diff --git a/BUILD.gn b/BUILD.gn
index 4e262743dd640165d7de1ea5031b9743cabd5a46..d57c193e9917a78fda6d7a3ae133a5704c51cc7d 100644
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -11,24 +11,51 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+#import("//base/security/permission/permission.gni")
import("//build/ohos.gni")
-
-group("accesstoken_build_module_standard") {
+group("accesstoken_build_module") {
if (is_standard_system) {
deps = [
"//base/security/access_token/interfaces/innerkits/accesstoken:libaccesstoken_sdk",
- "//base/security/access_token/services/accesstoken:accesstoken_manager_service",
- "//base/security/access_token/services/accesstoken/main/sa_profile:accesstoken_sa_profile_standard",
+ "//base/security/access_token/interfaces/innerkits/nativetoken:libnativetoken",
+ "//base/security/access_token/interfaces/innerkits/token_setproc:libtoken_setproc",
+ "//base/security/access_token/interfaces/kits:napi_packages",
+ "//base/security/access_token/services/accesstokenmanager:accesstoken_manager_service",
+ "//base/security/access_token/services/accesstokenmanager/main/sa_profile:accesstoken_sa_profile_standard",
+ ]
+ }
+}
+
+group("tokensync_build_module") {
+ if (is_standard_system) {
+ deps = [
+ "//base/security/access_token/interfaces/innerkits/tokensync:libtokensync_sdk",
+ "//base/security/access_token/services/tokensyncmanager:token_sync_manager_service",
+ "//base/security/access_token/services/tokensyncmanager/sa_profile:tokensync_sa_profile_standard",
]
}
}
-group("accesstoken_build_module_standard_test") {
+group("accesstoken_build_module_test") {
testonly = true
deps = []
if (is_standard_system) {
deps += [
"//base/security/access_token/interfaces/innerkits/accesstoken/test:unittest",
+ "//base/security/access_token/interfaces/innerkits/nativetoken/test:unittest",
+ "//base/security/access_token/interfaces/innerkits/token_setproc/test:unittest",
+ "//base/security/access_token/interfaces/innerkits/tokensync/test:unittest",
+ "//base/security/access_token/services/accesstokenmanager/test:unittest",
]
}
-}
\ No newline at end of file
+}
+#group("distributed_permission") {
+# if (is_standard_system) {
+# deps = [
+# "${distributed_permission_innerkits_distributed_path}:distributed_permission_innerkits",
+# "${distributed_permission_record_database_path}:permission_standard_infrastructure_record_database",
+# "${distributed_permission_services_path}:distributed_permission_services",
+# "${distributed_permission_services_path}/main/sa_profile:distributed_permission_sa_profile_standard",
+# ]
+# }
+#}
diff --git a/OAT.xml b/OAT.xml
new file mode 100644
index 0000000000000000000000000000000000000000..b11daf5274a1b8efb7d7851c97861d0d8bf5d059
--- /dev/null
+++ b/OAT.xml
@@ -0,0 +1,84 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/README.en.md b/README.en.md
deleted file mode 100644
index 11f465df97e3c0d571a30f2d5ef4f208b0e1aae6..0000000000000000000000000000000000000000
--- a/README.en.md
+++ /dev/null
@@ -1,36 +0,0 @@
-# security_access_token
-
-#### Description
-{**When you're done, you can delete the content in this README and update the file with details for others getting started with your repository**}
-
-#### Software Architecture
-Software architecture description
-
-#### Installation
-
-1. xxxx
-2. xxxx
-3. xxxx
-
-#### Instructions
-
-1. xxxx
-2. xxxx
-3. xxxx
-
-#### Contribution
-
-1. Fork the repository
-2. Create Feat_xxx branch
-3. Commit your code
-4. Create Pull Request
-
-
-#### Gitee Feature
-
-1. You can use Readme\_XXX.md to support different languages, such as Readme\_en.md, Readme\_zh.md
-2. Gitee blog [blog.gitee.com](https://blog.gitee.com)
-3. Explore open source project [https://gitee.com/explore](https://gitee.com/explore)
-4. The most valuable open source project [GVP](https://gitee.com/gvp)
-5. The manual of Gitee [https://gitee.com/help](https://gitee.com/help)
-6. The most popular members [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)
diff --git a/README.md b/README.md
index 9d2b06ed3c0a7d5bbad7b383686580f7721cc7c2..9ef56a6a22cfc0cfc4d47ffe9665e77b01937d92 100644
--- a/README.md
+++ b/README.md
@@ -1,51 +1 @@
-# security_access_token
-
-- [简介](#section11660541593)
-- [缩略词](#section161941989596)
-- [目录](#section119744591305)
-- [使用](#section137768191623)
- - [接口说明](#section1551164914237)
- - [使用说明](#section129654513264)
-
-- [相关仓](#section1371113476307)
-
-## 简介
-
-ATM(AccessTokenManager)是OpenHarmony上基于AccessToken构建的统一的应用权限管理能力,应用的Accesstoken信息主要包括应用身份标识APPID、用户ID,应用分身索引、应用APL等级、应用权限信息等。每个应用的Accestoken信息由一个32bits的设备内唯一标识符tokenID来标识。
-ATM模块主要提供如下功能:
-- 提供基于tokenID的应用权限校验机制,应用访问敏感数据或者API时可以检查是否有对应的权限;
-- 提供基于tokenID的Accestoken信息查询,应用可以根据tokenID查询自身的APL等级等信息;
-
-## 缩略词
-- AT:Access Token, 访问凭据
-- AACL:API Access Control List, 权限访问控制列表
-- APL:API Ability Privilege Level, 权限访问控制列表
-
-## 目录
-
-```
-/base/security/access_token
-├── frameworks # 框架层,作为基础功能目录,被interfaces和services使用
-│ ├── accesstoken # Accesstoken管理框架代码实现
-│ ├── tokensync # Accesstoken信息同步框架代码实现
-│ └── common # 框架公共代码实现
-├── interfaces # 接口层
-│ └── innerkits # 内部接口层
-│ ├── accesstoken # Accesstoken内部接口实现代码
-│ └── tokensync # Accesstoken信息同步内部接口实现代码
-└── services # 服务层
- ├── accesstokenmanager # Accesstoken管理服务代码
- └── tokensyncmanager # Accesstoken信息同步服务代码
-```
-
-## 使用
-### 接口说明
-
-### 使用说明
-1. xxxx
-2. xxxx
-3. xxxx
-
-## 相关仓
-安全子系统
-security\_access\_token
\ No newline at end of file
+An english translation is now being prepared.
\ No newline at end of file
diff --git a/README_zh.md b/README_zh.md
new file mode 100644
index 0000000000000000000000000000000000000000..23be5b3aff107affb9e6cb468b095a4b833101ab
--- /dev/null
+++ b/README_zh.md
@@ -0,0 +1,81 @@
+# 访问控制
+
+- [简介](#section11660541593)
+- [目录](#section119744591305)
+- [使用](#section137768191623)
+ - [接口说明](#section1551164914237)
+ - [使用说明](#section129654513264)
+- [相关仓](#section1371113476307)
+
+## 简介
+
+ATM(AccessTokenManager)是OpenHarmony上基于AccessToken构建的统一的应用权限管理能力。
+
+应用的Accesstoken信息主要包括应用身份标识APPID、用户ID,应用分身索引、应用APL(Ability Privilege Level)等级、应用权限信息等。每个应用的Accestoken信息由一个32bits的设备内唯一标识符TokenID(Token identity)来标识。
+
+ATM模块主要提供如下功能:
+- 提供基于TokenID的应用权限校验机制,应用访问敏感数据或者API时可以检查是否有对应的权限。
+- 提供基于TokenID的Accestoken信息查询,应用可以根据TokenID查询自身的APL等级等信息。
+
+## 目录
+
+```
+/base/security/access_token
+├── frameworks # 框架层,基础功能代码存放目录
+│ ├── accesstoken # Accesstoken管理框架代码存放目录
+│ ├── tokensync # Accesstoken信息同步框架代码存放目录
+│ └── common # 框架公共代码存放目录
+├── interfaces # 接口层
+│ └── innerkits # 内部接口层
+│ ├── accesstoken # Accesstoken内部接口代码存放目录
+│ ├── nativetoken # nativetoken内部接口代码存放目录
+│ └── tokensync # Accesstoken信息同步内部接口代码存放目录
+└── services # 服务层
+ ├── accesstokenmanager # Accesstoken管理服务代码存放目录
+ └── tokensyncmanager # Accesstoken信息同步服务代码存放目录
+```
+
+## 使用
+### 接口说明
+
+| **接口申明** | **接口描述** |
+| --- | --- |
+| AccessTokenIDEx AllocHapToken(const HapInfoParams& info, const HapPolicyParams& policy); | 为应用进程分配一个tokenID |
+| AccessTokenID AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID); | 为远端设备的应用进程分配一个本地tokenID |
+| int UpdateHapToken(AccessTokenID tokenID, const std::string& appIDDesc, const HapPolicyParams& policy); | 更新tokenId对应的tokenInfo信息 |
+| int DeleteToken(AccessTokenID tokenID); | 删除应用tokenID及其对应的tokenInfo信息 |
+| int GetTokenType(AccessTokenID tokenID); | 查询指定tokenID的类型 |
+| int CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap); | 检测指定tokenID对应的native进程是否具有指定的分布式能力 |
+| AccessTokenID GetHapTokenID(int userID, const std::string& bundleName, int instIndex); | 查询指定应用的tokenId |
+| int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& hapTokenInfoRes); | 查询指定tokenID对应的hap包的tokenInfo信息 |
+| int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfo& nativeTokenInfoRes); | 查询指定tokenID对应的native的tokenInfo信息 |
+| int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName); | 检查指定tokenID是否具有指定权限 |
+| int GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult); | 查询指定权限的权限定义信息 |
+| int GetDefPermissions(AccessTokenID tokenID, std::vector& permList); | 查询指定tokenID对应的hap包的权限定义集合 |
+| int GetReqPermissions(AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant); | 查询指定tokenID对应的hap包申请的权限状态集合 |
+| int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName); | 查询指定tokenID的应用的指定权限 |
+| int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag); | 授予指定tokenID的应用的指定权限 |
+| int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag); | 撤销指定tokenID的应用的指定权限 |
+| int ClearUserGrantedPermissionState(AccessTokenID tokenID); | 清空指定tokenID的应用的user_grant权限状态 |
+| uint64_t GetAccessTokenId(const char *processname, const char **dcap, int32_t dacpNum, const char *aplStr); | 创建获取native进程的tokenId |
+
+### 使用说明
+ATM提供了统一的应用权限访问控制功能,支持应用程序或者SA查询校验应用权限、APL等信息。从使用者角度,可以分为基于native进程启动的SA和应用Hap两类使用者。
+
+#### native进程
+- 在native进程拉起前,需要调用GetAccessTokenId函数,获取该native进程的TokenID;再调用SetSelfTokenID将进程TokenID设置到内核中。
+- 在native进程运行过程中,可以通过调用GetNativeTokenInfo、CheckNativeDCap来查验对应进程所具备的token信息,包括分布式能力、APL等级等信息。
+
+#### 应用hap
+- 在应用安装时,需要调用AllocHapToken创建获取该应用的TokenID。
+- 在应用运行过程中,需要进行鉴权等操作时,可调用VerifyAccessToken、GetReqPermissions等函数查询校验应用权限、APL等信息。
+- 在应用卸载时,需要调用DeleteToken函数删除系统中管理的对应Accesstoken信息。
+
+## 相关仓
+安全子系统
+
+[startup\_init\_lite](https://gitee.com/openharmony/startup_init_lite/blob/master/README.md)
+
+[security\_deviceauth](https://gitee.com/openharmony/security_deviceauth/blob/master/README.md)
+
+**[security\_access\_token](https://gitee.com/openharmony-sig/security_access_token/blob/master/README.md)**
\ No newline at end of file
diff --git a/bundle.json b/bundle.json
new file mode 100755
index 0000000000000000000000000000000000000000..c6b2039c0eb69034d4da4618fcae1f00c23da2a5
--- /dev/null
+++ b/bundle.json
@@ -0,0 +1,85 @@
+{
+ "name": "@openharmony/access_token",
+ "description": "access_token",
+ "version": "3.1.0",
+ "license": "Apache License 2.0",
+ "publishAs": "code-segment",
+ "segment": {
+ "destPath": "base/security/access_token"
+ },
+ "dirs": {},
+ "scripts": {},
+ "component": {
+ "name": "access_token",
+ "subsystem": "security",
+ "syscap": [
+ "SystemCapability.Security.AccessToken"
+ ],
+ "adapted_system_type": [ "standard" ],
+ "rom": "2048KB",
+ "ram": "5102KB",
+ "deps": {
+ "components": [
+ "ability_base",
+ "hiviewdfx_hilog_native",
+ "ipc_core",
+ "ans_standard",
+ "aafwk_standard",
+ "system_ability_fwk",
+ "samgr_proxy",
+ "appexecfwk_standard",
+ "eventhandler",
+ "napi",
+ "safwk",
+ "samgr_standard",
+ "utils_base"
+ ],
+ "third_party": [
+ "cJSON",
+ "sqlite",
+ "mbedtls"
+ ]
+ },
+ "build": {
+ "sub_component": [
+ "//base/security/access_token:accesstoken_build_module",
+ "//base/security/access_token:tokensync_build_module"
+ ],
+ "inner_kits": [
+ {
+ "name": "//base/security/access_token/interfaces/innerkits/accesstoken:libaccesstoken_sdk",
+ "header": {
+ "header_files": [
+ "accesstoken_kit.h"
+ ],
+ "header_base": "//base/security/access_token/interfaces/innerkits/accesstoken/include"
+ }
+ },
+ {
+ "name": "//base/security/access_token/interfaces/innerkits/nativetoken:libnativetoken",
+ "header": {
+ "header_files": [
+ "nativetoken_kit.h"
+ ],
+ "header_base": "//base/security/access_token/interfaces/innerkits/nativetoken/include"
+ }
+ },
+ {
+ "name": "//base/security/access_token/interfaces/innerkits/token_setproc:libtoken_setproc",
+ "header": {
+ "header_files": [
+ "token_setproc.h"
+ ],
+ "header_base": "//base/security/access_token/interfaces/innerkits/token_setproc/include"
+ }
+ }
+ ],
+ "test": [
+ "//base/security/access_token:accesstoken_build_module_test",
+ "//base/security/access_token/interfaces/innerkits/accesstoken/test:unittest",
+ "//base/security/access_token/interfaces/innerkits/nativetoken/test:unittest",
+ "//base/security/access_token/interfaces/innerkits/token_setproc/test:unittest"
+ ]
+ }
+ }
+}
diff --git a/frameworks/accesstoken/BUILD.gn b/frameworks/accesstoken/BUILD.gn
new file mode 100644
index 0000000000000000000000000000000000000000..e7ebdac5b5212b28149b36109375b0c9fd5a5b40
--- /dev/null
+++ b/frameworks/accesstoken/BUILD.gn
@@ -0,0 +1,52 @@
+# Copyright (c) 2021 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/ohos.gni")
+
+################################################################
+# C++, Main source file here.
+################################################################
+config("accesstoken_communication_adapter_cxx_public_config") {
+ visibility = [ ":*" ]
+ include_dirs = [
+ "include",
+ "//base/security/access_token/interfaces/innerkits/accesstoken/include",
+ ]
+}
+
+ohos_shared_library("accesstoken_communication_adapter_cxx") {
+ subsystem_name = "security"
+ part_name = "access_token"
+
+ public_configs = [ ":accesstoken_communication_adapter_cxx_public_config" ]
+
+ include_dirs = [
+ "include",
+ "//base/security/access_token/interfaces/innerkits/accesstoken/include",
+ "//utils/native/base/include",
+ ]
+
+ sources = [
+ "src/hap_info_parcel.cpp",
+ "src/hap_policy_parcel.cpp",
+ "src/hap_token_info_for_sync_parcel.cpp",
+ "src/hap_token_info_parcel.cpp",
+ "src/native_token_info_parcel.cpp",
+ "src/permission_def_parcel.cpp",
+ "src/permission_state_full_parcel.cpp",
+ ]
+
+ deps = [ "//utils/native/base:utils" ]
+
+ external_deps = [ "ipc:ipc_core" ]
+}
diff --git a/frameworks/accesstoken/i_accesstoken_manager.h b/frameworks/accesstoken/include/hap_info_parcel.h
similarity index 57%
rename from frameworks/accesstoken/i_accesstoken_manager.h
rename to frameworks/accesstoken/include/hap_info_parcel.h
index e3774c8a41ce8f5364bb413ccc7a229bf21a4f5c..8f496175e23d78cc314654838ab443d6dc91fa3c 100644
--- a/frameworks/accesstoken/i_accesstoken_manager.h
+++ b/frameworks/accesstoken/include/hap_info_parcel.h
@@ -1,44 +1,40 @@
-/*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef I_ACCESSTOKEN_MANAGER_H
-#define I_ACCESSTOKEN_MANAGER_H
-
-#include
-#include "iremote_broker.h"
-#include "errors.h"
-
-#include "accesstoken.h"
-
-namespace OHOS {
-namespace Security {
-namespace AccessToken {
-class IAccessTokenManager : public IRemoteBroker {
-public:
- static const int SA_ID_ACCESSTOKEN_MANAGER_SERVICE = 3503;
-
- DECLARE_INTERFACE_DESCRIPTOR(u"ohos.security.accesstoken.IAccessTokennManager");
-
- virtual int VerifyAccesstoken(AccessTokenID tokenID, const std::string &permissionName) = 0;
-
- enum class InterfaceCode {
- VERIFY_ACCESSTOKEN = 0xff01,
- };
-};
-} // namespace AccessToken
-} // namespace Security
-} // namespace OHOS
-
-#endif // I_ACCESSTOKEN_MANAGER_H
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef HAP_INFO_PARCEL_H
+#define HAP_INFO_PARCEL_H
+
+#include "hap_token_info.h"
+
+#include "parcel.h"
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+struct HapInfoParcel final : public Parcelable {
+ HapInfoParcel() = default;
+
+ ~HapInfoParcel() override = default;
+
+ bool Marshalling(Parcel &out) const override;
+
+ static HapInfoParcel *Unmarshalling(Parcel &in);
+
+ HapInfoParams hapInfoParameter;
+};
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
+#endif // HAP_INFO_PARCEL_H
diff --git a/frameworks/accesstoken/include/hap_policy_parcel.h b/frameworks/accesstoken/include/hap_policy_parcel.h
new file mode 100644
index 0000000000000000000000000000000000000000..7886bfbeb7fff89c01ecba7eb4a6a7f712221129
--- /dev/null
+++ b/frameworks/accesstoken/include/hap_policy_parcel.h
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef HAP_POLICY_PARCEL_H
+#define HAP_POLICY_PARCEL_H
+
+#include "hap_token_info.h"
+#include "permission_def_parcel.h"
+#include "permission_state_full_parcel.h"
+
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+struct HapPolicyParcel final : public Parcelable {
+ HapPolicyParcel() = default;
+
+ ~HapPolicyParcel() override = default;
+
+ bool Marshalling(Parcel &out) const override;
+
+ static HapPolicyParcel *Unmarshalling(Parcel &in);
+
+ HapPolicyParams hapPolicyParameter;
+};
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
+#endif // HAP_POLICY_PARCEL_H
diff --git a/frameworks/accesstoken/include/hap_token_info_for_sync_parcel.h b/frameworks/accesstoken/include/hap_token_info_for_sync_parcel.h
new file mode 100644
index 0000000000000000000000000000000000000000..b0c838402a24fb0c18e96943fc6d451a023cb802
--- /dev/null
+++ b/frameworks/accesstoken/include/hap_token_info_for_sync_parcel.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2022 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef HAP_TOKEN_INFO_FOR_SYNC_PARCEL_H
+#define HAP_TOKEN_INFO_FOR_SYNC_PARCEL_H
+
+#include "hap_token_info.h"
+#include "parcel.h"
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+struct HapTokenInfoForSyncParcel final : public Parcelable {
+ HapTokenInfoForSyncParcel() = default;
+
+ ~HapTokenInfoForSyncParcel() override = default;
+
+ bool Marshalling(Parcel &out) const override;
+
+ static HapTokenInfoForSyncParcel *Unmarshalling(Parcel &in);
+
+ HapTokenInfoForSync hapTokenInfoForSyncParams;
+};
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
+#endif // HAP_TOKEN_INFO_FOR_SYNC_PARCEL_H
+
diff --git a/frameworks/accesstoken/include/hap_token_info_parcel.h b/frameworks/accesstoken/include/hap_token_info_parcel.h
new file mode 100644
index 0000000000000000000000000000000000000000..d13fda88a2ec7c89c5ab9be86f46f19db3d8841b
--- /dev/null
+++ b/frameworks/accesstoken/include/hap_token_info_parcel.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef HAP_TOKEN_INFO_PARCEL_H
+#define HAP_TOKEN_INFO_PARCEL_H
+
+#include "hap_token_info.h"
+
+#include "parcel.h"
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+struct HapTokenInfoParcel final : public Parcelable {
+ HapTokenInfoParcel() = default;
+
+ ~HapTokenInfoParcel() override = default;
+
+ bool Marshalling(Parcel &out) const override;
+
+ static HapTokenInfoParcel *Unmarshalling(Parcel &in);
+
+ HapTokenInfo hapTokenInfoParams;
+};
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
+#endif // HAP_TOKEN_INFO_PARCEL_H
diff --git a/frameworks/accesstoken/include/i_accesstoken_manager.h b/frameworks/accesstoken/include/i_accesstoken_manager.h
new file mode 100644
index 0000000000000000000000000000000000000000..12b1d3165ad69bd12b4b08c149115da08f444c23
--- /dev/null
+++ b/frameworks/accesstoken/include/i_accesstoken_manager.h
@@ -0,0 +1,106 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef I_ACCESSTOKEN_MANAGER_H
+#define I_ACCESSTOKEN_MANAGER_H
+
+#include
+
+#include "access_token.h"
+#include "errors.h"
+#include "hap_info_parcel.h"
+#include "hap_policy_parcel.h"
+#include "hap_token_info_for_sync_parcel.h"
+#include "hap_token_info_parcel.h"
+#include "iremote_broker.h"
+#include "native_token_info_parcel.h"
+#include "permission_def_parcel.h"
+#include "permission_state_full_parcel.h"
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+class IAccessTokenManager : public IRemoteBroker {
+public:
+ static const int SA_ID_ACCESSTOKEN_MANAGER_SERVICE = 3503;
+
+ DECLARE_INTERFACE_DESCRIPTOR(u"ohos.security.accesstoken.IAccessTokenManager");
+
+ virtual int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) = 0;
+ virtual int GetDefPermission(const std::string& permissionName, PermissionDefParcel& permissionDefResult) = 0;
+ virtual int GetDefPermissions(AccessTokenID tokenID, std::vector& permList) = 0;
+ virtual int GetReqPermissions(
+ AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) = 0;
+ virtual int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName) = 0;
+ virtual int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag) = 0;
+ virtual int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag) = 0;
+ virtual int ClearUserGrantedPermissionState(AccessTokenID tokenID) = 0;
+ virtual AccessTokenIDEx AllocHapToken(const HapInfoParcel& hapInfo, const HapPolicyParcel& policyParcel) = 0;
+ virtual int DeleteToken(AccessTokenID tokenID) = 0;
+ virtual int GetTokenType(AccessTokenID tokenID) = 0;
+ virtual int CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap) = 0;
+ virtual AccessTokenID GetHapTokenID(int userID, const std::string& bundleName, int instIndex) = 0;
+ virtual AccessTokenID AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID) = 0;
+ virtual int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoParcel& nativeTokenInfoRes) = 0;
+ virtual int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfoParcel& hapTokenInfoRes) = 0;
+ virtual int UpdateHapToken(
+ AccessTokenID tokenID, const std::string& appIDDesc, const HapPolicyParcel& policyParcel) = 0;
+
+ virtual int GetHapTokenInfoFromRemote(AccessTokenID tokenID,
+ HapTokenInfoForSyncParcel& hapSyncParcel) = 0;
+ virtual int GetAllNativeTokenInfo(std::vector& nativeTokenInfoRes) = 0;
+ virtual int SetRemoteHapTokenInfo(const std::string& deviceID,
+ HapTokenInfoForSyncParcel& hapSyncParcel) = 0;
+ virtual int SetRemoteNativeTokenInfo(const std::string& deviceID,
+ std::vector& nativeTokenInfoParcel) = 0;
+ virtual int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) = 0;
+ virtual int DeleteRemoteDeviceTokens(const std::string& deviceID) = 0;
+
+ virtual int DumpToken(std::string& dumpInfo) = 0;
+
+ enum class InterfaceCode {
+ VERIFY_ACCESSTOKEN = 0xff10,
+ GET_DEF_PERMISSION = 0xff11,
+ GET_DEF_PERMISSIONS = 0xff12,
+ GET_REQ_PERMISSIONS = 0xff13,
+ GET_PERMISSION_FLAG = 0xff14,
+ GRANT_PERMISSION = 0xff15,
+ REVOKE_PERMISSION = 0xff16,
+ CLEAR_USER_GRANT_PERMISSION = 0xff17,
+ ALLOC_TOKEN_HAP = 0xff18,
+ TOKEN_DELETE = 0xff19,
+ GET_TOKEN_TYPE = 0xff20,
+ CHECK_NATIVE_DCAP = 0xff21,
+ GET_HAP_TOKEN_ID = 0xff22,
+ ALLOC_LOCAL_TOKEN_ID = 0xff23,
+ GET_NATIVE_TOKENINFO = 0xff24,
+ GET_HAP_TOKENINFO = 0xff25,
+ UPDATE_HAP_TOKEN = 0xff26,
+
+ GET_HAP_TOKEN_FROM_REMOTE = 0xff27,
+ GET_ALL_NATIVE_TOKEN_FROM_REMOTE = 0xff28,
+ SET_REMOTE_HAP_TOKEN_INFO = 0xff29,
+ SET_REMOTE_NATIVE_TOKEN_INFO = 0xff2a,
+ DELETE_REMOTE_TOKEN_INFO = 0xff2b,
+ DELETE_REMOTE_DEVICE_TOKEN = 0xff2c,
+
+ DUMP = 0xff30,
+ };
+};
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
+
+#endif // I_ACCESSTOKEN_MANAGER_H
diff --git a/frameworks/accesstoken/include/native_token_info_parcel.h b/frameworks/accesstoken/include/native_token_info_parcel.h
new file mode 100644
index 0000000000000000000000000000000000000000..80bf8909cba6cc20826ab2b4276572fc058f91dc
--- /dev/null
+++ b/frameworks/accesstoken/include/native_token_info_parcel.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef NATIVE_TOKEN_INFO_PARCEL_H
+#define NATIVE_TOKEN_INFO_PARCEL_H
+
+#include "native_token_info.h"
+
+#include "parcel.h"
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+struct NativeTokenInfoParcel final : public Parcelable {
+ NativeTokenInfoParcel() = default;
+
+ ~NativeTokenInfoParcel() override = default;
+
+ bool Marshalling(Parcel &out) const override;
+
+ static NativeTokenInfoParcel *Unmarshalling(Parcel &in);
+
+ NativeTokenInfo nativeTokenInfoParams;
+};
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
+#endif // NATIVE_TOKEN_INFO_PARCEL_H
diff --git a/frameworks/accesstoken/include/permission_def_parcel.h b/frameworks/accesstoken/include/permission_def_parcel.h
new file mode 100644
index 0000000000000000000000000000000000000000..52e0a80c4197ea155f98ba126a7c13df22ac02f1
--- /dev/null
+++ b/frameworks/accesstoken/include/permission_def_parcel.h
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PERMISSION_DEF_PARCEL_H
+#define PERMISSION_DEF_PARCEL_H
+
+#include "permission_def.h"
+#include "parcel.h"
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+struct PermissionDefParcel final : public Parcelable {
+ PermissionDefParcel() = default;
+
+ ~PermissionDefParcel() override = default;
+
+ bool Marshalling(Parcel &out) const override;
+
+ static PermissionDefParcel *Unmarshalling(Parcel &in);
+
+ PermissionDef permissionDef;
+};
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
+#endif // PERMISSION_DEF_PARCEL_H
diff --git a/frameworks/accesstoken/include/permission_state_full_parcel.h b/frameworks/accesstoken/include/permission_state_full_parcel.h
new file mode 100644
index 0000000000000000000000000000000000000000..f4b8714a7a832d6291adff4992eee953e60f8994
--- /dev/null
+++ b/frameworks/accesstoken/include/permission_state_full_parcel.h
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef INTERFACES_INNER_KITS_PERMISSION_PERMISSION_STATE_FULL_PARCEL_H
+#define INTERFACES_INNER_KITS_PERMISSION_PERMISSION_STATE_FULL_PARCEL_H
+
+#include "permission_state_full.h"
+#include "parcel.h"
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+struct PermissionStateFullParcel final : public Parcelable {
+ PermissionStateFullParcel() = default;
+
+ ~PermissionStateFullParcel() override = default;
+
+ bool Marshalling(Parcel &out) const override;
+
+ static PermissionStateFullParcel *Unmarshalling(Parcel &in);
+
+ PermissionStateFull permStatFull;
+};
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
+#endif // INTERFACES_INNER_KITS_PERMISSION_PERMISSION_STATE_FULL_PARCEL_H
diff --git a/frameworks/accesstoken/src/hap_info_parcel.cpp b/frameworks/accesstoken/src/hap_info_parcel.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..c0e3d984a4e0764e108080ab227cf5a97b3088c9
--- /dev/null
+++ b/frameworks/accesstoken/src/hap_info_parcel.cpp
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "hap_info_parcel.h"
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+#define RETURN_IF_FALSE(expr) \
+ if (!(expr)) { \
+ return false; \
+ }
+
+#define RELEASE_IF_FALSE(expr, obj) \
+ if (!(expr)) { \
+ delete (obj); \
+ (obj) = nullptr; \
+ return (obj); \
+ }
+
+bool HapInfoParcel::Marshalling(Parcel& out) const
+{
+ RETURN_IF_FALSE(out.WriteInt32(this->hapInfoParameter.userID));
+ RETURN_IF_FALSE(out.WriteString(this->hapInfoParameter.bundleName));
+ RETURN_IF_FALSE(out.WriteInt32(this->hapInfoParameter.instIndex));
+ RETURN_IF_FALSE(out.WriteString(this->hapInfoParameter.appIDDesc));
+ return true;
+}
+
+HapInfoParcel* HapInfoParcel::Unmarshalling(Parcel& in)
+{
+ auto* hapInfoParcel = new (std::nothrow) HapInfoParcel();
+ RELEASE_IF_FALSE(hapInfoParcel != nullptr, hapInfoParcel);
+ RELEASE_IF_FALSE(in.ReadInt32(hapInfoParcel->hapInfoParameter.userID), hapInfoParcel);
+ hapInfoParcel->hapInfoParameter.bundleName = in.ReadString();
+ RELEASE_IF_FALSE(in.ReadInt32(hapInfoParcel->hapInfoParameter.instIndex), hapInfoParcel);
+ hapInfoParcel->hapInfoParameter.appIDDesc = in.ReadString();
+
+ return hapInfoParcel;
+}
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
diff --git a/frameworks/accesstoken/src/hap_policy_parcel.cpp b/frameworks/accesstoken/src/hap_policy_parcel.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..fe2a079ce567b4c73a33b60a68480c8a9c4487da
--- /dev/null
+++ b/frameworks/accesstoken/src/hap_policy_parcel.cpp
@@ -0,0 +1,92 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "hap_policy_parcel.h"
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+#define RETURN_IF_FALSE(expr) \
+ if (!(expr)) { \
+ return false; \
+ }
+
+#define RELEASE_IF_FALSE(expr, obj) \
+ if (!(expr)) { \
+ delete (obj); \
+ (obj) = nullptr; \
+ return (obj); \
+ }
+
+bool HapPolicyParcel::Marshalling(Parcel& out) const
+{
+ RETURN_IF_FALSE(out.WriteInt32(this->hapPolicyParameter.apl));
+ RETURN_IF_FALSE(out.WriteString(this->hapPolicyParameter.domain));
+
+ const std::vector& permList = this->hapPolicyParameter.permList;
+ int32_t permListSize = (int32_t)permList.size();
+ RETURN_IF_FALSE(out.WriteInt32(permListSize));
+
+ for (int i = 0; i < permListSize; i++) {
+ PermissionDefParcel permDefParcel;
+ permDefParcel.permissionDef = permList[i];
+ out.WriteParcelable(&permDefParcel);
+ }
+
+ const std::vector& permStateList = this->hapPolicyParameter.permStateList;
+ int32_t permStateListSize = (int32_t)permStateList.size();
+ RETURN_IF_FALSE(out.WriteInt32(permStateListSize));
+
+ for (int i = 0; i < permStateListSize; i++) {
+ PermissionStateFullParcel permStateParcel;
+ permStateParcel.permStatFull = permStateList[i];
+ out.WriteParcelable(&permStateParcel);
+ }
+
+ return true;
+}
+
+HapPolicyParcel* HapPolicyParcel::Unmarshalling(Parcel& in)
+{
+ auto* hapPolicyParcel = new (std::nothrow) HapPolicyParcel();
+ RELEASE_IF_FALSE(hapPolicyParcel != nullptr, hapPolicyParcel);
+
+ int32_t apl;
+ RELEASE_IF_FALSE(in.ReadInt32(apl), hapPolicyParcel);
+ hapPolicyParcel->hapPolicyParameter.apl = ATokenAplEnum(apl);
+
+ hapPolicyParcel->hapPolicyParameter.domain = in.ReadString();
+
+ int permListSize;
+ RELEASE_IF_FALSE(in.ReadInt32(permListSize), hapPolicyParcel);
+
+ for (int i = 0; i < permListSize; i++) {
+ sptr permDefParcel = in.ReadParcelable();
+ RELEASE_IF_FALSE(permDefParcel != nullptr, hapPolicyParcel);
+ hapPolicyParcel->hapPolicyParameter.permList.emplace_back(permDefParcel->permissionDef);
+ }
+
+ int permStateListSize;
+ RELEASE_IF_FALSE(in.ReadInt32(permStateListSize), hapPolicyParcel);
+ for (int i = 0; i < permStateListSize; i++) {
+ sptr permissionStateParcel = in.ReadParcelable();
+ RELEASE_IF_FALSE(permissionStateParcel != nullptr, hapPolicyParcel);
+ hapPolicyParcel->hapPolicyParameter.permStateList.emplace_back(permissionStateParcel->permStatFull);
+ }
+ return hapPolicyParcel;
+}
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
\ No newline at end of file
diff --git a/frameworks/accesstoken/src/hap_token_info_for_sync_parcel.cpp b/frameworks/accesstoken/src/hap_token_info_for_sync_parcel.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..1f3d642868d5f3a7d9909003d1288afbc0948758
--- /dev/null
+++ b/frameworks/accesstoken/src/hap_token_info_for_sync_parcel.cpp
@@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 2022 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "hap_token_info_for_sync_parcel.h"
+#include "hap_token_info_parcel.h"
+#include "permission_state_full_parcel.h"
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+#define RETURN_IF_FALSE(expr) \
+ if (!(expr)) { \
+ return false; \
+ }
+
+#define RELEASE_IF_FALSE(expr, obj) \
+ if (!(expr)) { \
+ delete (obj); \
+ (obj) = nullptr; \
+ return (obj); \
+ }
+
+bool HapTokenInfoForSyncParcel::Marshalling(Parcel& out) const
+{
+ HapTokenInfoParcel baseInfoParcel;
+ baseInfoParcel.hapTokenInfoParams = this->hapTokenInfoForSyncParams.baseInfo;
+ out.WriteParcelable(&baseInfoParcel);
+
+ const std::vector& permStateList = this->hapTokenInfoForSyncParams.permStateList;
+ int32_t permStateListSize = (int32_t)permStateList.size();
+ RETURN_IF_FALSE(out.WriteInt32(permStateListSize));
+
+ for (int i = 0; i < permStateListSize; i++) {
+ PermissionStateFullParcel permStateParcel;
+ permStateParcel.permStatFull = permStateList[i];
+ out.WriteParcelable(&permStateParcel);
+ }
+
+ return true;
+}
+
+HapTokenInfoForSyncParcel* HapTokenInfoForSyncParcel::Unmarshalling(Parcel& in)
+{
+ auto* hapTokenInfoForSyncParcel = new (std::nothrow) HapTokenInfoForSyncParcel();
+ RELEASE_IF_FALSE(hapTokenInfoForSyncParcel != nullptr, hapTokenInfoForSyncParcel);
+
+ sptr baseInfoParcel = in.ReadParcelable();
+ RELEASE_IF_FALSE(baseInfoParcel != nullptr, hapTokenInfoForSyncParcel);
+ hapTokenInfoForSyncParcel->hapTokenInfoForSyncParams.baseInfo = baseInfoParcel->hapTokenInfoParams;
+
+ int permStateListSize;
+ RELEASE_IF_FALSE(in.ReadInt32(permStateListSize), hapTokenInfoForSyncParcel);
+ for (int i = 0; i < permStateListSize; i++) {
+ sptr permissionStateParcel = in.ReadParcelable();
+ RELEASE_IF_FALSE(permissionStateParcel != nullptr, hapTokenInfoForSyncParcel);
+ hapTokenInfoForSyncParcel->hapTokenInfoForSyncParams.permStateList.emplace_back(
+ permissionStateParcel->permStatFull);
+ }
+ return hapTokenInfoForSyncParcel;
+}
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
+
diff --git a/frameworks/accesstoken/src/hap_token_info_parcel.cpp b/frameworks/accesstoken/src/hap_token_info_parcel.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..4a349518c03b3bdb005f771d049d14a4c02b69f1
--- /dev/null
+++ b/frameworks/accesstoken/src/hap_token_info_parcel.cpp
@@ -0,0 +1,68 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "hap_token_info_parcel.h"
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+#define RETURN_IF_FALSE(expr) \
+ if (!(expr)) { \
+ return false; \
+ }
+
+#define RELEASE_IF_FALSE(expr, obj) \
+ if (!(expr)) { \
+ delete (obj); \
+ (obj) = nullptr; \
+ return (obj); \
+ }
+
+bool HapTokenInfoParcel::Marshalling(Parcel& out) const
+{
+ RETURN_IF_FALSE(out.WriteInt32(this->hapTokenInfoParams.apl));
+ RETURN_IF_FALSE(out.WriteUint8(this->hapTokenInfoParams.ver));
+ RETURN_IF_FALSE(out.WriteInt32(this->hapTokenInfoParams.userID));
+ RETURN_IF_FALSE(out.WriteString(this->hapTokenInfoParams.bundleName));
+ RETURN_IF_FALSE(out.WriteInt32(this->hapTokenInfoParams.instIndex));
+ RETURN_IF_FALSE(out.WriteString(this->hapTokenInfoParams.appID));
+ RETURN_IF_FALSE(out.WriteString(this->hapTokenInfoParams.deviceID));
+ RETURN_IF_FALSE(out.WriteUint32(this->hapTokenInfoParams.tokenID));
+ RETURN_IF_FALSE(out.WriteUint32(this->hapTokenInfoParams.tokenAttr));
+ return true;
+}
+
+HapTokenInfoParcel* HapTokenInfoParcel::Unmarshalling(Parcel& in)
+{
+ auto* hapTokenInfoParcel = new (std::nothrow) HapTokenInfoParcel();
+ RELEASE_IF_FALSE(hapTokenInfoParcel != nullptr, hapTokenInfoParcel);
+ int apl;
+ uint8_t ver;
+ RELEASE_IF_FALSE(in.ReadInt32(apl), hapTokenInfoParcel);
+ hapTokenInfoParcel->hapTokenInfoParams.apl = ATokenAplEnum(apl);
+ RELEASE_IF_FALSE(in.ReadUint8(ver), hapTokenInfoParcel);
+ hapTokenInfoParcel->hapTokenInfoParams.ver = ver;
+ RELEASE_IF_FALSE(in.ReadInt32(hapTokenInfoParcel->hapTokenInfoParams.userID), hapTokenInfoParcel);
+ hapTokenInfoParcel->hapTokenInfoParams.bundleName = in.ReadString();
+ RELEASE_IF_FALSE(in.ReadInt32(hapTokenInfoParcel->hapTokenInfoParams.instIndex), hapTokenInfoParcel);
+ hapTokenInfoParcel->hapTokenInfoParams.appID = in.ReadString();
+ hapTokenInfoParcel->hapTokenInfoParams.deviceID = in.ReadString();
+ RELEASE_IF_FALSE(in.ReadUint32(hapTokenInfoParcel->hapTokenInfoParams.tokenID), hapTokenInfoParcel);
+ RELEASE_IF_FALSE(in.ReadUint32(hapTokenInfoParcel->hapTokenInfoParams.tokenAttr), hapTokenInfoParcel);
+ return hapTokenInfoParcel;
+}
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
\ No newline at end of file
diff --git a/frameworks/accesstoken/src/native_token_info_parcel.cpp b/frameworks/accesstoken/src/native_token_info_parcel.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..50795dc3639b7582487c11128d8cae684313bc98
--- /dev/null
+++ b/frameworks/accesstoken/src/native_token_info_parcel.cpp
@@ -0,0 +1,79 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "native_token_info_parcel.h"
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+#define RETURN_IF_FALSE(expr) \
+ if (!(expr)) { \
+ return false; \
+ }
+
+#define RELEASE_IF_FALSE(expr, obj) \
+ if (!(expr)) { \
+ delete (obj); \
+ (obj) = nullptr; \
+ return (obj); \
+ }
+
+bool NativeTokenInfoParcel::Marshalling(Parcel& out) const
+{
+ RETURN_IF_FALSE(out.WriteInt32(this->nativeTokenInfoParams.apl));
+ RETURN_IF_FALSE(out.WriteUint8(this->nativeTokenInfoParams.ver));
+ RETURN_IF_FALSE(out.WriteString(this->nativeTokenInfoParams.processName));
+ RETURN_IF_FALSE(out.WriteUint32(this->nativeTokenInfoParams.tokenID));
+ RETURN_IF_FALSE(out.WriteUint32(this->nativeTokenInfoParams.tokenAttr));
+
+ int dcapSize = (int)(this->nativeTokenInfoParams.dcap).size();
+ RETURN_IF_FALSE(out.WriteInt32(dcapSize));
+
+ for (auto dcapItem : this->nativeTokenInfoParams.dcap) {
+ RETURN_IF_FALSE(out.WriteString(dcapItem));
+ }
+
+ return true;
+}
+
+NativeTokenInfoParcel* NativeTokenInfoParcel::Unmarshalling(Parcel& in)
+{
+ auto* nativeTokenInfoParcel = new (std::nothrow) NativeTokenInfoParcel();
+ RELEASE_IF_FALSE(nativeTokenInfoParcel != nullptr, nativeTokenInfoParcel);
+
+ int32_t apl;
+ uint8_t ver;
+ RELEASE_IF_FALSE(in.ReadInt32(apl), nativeTokenInfoParcel);
+ RELEASE_IF_FALSE(in.ReadUint8(ver), nativeTokenInfoParcel);
+ nativeTokenInfoParcel->nativeTokenInfoParams.apl = ATokenAplEnum(apl);
+ nativeTokenInfoParcel->nativeTokenInfoParams.ver = ver;
+
+ nativeTokenInfoParcel->nativeTokenInfoParams.processName = in.ReadString();
+ RELEASE_IF_FALSE(in.ReadUint32(nativeTokenInfoParcel->nativeTokenInfoParams.tokenID), nativeTokenInfoParcel);
+ RELEASE_IF_FALSE(in.ReadUint32(nativeTokenInfoParcel->nativeTokenInfoParams.tokenAttr), nativeTokenInfoParcel);
+
+ int dcapSize;
+ RELEASE_IF_FALSE(in.ReadInt32(dcapSize), nativeTokenInfoParcel);
+
+ for (int i = 0; i < dcapSize; i++) {
+ std::string dcapsItem;
+ RELEASE_IF_FALSE(in.ReadString(dcapsItem), nativeTokenInfoParcel);
+ nativeTokenInfoParcel->nativeTokenInfoParams.dcap.emplace_back(dcapsItem);
+ }
+ return nativeTokenInfoParcel;
+}
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
\ No newline at end of file
diff --git a/frameworks/accesstoken/src/permission_def_parcel.cpp b/frameworks/accesstoken/src/permission_def_parcel.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..09943e9a04725d43096c7aa1b2260d329927a320
--- /dev/null
+++ b/frameworks/accesstoken/src/permission_def_parcel.cpp
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "permission_def_parcel.h"
+
+#include "access_token.h"
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+#define RETURN_IF_FALSE(expr) \
+ if (!(expr)) { \
+ return false; \
+ }
+
+#define RELEASE_IF_FALSE(expr, obj) \
+ if (!(expr)) { \
+ delete (obj); \
+ (obj) = nullptr; \
+ return (obj); \
+ }
+
+bool PermissionDefParcel::Marshalling(Parcel& out) const
+{
+ RETURN_IF_FALSE(out.WriteString(this->permissionDef.permissionName));
+ RETURN_IF_FALSE(out.WriteString(this->permissionDef.bundleName));
+ RETURN_IF_FALSE(out.WriteInt32(this->permissionDef.grantMode));
+ RETURN_IF_FALSE(out.WriteInt32(this->permissionDef.availableLevel));
+ RETURN_IF_FALSE(out.WriteBool(this->permissionDef.provisionEnable));
+ RETURN_IF_FALSE(out.WriteBool(this->permissionDef.distributedSceneEnable));
+ RETURN_IF_FALSE(out.WriteString(this->permissionDef.label));
+ RETURN_IF_FALSE(out.WriteInt32(this->permissionDef.labelId));
+ RETURN_IF_FALSE(out.WriteString(this->permissionDef.description));
+ RETURN_IF_FALSE(out.WriteInt32(this->permissionDef.descriptionId));
+ return true;
+}
+
+PermissionDefParcel* PermissionDefParcel::Unmarshalling(Parcel& in)
+{
+ auto* permissionDefParcel = new (std::nothrow) PermissionDefParcel();
+ RELEASE_IF_FALSE(permissionDefParcel != nullptr, permissionDefParcel);
+ permissionDefParcel->permissionDef.permissionName = in.ReadString();
+ permissionDefParcel->permissionDef.bundleName = in.ReadString();
+ RELEASE_IF_FALSE(in.ReadInt32(permissionDefParcel->permissionDef.grantMode), permissionDefParcel);
+
+ int level;
+ RELEASE_IF_FALSE(in.ReadInt32(level), permissionDefParcel);
+ permissionDefParcel->permissionDef.availableLevel = ATokenAplEnum(level);
+
+ RELEASE_IF_FALSE(in.ReadBool(permissionDefParcel->permissionDef.provisionEnable), permissionDefParcel);
+ RELEASE_IF_FALSE(in.ReadBool(permissionDefParcel->permissionDef.distributedSceneEnable), permissionDefParcel);
+ permissionDefParcel->permissionDef.label = in.ReadString();
+ RELEASE_IF_FALSE(in.ReadInt32(permissionDefParcel->permissionDef.labelId), permissionDefParcel);
+ permissionDefParcel->permissionDef.description = in.ReadString();
+ RELEASE_IF_FALSE(in.ReadInt32(permissionDefParcel->permissionDef.descriptionId), permissionDefParcel);
+ return permissionDefParcel;
+}
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
diff --git a/frameworks/accesstoken/src/permission_state_full_parcel.cpp b/frameworks/accesstoken/src/permission_state_full_parcel.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..2a5dd6fe5cdbf69db08a04302875af6572b34610
--- /dev/null
+++ b/frameworks/accesstoken/src/permission_state_full_parcel.cpp
@@ -0,0 +1,90 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "permission_state_full_parcel.h"
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+#define RETURN_IF_FALSE(expr) \
+ if (!(expr)) { \
+ return false; \
+ }
+
+#define RELEASE_IF_FALSE(expr, obj) \
+ if (!(expr)) { \
+ delete (obj); \
+ (obj) = nullptr; \
+ return (obj); \
+ }
+
+bool PermissionStateFullParcel::Marshalling(Parcel& out) const
+{
+ RETURN_IF_FALSE(out.WriteString(this->permStatFull.permissionName));
+ RETURN_IF_FALSE(out.WriteBool(this->permStatFull.isGeneral));
+
+ RETURN_IF_FALSE(out.WriteInt32((int32_t)(this->permStatFull.resDeviceID.size())));
+ for (auto devId : this->permStatFull.resDeviceID) {
+ RETURN_IF_FALSE(out.WriteString(devId));
+ }
+
+ RETURN_IF_FALSE(out.WriteInt32((int32_t)(this->permStatFull.grantStatus.size())));
+ for (auto grantStat : this->permStatFull.grantStatus) {
+ RETURN_IF_FALSE(out.WriteInt32(grantStat));
+ }
+
+ RETURN_IF_FALSE(out.WriteInt32((int32_t)(this->permStatFull.grantFlags.size())));
+ for (auto grantFlag : this->permStatFull.grantFlags) {
+ RETURN_IF_FALSE(out.WriteInt32(grantFlag));
+ }
+ return true;
+}
+
+PermissionStateFullParcel* PermissionStateFullParcel::Unmarshalling(Parcel& in)
+{
+ auto* permissionStateParcel = new (std::nothrow) PermissionStateFullParcel();
+ RELEASE_IF_FALSE(permissionStateParcel != nullptr, permissionStateParcel);
+
+ RELEASE_IF_FALSE(in.ReadString(permissionStateParcel->permStatFull.permissionName), permissionStateParcel);
+ RELEASE_IF_FALSE(in.ReadBool(permissionStateParcel->permStatFull.isGeneral), permissionStateParcel);
+
+ int resIdSize = 0;
+ RELEASE_IF_FALSE(in.ReadInt32(resIdSize), permissionStateParcel);
+ for (int i = 0; i < resIdSize; i++) {
+ std::string resId;
+ RELEASE_IF_FALSE(in.ReadString(resId), permissionStateParcel);
+ permissionStateParcel->permStatFull.resDeviceID.emplace_back(resId);
+ }
+
+ int grantStatsSize = 0;
+ RELEASE_IF_FALSE(in.ReadInt32(grantStatsSize), permissionStateParcel);
+ for (int i = 0; i < grantStatsSize; i++) {
+ int grantStat;
+ RELEASE_IF_FALSE(in.ReadInt32(grantStat), permissionStateParcel);
+ permissionStateParcel->permStatFull.grantStatus.emplace_back(grantStat);
+ }
+
+ int grantFlagSize = 0;
+ RELEASE_IF_FALSE(in.ReadInt32(grantFlagSize), permissionStateParcel);
+ for (int i = 0; i < grantFlagSize; i++) {
+ int flag;
+ RELEASE_IF_FALSE(in.ReadInt32(flag), permissionStateParcel);
+ permissionStateParcel->permStatFull.grantFlags.emplace_back(flag);
+ }
+ return permissionStateParcel;
+}
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
\ No newline at end of file
diff --git a/frameworks/com.ohos.permissionmanager/build.gradle b/frameworks/com.ohos.permissionmanager/build.gradle
new file mode 100644
index 0000000000000000000000000000000000000000..924a888a108e0af16c918e3b049937f48089a7bf
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/build.gradle
@@ -0,0 +1,33 @@
+// Top-level build file where you can add configuration options common to all sub-projects/modules.
+apply plugin: 'com.huawei.ohos.app'
+
+//For instructions on signature configuration, see https://developer.harmonyos.com/cn/docs/documentation/doc-guides/ide_debug_device-0000001053822404#section1112183053510
+ohos {
+ compileSdkVersion 7
+}
+
+buildscript {
+ repositories {
+ maven {
+ url 'https://repo.huaweicloud.com/repository/maven/'
+ }
+ maven {
+ url 'https://developer.huawei.com/repo/'
+ }
+ }
+ dependencies {
+ classpath 'com.huawei.ohos:hap:3.0.5.2'
+ classpath 'com.huawei.ohos:decctest:1.2.7.2'
+ }
+}
+
+allprojects {
+ repositories {
+ maven {
+ url 'https://repo.huaweicloud.com/repository/maven/'
+ }
+ maven {
+ url 'https://developer.huawei.com/repo/'
+ }
+ }
+}
diff --git a/frameworks/com.ohos.permissionmanager/entry/.gitignore b/frameworks/com.ohos.permissionmanager/entry/.gitignore
new file mode 100644
index 0000000000000000000000000000000000000000..7d5b7a94f4dcf381f03ff21f28f8a2494b58023f
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/entry/.gitignore
@@ -0,0 +1,2 @@
+/build
+/node_modules
diff --git a/frameworks/com.ohos.permissionmanager/entry/build.gradle b/frameworks/com.ohos.permissionmanager/entry/build.gradle
new file mode 100644
index 0000000000000000000000000000000000000000..0f0156791bf6048a230e13abccb9d631170209dc
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/entry/build.gradle
@@ -0,0 +1,26 @@
+apply plugin: 'com.huawei.ohos.hap'
+apply plugin: 'com.huawei.ohos.decctest'
+//For instructions on signature configuration, see https://developer.harmonyos.com/cn/docs/documentation/doc-guides/ide_debug_device-0000001053822404#section1112183053510
+ohos {
+ compileSdkVersion 7
+ defaultConfig {
+ compatibleSdkVersion 7
+ }
+ buildTypes {
+ release {
+ proguardOpt {
+ proguardEnabled false
+ rulesFiles 'proguard-rules.pro'
+ }
+ }
+ }
+}
+
+dependencies {
+ implementation fileTree(dir: 'libs', include: ['*.jar', '*.har'])
+ testImplementation 'junit:junit:4.13.1'
+ ohosTestImplementation 'com.huawei.ohos.testkit:runner:2.0.0.200'
+}
+decc {
+ supportType = ['html','xml']
+}
diff --git a/frameworks/com.ohos.permissionmanager/entry/proguard-rules.pro b/frameworks/com.ohos.permissionmanager/entry/proguard-rules.pro
new file mode 100644
index 0000000000000000000000000000000000000000..f7666e47561d514b2a76d5a7dfbb43ede86da92a
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/entry/proguard-rules.pro
@@ -0,0 +1 @@
+# config module specific ProGuard rules here.
