.clear(); } @@ -221,7 +223,7 @@ HWTEST_F(SecCompServiceMockTest, ReportSecurityComponentClickEvent001, TestSize. }; secCompService_->appStateObserver_->AddProcessToForegroundSet(stateData); // register security component ok - EXPECT_EQ(SC_OK, secCompService_->RegisterSecurityComponent(SAVE_COMPONENT, saveInfo, scId)); + EXPECT_EQ(SC_OK, secCompService_->RegisterSecurityComponentBody(SAVE_COMPONENT, saveInfo, scId)); uint8_t buffer[1] = { 0 }; struct SecCompClickEvent clickInfo = { .type = ClickEventType::POINT_EVENT_TYPE, @@ -237,35 +239,40 @@ HWTEST_F(SecCompServiceMockTest, ReportSecurityComponentClickEvent001, TestSize. }; SecCompInfo secCompInfo{ scId, saveInfo, clickInfo }; std::string message; - ASSERT_EQ(SC_OK, secCompService_->ReportSecurityComponentClickEvent(secCompInfo, nullptr, nullptr, message)); + ASSERT_EQ(SC_OK, secCompService_->ReportSecurityComponentClickEventBody(secCompInfo, nullptr, nullptr, message)); // test 10s valid - ASSERT_TRUE(secCompService_->VerifySavePermission(ServiceTestCommon::HAP_TOKEN_ID)); - ASSERT_TRUE(secCompService_->VerifySavePermission(ServiceTestCommon::HAP_TOKEN_ID)); + bool isGranted; + secCompService_->VerifySavePermission(ServiceTestCommon::HAP_TOKEN_ID, isGranted); + ASSERT_TRUE(isGranted); + secCompService_->VerifySavePermission(ServiceTestCommon::HAP_TOKEN_ID, isGranted); + ASSERT_TRUE(isGranted); sleep(11); - ASSERT_FALSE(secCompService_->VerifySavePermission(ServiceTestCommon::HAP_TOKEN_ID)); + secCompService_->VerifySavePermission(ServiceTestCommon::HAP_TOKEN_ID, isGranted); + ASSERT_FALSE(isGranted); // test 10s multiple clicks secCompInfo.clickInfo.point.timestamp = static_cast( std::chrono::high_resolution_clock::now().time_since_epoch().count()) / ServiceTestCommon::TIME_CONVERSION_UNIT; - ASSERT_EQ(SC_OK, secCompService_->ReportSecurityComponentClickEvent(secCompInfo, nullptr, nullptr, message)); + ASSERT_EQ(SC_OK, secCompService_->ReportSecurityComponentClickEventBody(secCompInfo, nullptr, nullptr, message)); sleep(3); secCompInfo.clickInfo.point.timestamp = static_cast( std::chrono::high_resolution_clock::now().time_since_epoch().count()) / ServiceTestCommon::TIME_CONVERSION_UNIT; - ASSERT_EQ(SC_OK, secCompService_->ReportSecurityComponentClickEvent(secCompInfo, nullptr, nullptr, message)); + ASSERT_EQ(SC_OK, secCompService_->ReportSecurityComponentClickEventBody(secCompInfo, nullptr, nullptr, message)); sleep(8); - ASSERT_TRUE(secCompService_->VerifySavePermission(ServiceTestCommon::HAP_TOKEN_ID)); + secCompService_->VerifySavePermission(ServiceTestCommon::HAP_TOKEN_ID, isGranted); + ASSERT_TRUE(isGranted); sleep(2); - EXPECT_EQ(SC_OK, secCompService_->UnregisterSecurityComponent(scId)); + EXPECT_EQ(SC_OK, secCompService_->UnregisterSecurityComponentBody(scId)); } /** - * @tc.name: ReportSecurityComponentClickEvent002 + * @tc.name: ReportSecurityComponentClickEventBody002 * @tc.desc: Test verify location permission * @tc.type: FUNC * @tc.require: */ -HWTEST_F(SecCompServiceMockTest, ReportSecurityComponentClickEvent002, TestSize.Level1) +HWTEST_F(SecCompServiceMockTest, ReportSecurityComponentClickEventBody002, TestSize.Level1) { SC_LOG_INFO(LABEL, "ReportSecurityComponentClickEvent002"); int32_t scId; @@ -281,7 +288,7 @@ HWTEST_F(SecCompServiceMockTest, ReportSecurityComponentClickEvent002, TestSize. }; secCompService_->appStateObserver_->AddProcessToForegroundSet(stateData); // register security component ok - EXPECT_EQ(SC_OK, secCompService_->RegisterSecurityComponent(LOCATION_COMPONENT, locationInfo, scId)); + EXPECT_EQ(SC_OK, secCompService_->RegisterSecurityComponentBody(LOCATION_COMPONENT, locationInfo, scId)); uint8_t buffer[1] = { 0 }; struct SecCompClickEvent clickInfo1 = { .type = ClickEventType::POINT_EVENT_TYPE, @@ -298,7 +305,7 @@ HWTEST_F(SecCompServiceMockTest, ReportSecurityComponentClickEvent002, TestSize. SecCompInfo secCompInfo{ scId, locationInfo, clickInfo1 }; std::string message; ASSERT_EQ(SC_OK, - secCompService_->ReportSecurityComponentClickEvent(secCompInfo, nullptr, nullptr, message)); + secCompService_->ReportSecurityComponentClickEventBody(secCompInfo, nullptr, nullptr, message)); // test 10s valid ASSERT_EQ(AccessTokenKit::VerifyAccessToken(ServiceTestCommon::HAP_TOKEN_ID, "ohos.permission.LOCATION"), 0); diff --git a/services/security_component_service/sa/test/unittest/src/sec_comp_service_test.cpp b/services/security_component_service/sa/test/unittest/src/sec_comp_service_test.cpp index 81b52ba..c3089f5 100644 --- a/services/security_component_service/sa/test/unittest/src/sec_comp_service_test.cpp +++ b/services/security_component_service/sa/test/unittest/src/sec_comp_service_test.cpp @@ -201,29 +201,29 @@ HWTEST_F(SecCompServiceTest, GetCallerInfo001, TestSize.Level1) } /** - * @tc.name: UnregisterSecurityComponent001 + * @tc.name: UnregisterSecurityComponentBody001 * @tc.desc: Test unregister security component * @tc.type: FUNC * @tc.require: */ -HWTEST_F(SecCompServiceTest, UnregisterSecurityComponent001, TestSize.Level1) +HWTEST_F(SecCompServiceTest, UnregisterSecurityComponentBody001, TestSize.Level1) { // get caller fail EXPECT_EQ(SC_SERVICE_ERROR_COMPONENT_NOT_EXIST, - secCompService_->UnregisterSecurityComponent(ServiceTestCommon::TEST_SC_ID_1)); + secCompService_->UnregisterSecurityComponentBody(ServiceTestCommon::TEST_SC_ID_1)); } /** - * @tc.name: UpdateSecurityComponent001 + * @tc.name: UpdateSecurityComponentBody001 * @tc.desc: Test update security component * @tc.type: FUNC * @tc.require: */ -HWTEST_F(SecCompServiceTest, UpdateSecurityComponent001, TestSize.Level1) +HWTEST_F(SecCompServiceTest, UpdateSecurityComponentBody001, TestSize.Level1) { // get caller fail EXPECT_EQ(SC_SERVICE_ERROR_VALUE_INVALID, - secCompService_->UpdateSecurityComponent(ServiceTestCommon::TEST_SC_ID_1, "")); + secCompService_->UpdateSecurityComponentBody(ServiceTestCommon::TEST_SC_ID_1, "")); ASSERT_EQ(0, SetSelfTokenID(ServiceTestCommon::HAP_TOKEN_ID)); AppExecFwk::AppStateData stateData = { @@ -231,22 +231,22 @@ HWTEST_F(SecCompServiceTest, UpdateSecurityComponent001, TestSize.Level1) }; secCompService_->appStateObserver_->AddProcessToForegroundSet(stateData); EXPECT_EQ(SC_SERVICE_ERROR_VALUE_INVALID, - secCompService_->UpdateSecurityComponent(ServiceTestCommon::TEST_SC_ID_1, "{a")); + secCompService_->UpdateSecurityComponentBody(ServiceTestCommon::TEST_SC_ID_1, "{a")); } /** - * @tc.name: ReportSecurityComponentClickEvent001 + * @tc.name: ReportSecurityComponentClickEventBody001 * @tc.desc: Test report security component * @tc.type: FUNC * @tc.require: */ -HWTEST_F(SecCompServiceTest, ReportSecurityComponentClickEvent001, TestSize.Level1) +HWTEST_F(SecCompServiceTest, ReportSecurityComponentClickEventBody001, TestSize.Level1) { auto uid = getuid(); // get caller fail int32_t