diff --git a/BUILD.gn b/BUILD.gn index 5f5cae97905395a4f23a7572c60397c33130a10b..f2393de6833f54adf89d568fcaf0c85aa9782a75 100644 --- a/BUILD.gn +++ b/BUILD.gn @@ -17,8 +17,9 @@ group("accesstoken_build_module") { if (is_standard_system) { deps = [ "//base/security/access_token/interfaces/innerkits/accesstoken:libaccesstoken_sdk", - "//base/security/access_token/interfaces/innerkits/nativetoken:libaccesstoken_lib", + "//base/security/access_token/interfaces/innerkits/atlib:libaccesstoken_lib", "//base/security/access_token/interfaces/innerkits/token_setproc:libtoken_setproc", + "//base/security/access_token/interfaces/kits/accesstoken:libabilityaccessctrl", "//base/security/access_token/services/accesstokenmanager:accesstoken_manager_service", "//base/security/access_token/services/accesstokenmanager/main/sa_profile:accesstoken_sa_profile_standard", ] @@ -41,7 +42,7 @@ group("accesstoken_build_module_test") { if (is_standard_system) { deps += [ "//base/security/access_token/interfaces/innerkits/accesstoken/test:unittest", - "//base/security/access_token/interfaces/innerkits/nativetoken/test:unittest", + "//base/security/access_token/interfaces/innerkits/atlib/test:unittest", "//base/security/access_token/interfaces/innerkits/token_setproc/test:unittest", "//base/security/access_token/interfaces/innerkits/tokensync/test:unittest", "//base/security/access_token/services/accesstokenmanager/test:unittest", diff --git a/frameworks/accesstoken/src/permission_def_parcel.cpp b/frameworks/accesstoken/src/permission_def_parcel.cpp index 421731e9fc248aa3949a168432b48bfdd0b645c2..09943e9a04725d43096c7aa1b2260d329927a320 100644 --- a/frameworks/accesstoken/src/permission_def_parcel.cpp +++ b/frameworks/accesstoken/src/permission_def_parcel.cpp @@ -15,6 +15,8 @@ #include "permission_def_parcel.h" +#include "access_token.h" + namespace OHOS { namespace Security { namespace AccessToken { @@ -35,7 +37,9 @@ bool PermissionDefParcel::Marshalling(Parcel& out) const RETURN_IF_FALSE(out.WriteString(this->permissionDef.permissionName)); RETURN_IF_FALSE(out.WriteString(this->permissionDef.bundleName)); RETURN_IF_FALSE(out.WriteInt32(this->permissionDef.grantMode)); - RETURN_IF_FALSE(out.WriteInt32(this->permissionDef.availableScope)); + RETURN_IF_FALSE(out.WriteInt32(this->permissionDef.availableLevel)); + RETURN_IF_FALSE(out.WriteBool(this->permissionDef.provisionEnable)); + RETURN_IF_FALSE(out.WriteBool(this->permissionDef.distributedSceneEnable)); RETURN_IF_FALSE(out.WriteString(this->permissionDef.label)); RETURN_IF_FALSE(out.WriteInt32(this->permissionDef.labelId)); RETURN_IF_FALSE(out.WriteString(this->permissionDef.description)); @@ -50,7 +54,13 @@ PermissionDefParcel* PermissionDefParcel::Unmarshalling(Parcel& in) permissionDefParcel->permissionDef.permissionName = in.ReadString(); permissionDefParcel->permissionDef.bundleName = in.ReadString(); RELEASE_IF_FALSE(in.ReadInt32(permissionDefParcel->permissionDef.grantMode), permissionDefParcel); - RELEASE_IF_FALSE(in.ReadInt32(permissionDefParcel->permissionDef.availableScope), permissionDefParcel); + + int level; + RELEASE_IF_FALSE(in.ReadInt32(level), permissionDefParcel); + permissionDefParcel->permissionDef.availableLevel = ATokenAplEnum(level); + + RELEASE_IF_FALSE(in.ReadBool(permissionDefParcel->permissionDef.provisionEnable), permissionDefParcel); + RELEASE_IF_FALSE(in.ReadBool(permissionDefParcel->permissionDef.distributedSceneEnable), permissionDefParcel); permissionDefParcel->permissionDef.label = in.ReadString(); RELEASE_IF_FALSE(in.ReadInt32(permissionDefParcel->permissionDef.labelId), permissionDefParcel); permissionDefParcel->permissionDef.description = in.ReadString(); @@ -59,4 +69,4 @@ PermissionDefParcel* PermissionDefParcel::Unmarshalling(Parcel& in) } } // namespace AccessToken } // namespace Security -} // namespace OHOS \ No newline at end of file +} // namespace OHOS diff --git a/frameworks/common/include/data_validator.h b/frameworks/common/include/data_validator.h index dc486baa6bf0c7867926fe759d38a6e567a37d74..e5d8191e26baa355ba8272a85a321ec98b43c590 100644 --- a/frameworks/common/include/data_validator.h +++ b/frameworks/common/include/data_validator.h @@ -33,8 +33,18 @@ public: static bool IsDomainValid(const std::string& domain); static bool IsAplNumValid(const int apl); + + static bool IsProcessNameValid(const std::string& processName); + + static bool IsDeviceIdValid(const std::string& deviceId); + + static bool IsLabelValid(const std::string& label); + + static bool IsDescValid(const std::string& desc); + static bool IsPermissionFlagValid(int flag); private: const static int MAX_LENGTH = 256; + const static int MAX_APPIDDESC_LENGTH = 10240; }; } // namespace AccessToken } // namespace Security diff --git a/frameworks/common/src/data_validator.cpp b/frameworks/common/src/data_validator.cpp index 8928c3d777aa95c540d53d04230e4e5a56ed8627..9d359022ba97fa5afce92d531606245ff9d369ca 100644 --- a/frameworks/common/src/data_validator.cpp +++ b/frameworks/common/src/data_validator.cpp @@ -24,6 +24,16 @@ bool DataValidator::IsBundleNameValid(const std::string& bundleName) return !bundleName.empty() && (bundleName.length() <= MAX_LENGTH); } +bool DataValidator::IsLabelValid(const std::string& label) +{ + return label.length() <= MAX_LENGTH; +} + +bool DataValidator::IsDescValid(const std::string& desc) +{ + return desc.length() <= MAX_LENGTH; +} + bool DataValidator::IsPermissionNameValid(const std::string& permissionName) { return !permissionName.empty() && (permissionName.length() <= MAX_LENGTH); @@ -36,7 +46,7 @@ bool DataValidator::IsUserIdValid(const int userId) bool DataValidator::IsAppIDDescValid(const std::string& appIDDesc) { - return !appIDDesc.empty() && (appIDDesc.length() <= MAX_LENGTH); + return !appIDDesc.empty() && (appIDDesc.length() <= MAX_APPIDDESC_LENGTH); } bool DataValidator::IsDomainValid(const std::string& domain) @@ -48,6 +58,24 @@ bool DataValidator::IsAplNumValid(const int apl) { return (apl == APL_NORMAL || apl == APL_SYSTEM_BASIC || apl == APL_SYSTEM_CORE); } + +bool DataValidator::IsProcessNameValid(const std::string& processName) +{ + return !processName.empty() && (processName.length() <= MAX_LENGTH); +} + +bool DataValidator::IsDeviceIdValid(const std::string& deviceId) +{ + return !deviceId.empty() && (deviceId.length() <= MAX_LENGTH); +} + +bool DataValidator::IsPermissionFlagValid(int flag) +{ + return flag == DEFAULT_PERMISSION_FLAGS || + flag == PermissionFlag::PERMISSION_USER_SET || + flag == PermissionFlag::PERMISSION_USER_FIXED || + flag == PermissionFlag::PERMISSION_SYSTEM_FIXED; +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/BUILD.gn b/interfaces/innerkits/accesstoken/BUILD.gn index b6cc8e22c48ca5c14439b842f0368825a622ab0b..1db9166532537b55f7f738c08900f3554c3747e8 100644 --- a/interfaces/innerkits/accesstoken/BUILD.gn +++ b/interfaces/innerkits/accesstoken/BUILD.gn @@ -35,7 +35,7 @@ ohos_shared_library("libaccesstoken_sdk") { "main/cpp/src", "//base/security/access_token/frameworks/accesstoken/include", "//base/security/access_token/frameworks/common/include", - "//base/security/access_token/interfaces/innerkits/accesstoken/main/cpp/include" + "//base/security/access_token/interfaces/innerkits/accesstoken/main/cpp/include", ] sources = [ @@ -46,6 +46,7 @@ ohos_shared_library("libaccesstoken_sdk") { deps = [ "//base/security/access_token/frameworks/accesstoken:accesstoken_communication_adapter_cxx", + "//base/security/access_token/frameworks/common:accesstoken_common_cxx", "//utils/native/base:utils", ] diff --git a/interfaces/innerkits/accesstoken/main/cpp/include/access_token.h b/interfaces/innerkits/accesstoken/main/cpp/include/access_token.h index 5f8909948b71c2c2027b79a8efb3b951c225d64a..bd69ff1d347a3e37c5a86430e9d8f934f33cc8cb 100644 --- a/interfaces/innerkits/accesstoken/main/cpp/include/access_token.h +++ b/interfaces/innerkits/accesstoken/main/cpp/include/access_token.h @@ -22,6 +22,7 @@ namespace AccessToken { typedef unsigned int AccessTokenID; typedef unsigned int AccessTokenAttr; static const int DEFAULT_TOKEN_VERSION = 1; +static const int DEFAULT_PERMISSION_FLAGS = 0; enum AccessTokenKitRet { RET_FAILED = -1, @@ -65,12 +66,6 @@ typedef enum TypeGrantMode { SYSTEM_GRANT = 1, } GrantMode; -typedef enum TypeAvailableScope { - AVAILABLE_SCOPE_ALL = 1 << 0, - AVAILABLE_SCOPE_SIGNATURE = 1 << 1, - AVAILABLE_SCOPE_RESTRICTED = 1 << 2 -} AvailableScope; - typedef enum TypePermissionFlag { PERMISSION_USER_SET = 1 << 0, PERMISSION_USER_FIXED = 1 << 1, diff --git a/interfaces/innerkits/accesstoken/main/cpp/include/accesstoken_kit.h b/interfaces/innerkits/accesstoken/main/cpp/include/accesstoken_kit.h index c8ccb5860fb7a5907565d3a6c521b36b124c30eb..6334ed496e0391832ef1147f2f786a1ff1f99275 100644 --- a/interfaces/innerkits/accesstoken/main/cpp/include/accesstoken_kit.h +++ b/interfaces/innerkits/accesstoken/main/cpp/include/accesstoken_kit.h @@ -34,7 +34,7 @@ public: static AccessTokenID AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID); static int UpdateHapToken(AccessTokenID tokenID, const std::string& appIDDesc, const HapPolicyParams& policy); static int DeleteToken(AccessTokenID tokenID); - static int GetTokenType(AccessTokenID tokenID); + static ATokenTypeEnum GetTokenType(AccessTokenID tokenID); static int CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap); static AccessTokenID GetHapTokenID(int userID, const std::string& bundleName, int instIndex); static int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& hapTokenInfoRes); diff --git a/interfaces/innerkits/accesstoken/main/cpp/include/permission_def.h b/interfaces/innerkits/accesstoken/main/cpp/include/permission_def.h index a08b3103c26b05333aee4690f28e53cc9f16e18e..f3cc81b63cd1062be2c225b6de4bd4f71339805e 100644 --- a/interfaces/innerkits/accesstoken/main/cpp/include/permission_def.h +++ b/interfaces/innerkits/accesstoken/main/cpp/include/permission_def.h @@ -18,6 +18,8 @@ #include +#include "access_token.h" + namespace OHOS { namespace Security { namespace AccessToken { @@ -26,7 +28,9 @@ public: std::string permissionName; std::string bundleName; int grantMode; - int availableScope; + TypeATokenAplEnum availableLevel; + bool provisionEnable; + bool distributedSceneEnable; std::string label; int labelId; std::string description; diff --git a/interfaces/innerkits/accesstoken/main/cpp/include/permission_state_full.h b/interfaces/innerkits/accesstoken/main/cpp/include/permission_state_full.h index 17b8b0137879fa2764368d2e7ce20c00d526fb75..7805a3d9e7ac5698ddc9325ff4910046668f5004 100644 --- a/interfaces/innerkits/accesstoken/main/cpp/include/permission_state_full.h +++ b/interfaces/innerkits/accesstoken/main/cpp/include/permission_state_full.h @@ -13,8 +13,8 @@ * limitations under the License. */ -#ifndef INTERFACES_INNER_KITS_PERMISSION_PERMISSION_STATE_FULL_H -#define INTERFACES_INNER_KITS_PERMISSION_PERMISSION_STATE_FULL_H +#ifndef INTERFACES_INNER_KITS_ACCESSTOKEN_PERMISSION_STATE_FULL_H +#define INTERFACES_INNER_KITS_ACCESSTOKEN_PERMISSION_STATE_FULL_H #include #include @@ -33,4 +33,4 @@ public: } // namespace AccessToken } // namespace Security } // namespace OHOS -#endif // INTERFACES_INNER_KITS_PERMISSION_PERMISSION_STATE_FULL_H +#endif // INTERFACES_INNER_KITS_ACCESSTOKEN_PERMISSION_STATE_FULL_H diff --git a/interfaces/innerkits/accesstoken/main/cpp/src/accesstoken_kit.cpp b/interfaces/innerkits/accesstoken/main/cpp/src/accesstoken_kit.cpp index 5d4d82bdc5573bcb83db56f2c4bddc2596930b3e..3a2f1aef06243cd2d9890c53523d633bb5384dca 100644 --- a/interfaces/innerkits/accesstoken/main/cpp/src/accesstoken_kit.cpp +++ b/interfaces/innerkits/accesstoken/main/cpp/src/accesstoken_kit.cpp @@ -20,6 +20,7 @@ #include "accesstoken_log.h" #include "accesstoken_manager_client.h" +#include "data_validator.h" namespace OHOS { namespace Security { @@ -30,7 +31,14 @@ static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ AccessTokenIDEx AccessTokenKit::AllocHapToken(const HapInfoParams& info, const HapPolicyParams& policy) { + AccessTokenIDEx res = {0}; ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__); + if ((!DataValidator::IsUserIdValid(info.userID)) || !DataValidator::IsAppIDDescValid(info.appIDDesc) + || !DataValidator::IsBundleNameValid(info.bundleName) || !DataValidator::IsAplNumValid(policy.apl) + || !DataValidator::IsDomainValid(policy.domain)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s called, input param failed", __func__); + return res; + } return AccessTokenManagerClient::GetInstance().AllocHapToken(info, policy); } @@ -44,20 +52,32 @@ AccessTokenID AccessTokenKit::AllocLocalTokenID(const std::string& remoteDeviceI int AccessTokenKit::UpdateHapToken(AccessTokenID tokenID, const std::string& appIDDesc, const HapPolicyParams& policy) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__); + if ((tokenID == 0) || (!DataValidator::IsAppIDDescValid(appIDDesc)) + || (!DataValidator::IsAplNumValid(policy.apl))) { + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s called, input param failed", __func__); + return RET_FAILED; + } return AccessTokenManagerClient::GetInstance().UpdateHapToken(tokenID, appIDDesc, policy); } int AccessTokenKit::DeleteToken(AccessTokenID tokenID) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__); + if (tokenID == 0) { + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: tokenID is invalid", __func__); + return RET_FAILED; + } ACCESSTOKEN_LOG_INFO(LABEL, "tokenID=%{public}d", tokenID); - return AccessTokenManagerClient::GetInstance().DeleteToken(tokenID); } -int AccessTokenKit::GetTokenType(AccessTokenID tokenID) +ATokenTypeEnum AccessTokenKit::GetTokenType(AccessTokenID tokenID) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__); + if (tokenID == 0) { + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: tokenID is invalid", __func__); + return TOKEN_INVALID; + } ACCESSTOKEN_LOG_INFO(LABEL, "tokenID=%{public}d", tokenID); return AccessTokenManagerClient::GetInstance().GetTokenType(tokenID); } @@ -72,15 +92,22 @@ int AccessTokenKit::CheckNativeDCap(AccessTokenID tokenID, const std::string& dc AccessTokenID AccessTokenKit::GetHapTokenID(int userID, const std::string& bundleName, int instIndex) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__); + if (!DataValidator::IsUserIdValid(userID) || !DataValidator::IsBundleNameValid(bundleName)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s called, hap token param failed", __func__); + return 0; + } ACCESSTOKEN_LOG_INFO(LABEL, "int userID=%{public}d, bundleName=%{public}s, instIndex=%{public}d", userID, bundleName.c_str(), instIndex); - return AccessTokenManagerClient::GetInstance().GetHapTokenID(userID, bundleName, instIndex); } int