\ No newline at end of file
diff --git a/frameworks/com.ohos.permissionmanager/entry/src/main/config.json b/frameworks/com.ohos.permissionmanager/entry/src/main/config.json
new file mode 100644
index 0000000000000000000000000000000000000000..165e0d3bd16be20696ddac1f4660634cb7ffb98f
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/entry/src/main/config.json
@@ -0,0 +1,63 @@
+{
+ "app": {
+ "bundleName": "com.ohos.permissionmanager",
+ "vendor": "ohos",
+ "version": {
+ "code": 1000000,
+ "name": "1.0.0"
+ }
+ },
+ "deviceConfig": {},
+ "module": {
+ "package": "com.ohos.permissionmanager",
+ "name": ".MyApplication",
+ "mainAbility": "com.ohos.permissionmanager.MainAbility",
+ "deviceType": [
+ "phone",
+ "tablet"
+ ],
+ "distro": {
+ "deliveryWithInstall": true,
+ "moduleName": "entry",
+ "moduleType": "entry",
+ "installationFree": false
+ },
+ "abilities": [
+ {
+ "skills": [
+ {
+ "entities": [
+ "entity.system.home"
+ ],
+ "actions": [
+ "action.system.home"
+ ]
+ }
+ ],
+ "visible": true,
+ "name": "com.ohos.permissionmanager.MainAbility",
+ "icon": "$media:icon",
+ "description": "$string:mainability_description",
+ "label": "$string:entry_MainAbility",
+ "type": "page",
+ "launchType": "standard"
+ }
+ ],
+ "js": [
+ {
+ "mode": {
+ "syntax": "ets",
+ "type": "pageAbility"
+ },
+ "pages": [
+ "pages/index"
+ ],
+ "name": "default",
+ "window": {
+ "designWidth": 720,
+ "autoDesignWidth": false
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/frameworks/com.ohos.permissionmanager/entry/src/main/ets/default/app.ets b/frameworks/com.ohos.permissionmanager/entry/src/main/ets/default/app.ets
new file mode 100644
index 0000000000000000000000000000000000000000..2a3b6238737330f469fc124b0669aacd9a376056
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/entry/src/main/ets/default/app.ets
@@ -0,0 +1,23 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+export default {
+ onCreate() {
+ console.info('Application onCreate')
+ },
+ onDestroy() {
+ console.info('Application onDestroy')
+ },
+}
diff --git a/frameworks/com.ohos.permissionmanager/entry/src/main/ets/default/pages/index.ets b/frameworks/com.ohos.permissionmanager/entry/src/main/ets/default/pages/index.ets
new file mode 100644
index 0000000000000000000000000000000000000000..4572857a3fb9c18efbf83a9af8674fc175f2dbeb
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/entry/src/main/ets/default/pages/index.ets
@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+@Entry
+@Component
+struct Index {
+ build() {
+ Flex({ direction: FlexDirection.Column, alignItems: ItemAlign.Center, justifyContent: FlexAlign.Center }) {
+ Text('Hello World')
+ .fontSize(50)
+ .fontWeight(FontWeight.Bold)
+ }
+ .width('100%')
+ .height('100%')
+ }
+}
diff --git a/frameworks/com.ohos.permissionmanager/entry/src/main/java/com/ohos/permissionmanager/MainAbility.java b/frameworks/com.ohos.permissionmanager/entry/src/main/java/com/ohos/permissionmanager/MainAbility.java
new file mode 100644
index 0000000000000000000000000000000000000000..5e73933e0b4c0b4d24db9021f2d89c66d6bbe8d9
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/entry/src/main/java/com/ohos/permissionmanager/MainAbility.java
@@ -0,0 +1,16 @@
+package com.ohos.permissionmanager;
+
+import ohos.ace.ability.AceAbility;
+import ohos.aafwk.content.Intent;
+
+public class MainAbility extends AceAbility {
+ @Override
+ public void onStart(Intent intent) {
+ super.onStart(intent);
+ }
+
+ @Override
+ public void onStop() {
+ super.onStop();
+ }
+}
diff --git a/frameworks/com.ohos.permissionmanager/entry/src/main/java/com/ohos/permissionmanager/MyApplication.java b/frameworks/com.ohos.permissionmanager/entry/src/main/java/com/ohos/permissionmanager/MyApplication.java
new file mode 100644
index 0000000000000000000000000000000000000000..8c75d4e56c1ee06e2ee83469c50be84ef00af14e
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/entry/src/main/java/com/ohos/permissionmanager/MyApplication.java
@@ -0,0 +1,10 @@
+package com.ohos.permissionmanager;
+
+import ohos.aafwk.ability.AbilityPackage;
+
+public class MyApplication extends AbilityPackage {
+ @Override
+ public void onInitialize() {
+ super.onInitialize();
+ }
+}
diff --git a/frameworks/com.ohos.permissionmanager/entry/src/main/resources/base/element/string.json b/frameworks/com.ohos.permissionmanager/entry/src/main/resources/base/element/string.json
new file mode 100644
index 0000000000000000000000000000000000000000..bc3df790ef54add880b08cf9dbd43bc45a9137d4
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/entry/src/main/resources/base/element/string.json
@@ -0,0 +1,12 @@
+{
+ "string": [
+ {
+ "name": "entry_MainAbility",
+ "value": "entry_MainAbility"
+ },
+ {
+ "name": "mainability_description",
+ "value": "eTS_Empty Ability"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/frameworks/com.ohos.permissionmanager/entry/src/main/resources/base/media/icon.png b/frameworks/com.ohos.permissionmanager/entry/src/main/resources/base/media/icon.png
new file mode 100644
index 0000000000000000000000000000000000000000..ce307a8827bd75456441ceb57d530e4c8d45d36c
Binary files /dev/null and b/frameworks/com.ohos.permissionmanager/entry/src/main/resources/base/media/icon.png differ
diff --git a/frameworks/com.ohos.permissionmanager/entry/src/ohosTest/ets/default/app.ets b/frameworks/com.ohos.permissionmanager/entry/src/ohosTest/ets/default/app.ets
new file mode 100644
index 0000000000000000000000000000000000000000..fd310895976fc0623ac1bdc3ded2ab5209393f62
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/entry/src/ohosTest/ets/default/app.ets
@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+export default {
+ onCreate() {
+ console.info('Application onCreate')
+ },
+ onShow() {
+ console.info('Application onShow')
+ },
+ onDestroy() {
+ console.info('Application onDestroy')
+ },
+}
diff --git a/frameworks/com.ohos.permissionmanager/entry/src/ohosTest/ets/default/i18n/en-US.json b/frameworks/com.ohos.permissionmanager/entry/src/ohosTest/ets/default/i18n/en-US.json
new file mode 100644
index 0000000000000000000000000000000000000000..55561b83737c3c31d082fbfa11e5fc987a351104
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/entry/src/ohosTest/ets/default/i18n/en-US.json
@@ -0,0 +1,8 @@
+{
+ "strings": {
+ "hello": "Hello",
+ "world": "World"
+ },
+ "Files": {
+ }
+}
\ No newline at end of file
diff --git a/frameworks/com.ohos.permissionmanager/entry/src/ohosTest/ets/default/i18n/zh-CN.json b/frameworks/com.ohos.permissionmanager/entry/src/ohosTest/ets/default/i18n/zh-CN.json
new file mode 100644
index 0000000000000000000000000000000000000000..cce1af06761a42add0cac1a0567aa3237eda8cb4
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/entry/src/ohosTest/ets/default/i18n/zh-CN.json
@@ -0,0 +1,8 @@
+{
+ "strings": {
+ "hello": "您好",
+ "world": "世界"
+ },
+ "Files": {
+ }
+}
\ No newline at end of file
diff --git a/frameworks/com.ohos.permissionmanager/entry/src/ohosTest/ets/default/pages/index/index.ets b/frameworks/com.ohos.permissionmanager/entry/src/ohosTest/ets/default/pages/index/index.ets
new file mode 100644
index 0000000000000000000000000000000000000000..2ebd82564e904d46ae1a9c3ca8867307af17f6de
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/entry/src/ohosTest/ets/default/pages/index/index.ets
@@ -0,0 +1,64 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import {Core, ExpectExtend, InstrumentLog} from "deccjsunit/index"
+import testsuite from "../../../test/List.test.ets"
+import featureAbility from "@ohos.ability.featureAbility"
+
+@Entry
+@Component
+struct MyComponent {
+ aboutToAppear() {
+ console.info("start run testcase!!!!")
+ featureAbility.getWant()
+ .then((Want) => {
+ const core = Core.getInstance()
+ const expectExtend = new ExpectExtend({
+ 'id': 'extend'
+ })
+ const instrumentLog = new InstrumentLog({
+ 'id': 'report', 'unity': 'true'
+ })
+ core.addService('expect', expectExtend)
+ core.addService('report', instrumentLog)
+ core.init()
+ core.subscribeEvent('spec', instrumentLog)
+ core.subscribeEvent('suite', instrumentLog)
+ core.subscribeEvent('task', instrumentLog)
+ const configService = core.getDefaultService('config')
+ configService.setConfig(Want.parameters)
+ testsuite()
+ core.execute()
+ console.info('Operation successful. Data: ' + JSON.stringify(Want));
+ })
+ .catch((error) => {
+ console.error('Operation failed. Cause: ' + JSON.stringify(error));
+ })
+ }
+
+ build() {
+ Flex({
+ direction: FlexDirection.Column,
+ alignItems: ItemAlign.Center,
+ justifyContent: FlexAlign.Center
+ }) {
+ Text('Hello World')
+ .fontSize(50)
+ .fontWeight(FontWeight.Bold)
+ }
+ .width('100%')
+ .height('100%')
+ }
+}
diff --git a/frameworks/com.ohos.permissionmanager/entry/src/ohosTest/ets/test/ExampleJsunit.test.ets b/frameworks/com.ohos.permissionmanager/entry/src/ohosTest/ets/test/ExampleJsunit.test.ets
new file mode 100644
index 0000000000000000000000000000000000000000..35824cab41eb5d75507485b5d95e23c8d4d57f2d
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/entry/src/ohosTest/ets/test/ExampleJsunit.test.ets
@@ -0,0 +1,27 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import {describe, beforeAll, beforeEach, afterEach, afterAll, it, expect} from "deccjsunit/index"
+import app from '@system.app'
+
+export default function exampleJsunit() {
+ describe('appInfoTest', function () {
+ it('app_info_test_001', 0, function () {
+ var info = app.getInfo()
+ expect("1.0").assertEqual('1.0')
+ expect(info.versionCode).assertEqual('3')
+ })
+ })
+}
diff --git a/frameworks/com.ohos.permissionmanager/entry/src/ohosTest/ets/test/List.test.ets b/frameworks/com.ohos.permissionmanager/entry/src/ohosTest/ets/test/List.test.ets
new file mode 100644
index 0000000000000000000000000000000000000000..e659c7498c0278c228641fa8eabf91893a84d8e7
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/entry/src/ohosTest/ets/test/List.test.ets
@@ -0,0 +1,20 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import exampleJsunit from "../test/ExampleJsunit.test.ets"
+
+export default function testsuite() {
+ exampleJsunit()
+}
diff --git a/frameworks/com.ohos.permissionmanager/entry/src/ohosTest/java/com/ohos/permissionmanager/ExampleOhosTest.java b/frameworks/com.ohos.permissionmanager/entry/src/ohosTest/java/com/ohos/permissionmanager/ExampleOhosTest.java
new file mode 100644
index 0000000000000000000000000000000000000000..9482d133c3b1866f581978213dce868e966f5e9d
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/entry/src/ohosTest/java/com/ohos/permissionmanager/ExampleOhosTest.java
@@ -0,0 +1,14 @@
+package com.ohos.permissionmanager;
+
+import ohos.aafwk.ability.delegation.AbilityDelegatorRegistry;
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+
+public class ExampleOhosTest {
+ @Test
+ public void testBundleName() {
+ final String actualBundleName = AbilityDelegatorRegistry.getArguments().getTestBundleName();
+ assertEquals("com.ohos.permissionmanager", actualBundleName);
+ }
+}
\ No newline at end of file
diff --git a/frameworks/com.ohos.permissionmanager/entry/src/ohosTest/resources/base/element/string.json b/frameworks/com.ohos.permissionmanager/entry/src/ohosTest/resources/base/element/string.json
new file mode 100644
index 0000000000000000000000000000000000000000..998415d3588045c96c5d9db329c45087769c1d92
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/entry/src/ohosTest/resources/base/element/string.json
@@ -0,0 +1,12 @@
+{
+ "string": [
+ {
+ "name": "app_name",
+ "value": "finalApplication"
+ },
+ {
+ "name": "mainability_description",
+ "value": "hap sample empty page"
+ }
+ ]
+}
diff --git a/frameworks/com.ohos.permissionmanager/entry/src/ohosTest/resources/base/media/icon.png b/frameworks/com.ohos.permissionmanager/entry/src/ohosTest/resources/base/media/icon.png
new file mode 100644
index 0000000000000000000000000000000000000000..ce307a8827bd75456441ceb57d530e4c8d45d36c
Binary files /dev/null and b/frameworks/com.ohos.permissionmanager/entry/src/ohosTest/resources/base/media/icon.png differ
diff --git a/frameworks/com.ohos.permissionmanager/gradle.properties b/frameworks/com.ohos.permissionmanager/gradle.properties
new file mode 100644
index 0000000000000000000000000000000000000000..be492496f9a20ac2d980ef4fc30061f4184c1c40
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/gradle.properties
@@ -0,0 +1,13 @@
+# Project-wide Gradle settings.
+# IDE (e.g. DevEco Studio) users:
+# Gradle settings configured through the IDE *will override*
+# any settings specified in this file.
+# For more details on how to configure your build environment visit
+# http://www.gradle.org/docs/current/userguide/build_environment.html
+# Specifies the JVM arguments used for the daemon process.
+# The setting is particularly useful for tweaking memory settings.
+# If the Chinese output is garbled, please configure the following parameter.
+# This function is enabled by default when the DevEco Studio builds the hap/app,if you need disable gradle parallel,you should set org.gradle.parallel false.
+# more information see https://docs.gradle.org/current/userguide/performance.html
+# org.gradle.parallel=false
+# org.gradle.jvmargs=-Dfile.encoding=GBK
\ No newline at end of file
diff --git a/frameworks/com.ohos.permissionmanager/gradlew b/frameworks/com.ohos.permissionmanager/gradlew
new file mode 100644
index 0000000000000000000000000000000000000000..120f1adf94a915f110fef9c186e9138ee25bcc97
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/gradlew
@@ -0,0 +1,183 @@
+#!/usr/bin/env sh
+
+#
+# Copyright (c) 2021 Huawei Device Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+##############################################################################
+##
+## Gradle start up script for UN*X
+##
+##############################################################################
+
+# Attempt to set APP_HOME
+# Resolve links: $0 may be a link
+PRG="$0"
+# Need this for relative symlinks.
+while [ -h "$PRG" ]; do
+ ls=$(ls -ld "$PRG")
+ link=$(expr "$ls" : '.*-> \(.*\)$')
+ if expr "$link" : '/.*' >/dev/null; then
+ PRG="$link"
+ else
+ PRG=$(dirname "$PRG")"/$link"
+ fi
+done
+SAVED="$(pwd)"
+cd "$(dirname \"$PRG\")/" >/dev/null
+APP_HOME="$(pwd -P)"
+cd "$SAVED" >/dev/null
+
+APP_NAME="Gradle"
+APP_BASE_NAME=$(basename "$0")
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+
+# Use the maximum available, or set MAX_FD != -1 to use that value.
+MAX_FD="maximum"
+
+warn() {
+ echo "$*"
+}
+
+die() {
+ echo
+ echo "$*"
+ echo
+ exit 1
+}
+
+# OS specific support (must be 'true' or 'false').
+cygwin=false
+msys=false
+darwin=false
+nonstop=false
+case "$(uname)" in
+CYGWIN*)
+ cygwin=true
+ ;;
+Darwin*)
+ darwin=true
+ ;;
+MINGW*)
+ msys=true
+ ;;
+NONSTOP*)
+ nonstop=true
+ ;;
+esac
+
+CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
+
+# Determine the Java command to use to start the JVM.
+if [ -n "$JAVA_HOME" ]; then
+ if [ -x "$JAVA_HOME/jre/sh/java" ]; then
+ # IBM's JDK on AIX uses strange locations for the executables
+ JAVACMD="$JAVA_HOME/jre/sh/java"
+ else
+ JAVACMD="$JAVA_HOME/bin/java"
+ fi
+ if [ ! -x "$JAVACMD" ]; then
+ die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+ fi
+else
+ JAVACMD="java"
+ which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+fi
+
+# Increase the maximum file descriptors if we can.
+if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ]; then
+ MAX_FD_LIMIT=$(ulimit -H -n)
+ if [ $? -eq 0 ]; then
+ if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ]; then
+ MAX_FD="$MAX_FD_LIMIT"
+ fi
+ ulimit -n $MAX_FD
+ if [ $? -ne 0 ]; then
+ warn "Could not set maximum file descriptor limit: $MAX_FD"
+ fi
+ else
+ warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
+ fi
+fi
+
+# For Darwin, add options to specify how the application appears in the dock
+if $darwin; then
+ GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
+fi
+
+# For Cygwin or MSYS, switch paths to Windows format before running java
+if [ "$cygwin" = "true" -o "$msys" = "true" ]; then
+ APP_HOME=$(cygpath --path --mixed "$APP_HOME")
+ CLASSPATH=$(cygpath --path --mixed "$CLASSPATH")
+ JAVACMD=$(cygpath --unix "$JAVACMD")
+
+ # We build the pattern for arguments to be converted via cygpath
+ ROOTDIRSRAW=$(find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null)
+ SEP=""
+ for dir in $ROOTDIRSRAW; do
+ ROOTDIRS="$ROOTDIRS$SEP$dir"
+ SEP="|"
+ done
+ OURCYGPATTERN="(^($ROOTDIRS))"
+ # Add a user-defined pattern to the cygpath arguments
+ if [ "$GRADLE_CYGPATTERN" != "" ]; then
+ OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
+ fi
+ # Now convert the arguments - kludge to limit ourselves to /bin/sh
+ i=0
+ for arg in "$@"; do
+ CHECK=$(echo "$arg" | egrep -c "$OURCYGPATTERN" -)
+ CHECK2=$(echo "$arg" | egrep -c "^-") ### Determine if an option
+
+ if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ]; then ### Added a condition
+ eval $(echo args$i)=$(cygpath --path --ignore --mixed "$arg")
+ else
+ eval $(echo args$i)="\"$arg\""
+ fi
+ i=$(expr $i + 1)
+ done
+ case $i in
+ 0) set -- ;;
+ 1) set -- "$args0" ;;
+ 2) set -- "$args0" "$args1" ;;
+ 3) set -- "$args0" "$args1" "$args2" ;;
+ 4) set -- "$args0" "$args1" "$args2" "$args3" ;;
+ 5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
+ 6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
+ 7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
+ 8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
+ 9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
+ esac
+fi
+
+# Escape application args
+save() {
+ for i; do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/"; done
+ echo " "
+}
+APP_ARGS=$(save "$@")
+
+# Collect all arguments for the java command, following the shell quoting and substitution rules
+eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
+
+exec "$JAVACMD" "$@"
diff --git a/frameworks/com.ohos.permissionmanager/gradlew.bat b/frameworks/com.ohos.permissionmanager/gradlew.bat
new file mode 100644
index 0000000000000000000000000000000000000000..acdc32e2dae3e8e42e391878d96766acce16af0a
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/gradlew.bat
@@ -0,0 +1,103 @@
+@rem
+@rem Copyright (c) 2021 Huawei Device Co., Ltd.
+@rem
+@rem Licensed under the Apache License, Version 2.0 (the "License");
+@rem you may not use this file except in compliance with the License.
+@rem You may obtain a copy of the License at
+@rem
+@rem http://www.apache.org/licenses/LICENSE-2.0
+@rem
+@rem Unless required by applicable law or agreed to in writing, software
+@rem distributed under the License is distributed on an "AS IS" BASIS,
+@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+@rem See the License for the specific language governing permissions and
+@rem limitations under the License.
+@rem
+
+@if "%DEBUG%" == "" @echo off
+@rem ##########################################################################
+@rem
+@rem Gradle startup script for Windows
+@rem
+@rem ##########################################################################
+
+@rem Set local scope for the variables with windows NT shell
+if "%OS%"=="Windows_NT" setlocal
+
+set DIRNAME=%~dp0
+if "%DIRNAME%" == "" set DIRNAME=.
+set APP_BASE_NAME=%~n0
+set APP_HOME=%DIRNAME%
+
+@rem Resolve any "." and ".." in APP_HOME to make it shorter.
+for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
+
+@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
+
+@rem Find java.exe
+if defined JAVA_HOME goto findJavaFromJavaHome
+
+set JAVA_EXE=java.exe
+%JAVA_EXE% -version >NUL 2>&1
+if "%ERRORLEVEL%" == "0" goto init
+
+echo.
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:findJavaFromJavaHome
+set JAVA_HOME=%JAVA_HOME:"=%
+set JAVA_EXE=%JAVA_HOME%/bin/java.exe
+
+if exist "%JAVA_EXE%" goto init
+
+echo.
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:init
+@rem Get command-line arguments, handling Windows variants
+
+if not "%OS%" == "Windows_NT" goto win9xME_args
+
+:win9xME_args
+@rem Slurp the command line arguments.
+set CMD_LINE_ARGS=
+set _SKIP=2
+
+:win9xME_args_slurp
+if "x%~1" == "x" goto execute
+
+set CMD_LINE_ARGS=%*
+
+:execute
+@rem Setup the command line
+
+set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
+
+@rem Execute Gradle
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
+
+:end
+@rem End local scope for the variables with windows NT shell
+if "%ERRORLEVEL%"=="0" goto mainEnd
+
+:fail
+rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
+rem the _cmd.exe /c_ return code!
+if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
+exit /b 1
+
+:mainEnd
+if "%OS%"=="Windows_NT" endlocal
+
+:omega
diff --git a/frameworks/com.ohos.permissionmanager/package.json b/frameworks/com.ohos.permissionmanager/package.json
new file mode 100644
index 0000000000000000000000000000000000000000..0967ef424bce6791893e9a57bb952f80fd536e93
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/package.json
@@ -0,0 +1 @@
+{}
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/.gitignore b/frameworks/com.ohos.permissionmanager/permissionmanager/.gitignore
new file mode 100644
index 0000000000000000000000000000000000000000..7d5b7a94f4dcf381f03ff21f28f8a2494b58023f
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/.gitignore
@@ -0,0 +1,2 @@
+/build
+/node_modules
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/build.gradle b/frameworks/com.ohos.permissionmanager/permissionmanager/build.gradle
new file mode 100644
index 0000000000000000000000000000000000000000..f6df7ecdb12da752cca18e02b7fa62b63bba70ed
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/build.gradle
@@ -0,0 +1,28 @@
+apply plugin: 'com.huawei.ohos.hap'
+apply plugin: 'com.huawei.ohos.decctest'
+//For instructions on signature configuration, see https://developer.harmonyos.com/cn/docs/documentation/doc-guides/ide_debug_device-0000001053822404#section1112183053510
+ohos {
+ compileSdkVersion 7
+ defaultConfig {
+ compatibleSdkVersion 7
+ }
+ buildTypes {
+ release {
+ proguardOpt {
+ proguardEnabled false
+ rulesFiles 'proguard-rules.pro'
+ }
+ }
+ }
+ entryModules "entry"
+}
+
+dependencies {
+ entryImplementation project(':entry')
+ implementation fileTree(dir: 'libs', include: ['*.jar', '*.har'])
+ testImplementation 'junit:junit:4.13.1'
+ ohosTestImplementation 'com.huawei.ohos.testkit:runner:2.0.0.200'
+}
+decc {
+ supportType = ['html','xml']
+}
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/proguard-rules.pro b/frameworks/com.ohos.permissionmanager/permissionmanager/proguard-rules.pro
new file mode 100644
index 0000000000000000000000000000000000000000..f7666e47561d514b2a76d5a7dfbb43ede86da92a
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/proguard-rules.pro
@@ -0,0 +1 @@
+# config module specific ProGuard rules here.
\ No newline at end of file
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/config.json b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/config.json
new file mode 100644
index 0000000000000000000000000000000000000000..afb90ba92dd0d249784ae17efee38482454b0e11
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/config.json
@@ -0,0 +1,74 @@
+{
+ "app": {
+ "bundleName": "com.ohos.permissionmanager",
+ "vendor": "ohos",
+ "version": {
+ "code": 1,
+ "name": "1.0.0"
+ }
+ },
+ "deviceConfig": {},
+ "module": {
+ "package": "com.ohos.permissionmanager",
+ "name": ".MyApplication",
+ "mainAbility": "com.ohos.permissionmanager.GrantAbility",
+ "deviceType": [
+ "phone"
+ ],
+ "distro": {
+ "deliveryWithInstall": true,
+ "moduleName": "permissionmanager",
+ "moduleType": "feature",
+ "installationFree": false
+ },
+ "abilities": [
+ {
+ "visible": true,
+ "name": "com.ohos.permissionmanager.GrantAbility",
+ "description": "$string:grantability_description",
+ "label": "$string:permissionmanager_GrantAbility",
+ "type": "page",
+ "launchType": "standard",
+ "srcPath": "dynamic"
+ }
+ ],
+ "js": [
+ {
+ "mode": {
+ "syntax": "ets",
+ "type": "pageAbility"
+ },
+ "pages": [
+ "pages/dialogPlus"
+ ],
+ "name": "dynamic",
+ "window": {
+ "designWidth": 720,
+ "autoDesignWidth": false
+ }
+ }
+ ],
+ "reqPermissions": [
+ {
+ "name": "ohos.permission.GET_SENSITIVE_PERMISSIONS",
+ "reason": "get sensitive permissions"
+ },
+ {
+ "name": "ohos.permission.GRANT_SENSITIVE_PERMISSIONS",
+ "reason": "grant sensitive permissions"
+ },
+ {
+ "name": "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS",
+ "reason": "revoke sensitive permissions"
+ },
+ {
+ "name": "ohos.permission.GET_BUNDLE_INFO_PRIVILEGED",
+ "reason": "get applicationInfo"
+ },
+ {
+ "name": "ohos.permission.GET_BUNDLE_INFO",
+ "reason": "get applicationInfo"
+ }
+ ]
+ }
+}
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/ets/default/app.ets b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/ets/default/app.ets
new file mode 100644
index 0000000000000000000000000000000000000000..2a3b6238737330f469fc124b0669aacd9a376056
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/ets/default/app.ets
@@ -0,0 +1,23 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+export default {
+ onCreate() {
+ console.info('Application onCreate')
+ },
+ onDestroy() {
+ console.info('Application onDestroy')
+ },
+}
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/ets/dynamic/app.ets b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/ets/dynamic/app.ets
new file mode 100644
index 0000000000000000000000000000000000000000..2a3b6238737330f469fc124b0669aacd9a376056
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/ets/dynamic/app.ets
@@ -0,0 +1,23 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+export default {
+ onCreate() {
+ console.info('Application onCreate')
+ },
+ onDestroy() {
+ console.info('Application onDestroy')
+ },
+}
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/ets/dynamic/common/components/dialog.ets b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/ets/dynamic/common/components/dialog.ets
new file mode 100644
index 0000000000000000000000000000000000000000..dd5ed3e8feda29e8fc5dc2a697d078bbf92942d3
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/ets/dynamic/common/components/dialog.ets
@@ -0,0 +1,211 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { getPermissionGroup } from '../utils/utils.ets'
+import { BundleFlag, USER_ID } from '../model/bundle.ets'
+import Constants from '../utils/constant.ets'
+import featureAbility from '@ohos.ability.featureAbility'
+import abilityAccessCtrl from '@ohos.abilityAccessCtrl'
+import bundle from '@ohos.bundle'
+import Resmgr from '@ohos.resourceManager'
+
+@Extend(Button) function customizeButton() {
+ .backgroundColor($r('app.color.default_background_color'))
+ .fontColor($r('app.color.button_color'))
+}
+
+@CustomDialog
+export struct privacyDialog {
+ @Link count: number
+ @Link result: Array
+ controller: CustomDialogController
+ cancel: (group, accessTokenId, permissionList, userFixedFlag) => void
+ confirm: (group, accessTokenId, permissionList, userFixedFlag) => void
+ @State accessTokenId: number = 0
+ @State initStatus: number = Constants.INIT_NEED_TO_WAIT
+ @State reqPerms: Array = []
+ @State grantGroups: Array = []
+ @State userFixedFlag: number = 2 // means user fixed
+ @State appName: string = ""
+
+ build() {
+ Column() {
+ if ((this.initStatus != Constants.INIT_NEED_TO_WAIT) && this.verify(this.reqPerms[this.count])) {
+ Image(this.grantGroups[this.count].icon)
+ .width(Constants.DIALOG_ICON_WIDTH)
+ .height(Constants.DIALOG_ICON_HEIGHT)
+ .margin({
+ top: Constants.DIALOG_ICON_MARGIN_TOP
+ })
+ Text(`${this.count + 1} / ${this.reqPerms.length}`)
+ .fontSize(Constants.DIALOG_LABEL_FONT_SIZE)
+ .fontColor($r('app.color.secondary_font_color'))
+ .margin({
+ top: Constants.DIALOG_LABEL_MARGIN_TOP
+ })
+ Column() {
+ Row() {
+ Flex({ justifyContent: FlexAlign.Start }) {
+ Text("是否允许" + this.appName + "访问" +
+ this.grantGroups[this.count].groupName).fontSize(Constants.DIALOG_REQ_FONT_SIZE)
+ .fontColor($r('app.color.secondary_font_color'))
+ .margin({
+ top: Constants.DIALOG_REQ_MARGIN_TOP,
+ left: Constants.DIALOG_REQ_MARGIN_LEFT
+ })
+ }
+ }
+ Row() {
+ Flex({ justifyContent: FlexAlign.Start }) {
+ Text("用于" + this.grantGroups[this.count].description).fontSize(Constants.DIALOG_DESP_FONT_SIZE)
+ .fontColor($r('app.color.secondary_font_color'))
+ .margin({
+ top: Constants.DIALOG_DESP_MARGIN_TOP,
+ left: Constants.DIALOG_DESP_MARGIN_LEFT
+ })
+ }
+ }
+ }
+ }
+ Row() {
+ Flex({ justifyContent: FlexAlign.SpaceAround }) {
+ Button('禁止')
+ .fontSize(Constants.BUTTON_FONT_SIZE)
+ .onClick(() => {
+ this.cancel(this.grantGroups[this.count], this.accessTokenId, this.reqPerms, this.userFixedFlag)
+ if (this.count === this.reqPerms.length) {
+ this.controller.close()
+ }
+ }).customizeButton()
+ Text('|').fontSize(Constants.BUTTON_DIVIDER_FONT_SIZE).fontColor($r('app.color.divider_color'))
+ Button('允许')
+ .fontSize(Constants.BUTTON_FONT_SIZE)
+ .onClick(() => {
+ this.confirm(this.grantGroups[this.count], this.accessTokenId, this.reqPerms, this.userFixedFlag)
+ if (this.count === this.reqPerms.length) {
+ this.controller.close()
+ }
+ }).customizeButton()
+ }.margin({
+ top: Constants.BUTTON_MARGIN_TOP
+ })
+ }
+ }
+ .backgroundColor($r('app.color.default_background_color'))
+ .borderRadius(Constants.DIALOG_BORDER_RADIUS)
+ .height(Constants.DIALOG_HEIGHT)
+ .width(Constants.DIALOG_WIDTH)
+ }
+ async verify(permission) {
+ if((this.initStatus == Constants.INIT_NEED_TO_TERMINATED) || (this.count >= this.grantGroups.length)) {
+ this.controller.close()
+ this.aboutToDisappear()
+ return false
+ }
+ if(this.grantGroups[this.count] == 0) {
+ this.result[this.count] = -1
+ this.count ++
+ return false
+ }
+ var acManager = abilityAccessCtrl.createAtManager()
+ var flag = await acManager.getPermissionFlags(this.accessTokenId, permission)
+ if(flag == this.userFixedFlag) {
+ console.log("GrantAbility permission has been fixed:" + permission)
+ var ret = await acManager.verifyAccessToken(this.accessTokenId, permission)
+ if (ret == 0) {
+ this.result[this.count] = 0
+ } else {
+ this.result[this.count] = -1
+ }
+ this.count ++
+ return false
+ }
+ this.result[this.count] = -1
+ return true
+ }
+
+ getApplicationName(uid) {
+ bundle.getNameForUid(uid).then((data) => {
+ console.log("GrantAbility getApplicationName bundleName:" + data)
+ bundle.getApplicationInfo(data, BundleFlag.GET_BUNDLE_DEFAULT, USER_ID).then(applicationInfo => {
+ Resmgr.getResourceManager(data).then(item => {
+ item.getString(applicationInfo.labelId, (err, value) => {
+ if (value == undefined) {
+ this.appName = applicationInfo.label
+ } else {
+ this.appName = value
+ }
+ console.log("GrantAbility hap label:" + applicationInfo.label + ", value:"+this.appName)
+ })
+ })
+ }).catch(err => {
+ console.log("GrantAbility applicationInfo error :" + err)
+ this.initStatus = Constants.INIT_NEED_TO_TERMINATED
+ })
+ }).catch(err => {
+ console.log("GrantAbility getNameForUid error :" + JSON.stringify(err))
+ this.initStatus = Constants.INIT_NEED_TO_TERMINATED
+ })
+ }
+
+ aboutToAppear() {
+ this.count = 0;
+ this.initStatus = Constants.INIT_NEED_TO_WAIT
+ this.result = []
+ featureAbility.getWant((err, want) => {
+ if (err.code != 0) {
+ console.log("GrantAbility featureAbility.getWant err:" + err)
+ this.initStatus = Constants.INIT_NEED_TO_TERMINATED
+ return
+ }
+ this.reqPerms = want.parameters['ohos.user.grant.permission']
+ this.accessTokenId = want.parameters['ohos.aafwk.param.callerToken']
+ if (this.reqPerms == undefined || this.accessTokenId == undefined || this.reqPerms.length == 0) {
+ console.log("GrantAbility invalid parameters")
+ this.initStatus = Constants.INIT_NEED_TO_TERMINATED
+ return
+ }
+ console.log("GrantAbility request permission=" + JSON.stringify(this.reqPerms) + ", tokenId = " + this.accessTokenId)
+ this.reqPerms.forEach(item => {
+ var group = getPermissionGroup(item)
+ if(!group) {
+ this.grantGroups.push(0)
+ console.log("GrantAbility permission not find:" + item)
+ }else {
+ this.grantGroups.push(group)
+ }
+ })
+ this.initStatus = Constants.INIT_NEED_TO_VERIFY
+ this.getApplicationName(want.parameters['ohos.aafwk.param.callerUid'])
+ })
+ }
+
+ aboutToDisappear() {
+ var ret: number = Constants.RESULT_SUCCESS
+ if (this.initStatus == Constants.INIT_NEED_TO_TERMINATED) {
+ ret = Constants.RESULT_FAILURE
+ }
+ console.log("GrantAbility code:" + ret + ", result=" + JSON.stringify(this.result))
+ featureAbility.terminateSelfWithResult({
+ resultCode: ret,
+ want: {
+ parameters: {
+ "ohos.user.grant.permission": this.reqPerms,
+ "ohos.user.grant.permission.result": this.result
+ }
+ }
+ })
+ }
+}
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/ets/dynamic/common/model/bundle.ets b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/ets/dynamic/common/model/bundle.ets
new file mode 100644
index 0000000000000000000000000000000000000000..2d34276d39d2cfb0e6b4a56dd09dc75dbcea7914
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/ets/dynamic/common/model/bundle.ets
@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+export const BundleFlag = {
+ GET_BUNDLE_DEFAULT : 0x00000000,
+ GET_BUNDLE_WITH_ABILITIES : 0x00000001,
+ GET_ABILITY_INFO_WITH_PERMISSION : 0x00000002,
+ GET_ABILITY_INFO_WITH_APPLICATION : 0x00000004,
+ GET_APPLICATION_INFO_WITH_PERMISSION : 0x00000008,
+ GET_BUNDLE_WITH_REQUESTED_PERMISSION : 0x00000010,
+ GET_ALL_APPLICATION_INFO : 0xFFFF0000,
+ /**
+ * @since 8
+ */
+ GET_ABILITY_INFO_WITH_METADATA : 0x00000020,
+ /**
+ * @since 8
+ */
+ GET_APPLICATION_INFO_WITH_METADATA : 0x00000040,
+ /**
+ * @since 8
+ */
+ GET_ABILITY_INFO_SYSTEMAPP_ONLY : 0x00000080
+}
+
+export const USER_ID: number = 100
\ No newline at end of file
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/ets/dynamic/common/model/permissionGroup.ets b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/ets/dynamic/common/model/permissionGroup.ets
new file mode 100644
index 0000000000000000000000000000000000000000..087c521e3a0728fabc5cea08c975b085fccd0044
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/ets/dynamic/common/model/permissionGroup.ets
@@ -0,0 +1,335 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+export const permissionGroups: any[] = [
+ {
+ "permissionName": "ohos.permission.LOCATION_IN_BACKGROUND",
+ "groupName": "LOCATION",
+ "label": "定位权限",
+ "description": "允许应用在后台运行时获取位置信息。",
+ "groupId": 0
+ },
+ {
+ "permissionName": "ohos.permission.LOCATION",
+ "groupName": "LOCATION",
+ "label": "定位权限",
+ "description": "允许应用在前台运行时获取位置信息。",
+ "groupId": 0
+ },
+ {
+ "permissionName": "ohos.permission.CAMERA",
+ "groupName": "CAMERA",
+ "label": "拍摄照片和录制视频",
+ "description": "允许应用拍摄照片和视频。",
+ "groupId": 1
+ },
+ {
+ "permissionName": "ohos.permission.MICROPHONE",
+ "groupName": "MICROPHONE",
+ "label": "录制音频",
+ "description": "允许应用打开或关闭录音通路。",
+ "groupId": 2
+ },
+ {
+ "permissionName": "ohos.permission.ANSWER_CALL",
+ "groupName": "PHONE",
+ "label": "接听电话",
+ "description": "允许应用接听电话。",
+ "groupId": 3
+ },
+ {
+ "permissionName": "ohos.permission.MANAGE_VOICEMAIL",
+ "groupName": "PHONE",
+ "label": "语音信箱",
+ "description": "允许应用管理语音信箱。",
+ "groupId": 3
+ },
+ {
+ "permissionName": "ohos.permission.READ_CELL_MESSAGES",
+ "groupName": "SMS",
+ "label": "读取小区广播",
+ "description": "允许应用读取设备接收的小区广播信息。",
+ "groupId": 4
+ },
+ {
+ "permissionName": "ohos.permission.READ_MESSAGES",
+ "groupName": "SMS",
+ "label": "读取短彩信",
+ "description": "允许应用读取设备接收的短彩信信息。",
+ "groupId": 4
+ },
+ {
+ "permissionName": "ohos.permission.RECEIVE_MMS",
+ "groupName": "SMS",
+ "label": "接收彩信",
+ "description": "允许应用接收彩信。",
+ "groupId": 4
+ },
+ {
+ "permissionName": "ohos.permission.RECEIVE_SMS",
+ "groupName": "SMS",
+ "label": "接收短信",
+ "description": "允许应用接收短信。",
+ "groupId": 4
+ },
+ {
+ "permissionName": "ohos.permission.RECEIVE_WAP_MESSAGES",
+ "groupName": "SMS",
+ "label": "接收WAP消息",
+ "description": "允许应用接收和处理WAP消息。",
+ "groupId": 4
+ },
+ {
+ "permissionName": "ohos.permission.SEND_MESSAGES",
+ "groupName": "SMS",
+ "label": "发送短彩信",
+ "description": "允许应用发送短彩信",
+ "groupId": 4
+ },
+ {
+ "permissionName": "ohos.permission.READ_CONTACTS",
+ "groupName": "CONTACTS",
+ "label": "读取通讯录",
+ "description": "允许应用读取设备上存储的联系人信息。",
+ "groupId": 5
+ },
+ {
+ "permissionName": "ohos.permission.WRITE_CONTACTS",
+ "groupName": "CONTACTS",
+ "label": "新建/修改/删除通讯录",
+ "description": "允许应用新建/修改/删除设备上存储的联系人信息。",
+ "groupId": 5
+ },
+ {
+ "permissionName": "ohos.permission.READ_CALL_LOG",
+ "groupName": "CALL_LOG",
+ "label": "读取通话记录",
+ "description": "允许应用读取设备上的通话记录信息。",
+ "groupId": 6
+ },
+ {
+ "permissionName": "ohos.permission.WRITE_CALL_LOG",
+ "groupName": "CALL_LOG",
+ "label": "新建/修改/删除通话记录",
+ "description": "允许新建/修改/删除设备上的通话记录信息。",
+ "groupId": 6
+ },
+ {
+ "permissionName": "ohos.permission.MEDIA_LOCATION",
+ "groupName": "MEDIA",
+ "label": "允许应用访问拍摄位置",
+ "description": "应用访问用户媒体文件中的拍摄位置信息如经纬度信息。",
+ "groupId": 7
+ },
+ {
+ "permissionName": "ohos.permission.READ_MEDIA",
+ "groupName": "MEDIA",
+ "label": "允许应用读取媒体文件",
+ "description": "允许应用访问户媒体文件,如视频、音频、图片等。",
+ "groupId": 7
+ },
+ {
+ "permissionName": "ohos.permission.WRITE_MEDIA",
+ "groupName": "MEDIA",
+ "label": "允许应用读写媒体文件",
+ "description": "允许应用读写户媒体文件,如视频、音频、图片等。",
+ "groupId": 7
+ },
+ {
+ "permissionName": "ohos.permission.READ_CALENDAR",
+ "groupName": "CALENDAR",
+ "label": "读取日历",
+ "description": "允许应用读取日历。",
+ "groupId": 8
+ },
+ {
+ "permissionName": "ohos.permission.WRITE_CALENDAR",
+ "groupName": "CALENDAR",
+ "label": "修建/修改/删除日历",
+ "description": "允许应用修建/修改/删除日历。",
+ "groupId": 8
+ },
+ {
+ "permissionName": "ohos.permission.ACTIVITY_MOTION",
+ "groupName": "SPORT",
+ "label": "读取用户的运动状态",
+ "description": "允许应用程序读取用户的运动状态。",
+ "groupId": 9
+ },
+ {
+ "permissionName": "ohos.permission.READ_HEALTH_DATA",
+ "groupName": "HEALTH",
+ "label": "读取用户的健康数据",
+ "description": "允许应用程序读取用户的健康数据。",
+ "groupId": 10
+ },
+ {
+ "permissionName": "ohos.permission.DISTRIBUTED_DATASYNC",
+ "groupName": "OTHER",
+ "label": "允许不同设备间数据交换",
+ "description": "允许应用与远程设备交换用户数据(如图片、音乐、视频、及应用数据等)。",
+ "groupId": 11
+ }
+]
+
+export const groups: any[] = [
+ {
+ "name": "LOCATION",
+ "groupName": "位置信息",
+ "icon": $r('app.media.ic_public_gps'),
+ "description": "访问您的位置信息",
+ "permissions": [
+ "ohos.permission.LOCATION_IN_BACKGROUND",
+ "ohos.permission.LOCATION"
+ ]
+ },
+ {
+ "name": "CAMERA",
+ "groupName": "相机",
+ "icon": $r('app.media.ic_public_camera'),
+ "description": "访问您的相机",
+ "permissions": [
+ "ohos.permission.CAMERA"
+ ]
+ },
+ {
+ "name": "MICROPHONE",
+ "groupName": "麦克风",
+ "icon": $r('app.media.ic_public_voice'),
+ "description": "访问您的麦克风",
+ "permissions": [
+ "ohos.permission.MICROPHONE"
+ ]
+ },
+ {
+ "name": "PHONE",
+ "groupName": "电话",
+ "icon": $r('app.media.ic_public_phone'),
+ "description": "拨打电话和管理通话",
+ "permissions": [
+ "ohos.permission.ANSWER_CALL",
+ "ohos.permission.MANAGE_VOICEMAIL"
+ ]
+ },
+ {
+ "name": "SMS",
+ "groupName": "信息",
+ "icon": $r('app.media.ic_public_message'),
+ "description": "发送和查看短信",
+ "permissions": [
+ "ohos.permission.READ_CELL_MESSAGES",
+ "ohos.permission.READ_MESSAGES",
+ "ohos.permission.RECEIVE_MMS",
+ "ohos.permission.RECEIVE_SMS",
+ "ohos.permission.RECEIVE_WAP_MESSAGES",
+ "ohos.permission.SEND_MESSAGES"
+ ]
+ },
+ {
+ "name": "CONTACTS",
+ "groupName": "通讯录",
+ "icon": $r('app.media.ic_public_contacts_group'),
+ "description": "访问您的通讯录",
+ "permissions": [
+ "ohos.permission.READ_CONTACTS",
+ "ohos.permission.WRITE_CONTACTS"
+ ]
+ },
+ {
+ "name": "CALL_LOG",
+ "groupName": "通话记录",
+ "icon": $r('app.media.ic_call_logs'),
+ "description": "读取和写入手机通话记录",
+ "permissions": [
+ "ohos.permission.READ_CALL_LOG",
+ "ohos.permission.WRITE_CALL_LOG"
+ ]
+ },
+ {
+ "name": "MEDIA",
+ "groupName": "媒体和文件",
+ "icon": $r('app.media.ic_public_folder'),
+ "description": "访问您的媒体和文件",
+ "permissions": [
+ "ohos.permission.MEDIA_LOCATION",
+ "ohos.permission.READ_MEDIA",
+ "ohos.permission.WRITE_MEDIA"
+ ]
+ },
+ {
+ "name": "CALENDAR",
+ "groupName": "日历",
+ "icon": $r('app.media.ic_public_calendar'),
+ "description": "访问日历和活动",
+ "permissions": [
+ "ohos.permission.READ_CALENDAR",
+ "ohos.permission.WRITE_CALENDAR"
+ ]
+ },
+ {
+ "name": "SPORT",
+ "groupName": "健身运动",
+ "icon": $r('app.media.ic_sport'),
+ "description": "访问您的运动状态",
+ "permissions": [
+ "ohos.permission.ACTIVITY_MOTION"
+ ]
+ },
+ {
+ "name": "HEALTH",
+ "groupName": "身体传感器",
+ "icon": $r('app.media.ic_ssensor'),
+ "description": "访问您的健康数据",
+ "permissions": [
+ "ohos.permission.READ_HEALTH_DATA"
+ ]
+ },
+ {
+ "name": "OTHER",
+ "groupName": "其他权限",
+ "icon": $r('app.media.ic_more'),
+ "description": "访问您的其他权限",
+ "permissions": [
+ "ohos.permission.DISTRIBUTED_DATASYNC"
+ ]
+ }
+]
+
+export const userGrantPermissions: string[] = [
+ "ohos.permission.LOCATION_IN_BACKGROUND",
+ "ohos.permission.LOCATION",
+ "ohos.permission.CAMERA",
+ "ohos.permission.MICROPHONE",
+ "ohos.permission.ANSWER_CALL",
+ "ohos.permission.MANAGE_VOICEMAIL",
+ "ohos.permission.READ_CELL_MESSAGES",
+ "ohos.permission.READ_MESSAGES",
+ "ohos.permission.RECEIVE_MMS",
+ "ohos.permission.RECEIVE_SMS",
+ "ohos.permission.RECEIVE_WAP_MESSAGES",
+ "ohos.permission.SEND_MESSAGES",
+ "ohos.permission.READ_CONTACTS",
+ "ohos.permission.WRITE_CONTACTS",
+ "ohos.permission.READ_CALL_LOG",
+ "ohos.permission.WRITE_CALL_LOG",
+ "ohos.permission.MEDIA_LOCATION",
+ "ohos.permission.READ_MEDIA",
+ "ohos.permission.WRITE_MEDIA",
+ "ohos.permission.READ_CALENDAR",
+ "ohos.permission.WRITE_CALENDAR",
+ "ohos.permission.ACTIVITY_MOTION",
+ "ohos.permission.READ_HEALTH_DATA",
+ "ohos.permission.DISTRIBUTED_DATASYNC"
+]
\ No newline at end of file
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/ets/dynamic/common/utils/constant.ets b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/ets/dynamic/common/utils/constant.ets
new file mode 100644
index 0000000000000000000000000000000000000000..076e169609c8883a2e96741e8ec4165df90c5584
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/ets/dynamic/common/utils/constant.ets
@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+export default class Constants {
+ // icon of dialog
+ static DIALOG_ICON_WIDTH = 24;
+ static DIALOG_ICON_HEIGHT = 24;
+ static DIALOG_ICON_MARGIN_TOP = 24;
+
+ // label text of dialog
+ static DIALOG_LABEL_FONT_SIZE = 14;
+ static DIALOG_LABEL_MARGIN_TOP = 2;
+
+ // request text of dialog
+ static DIALOG_REQ_FONT_SIZE = 16;
+ static DIALOG_REQ_MARGIN_TOP = 16;
+ static DIALOG_REQ_MARGIN_LEFT = 24;
+
+ // description text of dialog
+ static DIALOG_DESP_FONT_SIZE = 14;
+ static DIALOG_DESP_MARGIN_TOP = 2;
+ static DIALOG_DESP_MARGIN_LEFT = 24;
+
+ static BUTTON_FONT_SIZE = 16;
+ static BUTTON_DIVIDER_FONT_SIZE = 30;
+ static BUTTON_MARGIN_TOP = 8;
+
+ static DIALOG_BORDER_RADIUS = 24;
+ static DIALOG_HEIGHT = 186;
+ static DIALOG_WIDTH = "100%";
+
+ // initial check status
+ static INIT_NEED_TO_WAIT = 0
+ static INIT_NEED_TO_VERIFY = 1
+ static INIT_NEED_TO_TERMINATED = 2
+
+ static RESULT_SUCCESS = 1
+ static RESULT_FAILURE = 0
+}
\ No newline at end of file
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/ets/dynamic/common/utils/utils.ets b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/ets/dynamic/common/utils/utils.ets
new file mode 100644
index 0000000000000000000000000000000000000000..7c28551a84183baa31366619d5d1092a396a72d1
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/ets/dynamic/common/utils/utils.ets
@@ -0,0 +1,23 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { permissionGroups, groups } from "../model/permissionGroup.ets"
+
+export function getPermissionGroup(permission: string) {
+ for (var i = 0; i < permissionGroups.length; i++) {
+ if (permissionGroups[i].permissionName == permission) {
+ return groups[permissionGroups[i].groupId]
+ }
+ }
+}
\ No newline at end of file
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/ets/dynamic/pages/dialogPlus.ets b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/ets/dynamic/pages/dialogPlus.ets
new file mode 100644
index 0000000000000000000000000000000000000000..b6ef9eb80a991b2cae80e76f42c6bbd737f7aad7
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/ets/dynamic/pages/dialogPlus.ets
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { privacyDialog } from "../common/components/dialog.ets"
+import abilityAccessCtrl from '@ohos.abilityAccessCtrl';
+
+@Entry
+@Component
+struct dialogPlusPage {
+ @State count: number = 0
+ @State result: Array = []
+ privacyDialogController: CustomDialogController = new CustomDialogController({
+ builder: privacyDialog({ cancel: this.privacyCancel, confirm: this.privacyAccept, count:$count, result: $result }),
+ cancel: this.privacyExist,
+ autoCancel: true,
+ alignment: DialogAlignment.Center
+ })
+ async privacyAccept(group, accessTokenId, permissionList, userFixedFlag) {
+ var acManager = abilityAccessCtrl.createAtManager()
+ group.permissions.forEach(async permission => {
+ const result = await acManager.grantUserGrantedPermission(accessTokenId, permission, userFixedFlag)
+ var index = permissionList.indexOf(permission)
+ if (index == -1) {
+ console.log("GrantAbility grant permission:" + permission)
+ }else {
+ if (result == 0) {
+ this.result[index] = 0
+ console.log("GrantAbility grant permission:" + permission)
+ } else {
+ console.log("GrantAbility failed to grant permission:" + permission + " ret:" + result)
+ }
+ }
+ })
+ this.count ++
+ }
+ async privacyCancel(group, accessTokenId, permissionList, userFixedFlag) {
+ var acManager = abilityAccessCtrl.createAtManager()
+ group.permissions.forEach(async permission => {
+ const result = await acManager.revokeUserGrantedPermission(accessTokenId, permission, userFixedFlag)
+ var index = permissionList.indexOf(permission)
+ if (index != -1 && result == 0) {
+ this.result[index] = -1
+ console.log("GrantAbility revoke permission:" + permission)
+ }
+ })
+ this.count ++
+ }
+ privacyExist() {
+ console.info("exist")
+ }
+ aboutToAppear() {
+ this.privacyDialogController.open()
+ }
+ build() {
+ }
+}
+
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/java/com/ohos/permissionmanager/MainAbility.java b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/java/com/ohos/permissionmanager/MainAbility.java
new file mode 100644
index 0000000000000000000000000000000000000000..7ef8838383eeac5dc9918221e9fa8bb06e6b5d0b
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/java/com/ohos/permissionmanager/MainAbility.java
@@ -0,0 +1,17 @@
+package com.ohos.permissionmanager;
+
+import ohos.ace.ability.AceAbility;
+import ohos.aafwk.content.Intent;
+
+public class MainAbility extends AceAbility {
+ @Override
+ public void onStart(Intent intent) {
+ setInstanceName("main_ability");
+ super.onStart(intent);
+ }
+
+ @Override
+ public void onStop() {
+ super.onStop();
+ }
+}
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/java/com/ohos/permissionmanager/MyApplication.java b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/java/com/ohos/permissionmanager/MyApplication.java
new file mode 100644
index 0000000000000000000000000000000000000000..8c75d4e56c1ee06e2ee83469c50be84ef00af14e
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/java/com/ohos/permissionmanager/MyApplication.java
@@ -0,0 +1,10 @@
+package com.ohos.permissionmanager;
+
+import ohos.aafwk.ability.AbilityPackage;
+
+public class MyApplication extends AbilityPackage {
+ @Override
+ public void onInitialize() {
+ super.onInitialize();
+ }
+}
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/element/color.json b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/element/color.json
new file mode 100644
index 0000000000000000000000000000000000000000..f2bfa884ace3d175f2bb84a18bea1efd25c35f03
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/element/color.json
@@ -0,0 +1,48 @@
+{
+ "color": [
+ {
+ "name": "text_color",
+ "value": "#182331"
+ },
+ {
+ "name": "background_color",
+ "value": "#f1f3f5"
+ },
+ {
+ "name": "title_text_color",
+ "value": "#182431"
+ },
+ {
+ "name": "active_background_color",
+ "value": "#e5f3ff"
+ },
+ {
+ "name": "divider_color",
+ "value": "#f3f4f6"
+ },
+ {
+ "name": "text_decoration_color",
+ "value": "#f3f4f6"
+ },
+ {
+ "name": "icon_color",
+ "value": "#18233199"
+ },
+ {
+ "name": "default_background_color",
+ "value": "#ffffff"
+ },
+ {
+ "name": "button_color",
+ "value": "#0a59f7"
+ },
+ {
+ "name": "secondary_font_color",
+ "value": "#808080"
+ },
+ {
+ "name": "toggle_color",
+ "value": "#409eff"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/element/string.json b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/element/string.json
new file mode 100644
index 0000000000000000000000000000000000000000..854142d255e4c7e4f3adf55693abc13f92b74dc5
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/element/string.json
@@ -0,0 +1,88 @@
+{
+ "string": [
+ {
+ "name": "permissionmanager_MainAbility",
+ "value": "permissionmanager_MainAbility"
+ },
+ {
+ "name": "mainability_description",
+ "value": "eTS_Empty Ability"
+ },
+ {
+ "name": "entry_MainAbility",
+ "value": "entry_MainAbility"
+ },
+ {
+ "name": "mainability_description",
+ "value": "ETS_Category Ability"
+ },
+ {
+ "name": "permissionmanager_GrantAbility",
+ "value": "permissionmanager_GrantAbility"
+ },
+ {
+ "name": "permissionmanager_description",
+ "value": "eTS_Empty Ability"
+ },
+ {
+ "name": "settings",
+ "value": "设置"
+ },
+ {
+ "name": "permission_access_record",
+ "value": "权限访问记录"
+ },
+ {
+ "name": "authority_management",
+ "value": "权限管理"
+ },
+ {
+ "name": "privacy",
+ "value": "隐私"
+ },
+ {
+ "name": "authority_message",
+ "value": "近7天的应用访问权限"
+ },
+ {
+ "name": "other_permissions",
+ "value": "其它权限"
+ },
+ {
+ "name": "app_name",
+ "value": "应用名称"
+ },
+ {
+ "name": "location_info",
+ "value": "位置信息"
+ },
+ {
+ "name": "media_document",
+ "value": "媒体和文件"
+ },
+ {
+ "name": "calendar",
+ "value": "日历"
+ },
+ {
+ "name": "allowed",
+ "value": "已允许"
+ },
+ {
+ "name": "banned",
+ "value": "已禁止"
+ },
+ {
+ "name": "location_info_message",
+ "value": "系统定位服务开关开启时,已允许19个应用获取此设备的位置。"
+ },
+ {
+ "name": "grantability_description",
+ "value": "eTS_Empty Ability"
+ },
+ {
+ "name": "entry_GrantAbility",
+ "value": "entry_GrantAbility"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_call_logs.svg b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_call_logs.svg
new file mode 100644
index 0000000000000000000000000000000000000000..42f8ad97c0a031fd0a42731e8994418e1d6accc2
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_call_logs.svg
@@ -0,0 +1,16 @@
+
+
+
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_dropzone.svg b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_dropzone.svg
new file mode 100644
index 0000000000000000000000000000000000000000..960483f7f3398245eafe7c9d6182419a32ebeb05
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_dropzone.svg
@@ -0,0 +1,19 @@
+
+
\ No newline at end of file
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_exercise.svg b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_exercise.svg
new file mode 100644
index 0000000000000000000000000000000000000000..b488a424376659859601df4743a9293877be0e1e
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_exercise.svg
@@ -0,0 +1,16 @@
+
+
+
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_forward.svg b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_forward.svg
new file mode 100644
index 0000000000000000000000000000000000000000..abac736115811fb7111ecea37f3fa063d627bd17
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_forward.svg
@@ -0,0 +1,14 @@
+
+
+
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_more.svg b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_more.svg
new file mode 100644
index 0000000000000000000000000000000000000000..3fdc1e9d60f7ce2d533c53e8ee3d6df8ee66287a
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_more.svg
@@ -0,0 +1,7 @@
+
+
\ No newline at end of file
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_nearby.svg b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_nearby.svg
new file mode 100644
index 0000000000000000000000000000000000000000..4b201c865105325c085d7c761baef6087e4e57d3
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_nearby.svg
@@ -0,0 +1,7 @@
+
+
\ No newline at end of file
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_public_calendar.svg b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_public_calendar.svg
new file mode 100644
index 0000000000000000000000000000000000000000..56e634cab80c7c51f6e38ddb1c59b89f9e9a2baf
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_public_calendar.svg
@@ -0,0 +1,13 @@
+
+
\ No newline at end of file
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_public_camera.svg b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_public_camera.svg
new file mode 100644
index 0000000000000000000000000000000000000000..7be7ccc417a4ebbc23bf5197cea49d08abbec754
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_public_camera.svg
@@ -0,0 +1,13 @@
+
+
\ No newline at end of file
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_public_contacts_group.svg b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_public_contacts_group.svg
new file mode 100644
index 0000000000000000000000000000000000000000..6805946fbe89097ff97221526e71921b286ee3df
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_public_contacts_group.svg
@@ -0,0 +1,13 @@
+
+
\ No newline at end of file
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_public_folder.svg b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_public_folder.svg
new file mode 100644
index 0000000000000000000000000000000000000000..c2a26b5df06901f6e4aa1797a288ea8618d5b006
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_public_folder.svg
@@ -0,0 +1,13 @@
+
+
\ No newline at end of file
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_public_gps.svg b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_public_gps.svg
new file mode 100644
index 0000000000000000000000000000000000000000..88ad317dd06bf9c5902463893ec8a6a3d0c3988b
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_public_gps.svg
@@ -0,0 +1,13 @@
+
+
\ No newline at end of file
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_public_message.svg b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_public_message.svg
new file mode 100644
index 0000000000000000000000000000000000000000..3191fb6e4f6fef84d30b90259cf3e634c9486315
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_public_message.svg
@@ -0,0 +1,13 @@
+
+
\ No newline at end of file
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_public_phone.svg b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_public_phone.svg
new file mode 100644
index 0000000000000000000000000000000000000000..c78bb4fb53ef7e00eb8b21c95e7a0eae1b8c344b
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_public_phone.svg
@@ -0,0 +1,13 @@
+
+
\ No newline at end of file
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_public_voice.svg b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_public_voice.svg
new file mode 100644
index 0000000000000000000000000000000000000000..ac9311b1293177f0c5d68961e236d16a1e9d350f
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_public_voice.svg
@@ -0,0 +1,13 @@
+
+
\ No newline at end of file
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_sport.svg b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_sport.svg
new file mode 100644
index 0000000000000000000000000000000000000000..58c9f7a83c3a4445fb385f4d86cd12891dcf3354
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_sport.svg
@@ -0,0 +1,7 @@
+
+
\ No newline at end of file
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_ssensor.svg b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_ssensor.svg
new file mode 100644
index 0000000000000000000000000000000000000000..31a035d87a91bad5b1da207b5d39acfd12794ca2
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/ic_ssensor.svg
@@ -0,0 +1,9 @@
+
+
\ No newline at end of file
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/in_app_installations.svg b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/in_app_installations.svg
new file mode 100644
index 0000000000000000000000000000000000000000..c40993ab5cedaefb586f94faf4c578f8faa93c57
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/in_app_installations.svg
@@ -0,0 +1,13 @@
+
+
\ No newline at end of file
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/noinstallationpackage.svg b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/noinstallationpackage.svg
new file mode 100644
index 0000000000000000000000000000000000000000..5b10a66c6b63e6d73bfb96492ec59a900ed5335c
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/noinstallationpackage.svg
@@ -0,0 +1,17 @@
+
+
\ No newline at end of file
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/nopermission.svg b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/nopermission.svg
new file mode 100644
index 0000000000000000000000000000000000000000..fe47a1df835fe7c7a296aa92bf009875373f30ad
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/nopermission.svg
@@ -0,0 +1,16 @@
+
+
\ No newline at end of file
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/searchnoresult.svg b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/searchnoresult.svg
new file mode 100644
index 0000000000000000000000000000000000000000..e948acc0bbb8bc715385ff841418b60b81eb0997
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/main/resources/base/media/searchnoresult.svg
@@ -0,0 +1,22 @@
+
+
\ No newline at end of file
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/ohosTest/ets/default/app.ets b/frameworks/com.ohos.permissionmanager/permissionmanager/src/ohosTest/ets/default/app.ets
new file mode 100644
index 0000000000000000000000000000000000000000..fd310895976fc0623ac1bdc3ded2ab5209393f62
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/ohosTest/ets/default/app.ets
@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+export default {
+ onCreate() {
+ console.info('Application onCreate')
+ },
+ onShow() {
+ console.info('Application onShow')
+ },
+ onDestroy() {
+ console.info('Application onDestroy')
+ },
+}
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/ohosTest/ets/default/i18n/en-US.json b/frameworks/com.ohos.permissionmanager/permissionmanager/src/ohosTest/ets/default/i18n/en-US.json
new file mode 100644
index 0000000000000000000000000000000000000000..55561b83737c3c31d082fbfa11e5fc987a351104
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/ohosTest/ets/default/i18n/en-US.json
@@ -0,0 +1,8 @@
+{
+ "strings": {
+ "hello": "Hello",
+ "world": "World"
+ },
+ "Files": {
+ }
+}
\ No newline at end of file
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/ohosTest/ets/default/i18n/zh-CN.json b/frameworks/com.ohos.permissionmanager/permissionmanager/src/ohosTest/ets/default/i18n/zh-CN.json
new file mode 100644
index 0000000000000000000000000000000000000000..cce1af06761a42add0cac1a0567aa3237eda8cb4
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/ohosTest/ets/default/i18n/zh-CN.json
@@ -0,0 +1,8 @@
+{
+ "strings": {
+ "hello": "您好",
+ "world": "世界"
+ },
+ "Files": {
+ }
+}
\ No newline at end of file
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/ohosTest/ets/default/pages/index/index.ets b/frameworks/com.ohos.permissionmanager/permissionmanager/src/ohosTest/ets/default/pages/index/index.ets
new file mode 100644
index 0000000000000000000000000000000000000000..2ebd82564e904d46ae1a9c3ca8867307af17f6de
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/ohosTest/ets/default/pages/index/index.ets
@@ -0,0 +1,64 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import {Core, ExpectExtend, InstrumentLog} from "deccjsunit/index"
+import testsuite from "../../../test/List.test.ets"
+import featureAbility from "@ohos.ability.featureAbility"
+
+@Entry
+@Component
+struct MyComponent {
+ aboutToAppear() {
+ console.info("start run testcase!!!!")