scId; EXPECT_EQ(SC_SERVICE_ERROR_VALUE_INVALID, - secCompService_->RegisterSecurityComponent(LOCATION_COMPONENT, "", scId)); + secCompService_->RegisterSecurityComponentBody(LOCATION_COMPONENT, "", scId)); nlohmann::json jsonRes; ServiceTestCommon::BuildLocationComponentJson(jsonRes); @@ -261,7 +261,7 @@ HWTEST_F(SecCompServiceTest, ReportSecurityComponentClickEvent001, TestSize.Leve secCompService_->appStateObserver_->AddProcessToForegroundSet(stateData); EXPECT_EQ(SC_OK, - secCompService_->RegisterSecurityComponent(LOCATION_COMPONENT, locationInfo, scId)); + secCompService_->RegisterSecurityComponentBody(LOCATION_COMPONENT, locationInfo, scId)); uint8_t data[16] = { 0 }; struct SecCompClickEvent touch = { .type = ClickEventType::POINT_EVENT_TYPE, @@ -276,8 +276,8 @@ HWTEST_F(SecCompServiceTest, ReportSecurityComponentClickEvent001, TestSize.Leve SecCompInfo secCompInfo{ scId, locationInfo, touch }; std::string message; EXPECT_EQ(SC_OK, - secCompService_->ReportSecurityComponentClickEvent(secCompInfo, nullptr, nullptr, message)); - EXPECT_EQ(SC_OK, secCompService_->UnregisterSecurityComponent(scId)); + secCompService_->ReportSecurityComponentClickEventBody(secCompInfo, nullptr, nullptr, message)); + EXPECT_EQ(SC_OK, secCompService_->UnregisterSecurityComponentBody(scId)); setuid(uid); } @@ -362,12 +362,11 @@ HWTEST_F(SecCompServiceTest, GetCallerInfo002, TestSize.Level1) nlohmann::json jsonRes; int32_t scId = 0; EXPECT_EQ(secCompService_->ParseParams(componentInfo, caller, jsonRes), SC_SERVICE_ERROR_VALUE_INVALID); - EXPECT_NE(secCompService_->UnregisterSecurityComponent(scId), SC_SERVICE_ERROR_VALUE_INVALID); + EXPECT_NE(secCompService_->UnregisterSecurityComponentBody(scId), SC_SERVICE_ERROR_VALUE_INVALID); struct SecCompClickEvent touchInfo; SecCompInfo secCompInfo{ scId, componentInfo, touchInfo }; std::string message; - EXPECT_EQ(secCompService_->ReportSecurityComponentClickEvent(secCompInfo, nullptr, nullptr, message), + EXPECT_EQ(secCompService_->ReportSecurityComponentClickEventBody(secCompInfo, nullptr, nullptr, message), SC_SERVICE_ERROR_VALUE_INVALID); - secCompService_->GetEnhanceRemoteObject(); } diff --git a/services/security_component_service/sa/test/unittest/src/sec_comp_stub_mock_test.cpp b/services/security_component_service/sa/test/unittest/src/sec_comp_stub_mock_test.cpp index 87d02ef..04cb906 100644 --- a/services/security_component_service/sa/test/unittest/src/sec_comp_stub_mock_test.cpp +++ b/services/security_component_service/sa/test/unittest/src/sec_comp_stub_mock_test.cpp @@ -16,8 +16,9 @@ #include "sec_comp_stub_mock_test.h" #include "sec_comp_dialog_callback.h" -#include "sec_comp_log.h" +#include "sec_comp_enhance_adapter.h" #include "sec_comp_err.h" +#include "sec_comp_log.h" #include "sec_comp_click_event_parcel.h" #include "service_test_common.h" @@ -65,204 +66,11 @@ HWTEST_F(SecCompStubMockTest, OnRemoteRequestMock001, TestSize.Level1) MessageOption option; data.WriteInterfaceToken(u"wrong"); - ASSERT_EQ(SC_SERVICE_ERROR_IPC_REQUEST_FAIL, stub_->OnRemoteRequest(static_cast( - SecurityComponentServiceInterfaceCode::REGISTER_SECURITY_COMPONENT), data, reply, option)); + ASSERT_EQ(ERR_TRANSACTION_FAILED, stub_->OnRemoteRequest(static_cast( + ISecCompServiceIpcCode::COMMAND_REGISTER_SECURITY_COMPONENT), data, reply, option)); data.FlushBuffer(); reply.FlushBuffer(); - data.WriteInterfaceToken(u"ohos.security.ISecCompService"); + data.WriteInterfaceToken(u"OHOS.Security.SecurityComponent.ISecCompService"); ASSERT_EQ(305, stub_->OnRemoteRequest(1000, data, reply, option)); -} - -/** - * @tc.name: RegisterSecurityComponentInnerMock001 - * @tc.desc: Test register security component - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(SecCompStubMockTest, RegisterSecurityComponentInnerMock001, TestSize.Level1) -{ - MessageParcel data; - MessageParcel reply; - - ASSERT_EQ(SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL, stub_->RegisterSecurityComponentInner(data, reply)); - data.FlushBuffer(); - reply.FlushBuffer(); - - data.WriteUint32(UNKNOWN_SC_TYPE); - ASSERT_EQ(SC_SERVICE_ERROR_VALUE_INVALID, stub_->RegisterSecurityComponentInner(data, reply)); - data.FlushBuffer(); - reply.FlushBuffer(); - - data.WriteUint32(MAX_SC_TYPE); - ASSERT_EQ(SC_SERVICE_ERROR_VALUE_INVALID, stub_->RegisterSecurityComponentInner(data, reply)); - data.FlushBuffer(); - reply.FlushBuffer(); - - data.WriteUint32(LOCATION_COMPONENT); - ASSERT_EQ(SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL, stub_->RegisterSecurityComponentInner(data, reply)); - data.FlushBuffer(); - reply.FlushBuffer(); - - data.WriteUint32(LOCATION_COMPONENT); - data.WriteString(""); - ASSERT_EQ(SC_OK, stub_->RegisterSecurityComponentInner(data, reply)); -} - -/** - * @tc.name: UpdateSecurityComponentInnerMock001 - * @tc.desc: Test update security component - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(SecCompStubMockTest, UpdateSecurityComponentInnerMock001, TestSize.Level1) -{ - MessageParcel data; - MessageParcel reply; - - ASSERT_EQ(SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL, stub_->UpdateSecurityComponentInner(data, reply)); - data.FlushBuffer(); - reply.FlushBuffer(); - - data.WriteInt32(-1); - ASSERT_EQ(SC_SERVICE_ERROR_VALUE_INVALID, stub_->UpdateSecurityComponentInner(data, reply)); - data.FlushBuffer(); - reply.FlushBuffer(); - - data.WriteInt32(1); - ASSERT_EQ(SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL, stub_->UpdateSecurityComponentInner(data, reply)); - data.FlushBuffer(); - reply.FlushBuffer(); - - data.WriteInt32(1); - data.WriteString(""); - ASSERT_EQ(SC_OK, stub_->UpdateSecurityComponentInner(data, reply)); -} - -/** - * @tc.name: UnregisterSecurityComponentInnerMock001 - * @tc.desc: Test unregister security component - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(SecCompStubMockTest, UnregisterSecurityComponentInnerMock001, TestSize.Level1) -{ - MessageParcel data; - MessageParcel reply; - ASSERT_EQ(SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL, stub_->UnregisterSecurityComponentInner(data, reply)); - data.FlushBuffer(); - reply.FlushBuffer(); - - data.WriteInt32(-1); - ASSERT_EQ(SC_SERVICE_ERROR_VALUE_INVALID, stub_->UnregisterSecurityComponentInner(data, reply)); - data.FlushBuffer(); - reply.FlushBuffer(); - - data.WriteInt32(1); - ASSERT_EQ(SC_OK, stub_->UnregisterSecurityComponentInner(data, reply)); -} - -/** - * @tc.name: VerifySavePermissionInnerMock001 - * @tc.desc: Test VerifySavePermissionInner - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(SecCompStubMockTest, VerifySavePermissionInnerMock001, TestSize.Level1) -{ - MessageParcel data; - MessageParcel