AccessTokenKit::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& hapTokenInfoRes) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__); + if (tokenID == 0) { + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: tokenID is invalid", __func__); + return RET_FAILED; + } ACCESSTOKEN_LOG_INFO(LABEL, "tokenID=%{public}d", tokenID); return AccessTokenManagerClient::GetInstance().GetHapTokenInfo(tokenID, hapTokenInfoRes); @@ -97,6 +124,14 @@ int AccessTokenKit::GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfo& n int AccessTokenKit::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__); + if (tokenID == 0) { + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: tokenID is invalid", __func__); + return PERMISSION_DENIED; + } + if (!DataValidator::IsPermissionNameValid(permissionName)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: permissionName is invalid", __func__); + return PERMISSION_DENIED; + } ACCESSTOKEN_LOG_INFO(LABEL, "tokenID=%{public}d, permissionName=%{public}s", tokenID, permissionName.c_str()); return AccessTokenManagerClient::GetInstance().VerifyAccessToken(tokenID, permissionName); } @@ -104,12 +139,16 @@ int AccessTokenKit::VerifyAccessToken(AccessTokenID tokenID, const std::string& int AccessTokenKit::VerifyAccessToken( AccessTokenID callerTokenID, AccessTokenID firstTokenID, const std::string& permissionName) { - return 0; + return PERMISSION_DENIED; } int AccessTokenKit::GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__); + if (!DataValidator::IsPermissionNameValid(permissionName)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: permissionName is invalid", __func__); + return RET_FAILED; + } ACCESSTOKEN_LOG_INFO(LABEL, "permissionName=%{public}s", permissionName.c_str()); int ret = AccessTokenManagerClient::GetInstance().GetDefPermission(permissionName, permissionDefResult); @@ -121,9 +160,12 @@ int AccessTokenKit::GetDefPermission(const std::string& permissionName, Permissi int AccessTokenKit::GetDefPermissions(AccessTokenID tokenID, std::vector& permDefList) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__); + if (tokenID == 0) { + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: tokenID is invalid", __func__); + return RET_FAILED; + } ACCESSTOKEN_LOG_INFO(LABEL, "tokenID=%{public}d", tokenID); - ACCESSTOKEN_LOG_INFO(LABEL, "GetDefPermissions permDefList size = %{public}d", permDefList.size()); return AccessTokenManagerClient::GetInstance().GetDefPermissions(tokenID, permDefList); } @@ -131,15 +173,26 @@ int AccessTokenKit::GetReqPermissions( AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__); + if (tokenID == 0) { + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: tokenID is invalid", __func__); + return RET_FAILED; + } ACCESSTOKEN_LOG_INFO(LABEL, "tokenID=%{public}d, isSystemGrant=%{public}d", tokenID, isSystemGrant); - ACCESSTOKEN_LOG_INFO(LABEL, "GetReqPermissions, reqPermList size=%{public}d", reqPermList.size()); return AccessTokenManagerClient::GetInstance().GetReqPermissions(tokenID, reqPermList, isSystemGrant); } int AccessTokenKit::GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__); + if (tokenID == 0) { + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: tokenID is invalid", __func__); + return DEFAULT_PERMISSION_FLAGS; + } + if (!DataValidator::IsPermissionNameValid(permissionName)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: permissionName is invalid", __func__); + return DEFAULT_PERMISSION_FLAGS; + } ACCESSTOKEN_LOG_INFO(LABEL, "tokenID=%{public}d, permissionName=%{public}s", tokenID, permissionName.c_str()); return AccessTokenManagerClient::GetInstance().GetPermissionFlag(tokenID, permissionName); } @@ -147,6 +200,18 @@ int AccessTokenKit::GetPermissionFlag(AccessTokenID tokenID, const std::string& int AccessTokenKit::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__); + if (tokenID == 0) { + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: tokenID is invalid", __func__); + return RET_FAILED; + } + if (!DataValidator::IsPermissionNameValid(permissionName)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: permissionName is invalid", __func__); + return RET_FAILED; + } + if (!DataValidator::IsPermissionFlagValid(flag)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: flag is invalid", __func__); + return RET_FAILED; + } ACCESSTOKEN_LOG_INFO(LABEL, "tokenID=%{public}d, permissionName=%{public}s, flag=%{public}d", tokenID, permissionName.c_str(), flag); return AccessTokenManagerClient::GetInstance().GrantPermission(tokenID, permissionName, flag); @@ -155,6 +220,18 @@ int AccessTokenKit::GrantPermission(AccessTokenID tokenID, const std::string& pe int AccessTokenKit::RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__); + if (tokenID == 0) { + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: tokenID is invalid", __func__); + return RET_FAILED; + } + if (!DataValidator::IsPermissionNameValid(permissionName)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: permissionName is invalid", __func__); + return RET_FAILED; + } + if (!DataValidator::IsPermissionFlagValid(flag)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: flag is invalid", __func__); + return RET_FAILED; + } ACCESSTOKEN_LOG_INFO(LABEL, "tokenID=%{public}d, permissionName=%{public}s, flag=%{public}d", tokenID, permissionName.c_str(), flag); return AccessTokenManagerClient::GetInstance().RevokePermission(tokenID, permissionName, flag); @@ -163,6 +240,10 @@ int AccessTokenKit::RevokePermission(AccessTokenID tokenID, const std::string& p int AccessTokenKit::ClearUserGrantedPermissionState(AccessTokenID tokenID) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__); + if (tokenID == 0) { + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: tokenID is invalid", __func__); + return RET_FAILED; + } ACCESSTOKEN_LOG_INFO(LABEL, "tokenID=%{public}d", tokenID); return AccessTokenManagerClient::GetInstance().ClearUserGrantedPermissionState(tokenID); } diff --git a/interfaces/innerkits/accesstoken/main/cpp/src/accesstoken_manager_client.cpp b/interfaces/innerkits/accesstoken/main/cpp/src/accesstoken_manager_client.cpp index 8f259f150ceeb3dfdf91c580a31223544fbd7b7b..dcfec1f30770d2a22a44516b41acfae390c42589 100644 --- a/interfaces/innerkits/accesstoken/main/cpp/src/accesstoken_manager_client.cpp +++ b/interfaces/innerkits/accesstoken/main/cpp/src/accesstoken_manager_client.cpp @@ -16,6 +16,7 @@ #include "accesstoken_manager_client.h" #include "accesstoken_log.h" +#include "accesstoken_manager_proxy.h" #include "hap_token_info.h" #include "iservice_registry.h" #include "native_token_info.h" @@ -41,19 +42,19 @@ AccessTokenManagerClient::AccessTokenManagerClient() AccessTokenManagerClient::~AccessTokenManagerClient() {} -int AccessTokenManagerClient::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) const +int AccessTokenManagerClient::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) { ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__); auto proxy = GetProxy(); if (proxy == nullptr) { ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: proxy is null", __func__); - return RET_FAILED; + return PERMISSION_DENIED; } return proxy->VerifyAccessToken(tokenID, permissionName); } int AccessTokenManagerClient::GetDefPermission( - const std::string& permissionName, PermissionDef& permissionDefResult) const + const