+ featureAbility.getWant()
+ .then((Want) => {
+ const core = Core.getInstance()
+ const expectExtend = new ExpectExtend({
+ 'id': 'extend'
+ })
+ const instrumentLog = new InstrumentLog({
+ 'id': 'report', 'unity': 'true'
+ })
+ core.addService('expect', expectExtend)
+ core.addService('report', instrumentLog)
+ core.init()
+ core.subscribeEvent('spec', instrumentLog)
+ core.subscribeEvent('suite', instrumentLog)
+ core.subscribeEvent('task', instrumentLog)
+ const configService = core.getDefaultService('config')
+ configService.setConfig(Want.parameters)
+ testsuite()
+ core.execute()
+ console.info('Operation successful. Data: ' + JSON.stringify(Want));
+ })
+ .catch((error) => {
+ console.error('Operation failed. Cause: ' + JSON.stringify(error));
+ })
+ }
+
+ build() {
+ Flex({
+ direction: FlexDirection.Column,
+ alignItems: ItemAlign.Center,
+ justifyContent: FlexAlign.Center
+ }) {
+ Text('Hello World')
+ .fontSize(50)
+ .fontWeight(FontWeight.Bold)
+ }
+ .width('100%')
+ .height('100%')
+ }
+}
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/ohosTest/ets/test/ExampleJsunit.test.ets b/frameworks/com.ohos.permissionmanager/permissionmanager/src/ohosTest/ets/test/ExampleJsunit.test.ets
new file mode 100644
index 0000000000000000000000000000000000000000..35824cab41eb5d75507485b5d95e23c8d4d57f2d
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/ohosTest/ets/test/ExampleJsunit.test.ets
@@ -0,0 +1,27 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import {describe, beforeAll, beforeEach, afterEach, afterAll, it, expect} from "deccjsunit/index"
+import app from '@system.app'
+
+export default function exampleJsunit() {
+ describe('appInfoTest', function () {
+ it('app_info_test_001', 0, function () {
+ var info = app.getInfo()
+ expect("1.0").assertEqual('1.0')
+ expect(info.versionCode).assertEqual('3')
+ })
+ })
+}
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/ohosTest/ets/test/List.test.ets b/frameworks/com.ohos.permissionmanager/permissionmanager/src/ohosTest/ets/test/List.test.ets
new file mode 100644
index 0000000000000000000000000000000000000000..e659c7498c0278c228641fa8eabf91893a84d8e7
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/ohosTest/ets/test/List.test.ets
@@ -0,0 +1,20 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import exampleJsunit from "../test/ExampleJsunit.test.ets"
+
+export default function testsuite() {
+ exampleJsunit()
+}
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/ohosTest/java/com/ohos/permissionmanager/ExampleOhosTest.java b/frameworks/com.ohos.permissionmanager/permissionmanager/src/ohosTest/java/com/ohos/permissionmanager/ExampleOhosTest.java
new file mode 100644
index 0000000000000000000000000000000000000000..9482d133c3b1866f581978213dce868e966f5e9d
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/ohosTest/java/com/ohos/permissionmanager/ExampleOhosTest.java
@@ -0,0 +1,14 @@
+package com.ohos.permissionmanager;
+
+import ohos.aafwk.ability.delegation.AbilityDelegatorRegistry;
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+
+public class ExampleOhosTest {
+ @Test
+ public void testBundleName() {
+ final String actualBundleName = AbilityDelegatorRegistry.getArguments().getTestBundleName();
+ assertEquals("com.ohos.permissionmanager", actualBundleName);
+ }
+}
\ No newline at end of file
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/ohosTest/resources/base/element/string.json b/frameworks/com.ohos.permissionmanager/permissionmanager/src/ohosTest/resources/base/element/string.json
new file mode 100644
index 0000000000000000000000000000000000000000..0ad161e668b74a19e5820d0d5f43d017b6d43173
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/permissionmanager/src/ohosTest/resources/base/element/string.json
@@ -0,0 +1,12 @@
+{
+ "string": [
+ {
+ "name": "app_name",
+ "value": "PermissionManager"
+ },
+ {
+ "name": "mainability_description",
+ "value": "hap sample empty page"
+ }
+ ]
+}
diff --git a/frameworks/com.ohos.permissionmanager/permissionmanager/src/ohosTest/resources/base/media/icon.png b/frameworks/com.ohos.permissionmanager/permissionmanager/src/ohosTest/resources/base/media/icon.png
new file mode 100644
index 0000000000000000000000000000000000000000..ce307a8827bd75456441ceb57d530e4c8d45d36c
Binary files /dev/null and b/frameworks/com.ohos.permissionmanager/permissionmanager/src/ohosTest/resources/base/media/icon.png differ
diff --git a/frameworks/com.ohos.permissionmanager/settings.gradle b/frameworks/com.ohos.permissionmanager/settings.gradle
new file mode 100644
index 0000000000000000000000000000000000000000..4bc3f8f5570c80bbdafc2d541c60ae3cf2890248
--- /dev/null
+++ b/frameworks/com.ohos.permissionmanager/settings.gradle
@@ -0,0 +1 @@
+include ':entry', ':permissionmanager'
diff --git a/services/accesstoken/BUILD.gn b/frameworks/common/BUILD.gn
similarity index 60%
rename from services/accesstoken/BUILD.gn
rename to frameworks/common/BUILD.gn
index a58bc6e088e1356b89ac291c459b351fb5ff70c5..aad20da4291e8d3e68c8079673435811f72fdd02 100644
--- a/services/accesstoken/BUILD.gn
+++ b/frameworks/common/BUILD.gn
@@ -13,32 +13,37 @@
import("//build/ohos.gni")
-ohos_shared_library("accesstoken_manager_service") {
+################################################################
+# C++, Main source file here.
+################################################################
+config("accesstoken_common_cxx_public_config") {
+ visibility = [ ":*" ]
+ include_dirs = [ "include" ]
+}
+
+ohos_shared_library("accesstoken_common_cxx") {
subsystem_name = "security"
part_name = "access_token"
+ public_configs = [ ":accesstoken_common_cxx_public_config" ]
+
include_dirs = [
- "main/cpp/include",
+ "include",
"//utils/system/safwk/native/include",
- "//base/security/access_token/frameworks/accesstoken",
- "//base/security/access_token/interfaces/innerkits/accesstoken//main/cpp/include",
+ "//third_party/mbedtls/include",
+ "//base/security/access_token/interfaces/innerkits/accesstoken/include",
]
sources = [
- "main/cpp/src/accesstoken_manager_service.cpp",
- "main/cpp/src/accesstoken_manager_stub.cpp",
+ "src/data_validator.cpp",
+ "src/random_mbedtls.cpp",
]
- cflags_cc = [ "-DHILOG_ENABLE" ]
-
deps = [
+ "//third_party/mbedtls:mbedtls_shared",
"//utils/native/base:utils",
]
+ external_deps = [ "hiviewdfx_hilog_native:libhilog" ]
- external_deps = [
- "hiviewdfx_hilog_native:libhilog",
- "ipc:ipc_core",
- "safwk:system_ability_fwk",
- "samgr_standard:samgr_proxy",
- ]
+ cflags_cc = [ "-DHILOG_ENABLE" ]
}
diff --git a/frameworks/accesstoken/accesstoken_log.h b/frameworks/common/include/accesstoken_log.h
similarity index 56%
rename from frameworks/accesstoken/accesstoken_log.h
rename to frameworks/common/include/accesstoken_log.h
index 9435908dd840dc20a8fdf3738a87b7fd312ec903..ac4aaa1078074ddd2c51f119760664702c9ded3c 100644
--- a/frameworks/accesstoken/accesstoken_log.h
+++ b/frameworks/common/include/accesstoken_log.h
@@ -22,21 +22,26 @@
#ifndef __cplusplus
-#define ACCESSTOKEN_LOG_DEBUG(fmt, ...) HILOG_DEBUG(LOG_CORE, fmt, ##__VA_ARGS__)
-#define ACCESSTOKEN_LOG_INFO(fmt, ...) HILOG_INFO(LOG_CORE, fmt, ##__VA_ARGS__)
-#define ACCESSTOKEN_LOG_WARN(fmt, ...) HILOG_WARN(LOG_CORE, fmt, ##__VA_ARGS__)
-#define ACCESSTOKEN_LOG_ERROR(fmt, ...) HILOG_ERROR(LOG_CORE, fmt, ##__VA_ARGS__)
-#define ACCESSTOKEN_LOG_FATAL(fmt, ...) HILOG_FATAL(LOG_CORE, fmt, ##__VA_ARGS__)
+#define ACCESSTOKEN_LOG_DEBUG(fmt, ...) HILOG_DEBUG(LOG_CORE, "[%{public}s]:" fmt, __func__, ##__VA_ARGS__)
+#define ACCESSTOKEN_LOG_INFO(fmt, ...) HILOG_INFO(LOG_CORE, "[%{public}s]:" fmt, __func__, ##__VA_ARGS__)
+#define ACCESSTOKEN_LOG_WARN(fmt, ...) HILOG_WARN(LOG_CORE, "[%{public}s]:" fmt, __func__, ##__VA_ARGS__)
+#define ACCESSTOKEN_LOG_ERROR(fmt, ...) HILOG_ERROR(LOG_CORE, "[%{public}s]:" fmt, __func__, ##__VA_ARGS__)
+#define ACCESSTOKEN_LOG_FATAL(fmt, ...) HILOG_FATAL(LOG_CORE, "[%{public}s]:" fmt, __func__, ##__VA_ARGS__)
#else
-#define ACCESSTOKEN_LOG_DEBUG(label, fmt, ...) OHOS::HiviewDFX::HiLog::Debug(label, fmt, ##__VA_ARGS__)
-#define ACCESSTOKEN_LOG_INFO(label, fmt, ...) OHOS::HiviewDFX::HiLog::Info(label, fmt, ##__VA_ARGS__)
-#define ACCESSTOKEN_LOG_WARN(label, fmt, ...) OHOS::HiviewDFX::HiLog::Warn(label, fmt, ##__VA_ARGS__)
-#define ACCESSTOKEN_LOG_ERROR(label, fmt, ...) OHOS::HiviewDFX::HiLog::Error(label, fmt, ##__VA_ARGS__)
-#define ACCESSTOKEN_LOG_FATAL(label, fmt, ...) OHOS::HiviewDFX::HiLog::Fatal(label, fmt, ##__VA_ARGS__)
+#define ACCESSTOKEN_LOG_DEBUG(label, fmt, ...) \
+ OHOS::HiviewDFX::HiLog::Debug(label, "[%{public}s]:" fmt, __func__, ##__VA_ARGS__)
+#define ACCESSTOKEN_LOG_INFO(label, fmt, ...) \
+ OHOS::HiviewDFX::HiLog::Info(label, "[%{public}s]:" fmt, __func__, ##__VA_ARGS__)
+#define ACCESSTOKEN_LOG_WARN(label, fmt, ...) \
+ OHOS::HiviewDFX::HiLog::Warn(label, "[%{public}s]:" fmt, __func__, ##__VA_ARGS__)
+#define ACCESSTOKEN_LOG_ERROR(label, fmt, ...) \
+ OHOS::HiviewDFX::HiLog::Error(label, "[%{public}s]:" fmt, __func__, ##__VA_ARGS__)
+#define ACCESSTOKEN_LOG_FATAL(label, fmt, ...) \
+ OHOS::HiviewDFX::HiLog::Fatal(label, "[%{public}s]:" fmt, __func__, ##__VA_ARGS__)
-#endif // __cplusplus
+#endif // __cplusplus
/* define LOG_TAG as "security_*" at your submodule, * means your submodule name such as "security_dac" */
#undef LOG_TAG
@@ -58,6 +63,6 @@ static constexpr unsigned int SECURITY_DOMAIN_ACCESSTOKEN = 0xD002F01;
#define ACCESSTOKEN_LOG_ERROR(fmt, ...) printf("[%s] error: %s: " fmt "\n", LOG_TAG, __func__, ##__VA_ARGS__)
#define ACCESSTOKEN_LOG_FATAL(fmt, ...) printf("[%s] fatal: %s: " fmt "\n", LOG_TAG, __func__, ##__VA_ARGS__)
-#endif // HILOG_ENABLE
+#endif // HILOG_ENABLE
-#endif // ACCESSTOKEN_LOG_H
+#endif // ACCESSTOKEN_LOG_H
diff --git a/frameworks/common/include/data_validator.h b/frameworks/common/include/data_validator.h
new file mode 100644
index 0000000000000000000000000000000000000000..8821598cf66fa638851a47fcb909188a09db5944
--- /dev/null
+++ b/frameworks/common/include/data_validator.h
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include
+#include "access_token.h"
+
+#ifndef DATA_VALIDATOR_H
+#define DATA_VALIDATOR_H
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+class DataValidator final {
+public:
+ static bool IsBundleNameValid(const std::string& bundleName);
+
+ static bool IsPermissionNameValid(const std::string& permissionName);
+
+ static bool IsUserIdValid(const int userId);
+
+ static bool IsAppIDDescValid(const std::string& appIDDesc);
+
+ static bool IsDomainValid(const std::string& domain);
+
+ static bool IsAplNumValid(const int apl);
+
+ static bool IsProcessNameValid(const std::string& processName);
+
+ static bool IsDeviceIdValid(const std::string& deviceId);
+
+ static bool IsLabelValid(const std::string& label);
+
+ static bool IsDescValid(const std::string& desc);
+ static bool IsPermissionFlagValid(int flag);
+ static bool IsDcapValid(const std::string& dcap);
+ static bool IsTokenIDValid(AccessTokenID id);
+private:
+ const static int MAX_LENGTH = 256;
+ const static int MAX_APPIDDESC_LENGTH = 10240;
+ const static int MAX_DCAP_LENGTH = 1024;
+};
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
+#endif // DATA_VALIDATOR_H
diff --git a/frameworks/common/include/random.h b/frameworks/common/include/random.h
new file mode 100644
index 0000000000000000000000000000000000000000..9362764210314841612be570b5edb67170e0b3ad
--- /dev/null
+++ b/frameworks/common/include/random.h
@@ -0,0 +1,32 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef ACCESSTOKEN_RANDOM_H
+#define ACCESSTOKEN_RANDOM_H
+
+#ifdef __cplusplus
+#if __cplusplus
+extern "C" {
+#endif
+#endif
+
+unsigned int GetRandomUint32();
+
+#ifdef __cplusplus
+#if __cplusplus
+}
+#endif /* __cplusplus */
+#endif /* __cplusplus */
+#endif /* ACCESSTOKEN_RANDOM_H */
diff --git a/frameworks/common/include/random_mbedtls.h b/frameworks/common/include/random_mbedtls.h
new file mode 100644
index 0000000000000000000000000000000000000000..ffd3ddd147ee2478af4cac6e74196d9c27f455ce
--- /dev/null
+++ b/frameworks/common/include/random_mbedtls.h
@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef ACCESS_TOKEN_RANDOM_MBEDTLS
+#define ACCESS_TOKEN_RANDOM_MBEDTLS
+
+#include "rwlock.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/entropy.h"
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+class RandomMbedtls {
+public:
+ static RandomMbedtls& GetInstance();
+ int GenerateRandomArray(unsigned char *randStr, unsigned int len);
+ ~RandomMbedtls() {};
+ static unsigned int GetRandomUint32();
+
+private:
+ RandomMbedtls() : initFlag_(false) {};
+ mbedtls_entropy_context entropy_;
+ mbedtls_ctr_drbg_context ctrDrbg_;
+ OHOS::Utils::RWLock randomLock_;
+ bool initFlag_;
+};
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
+#endif // ACCESS_TOKEN_RANDOM_MBEDTLS
diff --git a/frameworks/common/src/data_validator.cpp b/frameworks/common/src/data_validator.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..a28479e7e0286183b504d0b98ba539116d413fe9
--- /dev/null
+++ b/frameworks/common/src/data_validator.cpp
@@ -0,0 +1,91 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "data_validator.h"
+#include "access_token.h"
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+bool DataValidator::IsBundleNameValid(const std::string& bundleName)
+{
+ return !bundleName.empty() && (bundleName.length() <= MAX_LENGTH);
+}
+
+bool DataValidator::IsLabelValid(const std::string& label)
+{
+ return label.length() <= MAX_LENGTH;
+}
+
+bool DataValidator::IsDescValid(const std::string& desc)
+{
+ return desc.length() <= MAX_LENGTH;
+}
+
+bool DataValidator::IsPermissionNameValid(const std::string& permissionName)
+{
+ return !permissionName.empty() && (permissionName.length() <= MAX_LENGTH);
+}
+
+bool DataValidator::IsUserIdValid(const int userId)
+{
+ return userId >= 0;
+}
+
+bool DataValidator::IsAppIDDescValid(const std::string& appIDDesc)
+{
+ return !appIDDesc.empty() && (appIDDesc.length() <= MAX_APPIDDESC_LENGTH);
+}
+
+bool DataValidator::IsDomainValid(const std::string& domain)
+{
+ return !domain.empty() && (domain.length() <= MAX_LENGTH);
+}
+
+bool DataValidator::IsAplNumValid(const int apl)
+{
+ return (apl == APL_NORMAL || apl == APL_SYSTEM_BASIC || apl == APL_SYSTEM_CORE);
+}
+
+bool DataValidator::IsProcessNameValid(const std::string& processName)
+{
+ return !processName.empty() && (processName.length() <= MAX_LENGTH);
+}
+
+bool DataValidator::IsDeviceIdValid(const std::string& deviceId)
+{
+ return !deviceId.empty() && (deviceId.length() <= MAX_LENGTH);
+}
+
+bool DataValidator::IsDcapValid(const std::string& dcap)
+{
+ return !dcap.empty() && (dcap.length() <= MAX_DCAP_LENGTH);
+}
+
+bool DataValidator::IsPermissionFlagValid(int flag)
+{
+ return flag == DEFAULT_PERMISSION_FLAGS ||
+ flag == PermissionFlag::PERMISSION_USER_SET ||
+ flag == PermissionFlag::PERMISSION_USER_FIXED ||
+ flag == PermissionFlag::PERMISSION_SYSTEM_FIXED;
+}
+
+bool DataValidator::IsTokenIDValid(AccessTokenID id)
+{
+ return id != 0;
+}
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
diff --git a/frameworks/common/src/random_mbedtls.cpp b/frameworks/common/src/random_mbedtls.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..20d7dfbbcaf6e4d50df90e605e5ccdbbb1fec644
--- /dev/null
+++ b/frameworks/common/src/random_mbedtls.cpp
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "random_mbedtls.h"
+#include "access_token.h"
+
+using OHOS::Security::AccessToken::RandomMbedtls;
+using OHOS::Security::AccessToken::RET_SUCCESS;
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+extern "C" unsigned int GetRandomUint32()
+{
+ unsigned int rand;
+ int ret = RandomMbedtls::GetInstance().GenerateRandomArray((unsigned char *)&rand, sizeof(rand));
+ if (ret != RET_SUCCESS) {
+ return 0;
+ }
+ return rand;
+}
+
+int RandomMbedtls::GenerateRandomArray(unsigned char *randStr, unsigned int len)
+{
+ if (randStr == NULL || len == 0) {
+ return RET_FAILED;
+ }
+ int ret;
+
+ Utils::UniqueWriteGuard infoGuard(this->randomLock_);
+ if (initFlag_ == false) {
+ mbedtls_ctr_drbg_init(&ctrDrbg_);
+ mbedtls_entropy_init(&entropy_);
+ ret = mbedtls_ctr_drbg_seed(&ctrDrbg_, mbedtls_entropy_func, &entropy_, NULL, 0);
+ if (ret != 0) {
+ return RET_FAILED;
+ }
+ initFlag_ = true;
+ }
+
+ ret = mbedtls_ctr_drbg_random(&ctrDrbg_, randStr, len);
+ if (ret != 0) {
+ return RET_FAILED;
+ }
+ return RET_SUCCESS;
+}
+
+RandomMbedtls& RandomMbedtls::GetInstance()
+{
+ static RandomMbedtls instance;
+ return instance;
+}
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
diff --git a/frameworks/tokensync/include/i_token_sync_manager.h b/frameworks/tokensync/include/i_token_sync_manager.h
new file mode 100644
index 0000000000000000000000000000000000000000..8975482ce13dfad5d6b746852b3fe04c2a50f7c8
--- /dev/null
+++ b/frameworks/tokensync/include/i_token_sync_manager.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef I_TOKENSYNC_MANAGER_H
+#define I_TOKENSYNC_MANAGER_H
+
+#include
+
+#include "iremote_broker.h"
+#include "errors.h"
+
+#include "access_token.h"
+#include "hap_token_info_for_sync_parcel.h"
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+class ITokenSyncManager : public IRemoteBroker {
+public:
+ static const int SA_ID_TOKENSYNC_MANAGER_SERVICE = 3504;
+
+ DECLARE_INTERFACE_DESCRIPTOR(u"ohos.security.accesstoken.ITokenSyncManager");
+
+ virtual int GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID) = 0;
+ virtual int DeleteRemoteHapTokenInfo(AccessTokenID tokenID) = 0;
+ virtual int UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& tokenInfo) = 0;
+
+ enum class InterfaceCode {
+ GET_REMOTE_HAP_TOKEN_INFO = 0xff01,
+ DELETE_REMOTE_HAP_TOKEN_INFO = 0xff02,
+ UPDATE_REMOTE_HAP_TOKEN_INFO = 0xff03
+ };
+};
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
+
+#endif // I_TOKENSYNC_MANAGER_H
diff --git a/interfaces/innerkits/accesstoken/BUILD.gn b/interfaces/innerkits/accesstoken/BUILD.gn
index 2cc576843c7f6a990473d776dec065d9a24188c8..2c353eec68bd0b100cf39b1c18503b677a2e630a 100644
--- a/interfaces/innerkits/accesstoken/BUILD.gn
+++ b/interfaces/innerkits/accesstoken/BUILD.gn
@@ -16,9 +16,9 @@ import("//build/ohos.gni")
################################################################
# C++, Main, source file here.
################################################################
-config("accesstoken_sdk_cxx_public_config_standard") {
+config("accesstoken") {
visibility = [ ":*" ]
- include_dirs = [ "main/cpp/include" ]
+ include_dirs = [ "include" ]
}
ohos_shared_library("libaccesstoken_sdk") {
@@ -27,25 +27,26 @@ ohos_shared_library("libaccesstoken_sdk") {
output_name = "libaccesstoken_sdk"
- public_configs = [ ":accesstoken_sdk_cxx_public_config_standard" ]
+ public_configs = [ ":accesstoken" ]
include_dirs = [
"//utils/native/base/include",
- "main/cpp/include",
- "main/cpp/src",
- "//base/security/access_token/frameworks/accesstoken",
- "//base/security/access_token/nterfaces/innerkits/accesstoken/main/cpp/include",
+ "include",
+ "src",
+ "//base/security/access_token/frameworks/accesstoken/include",
+ "//base/security/access_token/frameworks/common/include",
+ "//base/security/access_token/interfaces/innerkits/accesstoken/include",
]
sources = [
- "main/cpp/src/accesstoken_kit.cpp",
- "main/cpp/src/accesstoken_manager_client.cpp",
- "main/cpp/src/accesstoken_manager_proxy.cpp",
+ "src/accesstoken_kit.cpp",
+ "src/accesstoken_manager_client.cpp",
+ "src/accesstoken_manager_proxy.cpp",
]
deps = [
- "//base/security/permission/frameworks/permission_standard/permissioncommunicationadapter:permission_standard_communication_adapter_cxx",
- "//base/security/permission/frameworks/permission_standard/permissioninfrastructure:permission_standard_infrastructure_cxx",
+ "//base/security/access_token/frameworks/accesstoken:accesstoken_communication_adapter_cxx",
+ "//base/security/access_token/frameworks/common:accesstoken_common_cxx",
"//utils/native/base:utils",
]
diff --git a/interfaces/innerkits/accesstoken/include/access_token.h b/interfaces/innerkits/accesstoken/include/access_token.h
new file mode 100644
index 0000000000000000000000000000000000000000..d4b050ed75dd721ceedb18ca6e5e484cc41aacfc
--- /dev/null
+++ b/interfaces/innerkits/accesstoken/include/access_token.h
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef ACCESS_TOKEN_DEF_H
+#define ACCESS_TOKEN_DEF_H
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+typedef unsigned int AccessTokenID;
+typedef unsigned int AccessTokenAttr;
+static const int DEFAULT_TOKEN_VERSION = 1;
+static const int DEFAULT_PERMISSION_FLAGS = 0;
+static const int FIRSTCALLER_TOKENID_DEFAULT = 0;
+
+enum AccessTokenKitRet {
+ RET_FAILED = -1,
+ RET_SUCCESS = 0,
+};
+
+typedef struct {
+ unsigned int tokenUniqueID : 24;
+ unsigned int res : 3;
+ unsigned int type : 2;
+ unsigned int version : 3;
+} AccessTokenIDInner;
+
+typedef enum TypeATokenTypeEnum {
+ TOKEN_INVALID = -1,
+ TOKEN_HAP = 0,
+ TOKEN_NATIVE,
+} ATokenTypeEnum;
+
+typedef enum TypeATokenAplEnum {
+ APL_NORMAL = 1,
+ APL_SYSTEM_BASIC = 2,
+ APL_SYSTEM_CORE = 3,
+} ATokenAplEnum;
+
+typedef union {
+ unsigned long long tokenIDEx;
+ struct {
+ AccessTokenID tokenID;
+ AccessTokenAttr tokenAttr;
+ } tokenIdExStruct;
+} AccessTokenIDEx;
+
+typedef enum TypePermissionState {
+ PERMISSION_DENIED = -1,
+ PERMISSION_GRANTED = 0,
+} PermissionState;
+
+typedef enum TypeGrantMode {
+ USER_GRANT = 0,
+ SYSTEM_GRANT = 1,
+} GrantMode;
+
+typedef enum TypePermissionFlag {
+ PERMISSION_USER_SET = 1 << 0,
+ PERMISSION_USER_FIXED = 1 << 1,
+ PERMISSION_SYSTEM_FIXED = 1 << 2,
+} PermissionFlag;
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
+#endif // ACCESS_TOKEN_DEF_H
diff --git a/interfaces/innerkits/accesstoken/main/cpp/include/accesstoken.h b/interfaces/innerkits/accesstoken/include/accesstoken.h
old mode 100644
new mode 100755
similarity index 100%
rename from interfaces/innerkits/accesstoken/main/cpp/include/accesstoken.h
rename to interfaces/innerkits/accesstoken/include/accesstoken.h
diff --git a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h
new file mode 100644
index 0000000000000000000000000000000000000000..495f451d9de18a8ea95305f16d8fef812470bf84
--- /dev/null
+++ b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h
@@ -0,0 +1,68 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef INTERFACES_INNER_KITS_ACCESSTOKEN_KIT_H
+#define INTERFACES_INNER_KITS_ACCESSTOKEN_KIT_H
+
+#include
+#include
+
+#include "access_token.h"
+#include "hap_token_info.h"
+#include "native_token_info.h"
+#include "permission_def.h"
+#include "permission_state_full.h"
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+class AccessTokenKit {
+public:
+ static AccessTokenIDEx AllocHapToken(const HapInfoParams& info, const HapPolicyParams& policy);
+ static AccessTokenID AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID);
+ static int UpdateHapToken(AccessTokenID tokenID, const std::string& appIDDesc, const HapPolicyParams& policy);
+ static int DeleteToken(AccessTokenID tokenID);
+ /* Get token type by ATM service */
+ static ATokenTypeEnum GetTokenType(AccessTokenID tokenID);
+ /* Get token type from flag in tokenId, which doesn't depend on ATM service */
+ static ATokenTypeEnum GetTokenTypeFlag(AccessTokenID tokenID);
+ static int CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap);
+ static AccessTokenID GetHapTokenID(int userID, const std::string& bundleName, int instIndex);
+ static int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& hapTokenInfoRes);
+ static int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfo& nativeTokenInfoRes);
+ static int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName);
+ static int VerifyAccessToken(
+ AccessTokenID callerTokenID, AccessTokenID firstTokenID, const std::string& permissionName);
+ static int GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult);
+ static int GetDefPermissions(AccessTokenID tokenID, std::vector& permList);
+ static int GetReqPermissions(
+ AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant);
+ static int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName);
+ static int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag);
+ static int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag);
+ static int ClearUserGrantedPermissionState(AccessTokenID tokenID);
+ static int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSync& hapSync);
+ static int GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes);
+ static int SetRemoteHapTokenInfo(const std::string& deviceID, const HapTokenInfoForSync& hapSync);
+ static int SetRemoteNativeTokenInfo(const std::string& deviceID,
+ std::vector& nativeTokenInfoList);
+ static int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID);
+ static int DeleteRemoteDeviceTokens(const std::string& deviceID);
+ static int DumpToken(std::string& dumpInfo);
+};
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
+#endif
diff --git a/interfaces/innerkits/accesstoken/include/hap_token_info.h b/interfaces/innerkits/accesstoken/include/hap_token_info.h
new file mode 100644
index 0000000000000000000000000000000000000000..1d38ae6840fb11aa908edfbc1485e9d98f2fdfb1
--- /dev/null
+++ b/interfaces/innerkits/accesstoken/include/hap_token_info.h
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef ACCESSTOKEN_HAP_TOKEN_INFO_H
+#define ACCESSTOKEN_HAP_TOKEN_INFO_H
+
+#include "access_token.h"
+#include "permission_def.h"
+#include "permission_state_full.h"
+#include
+#include
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+class HapInfoParams final {
+public:
+ int userID;
+ std::string bundleName;
+ int instIndex;
+ std::string appIDDesc;
+};
+
+class HapPolicyParams final {
+public:
+ ATokenAplEnum apl;
+ std::string domain;
+ std::vector permList;
+ std::vector permStateList;
+};
+
+class HapTokenInfo final {
+public:
+ ATokenAplEnum apl;
+ char ver;
+ int userID;
+ std::string bundleName;
+ int instIndex;
+ std::string appID;
+ std::string deviceID;
+ AccessTokenID tokenID;
+ AccessTokenAttr tokenAttr;
+};
+
+class HapTokenInfoForSync final {
+public:
+ HapTokenInfo baseInfo;
+ std::vector permStateList;
+};
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
+#endif // ACCESSTOKEN_HAP_TOKEN_INFO_H
diff --git a/interfaces/innerkits/accesstoken/include/native_token_info.h b/interfaces/innerkits/accesstoken/include/native_token_info.h
new file mode 100644
index 0000000000000000000000000000000000000000..60b427f3598d5fc059a3f4fa10ab15d185a01f0c
--- /dev/null
+++ b/interfaces/innerkits/accesstoken/include/native_token_info.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef ACCESSTOKEN_NATIVE_TOKEN_INFO_H
+#define ACCESSTOKEN_NATIVE_TOKEN_INFO_H
+
+#include "access_token.h"
+#include
+#include
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+class NativeTokenInfo final {
+public:
+ ATokenAplEnum apl;
+ unsigned char ver;
+ std::string processName;
+ std::vector dcap;
+ AccessTokenID tokenID;
+ AccessTokenAttr tokenAttr;
+};
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
+#endif // ACCESSTOKEN_NATIVE_TOKEN_INFO_H
diff --git a/interfaces/innerkits/accesstoken/include/permission_def.h b/interfaces/innerkits/accesstoken/include/permission_def.h
new file mode 100644
index 0000000000000000000000000000000000000000..f3cc81b63cd1062be2c225b6de4bd4f71339805e
--- /dev/null
+++ b/interfaces/innerkits/accesstoken/include/permission_def.h
@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef INTERFACES_INNER_KITS_ACCESSTOKEN_PERMISSION_DEF_H
+#define INTERFACES_INNER_KITS_ACCESSTOKEN_PERMISSION_DEF_H
+
+#include
+
+#include "access_token.h"
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+class PermissionDef final {
+public:
+ std::string permissionName;
+ std::string bundleName;
+ int grantMode;
+ TypeATokenAplEnum availableLevel;
+ bool provisionEnable;
+ bool distributedSceneEnable;
+ std::string label;
+ int labelId;
+ std::string description;
+ int descriptionId;
+};
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
+
+#endif // INTERFACES_INNER_KITS_ACCESSTOKEN_PERMISSION_DEF_H
diff --git a/interfaces/innerkits/accesstoken/include/permission_state_full.h b/interfaces/innerkits/accesstoken/include/permission_state_full.h
new file mode 100644
index 0000000000000000000000000000000000000000..7805a3d9e7ac5698ddc9325ff4910046668f5004
--- /dev/null
+++ b/interfaces/innerkits/accesstoken/include/permission_state_full.h
@@ -0,0 +1,36 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef INTERFACES_INNER_KITS_ACCESSTOKEN_PERMISSION_STATE_FULL_H
+#define INTERFACES_INNER_KITS_ACCESSTOKEN_PERMISSION_STATE_FULL_H
+
+#include
+#include
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+class PermissionStateFull final {
+public:
+ std::string permissionName;
+ bool isGeneral;
+ std::vector resDeviceID;
+ std::vector grantStatus;
+ std::vector grantFlags;
+};
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
+#endif // INTERFACES_INNER_KITS_ACCESSTOKEN_PERMISSION_STATE_FULL_H
diff --git a/interfaces/innerkits/accesstoken/main/cpp/src/accesstoken_manager_proxy.cpp b/interfaces/innerkits/accesstoken/main/cpp/src/accesstoken_manager_proxy.cpp
deleted file mode 100644
index ce8d6ec7f793bf28900da3a21276e24233863a88..0000000000000000000000000000000000000000
--- a/interfaces/innerkits/accesstoken/main/cpp/src/accesstoken_manager_proxy.cpp
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include "accesstoken_manager_proxy.h"
-
-#include "accesstoken_log.h"
-
-#include "parcel.h"
-#include "string_ex.h"
-
-namespace OHOS {
-namespace Security {
-namespace AccessToken {
-namespace {
-static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AccessTokenManagerProxy"};
-}
-
-AccessTokenManagerProxy::AccessTokenManagerProxy(const sptr& impl)
- : IRemoteProxy(impl)
-{}
-
-AccessTokenManagerProxy::~AccessTokenManagerProxy()
-{}
-
-int AccessTokenManagerProxy::VerifyAccesstoken(AccessTokenID tokenID, const std::string& permissionName)
-{
- MessageParcel data;
- data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
- if (!data.WriteUint32(tokenID)) {
- ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: Failed to write tokenID", __func__);
- return PERMISSION_DENIED;
- }
- if (!data.WriteString(permissionName)) {
- ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: Failed to write permissionName", __func__);
- return PERMISSION_DENIED;
- }
-
- MessageParcel reply;
- MessageOption option;
- sptr remote = Remote();
- if (remote == nullptr) {
- ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: remote service null.", __func__);
- return PERMISSION_DENIED;
- }
- int32_t requestResult = remote->SendRequest(
- static_cast(IAccessTokenManager::InterfaceCode::VERIFY_ACCESSTOKEN), data, reply, option);
- if (requestResult != NO_ERROR) {
- ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s send request fail, result: %{public}d", __func__, requestResult);
- return PERMISSION_DENIED;
- }
-
- int32_t result = reply.ReadInt32();
- ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s get result from server data = %{public}d", __func__, result);
- return result;
-}
-
-} // namespace AccessToken
-} // namespace Security
-} // namespace OHOS
\ No newline at end of file
diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..dbdad0dabddef5fa2bad6a598504565c3634d143
--- /dev/null
+++ b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp
@@ -0,0 +1,330 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "accesstoken_kit.h"
+
+#include
+#include
+
+#include "accesstoken_log.h"
+#include "accesstoken_manager_client.h"
+#include "data_validator.h"
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+namespace {
+static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AccessTokenKit"};
+} // namespace
+
+AccessTokenIDEx AccessTokenKit::AllocHapToken(const HapInfoParams& info, const HapPolicyParams& policy)
+{
+ AccessTokenIDEx res = {0};
+ ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__);
+ if ((!DataValidator::IsUserIdValid(info.userID)) || !DataValidator::IsAppIDDescValid(info.appIDDesc)
+ || !DataValidator::IsBundleNameValid(info.bundleName) || !DataValidator::IsAplNumValid(policy.apl)
+ || !DataValidator::IsDomainValid(policy.domain)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "input param failed");
+ return res;
+ }
+
+ return AccessTokenManagerClient::GetInstance().AllocHapToken(info, policy);
+}
+
+AccessTokenID AccessTokenKit::AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, deviceID=%{public}s tokenID=%{public}d",
+ __func__, remoteDeviceID.c_str(), remoteTokenID);
+ return AccessTokenManagerClient::GetInstance().AllocLocalTokenID(remoteDeviceID, remoteTokenID);
+}
+
+int AccessTokenKit::UpdateHapToken(AccessTokenID tokenID, const std::string& appIDDesc, const HapPolicyParams& policy)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__);
+ if ((tokenID == 0) || (!DataValidator::IsAppIDDescValid(appIDDesc))
+ || (!DataValidator::IsAplNumValid(policy.apl))) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "input param failed");
+ return RET_FAILED;
+ }
+ return AccessTokenManagerClient::GetInstance().UpdateHapToken(tokenID, appIDDesc, policy);
+}
+
+int AccessTokenKit::DeleteToken(AccessTokenID tokenID)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__);
+ if (tokenID == 0) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID is invalid");
+ return RET_FAILED;
+ }
+ ACCESSTOKEN_LOG_INFO(LABEL, "tokenID=%{public}d", tokenID);
+ return AccessTokenManagerClient::GetInstance().DeleteToken(tokenID);
+}
+
+ATokenTypeEnum AccessTokenKit::GetTokenType(AccessTokenID tokenID)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__);
+ if (tokenID == 0) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID is invalid");
+ return TOKEN_INVALID;
+ }
+ ACCESSTOKEN_LOG_INFO(LABEL, "tokenID=%{public}d", tokenID);
+ return AccessTokenManagerClient::GetInstance().GetTokenType(tokenID);
+}
+
+ATokenTypeEnum AccessTokenKit::GetTokenTypeFlag(AccessTokenID tokenID)
+{
+ if (tokenID == 0) {
+ return TOKEN_INVALID;
+ }
+ AccessTokenIDInner *idInner = (AccessTokenIDInner *)&tokenID;
+ return (ATokenTypeEnum)(idInner->type);
+}
+
+int AccessTokenKit::CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__);
+ if (tokenID == 0) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID is invalid");
+ return RET_FAILED;
+ }
+ if (!DataValidator::IsDcapValid(dcap)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "dcap is invalid");
+ return RET_FAILED;
+ }
+ ACCESSTOKEN_LOG_INFO(LABEL, "tokenID=%{public}d, dcap=%{public}s", tokenID, dcap.c_str());
+ return AccessTokenManagerClient::GetInstance().CheckNativeDCap(tokenID, dcap);
+}
+
+AccessTokenID AccessTokenKit::GetHapTokenID(int userID, const std::string& bundleName, int instIndex)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__);
+ if (!DataValidator::IsUserIdValid(userID) || !DataValidator::IsBundleNameValid(bundleName)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "hap token param failed");
+ return 0;
+ }
+ ACCESSTOKEN_LOG_INFO(LABEL, "int userID=%{public}d, bundleName=%{public}s, instIndex=%{public}d",
+ userID, bundleName.c_str(), instIndex);
+ return AccessTokenManagerClient::GetInstance().GetHapTokenID(userID, bundleName, instIndex);
+}
+
+int AccessTokenKit::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& hapTokenInfoRes)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__);
+ if (tokenID == 0) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID is invalid");
+ return RET_FAILED;
+ }
+ ACCESSTOKEN_LOG_INFO(LABEL, "tokenID=%{public}d", tokenID);
+
+ return AccessTokenManagerClient::GetInstance().GetHapTokenInfo(tokenID, hapTokenInfoRes);
+}
+
+int AccessTokenKit::GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfo& nativeTokenInfoRes)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__);
+ ACCESSTOKEN_LOG_INFO(LABEL, "tokenID=%{public}d", tokenID);
+
+ return AccessTokenManagerClient::GetInstance().GetNativeTokenInfo(tokenID, nativeTokenInfoRes);
+}
+
+int AccessTokenKit::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__);
+ if (tokenID == 0) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID is invalid");
+ return PERMISSION_DENIED;
+ }
+ if (!DataValidator::IsPermissionNameValid(permissionName)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "permissionName is invalid");
+ return PERMISSION_DENIED;
+ }
+ ACCESSTOKEN_LOG_INFO(LABEL, "tokenID=%{public}d, permissionName=%{public}s", tokenID, permissionName.c_str());
+ return AccessTokenManagerClient::GetInstance().VerifyAccessToken(tokenID, permissionName);
+}
+
+int AccessTokenKit::VerifyAccessToken(
+ AccessTokenID callerTokenID, AccessTokenID firstTokenID, const std::string& permissionName)
+{
+ int ret = AccessTokenKit::VerifyAccessToken(callerTokenID, permissionName);
+ if (ret != PERMISSION_GRANTED) {
+ return ret;
+ }
+ if (firstTokenID == FIRSTCALLER_TOKENID_DEFAULT) {
+ return ret;
+ }
+ return AccessTokenKit::VerifyAccessToken(firstTokenID, permissionName);
+}
+
+int AccessTokenKit::GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__);
+ if (!DataValidator::IsPermissionNameValid(permissionName)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "permissionName is invalid");
+ return RET_FAILED;
+ }
+ ACCESSTOKEN_LOG_INFO(LABEL, "permissionName=%{public}s", permissionName.c_str());
+
+ int ret = AccessTokenManagerClient::GetInstance().GetDefPermission(permissionName, permissionDefResult);
+ ACCESSTOKEN_LOG_INFO(LABEL, "GetDefPermission bundleName = %{public}s", permissionDefResult.bundleName.c_str());
+
+ return ret;
+}
+
+int AccessTokenKit::GetDefPermissions(AccessTokenID tokenID, std::vector& permDefList)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__);
+ if (tokenID == 0) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID is invalid");
+ return RET_FAILED;
+ }
+ ACCESSTOKEN_LOG_INFO(LABEL, "tokenID=%{public}d", tokenID);
+
+ return AccessTokenManagerClient::GetInstance().GetDefPermissions(tokenID, permDefList);
+}
+
+int AccessTokenKit::GetReqPermissions(
+ AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__);
+ if (tokenID == 0) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID is invalid");
+ return RET_FAILED;
+ }
+ ACCESSTOKEN_LOG_INFO(LABEL, "tokenID=%{public}d, isSystemGrant=%{public}d", tokenID, isSystemGrant);
+
+ return AccessTokenManagerClient::GetInstance().GetReqPermissions(tokenID, reqPermList, isSystemGrant);
+}
+
+int AccessTokenKit::GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__);
+ if (tokenID == 0) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID is invalid");
+ return DEFAULT_PERMISSION_FLAGS;
+ }
+ if (!DataValidator::IsPermissionNameValid(permissionName)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "permissionName is invalid");
+ return DEFAULT_PERMISSION_FLAGS;
+ }
+ ACCESSTOKEN_LOG_INFO(LABEL, "tokenID=%{public}d, permissionName=%{public}s", tokenID, permissionName.c_str());
+ return AccessTokenManagerClient::GetInstance().GetPermissionFlag(tokenID, permissionName);
+}
+
+int AccessTokenKit::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__);
+ if (tokenID == 0) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID is invalid");
+ return RET_FAILED;
+ }
+ if (!DataValidator::IsPermissionNameValid(permissionName)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "permissionName is invalid");
+ return RET_FAILED;
+ }
+ if (!DataValidator::IsPermissionFlagValid(flag)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "flag is invalid");
+ return RET_FAILED;
+ }
+ ACCESSTOKEN_LOG_INFO(LABEL, "tokenID=%{public}d, permissionName=%{public}s, flag=%{public}d",
+ tokenID, permissionName.c_str(), flag);
+ return AccessTokenManagerClient::GetInstance().GrantPermission(tokenID, permissionName, flag);
+}
+
+int AccessTokenKit::RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__);
+ if (tokenID == 0) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID is invalid");
+ return RET_FAILED;
+ }
+ if (!DataValidator::IsPermissionNameValid(permissionName)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "permissionName is invalid");
+ return RET_FAILED;
+ }
+ if (!DataValidator::IsPermissionFlagValid(flag)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "flag is invalid");
+ return RET_FAILED;
+ }
+ ACCESSTOKEN_LOG_INFO(LABEL, "tokenID=%{public}d, permissionName=%{public}s, flag=%{public}d",
+ tokenID, permissionName.c_str(), flag);
+ return AccessTokenManagerClient::GetInstance().RevokePermission(tokenID, permissionName, flag);
+}
+
+int AccessTokenKit::ClearUserGrantedPermissionState(AccessTokenID tokenID)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__);
+ if (tokenID == 0) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID is invalid");
+ return RET_FAILED;
+ }
+ ACCESSTOKEN_LOG_INFO(LABEL, "tokenID=%{public}d", tokenID);
+ return AccessTokenManagerClient::GetInstance().ClearUserGrantedPermissionState(tokenID);
+}
+
+int AccessTokenKit::GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSync& hapSync)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__);
+ if (tokenID == 0) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID is invalid");
+ return RET_FAILED;
+ }
+ ACCESSTOKEN_LOG_INFO(LABEL, "tokenID=%{public}d", tokenID);
+
+ return AccessTokenManagerClient::GetInstance().GetHapTokenInfoFromRemote(tokenID, hapSync);
+}
+
+int AccessTokenKit::GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__);
+
+ return AccessTokenManagerClient::GetInstance().GetAllNativeTokenInfo(nativeTokenInfosRes);
+}
+
+int AccessTokenKit::SetRemoteHapTokenInfo(const std::string& deviceID,
+ const HapTokenInfoForSync& hapSync)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, deviceID=%{public}s tokenID=%{public}d",
+ __func__, deviceID.c_str(), hapSync.baseInfo.tokenID);
+ return AccessTokenManagerClient::GetInstance().SetRemoteHapTokenInfo(deviceID, hapSync);
+}
+
+int AccessTokenKit::SetRemoteNativeTokenInfo(const std::string& deviceID,
+ std::vector& nativeTokenInfoList)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, deviceID=%{public}s", __func__, deviceID.c_str());
+ return AccessTokenManagerClient::GetInstance()
+ .SetRemoteNativeTokenInfo(deviceID, nativeTokenInfoList);
+}
+
+int AccessTokenKit::DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, deviceID=%{public}s tokenID=%{public}d",
+ __func__, deviceID.c_str(), tokenID);
+ return AccessTokenManagerClient::GetInstance().DeleteRemoteToken(deviceID, tokenID);
+}
+
+int AccessTokenKit::DeleteRemoteDeviceTokens(const std::string& deviceID)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, deviceID=%{public}s", __func__, deviceID.c_str());
+ return AccessTokenManagerClient::GetInstance().DeleteRemoteDeviceTokens(deviceID);
+}
+
+int AccessTokenKit::DumpToken(std::string& dumpInfo)
+{
+ return AccessTokenManagerClient::GetInstance().DumpToken(dumpInfo);
+}
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..f7e5d4f0dfd56ddf023a4424ca14f1c58e25c8b9
--- /dev/null
+++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp
@@ -0,0 +1,404 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "accesstoken_manager_client.h"
+
+#include "accesstoken_log.h"
+#include "accesstoken_manager_proxy.h"
+#include "hap_token_info.h"
+#include "hap_token_info_for_sync_parcel.h"
+#include "iservice_registry.h"
+#include "native_token_info.h"
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+namespace {
+static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {
+ LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AccessTokenManagerClient"
+};
+} // namespace
+
+AccessTokenManagerClient& AccessTokenManagerClient::GetInstance()
+{
+ static AccessTokenManagerClient instance;
+ return instance;
+}
+
+AccessTokenManagerClient::AccessTokenManagerClient()
+{}
+
+AccessTokenManagerClient::~AccessTokenManagerClient()
+{}
+
+int AccessTokenManagerClient::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName)
+{
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+ auto proxy = GetProxy();
+ if (proxy == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
+ return PERMISSION_DENIED;
+ }
+ return proxy->VerifyAccessToken(tokenID, permissionName);
+}
+
+int AccessTokenManagerClient::GetDefPermission(
+ const std::string& permissionName, PermissionDef& permissionDefResult)
+{
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+ auto proxy = GetProxy();
+ if (proxy == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
+ return RET_FAILED;
+ }
+ PermissionDefParcel permissionDefParcel;
+ int result = proxy->GetDefPermission(permissionName, permissionDefParcel);
+ permissionDefResult = permissionDefParcel.permissionDef;
+ return result;
+}
+
+int AccessTokenManagerClient::GetDefPermissions(AccessTokenID tokenID, std::vector& permList)
+{
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+ auto proxy = GetProxy();
+ if (proxy == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
+ return RET_FAILED;
+ }
+ std::vector parcelList;
+ int result = proxy->GetDefPermissions(tokenID, parcelList);
+ for (auto permParcel : parcelList) {
+ PermissionDef perm = permParcel.permissionDef;
+ permList.emplace_back(perm);
+ }
+ return result;
+}
+
+int AccessTokenManagerClient::GetReqPermissions(
+ AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant)
+{
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+ auto proxy = GetProxy();
+ if (proxy == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
+ return RET_FAILED;
+ }
+ std::vector parcelList;
+ int result = proxy->GetReqPermissions(tokenID, parcelList, isSystemGrant);
+ for (auto permParcel : parcelList) {
+ PermissionStateFull perm = permParcel.permStatFull;
+ reqPermList.emplace_back(perm);
+ }
+ return result;
+}
+
+int AccessTokenManagerClient::GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName)
+{
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+ auto proxy = GetProxy();
+ if (proxy == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
+ return DEFAULT_PERMISSION_FLAGS;
+ }
+ return proxy->GetPermissionFlag(tokenID, permissionName);
+}
+
+int AccessTokenManagerClient::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag)
+{
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+ auto proxy = GetProxy();
+ if (proxy == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
+ return RET_FAILED;
+ }
+ return proxy->GrantPermission(tokenID, permissionName, flag);
+}
+
+int AccessTokenManagerClient::RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag)
+{
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+ auto proxy = GetProxy();
+ if (proxy == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
+ return RET_FAILED;
+ }
+ return proxy->RevokePermission(tokenID, permissionName, flag);
+}
+
+int AccessTokenManagerClient::ClearUserGrantedPermissionState(AccessTokenID tokenID)
+{
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+ auto proxy = GetProxy();
+ if (proxy == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
+ return RET_FAILED;
+ }
+ return proxy->ClearUserGrantedPermissionState(tokenID);
+}
+
+AccessTokenIDEx AccessTokenManagerClient::AllocHapToken(const HapInfoParams& info, const HapPolicyParams& policy)
+{
+ AccessTokenIDEx res = { 0 };
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+ auto proxy = GetProxy();
+ if (proxy == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
+ return res;
+ }
+ HapInfoParcel hapInfoParcel;
+ HapPolicyParcel hapPolicyParcel;
+ hapInfoParcel.hapInfoParameter = info;
+ hapPolicyParcel.hapPolicyParameter = policy;
+
+ return proxy->AllocHapToken(hapInfoParcel, hapPolicyParcel);
+}
+
+int AccessTokenManagerClient::DeleteToken(AccessTokenID tokenID)
+{
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+ auto proxy = GetProxy();
+ if (proxy == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
+ return RET_FAILED;
+ }
+ return proxy->DeleteToken(tokenID);
+}
+
+ATokenTypeEnum AccessTokenManagerClient::GetTokenType(AccessTokenID tokenID)
+{
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+ auto proxy = GetProxy();
+ if (proxy == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
+ return TOKEN_INVALID;
+ }
+ return (ATokenTypeEnum)(proxy->GetTokenType(tokenID));
+}
+
+int AccessTokenManagerClient::CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap)
+{
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+ auto proxy = GetProxy();
+ if (proxy == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
+ return RET_FAILED;
+ }
+ return proxy->CheckNativeDCap(tokenID, dcap);
+}
+
+AccessTokenID AccessTokenManagerClient::GetHapTokenID(int userID, const std::string& bundleName, int instIndex)
+{
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+ auto proxy = GetProxy();
+ if (proxy == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
+ return RET_FAILED;
+ }
+ return proxy->GetHapTokenID(userID, bundleName, instIndex);
+}
+
+AccessTokenID AccessTokenManagerClient::AllocLocalTokenID(
+ const std::string& remoteDeviceID, AccessTokenID remoteTokenID)
+{
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+ auto proxy = GetProxy();
+ if (proxy == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
+ return RET_FAILED;
+ }
+ return proxy->AllocLocalTokenID(remoteDeviceID, remoteTokenID);
+}
+
+int AccessTokenManagerClient::UpdateHapToken(
+ AccessTokenID tokenID, const std::string& appIDDesc, const HapPolicyParams& policy)
+{
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+ auto proxy = GetProxy();
+ if (proxy == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
+ return RET_FAILED;
+ }
+ HapPolicyParcel hapPolicyParcel;
+ hapPolicyParcel.hapPolicyParameter = policy;
+ return proxy->UpdateHapToken(tokenID, appIDDesc, hapPolicyParcel);
+}
+
+int AccessTokenManagerClient::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& hapTokenInfoRes)
+{
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+ auto proxy = GetProxy();
+ if (proxy == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
+ return RET_FAILED;
+ }
+ HapTokenInfoParcel hapTokenInfoParcel;
+ int res = proxy->GetHapTokenInfo(tokenID, hapTokenInfoParcel);
+