reply; - setuid(0); - ASSERT_TRUE(stub_->IsMediaLibraryCalling()); - ASSERT_EQ(SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL, stub_->VerifySavePermissionInner(data, reply)); - data.FlushBuffer(); - reply.FlushBuffer(); - data.WriteInt32(0); - ASSERT_EQ(SC_SERVICE_ERROR_VALUE_INVALID, stub_->VerifySavePermissionInner(data, reply)); - data.FlushBuffer(); - reply.FlushBuffer(); - data.WriteInt32(1); - ASSERT_EQ(SC_OK, stub_->VerifySavePermissionInner(data, reply)); - ASSERT_NE(SC_OK, stub_->GetEnhanceRemoteObjectInner(data, reply)); -} - -/** - * @tc.name: MarshallingMock001 - * @tc.desc: Test SecCompClickEventParcel::Marshalling - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(SecCompStubMockTest, MarshallingMock001, TestSize.Level1) -{ - sptr clickParcel = new (std::nothrow) SecCompClickEventParcel(); - Parcel out; - EXPECT_FALSE(clickParcel->Marshalling(out)); - clickParcel->clickInfoParams_.type = ClickEventType::UNKNOWN_EVENT_TYPE; - EXPECT_FALSE(clickParcel->Marshalling(out)); - - clickParcel->clickInfoParams_.extraInfo.dataSize = 1; - clickParcel->clickInfoParams_.type = ClickEventType::POINT_EVENT_TYPE; - EXPECT_FALSE(clickParcel->Marshalling(out)); - clickParcel->clickInfoParams_.type = ClickEventType::KEY_EVENT_TYPE; - EXPECT_FALSE(clickParcel->Marshalling(out)); - - uint8_t data[32] = {0}; - clickParcel->clickInfoParams_.extraInfo.dataSize = 32; - clickParcel->clickInfoParams_.extraInfo.data = data; - EXPECT_TRUE(clickParcel->Marshalling(out)); -} - -/** - * @tc.name: UnmarshallingMock001 - * @tc.desc: Test SecCompClickEventParcel::Unmarshalling - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(SecCompStubMockTest, UnmarshallingMock001, TestSize.Level1) -{ - sptr clickParcel = new (std::nothrow) SecCompClickEventParcel(); - Parcel in; - in.WriteInt32(1); - EXPECT_EQ(nullptr, clickParcel->Unmarshalling(in)); - in.WriteInt32(2); - EXPECT_EQ(nullptr, clickParcel->Unmarshalling(in)); - in.WriteInt32(0); - EXPECT_EQ(nullptr, clickParcel->Unmarshalling(in)); - - in.WriteInt32(2); - in.WriteUint64(1); - in.WriteInt32(1); - int dataSize = MAX_EXTRA_SIZE + 1; - in.WriteUint32(dataSize); - EXPECT_EQ(nullptr, clickParcel->Unmarshalling(in)); - - in.WriteInt32(2); - in.WriteUint64(1); - in.WriteInt32(1); - in.WriteUint32(1); - EXPECT_EQ(nullptr, clickParcel->Unmarshalling(in)); - - in.WriteInt32(2); - in.WriteUint64(1); - in.WriteInt32(1); - in.WriteUint32(32); - uint8_t data[32] = {0}; - in.WriteBuffer(data, 32); - EXPECT_NE(nullptr, clickParcel->Unmarshalling(in)); -} - -/** - * @tc.name: PreRegisterSecCompProcessMock001 - * @tc.desc: Test PreRegisterSecCompProcessInner - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(SecCompStubMockTest, PreRegisterSecCompProcessMock001, TestSize.Level1) -{ - MessageParcel data; - MessageParcel reply; - data.FlushBuffer(); - reply.FlushBuffer(); - data.WriteInt32(1); - ASSERT_EQ(SC_OK, stub_->PreRegisterSecCompProcessInner(data, reply)); } \ No newline at end of file diff --git a/services/security_component_service/sa/test/unittest/src/sec_comp_stub_mock_test.h b/services/security_component_service/sa/test/unittest/src/sec_comp_stub_mock_test.h index 4a197be..a68bd85 100644 --- a/services/security_component_service/sa/test/unittest/src/sec_comp_stub_mock_test.h +++ b/services/security_component_service/sa/test/unittest/src/sec_comp_stub_mock_test.h @@ -18,48 +18,43 @@ #include #define private public -#include "sec_comp_stub.h" +#include "access_token.h" +#include "sec_comp_service_stub.h" #undef private namespace OHOS { namespace Security { namespace SecurityComponent { // stub is abstract class -struct SecCompStubMock : public SecCompStub { +struct SecCompStubMock : public SecCompServiceStub { public: - int32_t RegisterSecurityComponent(SecCompType type, - const std::string& componentInfo, int32_t& scId) override + int32_t RegisterSecurityComponent(const SecCompRawdata& rawData, SecCompRawdata& rawReply) override { return 0; }; - int32_t UpdateSecurityComponent(int32_t scId, const std::string& componentInfo) override + int32_t UpdateSecurityComponent(const SecCompRawdata& rawData, SecCompRawdata& rawReply) override { return 0; }; - int32_t UnregisterSecurityComponent(int32_t scId) override + int32_t UnregisterSecurityComponent(const SecCompRawdata& rawData, SecCompRawdata& rawReply) override { return 0; }; - int32_t ReportSecurityComponentClickEvent(SecCompInfo& secCompInfo, sptr callerToken, - sptr dialogCall, std::string& message) override + int32_t ReportSecurityComponentClickEvent(const sptr& callerToken, + const sptr& dialogCall, const SecCompRawdata& rawData, SecCompRawdata& rawReply) override { return 0; }; - bool VerifySavePermission(AccessToken::AccessTokenID tokenId) override + int32_t VerifySavePermission(AccessToken::AccessTokenID tokenId, bool& isGranted) override { return true; }; - sptr GetEnhanceRemoteObject() override - { - return nullptr; - }; - - int32_t PreRegisterSecCompProcess() override + int32_t PreRegisterSecCompProcess(const SecCompRawdata& rawData, SecCompRawdata& rawReply) override { return 0; }; diff --git a/services/security_component_service/sa/test/unittest/src/sec_comp_stub_test.cpp b/services/security_component_service/sa/test/unittest/src/sec_comp_stub_test.cpp index a8e5dc3..5ec295a 100644 --- a/services/security_component_service/sa/test/unittest/src/sec_comp_stub_test.cpp +++ b/services/security_component_service/sa/test/unittest/src/sec_comp_stub_test.cpp @@ -64,12 +64,12 @@ HWTEST_F(SecCompStubTest, OnRemoteRequest001, TestSize.Level1) MessageOption option; data.WriteInterfaceToken(u"wrong"); - ASSERT_EQ(SC_SERVICE_ERROR_IPC_REQUEST_FAIL, stub_->OnRemoteRequest(static_cast( - SecurityComponentServiceInterfaceCode::REGISTER_SECURITY_COMPONENT), data, reply, option)); + ASSERT_EQ(ERR_TRANSACTION_FAILED, stub_->OnRemoteRequest(static_cast( + ISecCompServiceIpcCode::COMMAND_REGISTER_SECURITY_COMPONENT), data, reply, option)); data.FlushBuffer(); reply.FlushBuffer(); - data.WriteInterfaceToken(u"ohos.security.ISecCompService"); + data.WriteInterfaceToken(u"OHOS.Security.SecurityComponent.ISecCompService"); ASSERT_EQ(305, stub_->OnRemoteRequest(1000, data, reply, option)); } @@ -83,8 +83,10 @@ HWTEST_F(SecCompStubTest, RegisterSecurityComponentInner001, TestSize.Level1) { MessageParcel data; MessageParcel reply; - - ASSERT_EQ(SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL, stub_->RegisterSecurityComponentInner(data, reply)); + MessageOption option(MessageOption::TF_SYNC); + data.WriteInterfaceToken(u"OHOS.Security.SecurityComponent.ISecCompService"); + ASSERT_EQ(ERR_INVALID_DATA, stub_->OnRemoteRequest(static_cast( + ISecCompServiceIpcCode::COMMAND_REGISTER_SECURITY_COMPONENT), data, reply, option)); } /** @@ -97,8 +99,10 @@ HWTEST_F(SecCompStubTest, UpdateSecurityComponentInner001, TestSize.Level1) { MessageParcel data; MessageParcel reply; - - ASSERT_EQ(SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL, stub_->UpdateSecurityComponentInner(data, reply)); + MessageOption option(MessageOption::TF_SYNC); + data.WriteInterfaceToken(u"OHOS.Security.SecurityComponent.ISecCompService"); + ASSERT_EQ(ERR_INVALID_DATA, stub_->OnRemoteRequest(static_cast( + ISecCompServiceIpcCode::COMMAND_UPDATE_SECURITY_COMPONENT), data, reply, option)); } /** @@ -111,7 +115,10 @@ HWTEST_F(SecCompStubTest, UnregisterSecurityComponentInner001, TestSize.Level1) { MessageParcel data; MessageParcel reply; - ASSERT_EQ(SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL, stub_->UnregisterSecurityComponentInner(data, reply)); + MessageOption option(MessageOption::TF_SYNC); + data.WriteInterfaceToken(u"OHOS.Security.SecurityComponent.ISecCompService"); + ASSERT_EQ(ERR_INVALID_DATA, stub_->OnRemoteRequest(static_cast( + ISecCompServiceIpcCode::COMMAND_UNREGISTER_SECURITY_COMPONENT), data, reply, option)); } /** diff --git a/services/security_component_service/sa/test/unittest/src/sec_comp_stub_test.h b/services/security_component_service/sa/test/unittest/src/sec_comp_stub_test.h index a29772a..e5112e4 100644 --- a/services/security_component_service/sa/test/unittest/src/sec_comp_stub_test.h +++ b/services/security_component_service/sa/test/unittest/src/sec_comp_stub_test.h @@ -18,48 +18,42 @@ #include #define private public -#include "sec_comp_stub.h" +#include "sec_comp_service_stub.h" #undef private namespace OHOS { namespace Security { namespace SecurityComponent { // stub is abstract class -struct SecCompStubMock : public SecCompStub { +struct SecCompStubMock : public SecCompServiceStub { public: - int32_t RegisterSecurityComponent(SecCompType type, - const std::string& componentInfo, int32_t& scId) override + int32_t RegisterSecurityComponent(const SecCompRawdata& rawData, SecCompRawdata& rawReply) override { return 0; }; - int32_t UpdateSecurityComponent(int32_t scId, const std::string& componentInfo) override + int32_t UpdateSecurityComponent(const SecCompRawdata& rawData, SecCompRawdata& rawReply) override { return 0; }; - int32_t UnregisterSecurityComponent(int32_t scId) override + int32_t UnregisterSecurityComponent(const SecCompRawdata& rawData, SecCompRawdata& rawReply) override { return 0; }; - int32_t ReportSecurityComponentClickEvent(SecCompInfo& secCompInfo, sptr callerToken, - sptr dialogCall, std::string& message) override + int32_t ReportSecurityComponentClickEvent(const sptr& callerToken, + const sptr& dialogCall, const SecCompRawdata& rawData, SecCompRawdata& rawReply) override { return 0; }; - bool VerifySavePermission(AccessToken::AccessTokenID tokenId) override + int32_t VerifySavePermission(uint32_t tokenId, bool& isGranted) override { return true; }; - sptr GetEnhanceRemoteObject() override - { - return nullptr; - }; - - int32_t PreRegisterSecCompProcess() override + int32_t PreRegisterSecCompProcess(const SecCompRawdata& rawData, SecCompRawdata& rawReply) override { return 0; }; diff --git a/test/fuzztest/security_component/BUILD.gn b/test/fuzztest/security_component/BUILD.gn index e1e61f4..606aa64 100644 --- a/test/fuzztest/security_component/BUILD.gn +++ b/test/fuzztest/security_component/BUILD.gn @@ -16,7 +16,6 @@ group("fuzztest") { deps = [] deps += [ - "innerkits/getenhanceremoteobject_fuzzer:GetEnhanceRemoteObjectFuzzTest", "innerkits/getpointereventenhancedata_fuzzer:GetPointerEventEnhanceDataFuzzTest", "innerkits/registersecuritycomponent_fuzzer:RegisterSecurityComponentFuzzTest", "innerkits/reportsecuritycomponentclickevent_fuzzer:ReportSecurityComponentClickEventFuzzTest", @@ -24,7 +23,6 @@ group("fuzztest") { "innerkits/unregistersecuritycomponent_fuzzer:UnregisterSecurityComponentFuzzTest", "innerkits/updatesecuritycomponent_fuzzer:UpdateSecurityComponentFuzzTest", "innerkits/verifysavepermission_fuzzer:VerifySavePermissionFuzzTest", - "service/getenhanceremoteobjectstub_fuzzer:GetEnhanceRemoteObjectStubFuzzTest", "service/preregisterseccompprocessstub_fuzzer:PreRegisterSecCompProcessStubFuzzTest", "service/registersecuritycomponentstub_fuzzer:RegisterSecurityComponentStubFuzzTest", "service/reportsecuritycomponentclickeventstub_fuzzer:ReportSecurityComponentClickEventStubFuzzTest", diff --git a/test/fuzztest/security_component/innerkits/getenhanceremoteobject_fuzzer/BUILD.gn b/test/fuzztest/security_component/innerkits/getenhanceremoteobject_fuzzer/BUILD.gn deleted file mode 100644 index 8e19eb8..0000000 --- a/test/fuzztest/security_component/innerkits/getenhanceremoteobject_fuzzer/BUILD.gn +++ /dev/null @@ -1,45 +0,0 @@ -# Copyright (c) 2022 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import("//build/config/features.gni") -import("//build/test.gni") -import("../../../../../security_component.gni") - -module_output_path = "security_component_manager/security_component_manager" - -ohos_fuzztest("GetEnhanceRemoteObjectFuzzTest") { - module_out_path = module_output_path - fuzz_config_file = "${sec_comp_dir}/test/fuzztest/security_component/innerkits/getenhanceremoteobject_fuzzer" - - include_dirs = [ "${sec_comp_dir}/frameworks/common/include" ] - cflags = [ - "-g", - "-O0", - "-Wno-unused-variable", - "-fno-omit-frame-pointer", - ] - configs = [ "${sec_comp_dir}/config:coverage_flags" ] - - cflags_cc = [ "-DHILOG_ENABLE" ] - sources = [ "getenhanceremoteobject_fuzzer.cpp" ] - - deps = [ "${sec_comp_dir}/frameworks/inner_api/security_component:libsecurity_component_sdk" ] - - external_deps = [ - "ability_base:want", - "access_token:libaccesstoken_sdk", - "access_token:libtoken_setproc", - "c_utils:utils", - "hilog:libhilog", - ] -} diff --git a/test/fuzztest/security_component/innerkits/getenhanceremoteobject_fuzzer/corpus/init b/test/fuzztest/security_component/innerkits/getenhanceremoteobject_fuzzer/corpus/init deleted file mode 100644 index bc977bd..0000000 --- a/test/fuzztest/security_component/innerkits/getenhanceremoteobject_fuzzer/corpus/init +++ /dev/null @@ -1,14 +0,0 @@ -# Copyright (c) 2022 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -FUZZ \ No newline at end of file diff --git a/test/fuzztest/security_component/innerkits/getenhanceremoteobject_fuzzer/project.xml b/test/fuzztest/security_component/innerkits/getenhanceremoteobject_fuzzer/project.xml deleted file mode 100644 index 6e8ad2c..0000000 --- a/test/fuzztest/security_component/innerkits/getenhanceremoteobject_fuzzer/project.