+ hapTokenInfoRes = hapTokenInfoParcel.hapTokenInfoParams;
+ return res;
+}
+
+int AccessTokenManagerClient::GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfo& nativeTokenInfoRes)
+{
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+ auto proxy = GetProxy();
+ if (proxy == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
+ return RET_FAILED;
+ }
+ NativeTokenInfoParcel nativeTokenInfoParcel;
+ int res = proxy->GetNativeTokenInfo(tokenID, nativeTokenInfoParcel);
+ nativeTokenInfoRes = nativeTokenInfoParcel.nativeTokenInfoParams;
+ return res;
+}
+
+int AccessTokenManagerClient::GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSync& hapSync)
+{
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+ auto proxy = GetProxy();
+ if (proxy == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
+ return RET_FAILED;
+ }
+
+ HapTokenInfoForSyncParcel hapSyncParcel;
+ int res = proxy->GetHapTokenInfoFromRemote(tokenID, hapSyncParcel);
+ hapSync = hapSyncParcel.hapTokenInfoForSyncParams;
+ return res;
+}
+
+int AccessTokenManagerClient::GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes)
+{
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+ auto proxy = GetProxy();
+ if (proxy == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
+ return RET_FAILED;
+ }
+
+ std::vector parcelList;
+ int result = proxy->GetAllNativeTokenInfo(parcelList);
+ for (auto nativeTokenParcel : parcelList) {
+ NativeTokenInfo native = nativeTokenParcel.nativeTokenInfoParams;
+ nativeTokenInfosRes.emplace_back(native);
+ }
+
+ return result;
+}
+
+int AccessTokenManagerClient::SetRemoteHapTokenInfo(const std::string& deviceID, const HapTokenInfoForSync& hapSync)
+{
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+ auto proxy = GetProxy();
+ if (proxy == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
+ return RET_FAILED;
+ }
+
+ HapTokenInfoForSyncParcel hapSyncParcel;
+ hapSyncParcel.hapTokenInfoForSyncParams = hapSync;
+
+ int res = proxy->SetRemoteHapTokenInfo(deviceID, hapSyncParcel);
+ return res;
+}
+
+int AccessTokenManagerClient::SetRemoteNativeTokenInfo(const std::string& deviceID,
+ std::vector& nativeTokenInfoList)
+{
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+ auto proxy = GetProxy();
+ if (proxy == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
+ return RET_FAILED;
+ }
+ std::vector hapTokenInfoParcels;
+ for (auto native : nativeTokenInfoList) {
+ NativeTokenInfoParcel nativeTokenInfoParcel;
+ nativeTokenInfoParcel.nativeTokenInfoParams = native;
+ hapTokenInfoParcels.emplace_back(nativeTokenInfoParcel);
+ }
+ PermissionStateFullParcel permStateParcel;
+ int res = proxy->SetRemoteNativeTokenInfo(deviceID, hapTokenInfoParcels);
+ return res;
+}
+
+int AccessTokenManagerClient::DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID)
+{
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+ auto proxy = GetProxy();
+ if (proxy == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
+ return RET_FAILED;
+ }
+
+ int res = proxy->DeleteRemoteToken(deviceID, tokenID);
+ return res;
+}
+
+int AccessTokenManagerClient::DeleteRemoteDeviceTokens(const std::string& deviceID)
+{
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+ auto proxy = GetProxy();
+ if (proxy == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
+ return RET_FAILED;
+ }
+
+ int res = proxy->DeleteRemoteDeviceTokens(deviceID);
+ return res;
+}
+
+int AccessTokenManagerClient::DumpToken(std::string& dumpInfo)
+{
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+ auto proxy = GetProxy();
+ if (proxy == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
+ return RET_FAILED;
+ }
+ AccessTokenID res = proxy->DumpToken(dumpInfo);
+ return res;
+}
+
+sptr AccessTokenManagerClient::GetProxy()
+{
+ if (proxy_ == nullptr) {
+ std::lock_guard lock(proxyMutex_);
+ if (proxy_ == nullptr) {
+ auto sam = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
+ if (sam == nullptr) {
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "GetSystemAbilityManager is null");
+ return nullptr;
+ }
+ auto accesstokenSa = sam->GetSystemAbility(IAccessTokenManager::SA_ID_ACCESSTOKEN_MANAGER_SERVICE);
+ if (accesstokenSa == nullptr) {
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "GetSystemAbility %{public}d is null",
+ IAccessTokenManager::SA_ID_ACCESSTOKEN_MANAGER_SERVICE);
+ return nullptr;
+ }
+
+ auto proxy = iface_cast(accesstokenSa);
+ if (proxy == nullptr) {
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "iface_cast get null");
+ return nullptr;
+ }
+ proxy_ = proxy;
+ }
+ }
+ return proxy_;
+}
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h
new file mode 100644
index 0000000000000000000000000000000000000000..d3cc13fcafe7b3aaeb3fa8efd0cd8f3e6e0ec39c
--- /dev/null
+++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h
@@ -0,0 +1,80 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef ACCESSTOKEN_MANAGER_CLIENT_H
+#define ACCESSTOKEN_MANAGER_CLIENT_H
+
+#include
+#include
+#include
+
+#include "access_token.h"
+#include "hap_info_parcel.h"
+#include "hap_policy_parcel.h"
+#include "hap_token_info.h"
+#include "i_accesstoken_manager.h"
+#include "native_token_info.h"
+#include "nocopyable.h"
+#include "permission_def.h"
+#include "permission_state_full.h"
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+class AccessTokenManagerClient final {
+public:
+ static AccessTokenManagerClient& GetInstance();
+
+ virtual ~AccessTokenManagerClient();
+
+ int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName);
+ int GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult);
+ int GetDefPermissions(AccessTokenID tokenID, std::vector& permList);
+ int GetReqPermissions(
+ AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant);
+ int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName);
+ int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag);
+ int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag);
+ int ClearUserGrantedPermissionState(AccessTokenID tokenID);
+ AccessTokenIDEx AllocHapToken(const HapInfoParams& info, const HapPolicyParams& policy);
+ int DeleteToken(AccessTokenID tokenID);
+ ATokenTypeEnum GetTokenType(AccessTokenID tokenID);
+ int CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap);
+ AccessTokenID GetHapTokenID(int userID, const std::string& bundleName, int instIndex);
+ AccessTokenID AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID);
+ int UpdateHapToken(AccessTokenID tokenID, const std::string& appIDDesc, const HapPolicyParams& policy);
+ int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& hapTokenInfoRes);
+ int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfo& nativeTokenInfoRes);
+ int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSync& hapSync);
+ int GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes);
+ int SetRemoteHapTokenInfo(const std::string& deviceID, const HapTokenInfoForSync& hapSync);
+ int SetRemoteNativeTokenInfo(const std::string& deviceID,
+ std::vector& nativeTokenInfoList);
+ int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID);
+ int DeleteRemoteDeviceTokens(const std::string& deviceID);
+ int DumpToken(std::string& dumpInfo);
+
+private:
+ AccessTokenManagerClient();
+
+ DISALLOW_COPY_AND_MOVE(AccessTokenManagerClient);
+ std::mutex proxyMutex_;
+ sptr proxy_ = nullptr;
+ sptr GetProxy();
+};
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
+#endif // ACCESSTOKEN_MANAGER_CLIENT_H
diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..e34fd92521c8517ab0b101c2458c13452ca5f97f
--- /dev/null
+++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp
@@ -0,0 +1,830 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "accesstoken_manager_proxy.h"
+
+#include "accesstoken_log.h"
+
+#include "parcel.h"
+#include "string_ex.h"
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+namespace {
+static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AccessTokenManagerProxy"};
+}
+
+AccessTokenManagerProxy::AccessTokenManagerProxy(const sptr& impl)
+ : IRemoteProxy(impl) {
+}
+
+AccessTokenManagerProxy::~AccessTokenManagerProxy()
+{}
+
+int AccessTokenManagerProxy::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName)
+{
+ MessageParcel data;
+ data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
+ if (!data.WriteUint32(tokenID)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID");
+ return PERMISSION_DENIED;
+ }
+ if (!data.WriteString(permissionName)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write permissionName");
+ return PERMISSION_DENIED;
+ }
+
+ MessageParcel reply;
+ MessageOption option;
+ sptr remote = Remote();
+ if (remote == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "remote service null.");
+ return PERMISSION_DENIED;
+ }
+ int32_t requestResult = remote->SendRequest(
+ static_cast(IAccessTokenManager::InterfaceCode::VERIFY_ACCESSTOKEN), data, reply, option);
+ if (requestResult != NO_ERROR) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "request fail, result: %{public}d", requestResult);
+ return PERMISSION_DENIED;
+ }
+
+ int32_t result = reply.ReadInt32();
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "result from server data = %{public}d", result);
+ return result;
+}
+
+int AccessTokenManagerProxy::GetDefPermission(
+ const std::string& permissionName, PermissionDefParcel& permissionDefResult)
+{
+ MessageParcel data;
+ data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
+ if (!data.WriteString(permissionName)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write permissionName");
+ return RET_FAILED;
+ }
+
+ MessageParcel reply;
+ MessageOption option;
+ sptr remote = Remote();
+ if (remote == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "remote service null.");
+ return RET_FAILED;
+ }
+ int32_t requestResult = remote->SendRequest(
+ static_cast(IAccessTokenManager::InterfaceCode::GET_DEF_PERMISSION), data, reply, option);
+ if (requestResult != NO_ERROR) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "request fail, result: %{public}d", requestResult);
+ return RET_FAILED;
+ }
+
+ sptr resultSptr = reply.ReadParcelable();
+ if (resultSptr == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "read permission def parcel fail");
+ return RET_FAILED;
+ }
+ permissionDefResult = *resultSptr;
+ int32_t result = reply.ReadInt32();
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "result from server data = %{public}d", result);
+ return result;
+}
+
+int AccessTokenManagerProxy::GetDefPermissions(AccessTokenID tokenID,
+ std::vector& permList)
+{
+ MessageParcel data;
+ data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
+ if (!data.WriteUint32(tokenID)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID");
+ return RET_FAILED;
+ }
+
+ MessageParcel reply;
+ MessageOption option;
+ sptr remote = Remote();
+ if (remote == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "remote service null.");
+ return RET_FAILED;
+ }
+ int32_t requestResult = remote->SendRequest(
+ static_cast(IAccessTokenManager::InterfaceCode::GET_DEF_PERMISSIONS), data, reply, option);
+ if (requestResult != NO_ERROR) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "request fail, result: %{public}d", requestResult);
+ return RET_FAILED;
+ }
+
+ int32_t size = reply.ReadInt32();
+ for (int i = 0; i < size; i++) {
+ sptr permissionDef = reply.ReadParcelable();
+ if (permissionDef != nullptr) {
+ permList.emplace_back(*permissionDef);
+ }
+ }
+ int32_t result = reply.ReadInt32();
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "result from server data = %{public}d", result);
+ return result;
+}
+
+int AccessTokenManagerProxy::GetReqPermissions(
+ AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant)
+{
+ MessageParcel data;
+ data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
+ if (!data.WriteUint32(tokenID)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID");
+ return RET_FAILED;
+ }
+ if (!data.WriteInt32(isSystemGrant)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write isSystemGrant");
+ return RET_FAILED;
+ }
+
+ MessageParcel reply;
+ MessageOption option;
+ sptr remote = Remote();
+ if (remote == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "remote service null.");
+ return RET_FAILED;
+ }
+ int32_t requestResult = remote->SendRequest(
+ static_cast(IAccessTokenManager::InterfaceCode::GET_REQ_PERMISSIONS), data, reply, option);
+ if (requestResult != NO_ERROR) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "request fail, result: %{public}d", requestResult);
+ return RET_FAILED;
+ }
+
+ int32_t size = reply.ReadInt32();
+ for (int i = 0; i < size; i++) {
+ sptr permissionReq = reply.ReadParcelable();
+ if (permissionReq != nullptr) {
+ reqPermList.emplace_back(*permissionReq);
+ }
+ }
+ int32_t result = reply.ReadInt32();
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "result from server data = %{public}d", result);
+ return result;
+}
+
+int AccessTokenManagerProxy::GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName)
+{
+ MessageParcel data;
+ data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
+ if (!data.WriteUint32(tokenID)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID");
+ return DEFAULT_PERMISSION_FLAGS;
+ }
+ if (!data.WriteString(permissionName)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write permissionName");
+ return DEFAULT_PERMISSION_FLAGS;
+ }
+
+ MessageParcel reply;
+ MessageOption option;
+ sptr remote = Remote();
+ if (remote == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "remote service null.");
+ return DEFAULT_PERMISSION_FLAGS;
+ }
+ int32_t requestResult = remote->SendRequest(
+ static_cast(IAccessTokenManager::InterfaceCode::GET_PERMISSION_FLAG), data, reply, option);
+ if (requestResult != NO_ERROR) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "request fail, result: %{public}d", requestResult);
+ return DEFAULT_PERMISSION_FLAGS;
+ }
+
+ int32_t result = reply.ReadInt32();
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "result from server data = %{public}d", result);
+ return result;
+}
+
+int AccessTokenManagerProxy::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag)
+{
+ MessageParcel data;
+ data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
+ if (!data.WriteUint32(tokenID)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID");
+ return RET_FAILED;
+ }
+ if (!data.WriteString(permissionName)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write permissionName");
+ return RET_FAILED;
+ }
+ if (!data.WriteInt32(flag)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write flag");
+ return RET_FAILED;
+ }
+
+ MessageParcel reply;
+ MessageOption option;
+ sptr remote = Remote();
+ if (remote == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "remote service null.");
+ return RET_FAILED;
+ }
+ int32_t requestResult = remote->SendRequest(
+ static_cast(IAccessTokenManager::InterfaceCode::GRANT_PERMISSION), data, reply, option);
+ if (requestResult != NO_ERROR) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "request fail, result: %{public}d", requestResult);
+ return RET_FAILED;
+ }
+
+ int32_t result = reply.ReadInt32();
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "result from server data = %{public}d", result);
+ return result;
+}
+
+int AccessTokenManagerProxy::RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag)
+{
+ MessageParcel data;
+ data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
+ if (!data.WriteUint32(tokenID)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID");
+ return RET_FAILED;
+ }
+ if (!data.WriteString(permissionName)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write permissionName");
+ return RET_FAILED;
+ }
+ if (!data.WriteInt32(flag)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write flag");
+ return RET_FAILED;
+ }
+
+ MessageParcel reply;
+ MessageOption option;
+ sptr remote = Remote();
+ if (remote == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "remote service null.");
+ return RET_FAILED;
+ }
+ int32_t requestResult = remote->SendRequest(
+ static_cast(IAccessTokenManager::InterfaceCode::REVOKE_PERMISSION), data, reply, option);
+ if (requestResult != NO_ERROR) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "request fail, result: %{public}d", requestResult);
+ return RET_FAILED;
+ }
+
+ int32_t result = reply.ReadInt32();
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "result from server data = %{public}d", result);
+ return result;
+}
+
+int AccessTokenManagerProxy::ClearUserGrantedPermissionState(AccessTokenID tokenID)
+{
+ MessageParcel data;
+ data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
+ if (!data.WriteUint32(tokenID)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID");
+ return RET_FAILED;
+ }
+
+ MessageParcel reply;
+ MessageOption option;
+ sptr remote = Remote();
+ if (remote == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "remote service null.");
+ return RET_FAILED;
+ }
+ int32_t requestResult = remote->SendRequest(
+ static_cast(IAccessTokenManager::InterfaceCode::CLEAR_USER_GRANT_PERMISSION), data, reply, option);
+ if (requestResult != NO_ERROR) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "request fail, result: %{public}d", requestResult);
+ return RET_FAILED;
+ }
+
+ int32_t result = reply.ReadInt32();
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "result from server data = %{public}d", result);
+ return result;
+}
+
+AccessTokenIDEx AccessTokenManagerProxy::AllocHapToken(
+ const HapInfoParcel& hapInfo, const HapPolicyParcel& policyParcel)
+{
+ MessageParcel data;
+ AccessTokenIDEx res;
+ data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
+
+ if (!data.WriteParcelable(&hapInfo)) {
+ res.tokenIDEx = 0;
+ return res;
+ }
+ if (!data.WriteParcelable(&policyParcel)) {
+ res.tokenIDEx = 0;
+ return res;
+ }
+
+ MessageParcel reply;
+ MessageOption option;
+ sptr remote = Remote();
+ if (remote == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "remote service null.");
+ res.tokenIDEx = 0;
+ return res;
+ }
+ int32_t requestResult = remote->SendRequest(
+ static_cast(IAccessTokenManager::InterfaceCode::ALLOC_TOKEN_HAP), data, reply, option);
+ if (requestResult != NO_ERROR) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "request fail, result: %{public}d", requestResult);
+ res.tokenIDEx = 0;
+ return res;
+ }
+
+ unsigned long long result = reply.ReadUint64();
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "result from server data = %{public}llu", result);
+ res.tokenIDEx = result;
+ return res;
+}
+
+int AccessTokenManagerProxy::DeleteToken(AccessTokenID tokenID)
+{
+ MessageParcel data;
+ data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
+
+ if (!data.WriteUint32(tokenID)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID");
+ return RET_FAILED;
+ }
+
+ MessageParcel reply;
+ MessageOption option;
+ sptr remote = Remote();
+ if (remote == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "remote service null.");
+ return RET_FAILED;
+ }
+ int32_t requestResult = remote->SendRequest(
+ static_cast(IAccessTokenManager::InterfaceCode::TOKEN_DELETE), data, reply, option);
+ if (requestResult != NO_ERROR) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "request fail, result: %{public}d", requestResult);
+ return RET_FAILED;
+ }
+
+ int result = reply.ReadInt32();
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "result from server data = %{public}d", result);
+ return result;
+}
+
+int AccessTokenManagerProxy::GetTokenType(AccessTokenID tokenID)
+{
+ MessageParcel data;
+ data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
+
+ if (!data.WriteUint32(tokenID)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID");
+ return RET_FAILED;
+ }
+
+ MessageParcel reply;
+ MessageOption option;
+ sptr remote = Remote();
+ if (remote == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "remote service null.");
+ return RET_FAILED;
+ }
+ int32_t requestResult = remote->SendRequest(
+ static_cast(IAccessTokenManager::InterfaceCode::GET_TOKEN_TYPE), data, reply, option);
+ if (requestResult != NO_ERROR) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "request fail, result: %{public}d", requestResult);
+ return RET_FAILED;
+ }
+
+ int result = reply.ReadInt32();
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "result from server data = %{public}d", result);
+ return result;
+}
+
+int AccessTokenManagerProxy::CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap)
+{
+ MessageParcel data;
+ data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
+
+ if (!data.WriteUint32(tokenID)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID");
+ return RET_FAILED;
+ }
+ if (!data.WriteString(dcap)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write dcap");
+ return RET_FAILED;
+ }
+ MessageParcel reply;
+ MessageOption option;
+ sptr remote = Remote();
+ if (remote == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "remote service null.");
+ return RET_FAILED;
+ }
+ int32_t requestResult = remote->SendRequest(
+ static_cast(IAccessTokenManager::InterfaceCode::CHECK_NATIVE_DCAP), data, reply, option);
+ if (requestResult != NO_ERROR) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "request fail, result: %{public}d", requestResult);
+ return RET_FAILED;
+ }
+
+ int result = reply.ReadInt32();
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "result from server data = %{public}d", result);
+ return result;
+}
+
+AccessTokenID AccessTokenManagerProxy::GetHapTokenID(int userID, const std::string& bundleName, int instIndex)
+{
+ MessageParcel data;
+ data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
+
+ if (!data.WriteInt32(userID)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID");
+ return 0;
+ }
+ if (!data.WriteString(bundleName)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write dcap");
+ return 0;
+ }
+ if (!data.WriteInt32(instIndex)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write dcap");
+ return 0;
+ }
+ MessageParcel reply;
+ MessageOption option;
+ sptr remote = Remote();
+ if (remote == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "remote service null.");
+ return 0;
+ }
+ int32_t requestResult = remote->SendRequest(
+ static_cast(IAccessTokenManager::InterfaceCode::GET_HAP_TOKEN_ID), data, reply, option);
+ if (requestResult != NO_ERROR) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "request fail, result: %{public}d", requestResult);
+ return 0;
+ }
+
+ int result = reply.ReadInt32();
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "result from server data = %{public}d", result);
+ return result;
+}
+
+AccessTokenID AccessTokenManagerProxy::AllocLocalTokenID(
+ const std::string& remoteDeviceID, AccessTokenID remoteTokenID)
+{
+ MessageParcel data;
+ data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
+
+ if (!data.WriteString(remoteDeviceID)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write dcap");
+ return 0;
+ }
+ if (!data.WriteUint32(remoteTokenID)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write dcap");
+ return 0;
+ }
+ MessageParcel reply;
+ MessageOption option;
+ sptr remote = Remote();
+ if (remote == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "remote service null.");
+ return 0;
+ }
+ int32_t requestResult = remote->SendRequest(
+ static_cast(IAccessTokenManager::InterfaceCode::ALLOC_LOCAL_TOKEN_ID), data, reply, option);
+ if (requestResult != NO_ERROR) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "request fail, result: %{public}d", requestResult);
+ return 0;
+ }
+
+ AccessTokenID result = reply.ReadUint32();
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "get result from server data = %{public}d", result);
+ return result;
+}
+
+int AccessTokenManagerProxy::GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoParcel& nativeTokenInfoRes)
+{
+ MessageParcel data;
+ data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
+ if (!data.WriteUint32(tokenID)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write permissionName");
+ return RET_FAILED;
+ }
+
+ MessageParcel reply;
+ MessageOption option;
+ sptr remote = Remote();
+ if (remote == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "remote service null.");
+ return RET_FAILED;
+ }
+ int32_t requestResult = remote->SendRequest(
+ static_cast(IAccessTokenManager::InterfaceCode::GET_NATIVE_TOKENINFO), data, reply, option);
+ if (requestResult != NO_ERROR) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "send request fail, result: %{public}d", requestResult);
+ return RET_FAILED;
+ }
+
+ sptr resultSptr = reply.ReadParcelable();
+ if (resultSptr == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable fail");
+ return RET_FAILED;
+ }
+ nativeTokenInfoRes = *resultSptr;
+ int32_t result = reply.ReadInt32();
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "get result from server data = %{public}d", result);
+ return result;
+}
+
+int AccessTokenManagerProxy::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfoParcel& hapTokenInfoRes)
+{
+ MessageParcel data;
+ data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
+ if (!data.WriteUint32(tokenID)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write permissionName");
+ return RET_FAILED;
+ }
+
+ MessageParcel reply;
+ MessageOption option;
+ sptr remote = Remote();
+ if (remote == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "remote service null.");
+ return RET_FAILED;
+ }
+ int32_t requestResult = remote->SendRequest(
+ static_cast(IAccessTokenManager::InterfaceCode::GET_HAP_TOKENINFO), data, reply, option);
+ if (requestResult != NO_ERROR) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "send request fail, result: %{public}d", requestResult);
+ return RET_FAILED;
+ }
+
+ sptr resultSptr = reply.ReadParcelable();
+ if (resultSptr == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable fail");
+ return RET_FAILED;
+ }
+ hapTokenInfoRes = *resultSptr;
+ int32_t result = reply.ReadInt32();
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "get result from server data = %{public}d", result);
+ return result;
+}
+
+int AccessTokenManagerProxy::UpdateHapToken(AccessTokenID tokenID,
+ const std::string& appIDDesc, const HapPolicyParcel& policyParcel)
+{
+ MessageParcel data;
+ data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
+ if (!data.WriteUint32(tokenID)) {
+ return RET_FAILED;
+ }
+ if (!data.WriteString(appIDDesc)) {
+ return RET_FAILED;
+ }
+ if (!data.WriteParcelable(&policyParcel)) {
+ return RET_FAILED;
+ }
+
+ MessageParcel reply;
+ MessageOption option;
+ sptr remote = Remote();
+ if (remote == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "remote service null.");
+ return RET_FAILED;
+ }
+ int32_t requestResult = remote->SendRequest(
+ static_cast(IAccessTokenManager::InterfaceCode::UPDATE_HAP_TOKEN), data, reply, option);
+ if (requestResult != NO_ERROR) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "send request fail, result: %{public}d", requestResult);
+ return RET_FAILED;
+ }
+
+ int32_t result = reply.ReadInt32();
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "get result from server data = %{public}d", result);
+ return result;
+}
+
+int AccessTokenManagerProxy::GetHapTokenInfoFromRemote(AccessTokenID tokenID,
+ HapTokenInfoForSyncParcel& hapSyncParcel)
+{
+ MessageParcel data;
+ data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
+ if (!data.WriteUint32(tokenID)) {
+ return RET_FAILED;
+ }
+
+ MessageParcel reply;
+ MessageOption option;
+ sptr remote = Remote();
+ if (remote == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "remote service null.");
+ return RET_FAILED;
+ }
+ int32_t requestResult = remote->SendRequest(
+ static_cast(IAccessTokenManager::InterfaceCode::GET_HAP_TOKEN_FROM_REMOTE), data, reply, option);
+ if (requestResult != NO_ERROR) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "send request fail, result: %{public}d", requestResult);
+ return RET_FAILED;
+ }
+
+ sptr hapResult = reply.ReadParcelable();
+ if (hapResult == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable fail");
+ return RET_FAILED;
+ }
+ hapSyncParcel = *hapResult;
+
+ int32_t result = reply.ReadInt32();
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "get result from server data = %{public}d", result);
+ return result;
+}
+
+int AccessTokenManagerProxy::GetAllNativeTokenInfo(std::vector& nativeTokenInfoRes)
+{
+ MessageParcel data;
+ data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
+
+ MessageParcel reply;
+ MessageOption option;
+ sptr remote = Remote();
+ if (remote == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "remote service null.");
+ return RET_FAILED;
+ }
+ int32_t requestResult = remote->SendRequest(
+ static_cast(IAccessTokenManager::InterfaceCode::GET_ALL_NATIVE_TOKEN_FROM_REMOTE),
+ data, reply, option);
+ if (requestResult != NO_ERROR) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "send request fail, result: %{public}d", requestResult);
+ return RET_FAILED;
+ }
+
+ int32_t size = reply.ReadInt32();
+ for (int i = 0; i < size; i++) {
+ sptr nativeResult = reply.ReadParcelable();
+ if (nativeResult != nullptr) {
+ nativeTokenInfoRes.emplace_back(*nativeResult);
+ }
+ }
+
+ int32_t result = reply.ReadInt32();
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "get result from server data = %{public}d", result);
+ return result;
+}
+
+int AccessTokenManagerProxy::SetRemoteHapTokenInfo(const std::string& deviceID,
+ HapTokenInfoForSyncParcel& hapSyncParcel)
+{
+ MessageParcel data;
+ data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
+ if (!data.WriteString(deviceID)) {
+ return RET_FAILED;
+ }
+ if (!data.WriteParcelable(&hapSyncParcel)) {
+ return RET_FAILED;
+ }
+
+ MessageParcel reply;
+ MessageOption option;
+ sptr remote = Remote();
+ if (remote == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "remote service null.");
+ return RET_FAILED;
+ }
+ int32_t requestResult = remote->SendRequest(
+ static_cast(IAccessTokenManager::InterfaceCode::SET_REMOTE_HAP_TOKEN_INFO), data, reply, option);
+ if (requestResult != NO_ERROR) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "send request fail, result: %{public}d", requestResult);
+ return RET_FAILED;
+ }
+
+ int32_t result = reply.ReadInt32();
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "get result from server data = %{public}d", result);
+ return result;
+}
+
+int AccessTokenManagerProxy::SetRemoteNativeTokenInfo(const std::string& deviceID,
+ std::vector& nativeTokenInfoParcel)
+{
+ MessageParcel data;
+ data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
+ if (!data.WriteString(deviceID)) {
+ return RET_FAILED;
+ }
+ if (!data.WriteUint32(nativeTokenInfoParcel.size())) {
+ return RET_FAILED;
+ }
+ for (NativeTokenInfoParcel& parcel : nativeTokenInfoParcel) {
+ if (!data.WriteParcelable(&parcel)) {
+ return RET_FAILED;
+ }
+ }
+
+ MessageParcel reply;
+ MessageOption option;
+ sptr remote = Remote();
+ if (remote == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "remote service null.");
+ return RET_FAILED;
+ }
+ int32_t requestResult = remote->SendRequest(
+ static_cast(IAccessTokenManager::InterfaceCode::SET_REMOTE_NATIVE_TOKEN_INFO), data, reply, option);
+ if (requestResult != NO_ERROR) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "send request fail, result: %{public}d", requestResult);
+ return RET_FAILED;
+ }
+
+ int32_t result = reply.ReadInt32();
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "get result from server data = %{public}d", result);
+ return result;
+}
+
+int AccessTokenManagerProxy::DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID)
+{
+ MessageParcel data;
+ data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
+ if (!data.WriteString(deviceID)) {
+ return RET_FAILED;
+ }
+
+ if (!data.WriteUint32(tokenID)) {
+ return RET_FAILED;
+ }
+
+ MessageParcel reply;
+ MessageOption option;
+ sptr remote = Remote();
+ if (remote == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "remote service null.");
+ return RET_FAILED;
+ }
+ int32_t requestResult = remote->SendRequest(
+ static_cast(IAccessTokenManager::InterfaceCode::DELETE_REMOTE_TOKEN_INFO), data, reply, option);
+ if (requestResult != NO_ERROR) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "send request fail, result: %{public}d", requestResult);
+ return RET_FAILED;
+ }
+
+ int32_t result = reply.ReadInt32();
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "get result from server data = %{public}d", result);
+ return result;
+}
+
+int AccessTokenManagerProxy::DeleteRemoteDeviceTokens(const std::string& deviceID)
+{
+ MessageParcel data;
+ data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
+ if (!data.WriteString(deviceID)) {
+ return RET_FAILED;
+ }
+
+ MessageParcel reply;
+ MessageOption option;
+ sptr remote = Remote();
+ if (remote == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "remote service null.");
+ return RET_FAILED;
+ }
+ int32_t requestResult = remote->SendRequest(
+ static_cast(IAccessTokenManager::InterfaceCode::DELETE_REMOTE_DEVICE_TOKEN), data, reply, option);
+ if (requestResult != NO_ERROR) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "send request fail, result: %{public}d", requestResult);
+ return RET_FAILED;
+ }
+
+ int32_t result = reply.ReadInt32();
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "get result from server data = %{public}d", result);
+ return result;
+}
+
+int AccessTokenManagerProxy::DumpToken(std::string& dumpInfo)
+{
+ MessageParcel data;
+ data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
+
+ MessageParcel reply;
+ MessageOption option;
+ sptr remote = Remote();
+ if (remote == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "remote service null.");
+ return RET_FAILED;
+ }
+ int32_t requestResult = remote->SendRequest(
+ static_cast(IAccessTokenManager::InterfaceCode::DUMP), data, reply, option);
+ if (requestResult != NO_ERROR) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "send request fail, result: %{public}d", requestResult);
+ return RET_FAILED;
+ }
+
+ dumpInfo = reply.ReadString();
+ AccessTokenID result = reply.ReadInt32();
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "get result from server data = %{public}d", result);
+ return result;
+}
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h
new file mode 100644
index 0000000000000000000000000000000000000000..55655a6f4e76c3e9169689c4d477524bb1512c7d
--- /dev/null
+++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h
@@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef ACCESSTOKEN_MANAGER_PROXY_H
+#define ACCESSTOKEN_MANAGER_PROXY_H
+
+#include
+#include
+
+#include "access_token.h"
+#include "hap_info_parcel.h"
+#include "hap_policy_parcel.h"
+#include "hap_token_info_parcel.h"
+#include "hap_token_info_for_sync_parcel.h"
+#include "i_accesstoken_manager.h"
+#include "iremote_proxy.h"
+#include "native_token_info_parcel.h"
+#include "permission_def_parcel.h"
+#include "permission_state_full_parcel.h"
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+class AccessTokenManagerProxy : public IRemoteProxy {
+public:
+ explicit AccessTokenManagerProxy(const sptr& impl);
+ virtual ~AccessTokenManagerProxy() override;
+
+ int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) override;
+ int GetDefPermission(const std::string& permissionName, PermissionDefParcel& permissionDefResult) override;
+ int GetDefPermissions(AccessTokenID tokenID, std::vector& permList) override;
+ int GetReqPermissions(
+ AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) override;
+ int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName) override;
+ int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag) override;
+ int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag) override;
+ int ClearUserGrantedPermissionState(AccessTokenID tokenID) override;
+ int GetTokenType(AccessTokenID tokenID) override;
+ int CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap) override;
+ AccessTokenID GetHapTokenID(int userID, const std::string& bundleName, int instIndex) override;
+ AccessTokenID AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID) override;
+ AccessTokenIDEx AllocHapToken(const HapInfoParcel& hapInfo, const HapPolicyParcel& policyParcel) override;
+ int DeleteToken(AccessTokenID tokenID) override;
+ int UpdateHapToken(AccessTokenID tokenID, const std::string& appIDDesc,
+ const HapPolicyParcel& policyPar) override;
+ int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfoParcel& hapTokenInfoRes) override;
+ int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoParcel& nativeTokenInfoRes) override;
+
+ int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSyncParcel& hapSyncParcel) override;
+ int GetAllNativeTokenInfo(std::vector& nativeTokenInfoRes) override;
+ int SetRemoteHapTokenInfo(const std::string& deviceID, HapTokenInfoForSyncParcel& hapSyncParcel) override;
+ int SetRemoteNativeTokenInfo(const std::string& deviceID,
+ std::vector& nativeTokenInfoParcel) override;
+ int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) override;
+ int DeleteRemoteDeviceTokens(const std::string& deviceID) override;
+
+ int DumpToken(std::string& dumpInfo) override;
+private:
+ static inline BrokerDelegator delegator_;
+};
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
+#endif // ACCESSTOKEN_MANAGER_PROXY_H
diff --git a/interfaces/innerkits/accesstoken/test/BUILD.gn b/interfaces/innerkits/accesstoken/test/BUILD.gn
old mode 100755
new mode 100644
index a61294493aa5b096203ec73b1f644abca06eb99a..e981ea0ecf5a727ad60cb44cee149ab70e44a03d
--- a/interfaces/innerkits/accesstoken/test/BUILD.gn
+++ b/interfaces/innerkits/accesstoken/test/BUILD.gn
@@ -20,17 +20,23 @@ ohos_unittest("libaccesstoken_sdk_test") {
include_dirs = [
"//utils/native/base/include",
- "//base/security/access_token/interfaces/innerkits/accesstoken/main/cpp/include/",
+ "//third_party/googletest/include",
+ "//base/security/access_token/interfaces/innerkits/accesstoken/include",
+ "//base/security/access_token/interfaces/innerkits/nativetoken/include",
+ "//base/security/access_token/frameworks/common/include",
]
- sources = [ "unittest/cpp/src/accesstoken_kit_test.cpp" ]
+ sources = [ "unittest/src/accesstoken_kit_test.cpp" ]
cflags_cc = [ "-DHILOG_ENABLE" ]
deps = [
"//base/security/access_token/interfaces/innerkits/accesstoken:libaccesstoken_sdk",
+ "//base/security/access_token/interfaces/innerkits/nativetoken:libnativetoken",
"//utils/native/base:utils",
]
+
+ external_deps = [ "hiviewdfx_hilog_native:libhilog" ]
}
group("unittest") {
diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..c80c6301d2294f90e1e1fd1ee80aacdd2b327db0
--- /dev/null
+++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp
@@ -0,0 +1,2999 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "accesstoken_kit_test.h"
+#include
+
+#include "accesstoken_kit.h"
+#include "nativetoken_kit.h"
+#include "accesstoken_log.h"
+
+using namespace testing::ext;
+using namespace OHOS::Security::AccessToken;
+
+namespace {
+static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AccessTokenKitTest"};
+
+static PermissionStateFull g_grantPermissionReq = {
+ .permissionName = "ohos.permission.GRANT_SENSITIVE_PERMISSIONS",
+ .isGeneral = true,
+ .resDeviceID = {"device"},
+ .grantStatus = {PermissionState::PERMISSION_GRANTED},
+ .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED}
+};
+static PermissionStateFull g_revokePermissionReq = {
+ .permissionName = "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS",
+ .isGeneral = true,
+ .resDeviceID = {"device"},
+ .grantStatus = {PermissionState::PERMISSION_GRANTED},
+ .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED}
+};
+
+static PermissionDef g_infoManagerTestPermDef1 = {
+ .permissionName = "ohos.permission.test1",
+ .bundleName = "accesstoken_test",
+ .grantMode = 1,
+ .label = "label",
+ .labelId = 1,
+ .description = "open the door",
+ .descriptionId = 1,
+ .availableLevel = APL_NORMAL
+};
+
+static PermissionDef g_infoManagerTestPermDef2 = {
+ .permissionName = "ohos.permission.test2",
+ .bundleName = "accesstoken_test",
+ .grantMode = 1,
+ .label = "label",
+ .labelId = 1,
+ .description = "break the door",
+ .descriptionId = 1,
+ .availableLevel = APL_NORMAL
+};
+
+static PermissionStateFull g_infoManagerTestState1 = {
+ .grantFlags = {1},
+ .grantStatus = {PermissionState::PERMISSION_GRANTED},
+ .isGeneral = true,
+ .permissionName = "ohos.permission.test1",
+ .resDeviceID = {"local"}
+};
+
+static PermissionStateFull g_infoManagerTestState2 = {
+ .permissionName = "ohos.permission.test2",
+ .isGeneral = false,
+ .grantFlags = {1, 2},
+ .grantStatus = {PermissionState::PERMISSION_GRANTED, PermissionState::PERMISSION_GRANTED},
+ .resDeviceID = {"device 1", "device 2"}
+};
+
+static HapInfoParams g_infoManagerTestInfoParms = {
+ .bundleName = "accesstoken_test",
+ .userID = 1,
+ .instIndex = 0,
+ .appIDDesc = "testtesttesttest"
+};
+
+static HapPolicyParams g_infoManagerTestPolicyPrams = {
+ .apl = APL_NORMAL,
+ .domain = "test.domain",
+ .permList = {g_infoManagerTestPermDef1, g_infoManagerTestPermDef2},
+ .permStateList = {g_infoManagerTestState1, g_infoManagerTestState2}
+};
+
+static HapInfoParams g_infoManagerTestInfoParmsBak = {
+ .bundleName = "accesstoken_test",
+ .userID = 1,
+ .instIndex = 0,
+ .appIDDesc = "testtesttesttest"
+};
+
+static HapPolicyParams g_infoManagerTestPolicyPramsBak = {
+ .apl = APL_NORMAL,
+ .domain = "test.domain",
+ .permList = {g_infoManagerTestPermDef1, g_infoManagerTestPermDef2},
+ .permStateList = {g_infoManagerTestState1, g_infoManagerTestState2}
+};
+}
+
+void AccessTokenKitTest::SetUpTestCase()
+{
+ // make test case clean
+ AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID,
+ g_infoManagerTestInfoParms.bundleName,
+ g_infoManagerTestInfoParms.instIndex);
+ AccessTokenKit::DeleteToken(tokenID);
+
+ tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+ AccessTokenKit::DeleteToken(tokenID);
+}
+
+void AccessTokenKitTest::TearDownTestCase()
+{
+}
+
+void AccessTokenKitTest::SetUp()
+{
+ g_infoManagerTestInfoParms = g_infoManagerTestInfoParmsBak;
+ g_infoManagerTestPolicyPrams = g_infoManagerTestPolicyPramsBak;
+ HapInfoParams info = {
+ .userID = TEST_USER_ID,
+ .bundleName = TEST_BUNDLE_NAME,
+ .instIndex = 0,
+ .appIDDesc = "appIDDesc",
+ };
+
+ HapPolicyParams policy = {
+ .apl = APL_NORMAL,
+ .domain = "domain"
+ };
+
+ PermissionDef permissionDefAlpha = {
+ .permissionName = TEST_PERMISSION_NAME_ALPHA,
+ .bundleName = TEST_BUNDLE_NAME,
+ .grantMode = GrantMode::USER_GRANT,
+ .availableLevel = APL_NORMAL,
+ .provisionEnable = false,
+ .distributedSceneEnable = false
+ };
+
+ PermissionDef permissionDefBeta = {
+ .permissionName = TEST_PERMISSION_NAME_BETA,
+ .bundleName = TEST_BUNDLE_NAME,
+ .grantMode = GrantMode::SYSTEM_GRANT,
+ .availableLevel = APL_NORMAL,
+ .provisionEnable = false,
+ .distributedSceneEnable = false
+ };
+ policy.permList.emplace_back(permissionDefAlpha);
+ policy.permList.emplace_back(permissionDefBeta);
+
+ PermissionStateFull permStatAlpha = {
+ .permissionName = TEST_PERMISSION_NAME_ALPHA,
+ .isGeneral = true,
+ .resDeviceID = {"device"},
+ .grantStatus = {PermissionState::PERMISSION_DENIED},
+ .grantFlags = {PermissionFlag::PERMISSION_USER_SET}
+ };
+ PermissionStateFull permStatBeta = {
+ .permissionName = TEST_PERMISSION_NAME_BETA,
+ .isGeneral = true,
+ .resDeviceID = {"device"},
+ .grantStatus = {PermissionState::PERMISSION_GRANTED},
+ .grantFlags = {PermissionFlag::PERMISSION_USER_SET}
+ };
+ policy.permStateList.emplace_back(permStatAlpha);
+ policy.permStateList.emplace_back(permStatBeta);
+ policy.permStateList.emplace_back(g_grantPermissionReq);
+ policy.permStateList.emplace_back(g_revokePermissionReq);
+
+ AccessTokenKit::AllocHapToken(info, policy);
+ AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID,
+ g_infoManagerTestInfoParms.bundleName,
+ g_infoManagerTestInfoParms.instIndex);
+ AccessTokenKit::DeleteToken(tokenID);
+ (void)remove("/data/token.json");
+}
+
+void AccessTokenKitTest::TearDown()
+{
+ AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+ AccessTokenKit::DeleteToken(tokenID);
+}
+
+unsigned int AccessTokenKitTest::GetAccessTokenID(int userID, std::string bundleName, int instIndex)
+{
+ return AccessTokenKit::GetHapTokenID(userID, bundleName, instIndex);
+}
+
+void AccessTokenKitTest::DeleteTestToken() const
+{
+ AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID,
+ g_infoManagerTestInfoParms.bundleName,
+ g_infoManagerTestInfoParms.instIndex);
+ int ret = AccessTokenKit::DeleteToken(tokenID);
+ if (tokenID != 0) {
+ ASSERT_EQ(RET_SUCCESS, ret);
+ }
+}
+
+void AccessTokenKitTest::AllocTestToken() const
+{
+ AccessTokenIDEx tokenIdEx = {0};
+ tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams);
+ ASSERT_NE(0, tokenIdEx.tokenIdExStruct.tokenID);
+}
+
+/**
+ * @tc.name: GetDefPermission001
+ * @tc.desc: Get permission definition info after AllocHapToken function has been invoked.
+ * @tc.type: FUNC
+ * @tc.require:AR000GM5FC AR000GK6TG
+ */
+HWTEST_F(AccessTokenKitTest, GetDefPermission001, TestSize.Level1)
+{
+ PermissionDef permDefResultAlpha;
+ int ret = AccessTokenKit::GetDefPermission(TEST_PERMISSION_NAME_ALPHA, permDefResultAlpha);
+ ASSERT_EQ(RET_SUCCESS, ret);
+ ASSERT_EQ(TEST_PERMISSION_NAME_ALPHA, permDefResultAlpha.permissionName);
+
+ PermissionDef permDefResultBeta;
+ ret = AccessTokenKit::GetDefPermission(TEST_PERMISSION_NAME_BETA, permDefResultBeta);
+ ASSERT_EQ(RET_SUCCESS, ret);
+ ASSERT_EQ(TEST_PERMISSION_NAME_BETA, permDefResultBeta.permissionName);
+}
+
+/**
+ * @tc.name: GetDefPermission002
+ * @tc.desc: Get permission definition info that permission is invalid.
+ * @tc.type: FUNC
+ * @tc.require:AR000GM5FC
+ */
+HWTEST_F(AccessTokenKitTest, GetDefPermission002, TestSize.Level1)
+{
+ PermissionDef permDefResult;
+ int ret = AccessTokenKit::GetDefPermission(TEST_PERMISSION_NAME_GAMMA, permDefResult);
+ ASSERT_EQ(RET_FAILED, ret);
+
+ ret = AccessTokenKit::GetDefPermission("", permDefResult);
+ ASSERT_EQ(RET_FAILED, ret);
+
+ std::string invalidPerm(INVALID_PERMNAME_LEN, 'a');
+ ret = AccessTokenKit::GetDefPermission(invalidPerm, permDefResult);
+ ASSERT_EQ(RET_FAILED, ret);
+}
+
+/**
+ * @tc.name: GetDefPermission003
+ * @tc.desc: GetDefPermission is invoked multiple times.
+ * @tc.type: FUNC
+ * @tc.require:AR000GM5FC
+ */
+HWTEST_F(AccessTokenKitTest, GetDefPermission003, TestSize.Level0)
+{
+ int ret = RET_FAILED;
+ for (int i = 0; i < CYCLE_TIMES; i++) {
+ PermissionDef permDefResultAlpha;
+ ret = AccessTokenKit::GetDefPermission(TEST_PERMISSION_NAME_ALPHA, permDefResultAlpha);
+ ASSERT_EQ(RET_SUCCESS, ret);
+ ASSERT_EQ(TEST_PERMISSION_NAME_ALPHA, permDefResultAlpha.permissionName);
+ }
+}
+
+/**
+ * @tc.name: GetDefPermissions001
+ * @tc.desc: Get permission definition info list after AllocHapToken function has been invoked.
+ * @tc.type: FUNC
+ * @tc.require:AR000GM5FC AR000GK6TG
+ */
+HWTEST_F(AccessTokenKitTest, GetDefPermissions001, TestSize.Level1)
+{
+ AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+ ASSERT_NE(0, tokenID);
+ std::vector permDefList;
+ int ret = AccessTokenKit::GetDefPermissions(tokenID, permDefList);
+ ASSERT_EQ(RET_SUCCESS, ret);
+ ASSERT_EQ(2, permDefList.size());
+}
+
+/**
+ * @tc.name: GetDefPermissions002
+ * @tc.desc: Get permission definition info list after clear permission definition list
+ * @tc.type: FUNC
+ * @tc.require:AR000GM5FC
+ */
+HWTEST_F(AccessTokenKitTest, GetDefPermissions002, TestSize.Level1)
+{
+ HapPolicyParams testPolicyPrams = g_infoManagerTestPolicyPrams;
+ testPolicyPrams.permList.clear();
+ AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, testPolicyPrams);
+
+ AccessTokenID tokenID = GetAccessTokenID(g_infoManagerTestInfoParms.userID,
+ g_infoManagerTestInfoParms.bundleName,
+ g_infoManagerTestInfoParms.instIndex);
+ ASSERT_NE(0, tokenID);
+
+ std::vector permDefList;
+ int ret = AccessTokenKit::GetDefPermissions(tokenID, permDefList);
+ ASSERT_EQ(RET_SUCCESS, ret);
+ ASSERT_EQ(0, permDefList.size());
+
+ AccessTokenKit::DeleteToken(tokenID);
+}
+
+/**
+ * @tc.name: GetDefPermissions003
+ * @tc.desc: Get permission definition info list that tokenID is invalid.
+ * @tc.type: FUNC
+ * @tc.require:AR000GM5FC
+ */
+HWTEST_F(AccessTokenKitTest, GetDefPermissions003, TestSize.Level1)
+{
+ AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+ ASSERT_NE(0, tokenID);
+ AccessTokenKit::DeleteToken(tokenID);
+
+ std::vector permDefList;
+ int ret = AccessTokenKit::GetDefPermissions(TEST_TOKENID_INVALID, permDefList);
+ ASSERT_EQ(RET_FAILED, ret);
+
+ std::vector permDefListRes;
+ ret = AccessTokenKit::GetDefPermissions(tokenID, permDefListRes);
+ ASSERT_EQ(RET_FAILED, ret);
+ ASSERT_EQ(0, permDefListRes.size());
+}
+
+/**
+ * @tc.name: GetDefPermissions004
+ * @tc.desc: GetDefPermissions is invoked multiple times.
+ * @tc.type: FUNC
+ * @tc.require:AR000GM5FC
+ */
+HWTEST_F(AccessTokenKitTest, GetDefPermissions004, TestSize.Level0)
+{
+ AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+ ASSERT_NE(0, tokenID);
+ int ret = RET_FAILED;
+ for (int i = 0; i < CYCLE_TIMES; i++) {
+ std::vector permDefList;
+ ret = ret = AccessTokenKit::GetDefPermissions(tokenID, permDefList);
+ ASSERT_EQ(RET_SUCCESS, ret);
+ ASSERT_EQ(2, permDefList.size());
+ }
+}
+
+/**
+ * @tc.name: GetReqPermissions001
+ * @tc.desc: Get user granted permission state info.
+ * @tc.type: FUNC
+ * @tc.require:AR000GM5FC AR000GK6TG
+ */
+HWTEST_F(AccessTokenKitTest, GetReqPermissions001, TestSize.Level1)
+{
+ AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+ ASSERT_NE(0, tokenID);
+ std::vector permStatList;
+ int ret = AccessTokenKit::GetReqPermissions(tokenID, permStatList, false);
+ ASSERT_EQ(RET_SUCCESS, ret);
+ ASSERT_EQ(1, permStatList.size());
+ ASSERT_EQ(TEST_PERMISSION_NAME_ALPHA, permStatList[0].permissionName);
+
+ ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA);
+ ASSERT_EQ(ret, permStatList[0].grantStatus[0]);
+}
+
+/**
+ * @tc.name: GetReqPermissions002
+ * @tc.desc: Get system granted permission state info.
+ * @tc.type: FUNC
+ * @tc.require:AR000GM5FC
+ */
+HWTEST_F(AccessTokenKitTest, GetReqPermissions002, TestSize.Level1)
+{
+ AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+ ASSERT_NE(0, tokenID);
+ std::vector permStatList;
+ int ret = AccessTokenKit::GetReqPermissions(tokenID, permStatList, true);
+ ASSERT_EQ(RET_SUCCESS, ret);
+ ASSERT_EQ(3, permStatList.size());
+ ASSERT_EQ(TEST_PERMISSION_NAME_BETA, permStatList[0].permissionName);
+
+ ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_BETA);
+ ASSERT_EQ(ret, permStatList[0].grantStatus[0]);
+}
+
+/**
+ * @tc.name: GetReqPermissions003
+ * @tc.desc: Get user granted permission state info after clear request permission list.
+ * @tc.type: FUNC
+ * @tc.require:AR000GM5FC
+ */
+HWTEST_F(AccessTokenKitTest, GetReqPermissions003, TestSize.Level1)
+{
+ AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+ ASSERT_NE(0, tokenID);
+
+ HapTokenInfo hapInfo;
+ int ret = AccessTokenKit::GetHapTokenInfo(tokenID, hapInfo);
+ ASSERT_EQ(RET_SUCCESS, ret);
+
+ HapPolicyParams policy = {
+ .apl = hapInfo.apl,
+ .domain = "domain"
+ };
+ policy.permStateList.clear();
+
+ ret = AccessTokenKit::UpdateHapToken(tokenID, hapInfo.appID, policy);
+ ASSERT_EQ(RET_SUCCESS, ret);
+
+ std::vector permStatUserList;
+ ret = AccessTokenKit::GetReqPermissions(tokenID, permStatUserList, false);
+ ASSERT_EQ(RET_SUCCESS, ret);
+ ASSERT_EQ(0, permStatUserList.size());
+
+ std::vector permStatSystemList;
+ ret = AccessTokenKit::GetReqPermissions(tokenID, permStatSystemList, true);
+ ASSERT_EQ(RET_SUCCESS, ret);
+ ASSERT_EQ(0, permStatSystemList.size());
+}
+
+/**
+ * @tc.name: GetReqPermissions004
+ * @tc.desc: Get permission state info list that tokenID is invalid.
+ * @tc.type: FUNC
+ * @tc.require:AR000GM5FC
+ */
+HWTEST_F(AccessTokenKitTest, GetReqPermissions004, TestSize.Level1)
+{
+ AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+ ASSERT_NE(0, tokenID);
+
+ std::vector permStatList;
+ int ret = AccessTokenKit::GetReqPermissions(TEST_TOKENID_INVALID, permStatList, false);
+ ASSERT_EQ(RET_FAILED, ret);
+
+ AccessTokenKit::DeleteToken(tokenID);
+
+ ret = AccessTokenKit::GetReqPermissions(tokenID, permStatList, false);
+ ASSERT_EQ(RET_FAILED, ret);
+ ASSERT_EQ(0, permStatList.size());
+}
+
+/**
+ * @tc.name: GetReqPermissions005
+ * @tc.desc: GetReqPermissions is invoked multiple times.
+ * @tc.type: FUNC
+ * @tc.require:AR000GM5FC
+ */
+HWTEST_F(AccessTokenKitTest, GetReqPermissions005, TestSize.Level0)
+{
+ AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+ ASSERT_NE(0, tokenID);
+ int ret = RET_FAILED;
+ for (int i = 0; i < CYCLE_TIMES; i++) {
+ std::vector permStatList;
+ ret = ret = AccessTokenKit::GetReqPermissions(tokenID, permStatList, false);
+ ASSERT_EQ(RET_SUCCESS, ret);
+ ASSERT_EQ(1, permStatList.size());
+ ASSERT_EQ(TEST_PERMISSION_NAME_ALPHA, permStatList[0].permissionName);
+ }
+}
+
+/**
+ * @tc.name: GetPermissionFlag001
+ * @tc.desc: Get permission flag after grant permission.
+ * @tc.type: FUNC
+ * @tc.require:AR000GM5FC AR000GK6TG
+ */
+HWTEST_F(AccessTokenKitTest, GetPermissionFlag001, TestSize.Level1)
+{
+ AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+ ASSERT_NE(0, tokenID);
+ int ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED);
+ ASSERT_EQ(RET_SUCCESS, ret);
+
+ ret = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_ALPHA);
+ ASSERT_EQ(PERMISSION_USER_FIXED, ret);
+}
+
+/**
+ * @tc.name: GetPermissionFlag002
+ * @tc.desc: Get permission flag that tokenID or permission is invalid.
+ * @tc.type: FUNC
+ * @tc.require:AR000GM5FC
+ */
+HWTEST_F(AccessTokenKitTest, GetPermissionFlag002, TestSize.Level1)
+{
+ AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+ ASSERT_NE(0, tokenID);
+
+ int ret = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_GAMMA);
+ ASSERT_EQ(DEFAULT_PERMISSION_FLAGS, ret);
+
+ ret = AccessTokenKit::GetPermissionFlag(tokenID, "");
+ ASSERT_EQ(DEFAULT_PERMISSION_FLAGS, ret);
+
+ std::string invalidPerm(INVALID_PERMNAME_LEN, 'a');
+ ret = AccessTokenKit::GetPermissionFlag(tokenID, invalidPerm);
+ ASSERT_EQ(DEFAULT_PERMISSION_FLAGS, ret);
+
+ ret = AccessTokenKit::GetPermissionFlag(TEST_TOKENID_INVALID, TEST_PERMISSION_NAME_ALPHA);
+ ASSERT_EQ(DEFAULT_PERMISSION_FLAGS, ret);
+
+ AccessTokenKit::DeleteToken(tokenID);
+
+ ret = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_ALPHA);
+ ASSERT_EQ(DEFAULT_PERMISSION_FLAGS, ret);
+}
+
+/**
+ * @tc.name: GetPermissionFlag003
+ * @tc.desc: GetPermissionFlag is invoked multiple times.
+ * @tc.type: FUNC
+ * @tc.require:AR000GM5FC
+ */
+HWTEST_F(AccessTokenKitTest, GetPermissionFlag003, TestSize.Level0)
+{
+ AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+ ASSERT_NE(0, tokenID);
+ int ret = RET_FAILED;
+ for (int i = 0; i < CYCLE_TIMES; i++) {
+ ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED);
+ ASSERT_EQ(RET_SUCCESS, ret);
+
+ ret = ret = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_ALPHA);
+ ASSERT_EQ(PERMISSION_USER_FIXED, ret);
+ }
+}
+
+/**
+ * @tc.name: VerifyAccessToken001
+ * @tc.desc: Verify user granted permission.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6T8 AR000GK6TG
+ */
+HWTEST_F(AccessTokenKitTest, VerifyAccessToken001, TestSize.Level0)
+{
+ AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+ ASSERT_NE(0, tokenID);
+ int ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED);
+ ASSERT_EQ(RET_SUCCESS, ret);
+
+ ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA);
+ ASSERT_EQ(PERMISSION_GRANTED, ret);
+
+ ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED);
+ ASSERT_EQ(RET_SUCCESS, ret);
+
+ ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA);
+ ASSERT_EQ(PERMISSION_DENIED, ret);
+}
+
+/**
+ * @tc.name: VerifyAccessToken002
+ * @tc.desc: Verify system granted permission.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6T8
+ */
+HWTEST_F(AccessTokenKitTest, VerifyAccessToken002, TestSize.Level0)
+{
+ AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+ ASSERT_NE(0, tokenID);
+ int ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_BETA, PERMISSION_USER_FIXED);
+ ASSERT_EQ(RET_SUCCESS, ret);
+
+ ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_BETA);
+ ASSERT_EQ(PERMISSION_GRANTED, ret);
+
+ ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_BETA, PERMISSION_USER_FIXED);
+ ASSERT_EQ(RET_SUCCESS, ret);
+
+ ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_BETA);
+ ASSERT_EQ(PERMISSION_DENIED, ret);
+}
+
+/**
+ * @tc.name: VerifyAccessToken003
+ * @tc.desc: Verify permission that tokenID or permission is invalid.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6T8
+ */
+HWTEST_F(AccessTokenKitTest, VerifyAccessToken003, TestSize.Level0)
+{
+ AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+ ASSERT_NE(0, tokenID);
+ int ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_GAMMA);
+ ASSERT_EQ(PERMISSION_DENIED, ret);
+
+ ret = AccessTokenKit::VerifyAccessToken(tokenID, "");
+ ASSERT_EQ(PERMISSION_DENIED, ret);
+
+ std::string invalidPerm(INVALID_PERMNAME_LEN, 'a');
+ ret = AccessTokenKit::VerifyAccessToken(tokenID, invalidPerm);
+ ASSERT_EQ(PERMISSION_DENIED, ret);
+
+ AccessTokenKit::VerifyAccessToken(TEST_TOKENID_INVALID, TEST_PERMISSION_NAME_BETA);
+ ASSERT_EQ(PERMISSION_DENIED, ret);
+
+ AccessTokenKit::DeleteToken(tokenID);
+
+ AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_BETA);
+ ASSERT_EQ(PERMISSION_DENIED, ret);
+}
+
+/**
+ * @tc.name: VerifyAccessToken004
+ * @tc.desc: Verify permission after update.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6T8
+ */
+HWTEST_F(AccessTokenKitTest, VerifyAccessToken004, TestSize.Level0)
+{
+ AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+ ASSERT_NE(0, tokenID);
+
+ int ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED);
+ ASSERT_EQ(RET_SUCCESS, ret);
+
+ HapTokenInfo hapInfo;
+ ret = AccessTokenKit::GetHapTokenInfo(tokenID, hapInfo);
+ ASSERT_EQ(RET_SUCCESS, ret);
+
+ std::vector permDefList;
+ ret = AccessTokenKit::GetDefPermissions(tokenID, permDefList);
+ ASSERT_EQ(RET_SUCCESS, ret);
+
+ std::vector permStatList;
+ ret = AccessTokenKit::GetReqPermissions(tokenID, permStatList, false);
+ ASSERT_EQ(RET_SUCCESS, ret);
+
+ HapPolicyParams policy = {
+ .apl = hapInfo.apl,
+ .domain = "domain",
+ .permList = permDefList,
+ .permStateList = permStatList
+ };
+
+ ret = AccessTokenKit::UpdateHapToken(tokenID, hapInfo.appID, policy);
+ ASSERT_EQ(RET_SUCCESS, ret);
+
+ ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA);
+ ASSERT_EQ(PERMISSION_GRANTED, ret);
+}
+
+/**
+ * @tc.name: GrantPermission001
+ * @tc.desc: Grant permission that has ohos.permission.GRANT_SENSITIVE_PERMISSIONS
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TF AR000GK6TG
+ */
+HWTEST_F(AccessTokenKitTest, GrantPermission001, TestSize.Level0)
+{
+ AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+ ASSERT_NE(0, tokenID);
+ int ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED);
+ ASSERT_EQ(RET_SUCCESS, ret);
+
+ ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA);
+ ASSERT_EQ(PERMISSION_GRANTED, ret);
+
+ ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_BETA, PERMISSION_USER_FIXED);
+ ASSERT_EQ(RET_SUCCESS, ret);
+
+ ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA);
+ ASSERT_EQ(PERMISSION_GRANTED, ret);
+}
+
+/**
+ * @tc.name: GrantPermission002
+ * @tc.desc: Grant permission that tokenID or permission is invalid.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TF
+ */
+HWTEST_F(AccessTokenKitTest, GrantPermission002, TestSize.Level0)
+{
+ AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+ ASSERT_NE(0, tokenID);
+
+ int ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_GAMMA, PERMISSION_USER_FIXED);
+ ASSERT_EQ(RET_SUCCESS, ret);
+
+ ret = AccessTokenKit::GrantPermission(tokenID, "", PERMISSION_USER_FIXED);
+ ASSERT_EQ(RET_FAILED, ret);
+
+ std::string invalidPerm(INVALID_PERMNAME_LEN, 'a');
+ ret = AccessTokenKit::GrantPermission(tokenID, invalidPerm, PERMISSION_USER_FIXED);
+ ASSERT_EQ(RET_FAILED, ret);
+
+ ret = AccessTokenKit::GrantPermission(TEST_TOKENID_INVALID, TEST_PERMISSION_NAME_BETA, PERMISSION_USER_FIXED);
+ ASSERT_EQ(RET_FAILED, ret);
+
+ AccessTokenKit::DeleteToken(tokenID);
+
+ ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_BETA, PERMISSION_USER_FIXED);
+ ASSERT_EQ(RET_SUCCESS, ret);
+}
+
+/**
+ * @tc.name: GrantPermission003
+ * @tc.desc: GrantPermission is invoked multiple times.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TF
+ */
+HWTEST_F(AccessTokenKitTest, GrantPermission003, TestSize.Level0)
+{
+ AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+ ASSERT_NE(0, tokenID);
+ int ret = RET_FAILED;
+ for (int i = 0; i < CYCLE_TIMES; i++) {
+ ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED);
+ ASSERT_EQ(RET_SUCCESS, ret);
+
+ ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA);
+ ASSERT_EQ(PERMISSION_GRANTED, ret);
+
+ ret = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_ALPHA);
+ ASSERT_EQ(PERMISSION_USER_FIXED, ret);
+ }
+}
+
+/**
+ * @tc.name: RevokePermission001
+ * @tc.desc: Revoke permission that has ohos.permission.GRANT_SENSITIVE_PERMISSIONS
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TF AR000GK6TG
+ */
+HWTEST_F(AccessTokenKitTest, RevokePermission001, TestSize.Level0)
+{
+ AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+ ASSERT_NE(0, tokenID);
+ int ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED);
+ ASSERT_EQ(RET_SUCCESS, ret);
+
+ ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA);
+ ASSERT_EQ(PERMISSION_DENIED, ret);
+
+ ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_BETA, PERMISSION_USER_FIXED);
+ ASSERT_EQ(RET_SUCCESS, ret);
+
+ ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA);
+ ASSERT_EQ(PERMISSION_DENIED, ret);
+}
+
+/**
+ * @tc.name: RevokePermission002
+ * @tc.desc: Revoke permission that tokenID or permission is invalid.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TF
+ */
+HWTEST_F(AccessTokenKitTest, RevokePermission002, TestSize.Level0)
+{
+ AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+ ASSERT_NE(0, tokenID);
+
+ int ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_GAMMA, PERMISSION_USER_FIXED);
+ ASSERT_EQ(RET_SUCCESS, ret);
+
+ ret = AccessTokenKit::RevokePermission(tokenID, "", PERMISSION_USER_FIXED);
+ ASSERT_EQ(RET_FAILED, ret);
+
+ std::string invalidPerm(INVALID_PERMNAME_LEN, 'a');
+ ret = AccessTokenKit::RevokePermission(tokenID, invalidPerm, PERMISSION_USER_FIXED);
+ ASSERT_EQ(RET_FAILED, ret);
+
+ ret = AccessTokenKit::RevokePermission(TEST_TOKENID_INVALID, TEST_PERMISSION_NAME_BETA, PERMISSION_USER_FIXED);
+ ASSERT_EQ(RET_FAILED, ret);
+
+ AccessTokenKit::DeleteToken(tokenID);
+
+ ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_BETA, PERMISSION_USER_FIXED);
+ ASSERT_EQ(RET_SUCCESS, ret);
+}
+
+/**
+ * @tc.name: RevokePermission003
+ * @tc.desc: RevokePermission is invoked multiple times.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TF
+ */
+HWTEST_F(AccessTokenKitTest, RevokePermission003, TestSize.Level0)
+{
+ AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+ ASSERT_NE(0, tokenID);
+ int ret = RET_FAILED;
+ for (int i = 0; i < CYCLE_TIMES; i++) {
+ ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED);
+ ASSERT_EQ(RET_SUCCESS, ret);
+
+ ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA);
+ ASSERT_EQ(PERMISSION_DENIED, ret);
+
+ ret = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_ALPHA);
+ ASSERT_EQ(PERMISSION_USER_FIXED, ret);
+ }
+}
+
+/**
+ * @tc.name: ClearUserGrantedPermissionState001
+ * @tc.desc: Clear user/system granted permission after ClearUserGrantedPermissionState has been invoked.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TF AR000GK6TG
+ */
+HWTEST_F(AccessTokenKitTest, ClearUserGrantedPermissionState001, TestSize.Level0)
+{
+ AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+ ASSERT_NE(0, tokenID);
+ int ret = AccessTokenKit::ClearUserGrantedPermissionState(tokenID);
+ ASSERT_EQ(RET_SUCCESS, ret);
+
+ ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA);
+ ASSERT_EQ(PERMISSION_DENIED, ret);
+
+ ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_BETA);
+ ASSERT_EQ(PERMISSION_GRANTED, ret);
+}
+
+/**
+ * @tc.name: ClearUserGrantedPermissionState002
+ * @tc.desc: Clear user/system granted permission that tokenID or permission is invalid.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TF
+ */
+HWTEST_F(AccessTokenKitTest, ClearUserGrantedPermissionState002, TestSize.Level0)
+{
+ AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+ ASSERT_NE(0, tokenID);
+
+ int ret = AccessTokenKit::ClearUserGrantedPermissionState(TEST_TOKENID_INVALID);
+ ASSERT_EQ(RET_FAILED, ret);
+
+ AccessTokenKit::DeleteToken(tokenID);
+
+ ret = AccessTokenKit::ClearUserGrantedPermissionState(tokenID);
+ ASSERT_EQ(RET_SUCCESS, ret);
+}
+
+/**
+ * @tc.name: ClearUserGrantedPermissionState003
+ * @tc.desc: ClearUserGrantedPermissionState is invoked multiple times.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TF
+ */
+HWTEST_F(AccessTokenKitTest, ClearUserGrantedPermissionState003, TestSize.Level0)
+{
+ AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+ ASSERT_NE(0, tokenID);
+ int ret = RET_FAILED;
+ for (int i = 0; i < CYCLE_TIMES; i++) {
+ ret = AccessTokenKit::ClearUserGrantedPermissionState(tokenID);
+ ASSERT_EQ(RET_SUCCESS, ret);
+
+ ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA);
+ ASSERT_EQ(PERMISSION_DENIED, ret);
+ }
+}
+
+/**
+ * @tc.name: GetTokenType001
+ * @tc.desc: get the token type.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TH
+ */
+HWTEST_F(AccessTokenKitTest, GetTokenType001, TestSize.Level0)
+{
+ AllocTestToken();
+ AccessTokenID tokenID = GetAccessTokenID(g_infoManagerTestInfoParms.userID,
+ g_infoManagerTestInfoParms.bundleName,
+ g_infoManagerTestInfoParms.instIndex);
+ int ret = AccessTokenKit::GetTokenType(tokenID);
+ ASSERT_EQ(TOKEN_HAP, ret);
+ DeleteTestToken();
+}
+
+/**
+ * @tc.name: GetHapTokenInfo001
+ * @tc.desc: get the token info and verify.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TH
+ */
+HWTEST_F(AccessTokenKitTest, GetHapTokenInfo001, TestSize.Level0)
+{
+ HapTokenInfo hapTokenInfoRes;
+ AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+ int ret = AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes);
+ ASSERT_EQ(RET_SUCCESS, ret);
+
+ ASSERT_EQ(hapTokenInfoRes.apl, APL_NORMAL);
+ ASSERT_EQ(hapTokenInfoRes.userID, TEST_USER_ID);
+ ASSERT_EQ(hapTokenInfoRes.tokenID, tokenID);
+ ASSERT_EQ(hapTokenInfoRes.tokenAttr, 0);
+ ASSERT_EQ(hapTokenInfoRes.instIndex, 0);
+
+ ASSERT_EQ(hapTokenInfoRes.appID, "appIDDesc");
+
+ ASSERT_EQ(hapTokenInfoRes.bundleName, TEST_BUNDLE_NAME);
+}
+
+/**
+ * @tc.name: GetHapTokenInfo002
+ * @tc.desc: try to get the token info with invalid tokenId.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TH
+ */
+HWTEST_F(AccessTokenKitTest, GetHapTokenInfo002, TestSize.Level0)
+{
+ HapTokenInfo hapTokenInfoRes;
+ int ret = AccessTokenKit::GetHapTokenInfo(TEST_TOKENID_INVALID, hapTokenInfoRes);
+ ASSERT_EQ(RET_FAILED, ret);
+}
+
+/**
+ * @tc.name: DeleteToken001
+ * @tc.desc: Cannot get permission definition info after DeleteToken function has been invoked.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TI
+ */
+HWTEST_F(AccessTokenKitTest, DeleteToken001, TestSize.Level1)
+{
+ AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+ PermissionDef permDefResultAlpha;
+ int ret = AccessTokenKit::GetDefPermission(TEST_PERMISSION_NAME_ALPHA, permDefResultAlpha);
+ ASSERT_EQ(TEST_PERMISSION_NAME_ALPHA, permDefResultAlpha.permissionName);
+ ASSERT_EQ(RET_SUCCESS, ret);
+
+ ret = AccessTokenKit::DeleteToken(tokenID);
+ ASSERT_EQ(RET_SUCCESS, ret);
+
+ PermissionDef defResult;
+ ret = AccessTokenKit::GetDefPermission(TEST_PERMISSION_NAME_ALPHA, defResult);
+ ASSERT_EQ(RET_FAILED, ret);
+}
+
+/**
+ * @tc.name: DeleteToken002
+ * @tc.desc: Delete invalid tokenID.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TI
+ */
+HWTEST_F(AccessTokenKitTest, DeleteToken002, TestSize.Level1)
+{
+ int ret = AccessTokenKit::DeleteToken(TEST_USER_ID_INVALID);
+ ASSERT_EQ(RET_FAILED, ret);
+}
+
+/**
+ * @tc.name: DeleteToken002
+ * @tc.desc: Delete invalid tokenID.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TI
+ */
+HWTEST_F(AccessTokenKitTest, DeleteToken003, TestSize.Level1)
+{
+ HapTokenInfo hapTokenInfoRes;
+ AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+
+ int ret = AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes);
+ ASSERT_EQ(RET_SUCCESS, ret);
+
+ ret = AccessTokenKit::DeleteToken(tokenID);
+ ASSERT_EQ(RET_SUCCESS, ret);
+
+ ret = AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes);
+ ASSERT_EQ(RET_FAILED, ret);
+}
+
+/**
+ * @tc.name: DeleteToken004
+ * @tc.desc: alloc a tokenId successfully, delete it successfully the first time and fail to delte it again.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TI
+ */
+HWTEST_F(AccessTokenKitTest, DeleteToken004, TestSize.Level1)
+{
+ AccessTokenIDEx tokenIdEx = {0};
+ tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams);
+ GTEST_LOG_(INFO) << "tokenIdEx.tokenIdExStruct.tokenID :" << tokenIdEx.tokenIdExStruct.tokenID;
+ AccessTokenID tokenID = GetAccessTokenID(g_infoManagerTestInfoParms.userID,
+ g_infoManagerTestInfoParms.bundleName,
+ g_infoManagerTestInfoParms.instIndex);
+
+ int ret = AccessTokenKit::DeleteToken(tokenID);
+ GTEST_LOG_(INFO) << "g_infoManagerTestInfoParms.userID :" << g_infoManagerTestInfoParms.userID;
+ GTEST_LOG_(INFO) << "g_infoManagerTestInfoParms.bundleName :" << g_infoManagerTestInfoParms.bundleName.c_str();
+ GTEST_LOG_(INFO) << "g_infoManagerTestInfoParms.instIndex :" << g_infoManagerTestInfoParms.instIndex;
+ GTEST_LOG_(INFO) << "tokenID :" << tokenID;
+ ASSERT_EQ(RET_SUCCESS, ret);
+ ret = AccessTokenKit::DeleteToken(tokenID);
+ ASSERT_EQ(RET_FAILED, ret);
+}
+
+/**
+ * @tc.name: GetHapTokenID001
+ * @tc.desc: get hap tokenid.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TH
+ */
+HWTEST_F(AccessTokenKitTest, GetHapTokenID001, TestSize.Level1)
+{
+ HapTokenInfo hapTokenInfoRes;
+ AccessTokenID tokenID;
+ tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+
+ int ret = AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes);
+ ASSERT_EQ(RET_SUCCESS, ret);
+ ASSERT_EQ(hapTokenInfoRes.bundleName, TEST_BUNDLE_NAME);
+}
+
+/**
+ * @tc.name: GetHapTokenID002
+ * @tc.desc: cannot get hap tokenid with invalid userId.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TH
+ */
+HWTEST_F(AccessTokenKitTest, GetHapTokenID002, TestSize.Level1)
+{
+ AccessTokenID tokenID;
+ tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID_INVALID, TEST_BUNDLE_NAME, 0);
+ ASSERT_EQ(0, tokenID);
+}
+
+/**
+ * @tc.name: GetHapTokenID003
+ * @tc.desc: cannot get hap tokenid with invalid bundlename.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TH
+ */
+HWTEST_F(AccessTokenKitTest, GetHapTokenID003, TestSize.Level1)
+{
+ AccessTokenID tokenID;
+ tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, "invalid bundlename", 0);
+ ASSERT_EQ(0, tokenID);
+}
+
+/**
+ * @tc.name: GetHapTokenID003
+ * @tc.desc: cannot get hap tokenid with invalid bundlename.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TH
+ */
+HWTEST_F(AccessTokenKitTest, GetHapTokenID004, TestSize.Level1)
+{
+ AccessTokenID tokenID;
+ tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0xffff);
+ ASSERT_EQ(0, tokenID);
+}
+
+/**
+ * @tc.name: AllocHapToken001
+ * @tc.desc: alloc a tokenId successfully, delete it successfully the first time and fail to delte it again.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TJ
+ */
+HWTEST_F(AccessTokenKitTest, AllocHapToken001, TestSize.Level1)
+{
+ AccessTokenIDEx tokenIdEx = {0};
+ tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams);
+ GTEST_LOG_(INFO) << "tokenIdEx.tokenIdExStruct.tokenID :" << tokenIdEx.tokenIdExStruct.tokenID;
+ AccessTokenID tokenID = GetAccessTokenID(g_infoManagerTestInfoParms.userID,
+ g_infoManagerTestInfoParms.bundleName,
+ g_infoManagerTestInfoParms.instIndex);
+ GTEST_LOG_(INFO) << "tokenID :" << tokenID;
+ int ret = AccessTokenKit::DeleteToken(tokenID);
+ ASSERT_EQ(RET_SUCCESS, ret);
+ ret = AccessTokenKit::DeleteToken(tokenID);
+ ASSERT_EQ(RET_FAILED, ret);
+}
+
+/**
+ * @tc.name: AllocHapToken002
+ * @tc.desc: alloc a tokenId successfully,
+ * and fail to alloc it with the same info and policy again.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TJ
+ */
+HWTEST_F(AccessTokenKitTest, AllocHapToken002, TestSize.Level1)
+{
+ AccessTokenIDEx tokenIdEx = {0};
+ AccessTokenID tokenID;
+ int ret;
+
+ tokenID = GetAccessTokenID(g_infoManagerTestInfoParms.userID,
+ g_infoManagerTestInfoParms.bundleName,
+ g_infoManagerTestInfoParms.instIndex);
+
+ ret = AccessTokenKit::DeleteToken(tokenID);
+ GTEST_LOG_(INFO) << "DeleteToken ret:" << ret;
+ GTEST_LOG_(INFO) << "tokenID :" << tokenID;
+
+ tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams);
+ GTEST_LOG_(INFO) << "tokenIdEx.tokenIdExStruct.tokenID :" << tokenIdEx.tokenIdExStruct.tokenID;
+
+ tokenID = GetAccessTokenID(g_infoManagerTestInfoParms.userID,
+ g_infoManagerTestInfoParms.bundleName,
+ g_infoManagerTestInfoParms.instIndex);
+ GTEST_LOG_(INFO) << "tokenID :" << tokenID;
+ ASSERT_NE(0, tokenID);
+
+ tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams);
+ ASSERT_EQ(0, tokenIdEx.tokenIdExStruct.tokenID);
+
+ ret = AccessTokenKit::DeleteToken(tokenID);
+ ASSERT_EQ(RET_SUCCESS, ret);
+}
+
+/**
+ * @tc.name: AllocHapToken003
+ * @tc.desc: cannot alloc a tokenId with invalid bundlename.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TJ
+ */
+HWTEST_F(AccessTokenKitTest, AllocHapToken003, TestSize.Level1)
+{
+ std::string invalidBundleName (INVALID_BUNDLENAME_LEN, 'x');
+ AccessTokenIDEx tokenIdEx = {0};
+ int ret;
+ AccessTokenID tokenID;
+
+ DeleteTestToken();
+ GTEST_LOG_(INFO) << "get hap token info:" << invalidBundleName.length();
+ g_infoManagerTestInfoParms.bundleName = invalidBundleName;
+ tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams);
+
+ ASSERT_EQ(0, tokenIdEx.tokenIdExStruct.tokenID);
+
+ tokenID = GetAccessTokenID(g_infoManagerTestInfoParms.userID,
+ g_infoManagerTestInfoParms.bundleName,
+ g_infoManagerTestInfoParms.instIndex);
+ ASSERT_EQ(0, tokenID);
+ ret = AccessTokenKit::DeleteToken(tokenID);
+ ASSERT_EQ(RET_FAILED, ret);
+
+ g_infoManagerTestInfoParms.bundleName = "accesstoken_test";
+}
+
+/**
+ * @tc.name: AllocHapToken004
+ * @tc.desc: cannot alloc a tokenId with invalid apl.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TJ
+ */
+HWTEST_F(AccessTokenKitTest, AllocHapToken004, TestSize.Level1)
+{
+ AccessTokenIDEx tokenIdEx = {0};
+ AccessTokenID tokenID;
+ ATokenAplEnum typeBackUp = g_infoManagerTestPolicyPrams.apl;
+ DeleteTestToken();
+
+ g_infoManagerTestPolicyPrams.apl = (ATokenAplEnum)5;
+ tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams);
+
+ ASSERT_EQ(0, tokenIdEx.tokenIdExStruct.tokenID);
+
+ tokenID = GetAccessTokenID(g_infoManagerTestInfoParms.userID,
+ g_infoManagerTestInfoParms.bundleName,
+ g_infoManagerTestInfoParms.instIndex);
+ ASSERT_EQ(0, tokenID);
+ int ret = AccessTokenKit::DeleteToken(tokenID);
+ ASSERT_EQ(RET_FAILED, ret);
+ g_infoManagerTestPolicyPrams.apl = typeBackUp;
+}
+
+/**
+ * @tc.name: AllocHapToken005
+ * @tc.desc: can alloc a tokenId when bundlename in permdef is different with bundlename in info.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TJ
+ */
+HWTEST_F(AccessTokenKitTest, AllocHapToken005, TestSize.Level1)
+{
+ AccessTokenIDEx tokenIdEx = {0};
+ std::string backUp;
+ std::string backUpPermission;
+ std::string bundleNameBackUp = g_infoManagerTestPermDef1.bundleName;
+ DeleteTestToken();
+
+ backUp = g_infoManagerTestPolicyPrams.permList[0].bundleName;
+ backUpPermission = g_infoManagerTestPolicyPrams.permList[0].permissionName;
+
+ g_infoManagerTestPolicyPrams.permList[0].bundleName = "invalid_bundleName";
+ g_infoManagerTestPolicyPrams.permList[0].permissionName = "ohos.permission.testtmp01";
+ tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams);
+ ASSERT_NE(0, tokenIdEx.tokenIdExStruct.tokenID);
+
+ PermissionDef permDefResultBeta;
+ int ret = AccessTokenKit::GetDefPermission(
+ g_infoManagerTestPolicyPrams.permList[0].permissionName, permDefResultBeta);
+ ASSERT_EQ(RET_SUCCESS, ret);
+ ret = AccessTokenKit::GetDefPermission(g_infoManagerTestPolicyPrams.permList[1].permissionName, permDefResultBeta);
+ ASSERT_EQ(RET_SUCCESS, ret);
+ g_infoManagerTestPolicyPrams.permList[0].bundleName = backUp;
+ g_infoManagerTestPolicyPrams.permList[0].permissionName = backUpPermission;
+}
+
+/**
+ * @tc.name: AllocHapToken006
+ * @tc.desc: can alloc a tokenId with a invalid permList permissionName.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TJ
+ */
+HWTEST_F(AccessTokenKitTest, AllocHapToken006, TestSize.Level1)
+{
+ AccessTokenIDEx tokenIdEx = {0};
+ std::string backUp;
+ DeleteTestToken();
+
+ const std::string invalidPermissionName (INVALID_PERMNAME_LEN, 'x');
+ backUp = g_infoManagerTestPolicyPrams.permList[0].permissionName;
+ g_infoManagerTestPolicyPrams.permList[0].permissionName = invalidPermissionName;
+ tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams);
+ ASSERT_NE(0, tokenIdEx.tokenIdExStruct.tokenID);
+
+ PermissionDef permDefResultBeta;
+ int ret = AccessTokenKit::GetDefPermission(invalidPermissionName, permDefResultBeta);
+ ASSERT_EQ(RET_FAILED, ret);
+ ret = AccessTokenKit::GetDefPermission(g_infoManagerTestPolicyPrams.permList[1].permissionName, permDefResultBeta);
+ ASSERT_EQ(RET_SUCCESS, ret);
+ g_infoManagerTestPolicyPrams.permList[0].permissionName = backUp;
+}
+
+/**
+ * @tc.name: AllocHapToken007
+ * @tc.desc: can alloc a tokenId with invalid permdef.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TJ
+ */
+HWTEST_F(AccessTokenKitTest, AllocHapToken007, TestSize.Level1)
+{
+ AccessTokenIDEx tokenIdEx = {0};
+ std::string backUp;
+ std::string backUpPermission;
+ DeleteTestToken();
+
+ const std::string invalidBundleName (INVALID_BUNDLENAME_LEN, 'x');
+ backUp = g_infoManagerTestPolicyPrams.permList[0].bundleName;
+ backUpPermission = g_infoManagerTestPolicyPrams.permList[0].permissionName;
+
+ g_infoManagerTestPolicyPrams.permList[0].permissionName = "ohos.permission.testtmp02";
+ g_infoManagerTestPolicyPrams.permList[0].bundleName = invalidBundleName;
+ tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams);
+ ASSERT_NE(0, tokenIdEx.tokenIdExStruct.tokenID);
+
+ PermissionDef permDefResultBeta;
+ int ret = AccessTokenKit::GetDefPermission(
+ g_infoManagerTestPolicyPrams.permList[0].permissionName, permDefResultBeta);
+ ASSERT_EQ(RET_FAILED, ret);
+ ret = AccessTokenKit::GetDefPermission(g_infoManagerTestPolicyPrams.permList[1].permissionName, permDefResultBeta);
+ ASSERT_EQ(RET_SUCCESS, ret);
+ g_infoManagerTestPolicyPrams.permList[0].bundleName = backUp;
+ g_infoManagerTestPolicyPrams.permList[0].permissionName = backUpPermission;
+}
+
+/**
+ * @tc.name: AllocHapToken008
+ * @tc.desc: can alloc a tokenId with invalid permdef.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TJ
+ */
+HWTEST_F(AccessTokenKitTest, AllocHapToken008, TestSize.Level1)
+{
+ AccessTokenIDEx tokenIdEx = {0};
+ std::string backUp;
+ std::string backUpPermission;
+ DeleteTestToken();
+
+ const std::string invalidLabel (INVALID_LABEL_LEN, 'x');
+ backUp = g_infoManagerTestPolicyPrams.permList[0].label;
+ backUpPermission = g_infoManagerTestPolicyPrams.permList[0].permissionName;
+ g_infoManagerTestPolicyPrams.permList[0].permissionName = "ohos.permission.testtmp03";
+ g_infoManagerTestPolicyPrams.permList[0].label = invalidLabel;
+ tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams);
+ ASSERT_NE(0, tokenIdEx.tokenIdExStruct.tokenID);
+
+ PermissionDef permDefResultBeta;
+ int ret = AccessTokenKit::GetDefPermission(
+ g_infoManagerTestPolicyPrams.permList[0].permissionName, permDefResultBeta);
+ ASSERT_EQ(RET_FAILED, ret);
+ ret = AccessTokenKit::GetDefPermission(g_infoManagerTestPolicyPrams.permList[1].permissionName, permDefResultBeta);
+ ASSERT_EQ(RET_SUCCESS, ret);
+ g_infoManagerTestPolicyPrams.permList[0].label = backUp;
+ g_infoManagerTestPolicyPrams.permList[0].permissionName = backUpPermission;
+}
+
+/**
+ * @tc.name: AllocHapToken009
+ * @tc.desc: can alloc a tokenId with invalid permdef.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TJ
+ */
+HWTEST_F(AccessTokenKitTest, AllocHapToken009, TestSize.Level1)
+{
+ AccessTokenIDEx tokenIdEx = {0};
+ std::string backUp;
+ std::string backUpPermission;
+ DeleteTestToken();
+
+ const std::string invalidDescription (INVALID_DESCRIPTION_LEN, 'x');
+ backUp = g_infoManagerTestPolicyPrams.permList[0].description;
+ backUpPermission = g_infoManagerTestPolicyPrams.permList[0].permissionName;
+
+ g_infoManagerTestPolicyPrams.permList[0].permissionName = "ohos.permission.testtmp04";
+ g_infoManagerTestPolicyPrams.permList[0].description = invalidDescription;
+ tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams);
+ ASSERT_NE(0, tokenIdEx.tokenIdExStruct.tokenID);
+
+ PermissionDef permDefResultBeta;
+ int ret = AccessTokenKit::GetDefPermission(
+ g_infoManagerTestPolicyPrams.permList[0].permissionName, permDefResultBeta);
+ ASSERT_EQ(RET_FAILED, ret);
+ ret = AccessTokenKit::GetDefPermission(
+ g_infoManagerTestPolicyPrams.permList[1].permissionName, permDefResultBeta);
+ ASSERT_EQ(RET_SUCCESS, ret);
+
+ g_infoManagerTestPolicyPrams.permList[0].description = backUp;
+ g_infoManagerTestPolicyPrams.permList[0].permissionName = backUpPermission;
+}
+
+static bool ExistInVector(vector array, unsigned int value)
+{
+ vector::iterator it;
+ it = find(array.begin(), array.end(), value);
+ if (it != array.end()) {
+ return true;
+ } else {
+ return false;
+ }
+}
+
+/**
+ * @tc.name: AllocHapToken010
+ * @tc.desc: alloc and delete in a loop.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TJ
+ */
+HWTEST_F(AccessTokenKitTest, AllocHapToken010, TestSize.Level1)
+{
+ AccessTokenIDEx tokenIdEx = {0};
+ AccessTokenID tokenID;
+ int ret;
+ bool exist = false;
+ int allocFlag = 0;
+ int deleteFlag = 0;
+
+ DeleteTestToken();
+ vector obj;
+ for (int i = 0; i < CYCLE_TIMES; i++) {
+ tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams);
+ tokenID = GetAccessTokenID(g_infoManagerTestInfoParms.userID,
+ g_infoManagerTestInfoParms.bundleName,
+ g_infoManagerTestInfoParms.instIndex);
+
+ exist = ExistInVector(obj, tokenID);
+ if (exist) {
+ allocFlag = 1;
+ }
+ obj.push_back(tokenID);
+
+ ret = AccessTokenKit::DeleteToken(tokenID);
+ if (RET_SUCCESS != ret) {
+ deleteFlag = 1;
+ }
+ }
+ ASSERT_EQ(allocFlag, 0);
+ ASSERT_EQ(deleteFlag, 0);
+}
+
+/**
+ * @tc.name: AllocHapToken011
+ * @tc.desc: cannot alloc a tokenId with invalid appIDDesc.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TJ
+ */
+HWTEST_F(AccessTokenKitTest, AllocHapToken011, TestSize.Level1)
+{
+ std::string invalidAppIDDesc (INVALID_APPIDDESC_LEN, 'x');
+ std::string backup;
+ AccessTokenIDEx tokenIdEx = {0};
+
+ DeleteTestToken();
+ backup = g_infoManagerTestInfoParms.appIDDesc;
+ g_infoManagerTestInfoParms.appIDDesc = invalidAppIDDesc;
+ tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams);
+ ASSERT_EQ(0, tokenIdEx.tokenIdExStruct.tokenID);
+ g_infoManagerTestInfoParms.appIDDesc = backup;
+}
+
+/**
+ * @tc.name: AllocHapToken012
+ * @tc.desc: cannot alloc a tokenId with invalid bundleName.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TJ
+ */
+HWTEST_F(AccessTokenKitTest, AllocHapToken012, TestSize.Level1)
+{
+ std::string backup;
+ AccessTokenIDEx tokenIdEx = {0};
+
+ backup = g_infoManagerTestInfoParms.bundleName;
+ g_infoManagerTestInfoParms.bundleName = "";
+ tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams);
+ ASSERT_EQ(0, tokenIdEx.tokenIdExStruct.tokenID);
+ g_infoManagerTestInfoParms.bundleName = backup;
+}
+
+/**
+ * @tc.name: AllocHapToken013
+ * @tc.desc: cannot alloc a tokenId with invalid appIDDesc.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TJ
+ */
+HWTEST_F(AccessTokenKitTest, AllocHapToken013, TestSize.Level1)
+{
+ std::string backup;
+ AccessTokenIDEx tokenIdEx = {0};
+
+ backup = g_infoManagerTestInfoParms.appIDDesc;
+ g_infoManagerTestInfoParms.appIDDesc = "";
+ tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams);
+ ASSERT_EQ(0, tokenIdEx.tokenIdExStruct.tokenID);
+ g_infoManagerTestInfoParms.appIDDesc = backup;
+}
+
+/**
+ * @tc.name: AllocHapToken014
+ * @tc.desc: can alloc a tokenId with permList permissionName as "".
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TJ
+ */
+HWTEST_F(AccessTokenKitTest, AllocHapToken014, TestSize.Level1)
+{
+ std::string backup;
+ AccessTokenIDEx tokenIdEx = {0};
+
+ backup = g_infoManagerTestPolicyPrams.permList[0].permissionName;
+ g_infoManagerTestPolicyPrams.permList[0].permissionName = "";
+ tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams);
+ PermissionDef permDefResultBeta;
+ int ret = AccessTokenKit::GetDefPermission("", permDefResultBeta);
+ ASSERT_EQ(RET_FAILED, ret);
+ g_infoManagerTestPolicyPrams.permList[0].permissionName = backup;
+}
+
+/**
+ * @tc.name: AllocHapToken015
+ * @tc.desc: can alloc a tokenId with permList bundleName as "".
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TJ
+ */
+HWTEST_F(AccessTokenKitTest, AllocHapToken015, TestSize.Level1)
+{
+ std::string backup;
+ std::string backUpPermission;
+ AccessTokenIDEx tokenIdEx = {0};
+
+ backup = g_infoManagerTestPolicyPrams.permList[0].bundleName;
+ backUpPermission = g_infoManagerTestPolicyPrams.permList[0].permissionName;
+ g_infoManagerTestPolicyPrams.permList[0].bundleName = "";
+ g_infoManagerTestPolicyPrams.permList[0].permissionName = "ohos.permission.testtmp05";
+ tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams);
+
+ PermissionDef permDefResultBeta;
+ int ret = AccessTokenKit::GetDefPermission(
+ g_infoManagerTestPolicyPrams.permList[0].permissionName, permDefResultBeta);
+ ASSERT_EQ(RET_FAILED, ret);
+ ret = AccessTokenKit::GetDefPermission(g_infoManagerTestPolicyPrams.permList[1].permissionName, permDefResultBeta);
+ ASSERT_EQ(RET_SUCCESS, ret);
+ g_infoManagerTestPolicyPrams.permList[0].bundleName = backup;
+ g_infoManagerTestPolicyPrams.permList[0].permissionName = backUpPermission;
+}
+
+/**
+ * @tc.name: AllocHapToken016
+ * @tc.desc: can alloc a tokenId with label as "".