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - - - - 1000 - - 300 - - 4096 - - diff --git a/test/fuzztest/security_component/service/getenhanceremoteobjectstub_fuzzer/BUILD.gn b/test/fuzztest/security_component/service/getenhanceremoteobjectstub_fuzzer/BUILD.gn deleted file mode 100644 index d40a53f..0000000 --- a/test/fuzztest/security_component/service/getenhanceremoteobjectstub_fuzzer/BUILD.gn +++ /dev/null @@ -1,43 +0,0 @@ -# Copyright (c) 2023-2024 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import("//build/config/features.gni") -import("//build/test.gni") -import("../../../../../security_component.gni") -import("../security_component_fuzz.gni") - -module_output_path = "security_component_manager/security_component_manager" - -ohos_fuzztest("GetEnhanceRemoteObjectStubFuzzTest") { - module_out_path = module_output_path - fuzz_config_file = "${sec_comp_dir}/test/fuzztest/security_component/service/getenhanceremoteobjectstub_fuzzer" - - include_dirs = sc_include_dirs - cflags = [ - "-g", - "-O0", - "-Wno-unused-variable", - "-fno-omit-frame-pointer", - ] - configs = [ "${sec_comp_dir}/config:coverage_flags" ] - - cflags_cc = [ "-DHILOG_ENABLE" ] - cflags_cc += sc_cflags_cc - sources = [ "getenhanceremoteobjectstub_fuzzer.cpp" ] - - sources += sc_service_sources - sources += sc_mock_sources - deps = sc_deps - - external_deps = sc_external_deps -} diff --git a/test/fuzztest/security_component/service/getenhanceremoteobjectstub_fuzzer/corpus/init b/test/fuzztest/security_component/service/getenhanceremoteobjectstub_fuzzer/corpus/init deleted file mode 100644 index bc977bd..0000000 --- a/test/fuzztest/security_component/service/getenhanceremoteobjectstub_fuzzer/corpus/init +++ /dev/null @@ -1,14 +0,0 @@ -# Copyright (c) 2022 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -FUZZ \ No newline at end of file diff --git a/test/fuzztest/security_component/service/getenhanceremoteobjectstub_fuzzer/project.xml b/test/fuzztest/security_component/service/getenhanceremoteobjectstub_fuzzer/project.xml deleted file mode 100644 index 6e8ad2c..0000000 --- a/test/fuzztest/security_component/service/getenhanceremoteobjectstub_fuzzer/project.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - - - - 1000 - - 300 - - 4096 - - diff --git a/test/fuzztest/security_component/service/preregisterseccompprocessstub_fuzzer/BUILD.gn b/test/fuzztest/security_component/service/preregisterseccompprocessstub_fuzzer/BUILD.gn index edcdc4a..4c6eb2d 100644 --- a/test/fuzztest/security_component/service/preregisterseccompprocessstub_fuzzer/BUILD.gn +++ b/test/fuzztest/security_component/service/preregisterseccompprocessstub_fuzzer/BUILD.gn @@ -29,7 +29,10 @@ ohos_fuzztest("PreRegisterSecCompProcessStubFuzzTest") { "-Wno-unused-variable", "-fno-omit-frame-pointer", ] - configs = [ "${sec_comp_dir}/config:coverage_flags" ] + configs = [ + "${sec_comp_dir}/config:coverage_flags", + "${sec_comp_dir}/services/security_component_service/sa:sec_comp_service_gen_config", + ] cflags_cc = [ "-DHILOG_ENABLE" ] cflags_cc += sc_cflags_cc diff --git a/test/fuzztest/security_component/service/preregisterseccompprocessstub_fuzzer/preregisterseccompprocessstub_fuzz.cpp b/test/fuzztest/security_component/service/preregisterseccompprocessstub_fuzzer/preregisterseccompprocessstub_fuzz.cpp index 36a7fd1..2d8d68b 100644 --- a/test/fuzztest/security_component/service/preregisterseccompprocessstub_fuzzer/preregisterseccompprocessstub_fuzz.cpp +++ b/test/fuzztest/security_component/service/preregisterseccompprocessstub_fuzzer/preregisterseccompprocessstub_fuzz.cpp @@ -21,7 +21,7 @@ #include #include "accesstoken_kit.h" #include "fuzz_common.h" -#include "i_sec_comp_service.h" +#include "isec_comp_service.h" #include "sec_comp_enhance_adapter.h" #include "sec_comp_info.h" #include "sec_comp_service.h" @@ -34,15 +34,18 @@ namespace OHOS { static void PreRegisterSecCompProcessStubFuzzTest(const uint8_t *data, size_t size) { uint32_t code = - SecurityComponentServiceInterfaceCode::PRE_REGISTER_PROCESS; + static_cast(ISecCompServiceIpcCode::COMMAND_PRE_REGISTER_SEC_COMP_PROCESS); MessageParcel rawData; MessageParcel input; + SecCompRawdata inputData; MessageParcel reply; if (!input.WriteInterfaceToken(ISecCompService::GetDescriptor())) { return; } - SecCompEnhanceAdapter::EnhanceClientSerialize(rawData, input); + SecCompEnhanceAdapter::EnhanceClientSerialize(rawData, inputData); + input.WriteUint32(inputData.size); + input.WriteRawData(inputData.data, inputData.size); MessageOption option(MessageOption::TF_SYNC); auto service = std::make_shared(SA_ID_SECURITY_COMPONENT_SERVICE, true); diff --git a/test/fuzztest/security_component/service/preregisterseccompprocessstub_fuzzer/preregisterseccompprocessstub_fuzz.h b/test/fuzztest/security_component/service/preregisterseccompprocessstub_fuzzer/preregisterseccompprocessstub_fuzz.h index 4e79d3e..f54ca68 100644 --- a/test/fuzztest/security_component/service/preregisterseccompprocessstub_fuzzer/preregisterseccompprocessstub_fuzz.h +++ b/test/fuzztest/security_component/service/preregisterseccompprocessstub_fuzzer/preregisterseccompprocessstub_fuzz.h @@ -18,7 +18,7 @@ #define FUZZ_PROJECT_NAME "securitycomponent_fuzzer" -#include "sec_comp_stub.h" +#include "sec_comp_service_stub.h" #include "sec_comp_service.h" #endif // PRE_REGISTER_SEC_COMP_PROCESS_STUB_FUZZER_H \ No newline at end of file diff --git a/test/fuzztest/security_component/service/registersecuritycomponentstub_fuzzer/BUILD.gn b/test/fuzztest/security_component/service/registersecuritycomponentstub_fuzzer/BUILD.gn index 52be43f..3ef6194 100644 --- a/test/fuzztest/security_component/service/registersecuritycomponentstub_fuzzer/BUILD.gn +++ b/test/fuzztest/security_component/service/registersecuritycomponentstub_fuzzer/BUILD.gn @@ -30,7 +30,10 @@ ohos_fuzztest("RegisterSecurityComponentStubFuzzTest") { "-Wno-unused-variable", "-fno-omit-frame-pointer", ] - configs = [ "${sec_comp_dir}/config:coverage_flags" ] + configs = [ + "${sec_comp_dir}/config:coverage_flags", + "${sec_comp_dir}/services/security_component_service/sa:sec_comp_service_gen_config", + ] cflags_cc = [ "-DHILOG_ENABLE" ] cflags_cc += sc_cflags_cc diff --git a/test/fuzztest/security_component/service/registersecuritycomponentstub_fuzzer/registersecuritycomponentstub_fuzzer.cpp b/test/fuzztest/security_component/service/registersecuritycomponentstub_fuzzer/registersecuritycomponentstub_fuzzer.cpp index 5857a5b..8447139 100644 --- a/test/fuzztest/security_component/service/registersecuritycomponentstub_fuzzer/registersecuritycomponentstub_fuzzer.cpp +++ b/test/fuzztest/security_component/service/registersecuritycomponentstub_fuzzer/registersecuritycomponentstub_fuzzer.cpp @@ -21,7 +21,7 @@ #include #include "accesstoken_kit.h" #include "fuzz_common.h" -#include "i_sec_comp_service.h" +#include "isec_comp_service.h" #include "sec_comp_enhance_adapter.h" #include "sec_comp_info.h" #include "sec_comp_service.h" @@ -35,9 +35,10 @@ namespace OHOS { static void RegisterSecurityComponentStubFuzzTest(const uint8_t *data, size_t size) { uint32_t code = - SecurityComponentServiceInterfaceCode::REGISTER_SECURITY_COMPONENT; + static_cast(ISecCompServiceIpcCode::COMMAND_REGISTER_SECURITY_COMPONENT); MessageParcel rawData; MessageParcel input; + SecCompRawdata inputData; MessageParcel reply; CompoRandomGenerator generator(data, size); @@ -53,7 +54,9 @@ static void RegisterSecurityComponentStubFuzzTest(const uint8_t *data, size_t si if (!rawData.WriteString(compoInfo)) { return; } - SecCompEnhanceAdapter::EnhanceClientSerialize(rawData, input); + SecCompEnhanceAdapter::EnhanceClientSerialize(rawData, inputData); + input.WriteUint32(inputData.size); + input.WriteRawData(inputData.data, inputData.size); MessageOption option(MessageOption::TF_SYNC); auto service = std::make_shared(SA_ID_SECURITY_COMPONENT_SERVICE, true); diff --git a/test/fuzztest/security_component/service/registersecuritycomponentstub_fuzzer/registersecuritycomponentstub_fuzzer.h b/test/fuzztest/security_component/service/registersecuritycomponentstub_fuzzer/registersecuritycomponentstub_fuzzer.h index 7d89e41..2378e10 100644 --- a/test/fuzztest/security_component/service/registersecuritycomponentstub_fuzzer/registersecuritycomponentstub_fuzzer.h +++ b/test/fuzztest/security_component/service/registersecuritycomponentstub_fuzzer/registersecuritycomponentstub_fuzzer.h @@ -17,5 +17,5 @@ #define REGISTER_SECURITY_COMPONENT_STUB_FUZZER_H #define FUZZ_PROJECT_NAME "securitycomponent_fuzzer" -#include "sec_comp_stub.h" +#include "sec_comp_service_stub.h" #endif diff --git a/test/fuzztest/security_component/service/reportsecuritycomponentclickeventstub_fuzzer/BUILD.gn b/test/fuzztest/security_component/service/reportsecuritycomponentclickeventstub_fuzzer/BUILD.gn index 01b0d0c..1f1df58 100644 --- a/test/fuzztest/security_component/service/reportsecuritycomponentclickeventstub_fuzzer/BUILD.gn +++ b/test/fuzztest/security_component/service/reportsecuritycomponentclickeventstub_fuzzer/BUILD.gn @@ -30,7 +30,10 @@ ohos_fuzztest("ReportSecurityComponentClickEventStubFuzzTest") { "-Wno-unused-variable", "-fno-omit-frame-pointer", ] - configs = [ "${sec_comp_dir}/config:coverage_flags" ] + configs = [ + "${sec_comp_dir}/config:coverage_flags", + "${sec_comp_dir}/services/security_component_service/sa:sec_comp_service_gen_config", + ] cflags_cc = [ "-DHILOG_ENABLE" ] cflags_cc += sc_cflags_cc diff --git a/test/fuzztest/security_component/service/reportsecuritycomponentclickeventstub_fuzzer/reportsecuritycomponentclickeventstub_fuzzer.cpp b/test/fuzztest/security_component/service/reportsecuritycomponentclickeventstub_fuzzer/reportsecuritycomponentclickeventstub_fuzzer.cpp index 27bc02a..0371ea3 100644 --- a/test/fuzztest/security_component/service/reportsecuritycomponentclickeventstub_fuzzer/reportsecuritycomponentclickeventstub_fuzzer.cpp +++ b/test/fuzztest/security_component/service/reportsecuritycomponentclickeventstub_fuzzer/reportsecuritycomponentclickeventstub_fuzzer.cpp @@ -20,7 +20,7 @@ #include #include "accesstoken_kit.h" #include "fuzz_common.h" -#include "i_sec_comp_service.h" +#include "isec_comp_service.h" #include "sec_comp_click_event_parcel.h" #include "sec_comp_dialog_callback.h" #include "sec_comp_enhance_adapter.h" @@ -105,10 +105,12 @@ void ConstructClickEvent(CompoRandomGenerator &generator, SecCompClickEvent& cli static int32_t RegisterSecurityComponentStub(uint32_t type, const std::string& compoInfo) { uint32_t code = - SecurityComponentServiceInterfaceCode::REGISTER_SECURITY_COMPONENT; + static_cast(ISecCompServiceIpcCode::COMMAND_REGISTER_SECURITY_COMPONENT); MessageParcel rawData; MessageParcel input; + SecCompRawdata inputData; MessageParcel reply; + SecCompRawdata replyData; if (!input.WriteInterfaceToken(ISecCompService::GetDescriptor())) { return 0; @@ -120,14 +122,26 @@ static int32_t RegisterSecurityComponentStub(uint32_t type, const std::string& c if (!rawData.WriteString(compoInfo)) { return 0; } - SecCompEnhanceAdapter::EnhanceClientSerialize(rawData, input); + SecCompEnhanceAdapter::EnhanceClientSerialize(rawData, inputData); + input.WriteUint32(inputData.size); + input.WriteRawData(inputData.data, inputData.size); MessageOption option(MessageOption::TF_SYNC); auto service = std::make_shared(SA_ID_SECURITY_COMPONENT_SERVICE, true); service->OnRemoteRequest(code, input, reply, option); + if (!reply.ReadUint32(replyData.size)) { + return 0; + } + auto readRawReply = reply.ReadRawData(replyData.size); + if (readRawReply == nullptr) { + return 0; + } + int32_t res = replyData.RawDataCpy(readRawReply); + if (res != SC_OK) { + return 0; + } MessageParcel deserializedReply; - SecCompEnhanceAdapter::EnhanceClientDeserialize(reply, deserializedReply); - int32_t res = 0; + SecCompEnhanceAdapter::EnhanceClientDeserialize(replyData, deserializedReply); if (!deserializedReply.ReadInt32(res)) { return 0; } @@ -140,9 +154,10 @@ static int32_t RegisterSecurityComponentStub(uint32_t type, const std::string& c static void ReportSecurityComponentClickEventStubFuzzTest(const uint8_t *data, size_t size) { - uint32_t code = SecurityComponentServiceInterfaceCode::REPORT_SECURITY_COMPONENT_CLICK_EVENT; + uint32_t code = static_cast(ISecCompServiceIpcCode::COMMAND_REPORT_SECURITY_COMPONENT_CLICK_EVENT); MessageParcel rawData; MessageParcel input; + SecCompRawdata inputData; MessageParcel reply; CompoRandomGenerator generator(data, size); @@ -173,7 +188,9 @@ static void ReportSecurityComponentClickEventStubFuzzTest(const uint8_t *data, s return; } - SecCompEnhanceAdapter::EnhanceClientSerialize(rawData, input); + SecCompEnhanceAdapter::EnhanceClientSerialize(rawData, inputData); + input.WriteUint32(inputData.size); + input.WriteRawData(inputData.data, inputData.size); MessageOption option(MessageOption::TF_SYNC); auto service = std::make_shared(SA_ID_SECURITY_COMPONENT_SERVICE, true); diff --git a/test/fuzztest/security_component/service/reportsecuritycomponentclickeventstub_fuzzer/reportsecuritycomponentclickeventstub_fuzzer.h b/test/fuzztest/security_component/service/reportsecuritycomponentclickeventstub_fuzzer/reportsecuritycomponentclickeventstub_fuzzer.h index 575ff62..f3cfbe3 100644 --- a/test/fuzztest/security_component/service/reportsecuritycomponentclickeventstub_fuzzer/reportsecuritycomponentclickeventstub_fuzzer.h +++ b/test/fuzztest/security_component/service/reportsecuritycomponentclickeventstub_fuzzer/reportsecuritycomponentclickeventstub_fuzzer.h @@ -17,5 +17,5 @@ #define REPORT_SECURITY_COMPONENT_CLICK_EVENT_STUB_FUZZER_H #define FUZZ_PROJECT_NAME "securitycomponent_fuzzer" -#include "sec_comp_stub.h" +#include "sec_comp_service_stub.h" #endif diff --git a/test/fuzztest/security_component/service/security_component_fuzz.gni b/test/fuzztest/security_component/service/security_component_fuzz.gni index f0cf882..ff4803c 100644 --- a/test/fuzztest/security_component/service/security_component_fuzz.gni +++ b/test/fuzztest/security_component/service/security_component_fuzz.gni @@ -22,12 +22,13 @@ sc_include_dirs = [ "${sec_comp_dir}/frameworks/inner_api/security_component/include", "${sec_comp_dir}/interfaces/inner_api/security_component_common", "${sec_comp_dir}/interfaces/inner_api/security_component/include", + "${sec_comp_dir}/services/security_component_service/sa:sec_comp_service_stub", "${sec_comp_dir}/services/security_component_service/sa/test/mock/include", "${sec_comp_dir}/test/fuzztest/security_component/common", "${sec_comp_dir}/test/fuzztest/security_component/mock", ] -sc_deps = [] +sc_deps = [ "${sec_comp_dir}/services/security_component_service/sa:sec_comp_service_stub" ] sc_cflags_cc = [ "-DFUZZ_ENABLE" ] @@ -71,7 +72,6 @@ sc_service_sources = [ "${sec_comp_dir}/services/security_component_service/sa/sa_main/sec_comp_manager.cpp", "${sec_comp_dir}/services/security_component_service/sa/sa_main/sec_comp_perm_manager.cpp", "${sec_comp_dir}/services/security_component_service/sa/sa_main/sec_comp_service.cpp", - "${sec_comp_dir}/services/security_component_service/sa/sa_main/sec_comp_stub.cpp", "${sec_comp_dir}/services/security_component_service/sa/sa_main/sec_event_handler.cpp", "${sec_comp_dir}/services/security_component_service/sa/sa_main/window_info_helper.cpp", ] diff --git a/test/fuzztest/security_component/service/unregistersecuritycomponentstub_fuzzer/BUILD.gn b/test/fuzztest/security_component/service/unregistersecuritycomponentstub_fuzzer/BUILD.gn index c9c7204..5a66e50 100644 --- a/test/fuzztest/security_component/service/unregistersecuritycomponentstub_fuzzer/BUILD.gn +++ b/test/fuzztest/security_component/service/unregistersecuritycomponentstub_fuzzer/BUILD.gn @@ -30,7 +30,10 @@ ohos_fuzztest("UnregisterSecurityComponentStubFuzzTest") { "-Wno-unused-variable", "-fno-omit-frame-pointer", ] - configs = [ "${sec_comp_dir}/config:coverage_flags" ] + configs = [ + "${sec_comp_dir}/config:coverage_flags", + "${sec_comp_dir}/services/security_component_service/sa:sec_comp_service_gen_config", + ] cflags_cc = [ "-DHILOG_ENABLE" ] cflags_cc += sc_cflags_cc diff --git a/test/fuzztest/security_component/service/unregistersecuritycomponentstub_fuzzer/unregistersecuritycomponentstub_fuzzer.cpp b/test/fuzztest/security_component/service/unregistersecuritycomponentstub_fuzzer/unregistersecuritycomponentstub_fuzzer.cpp index 67f7015..4d307c8 100644 --- a/test/fuzztest/security_component/service/unregistersecuritycomponentstub_fuzzer/unregistersecuritycomponentstub_fuzzer.cpp +++ b/test/fuzztest/security_component/service/unregistersecuritycomponentstub_fuzzer/unregistersecuritycomponentstub_fuzzer.cpp @@ -19,7 +19,7 @@ #include #include "accesstoken_kit.h" #include "fuzz_common.h" -#include "i_sec_comp_service.h" +#include "isec_comp_service.h" #include "sec_comp_enhance_adapter.h" #include "sec_comp_info.h" #include "sec_comp_service.h" @@ -33,10 +33,12 @@ namespace OHOS { static int32_t RegisterSecurityComponentStub(uint32_t type, const std::string& compoInfo) { uint32_t code = - SecurityComponentServiceInterfaceCode::REGISTER_SECURITY_COMPONENT; + static_cast(ISecCompServiceIpcCode::COMMAND_REGISTER_SECURITY_COMPONENT); MessageParcel rawData; MessageParcel input; + SecCompRawdata inputData; MessageParcel reply; + SecCompRawdata replyData; if (!input.WriteInterfaceToken(ISecCompService::GetDescriptor())) { return 0; @@ -48,14 +50,26 @@ static int32_t RegisterSecurityComponentStub(uint32_t type, const std::string& c if (!rawData.WriteString(compoInfo)) { return 0; } - SecCompEnhanceAdapter::EnhanceClientSerialize(rawData, input); + SecCompEnhanceAdapter::EnhanceClientSerialize(rawData, inputData); + input.WriteUint32(inputData.size); + input.WriteRawData(inputData.data, inputData.size); MessageOption option(MessageOption::TF_SYNC); auto service = std::make_shared(SA_ID_SECURITY_COMPONENT_SERVICE, true); service->OnRemoteRequest(code, input, reply, option); + if (!reply.ReadUint32(replyData.size)) { + return 0; + } + auto readRawReply = reply.ReadRawData(replyData.size); + if (readRawReply == nullptr) { + return 0; + } + int32_t res = replyData.RawDataCpy(readRawReply); + if (res != SC_OK) { + return 0; + } MessageParcel deserializedReply; - SecCompEnhanceAdapter::EnhanceClientDeserialize(reply, deserializedReply); - int32_t res = 0; + SecCompEnhanceAdapter::EnhanceClientDeserialize(replyData, deserializedReply); if (!deserializedReply.ReadInt32(res)) { return 0; } @@ -68,9 +82,10 @@ static int32_t RegisterSecurityComponentStub(uint32_t type, const std::string& c static void UnregisterSecurityComponentStubFuzzTest(const uint8_t *data, size_t size) { - uint32_t code = SecurityComponentServiceInterfaceCode::UNREGISTER_SECURITY_COMPONENT; + uint32_t code = static_cast(ISecCompServiceIpcCode::COMMAND_UNREGISTER_SECURITY_COMPONENT); MessageParcel rawData; MessageParcel input; + SecCompRawdata inputData; MessageParcel reply; CompoRandomGenerator generator(data, size); uint32_t type = generator.GetScType(); @@ -82,7 +97,9 @@ static void UnregisterSecurityComponentStubFuzzTest(const uint8_t *data, size_t if (!rawData.WriteInt32(scId)) { return; } - SecCompEnhanceAdapter::EnhanceClientSerialize(rawData, input); + SecCompEnhanceAdapter::EnhanceClientSerialize(rawData, inputData); + input.WriteUint32(inputData.size); + input.WriteRawData(inputData.data, inputData.size); MessageOption option(MessageOption::TF_SYNC); auto service = std::make_shared(SA_ID_SECURITY_COMPONENT_SERVICE, true); diff --git a/test/fuzztest/security_component/service/unregistersecuritycomponentstub_fuzzer/unregistersecuritycomponentstub_fuzzer.h b/test/fuzztest/security_component/service/unregistersecuritycomponentstub_fuzzer/unregistersecuritycomponentstub_fuzzer.h index 3bd7464..ae5a52d 100644 --- a/test/fuzztest/security_component/service/unregistersecuritycomponentstub_fuzzer/unregistersecuritycomponentstub_fuzzer.h +++ b/test/fuzztest/security_component/service/unregistersecuritycomponentstub_fuzzer/unregistersecuritycomponentstub_fuzzer.h @@ -17,5 +17,5 @@ #define UNREGISTER_SECURITY_COMPONENT_STUB_FUZZER_H #define FUZZ_PROJECT_NAME "securitycomponent_fuzzer" -#include "sec_comp_stub.h" +#include "sec_comp_service_stub.h" #endif diff --git a/test/fuzztest/security_component/service/updatesecuritycomponentstub_fuzzer/BUILD.gn b/test/fuzztest/security_component/service/updatesecuritycomponentstub_fuzzer/BUILD.gn index cd60aab..1c64ca1 100644 --- a/test/fuzztest/security_component/service/updatesecuritycomponentstub_fuzzer/BUILD.gn +++ b/test/fuzztest/security_component/service/updatesecuritycomponentstub_fuzzer/BUILD.gn @@ -30,7 +30,10 @@ ohos_fuzztest("UpdateSecurityComponentStubFuzzTest") { "-Wno-unused-variable", "-fno-omit-frame-pointer", ] - configs = [ "${sec_comp_dir}/config:coverage_flags" ] + configs = [ + "${sec_comp_dir}/config:coverage_flags", + "${sec_comp_dir}/services/security_component_service/sa:sec_comp_service_gen_config", + ] cflags_cc = [ "-DHILOG_ENABLE" ] cflags_cc += sc_cflags_cc diff --git a/test/fuzztest/security_component/service/updatesecuritycomponentstub_fuzzer/updatesecuritycomponentstub_fuzzer.cpp b/test/fuzztest/security_component/service/updatesecuritycomponentstub_fuzzer/updatesecuritycomponentstub_fuzzer.cpp