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TJ
+ */
+HWTEST_F(AccessTokenKitTest, AllocHapToken016, TestSize.Level1)
+{
+ std::string backup;
+ std::string backUpPermission;
+ AccessTokenIDEx tokenIdEx = {0};
+
+ backup = g_infoManagerTestPolicyPrams.permList[0].label;
+ g_infoManagerTestPolicyPrams.permList[0].label = "";
+ backUpPermission = g_infoManagerTestPolicyPrams.permList[0].permissionName;
+ g_infoManagerTestPolicyPrams.permList[0].permissionName = "ohos.permission.testtmp06";
+ tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams);
+
+ PermissionDef permDefResult;
+ int ret = AccessTokenKit::GetDefPermission(g_infoManagerTestPolicyPrams.permList[0].permissionName, permDefResult);
+ ASSERT_EQ(ret, RET_SUCCESS);
+ g_infoManagerTestPolicyPrams.permList[0].label = backup;
+ g_infoManagerTestPolicyPrams.permList[0].permissionName = backUpPermission;
+}
+
+/**
+ * @tc.name: AllocHapToken017
+ * @tc.desc: cannot alloc a tokenId with invalid permdef.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TJ
+ */
+HWTEST_F(AccessTokenKitTest, AllocHapToken017, TestSize.Level1)
+{
+ std::string backUpPermission;
+ std::string backup;
+ AccessTokenIDEx tokenIdEx = {0};
+
+ backup = g_infoManagerTestPolicyPrams.permList[0].description;
+ g_infoManagerTestPolicyPrams.permList[0].description = "";
+ backUpPermission = g_infoManagerTestPolicyPrams.permList[0].permissionName;
+ g_infoManagerTestPolicyPrams.permList[0].permissionName = "ohos.permission.testtmp07";
+ tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams);
+
+ PermissionDef permDefResult;
+ int ret = AccessTokenKit::GetDefPermission(g_infoManagerTestPolicyPrams.permList[0].permissionName, permDefResult);
+ ASSERT_EQ(ret, RET_SUCCESS);
+ g_infoManagerTestPolicyPrams.permList[0].description = backup;
+ g_infoManagerTestPolicyPrams.permList[0].permissionName = backUpPermission;
+}
+
+/**
+ * @tc.name: UpdateHapToken001
+ * @tc.desc: alloc a tokenId successfully, update it successfully and verify it.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TJ
+ */
+HWTEST_F(AccessTokenKitTest, UpdateHapToken001, TestSize.Level1)
+{
+ int userID = g_infoManagerTestInfoParms.userID;
+ const std::string bundleName = g_infoManagerTestInfoParms.bundleName;
+ int instIndex = g_infoManagerTestInfoParms.instIndex;
+
+ const std::string appIDDesc = "housework app";
+
+ DeleteTestToken();
+ AccessTokenIDEx tokenIdEx = {0};
+ tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams);
+ GTEST_LOG_(INFO) << "tokenID :" << tokenIdEx.tokenIdExStruct.tokenID;
+ AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(userID, bundleName, instIndex);
+ GTEST_LOG_(INFO) << "tokenID :" << tokenID;
+ g_infoManagerTestPolicyPrams.apl = APL_SYSTEM_BASIC;
+
+ int ret = AccessTokenKit::UpdateHapToken(tokenID, appIDDesc, g_infoManagerTestPolicyPrams);
+ ASSERT_EQ(0, ret);
+
+ HapTokenInfo hapTokenInfoRes;
+ ret = AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes);
+ ASSERT_EQ(RET_SUCCESS, ret);
+
+ ASSERT_EQ(hapTokenInfoRes.appID, "housework app");
+ ASSERT_EQ(hapTokenInfoRes.apl, APL_SYSTEM_BASIC);
+
+ ret = AccessTokenKit::DeleteToken(tokenID);
+ ASSERT_EQ(RET_SUCCESS, ret);
+}
+
+/**
+ * @tc.name: UpdateHapToken002
+ * @tc.desc: cannot update hap token info with invalid userId.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TJ
+ */
+HWTEST_F(AccessTokenKitTest, UpdateHapToken002, TestSize.Level1)
+{
+ int ret = AccessTokenKit::UpdateHapToken(TEST_USER_ID_INVALID, "appIDDesc", g_infoManagerTestPolicyPrams);
+ ASSERT_EQ(RET_FAILED, ret);
+}
+
+/**
+ * @tc.name: UpdateHapToken003
+ * @tc.desc: cannot update hap token info with invalid appIDDesc.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TJ
+ */
+HWTEST_F(AccessTokenKitTest, UpdateHapToken003, TestSize.Level1)
+{
+ int userID = g_infoManagerTestInfoParms.userID;
+ const std::string bundleName = g_infoManagerTestInfoParms.bundleName;
+ int instIndex = g_infoManagerTestInfoParms.instIndex;
+
+ const std::string appIDDesc (INVALID_APPIDDESC_LEN, 'x');
+
+ AccessTokenIDEx tokenIdEx = {0};
+ tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams);
+
+ AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(userID, bundleName, instIndex);
+
+ int ret = AccessTokenKit::UpdateHapToken(tokenID, appIDDesc, g_infoManagerTestPolicyPrams);
+ ASSERT_EQ(RET_FAILED, ret);
+
+ HapTokenInfo hapTokenInfoRes;
+ ret = AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes);
+ ASSERT_EQ(RET_SUCCESS, ret);
+
+ ASSERT_EQ(hapTokenInfoRes.appID, "testtesttesttest");
+
+ ret = AccessTokenKit::DeleteToken(tokenID);
+ ASSERT_EQ(RET_SUCCESS, ret);
+}
+
+/**
+ * @tc.name: UpdateHapToken004
+ * @tc.desc: cannot update a tokenId with invalid apl.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TJ
+ */
+HWTEST_F(AccessTokenKitTest, UpdateHapToken004, TestSize.Level1)
+{
+ int userID = g_infoManagerTestInfoParms.userID;
+ const std::string bundleName = g_infoManagerTestInfoParms.bundleName;
+ int instIndex = g_infoManagerTestInfoParms.instIndex;
+
+ const std::string appIDDesc = "housework app";
+
+ AccessTokenIDEx tokenIdEx = {0};
+ tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams);
+
+ AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(userID, bundleName, instIndex);
+
+ g_infoManagerTestPolicyPrams.apl = (ATokenAplEnum)5;
+
+ int ret = AccessTokenKit::UpdateHapToken(tokenID, appIDDesc, g_infoManagerTestPolicyPrams);
+ ASSERT_EQ(RET_FAILED, ret);
+
+ HapTokenInfo hapTokenInfoRes;
+ ret = AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes);
+ ASSERT_EQ(RET_SUCCESS, ret);
+
+ ASSERT_EQ(hapTokenInfoRes.apl, APL_NORMAL);
+
+ ret = AccessTokenKit::DeleteToken(tokenID);
+ ASSERT_EQ(RET_SUCCESS, ret);
+}
+
+/**
+ * @tc.name: UpdateHapToken005
+ * @tc.desc: cannot update a tokenId with invalid string value.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TJ
+ */
+HWTEST_F(AccessTokenKitTest, UpdateHapToken005, TestSize.Level1)
+{
+ std::string backUpPermission;
+ const std::string appIDDesc = g_infoManagerTestInfoParms.appIDDesc;
+ PermissionDef permDefResult;
+
+ DeleteTestToken();
+ AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams);
+ AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
+ ASSERT_NE(0, tokenID);
+
+ std::string backup = g_infoManagerTestPolicyPrams.permList[0].permissionName;
+ g_infoManagerTestPolicyPrams.permList[0].permissionName = "";
+ int ret = AccessTokenKit::UpdateHapToken(tokenID, appIDDesc, g_infoManagerTestPolicyPrams);
+ ret = AccessTokenKit::GetDefPermission(g_infoManagerTestPolicyPrams.permList[0].permissionName, permDefResult);
+ ASSERT_EQ(RET_FAILED, ret);
+ g_infoManagerTestPolicyPrams.permList[0].permissionName = backup;
+
+ backUpPermission = g_infoManagerTestPolicyPrams.permList[0].permissionName;
+ g_infoManagerTestPolicyPrams.permList[0].permissionName = "ohos.permission.testtmp11";
+ backup = g_infoManagerTestPolicyPrams.permList[0].bundleName;
+ g_infoManagerTestPolicyPrams.permList[0].bundleName = "";
+ ret = AccessTokenKit::UpdateHapToken(tokenID, appIDDesc, g_infoManagerTestPolicyPrams);
+ ret = AccessTokenKit::GetDefPermission(g_infoManagerTestPolicyPrams.permList[0].permissionName, permDefResult);
+ ASSERT_EQ(RET_FAILED, ret);
+ g_infoManagerTestPolicyPrams.permList[0].bundleName = backup;
+ g_infoManagerTestPolicyPrams.permList[0].permissionName = backUpPermission;
+
+ backUpPermission = g_infoManagerTestPolicyPrams.permList[0].permissionName;
+ g_infoManagerTestPolicyPrams.permList[0].permissionName = "ohos.permission.testtmp12";
+ backup = g_infoManagerTestPolicyPrams.permList[0].label;
+ g_infoManagerTestPolicyPrams.permList[0].label = "";
+ ret = AccessTokenKit::UpdateHapToken(tokenID, appIDDesc, g_infoManagerTestPolicyPrams);
+ ASSERT_EQ(RET_SUCCESS, ret);
+ ret = AccessTokenKit::GetDefPermission(g_infoManagerTestPolicyPrams.permList[0].permissionName, permDefResult);
+ ASSERT_EQ(RET_SUCCESS, ret);
+ g_infoManagerTestPolicyPrams.permList[0].label = backup;
+ g_infoManagerTestPolicyPrams.permList[0].permissionName = backUpPermission;
+
+ backUpPermission = g_infoManagerTestPolicyPrams.permList[0].permissionName;
+ g_infoManagerTestPolicyPrams.permList[0].permissionName = "ohos.permission.testtmp13";
+ backup = g_infoManagerTestPolicyPrams.permList[0].description;
+ g_infoManagerTestPolicyPrams.permList[0].description = "";
+ ret = AccessTokenKit::UpdateHapToken(tokenID, appIDDesc, g_infoManagerTestPolicyPrams);
+ ASSERT_EQ(RET_SUCCESS, ret);
+ ret = AccessTokenKit::GetDefPermission(g_infoManagerTestPolicyPrams.permList[0].permissionName, permDefResult);
+ ASSERT_EQ(RET_SUCCESS, ret);
+ g_infoManagerTestPolicyPrams.permList[0].description = backup;
+ g_infoManagerTestPolicyPrams.permList[0].permissionName = backUpPermission;
+
+ ret = AccessTokenKit::DeleteToken(tokenID);
+ ASSERT_EQ(RET_SUCCESS, ret);
+}
+
+/**
+ * @tc.name: UpdateHapToken006
+ * @tc.desc: update a batch of tokenId.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TJ
+ */
+HWTEST_F(AccessTokenKitTest, UpdateHapToken006, TestSize.Level1)
+{
+ int allocFlag = 0;
+ int updateFlag = 0;
+ int deleteFlag = 0;
+ AccessTokenIDEx tokenIdEx = {0};
+ AccessTokenID tokenID;
+ int ret;
+ vector obj;
+ bool exist;
+ const std::string appIDDesc = g_infoManagerTestInfoParms.appIDDesc;
+ HapInfoParams infoManagerTestInfo = g_infoManagerTestInfoParms;
+ DeleteTestToken();
+
+ for (int i = 0; i < CYCLE_TIMES; i++) {
+ tokenIdEx = AccessTokenKit::AllocHapToken(infoManagerTestInfo, g_infoManagerTestPolicyPrams);
+ tokenID = GetAccessTokenID(infoManagerTestInfo.userID,
+ infoManagerTestInfo.bundleName,
+ infoManagerTestInfo.instIndex);
+
+ exist = ExistInVector(obj, tokenID);
+ if (exist) {
+ allocFlag = 1;
+ break;
+ }
+ obj.push_back(tokenID);
+ infoManagerTestInfo.userID++;
+ }
+
+ infoManagerTestInfo.instIndex = 1;
+ g_infoManagerTestPolicyPrams.apl = APL_SYSTEM_BASIC;
+ for (int i = 0; i < obj.size(); i++) {
+ ret = AccessTokenKit::UpdateHapToken(obj[i], appIDDesc, g_infoManagerTestPolicyPrams);
+ if (RET_SUCCESS != ret) {
+ updateFlag = 1;
+ break;
+ }
+ }
+ g_infoManagerTestPolicyPrams.apl = APL_NORMAL;
+
+ for (int i = 0; i < obj.size(); i++) {
+ ret = AccessTokenKit::DeleteToken(obj[i]);
+ if (RET_SUCCESS != ret) {
+ deleteFlag = 1;
+ }
+ }
+ ASSERT_EQ(allocFlag, 0);
+ ASSERT_EQ(updateFlag, 0);
+ ASSERT_EQ(deleteFlag, 0);
+}
+
+/**
+ * @tc.name: UpdateHapToken007
+ * @tc.desc: add new permissdef.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TJ
+ */
+HWTEST_F(AccessTokenKitTest, UpdateHapToken007, TestSize.Level1)
+{
+ int ret;
+ std::string backup;
+ const std::string appIDDesc = g_infoManagerTestInfoParms.appIDDesc;
+ DeleteTestToken();
+
+ AccessTokenIDEx tokenIdEx = {0};
+ tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams);
+ AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
+ GTEST_LOG_(INFO) << "tokenID :" << tokenID;
+
+ PermissionDef permDefResult;
+ /* check permission define befor update */
+ ret = AccessTokenKit::GetDefPermission("ohos.permission.test3", permDefResult);
+ ASSERT_EQ(RET_FAILED, ret);
+
+ backup = g_infoManagerTestPolicyPrams.permList[0].permissionName;
+ g_infoManagerTestPolicyPrams.permList[0].permissionName = "ohos.permission.test3";
+ ret = AccessTokenKit::UpdateHapToken(tokenID, appIDDesc, g_infoManagerTestPolicyPrams);
+ ASSERT_EQ(RET_SUCCESS, ret);
+ g_infoManagerTestPolicyPrams.permList[0].permissionName = backup;
+
+ GTEST_LOG_(INFO) << "permissionName :" << g_infoManagerTestPolicyPrams.permList[0].permissionName;
+
+ ret = AccessTokenKit::GetDefPermission("ohos.permission.test3", permDefResult);
+ if (ret != RET_SUCCESS) {
+ ret = AccessTokenKit::DeleteToken(tokenID);
+ ASSERT_EQ(RET_SUCCESS, ret);
+ }
+ ASSERT_EQ(RET_SUCCESS, ret);
+ ASSERT_EQ("ohos.permission.test3", permDefResult.permissionName);
+
+ ret = AccessTokenKit::DeleteToken(tokenID);
+ ASSERT_EQ(RET_SUCCESS, ret);
+}
+/**
+ * @tc.name: UpdateHapToken008
+ * @tc.desc: modify permissdef's grantMode.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TJ
+ */
+HWTEST_F(AccessTokenKitTest, UpdateHapToken008, TestSize.Level1)
+{
+ int ret;
+ std::string backup;
+ const std::string appIDDesc = g_infoManagerTestInfoParms.appIDDesc;
+ DeleteTestToken();
+
+ AccessTokenIDEx tokenIdEx = {0};
+ tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams);
+ AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
+ GTEST_LOG_(INFO) << "tokenID :" << tokenID;
+
+ PermissionDef permDefResult;
+ /* check permission define befor update */
+ ret = AccessTokenKit::GetDefPermission(g_infoManagerTestPolicyPrams.permList[0].permissionName, permDefResult);
+ ASSERT_EQ(g_infoManagerTestPolicyPrams.permList[0].permissionName, permDefResult.permissionName);
+ ASSERT_EQ("label", permDefResult.label);
+ ASSERT_EQ(1, permDefResult.grantMode);
+ ASSERT_EQ(RET_SUCCESS, ret);
+
+ backup = g_infoManagerTestPolicyPrams.permList[0].label;
+ g_infoManagerTestPolicyPrams.permList[0].grantMode = 0;
+ g_infoManagerTestPolicyPrams.permList[0].label = "updated label";
+ ret = AccessTokenKit::UpdateHapToken(tokenID, appIDDesc, g_infoManagerTestPolicyPrams);
+ ASSERT_EQ(RET_SUCCESS, ret);
+ g_infoManagerTestPolicyPrams.permList[0].label = backup;
+ g_infoManagerTestPolicyPrams.permList[0].grantMode = 1;
+
+ /* check permission define after update */
+ ret = AccessTokenKit::GetDefPermission(g_infoManagerTestPolicyPrams.permList[0].permissionName, permDefResult);
+ ASSERT_EQ(g_infoManagerTestPolicyPrams.permList[0].permissionName, permDefResult.permissionName);
+ ASSERT_EQ("updated label", permDefResult.label);
+ ASSERT_EQ(0, permDefResult.grantMode);
+ ASSERT_EQ(RET_SUCCESS, ret);
+
+ ret = AccessTokenKit::DeleteToken(tokenID);
+ ASSERT_EQ(RET_SUCCESS, ret);
+}
+
+/**
+ * @tc.name: UpdateHapToken009
+ * @tc.desc: old permission define will not update its grantStatus.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TJ
+ */
+HWTEST_F(AccessTokenKitTest, UpdateHapToken009, TestSize.Level1)
+{
+ int ret;
+ std::vector permDefList;
+ const std::string appIDDesc = g_infoManagerTestInfoParms.appIDDesc;
+ PermissionDef infoManagerTestPermDef = g_infoManagerTestPermDef1;
+ PermissionStateFull infoManagerTestState = {
+ .grantFlags = {PermissionState::PERMISSION_DENIED},
+ .grantStatus = {3},
+ .isGeneral = true,
+ .permissionName = "ohos.permission.test1",
+ .resDeviceID = {"local"}};
+
+ HapPolicyParams infoManagerTestPolicyPrams = {
+ .apl = APL_NORMAL,
+ .domain = "test.domain",
+ .permList = {infoManagerTestPermDef},
+ .permStateList = {infoManagerTestState}};
+
+ DeleteTestToken();
+ AccessTokenIDEx tokenIdEx = {0};
+ tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams);
+ AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
+ GTEST_LOG_(INFO) << "tokenID :" << tokenID;
+
+ ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.test1");
+ ASSERT_EQ(ret, g_infoManagerTestState1.grantStatus[0]);
+
+ ret = AccessTokenKit::UpdateHapToken(tokenID, appIDDesc, infoManagerTestPolicyPrams);
+
+ ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.test1");
+ ASSERT_EQ(ret, PermissionState::PERMISSION_DENIED);
+
+ ret = AccessTokenKit::DeleteToken(tokenID);
+ ASSERT_EQ(RET_SUCCESS, ret);
+}
+
+static void *ThreadTestFunc01(void *args)
+{
+ ATokenTypeEnum type;
+ AccessTokenID tokenID;
+
+ for (int i = 0; i < CYCLE_TIMES; i++) {
+ tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID,
+ g_infoManagerTestInfoParms.bundleName,
+ g_infoManagerTestInfoParms.instIndex);
+ type = AccessTokenKit::GetTokenType(tokenID);
+ if (type != TOKEN_HAP) {
+ GTEST_LOG_(INFO) << "ThreadTestFunc01 failed" << tokenID;
+ }
+ }
+ return NULL;
+}
+
+static void *ThreadTestFunc02(void *args)
+{
+ int ret;
+ AccessTokenID tokenID;
+ HapTokenInfo hapTokenInfoRes;
+
+ for (int i = 0; i < CYCLE_TIMES; i++) {
+ tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID,
+ g_infoManagerTestInfoParms.bundleName,
+ g_infoManagerTestInfoParms.instIndex);
+ ret = AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes);
+ if (ret != RET_SUCCESS) {
+ GTEST_LOG_(INFO) << "ThreadTestFunc02 failed" << tokenID;
+ }
+ }
+ return NULL;
+}
+
+/**
+ * @tc.name: AllocHapToken011
+ * @tc.desc: Mulitpulthread test.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TJ
+ */
+HWTEST_F(AccessTokenKitTest, Mulitpulthread001, TestSize.Level1)
+{
+ int ret;
+ AccessTokenIDEx tokenIdEx = {0};
+ tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams);
+ ASSERT_NE(0, tokenIdEx.tokenIdExStruct.tokenID);
+ pthread_t tid[2];
+ (void)pthread_create(&tid[0], 0, &ThreadTestFunc01, NULL);
+ (void)pthread_create(&tid[1], 0, &ThreadTestFunc01, NULL);
+ pthread_join(tid[0], NULL);
+ pthread_join(tid[1], NULL);
+
+ (void)pthread_create(&tid[0], 0, &ThreadTestFunc02, NULL);
+ (void)pthread_create(&tid[1], 0, &ThreadTestFunc02, NULL);
+ pthread_join(tid[0], NULL);
+ pthread_join(tid[1], NULL);
+
+ ret = AccessTokenKit::DeleteToken(tokenIdEx.tokenIdExStruct.tokenID);
+ ASSERT_EQ(RET_SUCCESS, ret);
+}
+
+void ConcurrencyTask(unsigned int tokenID)
+{
+ for (int i = 0; i < CYCLE_TIMES; i++) {
+ AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED);
+ AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_ALPHA);
+ AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA);
+
+ AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_SET);
+ AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_ALPHA);
+ AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA);
+ }
+}
+
+/**
+ * @tc.name: ConcurrencyTest001
+ * @tc.desc: Concurrency testing
+ * @tc.type: FUNC
+ * @tc.require:AR000GM5FC AR000GK6T8 AR000GK6TF
+ */
+HWTEST_F(AccessTokenKitTest, ConcurrencyTest001, TestSize.Level1)
+{
+ AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+ ASSERT_NE(0, tokenID);
+ std::vector threadVec;
+ for (int i = 0; i < THREAD_NUM; i++) {
+ threadVec.emplace_back(std::thread(ConcurrencyTask, tokenID));
+ }
+ for (auto it = threadVec.begin(); it != threadVec.end(); it++) {
+ it->join();
+ }
+}
+
+/**
+ * @tc.name: CheckNativeDCap001
+ * @tc.desc: cannot Check native dcap with invalid tokenID.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TD
+ */
+HWTEST_F(AccessTokenKitTest, CheckNativeDCap001, TestSize.Level1)
+{
+ AccessTokenID tokenID = 0;
+ const std::string dcap = "AT_CAP";
+ int ret = AccessTokenKit::CheckNativeDCap(tokenID, dcap);
+ ASSERT_EQ(RET_FAILED, ret);
+
+ tokenID = 1;
+ ret = AccessTokenKit::CheckNativeDCap(tokenID, dcap);
+ ASSERT_EQ(RET_FAILED, ret);
+}
+
+/**
+ * @tc.name: CheckNativeDCap002
+ * @tc.desc: cannot Check native dcap with invalid dcap.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TD
+ */
+HWTEST_F(AccessTokenKitTest, CheckNativeDCap002, TestSize.Level1)
+{
+ AccessTokenID tokenID = 0Xff;
+ const std::string invalidDcap (INVALID_DCAP_LEN, 'x');
+ int ret = AccessTokenKit::CheckNativeDCap(tokenID, invalidDcap);
+ ASSERT_EQ(RET_FAILED, ret);
+}
+
+/**
+ * @tc.name: GetNativeTokenInfo001
+ * @tc.desc: cannot get native token with invalid tokenID.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TD
+ */
+HWTEST_F(AccessTokenKitTest, GetNativeTokenInfo001, TestSize.Level1)
+{
+ AccessTokenID tokenID = 0;
+ NativeTokenInfo findInfo;
+ int ret = AccessTokenKit::GetNativeTokenInfo(tokenID, findInfo);
+ ASSERT_EQ(ret, RET_FAILED);
+
+ tokenID = 0xff;
+ ret = AccessTokenKit::GetNativeTokenInfo(tokenID, findInfo);
+ ASSERT_EQ(ret, RET_FAILED);
+}
+
+/**
+ * @tc.name: GetTokenTypeFlag001
+ * @tc.desc: cannot get token type with tokenID.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TD
+ */
+HWTEST_F(AccessTokenKitTest, GetTokenTypeFlag001, TestSize.Level1)
+{
+ AccessTokenID tokenID = 0;
+ ATokenTypeEnum ret = AccessTokenKit::GetTokenTypeFlag(tokenID);
+ ASSERT_EQ(ret, TOKEN_INVALID);
+}
+
+/**
+ * @tc.name: GetTokenTypeFlag002
+ * @tc.desc: Get token type with native tokenID.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TD
+ */
+HWTEST_F(AccessTokenKitTest, GetTokenTypeFlag002, TestSize.Level1)
+{
+ uint64_t tokenId01 = GetAccessTokenId("GetTokenTypeFlag002", nullptr, 0, "system_core");
+
+ AccessTokenID tokenID = tokenId01 & 0xffffffff;
+ ATokenTypeEnum ret = AccessTokenKit::GetTokenTypeFlag(tokenID);
+ ASSERT_EQ(ret, TOKEN_NATIVE);
+}
+
+/**
+ * @tc.name: GetTokenTypeFlag003
+ * @tc.desc: Get token type with hap tokenID.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TD
+ */
+HWTEST_F(AccessTokenKitTest, GetTokenTypeFlag003, TestSize.Level1)
+{
+ AccessTokenIDEx tokenIdEx = {0};
+ tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams);
+ ASSERT_NE(0, tokenIdEx.tokenIdExStruct.tokenID);
+
+ ATokenTypeEnum ret = AccessTokenKit::GetTokenTypeFlag(tokenIdEx.tokenIdExStruct.tokenID);
+ ASSERT_EQ(ret, TOKEN_HAP);
+
+ int res = AccessTokenKit::DeleteToken(tokenIdEx.tokenIdExStruct.tokenID);
+ ASSERT_EQ(RET_SUCCESS, res);
+}
+
+/**
+ * @tc.name: SetRemoteHapTokenInfo001
+ * @tc.desc: set remote hap token info success
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6T5
+ */
+HWTEST_F(AccessTokenKitTest, SetRemoteHapTokenInfo001, TestSize.Level1)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo001 start.");
+ std::string deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2";
+ AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000);
+ HapTokenInfo baseInfo = {
+ .apl = APL_NORMAL,
+ .ver = 1,
+ .userID = 1,
+ .bundleName = "com.ohos.access_token",
+ .instIndex = 1,
+ .appID = "testtesttesttest",
+ .deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2",
+ .tokenID = 0x20100000,
+ .tokenAttr = 0
+ };
+
+ PermissionStateFull infoManagerTestState = {
+ .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED},
+ .grantStatus = {PermissionState::PERMISSION_GRANTED},
+ .isGeneral = true,
+ .permissionName = "ohos.permission.test1",
+ .resDeviceID = {"local"}};
+ std::vector permStateList;
+ permStateList.emplace_back(infoManagerTestState);
+
+ HapTokenInfoForSync remoteTokenInfo = {
+ .baseInfo = baseInfo,
+ .permStateList =permStateList
+ };
+
+ int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo);
+ ASSERT_EQ(ret, RET_SUCCESS);
+
+ // Get local map token ID
+ AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(deviceID, 0x20100000);
+ ASSERT_NE(mapID, 0);
+
+ // check local map token
+ HapTokenInfo resultInfo;
+ ret = AccessTokenKit::GetHapTokenInfo(mapID, resultInfo);
+ ASSERT_EQ(ret, RET_SUCCESS);
+ ASSERT_EQ(resultInfo.apl, remoteTokenInfo.baseInfo.apl);
+ ASSERT_EQ(resultInfo.ver, remoteTokenInfo.baseInfo.ver);
+ ASSERT_EQ(resultInfo.userID, remoteTokenInfo.baseInfo.userID);
+ ASSERT_EQ(resultInfo.bundleName, remoteTokenInfo.baseInfo.bundleName);
+ ASSERT_EQ(resultInfo.instIndex, remoteTokenInfo.baseInfo.instIndex);
+ ASSERT_EQ(resultInfo.appID, remoteTokenInfo.baseInfo.appID);
+ ASSERT_EQ(resultInfo.deviceID, remoteTokenInfo.baseInfo.deviceID);
+ ASSERT_NE(resultInfo.tokenID, remoteTokenInfo.baseInfo.tokenID); // tokenID already is map tokenID
+ ASSERT_EQ(resultInfo.tokenAttr, remoteTokenInfo.baseInfo.tokenAttr);
+
+ ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1");
+ ASSERT_EQ(ret, PermissionState::PERMISSION_GRANTED);
+
+ ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000);
+ ASSERT_EQ(ret, RET_SUCCESS);
+}
+
+/**
+ * @tc.name: SetRemoteHapTokenInfo002
+ * @tc.desc: set remote hap token info, token info is wrong
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6T5
+ */
+HWTEST_F(AccessTokenKitTest, SetRemoteHapTokenInfo002, TestSize.Level1)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo002 start.");
+ std::string deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2";
+ AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000);
+ HapTokenInfo rightBaseInfo = {
+ .apl = APL_NORMAL,
+ .ver = 1,
+ .userID = 1,
+ .bundleName = "com.ohos.access_token",
+ .instIndex = 1,
+ .appID = "testtesttesttest",
+ .deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2",
+ .tokenID = 0x20100000,
+ .tokenAttr = 0
+ };
+
+ HapTokenInfo wrongBaseInfo = rightBaseInfo;
+ wrongBaseInfo.apl = (ATokenAplEnum)11; // wrong apl
+
+ PermissionStateFull infoManagerTestState = {
+ .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED},
+ .grantStatus = {PermissionState::PERMISSION_GRANTED},
+ .isGeneral = true,
+ .permissionName = "ohos.permission.test1",
+ .resDeviceID = {"local"}};
+ std::vector permStateList;
+ permStateList.emplace_back(infoManagerTestState);
+
+ HapTokenInfoForSync remoteTokenInfo = {
+ .baseInfo = wrongBaseInfo,
+ .permStateList =permStateList
+ };
+
+ int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo);
+ ASSERT_NE(ret, RET_SUCCESS);
+
+ std::string wrongStr(10241, 'x');
+
+ wrongBaseInfo = rightBaseInfo;
+ wrongBaseInfo.appID = wrongStr; // wrong appID
+ remoteTokenInfo.baseInfo = wrongBaseInfo;
+ ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo);
+ ASSERT_NE(ret, RET_SUCCESS);
+
+ wrongBaseInfo = rightBaseInfo;
+ wrongBaseInfo.bundleName = wrongStr; // wrong bundleName
+ remoteTokenInfo.baseInfo = wrongBaseInfo;
+ ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo);
+ ASSERT_NE(ret, RET_SUCCESS);
+
+ wrongBaseInfo = rightBaseInfo;
+ wrongBaseInfo.deviceID = wrongStr; // wrong deviceID
+ remoteTokenInfo.baseInfo = wrongBaseInfo;
+ ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo);
+ ASSERT_NE(ret, RET_SUCCESS);
+
+ wrongBaseInfo = rightBaseInfo;
+ wrongBaseInfo.tokenID = 0; // wrong tokenID
+ remoteTokenInfo.baseInfo = wrongBaseInfo;
+ ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo);
+ ASSERT_NE(ret, RET_SUCCESS);
+}
+
+/**
+ * @tc.name: SetRemoteHapTokenInfo003
+ * @tc.desc: set remote hap token wrong permission grant
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6T5
+ */
+HWTEST_F(AccessTokenKitTest, SetRemoteHapTokenInfo003, TestSize.Level1)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo003 start.");
+ std::string deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2";
+ AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000);
+ HapTokenInfo baseInfo = {
+ .apl = APL_NORMAL,
+ .ver = 1,
+ .userID = 1,
+ .bundleName = "com.ohos.access_token",
+ .instIndex = 1,
+ .appID = "testtesttesttest",
+ .deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2",
+ .tokenID = 0x20100000,
+ .tokenAttr = 0
+ };
+
+ PermissionStateFull infoManagerTestState = {
+ .grantFlags = {11}, // wrong flags
+ .grantStatus = {PermissionState::PERMISSION_GRANTED},
+ .isGeneral = true,
+ .permissionName = "ohos.permission.test1",
+ .resDeviceID = {"local"}};
+ std::vector permStateList;
+ permStateList.emplace_back(infoManagerTestState);
+
+ HapTokenInfoForSync remoteTokenInfo = {
+ .baseInfo = baseInfo,
+ .permStateList =permStateList
+ };
+
+ int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo);
+ ASSERT_EQ(ret, RET_SUCCESS);
+
+ // Get local map token ID
+ AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(deviceID, 0x20100000);
+ ASSERT_NE(mapID, 0);
+
+ ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1");
+ ASSERT_EQ(ret, PermissionState::PERMISSION_DENIED);
+
+ ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000);
+ ASSERT_EQ(ret, RET_SUCCESS);
+}
+
+/**
+ * @tc.name: SetRemoteHapTokenInfo004
+ * @tc.desc: update remote hap token when remote exist
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6T5
+ */
+HWTEST_F(AccessTokenKitTest, SetRemoteHapTokenInfo004, TestSize.Level1)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo004 start.");
+ std::string deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2";
+ AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000);
+ HapTokenInfo baseInfo = {
+ .apl = APL_NORMAL,
+ .ver = 1,
+ .userID = 1,
+ .bundleName = "com.ohos.access_token",
+ .instIndex = 1,
+ .appID = "testtesttesttest",
+ .deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2",
+ .tokenID = 0x20100000,
+ .tokenAttr = 0
+ };
+
+ PermissionStateFull infoManagerTestState = {
+ .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED},
+ .grantStatus = {PermissionState::PERMISSION_DENIED}, // first denied
+ .isGeneral = true,
+ .permissionName = "ohos.permission.test1",
+ .resDeviceID = {"local"}};
+ std::vector permStateList;
+ permStateList.emplace_back(infoManagerTestState);
+
+ HapTokenInfoForSync remoteTokenInfo = {
+ .baseInfo = baseInfo,
+ .permStateList =permStateList
+ };
+
+ int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo);
+ ASSERT_EQ(ret, RET_SUCCESS);
+
+ // Get local map token ID
+ AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(deviceID, 0x20100000);
+ ASSERT_NE(mapID, 0);
+
+ ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1");
+ ASSERT_EQ(ret, PermissionState::PERMISSION_DENIED);
+
+ remoteTokenInfo.permStateList[0].grantStatus[0] = PermissionState::PERMISSION_GRANTED; // second granted
+ ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo);
+ ASSERT_EQ(ret, RET_SUCCESS);
+
+ ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1");
+ ASSERT_EQ(ret, PermissionState::PERMISSION_GRANTED);
+
+ ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000);
+ ASSERT_EQ(ret, RET_SUCCESS);
+}
+
+/**
+ * @tc.name: SetRemoteHapTokenInfo005
+ * @tc.desc: add remote hap token, it can not grant by GrantPermission
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6T5
+ */
+HWTEST_F(AccessTokenKitTest, SetRemoteHapTokenInfo005, TestSize.Level1)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo005 start.");
+ std::string deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2";
+ AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000);
+ HapTokenInfo baseInfo = {
+ .apl = APL_NORMAL,
+ .ver = 1,
+ .userID = 1,
+ .bundleName = "com.ohos.access_token",
+ .instIndex = 1,
+ .appID = "testtesttesttest",
+ .deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2",
+ .tokenID = 0x20100000,
+ .tokenAttr = 0
+ };
+
+ PermissionStateFull infoManagerTestState = {
+ .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED},
+ .grantStatus = {PermissionState::PERMISSION_DENIED}, // first denied
+ .isGeneral = true,
+ .permissionName = "ohos.permission.test1",
+ .resDeviceID = {"local"}};
+ std::vector permStateList;
+ permStateList.emplace_back(infoManagerTestState);
+
+ HapTokenInfoForSync remoteTokenInfo = {
+ .baseInfo = baseInfo,
+ .permStateList =permStateList
+ };
+
+ int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo);
+ ASSERT_EQ(ret, RET_SUCCESS);
+
+ // Get local map token ID
+ AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(deviceID, 0x20100000);
+ ASSERT_NE(mapID, 0);
+
+ ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1");
+ ASSERT_EQ(ret, PermissionState::PERMISSION_DENIED);
+
+ ret = AccessTokenKit::GrantPermission(mapID, "ohos.permission.test1", PermissionFlag::PERMISSION_SYSTEM_FIXED);
+ ASSERT_EQ(ret, RET_SUCCESS);
+
+ ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1");
+ ASSERT_EQ(ret, PermissionState::PERMISSION_DENIED);
+
+ ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000);
+ ASSERT_EQ(ret, RET_SUCCESS);
+}
+
+/**
+ * @tc.name: SetRemoteHapTokenInfo006
+ * @tc.desc: add remote hap token, it can not revoke by RevokePermission
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6T5
+ */
+HWTEST_F(AccessTokenKitTest, SetRemoteHapTokenInfo006, TestSize.Level1)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo006 start.");
+ std::string deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2";
+ AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000);
+ HapTokenInfo baseInfo = {
+ .apl = APL_NORMAL,
+ .ver = 1,
+ .userID = 1,
+ .bundleName = "com.ohos.access_token",
+ .instIndex = 1,
+ .appID = "testtesttesttest",
+ .deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2",
+ .tokenID = 0x20100000,
+ .tokenAttr = 0
+ };
+
+ PermissionStateFull infoManagerTestState = {
+ .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED},
+ .grantStatus = {PermissionState::PERMISSION_GRANTED}, // first grant
+ .isGeneral = true,
+ .permissionName = "ohos.permission.test1",
+ .resDeviceID = {"local"}};
+ std::vector permStateList;
+ permStateList.emplace_back(infoManagerTestState);
+
+ HapTokenInfoForSync remoteTokenInfo = {
+ .baseInfo = baseInfo,
+ .permStateList =permStateList
+ };
+
+ int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo);
+ ASSERT_EQ(ret, RET_SUCCESS);
+
+ // Get local map token ID
+ AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(deviceID, 0x20100000);
+ ASSERT_NE(mapID, 0);
+
+ ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1");
+ ASSERT_EQ(ret, PermissionState::PERMISSION_GRANTED);
+
+ ret = AccessTokenKit::RevokePermission(mapID, "ohos.permission.test1", PermissionFlag::PERMISSION_SYSTEM_FIXED);
+ ASSERT_EQ(ret, RET_SUCCESS);
+
+ ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1");
+ ASSERT_EQ(ret, PermissionState::PERMISSION_GRANTED);
+
+ ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000);
+ ASSERT_EQ(ret, RET_SUCCESS);
+}
+
+/**
+ * @tc.name: SetRemoteHapTokenInfo007
+ * @tc.desc: add remote hap token, it can not delete by DeleteToken
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6T5
+ */
+HWTEST_F(AccessTokenKitTest, SetRemoteHapTokenInfo007, TestSize.Level1)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo007 start.");
+ std::string deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2";
+ AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000);
+ HapTokenInfo baseInfo = {
+ .apl = APL_NORMAL,
+ .ver = 1,
+ .userID = 1,
+ .bundleName = "com.ohos.access_token",
+ .instIndex = 1,
+ .appID = "testtesttesttest",
+ .deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2",
+ .tokenID = 0x20100000,
+ .tokenAttr = 0
+ };
+
+ PermissionStateFull infoManagerTestState = {
+ .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED},
+ .grantStatus = {PermissionState::PERMISSION_DENIED}, // first denied
+ .isGeneral = true,
+ .permissionName = "ohos.permission.test1",
+ .resDeviceID = {"local"}};
+ std::vector permStateList;
+ permStateList.emplace_back(infoManagerTestState);
+
+ HapTokenInfoForSync remoteTokenInfo = {
+ .baseInfo = baseInfo,
+ .permStateList =permStateList
+ };
+
+ int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo);
+ ASSERT_EQ(ret, RET_SUCCESS);
+
+ // Get local map token ID
+ AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(deviceID, 0x20100000);
+ ASSERT_NE(mapID, 0);
+
+ ret = AccessTokenKit::DeleteToken(mapID);
+ ASSERT_EQ(ret, RET_FAILED);
+
+ ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000);
+ ASSERT_EQ(ret, RET_SUCCESS);
+}
+
+/**
+ * @tc.name: SetRemoteHapTokenInfo008
+ * @tc.desc: add remote hap token, it can not update by UpdateHapToken
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6T5
+ */
+HWTEST_F(AccessTokenKitTest, SetRemoteHapTokenInfo008, TestSize.Level1)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo008 start.");
+ std::string deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2";
+ AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000);
+ HapTokenInfo baseInfo = {
+ .apl = APL_NORMAL,
+ .ver = 1,
+ .userID = 1,
+ .bundleName = "com.ohos.access_token",
+ .instIndex = 1,
+ .appID = "testtesttesttest",
+ .deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2",
+ .tokenID = 0x20100000,
+ .tokenAttr = 0
+ };
+
+ PermissionStateFull infoManagerTestState = {
+ .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED},
+ .grantStatus = {PermissionState::PERMISSION_DENIED}, // first denied
+ .isGeneral = true,
+ .permissionName = "ohos.permission.test1",
+ .resDeviceID = {"local"}};
+ std::vector permStateList;
+ permStateList.emplace_back(infoManagerTestState);
+
+ HapTokenInfoForSync remoteTokenInfo = {
+ .baseInfo = baseInfo,
+ .permStateList =permStateList
+ };
+
+ int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo);
+ ASSERT_EQ(ret, RET_SUCCESS);
+
+ // Get local map token ID
+ AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(deviceID, 0x20100000);
+ ASSERT_NE(mapID, 0);
+
+ HapPolicyParams policy;
+
+ ret = AccessTokenKit::UpdateHapToken(mapID, "updateFailed", policy);
+ ASSERT_EQ(ret, RET_FAILED);
+
+ ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000);
+ ASSERT_EQ(ret, RET_SUCCESS);
+}
+
+/**
+ * @tc.name: SetRemoteHapTokenInfo009
+ * @tc.desc: add remote hap token, it can not clear by ClearUserGrantedPermissionState
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6T5
+ */
+HWTEST_F(AccessTokenKitTest, SetRemoteHapTokenInfo009, TestSize.Level1)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo009 start.");
+ std::string deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2";
+ AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000);
+ HapTokenInfo baseInfo = {
+ .apl = APL_NORMAL,
+ .ver = 1,
+ .userID = 1,
+ .bundleName = "com.ohos.access_token",
+ .instIndex = 1,
+ .appID = "testtesttesttest",
+ .deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2",
+ .tokenID = 0x20100000,
+ .tokenAttr = 0
+ };
+
+ PermissionStateFull infoManagerTestState = {
+ .grantFlags = {PermissionFlag::PERMISSION_USER_SET},
+ .grantStatus = {PermissionState::PERMISSION_GRANTED},
+ .isGeneral = true,
+ .permissionName = "ohos.permission.test1",
+ .resDeviceID = {"local"}};
+ std::vector permStateList;
+ permStateList.emplace_back(infoManagerTestState);
+
+ HapTokenInfoForSync remoteTokenInfo = {
+ .baseInfo = baseInfo,
+ .permStateList =permStateList
+ };
+
+ int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo);
+ ASSERT_EQ(ret, RET_SUCCESS);
+
+ // Get local map token ID
+ AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(deviceID, 0x20100000);
+ ASSERT_NE(mapID, 0);
+
+ ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1");
+ ASSERT_EQ(ret, PermissionState::PERMISSION_GRANTED);
+
+ ret = AccessTokenKit::ClearUserGrantedPermissionState(mapID);
+ ASSERT_EQ(ret, RET_SUCCESS);
+
+ ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1");
+ ASSERT_EQ(ret, PermissionState::PERMISSION_GRANTED);
+
+ ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000);
+ ASSERT_EQ(ret, RET_SUCCESS);
+}
+
+/**
+ * @tc.name: SetRemoteHapTokenInfo010
+ * @tc.desc: tokenID is not hap token
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6T5
+ */
+HWTEST_F(AccessTokenKitTest, SetRemoteHapTokenInfo010, TestSize.Level1)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo009 start.");
+ std::string deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2";
+ HapTokenInfo baseInfo = {
+ .apl = APL_NORMAL,
+ .ver = 1,
+ .userID = 1,
+ .bundleName = "com.ohos.access_token",
+ .instIndex = 1,
+ .appID = "testtesttesttest",
+ .deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2",
+ .tokenID = 0x28100000,
+ .tokenAttr = 0
+ };
+
+ PermissionStateFull infoManagerTestState = {
+ .grantFlags = {PermissionFlag::PERMISSION_USER_SET},
+ .grantStatus = {PermissionState::PERMISSION_GRANTED},
+ .isGeneral = true,
+ .permissionName = "ohos.permission.test1",
+ .resDeviceID = {"local"}};
+ std::vector permStateList;
+ permStateList.emplace_back(infoManagerTestState);
+
+ HapTokenInfoForSync remoteTokenInfo = {
+ .baseInfo = baseInfo,
+ .permStateList =permStateList
+ };
+
+ int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo);
+ ASSERT_NE(ret, RET_SUCCESS);
+}
+
+/**
+ * @tc.name: DeleteRemoteDeviceToken001
+ * @tc.desc: delete exist device mapping tokenId
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TA
+ */
+HWTEST_F(AccessTokenKitTest, DeleteRemoteDeviceToken001, TestSize.Level1)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "DeleteRemoteDeviceTokens001 start.");
+ std::string deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2";
+ AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000);
+ HapTokenInfo baseInfo = {
+ .apl = APL_NORMAL,
+ .ver = 1,
+ .userID = 1,
+ .bundleName = "com.ohos.access_token",
+ .instIndex = 1,
+ .appID = "testtesttesttest",
+ .deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2",
+ .tokenID = 0x20100000,
+ .tokenAttr = 0
+ };
+
+ PermissionStateFull infoManagerTestState = {
+ .grantFlags = {PermissionFlag::PERMISSION_USER_SET},
+ .grantStatus = {PermissionState::PERMISSION_GRANTED},
+ .isGeneral = true,
+ .permissionName = "ohos.permission.test1",
+ .resDeviceID = {"local"}};
+ std::vector permStateList;
+ permStateList.emplace_back(infoManagerTestState);
+
+ HapTokenInfoForSync remoteTokenInfo = {
+ .baseInfo = baseInfo,
+ .permStateList =permStateList
+ };
+
+ int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo);
+ ASSERT_EQ(ret, RET_SUCCESS);
+
+ AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(deviceID, 0x20100000);
+ ASSERT_NE(mapID, 0);
+
+ HapTokenInfo info;
+ ret = AccessTokenKit::GetHapTokenInfo(mapID, info);
+ ASSERT_EQ(ret, RET_SUCCESS);
+
+ ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000);
+ ASSERT_EQ(ret, RET_SUCCESS);
+
+ ret = AccessTokenKit::GetHapTokenInfo(mapID, info);
+ ASSERT_NE(ret, RET_SUCCESS);
+}
+
+/**
+ * @tc.name: DeleteRemoteDeviceToken002
+ * @tc.desc: delete exist device mapping tokenId
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TA
+ */
+HWTEST_F(AccessTokenKitTest, DeleteRemoteDeviceToken002, TestSize.Level1)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "DeleteRemoteDeviceTokens001 start.");
+ std::string deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2";
+ AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000);
+ HapTokenInfo baseInfo = {
+ .apl = APL_NORMAL,
+ .ver = 1,
+ .userID = 1,
+ .bundleName = "com.ohos.access_token",
+ .instIndex = 1,
+ .appID = "testtesttesttest",
+ .deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2",
+ .tokenID = 0x20100000,
+ .tokenAttr = 0
+ };
+
+ PermissionStateFull infoManagerTestState = {
+ .grantFlags = {PermissionFlag::PERMISSION_USER_SET},
+ .grantStatus = {PermissionState::PERMISSION_GRANTED},
+ .isGeneral = true,
+ .permissionName = "ohos.permission.test1",
+ .resDeviceID = {"local"}};
+ std::vector permStateList;
+ permStateList.emplace_back(infoManagerTestState);
+
+ HapTokenInfoForSync remoteTokenInfo = {
+ .baseInfo = baseInfo,
+ .permStateList =permStateList
+ };
+
+ int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo);
+ ASSERT_EQ(ret, RET_SUCCESS);
+
+ AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(deviceID, 0x20100000);
+ ASSERT_NE(mapID, 0);
+
+ HapTokenInfo info;
+ ret = AccessTokenKit::GetHapTokenInfo(mapID, info);
+ ASSERT_EQ(ret, RET_SUCCESS);
+
+ ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0);
+ ASSERT_NE(ret, RET_SUCCESS);
+
+ // deviceID is wrong
+ std::string wrongStr(10241, 'x');
+ deviceID = wrongStr;
+ ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000);
+ ASSERT_NE(ret, RET_SUCCESS);
+}
+
+/**
+ * @tc.name: DeleteRemoteDeviceToken003
+ * @tc.desc: delete exist device mapping tokenId
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TA
+ */
+HWTEST_F(AccessTokenKitTest, DeleteRemoteDeviceToken003, TestSize.Level1)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "DeleteRemoteDeviceToken003 start.");
+ std::string deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2";
+ AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000);
+
+ int ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000);
+ ASSERT_NE(ret, RET_SUCCESS);
+}
+
+/**
+ * @tc.name: DeleteRemoteDeviceTokens001
+ * @tc.desc: delete all mapping tokens of exist device
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TA
+ */
+HWTEST_F(AccessTokenKitTest, DeleteRemoteDeviceTokens001, TestSize.Level1)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "DeleteRemoteDeviceTokens001 start.");
+ std::string deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2";
+ AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000);
+ AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100001);
+ HapTokenInfo baseInfo = {
+ .apl = APL_NORMAL,
+ .ver = 1,
+ .userID = 1,
+ .bundleName = "com.ohos.access_token",
+ .instIndex = 1,
+ .appID = "testtesttesttest",
+ .deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2",
+ .tokenID = 0x20100000,
+ .tokenAttr = 0
+ };
+
+ PermissionStateFull infoManagerTestState = {
+ .grantFlags = {PermissionFlag::PERMISSION_USER_SET},
+ .grantStatus = {PermissionState::PERMISSION_GRANTED},
+ .isGeneral = true,
+ .permissionName = "ohos.permission.test1",
+ .resDeviceID = {"local"}};
+ std::vector permStateList;
+ permStateList.emplace_back(infoManagerTestState);
+
+ HapTokenInfoForSync remoteTokenInfo = {
+ .baseInfo = baseInfo,
+ .permStateList =permStateList
+ };
+
+ int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo);
+ ASSERT_EQ(ret, RET_SUCCESS);
+
+ HapTokenInfoForSync remoteTokenInfo1 = remoteTokenInfo;
+ remoteTokenInfo1.baseInfo.tokenID = 0x20100001;
+ remoteTokenInfo1.baseInfo.bundleName = "com.ohos.access_token1";
+ ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo1);
+ ASSERT_EQ(ret, RET_SUCCESS);
+
+ AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(deviceID, 0x20100000);
+ ASSERT_NE(mapID, 0);
+ AccessTokenID mapID1 = AccessTokenKit::AllocLocalTokenID(deviceID, 0x20100001);
+ ASSERT_NE(mapID1, 0);
+
+ ret = AccessTokenKit::DeleteRemoteDeviceTokens(deviceID);
+ ASSERT_EQ(ret, RET_SUCCESS);
+
+ HapTokenInfo info;
+ ret = AccessTokenKit::GetHapTokenInfo(mapID, info);
+ ASSERT_NE(ret, RET_SUCCESS);
+ ret = AccessTokenKit::GetHapTokenInfo(mapID1, info);
+ ASSERT_NE(ret, RET_SUCCESS);
+}
+
+/**
+ * @tc.name: DeleteRemoteDeviceTokens002
+ * @tc.desc: delete all mapping tokens of NOT exist device
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TA
+ */
+HWTEST_F(AccessTokenKitTest, DeleteRemoteDeviceTokens002, TestSize.Level1)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "DeleteRemoteDeviceTokens002 start.");
+ std::string deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2";
+ AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000);
+ AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100001);
+ HapTokenInfo baseInfo = {
+ .apl = APL_NORMAL,
+ .ver = 1,
+ .userID = 1,
+ .bundleName = "com.ohos.access_token",
+ .instIndex = 1,
+ .appID = "testtesttesttest",
+ .deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2",
+ .tokenID = 0x20100000,
+ .tokenAttr = 0
+ };
+
+ PermissionStateFull infoManagerTestState = {
+ .grantFlags = {PermissionFlag::PERMISSION_USER_SET},
+ .grantStatus = {PermissionState::PERMISSION_GRANTED},
+ .isGeneral = true,
+ .permissionName = "ohos.permission.test1",
+ .resDeviceID = {"local"}};
+ std::vector permStateList;
+ permStateList.emplace_back(infoManagerTestState);
+
+ HapTokenInfoForSync remoteTokenInfo = {
+ .baseInfo = baseInfo,
+ .permStateList =permStateList
+ };
+
+ int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo);
+ ASSERT_EQ(ret, RET_SUCCESS);
+
+ HapTokenInfoForSync remoteTokenInfo1 = remoteTokenInfo;
+ remoteTokenInfo1.baseInfo.tokenID = 0x20100001;
+ remoteTokenInfo1.baseInfo.bundleName = "com.ohos.access_token1";
+ ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo1);
+ ASSERT_EQ(ret, RET_SUCCESS);
+
+ AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(deviceID, 0x20100000);
+ ASSERT_NE(mapID, 0);
+ AccessTokenID mapID1 = AccessTokenKit::AllocLocalTokenID(deviceID, 0x20100001);
+ ASSERT_NE(mapID1, 0);
+
+ ret = AccessTokenKit::DeleteRemoteDeviceTokens("1111111");
+ ASSERT_NE(ret, RET_SUCCESS);
+
+ AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000);
+ AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100001);
+}
+
+/**
+ * @tc.name: GetHapTokenInfoFromRemote001
+ * @tc.desc: get normal local tokenInfo
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TA
+ */
+HWTEST_F(AccessTokenKitTest, GetHapTokenInfoFromRemote001, TestSize.Level1)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "GetHapTokenInfoFromRemote001 start.");
+ AccessTokenIDEx tokenIdEx = {0};
+ tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams);
+ AccessTokenID localTokenID = tokenIdEx.tokenIdExStruct.tokenID;
+
+ HapTokenInfoForSync infoSync;
+ int ret = AccessTokenKit::GetHapTokenInfoFromRemote(localTokenID, infoSync);
+ ASSERT_EQ(ret, RET_SUCCESS);
+ ASSERT_EQ(infoSync.baseInfo.apl, g_infoManagerTestPolicyPrams.apl);
+ ASSERT_EQ(infoSync.permStateList.size(), 2);
+ ASSERT_EQ(infoSync.permStateList[1].grantFlags.size(), 2);
+
+ ASSERT_EQ(infoSync.permStateList[0].permissionName, g_infoManagerTestPolicyPrams.permStateList[0].permissionName);
+ ASSERT_EQ(infoSync.permStateList[0].grantFlags[0], g_infoManagerTestPolicyPrams.permStateList[0].grantFlags[0]);
+ ASSERT_EQ(infoSync.permStateList[0].grantStatus[0], g_infoManagerTestPolicyPrams.permStateList[0].grantStatus[0]);
+ ASSERT_EQ(infoSync.permStateList[0].resDeviceID[0], g_infoManagerTestPolicyPrams.permStateList[0].resDeviceID[0]);
+ ASSERT_EQ(infoSync.permStateList[0].isGeneral, g_infoManagerTestPolicyPrams.permStateList[0].isGeneral);
+
+ ASSERT_EQ(infoSync.permStateList[1].permissionName, g_infoManagerTestPolicyPrams.permStateList[1].permissionName);
+ ASSERT_EQ(infoSync.permStateList[1].grantFlags[0], g_infoManagerTestPolicyPrams.permStateList[1].grantFlags[0]);
+ ASSERT_EQ(infoSync.permStateList[1].grantStatus[0], g_infoManagerTestPolicyPrams.permStateList[1].grantStatus[0]);
+ ASSERT_EQ(infoSync.permStateList[1].resDeviceID[0], g_infoManagerTestPolicyPrams.permStateList[1].resDeviceID[0]);
+ ASSERT_EQ(infoSync.permStateList[1].isGeneral, g_infoManagerTestPolicyPrams.permStateList[1].isGeneral);
+
+ ASSERT_EQ(infoSync.permStateList[1].grantFlags[1], g_infoManagerTestPolicyPrams.permStateList[1].grantFlags[1]);
+ ASSERT_EQ(infoSync.permStateList[1].grantStatus[1], g_infoManagerTestPolicyPrams.permStateList[1].grantStatus[1]);
+ ASSERT_EQ(infoSync.permStateList[1].resDeviceID[1], g_infoManagerTestPolicyPrams.permStateList[1].resDeviceID[1]);
+
+ ASSERT_EQ(infoSync.baseInfo.bundleName, g_infoManagerTestInfoParms.bundleName);
+ ASSERT_EQ(infoSync.baseInfo.userID, g_infoManagerTestInfoParms.userID);
+ ASSERT_EQ(infoSync.baseInfo.instIndex, g_infoManagerTestInfoParms.instIndex);
+ ASSERT_EQ(infoSync.baseInfo.appID, g_infoManagerTestInfoParms.appIDDesc);
+ ASSERT_EQ(infoSync.baseInfo.ver, 1);
+ ASSERT_EQ(infoSync.baseInfo.tokenID, localTokenID);
+ ASSERT_EQ(infoSync.baseInfo.tokenAttr, 0);
+
+ AccessTokenKit::DeleteToken(localTokenID);
+}
+
+/**
+ * @tc.name: GetHapTokenInfoFromRemote002
+ * @tc.desc: get normal mapping tokenInfo
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TA
+ */
+HWTEST_F(AccessTokenKitTest, GetHapTokenInfoFromRemote002, TestSize.Level1)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "GetHapTokenInfoFromRemote002 start.");
+ std::string deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2";
+ AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000);
+ HapTokenInfo baseInfo = {
+ .apl = APL_NORMAL,
+ .ver = 1,
+ .userID = 1,
+ .bundleName = "com.ohos.access_token",
+ .instIndex = 1,
+ .appID = "testtesttesttest",
+ .deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2",
+ .tokenID = 0x20100000,
+ .tokenAttr = 0
+ };
+
+ PermissionStateFull infoManagerTestState = {
+ .grantFlags = {PermissionFlag::PERMISSION_USER_SET},
+ .grantStatus = {PermissionState::PERMISSION_GRANTED},
+ .isGeneral = true,
+ .permissionName = "ohos.permission.test1",
+ .resDeviceID = {"local"}};
+ std::vector permStateList;
+ permStateList.emplace_back(infoManagerTestState);
+
+ HapTokenInfoForSync remoteTokenInfo = {
+ .baseInfo = baseInfo,
+ .permStateList =permStateList
+ };
+
+ int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo);
+ ASSERT_EQ(ret, RET_SUCCESS);
+
+ AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(deviceID, 0x20100000);
+ ASSERT_NE(mapID, 0);
+
+ HapTokenInfoForSync infoSync;
+ ret = AccessTokenKit::GetHapTokenInfoFromRemote(mapID, infoSync);
+ ASSERT_NE(ret, RET_SUCCESS);
+
+ AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000);
+}
+
+/**
+ * @tc.name: GetHapTokenInfoFromRemote003
+ * @tc.desc: get normal mapping tokenInfo
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TA
+ */
+HWTEST_F(AccessTokenKitTest, GetHapTokenInfoFromRemote003, TestSize.Level1)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "GetHapTokenInfoFromRemote003 start.");
+ HapTokenInfoForSync infoSync;
+ int ret = AccessTokenKit::GetHapTokenInfoFromRemote(0, infoSync);
+ ASSERT_NE(ret, RET_SUCCESS);
+}
diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.h b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.h
new file mode 100644
index 0000000000000000000000000000000000000000..dfdd20e85dc3a510579e6cfac669ac0912a85a28
--- /dev/null
+++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.h
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef ACCESSTOKEN_KIT_TEST_H
+#define ACCESSTOKEN_KIT_TEST_H
+
+#include
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+static const std::string TEST_BUNDLE_NAME = "ohos";
+static const std::string TEST_PERMISSION_NAME_ALPHA = "ohos.permission.ALPHA";
+static const std::string TEST_PERMISSION_NAME_BETA = "ohos.permission.BETA";
+static const std::string TEST_PERMISSION_NAME_GAMMA = "ohos.permission.GAMMA";
+static const int TEST_USER_ID = 0;
+static const int TEST_USER_ID_INVALID = -1;
+static const unsigned int TEST_TOKENID_INVALID = 0;
+static const int INVALID_BUNDLENAME_LEN = 260;
+static const int INVALID_APPIDDESC_LEN = 10244;
+static const int INVALID_LABEL_LEN = 260;
+static const int INVALID_DESCRIPTION_LEN = 260;
+static const int INVALID_PERMNAME_LEN = 260;
+static const int CYCLE_TIMES = 100;
+static const int THREAD_NUM = 3;
+static const int INVALID_DCAP_LEN = 1025;
+class AccessTokenKitTest : public testing::Test {
+public:
+ static void SetUpTestCase();
+
+ static void TearDownTestCase();
+
+ void SetUp();
+
+ void TearDown();
+ unsigned int GetAccessTokenID(int userID, std::string bundleName, int instIndex);
+ void DeleteTestToken() const;
+ void AllocTestToken() const;
+};
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
+#endif // ACCESSTOKEN_KIT_TEST_H
diff --git a/interfaces/innerkits/nativetoken/BUILD.gn b/interfaces/innerkits/nativetoken/BUILD.gn
new file mode 100644
index 0000000000000000000000000000000000000000..5a4163d3be70cb500db2d82bf8630d4dc37d2c62
--- /dev/null
+++ b/interfaces/innerkits/nativetoken/BUILD.gn
@@ -0,0 +1,48 @@
+# Copyright (C) 2021 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/ohos.gni")
+
+################################################################
+# C, Main, source file here.
+################################################################
+config("accesstokenlib") {
+ visibility = [ ":*" ]
+ include_dirs = [ "include" ]
+}
+
+ohos_static_library("libnativetoken") {
+ subsystem_name = "security"
+ part_name = "access_token"
+ output_name = "libnativetoken"
+
+ public_configs = [ ":accesstokenlib" ]
+
+ cflags = [ "-Wall" ]
+
+ include_dirs = [
+ "include",
+ "src",
+ "//third_party/cJSON",
+ "//third_party/bounds_checking_function/include",
+ ]
+
+ sources = [ "src/nativetoken.c" ]
+
+ deps = [
+ "//third_party/bounds_checking_function:libsec_static",
+ "//third_party/cJSON:cjson_static",
+ ]
+
+ external_deps = [ "hiviewdfx_hilog_native:libhilog" ]
+}
diff --git a/interfaces/innerkits/nativetoken/include/nativetoken.h b/interfaces/innerkits/nativetoken/include/nativetoken.h
new file mode 100644
index 0000000000000000000000000000000000000000..71c34e2c263d141b367f75750f31d7b4fe3cf74d
--- /dev/null
+++ b/interfaces/innerkits/nativetoken/include/nativetoken.h
@@ -0,0 +1,91 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing ACCESSTOKENs and
+ * limitations under the License.
+ */
+
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+#include "cJSON.h"
+#include "securec.h"
+#include "nativetoken_log.h"
+
+#ifndef NATIVE_TOKEN_H
+#define NATIVE_TOKEN_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define MAX_PROCESS_NAME_LEN 256
+#define TOKEN_ID_CFG_FILE_PATH "/data/service/el0/access_token/nativetoken.json"
+#define TOKEN_ID_CFG_DIR_PATH "/data/service/el0/access_token"
+#define TOKEN_NATIVE_TYPE 1
+#define DEFAULT_AT_VERSION 1
+#define TRANSFER_KEY_WORDS "NativeTokenInfo"
+#define MAX_JSON_FILE_LEN 102400
+#define MAX_DCAPS_NUM 32
+#define MAX_DCAP_LEN 1024
+#define MAX_PARAMTER_LEN 128
+#define SYSTEM_PROP_NATIVE_RECEPTOR "rw.nativetoken.receptor.startup"
+#define PATH_MAX_LEN 4096
+
+#define ATRET_FAILED 1
+#define ATRET_SUCCESS 0
+
+#define DCAPS_KEY_NAME "dcaps"
+#define TOKENID_KEY_NAME "tokenId"
+#define TOKEN_ATTR_KEY_NAME "tokenAttr"
+#define APL_KEY_NAME "APL"
+#define VERSION_KEY_NAME "version"
+#define PROCESS_KEY_NAME "processName"
+
+#define SYSTEM_CORE 3
+#define SYSTEM_BASIC 2
+#define NORMAL 1
+
+typedef unsigned int NativeAtId;
+typedef unsigned int NativeAtAttr;
+
+typedef struct {
+ unsigned int tokenUniqueId : 24;
+ unsigned int reserved : 3;
+ unsigned int type : 2;
+ unsigned int version : 3;
+} AtInnerInfo;
+
+typedef struct {
+ NativeAtId tokenId;
+ NativeAtAttr tokenAttr;
+} NativeAtIdEx;
+
+typedef struct TokenList {
+ NativeAtId tokenId;
+ int32_t apl;
+ char *dcaps[MAX_DCAPS_NUM];
+ int dcapsNum;
+ char processName[MAX_PROCESS_NAME_LEN + 1];
+ struct TokenList *next;
+} NativeTokenList;
+
+extern int32_t GetFileBuff(const char *cfg, char **retBuff);
+#ifdef __cplusplus
+}
+#endif
+
+#endif // NATIVE_TOKEN_H
\ No newline at end of file
diff --git a/interfaces/innerkits/nativetoken/include/nativetoken_kit.h b/interfaces/innerkits/nativetoken/include/nativetoken_kit.h
new file mode 100644
index 0000000000000000000000000000000000000000..564dcb76fd6b5d07054417d374895fe459fc877e
--- /dev/null
+++ b/interfaces/innerkits/nativetoken/include/nativetoken_kit.h
@@ -0,0 +1,34 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef INTERFACES_INNER_KITS_NATIVE_TOKEN_H
+#define INTERFACES_INNER_KITS_NATIVE_TOKEN_H
+
+#include
+#include
+#include
+#include
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern uint64_t GetAccessTokenId(const char *processname, const char **dcap, int32_t dacpNum, const char *aplStr);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // INTERFACES_INNER_KITS_NATIVE_TOKEN_H
diff --git a/interfaces/innerkits/nativetoken/include/nativetoken_log.h b/interfaces/innerkits/nativetoken/include/nativetoken_log.h
new file mode 100644
index 0000000000000000000000000000000000000000..a0338d25e7ee0b78321a60a69805dfbb1331d6ac
--- /dev/null
+++ b/interfaces/innerkits/nativetoken/include/nativetoken_log.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing ACCESSTOKENs and
+ * limitations under the License.
+ */
+
+#ifndef ACCESSTOKEN_LOG_H
+#define ACCESSTOKEN_LOG_H
+
+#ifdef HILOG_ENABLE
+
+#include "hilog/log.h"
+
+#define ACCESSTOKEN_LOG_DEBUG(fmt, ...) HILOG_DEBUG(LOG_CORE, fmt, ##__VA_ARGS__)
+#define ACCESSTOKEN_LOG_INFO(fmt, ...) HILOG_INFO(LOG_CORE, fmt, ##__VA_ARGS__)
+#define ACCESSTOKEN_LOG_WARN(fmt, ...) HILOG_WARN(LOG_CORE, fmt, ##__VA_ARGS__)
+#define ACCESSTOKEN_LOG_ERROR(fmt, ...) ACCESSTOKEN_LOG_ERROR(LOG_CORE, fmt, ##__VA_ARGS__)
+#define ACCESSTOKEN_LOG_FATAL(fmt, ...) HILOG_FATAL(LOG_CORE, fmt, ##__VA_ARGS__)
+
+/* define LOG_TAG as "security_*" at your submodule, * means your submodule name such as "security_dac" */
+#undef LOG_TAG
+#undef LOG_DOMAIN
+
+#else
+
+#include
+#include
+
+/* define LOG_TAG as "security_*" at your submodule, * means your submodule name such as "security_dac" */
+#define LOG_TAG "accssToken_"
+
+#define ACCESSTOKEN_LOG_DEBUG(fmt, ...) printf("[%s] debug: " fmt "\n", LOG_TAG, ##__VA_ARGS__)
+#define ACCESSTOKEN_LOG_INFO(fmt, ...) printf("[%s] info: " fmt "\n", LOG_TAG, ##__VA_ARGS__)
+#define ACCESSTOKEN_LOG_WARN(fmt, ...) printf("[%s] warn: " fmt "\n", LOG_TAG, ##__VA_ARGS__)
+#define ACCESSTOKEN_LOG_ERROR(fmt, ...) printf("[%s] error: " fmt "\n", LOG_TAG, ##__VA_ARGS__)
+#define ACCESSTOKEN_LOG_FATAL(fmt, ...) printf("[%s] fatal: " fmt "\n", LOG_TAG, ##__VA_ARGS__)
+
+#endif // HILOG_ENABLE
+
+#endif // ACCESSTOKEN_LOG_H
diff --git a/interfaces/innerkits/nativetoken/src/nativetoken.c b/interfaces/innerkits/nativetoken/src/nativetoken.c
new file mode 100644
index 0000000000000000000000000000000000000000..f39d36eefd2275572dcf8810b6e97002c4d9561d
--- /dev/null
+++ b/interfaces/innerkits/nativetoken/src/nativetoken.c
@@ -0,0 +1,735 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing ACCESSTOKENs and
+ * limitations under the License.
+ */
+#include "nativetoken.h"
+#include "nativetoken_kit.h"
+
+NativeTokenList *g_tokenListHead;
+int32_t g_isNativeTokenInited = 0;
+
+int32_t GetFileBuff(const char *cfg, char **retBuff)
+{
+ struct stat fileStat;
+ int32_t ret;
+
+ char filePath[PATH_MAX_LEN + 1] = {0};
+ if (realpath(cfg, filePath) == NULL) {
+ if (errno == ENOENT) {
+ /* file doesn't exist */
+ *retBuff = NULL;
+ return ATRET_SUCCESS;
+ }
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:invalid filePath.", __func__);
+ return ATRET_FAILED;
+ }
+
+ if (stat(filePath, &fileStat) != 0) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:stat file failed.", __func__);
+ return ATRET_FAILED;
+ }
+
+ int32_t fileSize = (int32_t)fileStat.st_size;
+ if ((fileSize < 0) || (fileSize > MAX_JSON_FILE_LEN)) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:stat file size is invalid.", __func__);
+ return ATRET_FAILED;
+ }
+
+ FILE *cfgFd = fopen(filePath, "r");
+ if (cfgFd == NULL) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:fopen file failed.", __func__);
+ return ATRET_FAILED;
+ }
+
+ char *buff = (char *)malloc((size_t)(fileSize + 1));
+ if (buff == NULL) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:memory alloc failed.", __func__);
+ fclose(cfgFd);
+ return ATRET_FAILED;
+ }
+
+ if (fread(buff, (size_t)fileSize, 1, cfgFd) != 1) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:fread failed.", __func__);
+ free(buff);
+ buff = NULL;
+ ret = ATRET_FAILED;
+ } else {
+ buff[fileSize] = '\0';
+ *retBuff = buff;
+ ret = ATRET_SUCCESS;
+ }
+
+ fclose(cfgFd);
+ return ret;
+}
+
+void FreeDcaps(char *dcaps[MAX_DCAPS_NUM], int32_t num)
+{
+ for (int32_t i = 0; i <= num; i++) {
+ if (dcaps[i] != NULL) {
+ free(dcaps[i]);
+ dcaps[i] = NULL;
+ }
+ }
+}
+
+int32_t GetprocessNameFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode)
+{
+ cJSON *processNameJson = cJSON_GetObjectItem(cjsonItem, PROCESS_KEY_NAME);
+ if (cJSON_IsString(processNameJson) == 0 || (strlen(processNameJson->valuestring) > MAX_PROCESS_NAME_LEN)) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:processNameJson is invalid.", __func__);
+ return ATRET_FAILED;
+ }
+
+ if (strcpy_s(tokenNode->processName, MAX_PROCESS_NAME_LEN + 1, processNameJson->valuestring) != EOK) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:strcpy_s failed.", __func__);
+ return ATRET_FAILED;
+ }
+ return ATRET_SUCCESS;
+}
+
+int32_t GetTokenIdFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode)
+{
+ cJSON *tokenIdJson = cJSON_GetObjectItem(cjsonItem, TOKENID_KEY_NAME);
+ if ((cJSON_IsNumber(tokenIdJson) == 0) || (cJSON_GetNumberValue(tokenIdJson) <= 0)) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:tokenIdJson is invalid.", __func__);
+ return ATRET_FAILED;
+ }
+ tokenNode->tokenId = (NativeAtId)tokenIdJson->valueint;
+ return ATRET_SUCCESS;
+}
+
+int32_t GetAplFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode)
+{
+ cJSON *aplJson = cJSON_GetObjectItem(cjsonItem, APL_KEY_NAME);
+ if (cJSON_IsNumber(aplJson) == 0) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:aplJson is invalid.", __func__);
+ return ATRET_FAILED;
+ }
+ int apl = cJSON_GetNumberValue(aplJson);
+ if (apl <= 0 || apl > SYSTEM_CORE) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:apl = %d in file is invalid.", __func__, apl);
+ return ATRET_FAILED;
+ }
+ tokenNode->apl = aplJson->valueint;
+ return ATRET_SUCCESS;
+}
+
+int32_t GetDcapsInfoFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode)
+{
+ cJSON *dcapsJson = cJSON_GetObjectItem(cjsonItem, DCAPS_KEY_NAME);
+ int32_t dcapSize = cJSON_GetArraySize(dcapsJson);
+
+ tokenNode->dcapsNum = dcapSize;
+ for (int32_t i = 0; i < dcapSize; i++) {
+ cJSON *dcapItem = cJSON_GetArrayItem(dcapsJson, i);
+ if (dcapItem == NULL) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_GetArrayItem failed.", __func__);
+ return ATRET_FAILED;
+ }
+ size_t length = strlen(dcapItem->valuestring);
+ if (cJSON_IsString(dcapItem) == 0 || (length > MAX_DCAP_LEN)) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:dcapItem is invalid.", __func__);
+ return ATRET_FAILED;
+ }
+ tokenNode->dcaps[i] = (char *)malloc(sizeof(char) * length);
+ if (tokenNode->dcaps[i] == NULL) {
+ FreeDcaps(tokenNode->dcaps, i - 1);
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:malloc invalid.", __func__);
+ return ATRET_FAILED;
+ }
+ if (strcpy_s(tokenNode->dcaps[i], length + 1, dcapItem->valuestring) != EOK) {
+ FreeDcaps(tokenNode->dcaps, i);
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:strcpy_s failed.", __func__);
+ return ATRET_FAILED;
+ }
+ }
+ return ATRET_SUCCESS;
+}
+
+int32_t GetTokenList(const cJSON *object)
+{
+ int32_t arraySize;
+ int32_t i;
+ int ret;
+ NativeTokenList *tmp = NULL;
+
+ if (object == NULL) {
+ return ATRET_FAILED;
+ }
+ arraySize = cJSON_GetArraySize(object);
+ for (i = 0; i < arraySize; i++) {
+ tmp = (NativeTokenList *)malloc(sizeof(NativeTokenList));
+ if (tmp == NULL) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:memory alloc failed.", __func__);
+ return ATRET_FAILED;
+ }
+ cJSON *cjsonItem = cJSON_GetArrayItem(object, i);
+ if (cjsonItem == NULL) {
+ free(tmp);
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_GetArrayItem failed.", __func__);
+ return ATRET_FAILED;
+ }
+ ret = GetprocessNameFromJson(cjsonItem, tmp);
+ ret |= GetTokenIdFromJson(cjsonItem, tmp);
+ ret |= GetAplFromJson(cjsonItem, tmp);
+ ret |= GetDcapsInfoFromJson(cjsonItem, tmp);
+ if (ret != ATRET_SUCCESS) {
+ free(tmp);
+ return ret;
+ }
+
+ tmp->next = g_tokenListHead->next;
+ g_tokenListHead->next = tmp;
+ }
+ return ATRET_SUCCESS;
+}
+
+int32_t ParseTokenInfoFromCfg(const char *filename)
+{
+ char *fileBuff = NULL;
+ cJSON *record = NULL;
+ int32_t ret;
+
+ if (filename == NULL || filename[0] == '\0') {
+ return ATRET_FAILED;
+ }
+ ret = GetFileBuff(filename, &fileBuff);
+ if (ret != ATRET_SUCCESS) {
+ return ret;
+ }
+ if (fileBuff == NULL) {
+ return ATRET_SUCCESS;
+ }
+ record = cJSON_Parse(fileBuff);
+ free(fileBuff);
+ fileBuff = NULL;
+
+ ret = GetTokenList(record);
+ cJSON_Delete(record);
+
+ return ret;
+}
+
+int32_t AtlibInit(void)
+{
+ g_tokenListHead = (NativeTokenList *)malloc(sizeof(NativeTokenList));
+ if (g_tokenListHead == NULL) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:g_tokenListHead memory alloc failed.", __func__);
+ return ATRET_FAILED;
+ }
+ g_tokenListHead->next = NULL;
+
+ int32_t ret = ParseTokenInfoFromCfg(TOKEN_ID_CFG_FILE_PATH);
+ if (ret != ATRET_SUCCESS) {
+ free(g_tokenListHead);
+ g_tokenListHead = NULL;
+ return ret;
+ }
+ g_isNativeTokenInited = 1;
+
+ return ATRET_SUCCESS;
+}
+
+int GetRandomTokenId(uint32_t *randNum)
+{
+ uint32_t random;
+ int len;
+ int fd = open("/dev/urandom", O_RDONLY);
+ if (fd < 0) {
+ return ATRET_FAILED;
+ }
+ len = read(fd, &random, sizeof(random));
+ (void)close(fd);
+ if (len != sizeof(random)) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:read failed.", __func__);
+ return ATRET_FAILED;
+ }
+ *randNum = random;
+ return ATRET_SUCCESS;
+}
+
+NativeAtId CreateNativeTokenId(void)
+{
+ uint32_t rand;
+ NativeAtId tokenId;
+ AtInnerInfo *innerId = (AtInnerInfo *)(&tokenId);
+
+ int ret = GetRandomTokenId(&rand);
+ if (ret != ATRET_SUCCESS) {
+ return 0;
+ }
+
+ innerId->reserved = 0;
+ innerId->tokenUniqueId = rand & (0xFFFFFF);
+ innerId->type = TOKEN_NATIVE_TYPE;
+ innerId->version = 1;
+ return tokenId;
+}
+
+int32_t GetAplLevel(const char *aplStr)
+{
+ if (aplStr == NULL) {
+ return 0;
+ }
+ if (strcmp(aplStr, "system_core") == 0) {
+ return SYSTEM_CORE; // system_core means apl level is 3
+ }
+ if (strcmp(aplStr, "system_basic") == 0) {
+ return SYSTEM_BASIC; // system_basic means apl level is 2
+ }
+ if (strcmp(aplStr, "normal") == 0) {
+ return NORMAL;
+ }
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:aplStr is invalid.", __func__);
+ return 0;
+}
+int32_t NeedSetUidGid(int16_t *uid, int16_t *gid, int *needSet)
+{
+ struct stat buf;
+ if (stat(TOKEN_ID_CFG_FILE_PATH, &buf) == 0) {
+ *needSet = 0;
+ return ATRET_SUCCESS;
+ }
+ if (errno != ENOENT) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:stat %s is invalid %d.",
+ __func__, TOKEN_ID_CFG_FILE_PATH, errno);
+ return ATRET_FAILED;
+ }
+ if (stat(TOKEN_ID_CFG_DIR_PATH, &buf) != 0) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:stat %s is invalid %d.",
+ __func__, TOKEN_ID_CFG_DIR_PATH, errno);
+ return ATRET_FAILED;
+ }
+ *uid = buf.st_uid;
+ *gid = buf.st_gid;
+ *needSet = 1;
+ ACCESSTOKEN_LOG_INFO("[ATLIB-%s]:needSet is true.", __func__);
+ return ATRET_SUCCESS;
+}
+
+void WriteToFile(const cJSON *root)
+{
+ int32_t strLen;
+ int32_t writtenLen;
+
+ char *jsonStr = NULL;
+ jsonStr = cJSON_PrintUnformatted(root);
+ if (jsonStr == NULL) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_PrintUnformatted failed.", __func__);
+ return;
+ }
+
+ do {
+ int16_t uid;
+ int16_t gid;
+ int needSet = 0;
+ if (NeedSetUidGid(&uid, &gid, &needSet) != ATRET_SUCCESS) {
+ break;
+ }
+ int32_t fd = open(TOKEN_ID_CFG_FILE_PATH, O_RDWR | O_CREAT | O_TRUNC,
+ S_IRUSR | S_IWUSR | S_IRGRP);
+ if (fd < 0) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:open failed.", __func__);
+ break;
+ }
+ strLen = strlen(jsonStr);
+ writtenLen = write(fd, (void *)jsonStr, (size_t)strLen);
+ close(fd);
+ if (writtenLen != strLen) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:write failed, writtenLen is %d.", __func__, writtenLen);
+ break;
+ }
+ if ((needSet == 1) && chown(TOKEN_ID_CFG_FILE_PATH, uid, gid) != 0) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:chown failed, errno is %d.", __func__, errno);
+ break;
+ }
+ } while (0);
+
+ cJSON_free(jsonStr);
+ return;
+}
+
+int32_t AddDcapsArray(cJSON *object, const NativeTokenList *curr)
+{
+ cJSON *dcapsArr = cJSON_CreateArray();
+ if (dcapsArr == NULL) {
+ return ATRET_FAILED;
+ }
+ for (int32_t i = 0; i < curr->dcapsNum; i++) {
+ cJSON *item = cJSON_CreateString(curr->dcaps[i]);
+ if (item == NULL || !cJSON_AddItemToArray(dcapsArr, item)) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:tokenAttr cJSON_AddItemToArray failed.", __func__);
+ cJSON_Delete(item);
+ cJSON_Delete(dcapsArr);
+ return ATRET_FAILED;
+ }
+ }
+ if (!cJSON_AddItemToObject(object, DCAPS_KEY_NAME, dcapsArr)) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:dcaps cJSON_AddItemToObject failed.", __func__);
+ cJSON_Delete(dcapsArr);
+ return ATRET_FAILED;
+ }
+ return ATRET_SUCCESS;
+}
+
+static cJSON *CreateNativeTokenJsonObject(const NativeTokenList *curr)
+{
+ cJSON *object = cJSON_CreateObject();
+ if (object == NULL) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_CreateObject failed.", __func__);
+ return NULL;
+ }
+
+ cJSON *item = cJSON_CreateString(curr->processName);
+ if (item == NULL || !cJSON_AddItemToObject(object, PROCESS_KEY_NAME, item)) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:processName cJSON_AddItemToObject failed.", __func__);
+ cJSON_Delete(item);
+ cJSON_Delete(object);
+ return NULL;
+ }
+
+ item = cJSON_CreateNumber(curr->apl);
+ if (item == NULL || !cJSON_AddItemToObject(object, APL_KEY_NAME, item)) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:APL cJSON_AddItemToObject failed.", __func__);
+ cJSON_Delete(item);
+ cJSON_Delete(object);
+ return NULL;
+ }
+
+ item = cJSON_CreateNumber(DEFAULT_AT_VERSION);
+ if (item == NULL || !cJSON_AddItemToObject(object, VERSION_KEY_NAME, item)) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:version cJSON_AddItemToObject failed.", __func__);
+ cJSON_Delete(item);
+ cJSON_Delete(object);
+ return NULL;
+ }
+
+ item = cJSON_CreateNumber(curr->tokenId);
+ if (item == NULL || !cJSON_AddItemToObject(object, TOKENID_KEY_NAME, item)) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:tokenId cJSON_AddItemToObject failed.", __func__);
+ cJSON_Delete(item);
+ cJSON_Delete(object);
+ return NULL;
+ }
+
+ item = cJSON_CreateNumber(0);
+ if (item == NULL || !cJSON_AddItemToObject(object, TOKEN_ATTR_KEY_NAME, item)) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:tokenAttr cJSON_AddItemToObject failed.", __func__);
+ cJSON_Delete(item);
+ cJSON_Delete(object);
+ return NULL;
+ }
+ int ret = AddDcapsArray(object, curr);
+ if (ret != ATRET_SUCCESS) {
+ cJSON_Delete(object);
+ }
+ return object;
+}
+
+void SaveTokenIdToCfg(const NativeTokenList *curr)
+{
+ char *fileBuff = NULL;
+ cJSON *record = NULL;
+ int32_t ret;
+
+ ret = GetFileBuff(TOKEN_ID_CFG_FILE_PATH, &fileBuff);
+ if (ret != ATRET_SUCCESS) {
+ return;
+ }
+
+ if (fileBuff == NULL) {
+ record = cJSON_CreateArray();
+ } else {
+ record = cJSON_Parse(fileBuff);
+ free(fileBuff);
+ fileBuff = NULL;
+ }
+
+ if (record == NULL) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:get record failed.", __func__);
+ return;
+ }
+
+ cJSON *node = CreateNativeTokenJsonObject(curr);
+ if (node == NULL) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:CreateNativeTokenJsonObject failed.", __func__);
+ cJSON_Delete(record);
+ return;
+ }
+ cJSON_AddItemToArray(record, node);
+
+ WriteToFile(record);
+ cJSON_Delete(record);
+ return;
+}
+
+int32_t CheckProcessInfo(const char *processname, const char **dcaps,
+ int32_t dacpNum, const char *aplStr, int32_t *aplRet)
+{
+ if ((processname == NULL) || strlen(processname) > MAX_PROCESS_NAME_LEN
+ || strlen(processname) == 0) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:processname is invalid.", __func__);
+ return ATRET_FAILED;
+ }
+
+ if (((dcaps == NULL) && (dacpNum != 0)) || dacpNum > MAX_DCAPS_NUM || dacpNum < 0) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:dcaps is null or dacpNum is invalid.", __func__);
+ return ATRET_FAILED;
+ }
+ for (int32_t i = 0; i < dacpNum; i++) {
+ if (strlen(dcaps[i]) > MAX_DCAP_LEN) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:dcap length is invalid.", __func__);
+ return ATRET_FAILED;
+ }
+ }
+
+ int32_t apl = GetAplLevel(aplStr);
+ if (apl == 0) {
+ return ATRET_FAILED;
+ }
+ *aplRet = apl;
+ return ATRET_SUCCESS;
+}
+
+int32_t NativeTokenIdCheck(NativeAtId tokenId)
+{
+ NativeTokenList *tokenNode = g_tokenListHead;
+ while (tokenNode != NULL) {
+ if (tokenNode->tokenId == tokenId) {
+ return 1;
+ }
+ tokenNode = tokenNode->next;
+ }
+ return 0;
+}
+
+static int32_t AddNewTokenToListAndCfgFile(const char *processname, const char **dcapsIn,
+ int32_t dacpNumIn, int32_t aplIn, NativeAtId *tokenId)
+{
+ NativeTokenList *tokenNode;
+ NativeAtId id;
+ int32_t repeat;
+
+ do {
+ id = CreateNativeTokenId();
+ repeat = NativeTokenIdCheck(id);
+ } while (repeat == 1);
+
+ tokenNode = (NativeTokenList *)malloc(sizeof(NativeTokenList));
+ if (tokenNode == NULL) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:memory alloc failed.", __func__);
+ return ATRET_FAILED;
+ }
+ tokenNode->tokenId = id;
+ tokenNode->apl = aplIn;
+ if (strcpy_s(tokenNode->processName, MAX_PROCESS_NAME_LEN + 1, processname) != EOK) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:strcpy_s failed.", __func__);
+ free(tokenNode);
+ return ATRET_FAILED;
+ }
+ tokenNode->dcapsNum = dacpNumIn;
+
+ for (int32_t i = 0; i < dacpNumIn; i++) {
+ tokenNode->dcaps[i] = (char *)malloc(sizeof(char) * (strlen(dcapsIn[i]) + 1));
+ if (tokenNode->dcaps[i] != NULL &&
+ (strcpy_s(tokenNode->dcaps[i], strlen(dcapsIn[i]) + 1, dcapsIn[i]) != EOK)) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:copy dcapsIn[%d] failed.", __func__, i);
+ FreeDcaps(tokenNode->dcaps, i);
+ free(tokenNode);
+ return ATRET_FAILED;
+ }
+ }
+ tokenNode->next = g_tokenListHead->next;
+ g_tokenListHead->next = tokenNode;
+
+ *tokenId = id;
+
+ SaveTokenIdToCfg(tokenNode);
+ return ATRET_SUCCESS;
+}
+
+int32_t CompareProcessInfo(NativeTokenList *tokenNode, const char **dcapsIn, int32_t dacpNumIn, int32_t aplIn)
+{
+ if (tokenNode->apl != aplIn) {
+ return 1;
+ }
+ if (tokenNode->dcapsNum != dacpNumIn) {
+ return 1;
+ }
+ for (int32_t i = 0; i < dacpNumIn; i++) {
+ if (strcmp(tokenNode->dcaps[i], dcapsIn[i]) != 0) {
+ return 1;
+ }
+ }
+ return 0;
+}
+
+int32_t UpdateTokenInfoInList(NativeTokenList *tokenNode, const char **dcapsIn, int32_t dacpNumIn, int32_t aplIn)
+{
+ tokenNode->apl = aplIn;
+
+ for (int32_t i = 0; i < tokenNode->dcapsNum; i++) {
+ free(tokenNode->dcaps[i]);
+ tokenNode->dcaps[i] = NULL;
+ }
+
+ tokenNode->dcapsNum = dacpNumIn;
+ for (int32_t i = 0; i < dacpNumIn; i++) {
+ int32_t len = strlen(dcapsIn[i]) + 1;
+ tokenNode->dcaps[i] = (char *)malloc(sizeof(char) * len);
+ if (tokenNode->dcaps[i] != NULL && (strcpy_s(tokenNode->dcaps[i], len, dcapsIn[i]) != EOK)) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:copy dcapsIn[%d] failed.", __func__, i);
+ FreeDcaps(tokenNode->dcaps, i);
+ return ATRET_FAILED;
+ }
+ }
+ return ATRET_SUCCESS;
+}
+
+int32_t UpdateItemcontent(const NativeTokenList *tokenNode, cJSON *record)
+{
+ cJSON *itemApl = cJSON_CreateNumber(tokenNode->apl);
+ if (itemApl == NULL) {
+ return ATRET_FAILED;
+ }
+ if (!cJSON_ReplaceItemInObject(record, APL_KEY_NAME, itemApl)) {
+ cJSON_Delete(itemApl);
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:APL update failed.", __func__);
+ return ATRET_FAILED;
+ }
+
+ cJSON *dcapsArr = cJSON_CreateArray();
+ if (dcapsArr == NULL) {
+ return ATRET_FAILED;
+ }
+ for (int32_t i = 0; i < tokenNode->dcapsNum; i++) {
+ cJSON *item = cJSON_CreateString(tokenNode->dcaps[i]);
+ if (item == NULL) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_CreateString failed.", __func__);
+ cJSON_Delete(dcapsArr);
+ return ATRET_FAILED;
+ }
+ if (!cJSON_AddItemToArray(dcapsArr, item)) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_AddItemToArray failed.", __func__);
+ cJSON_Delete(item);
+ return ATRET_FAILED;
+ }
+ }
+ if (!cJSON_ReplaceItemInObject(record, DCAPS_KEY_NAME, dcapsArr)) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:dcaps update failed.", __func__);
+ cJSON_Delete(dcapsArr);
+ return ATRET_FAILED;
+ }
+ return ATRET_SUCCESS;
+}
+
+int32_t UpdateGoalItemFromRecord(const NativeTokenList *tokenNode, cJSON *record)
+{
+ int32_t arraySize = cJSON_GetArraySize(record);
+ for (int32_t i = 0; i < arraySize; i++) {
+ cJSON *cjsonItem = cJSON_GetArrayItem(record, i);
+ if (cjsonItem == NULL) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_GetArrayItem failed.", __func__);
+ return ATRET_FAILED;
+ }
+ cJSON *processNameJson = cJSON_GetObjectItem(cjsonItem, PROCESS_KEY_NAME);
+ if (processNameJson == NULL) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:processNameJson is null.", __func__);
+ return ATRET_FAILED;
+ }
+ if (strcmp(processNameJson->valuestring, tokenNode->processName) == 0) {
+ return UpdateItemcontent(tokenNode, cjsonItem);
+ }
+ }
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cannot find process in config file.", __func__);
+ return ATRET_FAILED;
+}
+
+int32_t UpdateTokenInfoInCfgFile(NativeTokenList *tokenNode)
+{
+ cJSON *record = NULL;
+ char *fileBuff = NULL;
+
+ int32_t ret = GetFileBuff(TOKEN_ID_CFG_FILE_PATH, &fileBuff);
+ if (ret != ATRET_SUCCESS) {
+ return ret;
+ }
+
+ if (fileBuff == NULL) {
+ record = cJSON_CreateArray();
+ } else {
+ record = cJSON_Parse(fileBuff);
+ free(fileBuff);
+ fileBuff = NULL;
+ }
+
+ if (record == NULL) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:get record failed.", __func__);
+ return ATRET_FAILED;
+ }
+
+ ret = UpdateGoalItemFromRecord(tokenNode, record);
+ if (ret != ATRET_SUCCESS) {
+ ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:UpdateGoalItemFromRecord failed.", __func__);
+ cJSON_Delete(record);
+ return ATRET_FAILED;
+ }
+
+ WriteToFile(record);
+ cJSON_Delete(record);
+ return ATRET_SUCCESS;
+}
+
+uint64_t GetAccessTokenId(const char *processname, const char **dcaps, int32_t dacpNum, const char *aplStr)
+{
+ NativeAtId tokenId = 0;
+ uint64_t result = 0;
+ int32_t apl;
+ NativeAtIdEx *atPoint = (NativeAtIdEx *)(&result);
+
+ if ((g_isNativeTokenInited == 0) && (AtlibInit() != ATRET_SUCCESS)) {
+ return 0;
+ }
+
+ int32_t ret = CheckProcessInfo(processname, dcaps, dacpNum, aplStr, &apl);
+ if (ret != ATRET_SUCCESS) {
+ return 0;
+ }
+
+ NativeTokenList *tokenNode = g_tokenListHead;
+ while (tokenNode != NULL) {
+ if (strcmp(tokenNode->processName, processname) == 0) {
+ tokenId = tokenNode->tokenId;
+ break;
+ }
+ tokenNode = tokenNode->next;
+ }
+
+ if (tokenNode == NULL) {
+ ret = AddNewTokenToListAndCfgFile(processname, dcaps, dacpNum, apl, &tokenId);
+ } else {
+ int32_t needUpdate = CompareProcessInfo(tokenNode, dcaps, dacpNum, apl);
+ if (needUpdate != 0) {
+ ret = UpdateTokenInfoInList(tokenNode, dcaps, dacpNum, apl);
+ ret |= UpdateTokenInfoInCfgFile(tokenNode);
+ }
+ }
+ if (ret != ATRET_SUCCESS) {
+ return 0;
+ }
+
+ atPoint->tokenId = tokenId;
+ atPoint->tokenAttr = 0;
+ return result;
+}
\ No newline at end of file
diff --git a/interfaces/innerkits/nativetoken/test/BUILD.gn b/interfaces/innerkits/nativetoken/test/BUILD.gn
new file mode 100644
index 0000000000000000000000000000000000000000..6b14f56e06e729f142c5a50743ff54bd3571bd2a
--- /dev/null
+++ b/interfaces/innerkits/nativetoken/test/BUILD.gn
@@ -0,0 +1,41 @@
+# Copyright (C) 2021 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/test.gni")
+
+ohos_unittest("libnativetoken_test") {
+ subsystem_name = "security"
+ part_name = "access_token"
+ module_out_path = part_name + "/" + part_name
+
+ include_dirs = [
+ "//third_party/cJSON",
+ "//third_party/bounds_checking_function/include",
+ "//base/security/access_token/interfaces/innerkits/nativetoken/include",
+ ]
+
+ sources = [ "unittest/src/nativetoken_kit_test.cpp" ]
+
+ deps = [
+ "//base/security/access_token/interfaces/innerkits/nativetoken:libnativetoken",
+ "//third_party/bounds_checking_function:libsec_static",
+ "//third_party/cJSON:cjson_static",
+ "//third_party/googletest:gmock",
+ "//third_party/googletest:gtest",
+ ]
+}
+
+group("unittest") {
+ testonly = true
+ deps = [ ":libnativetoken_test" ]
+}
diff --git a/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.cpp b/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..74b986ccf4f3a00b781086cc0f6603b2d91bbc14
--- /dev/null
+++ b/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.cpp
@@ -0,0 +1,308 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "nativetoken_kit_test.h"
+#include
+#include "nativetoken.h"
+#include "nativetoken_kit.h"
+
+using namespace testing::ext;
+using namespace OHOS::Security;
+
+extern NativeTokenList *g_tokenListHead;
+extern int32_t g_isNativeTokenInited;
+extern int32_t GetFileBuff(const char *cfg, char **retBuff);
+
+void TokenLibKitTest::SetUpTestCase()
+{}
+
+void TokenLibKitTest::TearDownTestCase()
+{}
+
+void TokenLibKitTest::SetUp()
+{
+ g_isNativeTokenInited = 0;
+}
+
+void TokenLibKitTest::TearDown()
+{
+ while (g_tokenListHead->next != nullptr) {
+ NativeTokenList *tmp = g_tokenListHead->next;
+ g_tokenListHead->next = tmp->next;
+ free(tmp);
+ tmp = nullptr;
+ }
+}
+
+int Start(const char *processName)
+{
+ const char *processname = processName;
+ const char **dcaps = (const char **)malloc(sizeof(char *) * 2);
+ dcaps[0] = "AT_CAP";
+ dcaps[1] = "ST_CAP";
+ int dcapNum = 2;
+ uint64_t tokenId;
+ tokenId = GetAccessTokenId(processname, dcaps, dcapNum, "system_core");
+ free(dcaps);
+ return tokenId;
+}
+
+/**
+ * @tc.name: GetAccessTokenId001
+ * @tc.desc: cannot getAccessTokenId with invalid processName.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TD
+ */
+HWTEST_F(TokenLibKitTest, GetAccessTokenId001, TestSize.Level1)
+{
+ const char **dcaps = (const char **)malloc(sizeof(char *) * 2);
+ dcaps[0] = "AT_CAP";
+ dcaps[1] = "ST_CAP";
+ int dcapNum = 2;
+ uint64_t tokenId;
+ tokenId = GetAccessTokenId("", dcaps, dcapNum, "system_core");
+ ASSERT_EQ(tokenId, 0);
+ tokenId = GetAccessTokenId(nullptr, dcaps, dcapNum, "system_core");
+ ASSERT_EQ(tokenId, 0);
+
+ /* 257 is invalid processName length */
+ const std::string invalidProcName (257, 'x');
+ tokenId = GetAccessTokenId(invalidProcName.c_str(), dcaps, dcapNum, "system_core");
+ ASSERT_EQ(tokenId, 0);
+
+ /* 255 is valid processName length */
+ const std::string validProcName01 (255, 'x');
+ tokenId = GetAccessTokenId(validProcName01.c_str(), dcaps, dcapNum, "system_core");
+ ASSERT_NE(tokenId, 0);
+
+ /* 256 is valid processName length */
+ const std::string validProcName02 (256, 'x');
+ tokenId = GetAccessTokenId(validProcName02.c_str(), dcaps, dcapNum, "system_core");
+ ASSERT_NE(tokenId, 0);
+ free(dcaps);
+}
+
+/**
+ * @tc.name: GetAccessTokenId002
+ * @tc.desc: cannot getAccessTokenId with invalid dcapNum.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TD
+ */
+HWTEST_F(TokenLibKitTest, GetAccessTokenId002, TestSize.Level1)
+{
+ const char **dcaps = (const char **)malloc(sizeof(char *) * 32);
+ dcaps[0] = "AT_CAP";
+ dcaps[1] = "ST_CAP";
+ int dcapNum = -1;
+ uint64_t tokenId;
+ tokenId = GetAccessTokenId("GetAccessTokenId002", dcaps, dcapNum, "system_core");
+ ASSERT_EQ(tokenId, 0);
+
+ /* 33 is invalid dcapNum */
+ dcapNum = 33;
+ tokenId = GetAccessTokenId("GetAccessTokenId002_00", dcaps, dcapNum, "system_core");
+ ASSERT_EQ(tokenId, 0);
+
+ for (int32_t i = 0; i < 32; i++) {
+ dcaps[i] = "AT_CAP";
+ }
+ /* 32 is valid dcapNum */
+ dcapNum = 32;
+ tokenId = GetAccessTokenId("GetAccessTokenId002_01", dcaps, dcapNum, "system_core");
+ ASSERT_NE(tokenId, 0);
+
+ /* 31 is valid dcapNum */
+ dcapNum = 31;
+ tokenId = GetAccessTokenId("GetAccessTokenId002_02", dcaps, dcapNum, "system_core");
+ ASSERT_NE(tokenId, 0);
+
+ free(dcaps);
+}
+
+/**
+ * @tc.name: GetAccessTokenId003
+ * @tc.desc: cannot getAccessTokenId with invalid dcaps.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TD
+ */
+HWTEST_F(TokenLibKitTest, GetAccessTokenId003, TestSize.Level1)
+{
+ const char **dcaps = (const char **)malloc(sizeof(char *) * 2);
+ dcaps[0] = "AT_CAP";
+ dcaps[1] = "ST_CAP";
+ int dcapNum = 2;
+ uint64_t tokenId;
+ tokenId = GetAccessTokenId("GetAccessTokenId003", nullptr, dcapNum, "system_core");
+ ASSERT_EQ(tokenId, 0);
+
+ dcapNum = 0;
+ tokenId = GetAccessTokenId("GetAccessTokenId003_01", nullptr, dcapNum, "system_core");
+ ASSERT_NE(tokenId, 0);
+
+ dcapNum = 2;
+ /* 1025 is invalid dcap length */
+ const std::string invalidDcap (1025, 'x');
+ dcaps[0] = invalidDcap.c_str();
+ tokenId = GetAccessTokenId("GetAccessTokenId003_02", dcaps, dcapNum, "system_core");
+ ASSERT_EQ(tokenId, 0);
+
+ /* 1024 is valid dcap length */
+ const std::string validDcap01 (1024, 'x');
+ dcaps[0] = validDcap01.c_str();
+ tokenId = GetAccessTokenId("GetAccessTokenId003_03", dcaps, dcapNum, "system_core");
+ ASSERT_NE(tokenId, 0);
+
+ /* 1023 is valid dcap length */
+ const std::string validDcap02 (1023, 'x');
+ dcaps[0] = validDcap02.c_str();
+ tokenId = GetAccessTokenId("GetAccessTokenId003_04", dcaps, dcapNum, "system_core");
+ ASSERT_NE(tokenId, 0);
+
+ free(dcaps);
+}
+
+/**
+ * @tc.name: GetAccessTokenId004
+ * @tc.desc: cannot getAccessTokenId with invalid APL.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TD
+ */
+HWTEST_F(TokenLibKitTest, GetAccessTokenId004, TestSize.Level1)
+{
+ const char **dcaps = (const char **)malloc(sizeof(char *) * 2);
+ dcaps[0] = "AT_CAP";
+ dcaps[1] = "ST_CAP";
+ int dcapNum = 2;
+ uint64_t tokenId;
+ tokenId = GetAccessTokenId("GetAccessTokenId003", dcaps, dcapNum, nullptr);
+ ASSERT_EQ(tokenId, 0);
+
+ tokenId = GetAccessTokenId("GetAccessTokenId003", dcaps, dcapNum, "system_invalid");
+ ASSERT_EQ(tokenId, 0);
+
+ free(dcaps);
+}
+
+/**
+ * @tc.name: GetAccessTokenId005
+ * @tc.desc: Get AccessTokenId successfully.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TD
+ */
+HWTEST_F(TokenLibKitTest, GetAccessTokenId005, TestSize.Level1)
+{
+ uint64_t tokenId01 = Start("GetAccessTokenId005");
+ ASSERT_NE(tokenId01, 0);
+ uint64_t tokenId02 = Start("GetAccessTokenId005");
+ ASSERT_NE(tokenId02, 0);
+
+ ASSERT_EQ(tokenId01, tokenId02);
+}
+
+/**
+ * @tc.name: GetAccessTokenId006
+ * @tc.desc: Get AccessTokenId with new processName and check g_tokenListHead.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TD
+ */
+HWTEST_F(TokenLibKitTest, GetAccessTokenId006, TestSize.Level1)
+{
+ uint64_t tokenID;
+ tokenID = Start("GetAccessTokenId006");
+ ASSERT_NE(tokenID, 0);
+
+ char *fileBuff = nullptr;
+ int ret = GetFileBuff(TOKEN_ID_CFG_FILE_PATH, &fileBuff);
+ ASSERT_EQ(ret, ATRET_SUCCESS);
+ string s = "GetAccessTokenId006";
+ char *pos = strstr(fileBuff, s.c_str());
+ ASSERT_NE(pos, nullptr);
+}
+
+/**
+ * @tc.name: GetAccessTokenId007
+ * @tc.desc: Get a batch of AccessTokenId.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TD
+ */
+HWTEST_F(TokenLibKitTest, GetAccessTokenId007, TestSize.Level1)
+{
+ char processName[200][MAX_PROCESS_NAME_LEN];
+ /* enable 200 process before fondation is prepared */
+ for (int32_t i = 0; i < 200; i++) {
+ processName[i][0] = '\0';
+ int ret = sprintf_s(processName[i], MAX_PROCESS_NAME_LEN, "processName_%d", i);
+ ASSERT_NE(ret, 0);
+ uint64_t tokenId = Start(processName[i]);
+ ASSERT_NE(tokenId, 0);
+ }
+ char *fileBuff = nullptr;
+ int ret = GetFileBuff(TOKEN_ID_CFG_FILE_PATH, &fileBuff);
+ ASSERT_EQ(ret, 0);
+ for (int32_t i = 0; i < 200; i++) {
+ char *pos = strstr(fileBuff, processName[i]);
+ ASSERT_NE(pos, nullptr);
+ }
+ free(fileBuff);
+}
+
+/**
+ * @tc.name: GetAccessTokenId008
+ * @tc.desc: Get AccessTokenId and check the config file.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TD
+ */
+HWTEST_F(TokenLibKitTest, GetAccessTokenId008, TestSize.Level1)
+{
+ Start("process1");
+ Start("process2");
+ Start("process3");
+ Start("process4");
+ Start("process5");
+ Start("foundation");
+ Start("process6");
+ Start("process7");
+ Start("process8");
+ Start("process9");
+ Start("process10");
+ Start("process15");
+ Start("process16");
+ Start("process17");
+ Start("process18");
+ Start("process19");
+
+ char *fileBuff = nullptr;
+ int ret = GetFileBuff(TOKEN_ID_CFG_FILE_PATH, &fileBuff);
+ ASSERT_EQ(ret, 0);
+ char *pos = strstr(fileBuff, "process1");
+ ASSERT_NE(pos, nullptr);
+ pos = strstr(fileBuff, "process2");
+ ASSERT_NE(pos, nullptr);
+ pos = strstr(fileBuff, "process3");
+ ASSERT_NE(pos, nullptr);
+ pos = strstr(fileBuff, "process4");
+ ASSERT_NE(pos, nullptr);
+ pos = strstr(fileBuff, "process5");
+ ASSERT_NE(pos, nullptr);
+ pos = strstr(fileBuff, "process6");
+ ASSERT_NE(pos, nullptr);
+ pos = strstr(fileBuff, "process7");
+ ASSERT_NE(pos, nullptr);
+ pos = strstr(fileBuff, "process8");
+ ASSERT_NE(pos, nullptr);
+ pos = strstr(fileBuff, "process9");
+ ASSERT_NE(pos, nullptr);
+ free(fileBuff);
+}
diff --git a/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.h b/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.h
new file mode 100644
index 0000000000000000000000000000000000000000..8aa651750f1c4f3574a207244d2ab18b9748b7aa
--- /dev/null
+++ b/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef TOKENSYNC_KIT_TEST_H
+#define TOKENSYNC_KIT_TEST_H
+
+#include
+
+namespace OHOS {
+namespace Security {
+static const int BUFF_LEN = 102400;
+static const int DELAY_ONE_SECONDS = 5;
+static const int DELAY_FIVE_SECONDS = 10;
+class TokenLibKitTest : public testing::Test {
+public:
+ static void SetUpTestCase();
+
+ static void TearDownTestCase();
+
+ void SetUp();
+
+ void TearDown();
+ void ResetFile(void);
+ void PthreadCloseTrigger(void);
+};
+} // namespace Security
+} // namespace OHOS
+#endif // TOKENSYNC_KIT_TEST_H
diff --git a/interfaces/innerkits/token_setproc/BUILD.gn b/interfaces/innerkits/token_setproc/BUILD.gn
new file mode 100644
index 0000000000000000000000000000000000000000..1cdcc6f30fa29c6f692687978be72557a8d4818b
--- /dev/null
+++ b/interfaces/innerkits/token_setproc/BUILD.gn
@@ -0,0 +1,41 @@
+# Copyright (C) 2021 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/ohos.gni")
+
+################################################################
+# C, Main, source file here.
+################################################################
+config("token_setproc") {
+ visibility = [ ":*" ]
+ include_dirs = [ "include" ]
+}
+
+ohos_static_library("libtoken_setproc") {
+ subsystem_name = "security"
+ part_name = "access_token"
+ output_name = "libtoken_setproc"
+
+ public_configs = [ ":token_setproc" ]
+
+ cflags = [ "-Wall" ]
+
+ include_dirs = [
+ "include",
+ "src",
+ ]
+
+ sources = [ "src/token_setproc.c" ]
+
+ deps = []
+}
diff --git a/interfaces/innerkits/token_setproc/include/token_setproc.h b/interfaces/innerkits/token_setproc/include/token_setproc.h
new file mode 100644
index 0000000000000000000000000000000000000000..81c75d92a8e3ee037873e1f005da985311305c72
--- /dev/null
+++ b/interfaces/innerkits/token_setproc/include/token_setproc.h
@@ -0,0 +1,36 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef TOKEN_SETPROC_H
+#define TOKEN_SETPROC_H
+#include
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+uint64_t GetSelfTokenID();
+
+int SetSelfTokenID(uint64_t tokenID);
+
+uint64_t GetFirstCallerTokenID();
+
+int SetFirstCallerTokenID(uint64_t tokenID);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/interfaces/innerkits/token_setproc/src/token_setproc.c b/interfaces/innerkits/token_setproc/src/token_setproc.c
new file mode 100644
index 0000000000000000000000000000000000000000..b2d09dbef5e0e164992bdfe4069f57214e58b470
--- /dev/null
+++ b/interfaces/innerkits/token_setproc/src/token_setproc.c
@@ -0,0 +1,116 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "token_setproc.h"
+
+#include
+#include
+#include
+#include
+#include
+
+#define ACCESS_TOKEN_ID_IOCTL_BASE 'A'
+
+enum {
+ GET_TOKEN_ID = 1,
+ SET_TOKEN_ID,
+ GET_FTOKEN_ID,
+ SET_FTOKEN_ID,
+ ACCESS_TOKENID_MAX_NR,
+};
+
+#define ACCESS_TOKENID_GET_TOKENID \
+ _IOR(ACCESS_TOKEN_ID_IOCTL_BASE, GET_TOKEN_ID, unsigned long long)
+#define ACCESS_TOKENID_SET_TOKENID \
+ _IOW(ACCESS_TOKEN_ID_IOCTL_BASE, SET_TOKEN_ID, unsigned long long)
+#define ACCESS_TOKENID_GET_FTOKENID \
+ _IOR(ACCESS_TOKEN_ID_IOCTL_BASE, GET_FTOKEN_ID, unsigned long long)
+#define ACCESS_TOKENID_SET_FTOKENID \
+ _IOW(ACCESS_TOKEN_ID_IOCTL_BASE, SET_FTOKEN_ID, unsigned long long)
+
+#define ACCESS_TOKEN_OK 0
+#define ACCESS_TOKEN_ERROR (-1)
+
+#define INVAL_TOKEN_ID 0x0
+#define TOKEN_ID_LOWMASK 0xffffffff
+
+#define TOKENID_DEVNODE "/dev/access_token_id"
+
+uint64_t GetSelfTokenID()
+{
+ uint64_t token = INVAL_TOKEN_ID;
+ int fd = open(TOKENID_DEVNODE, O_RDWR);
+ if (fd < 0) {
+ return INVAL_TOKEN_ID;
+ }
+ int ret = ioctl(fd, ACCESS_TOKENID_GET_TOKENID, &token);
+ if (ret) {
+ close(fd);
+ return INVAL_TOKEN_ID;
+ }
+
+ close(fd);
+ return token;
+}
+
+int SetSelfTokenID(uint64_t tokenID)
+{
+ int fd = open(TOKENID_DEVNODE, O_RDWR);
+ if (fd < 0) {
+ return ACCESS_TOKEN_ERROR;
+ }
+ int ret = ioctl(fd, ACCESS_TOKENID_SET_TOKENID, &tokenID);
+ if (ret) {
+ close(fd);
+ return ACCESS_TOKEN_ERROR;
+ }
+
+ close(fd);
+ return ACCESS_TOKEN_OK;
+}
+
+uint64_t GetFirstCallerTokenID()
+{
+ uint64_t token = INVAL_TOKEN_ID;
+ int fd = open(TOKENID_DEVNODE, O_RDWR);
+ if (fd < 0) {
+ return INVAL_TOKEN_ID;
+ }
+ int ret = ioctl(fd, ACCESS_TOKENID_GET_FTOKENID, &token);
+ if (ret) {
+ close(fd);
+ return INVAL_TOKEN_ID;
+ }
+
+ close(fd);
+ return token;
+}
+
+
+int SetFirstCallerTokenID(uint64_t tokenID)
+{
+ int fd = open(TOKENID_DEVNODE, O_RDWR);
+ if (fd < 0) {
+ return ACCESS_TOKEN_ERROR;
+ }
+ int ret = ioctl(fd, ACCESS_TOKENID_SET_FTOKENID, &tokenID);
+ if (ret) {
+ close(fd);
+ return ACCESS_TOKEN_ERROR;
+ }
+
+ close(fd);
+ return ACCESS_TOKEN_OK;
+}
diff --git a/interfaces/innerkits/token_setproc/test/BUILD.gn b/interfaces/innerkits/token_setproc/test/BUILD.gn
new file mode 100644
index 0000000000000000000000000000000000000000..9cac0ef6575dff6f3bcef74c713cdd852941cc81
--- /dev/null
+++ b/interfaces/innerkits/token_setproc/test/BUILD.gn
@@ -0,0 +1,38 @@
+# Copyright (C) 2021 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/test.gni")
+
+ohos_unittest("libtoken_setproc_test") {
+ subsystem_name = "security"
+ part_name = "access_token"
+ module_out_path = part_name + "/" + part_name
+
+ include_dirs = [
+ "//base/security/access_token/interfaces/innerkits/token_setproc/include",
+ ]
+
+ sources = [ "unittest/src/tokensetproc_kit_test.cpp" ]
+ cflags_cc = [ "-fexceptions" ]
+
+ deps = [
+ "//base/security/access_token/interfaces/innerkits/token_setproc:libtoken_setproc",
+ "//third_party/googletest:gmock",
+ "//third_party/googletest:gtest",
+ ]
+}
+
+group("unittest") {
+ testonly = true
+ deps = [ ":libtoken_setproc_test" ]
+}
diff --git a/interfaces/innerkits/token_setproc/test/unittest/src/tokensetproc_kit_test.cpp b/interfaces/innerkits/token_setproc/test/unittest/src/tokensetproc_kit_test.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..5fe3f833c5a6486f5b489479abf2c07136ba771e
--- /dev/null
+++ b/interfaces/innerkits/token_setproc/test/unittest/src/tokensetproc_kit_test.cpp
@@ -0,0 +1,33 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "tokensetproc_kit_test.h"
+
+#include "token_setproc.h"
+
+using namespace testing::ext;
+using namespace OHOS::Security;
+
+void TokensetprocKitTest::SetUpTestCase()
+{}
+
+void TokensetprocKitTest::TearDownTestCase()
+{}
+
+void TokensetprocKitTest::SetUp()
+{}
+
+void TokensetprocKitTest::TearDown()
+{}
\ No newline at end of file
diff --git a/interfaces/innerkits/token_setproc/test/unittest/src/tokensetproc_kit_test.h b/interfaces/innerkits/token_setproc/test/unittest/src/tokensetproc_kit_test.h
new file mode 100644
index 0000000000000000000000000000000000000000..29bef17d2590d7867c5693ac490d95bd9756d104
--- /dev/null
+++ b/interfaces/innerkits/token_setproc/test/unittest/src/tokensetproc_kit_test.h
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef TOKENSYNC_KIT_TEST_H
+#define TOKENSYNC_KIT_TEST_H
+
+#include
+
+namespace OHOS {
+namespace Security {
+class TokensetprocKitTest : public testing::Test {
+public:
+ static void SetUpTestCase();
+
+ static void TearDownTestCase();
+
+ void SetUp();
+
+ void TearDown();
+};
+} // namespace Security
+} // namespace OHOS
+#endif
diff --git a/interfaces/innerkits/tokensync/BUILD.gn b/interfaces/innerkits/tokensync/BUILD.gn
new file mode 100644
index 0000000000000000000000000000000000000000..aa92f46a9d3d122da6b910c5c2a06944c21c525b
--- /dev/null
+++ b/interfaces/innerkits/tokensync/BUILD.gn
@@ -0,0 +1,68 @@
+# Copyright (C) 2021 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/ohos.gni")
+
+################################################################
+# C++, Main, source file here.
+################################################################
+config("tokensync") {
+ visibility = [ ":*" ]
+ include_dirs = [ "include" ]
+}
+
+ohos_shared_library("libtokensync_sdk") {
+ subsystem_name = "security"
+ part_name = "access_token"
+
+ output_name = "libtokensync_sdk"
+
+ public_configs = [ ":tokensync" ]
+
+ include_dirs = [
+ "//utils/native/base/include",
+ "include",
+ "src",
+ "//base/security/access_token/frameworks/tokensync/include",
+ "//base/security/access_token/frameworks/common/include",
+ "//base/security/access_token/interfaces/innerkits/tokensync/include",
+ "//base/security/access_token/interfaces/innerkits/accesstoken/include",
+ "//base/security/access_token/frameworks/accesstoken/include",
+
+ #"//base/security/permission/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/include/permission",
+ ]
+
+ sources = [
+ #"main/cpp/src/permission/permission_kit.cpp",
+ #"main/cpp/src/permission/permission_manager_client.cpp",
+ #"main/cpp/src/permission/permission_manager_proxy.cpp",
+ "src/token_sync_kit.cpp",
+ "src/token_sync_manager_client.cpp",
+ "src/token_sync_manager_proxy.cpp",
+ ]
+
+ deps = [
+ #"//base/security/permission/frameworks/permission_standard/permissioncommunicationadapter:permission_standard_communication_adapter_cxx",
+ #"//base/security/permission/frameworks/permission_standard/permissioninfrastructure:permission_standard_infrastructure_cxx",
+ "//base/security/access_token/frameworks/accesstoken:accesstoken_communication_adapter_cxx",
+ "//utils/native/base:utils",
+ ]
+
+ external_deps = [
+ "hiviewdfx_hilog_native:libhilog",
+ "ipc:ipc_core",
+ "samgr_standard:samgr_proxy",
+ ]
+
+ cflags_cc = [ "-DHILOG_ENABLE" ]
+}
diff --git a/interfaces/innerkits/tokensync/include/token_sync_kit.h b/interfaces/innerkits/tokensync/include/token_sync_kit.h
new file mode 100644
index 0000000000000000000000000000000000000000..e72b005947c006673defc560166e58835fdcdece
--- /dev/null
+++ b/interfaces/innerkits/tokensync/include/token_sync_kit.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2022 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef INTERFACES_INNER_KITS_TOKENSYNC_KIT_H
+#define INTERFACES_INNER_KITS_TOKENSYNC_KIT_H
+
+#include
+#include
+
+#include "access_token.h"
+#include "hap_token_info.h"
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+class TokenSyncKit {
+public:
+ static int GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID);
+ static int DeleteRemoteHapTokenInfo(AccessTokenID tokenID);
+ static int UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& tokenInfo);
+};
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
+
+#endif
diff --git a/interfaces/innerkits/tokensync/src/token_sync_kit.cpp b/interfaces/innerkits/tokensync/src/token_sync_kit.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..090153e7bb389f52b4cc4bad36364b81f1901897
--- /dev/null
+++ b/interfaces/innerkits/tokensync/src/token_sync_kit.cpp
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 2022 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "token_sync_kit.h"
+
+#include
+#include
+
+#include "accesstoken_log.h"
+#include "token_sync_manager_client.h"
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+using namespace std;
+
+namespace {
+static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "TokenSyncKit"};
+} // namespace
+
+int TokenSyncKit::GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, deviceID=%{public}s tokenID=%{public}d",
+ __func__, deviceID.c_str(), tokenID);
+ return TokenSyncManagerClient::GetInstance().GetRemoteHapTokenInfo(deviceID, tokenID);
+}
+
+int TokenSyncKit::DeleteRemoteHapTokenInfo(AccessTokenID tokenID)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID=%{public}d", __func__, tokenID);
+ return TokenSyncManagerClient::GetInstance().DeleteRemoteHapTokenInfo(tokenID);
+}
+
+int TokenSyncKit::UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& tokenInfo)
+{
+ ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called tokenID=%{public}d", __func__, tokenInfo.baseInfo.tokenID);
+ return TokenSyncManagerClient::GetInstance().UpdateRemoteHapTokenInfo(tokenInfo);
+}
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
diff --git a/interfaces/innerkits/accesstoken/main/cpp/src/accesstoken_manager_client.cpp b/interfaces/innerkits/tokensync/src/token_sync_manager_client.cpp
similarity index 37%
rename from interfaces/innerkits/accesstoken/main/cpp/src/accesstoken_manager_client.cpp
rename to interfaces/innerkits/tokensync/src/token_sync_manager_client.cpp
index a5de7d88eb882295421bdda5b6bed135a87ca48d..3cd5a9d56002d8cc5dda0025f4395d80f7563286 100644
--- a/interfaces/innerkits/accesstoken/main/cpp/src/accesstoken_manager_client.cpp
+++ b/interfaces/innerkits/tokensync/src/token_sync_manager_client.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Copyright (c) 2022 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
@@ -13,65 +13,85 @@
* limitations under the License.