index 91c6e26..29637ce 100644 --- a/test/fuzztest/security_component/service/updatesecuritycomponentstub_fuzzer/updatesecuritycomponentstub_fuzzer.cpp +++ b/test/fuzztest/security_component/service/updatesecuritycomponentstub_fuzzer/updatesecuritycomponentstub_fuzzer.cpp @@ -19,7 +19,7 @@ #include #include "accesstoken_kit.h" #include "fuzz_common.h" -#include "i_sec_comp_service.h" +#include "isec_comp_service.h" #include "sec_comp_enhance_adapter.h" #include "sec_comp_info.h" #include "sec_comp_service.h" @@ -33,10 +33,12 @@ namespace OHOS { static int32_t RegisterSecurityComponentStub(uint32_t type, const std::string& compoInfo) { uint32_t code = - SecurityComponentServiceInterfaceCode::REGISTER_SECURITY_COMPONENT; + static_cast(ISecCompServiceIpcCode::COMMAND_REGISTER_SECURITY_COMPONENT); MessageParcel rawData; MessageParcel input; + SecCompRawdata inputData; MessageParcel reply; + SecCompRawdata replyData; if (!input.WriteInterfaceToken(ISecCompService::GetDescriptor())) { return 0; @@ -48,14 +50,26 @@ static int32_t RegisterSecurityComponentStub(uint32_t type, const std::string& c if (!rawData.WriteString(compoInfo)) { return 0; } - SecCompEnhanceAdapter::EnhanceClientSerialize(rawData, input); + SecCompEnhanceAdapter::EnhanceClientSerialize(rawData, inputData); + input.WriteUint32(inputData.size); + input.WriteRawData(inputData.data, inputData.size); MessageOption option(MessageOption::TF_SYNC); auto service = std::make_shared(SA_ID_SECURITY_COMPONENT_SERVICE, true); service->OnRemoteRequest(code, input, reply, option); + if (!reply.ReadUint32(replyData.size)) { + return 0; + } + auto readRawReply = reply.ReadRawData(replyData.size); + if (readRawReply == nullptr) { + return 0; + } + int32_t res = replyData.RawDataCpy(readRawReply); + if (res != SC_OK) { + return 0; + } MessageParcel deserializedReply; - SecCompEnhanceAdapter::EnhanceClientDeserialize(reply, deserializedReply); - int32_t res = 0; + SecCompEnhanceAdapter::EnhanceClientDeserialize(replyData, deserializedReply); if (!deserializedReply.ReadInt32(res)) { return 0; } @@ -68,9 +82,10 @@ static int32_t RegisterSecurityComponentStub(uint32_t type, const std::string& c static void UpdateSecurityComponentStubFuzzTest(const uint8_t *data, size_t size) { - uint32_t code = SecurityComponentServiceInterfaceCode::UPDATE_SECURITY_COMPONENT; + uint32_t code = static_cast(ISecCompServiceIpcCode::COMMAND_UPDATE_SECURITY_COMPONENT); MessageParcel rawData; MessageParcel input; + SecCompRawdata inputData; MessageParcel reply; CompoRandomGenerator generator(data, size); if (!input.WriteInterfaceToken(ISecCompService::GetDescriptor())) { @@ -86,7 +101,9 @@ static void UpdateSecurityComponentStubFuzzTest(const uint8_t *data, size_t size if (!rawData.WriteString(compoInfo)) { return; } - SecCompEnhanceAdapter::EnhanceClientSerialize(rawData, input); + SecCompEnhanceAdapter::EnhanceClientSerialize(rawData, inputData); + input.WriteUint32(inputData.size); + input.WriteRawData(inputData.data, inputData.size); MessageOption option(MessageOption::TF_SYNC); auto service = std::make_shared(SA_ID_SECURITY_COMPONENT_SERVICE, true); diff --git a/test/fuzztest/security_component/service/updatesecuritycomponentstub_fuzzer/updatesecuritycomponentstub_fuzzer.h b/test/fuzztest/security_component/service/updatesecuritycomponentstub_fuzzer/updatesecuritycomponentstub_fuzzer.h index 877ed65..2886b16 100644 --- a/test/fuzztest/security_component/service/updatesecuritycomponentstub_fuzzer/updatesecuritycomponentstub_fuzzer.h +++ b/test/fuzztest/security_component/service/updatesecuritycomponentstub_fuzzer/updatesecuritycomponentstub_fuzzer.h @@ -17,5 +17,5 @@ #define UPDATE_SECURITY_COMPONENT_STUB_FUZZER_H #define FUZZ_PROJECT_NAME "securitycomponent_fuzzer" -#include "sec_comp_stub.h" +#include "sec_comp_service_stub.h" #endif diff --git a/test/fuzztest/security_component/service/verifysavepermissionstub_fuzzer/BUILD.gn b/test/fuzztest/security_component/service/verifysavepermissionstub_fuzzer/BUILD.gn index d881212..d152ce7 100644 --- a/test/fuzztest/security_component/service/verifysavepermissionstub_fuzzer/BUILD.gn +++ b/test/fuzztest/security_component/service/verifysavepermissionstub_fuzzer/BUILD.gn @@ -30,7 +30,10 @@ ohos_fuzztest("VerifySavePermissionStubFuzzTest") { "-Wno-unused-variable", "-fno-omit-frame-pointer", ] - configs = [ "${sec_comp_dir}/config:coverage_flags" ] + configs = [ + "${sec_comp_dir}/config:coverage_flags", + "${sec_comp_dir}/services/security_component_service/sa:sec_comp_service_gen_config", + ] cflags_cc = [ "-DHILOG_ENABLE" ] cflags_cc += sc_cflags_cc diff --git a/test/fuzztest/security_component/service/verifysavepermissionstub_fuzzer/verifysavepermissionstub_fuzzer.cpp b/test/fuzztest/security_component/service/verifysavepermissionstub_fuzzer/verifysavepermissionstub_fuzzer.cpp index b3d7e10..30346c4 100644 --- a/test/fuzztest/security_component/service/verifysavepermissionstub_fuzzer/verifysavepermissionstub_fuzzer.cpp +++ b/test/fuzztest/security_component/service/verifysavepermissionstub_fuzzer/verifysavepermissionstub_fuzzer.cpp @@ -20,7 +20,7 @@ #include #include "accesstoken_kit.h" #include "fuzz_common.h" -#include "i_sec_comp_service.h" +#include "isec_comp_service.h" #include "sec_comp_enhance_adapter.h" #include "sec_comp_info.h" #include "sec_comp_service.h" @@ -32,7 +32,7 @@ using namespace OHOS::Security::AccessToken; namespace OHOS { static void VerifySavePermissionStubFuzzTest(const uint8_t *data, size_t size) { - uint32_t code = SecurityComponentServiceInterfaceCode::VERIFY_TEMP_SAVE_PERMISSION; + uint32_t code = static_cast(ISecCompServiceIpcCode::COMMAND_VERIFY_SAVE_PERMISSION); MessageParcel rawData; MessageParcel input; MessageParcel reply; @@ -43,10 +43,9 @@ static void VerifySavePermissionStubFuzzTest(const uint8_t *data, size_t size) } uint32_t tokenid = generator.GetData(); - if (!rawData.WriteUint32(tokenid)) { + if (!input.WriteUint32(tokenid)) { return; } - SecCompEnhanceAdapter::EnhanceClientSerialize(rawData, input); MessageOption option(MessageOption::TF_SYNC); auto service = std::make_shared(SA_ID_SECURITY_COMPONENT_SERVICE, true); diff --git a/test/fuzztest/security_component/service/verifysavepermissionstub_fuzzer/verifysavepermissionstub_fuzzer.h b/test/fuzztest/security_component/service/verifysavepermissionstub_fuzzer/verifysavepermissionstub_fuzzer.h index f9d60c5..ea51ef6 100644 --- a/test/fuzztest/security_component/service/verifysavepermissionstub_fuzzer/verifysavepermissionstub_fuzzer.h +++ b/test/fuzztest/security_component/service/verifysavepermissionstub_fuzzer/verifysavepermissionstub_fuzzer.h @@ -18,7 +18,7 @@ #define FUZZ_PROJECT_NAME "securitycomponent_fuzzer" -#include "sec_comp_stub.h" +#include "sec_comp_service_stub.h" #include "sec_comp_service.h" #endif -- Gitee