*/
-#include "accesstoken_manager_client.h"
+#include "token_sync_manager_client.h"
#include "accesstoken_log.h"
-
+#include "hap_token_info_for_sync_parcel.h"
#include "iservice_registry.h"
namespace OHOS {
namespace Security {
namespace AccessToken {
namespace {
-static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {
- LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AccessTokenManagerClient"
-};
+static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "TokenSyncManagerClient"};
} // namespace
-AccessTokenManagerClient& AccessTokenManagerClient::GetInstance()
+TokenSyncManagerClient& TokenSyncManagerClient::GetInstance()
{
- static AccessTokenManagerClient instance;
+ static TokenSyncManagerClient instance;
return instance;
}
-AccessTokenManagerClient::AccessTokenManagerClient()
+TokenSyncManagerClient::TokenSyncManagerClient()
{}
-AccessTokenManagerClient::~AccessTokenManagerClient()
+TokenSyncManagerClient::~TokenSyncManagerClient()
{}
-int AccessTokenManagerClient::VerifyAccesstoken(AccessTokenID tokenID, const std::string& permissionName) const
+int TokenSyncManagerClient::GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID) const
+{
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+ auto proxy = GetProxy();
+ if (proxy == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
+ return -1;
+ }
+ return proxy->GetRemoteHapTokenInfo(deviceID, tokenID);
+}
+
+int TokenSyncManagerClient::DeleteRemoteHapTokenInfo(AccessTokenID tokenID) const
+{
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+ auto proxy = GetProxy();
+ if (proxy == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
+ return -1;
+ }
+ return proxy->DeleteRemoteHapTokenInfo(tokenID);
+}
+
+int TokenSyncManagerClient::UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& tokenInfo) const
{
ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
auto proxy = GetProxy();
if (proxy == nullptr) {
- ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: proxy is null", __func__);
- return PERMISSION_DENIED;
+ ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
+ return -1;
}
- return proxy->VerifyAccesstoken(tokenID, permissionName);
+ return proxy->UpdateRemoteHapTokenInfo(tokenInfo);
}
-sptr AccessTokenManagerClient::GetProxy() const
+sptr TokenSyncManagerClient::GetProxy() const
{
auto sam = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
if (sam == nullptr) {
- ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: GetSystemAbilityManager is null", __func__);
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "GetSystemAbilityManager is null");
return nullptr;
}
- auto accesstokenSa = sam->GetSystemAbility(IAccessTokenManager::SA_ID_ACCESSTOKEN_MANAGER_SERVICE);
- if (accesstokenSa == nullptr) {
- ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: GetSystemAbility %{public}d is null", __func__,
- IAccessTokenManager::SA_ID_ACCESSTOKEN_MANAGER_SERVICE);
+ auto tokensyncSa = sam->GetSystemAbility(ITokenSyncManager::SA_ID_TOKENSYNC_MANAGER_SERVICE);
+ if (tokensyncSa == nullptr) {
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "GetSystemAbility %{public}d is null",
+ ITokenSyncManager::SA_ID_TOKENSYNC_MANAGER_SERVICE);
return nullptr;
}
- auto proxy = iface_cast(accesstokenSa);
+ auto proxy = iface_cast(tokensyncSa);
if (proxy == nullptr) {
- ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: iface_cast get null", __func__);
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "iface_cast get null");
return nullptr;
}
return proxy;
}
} // namespace AccessToken
} // namespace Security
-} // namespace OHOS
\ No newline at end of file
+} // namespace OHOS
diff --git a/services/accesstoken/main/cpp/include/accesstoken_manager_service.h b/interfaces/innerkits/tokensync/src/token_sync_manager_client.h
similarity index 49%
rename from services/accesstoken/main/cpp/include/accesstoken_manager_service.h
rename to interfaces/innerkits/tokensync/src/token_sync_manager_client.h
index 8174ae72f6a7f3a6dd727d32afe011a88beb45d6..f416cba312c54cadceed163f8adf490741000aaf 100644
--- a/services/accesstoken/main/cpp/include/accesstoken_manager_service.h
+++ b/interfaces/innerkits/tokensync/src/token_sync_manager_client.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Copyright (c) 2022 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
@@ -13,35 +13,37 @@
* limitations under the License.
*/
-#ifndef ACCESSTOKEN_MANAGER_SERVICE_H
-#define ACCESSTOKEN_MANAGER_SERVICE_H
+#ifndef ACCESSTOKEN_MANAGER_CLIENT_H
+#define ACCESSTOKEN_MANAGER_CLIENT_H
-#include "accesstoken_manager_stub.h"
-#include "singleton.h"
-#include "iremote_object.h"
-#include "system_ability.h"
+#include
+
+#include "access_token.h"
+#include "hap_token_info.h"
+#include "i_token_sync_manager.h"
#include "nocopyable.h"
namespace OHOS {
namespace Security {
namespace AccessToken {
-enum class ServiceRunningState { STATE_NOT_START, STATE_RUNNING };
-class AccessTokenManagerService final : public SystemAbility, public AccessTokenManagerStub {
- DECLARE_DELAYED_SINGLETON(AccessTokenManagerService);
- DECLEAR_SYSTEM_ABILITY(AccessTokenManagerService);
-
+class TokenSyncManagerClient final {
public:
- void OnStart() override;
- void OnStop() override;
+ static TokenSyncManagerClient& GetInstance();
- int VerifyAccesstoken(AccessTokenID tokenID, const std::string& permissionName) override;
+ virtual ~TokenSyncManagerClient();
+
+ int GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID) const;
+ int DeleteRemoteHapTokenInfo(AccessTokenID tokenID) const;
+ int UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& tokenInfo) const;
private:
- bool Initialize() const;
+ TokenSyncManagerClient();
+
+ DISALLOW_COPY_AND_MOVE(TokenSyncManagerClient);
- ServiceRunningState state_;
+ sptr GetProxy() const;
};
} // namespace AccessToken
} // namespace Security
} // namespace OHOS
-#endif // ACCESSTOKEN_MANAGER_SERVICE_H
+#endif // ACCESSTOKEN_MANAGER_CLIENT_H
diff --git a/interfaces/innerkits/tokensync/src/token_sync_manager_proxy.cpp b/interfaces/innerkits/tokensync/src/token_sync_manager_proxy.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..bf603c5909894e0d7f322b7fa14abc7cd655a384
--- /dev/null
+++ b/interfaces/innerkits/tokensync/src/token_sync_manager_proxy.cpp
@@ -0,0 +1,128 @@
+/*
+ * Copyright (c) 2022 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "token_sync_manager_proxy.h"
+
+#include "accesstoken_log.h"
+#include "parcel.h"
+#include "string_ex.h"
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+namespace {
+static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "TokenSyncManagerProxy"};
+}
+
+TokenSyncManagerProxy::TokenSyncManagerProxy(const sptr& impl) : IRemoteProxy(impl)
+{}
+
+TokenSyncManagerProxy::~TokenSyncManagerProxy()
+{}
+
+int TokenSyncManagerProxy::GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID)
+{
+ MessageParcel data;
+ data.WriteInterfaceToken(ITokenSyncManager::GetDescriptor());
+ if (!data.WriteString(deviceID)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write deviceID");
+ return -1;
+ }
+ if (!data.WriteUint32(tokenID)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID");
+ return -1;
+ }
+
+ MessageParcel reply;
+ MessageOption option;
+ sptr remote = Remote();
+ if (remote == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "remote service null.");
+ return -1;
+ }
+ int32_t requestResult = remote->SendRequest(
+ static_cast(ITokenSyncManager::InterfaceCode::GET_REMOTE_HAP_TOKEN_INFO), data, reply, option);
+ if (requestResult != NO_ERROR) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "send request fail, result: %{public}d", requestResult);
+ return -1;
+ }
+
+ int32_t result = reply.ReadInt32();
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "get result from server data = %{public}d", result);
+ return result;
+}
+
+int TokenSyncManagerProxy::DeleteRemoteHapTokenInfo(AccessTokenID tokenID)
+{
+ MessageParcel data;
+ data.WriteInterfaceToken(ITokenSyncManager::GetDescriptor());
+ if (!data.WriteUint32(tokenID)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID");
+ return -1;
+ }
+
+ MessageParcel reply;
+ MessageOption option;
+ sptr remote = Remote();
+ if (remote == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "remote service null.");
+ return -1;
+ }
+ int32_t requestResult = remote->SendRequest(
+ static_cast(ITokenSyncManager::InterfaceCode::DELETE_REMOTE_HAP_TOKEN_INFO), data, reply, option);
+ if (requestResult != NO_ERROR) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "send request fail, result: %{public}d", requestResult);
+ return -1;
+ }
+
+ int32_t result = reply.ReadInt32();
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "get result from server data = %{public}d", result);
+ return result;
+}
+
+int TokenSyncManagerProxy::UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& tokenInfo)
+{
+ MessageParcel data;
+ data.WriteInterfaceToken(ITokenSyncManager::GetDescriptor());
+
+ HapTokenInfoForSyncParcel tokenInfoParcel;
+ tokenInfoParcel.hapTokenInfoForSyncParams = tokenInfo;
+
+ if (!data.WriteParcelable(&tokenInfoParcel)) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenInfo");
+ return -1;
+ }
+
+ MessageParcel reply;
+ MessageOption option;
+ sptr remote = Remote();
+ if (remote == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "remote service null.");
+ return -1;
+ }
+ int32_t requestResult = remote->SendRequest(
+ static_cast(ITokenSyncManager::InterfaceCode::UPDATE_REMOTE_HAP_TOKEN_INFO), data, reply, option);
+ if (requestResult != NO_ERROR) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "send request fail, result: %{public}d", requestResult);
+ return -1;
+ }
+
+ int32_t result = reply.ReadInt32();
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "get result from server data = %{public}d", result);
+ return result;
+}
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
diff --git a/interfaces/innerkits/tokensync/src/token_sync_manager_proxy.h b/interfaces/innerkits/tokensync/src/token_sync_manager_proxy.h
new file mode 100644
index 0000000000000000000000000000000000000000..6e251e9612d32f642be1ec246d7fd026d1b63960
--- /dev/null
+++ b/interfaces/innerkits/tokensync/src/token_sync_manager_proxy.h
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2022 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef TOKENSYNC_MANAGER_PROXY_H
+#define TOKENSYNC_MANAGER_PROXY_H
+
+#include
+
+#include "access_token.h"
+#include "hap_token_info_for_sync_parcel.h"
+#include "i_token_sync_manager.h"
+#include "iremote_broker.h"
+#include "iremote_proxy.h"
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+class TokenSyncManagerProxy : public IRemoteProxy {
+public:
+ explicit TokenSyncManagerProxy(const sptr& impl);
+ virtual ~TokenSyncManagerProxy() override;
+
+ int GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID) override;
+ int DeleteRemoteHapTokenInfo(AccessTokenID tokenID) override;
+ int UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& tokenInfo) override;
+
+private:
+ static inline BrokerDelegator delegator_;
+};
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
+#endif // TOKENSYNC_MANAGER_PROXY_H
diff --git a/interfaces/innerkits/tokensync/test/BUILD.gn b/interfaces/innerkits/tokensync/test/BUILD.gn
new file mode 100644
index 0000000000000000000000000000000000000000..87a14097bf1e6345aeb8597bb12132bcb2dcf9d3
--- /dev/null
+++ b/interfaces/innerkits/tokensync/test/BUILD.gn
@@ -0,0 +1,44 @@
+# Copyright (C) 2021 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/test.gni")
+
+ohos_unittest("libtokensync_sdk_test") {
+ subsystem_name = "security"
+ part_name = "access_token"
+ module_out_path = part_name + "/" + part_name
+
+ include_dirs = [
+ "//utils/native/base/include",
+ "//third_party/googletest/include",
+ "//base/security/access_token/interfaces/innerkits/tokensync/include",
+
+ #"//base/security/permission/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/include/permission/",
+ "//base/security/access_token/interfaces/innerkits/accesstoken/include",
+ ]
+
+ sources = [ "unittest/src/token_sync_kit_test.cpp" ]
+
+ cflags_cc = [ "-DHILOG_ENABLE" ]
+
+ deps = [
+ #"//base/security/permission/frameworks/permission_standard/permissioninfrastructure:permission_standard_infrastructure_cxx",
+ "//base/security/access_token/interfaces/innerkits/tokensync:libtokensync_sdk",
+ "//utils/native/base:utils",
+ ]
+}
+
+group("unittest") {
+ testonly = true
+ deps = [ ":libtokensync_sdk_test" ]
+}
diff --git a/interfaces/innerkits/accesstoken/test/unittest/cpp/src/accesstoken_kit_test.cpp b/interfaces/innerkits/tokensync/test/unittest/src/token_sync_kit_test.cpp
old mode 100755
new mode 100644
similarity index 52%
rename from interfaces/innerkits/accesstoken/test/unittest/cpp/src/accesstoken_kit_test.cpp
rename to interfaces/innerkits/tokensync/test/unittest/src/token_sync_kit_test.cpp
index 7fbf82406a97720a7a04c6b8de520cacbc67b662..f4587575b34f69b858bce6663c3dfac86978bd74
--- a/interfaces/innerkits/accesstoken/test/unittest/cpp/src/accesstoken_kit_test.cpp
+++ b/interfaces/innerkits/tokensync/test/unittest/src/token_sync_kit_test.cpp
@@ -13,37 +13,24 @@
* limitations under the License.
*/
-#include "accesstoken_kit_test.h"
+#include "token_sync_kit_test.h"
-#include "accesstoken_kit.h"
+#include "token_sync_kit.h"
using namespace testing::ext;
using namespace OHOS::Security::AccessToken;
-void AccessTokenKitTest::SetUpTestCase()
+void TokenSyncKitTest::SetUpTestCase()
{}
-void AccessTokenKitTest::TearDownTestCase()
-{}
-
-void AccessTokenKitTest::SetUp()
-{}
-
-void AccessTokenKitTest::TearDown()
-{}
+void TokenSyncKitTest::TearDownTestCase()
+{
+}
-/**
- * @tc.name: VerifyAccesstoken001
- * @tc.desc: Verify user granted permission
- * @tc.type: FUNC
- * @tc.require:
- */
-HWTEST_F(AccessTokenKitTest, VerifyAccesstoken001, TestSize.Level0)
+void TokenSyncKitTest::SetUp()
{
- AccessTokenID tokenID = 1;
- const std::string TEST_PERMISSION_NAME = "ohos.permission.TEST";
+}
- int ret = AccessTokenKit::VerifyAccesstoken(tokenID, TEST_PERMISSION_NAME);
- ASSERT_EQ(PERMISSION_GRANTED, ret);
+void TokenSyncKitTest::TearDown()
+{}
-}
\ No newline at end of file
diff --git a/interfaces/innerkits/accesstoken/test/unittest/cpp/src/accesstoken_kit_test.h b/interfaces/innerkits/tokensync/test/unittest/src/token_sync_kit_test.h
similarity index 86%
rename from interfaces/innerkits/accesstoken/test/unittest/cpp/src/accesstoken_kit_test.h
rename to interfaces/innerkits/tokensync/test/unittest/src/token_sync_kit_test.h
index 5784ad6f4cccb0584a0794179a4b32e6de6212c6..1cb07f236b89a505565630b2bd89991f91a04f45 100644
--- a/interfaces/innerkits/accesstoken/test/unittest/cpp/src/accesstoken_kit_test.h
+++ b/interfaces/innerkits/tokensync/test/unittest/src/token_sync_kit_test.h
@@ -13,15 +13,15 @@
* limitations under the License.
*/
-#ifndef ACCESSTOKEN_KIT_TEST_H
-#define ACCESSTOKEN_KIT_TEST_H
+#ifndef TOKENSYNC_KIT_TEST_H
+#define TOKENSYNC_KIT_TEST_H
#include
namespace OHOS {
namespace Security {
namespace AccessToken {
-class AccessTokenKitTest : public testing::Test {
+class TokenSyncKitTest : public testing::Test {
public:
static void SetUpTestCase();
@@ -34,4 +34,4 @@ public:
} // namespace AccessToken
} // namespace Security
} // namespace OHOS
-#endif // ACCESSTOKEN_KIT_TEST_H
+#endif // TOKENSYNC_KIT_TEST_H
diff --git a/interfaces/kits/BUILD.gn b/interfaces/kits/BUILD.gn
new file mode 100644
index 0000000000000000000000000000000000000000..cf2e891f45c8dcb8c021206503fd70779de42fa1
--- /dev/null
+++ b/interfaces/kits/BUILD.gn
@@ -0,0 +1,21 @@
+# Copyright (c) 2021 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/ohos.gni")
+
+group("napi_packages") {
+ deps = []
+ if (support_jsapi) {
+ deps += [ "//base/security/access_token/interfaces/kits/accesstoken:libabilityaccessctrl" ]
+ }
+}
diff --git a/interfaces/kits/accesstoken/BUILD.gn b/interfaces/kits/accesstoken/BUILD.gn
new file mode 100644
index 0000000000000000000000000000000000000000..ae9e53c0a75ea43194f16f2b9e6f8e250d4defcf
--- /dev/null
+++ b/interfaces/kits/accesstoken/BUILD.gn
@@ -0,0 +1,58 @@
+# Copyright (c) 2021 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/ohos.gni")
+
+ohos_shared_library("libabilityaccessctrl") {
+ include_dirs = [
+ "//foundation/appexecfwk/standard/interfaces/innerkits/libeventhandler/include",
+ "//foundation/distributedschedule/samgr/interfaces/innerkits/samgr_proxy/include",
+ "//foundation/ace/napi/interfaces/kits",
+ "//third_party/json/single_include",
+ "//third_party/node/src",
+ "//utils/system/safwk/native/include",
+ "//foundation/communication/dsoftbus/interfaces/kits/transport",
+ "//foundation/communication/dsoftbus/interfaces/kits/common",
+ "//foundation/communication/dsoftbus/interfaces/kits/bus_center",
+ "//third_party/json/include",
+ "//foundation/aafwk/standard/interfaces/innerkits/ability_manager/include",
+ "//base/security/access_token/frameworks/common/include",
+ "//base/security/access_token/interfaces/kits/accesstoken/napi/include",
+ "//base/security/access_token/interfaces/innerkits/accesstoken/include",
+ ]
+
+ sources = [ "//base/security/access_token/interfaces/kits/accesstoken/napi/src/napi_atmanager.cpp" ]
+
+ deps = [
+ "//base/notification/ans_standard/frameworks/ans/core:ans_core",
+ "//base/notification/ans_standard/frameworks/wantagent:wantagent_innerkits",
+ "//base/security/access_token/interfaces/innerkits/accesstoken:libaccesstoken_sdk",
+ "//base/startup/syspara_lite/interfaces/innerkits/native/syspara:syspara",
+ "//foundation/aafwk/standard/interfaces/innerkits/base:base",
+ "//foundation/ace/napi:ace_napi",
+ "//foundation/appexecfwk/standard/interfaces/innerkits/libeventhandler:libeventhandler",
+ "//foundation/distributedschedule/safwk/interfaces/innerkits/safwk:system_ability_fwk",
+ "//foundation/distributedschedule/samgr/interfaces/innerkits/samgr_proxy:samgr_proxy",
+ "//utils/native/base:utils",
+ ]
+ cflags_cc = [ "-DHILOG_ENABLE" ]
+ external_deps = [
+ "ability_base:want",
+ "hiviewdfx_hilog_native:libhilog",
+ "ipc:ipc_core",
+ ]
+
+ relative_install_dir = "module"
+ subsystem_name = "security"
+ part_name = "access_token"
+}
diff --git a/interfaces/kits/accesstoken/napi/include/napi_atmanager.h b/interfaces/kits/accesstoken/napi/include/napi_atmanager.h
new file mode 100644
index 0000000000000000000000000000000000000000..3fee43806253cab76c5cefd05943e9037f532000
--- /dev/null
+++ b/interfaces/kits/accesstoken/napi/include/napi_atmanager.h
@@ -0,0 +1,88 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef NAPI_ATMANAGER_H_
+#define NAPI_ATMANAGER_H_
+
+#include
+#include
+#include
+#include
+
+#include "napi/native_api.h"
+#include "napi/native_node_api.h"
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+#define ASYN_THREAD_EXEC_SUCC 0
+#define ASYN_THREAD_EXEC_FAIL -1
+#define ACCESSTOKEN_PERMISSION_GRANT_FAIL -1
+#define ACCESSTOKEN_PERMISSION_GRANT_SUCC 0
+#define ACCESSTOKEN_PERMISSION_REVOKE_FAIL -1
+#define ACCESSTOKEN_PERMISSION_REVOKE_SUCC 0
+#define VALUE_BUFFER_SIZE 128
+
+const std::string ATMANAGER_CLASS_NAME = "atManager";
+
+struct AtManagerAsyncContext {
+ napi_env env = nullptr;
+ uint32_t tokenId = 0;
+ char permissionName[ VALUE_BUFFER_SIZE ] = { 0 };
+ size_t pNameLen = 0;
+ int flag = 0;
+ int result = 0; // callback or promise return result
+ int status = ASYN_THREAD_EXEC_FAIL; // napi_create_async_work-execute function exec result, default failure
+
+ napi_deferred deferred = nullptr; // promise handle
+ napi_ref callbackRef = nullptr; // callback handle
+ napi_async_work work = nullptr; // work handle
+};
+
+class NapiAtManager {
+public:
+ static napi_value Init(napi_env env, napi_value exports);
+
+private:
+ static napi_value JsConstructor(napi_env env, napi_callback_info cbinfo);
+ static napi_value CreateAtManager(napi_env env, napi_callback_info cbInfo);
+ static napi_value VerifyAccessToken(napi_env env, napi_callback_info info);
+ static napi_value GrantUserGrantedPermission(napi_env env, napi_callback_info info);
+ static napi_value RevokeUserGrantedPermission(napi_env env, napi_callback_info info);
+ static napi_value GetPermissionFlags(napi_env env, napi_callback_info info);
+
+ static void ParseInputVerifyPermissionOrGetFlag(const napi_env env, const napi_callback_info info,
+ AtManagerAsyncContext& asyncContext);
+ static void VerifyAccessTokenExecute(napi_env env, void *data);
+ static void VerifyAccessTokenComplete(napi_env env, napi_status status, void *data);
+ static void ParseInputGrantOrRevokePermission(const napi_env env, const napi_callback_info info,
+ AtManagerAsyncContext& asyncContext);
+ static void GrantUserGrantedPermissionExcute(napi_env env, void *data);
+ static void GrantUserGrantedPermissionComplete(napi_env env, napi_status status, void *data);
+ static void RevokeUserGrantedPermissionExcute(napi_env env, void *data);
+ static void RevokeUserGrantedPermissionComplete(napi_env env, napi_status status, void *data);
+ static void GetPermissionFlagsExcute(napi_env env, void *data);
+ static void GetPermissionFlagsComplete(napi_env env, napi_status status, void *data);
+
+ static napi_ref constructorRef_;
+};
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
+/*
+ * function for module exports
+ */
+static napi_value Init(napi_env env, napi_value exports);
+
+#endif /* NAPI_ATMANAGER_H_ */
diff --git a/interfaces/kits/accesstoken/napi/src/napi_atmanager.cpp b/interfaces/kits/accesstoken/napi/src/napi_atmanager.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..02dd841c4922adfbf9249e6adfdbd9602063059c
--- /dev/null
+++ b/interfaces/kits/accesstoken/napi/src/napi_atmanager.cpp
@@ -0,0 +1,589 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "napi_atmanager.h"
+
+#include
+#include
+#include
+#include
+
+#include "accesstoken_kit.h"
+#include "accesstoken_log.h"
+#include "napi/native_api.h"
+#include "napi/native_node_api.h"
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+namespace {
+static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {
+ LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AccessTokenAbilityAccessCtrl"
+};
+} // namespace
+
+napi_ref NapiAtManager::constructorRef_;
+
+napi_value NapiAtManager::Init(napi_env env, napi_value exports)
+{
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "enter init.");
+
+ napi_property_descriptor descriptor[] = { DECLARE_NAPI_FUNCTION("createAtManager", CreateAtManager) };
+
+ NAPI_CALL(env, napi_define_properties(env,
+ exports, sizeof(descriptor) / sizeof(napi_property_descriptor), descriptor));
+
+ napi_property_descriptor properties[] = {
+ DECLARE_NAPI_FUNCTION("verifyAccessToken", VerifyAccessToken),
+ DECLARE_NAPI_FUNCTION("grantUserGrantedPermission", GrantUserGrantedPermission),
+ DECLARE_NAPI_FUNCTION("revokeUserGrantedPermission", RevokeUserGrantedPermission),
+ DECLARE_NAPI_FUNCTION("getPermissionFlags", GetPermissionFlags)
+ };
+
+ napi_value cons = nullptr;
+ NAPI_CALL(env, napi_define_class(env, ATMANAGER_CLASS_NAME.c_str(), ATMANAGER_CLASS_NAME.size(),
+ JsConstructor, nullptr, sizeof(properties) / sizeof(napi_property_descriptor), properties, &cons));
+
+ NAPI_CALL(env, napi_create_reference(env, cons, 1, &constructorRef_));
+ NAPI_CALL(env, napi_set_named_property(env, exports, ATMANAGER_CLASS_NAME.c_str(), cons));
+
+ return exports;
+}
+
+napi_value NapiAtManager::JsConstructor(napi_env env, napi_callback_info cbinfo)
+{
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "enter JsConstructor");
+
+ napi_value thisVar = nullptr;
+
+ NAPI_CALL(env, napi_get_cb_info(env, cbinfo, nullptr, nullptr, &thisVar, nullptr));
+
+ return thisVar;
+}
+
+napi_value NapiAtManager::CreateAtManager(napi_env env, napi_callback_info cbInfo)
+{
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "enter CreateAtManager");
+
+ napi_value instance = nullptr;
+ napi_value cons = nullptr;
+
+ if (napi_get_reference_value(env, constructorRef_, &cons) != napi_ok) {
+ return nullptr;
+ }
+
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "Get a reference to the global variable constructorRef_ complete");
+
+ if (napi_new_instance(env, cons, 0, nullptr, &instance) != napi_ok) {
+ return nullptr;
+ }
+
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "New the js instance complete");
+
+ return instance;
+}
+
+void NapiAtManager::ParseInputVerifyPermissionOrGetFlag(const napi_env env, const napi_callback_info info,
+ AtManagerAsyncContext& asyncContext)
+{
+ size_t argc = 2;
+
+ napi_value argv[2] = { 0 };
+ napi_value thisVar = nullptr;
+
+ void *data = nullptr;
+
+ napi_get_cb_info(env, info, &argc, argv, &thisVar, &data);
+
+ asyncContext.env = env;
+
+ // parse input tokenId and permissionName
+ for (size_t i = 0; i < argc; i++) {
+ napi_valuetype valueType = napi_undefined;
+ napi_typeof(env, argv[i], &valueType);
+
+ if (valueType == napi_number) {
+ napi_get_value_uint32(env, argv[i], &(asyncContext.tokenId)); // get tokenId
+ } else if (valueType == napi_string) {
+ napi_get_value_string_utf8(env, argv[i], asyncContext.permissionName,
+ VALUE_BUFFER_SIZE, &(asyncContext.pNameLen)); // get permissionName
+ } else {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "Type matching failed");
+ asyncContext.result = -1;
+ }
+ }
+
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "tokenID = %{public}d", asyncContext.tokenId);
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "permissionName = %{public}s", asyncContext.permissionName);
+}
+
+void NapiAtManager::VerifyAccessTokenExecute(napi_env env, void *data)
+{
+ AtManagerAsyncContext* asyncContext = (AtManagerAsyncContext *)data;
+
+ // use innerkit class method to verify permission
+ asyncContext->result = AccessTokenKit::VerifyAccessToken(asyncContext->tokenId,
+ asyncContext->permissionName);
+
+ // set status according to the innerkit class method return
+ if ((asyncContext->result == PERMISSION_GRANTED) || (asyncContext->result == PERMISSION_DENIED)) {
+ asyncContext->status = ASYN_THREAD_EXEC_SUCC; // granted and denied regard as function exec success
+ } else {
+ asyncContext->status = ASYN_THREAD_EXEC_FAIL; // other regard as function exec failure
+ }
+}
+
+void NapiAtManager::VerifyAccessTokenComplete(napi_env env, napi_status status, void *data)
+{
+ AtManagerAsyncContext* asyncContext = (AtManagerAsyncContext*)data;
+ napi_value result;
+
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "tokenId = %{public}d, permissionName = %{public}s, verify result = %{public}d.",
+ asyncContext->tokenId, asyncContext->permissionName, asyncContext->result);
+
+ if (asyncContext->status == ASYN_THREAD_EXEC_SUCC) {
+ // execute succ, use resolve to return result by the deferred create before
+ napi_create_int32(env, asyncContext->result, &result); // verify result
+ napi_resolve_deferred(env, asyncContext->deferred, result);
+ } else {
+ // execute fail, use reject to return default PERMISSION_DENIED by the deferred create before
+ napi_create_int32(env, PERMISSION_DENIED, &result); // verify result
+ napi_reject_deferred(env, asyncContext->deferred, result);
+ }
+
+ // after return the result, free resources
+ napi_delete_async_work(env, asyncContext->work);
+ delete asyncContext;
+}
+
+napi_value NapiAtManager::VerifyAccessToken(napi_env env, napi_callback_info info)
+{
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "VerifyAccessToken begin.");
+
+ auto *asyncContext = new AtManagerAsyncContext(); // for async work deliver data
+ if (asyncContext == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "new struct fail.");
+ return nullptr;
+ }
+
+ ParseInputVerifyPermissionOrGetFlag(env, info, *asyncContext);
+ if (asyncContext->result == -1) {
+ delete asyncContext;
+ return nullptr;
+ }
+
+ napi_value result = nullptr;
+
+ napi_create_promise(env, &(asyncContext->deferred), &result); // create delay promise object
+
+ napi_value resource = nullptr; // resource name
+ napi_create_string_utf8(env, "VerifyAccessToken", NAPI_AUTO_LENGTH, &resource);
+
+ napi_create_async_work( // define work
+ env, nullptr, resource, VerifyAccessTokenExecute, VerifyAccessTokenComplete,
+ (void *)asyncContext, &(asyncContext->work));
+ napi_queue_async_work(env, asyncContext->work); // add async work handle to the napi queue and wait for result
+
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "VerifyAccessToken end.");
+
+ return result;
+}
+
+void NapiAtManager::ParseInputGrantOrRevokePermission(const napi_env env, const napi_callback_info info,
+ AtManagerAsyncContext& asyncContext)
+{
+ size_t argc = 4;
+
+ napi_value argv[4] = { 0 };
+ napi_value thisVar = nullptr;
+
+ void *data = nullptr;
+
+ napi_get_cb_info(env, info, &argc, argv, &thisVar, &data);
+
+ asyncContext.env = env;
+
+ // parse input tokenId and permissionName
+ for (size_t i = 0; i < argc; i++) {
+ napi_valuetype valueType = napi_undefined;
+ napi_typeof(env, argv[i], &valueType);
+
+ if ((i == 0) && (valueType == napi_number)) {
+ napi_get_value_uint32(env, argv[i], &(asyncContext.tokenId)); // get tokenId
+ } else if (valueType == napi_string) {
+ napi_get_value_string_utf8(env, argv[i], asyncContext.permissionName,
+ VALUE_BUFFER_SIZE, &(asyncContext.pNameLen)); // get permissionName
+ } else if (valueType == napi_number) {
+ napi_get_value_int32(env, argv[i], &(asyncContext.flag)); // get flag
+ } else if (valueType == napi_function) {
+ napi_create_reference(env, argv[i], 1, &asyncContext.callbackRef); // get probably callback
+ } else {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "Type matching failed");
+ asyncContext.result = -1;
+ }
+ }
+
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "tokenID = %{public}d", asyncContext.tokenId);
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "permissionName = %{public}s", asyncContext.permissionName);
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "flag = %{public}d", asyncContext.flag);
+}
+
+void NapiAtManager::GrantUserGrantedPermissionExcute(napi_env env, void *data)
+{
+ AtManagerAsyncContext* asyncContext = (AtManagerAsyncContext *)data;
+ PermissionDef permissionDef;
+
+ // struct init, can not use = { 0 } or memset otherwise program crashdump
+ permissionDef.grantMode = 0;
+ permissionDef.availableLevel = APL_NORMAL;
+ permissionDef.provisionEnable = false;
+ permissionDef.distributedSceneEnable = false;
+ permissionDef.labelId = 0;
+ permissionDef.descriptionId = 0;
+
+ // use innerkit class method to check if the permission grantmode is USER_GRANT-0
+ AccessTokenKit::GetDefPermission(asyncContext->permissionName, permissionDef);
+
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "permissionName = %{public}s, grantmode = %{public}d.", asyncContext->permissionName,
+ permissionDef.grantMode);
+
+ if (permissionDef.grantMode != USER_GRANT) {
+ // system_grant permission, return fail directly
+ asyncContext->result = ACCESSTOKEN_PERMISSION_GRANT_FAIL;
+ asyncContext->status = ASYN_THREAD_EXEC_SUCC;
+ } else {
+ // user_grant permission, use innerkit class method to grant permission
+ asyncContext->result = AccessTokenKit::GrantPermission(asyncContext->tokenId,
+ asyncContext->permissionName,
+ asyncContext->flag);
+
+ ACCESSTOKEN_LOG_DEBUG(LABEL,
+ "tokenId = %{public}d, permissionName = %{public}s, flag = %{public}d, grant result = %{public}d.",
+ asyncContext->tokenId, asyncContext->permissionName, asyncContext->flag, asyncContext->result);
+
+ // set status according to the innerkit class method return
+ if ((asyncContext->result == ACCESSTOKEN_PERMISSION_GRANT_SUCC)
+ || (asyncContext->result == ACCESSTOKEN_PERMISSION_GRANT_FAIL)) {
+ asyncContext->status = ASYN_THREAD_EXEC_SUCC; // success or failure regard as function exec success
+ } else {
+ asyncContext->status = ASYN_THREAD_EXEC_FAIL; // other regard as function exec failure
+ }
+ }
+}
+
+void NapiAtManager::GrantUserGrantedPermissionComplete(napi_env env, napi_status status, void *data)
+{
+ AtManagerAsyncContext* asyncContext = (AtManagerAsyncContext*)data;
+ napi_value result = nullptr;
+
+ if (asyncContext->status == ASYN_THREAD_EXEC_SUCC) {
+ // execute succ, consider asyncContext->result as return result
+ napi_create_int32(env, asyncContext->result, &result);
+ } else {
+ // execute fail, set default failure result
+ napi_create_int32(env, ACCESSTOKEN_PERMISSION_GRANT_FAIL, &result);
+ }
+
+ if (asyncContext->deferred) {
+ // promise type
+ if (asyncContext->status == ASYN_THREAD_EXEC_SUCC) {
+ // innerkit class methon exec success, use resolve to return result
+ napi_resolve_deferred(env, asyncContext->deferred, result);
+ } else {
+ // innerkit class methon exec failure, use reject to return result
+ napi_reject_deferred(env, asyncContext->deferred, result);
+ }
+ } else {
+ // callback type
+ napi_value callback = nullptr;
+ napi_value thisValue = nullptr; // recv napi value
+ napi_value thatValue = nullptr; // result napi value
+
+ // set call function params->napi_call_function(env, recv, func, argc, argv, result)
+ napi_get_undefined(env, &thisValue); // can not null otherwise js code can not get return
+ napi_create_int32(env, 0, &thatValue); // can not null otherwise js code can not get return
+ napi_get_reference_value(env, asyncContext->callbackRef, &callback);
+ napi_call_function(env, thisValue, callback, 1, &result, &thatValue);
+ napi_delete_reference(env, asyncContext->callbackRef); // release callback handle
+ }
+
+ // after return the result, free resources
+ napi_delete_async_work(env, asyncContext->work);
+ delete asyncContext;
+}
+
+napi_value NapiAtManager::GrantUserGrantedPermission(napi_env env, napi_callback_info info)
+{
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "GrantUserGrantedPermission begin.");
+
+ auto *asyncContext = new (std::nothrow) AtManagerAsyncContext(); // for async work deliver data
+ if (asyncContext == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "new struct fail.");
+ return nullptr;
+ }
+
+ ParseInputGrantOrRevokePermission(env, info, *asyncContext);
+ if (asyncContext->result == -1) {
+ delete asyncContext;
+ return nullptr;
+ }
+
+ napi_value result = nullptr;
+
+ if (asyncContext->callbackRef == nullptr) {
+ // when callback null, create delay promise object for returning result in async work complete function
+ napi_create_promise(env, &(asyncContext->deferred), &result);
+ } else {
+ // callback not null, use callback type to return result
+ napi_get_undefined(env, &result);
+ }
+
+ napi_value resource = nullptr; // resource name
+ napi_create_string_utf8(env, "GrantUserGrantedPermission", NAPI_AUTO_LENGTH, &resource);
+
+ napi_create_async_work( // define work
+ env, nullptr, resource, GrantUserGrantedPermissionExcute, GrantUserGrantedPermissionComplete,
+ (void *)asyncContext, &(asyncContext->work));
+
+ napi_queue_async_work(env, asyncContext->work); // add async work handle to the napi queue and wait for result
+
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "GrantUserGrantedPermission end.");
+
+ return result;
+}
+
+void NapiAtManager::RevokeUserGrantedPermissionExcute(napi_env env, void *data)
+{
+ AtManagerAsyncContext* asyncContext = (AtManagerAsyncContext *)data;
+ PermissionDef permissionDef;
+
+ // struct init, can not use = { 0 } or memset otherwise program crashdump
+ permissionDef.grantMode = 0;
+ permissionDef.availableLevel = APL_NORMAL;
+ permissionDef.provisionEnable = false;
+ permissionDef.distributedSceneEnable = false;
+ permissionDef.labelId = 0;
+ permissionDef.descriptionId = 0;
+
+ // use innerkit class method to check if the permission grantmode is USER_GRANT-0
+ AccessTokenKit::GetDefPermission(asyncContext->permissionName, permissionDef);
+
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "permissionName = %{public}s, grantmode = %{public}d.", asyncContext->permissionName,
+ permissionDef.grantMode);
+
+ if (permissionDef.grantMode != USER_GRANT) {
+ // system_grant permission, return fail directly
+ asyncContext->result = ACCESSTOKEN_PERMISSION_REVOKE_FAIL;
+ asyncContext->status = ASYN_THREAD_EXEC_SUCC;
+ } else {
+ // user_grant permission, use innerkit class method to grant permission
+ asyncContext->result = AccessTokenKit::RevokePermission(asyncContext->tokenId,
+ asyncContext->permissionName, asyncContext->flag);
+
+ ACCESSTOKEN_LOG_DEBUG(LABEL,
+ "tokenId = %{public}d, permissionName = %{public}s, flag = %{public}d, revoke result = %{public}d.",
+ asyncContext->tokenId, asyncContext->permissionName, asyncContext->flag, asyncContext->result);
+
+ // set status according to the innerkit class method return
+ if ((asyncContext->result == ACCESSTOKEN_PERMISSION_REVOKE_SUCC)
+ || (asyncContext->result == ACCESSTOKEN_PERMISSION_REVOKE_FAIL)) {
+ asyncContext->status = ASYN_THREAD_EXEC_SUCC; // success or failure regard as function exec success
+ } else {
+ asyncContext->status = ASYN_THREAD_EXEC_FAIL; // other regard as function exec failure
+ }
+ }
+}
+
+void NapiAtManager::RevokeUserGrantedPermissionComplete(napi_env env, napi_status status, void *data)
+{
+ AtManagerAsyncContext* asyncContext = (AtManagerAsyncContext*)data;
+ napi_value result = nullptr;
+
+ if (asyncContext->status == ASYN_THREAD_EXEC_SUCC) {
+ // execute succ, consider asyncContext->result as return result
+ napi_create_int32(env, asyncContext->result, &result);
+ } else {
+ // execute fail, set default failure result
+ napi_create_int32(env, ACCESSTOKEN_PERMISSION_GRANT_FAIL, &result);
+ }
+
+ if (asyncContext->deferred) {
+ // promise type
+ if (asyncContext->status == ASYN_THREAD_EXEC_SUCC) {
+ // innerkit class methon exec success, use resolve to return result
+ napi_resolve_deferred(env, asyncContext->deferred, result);
+ } else {
+ // innerkit class methon exec failure, use reject to return result
+ napi_reject_deferred(env, asyncContext->deferred, result);
+ }
+ } else {
+ // callback type
+ napi_value callback = nullptr;
+ napi_value thisValue = nullptr; // recv napi value
+ napi_value thatValue = nullptr; // result napi value
+
+ // set call function params->napi_call_function(env, recv, func, argc, argv, result)
+ napi_get_undefined(env, &thisValue); // can not null otherwise js code can not get return
+ napi_create_int32(env, 0, &thatValue); // can not null otherwise js code can not get return
+ napi_get_reference_value(env, asyncContext->callbackRef, &callback);
+ napi_call_function(env, thisValue, callback, 1, &result, &thatValue);
+ napi_delete_reference(env, asyncContext->callbackRef); // release callback handle
+ }
+
+ // after return the result, free resources
+ napi_delete_async_work(env, asyncContext->work);
+ delete asyncContext;
+}
+
+napi_value NapiAtManager::RevokeUserGrantedPermission(napi_env env, napi_callback_info info)
+{
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "RevokeUserGrantedPermission begin.");
+
+ auto *asyncContext = new AtManagerAsyncContext(); // for async work deliver data
+ if (asyncContext == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "new struct fail.");
+ return nullptr;
+ }
+
+ ParseInputGrantOrRevokePermission(env, info, *asyncContext);
+ if (asyncContext->result == -1) {
+ delete asyncContext;
+ return nullptr;
+ }
+
+ napi_value result = nullptr;
+
+ if (asyncContext->callbackRef == nullptr) {
+ // when callback null, create delay promise object for returning result in async work complete function
+ napi_create_promise(env, &(asyncContext->deferred), &result);
+ } else {
+ // callback not null, use callback type to return result
+ napi_get_undefined(env, &result);
+ }
+
+ napi_value resource = nullptr; // resource name
+ napi_create_string_utf8(env, "RevokeUserGrantedPermission", NAPI_AUTO_LENGTH, &resource);
+
+ napi_create_async_work( // define work
+ env, nullptr, resource, RevokeUserGrantedPermissionExcute, RevokeUserGrantedPermissionComplete,
+ (void *)asyncContext, &(asyncContext->work));
+
+ napi_queue_async_work(env, asyncContext->work); // add async work handle to the napi queue and wait for result
+
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "RevokeUserGrantedPermission end.");
+
+ return result;
+}
+
+void NapiAtManager::GetPermissionFlagsExcute(napi_env env, void *data)
+{
+ AtManagerAsyncContext* asyncContext = (AtManagerAsyncContext *)data;
+
+ // use innerkit class method to get permission flag
+ asyncContext->flag = AccessTokenKit::GetPermissionFlag(asyncContext->tokenId,
+ asyncContext->permissionName);
+ asyncContext->status = ASYN_THREAD_EXEC_SUCC; // status default failure
+}
+
+void NapiAtManager::GetPermissionFlagsComplete(napi_env env, napi_status status, void *data)
+{
+ AtManagerAsyncContext* asyncContext = (AtManagerAsyncContext*)data;
+ napi_value result;
+
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "permissionName = %{public}s, tokenId = %{public}d, flag = %{public}d.",
+ asyncContext->permissionName, asyncContext->tokenId, asyncContext->flag);
+
+ if (asyncContext->status == ASYN_THREAD_EXEC_SUCC) {
+ // execute succ, use resolve to return result by the deferred create before
+ napi_create_int32(env, asyncContext->flag, &result);
+ napi_resolve_deferred(env, asyncContext->deferred, result);
+ } else {
+ // execute fail, this way may not match, but for code strict, still keep
+ napi_create_int32(env, asyncContext->flag, &result);
+ napi_reject_deferred(env, asyncContext->deferred, result);
+ }
+
+ // after return the result, free resources
+ napi_delete_async_work(env, asyncContext->work);
+ delete asyncContext;
+}
+
+napi_value NapiAtManager::GetPermissionFlags(napi_env env, napi_callback_info info)
+{
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "GetPermissionFlags begin.");
+
+ auto *asyncContext = new AtManagerAsyncContext(); // for async work deliver data
+ if (asyncContext == nullptr) {
+ ACCESSTOKEN_LOG_ERROR(LABEL, "new struct fail.");
+ return nullptr;
+ }
+
+ ParseInputVerifyPermissionOrGetFlag(env, info, *asyncContext);
+ if (asyncContext->result == -1) {
+ delete asyncContext;
+ return nullptr;
+ }
+
+ napi_value result = nullptr;
+
+ napi_create_promise(env, &(asyncContext->deferred), &result); // create delay promise object
+
+ napi_value resource = nullptr; // resource name
+ napi_create_string_utf8(env, "VerifyAccessToken", NAPI_AUTO_LENGTH, &resource);
+
+ napi_create_async_work( // define work
+ env, nullptr, resource, GetPermissionFlagsExcute, GetPermissionFlagsComplete,
+ (void *)asyncContext, &(asyncContext->work));
+ napi_queue_async_work(env, asyncContext->work); // add async work handle to the napi queue and wait for result
+
+ ACCESSTOKEN_LOG_DEBUG(LABEL, "GetPermissionFlags end.");
+
+ return result;
+}
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
+
+EXTERN_C_START
+/*
+ * function for module exports
+ */
+static napi_value Init(napi_env env, napi_value exports)
+{
+ ACCESSTOKEN_LOG_DEBUG(OHOS::Security::AccessToken::LABEL, "Register end, start init.");
+
+ return OHOS::Security::AccessToken::NapiAtManager::Init(env, exports);
+}
+EXTERN_C_END
+
+/*
+ * Module define
+ */
+static napi_module _module = {
+ .nm_version = 1,
+ .nm_flags = 0,
+ .nm_filename = nullptr,
+ .nm_register_func = Init,
+ .nm_modname = "abilityAccessCtrl",
+ .nm_priv = ((void *)0),
+ .reserved = {0}
+};
+
+/*
+ * Module register function
+ */
+extern "C" __attribute__((constructor)) void AbilityAccessCtrlmoduleRegister(void)
+{
+ napi_module_register(&_module);
+}
diff --git a/ohos.build b/ohos.build
index f8bc9d11fc3b32f44714844cd5f9e93365e2372e..dcd83476236ce9997c20f6f4f254893566b8819e 100644
--- a/ohos.build
+++ b/ohos.build
@@ -11,18 +11,39 @@
"name": "//base/security/access_token/interfaces/innerkits/accesstoken:libaccesstoken_sdk",
"header": {
"header_files": [
- "accesstoken.h",
"accesstoken_kit.h"
],
- "header_base": "//base/security/access_token/interfaces/innerkits/accesstoken/main/cpp/include"
+ "header_base": "//base/security/access_token/interfaces/innerkits/accesstoken/include"
+ }
+ },
+ {
+ "name": "//base/security/access_token/interfaces/innerkits/nativetoken:libnativetoken",
+ "header": {
+ "header_files": [
+ "nativetoken_kit.h"
+ ],
+ "header_base": "//base/security/access_token/interfaces/innerkits/nativetoken/include"
+ }
+ },
+ {
+ "name": "//base/security/access_token/interfaces/innerkits/token_setproc:libtoken_setproc",
+ "header": {
+ "header_files": [
+ "token_setproc.h"
+ ],
+ "header_base": "//base/security/access_token/interfaces/innerkits/token_setproc/include"
}
}
],
"module_list": [
- "//base/security/access_token:accesstoken_build_module_standard"
+ "//base/security/access_token:accesstoken_build_module",
+ "//base/security/access_token:tokensync_build_module"
],
"test_list": [
- "//base/security/access_token:accesstoken_build_module_standard_test"
+ "//base/security/access_token:accesstoken_build_module_test",
+ "//base/security/access_token/interfaces/innerkits/accesstoken/test:unittest",
+ "//base/security/access_token/interfaces/innerkits/nativetoken/test:unittest",
+ "//base/security/access_token/interfaces/innerkits/token_setproc/test:unittest"
]
}
}
diff --git a/services/accesstoken/main/cpp/src/accesstoken_manager_service.cpp b/services/accesstoken/main/cpp/src/accesstoken_manager_service.cpp
deleted file mode 100644
index 2b4bda1093836067b613bb27d0a177437d82c90d..0000000000000000000000000000000000000000
--- a/services/accesstoken/main/cpp/src/accesstoken_manager_service.cpp
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include "accesstoken_manager_service.h"
-
-#include "accesstoken.h"
-#include "accesstoken_log.h"
-
-namespace OHOS {
-namespace Security {
-namespace AccessToken {
-namespace {
-static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AccessTokenManagerService"};
-}
-
-const bool REGISTER_RESULT =
- SystemAbility::MakeAndRegisterAbility(DelayedSingleton::GetInstance().get());
-
-AccessTokenManagerService::AccessTokenManagerService()
- : SystemAbility(SA_ID_ACCESSTOKEN_MANAGER_SERVICE, true), state_(ServiceRunningState::STATE_NOT_START)
-{
- ACCESSTOKEN_LOG_INFO(LABEL, "AccessTokenManagerService()");
-}
-
-AccessTokenManagerService::~AccessTokenManagerService()
-{
- ACCESSTOKEN_LOG_INFO(LABEL, "~AccessTokenManagerService()");
-}
-
-void AccessTokenManagerService::OnStart()
-{
- if (state_ == ServiceRunningState::STATE_RUNNING) {
- ACCESSTOKEN_LOG_INFO(LABEL, "AccessTokenManagerService has already started!");
- return;
- }
- ACCESSTOKEN_LOG_INFO(LABEL, "AccessTokenManagerService is starting");
- if (!Initialize()) {
- ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to initialize");
- return;
- }
- state_ = ServiceRunningState::STATE_RUNNING;
- bool ret = Publish(DelayedSingleton::GetInstance().get());
- if (!ret) {
- ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to publish service!");
- return;
- }
- ACCESSTOKEN_LOG_INFO(LABEL, "Congratulations, AccessTokenManagerService start successfully!");
-}
-
-void AccessTokenManagerService::OnStop()
-{
- ACCESSTOKEN_LOG_INFO(LABEL, "stop service");
- state_ = ServiceRunningState::STATE_NOT_START;
-}
-
-int AccessTokenManagerService::VerifyAccesstoken(AccessTokenID tokenID, const std::string &permissionName)
-{
- ACCESSTOKEN_LOG_INFO(LABEL,
- "%{public}s called, tokenID: %{public}d, permissionName: %{public}s", __func__,
- tokenID, permissionName.c_str());
- return PERMISSION_GRANTED;
-}
-
-bool AccessTokenManagerService::Initialize() const
-{
- return true;
-}
-} // namespace AccessToken
-} // namespace Security
-} // namespace OHOS
\ No newline at end of file
diff --git a/services/accesstokenmanager/BUILD.gn b/services/accesstokenmanager/BUILD.gn
new file mode 100644
index 0000000000000000000000000000000000000000..62358bea192b55648977a879be6d73c4eaa8efd6
--- /dev/null
+++ b/services/accesstokenmanager/BUILD.gn
@@ -0,0 +1,82 @@
+# Copyright (c) 2021 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/ohos.gni")
+
+ohos_prebuilt_etc("access_token.rc") {
+ source = "access_token.cfg"
+ relative_install_dir = "init"
+ subsystem_name = "security"
+ part_name = "access_token"
+}
+
+ohos_shared_library("accesstoken_manager_service") {
+ subsystem_name = "security"
+ part_name = "access_token"
+
+ include_dirs = [
+ "main/cpp/include/service",
+ "main/cpp/include/token",
+ "main/cpp/include/permission",
+ "main/cpp/include/database",
+ "//utils/system/safwk/native/include",
+ "//base/security/access_token/frameworks/common/include",
+ "//base/security/access_token/frameworks/accesstoken/include",
+ "//base/security/access_token/interfaces/innerkits/accesstoken/include",
+ "//base/security/access_token/interfaces/innerkits/tokensync/include",
+ "//third_party/json/include",
+ ]
+
+ sources = [
+ "main/cpp/src/database/data_storage.cpp",
+ "main/cpp/src/database/data_translator.cpp",
+ "main/cpp/src/database/generic_values.cpp",
+ "main/cpp/src/database/sqlite_helper.cpp",
+ "main/cpp/src/database/sqlite_storage.cpp",
+ "main/cpp/src/database/statement.cpp",
+ "main/cpp/src/database/variant_value.cpp",
+ "main/cpp/src/permission/permission_definition_cache.cpp",
+ "main/cpp/src/permission/permission_manager.cpp",
+ "main/cpp/src/permission/permission_policy_set.cpp",
+ "main/cpp/src/permission/permission_validator.cpp",
+ "main/cpp/src/service/accesstoken_manager_service.cpp",
+ "main/cpp/src/service/accesstoken_manager_stub.cpp",
+ "main/cpp/src/token/accesstoken_id_manager.cpp",
+ "main/cpp/src/token/accesstoken_info_manager.cpp",
+ "main/cpp/src/token/accesstoken_remote_token_manager.cpp",
+ "main/cpp/src/token/hap_token_info_inner.cpp",
+ "main/cpp/src/token/native_token_info_inner.cpp",
+ "main/cpp/src/token/native_token_receptor.cpp",
+ "main/cpp/src/token/token_modify_notifier.cpp",
+ ]
+
+ cflags_cc = [ "-DHILOG_ENABLE" ]
+
+ deps = [
+ #"//base/security/accesstoken/frameworks/accesstooken/permissioncommunicationadapter:permission_standard_communication_adapter_cxx",
+ #"//base/security/accesstoken/frameworks/accesstooken/common:permission_standard_infrastructure_cxx",
+ "//base/security/access_token/frameworks/accesstoken:accesstoken_communication_adapter_cxx",
+ "//base/security/access_token/frameworks/common:accesstoken_common_cxx",
+ "//base/security/access_token/interfaces/innerkits/tokensync:libtokensync_sdk",
+ "//base/security/access_token/services/accesstokenmanager:access_token.rc",
+ "//third_party/sqlite:sqlite",
+ "//utils/native/base:utils",
+ ]
+
+ external_deps = [
+ "hiviewdfx_hilog_native:libhilog",
+ "ipc:ipc_core",
+ "safwk:system_ability_fwk",
+ "samgr_standard:samgr_proxy",
+ ]
+}
diff --git a/services/accesstokenmanager/access_token.cfg b/services/accesstokenmanager/access_token.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..b790a72f0f0fa1f173410a5c8c23b2c800c34d45
--- /dev/null
+++ b/services/accesstokenmanager/access_token.cfg
@@ -0,0 +1,18 @@
+{
+ "jobs" : [{
+ "name" : "pre-init",
+ "cmds" : [
+ "mkdir /data/service/el0/access_token 0750 root system",
+ "load_access_token_id "
+ ]
+ }
+ ],
+ "services" : [{
+ "name" : "accesstoken_service",
+ "path" : ["/system/bin/sa_main", "/system/profile/accesstoken_service.xml"],
+ "importance" : -20,
+ "uid" : "system",
+ "gid" : ["system"]
+ }
+ ]
+}
diff --git a/services/accesstokenmanager/access_token.rc b/services/accesstokenmanager/access_token.rc
new file mode 100644
index 0000000000000000000000000000000000000000..68b9f548b6f5f31b3fc30abc1da6be5c14c380d4
--- /dev/null
+++ b/services/accesstokenmanager/access_token.rc
@@ -0,0 +1,22 @@
+# Copyright (C) 2021 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+on late-fs
+ start accesstoken_service
+
+service accesstoken_service /system/bin/sa_main /system/profile/accesstoken_service.xml
+ class accesstoken_service
+ priority -20
+ user system
+ group system
+ seclabel u:r:accesstoken_service:s0
diff --git a/services/accesstokenmanager/main/cpp/include/database/data_storage.h b/services/accesstokenmanager/main/cpp/include/database/data_storage.h
new file mode 100644
index 0000000000000000000000000000000000000000..9233596bbb9931ea52eb3fb95d6d6a7f5a9bf01a
--- /dev/null
+++ b/services/accesstokenmanager/main/cpp/include/database/data_storage.h
@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef DATA_STORAGE_H
+#define DATA_STORAGE_H
+
+#include
+#include