std::string& permissionName, PermissionDef& permissionDefResult) { ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__); auto proxy = GetProxy(); @@ -67,7 +68,7 @@ int AccessTokenManagerClient::GetDefPermission( return result; } -int AccessTokenManagerClient::GetDefPermissions(AccessTokenID tokenID, std::vector& permList) const +int AccessTokenManagerClient::GetDefPermissions(AccessTokenID tokenID, std::vector& permList) { ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__); auto proxy = GetProxy(); @@ -85,7 +86,7 @@ int AccessTokenManagerClient::GetDefPermissions(AccessTokenID tokenID, std::vect } int AccessTokenManagerClient::GetReqPermissions( - AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) const + AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) { ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__); auto proxy = GetProxy(); @@ -102,18 +103,18 @@ int AccessTokenManagerClient::GetReqPermissions( return result; } -int AccessTokenManagerClient::GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName) const +int AccessTokenManagerClient::GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName) { ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__); auto proxy = GetProxy(); if (proxy == nullptr) { ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: proxy is null", __func__); - return RET_FAILED; + return DEFAULT_PERMISSION_FLAGS; } return proxy->GetPermissionFlag(tokenID, permissionName); } -int AccessTokenManagerClient::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag) const +int AccessTokenManagerClient::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag) { ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__); auto proxy = GetProxy(); @@ -124,7 +125,7 @@ int AccessTokenManagerClient::GrantPermission(AccessTokenID tokenID, const std:: return proxy->GrantPermission(tokenID, permissionName, flag); } -int AccessTokenManagerClient::RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag) const +int AccessTokenManagerClient::RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag) { ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__); auto proxy = GetProxy(); @@ -135,7 +136,7 @@ int AccessTokenManagerClient::RevokePermission(AccessTokenID tokenID, const std: return proxy->RevokePermission(tokenID, permissionName, flag); } -int AccessTokenManagerClient::ClearUserGrantedPermissionState(AccessTokenID tokenID) const +int AccessTokenManagerClient::ClearUserGrantedPermissionState(AccessTokenID tokenID) { ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__); auto proxy = GetProxy(); @@ -146,7 +147,7 @@ int AccessTokenManagerClient::ClearUserGrantedPermissionState(AccessTokenID toke return proxy->ClearUserGrantedPermissionState(tokenID); } -AccessTokenIDEx AccessTokenManagerClient::AllocHapToken(const HapInfoParams& info, const HapPolicyParams& policy) const +AccessTokenIDEx AccessTokenManagerClient::AllocHapToken(const HapInfoParams& info, const HapPolicyParams& policy) { AccessTokenIDEx res = { 0 }; ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__); @@ -163,7 +164,7 @@ AccessTokenIDEx AccessTokenManagerClient::AllocHapToken(const HapInfoParams& inf return proxy->AllocHapToken(hapInfoParcel, hapPolicyParcel); } -int AccessTokenManagerClient::DeleteToken(AccessTokenID tokenID) const +int AccessTokenManagerClient::DeleteToken(AccessTokenID tokenID) { ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__); auto proxy = GetProxy(); @@ -174,18 +175,18 @@ int AccessTokenManagerClient::DeleteToken(AccessTokenID tokenID) const return proxy->DeleteToken(tokenID); } -int AccessTokenManagerClient::GetTokenType(AccessTokenID tokenID) const +ATokenTypeEnum AccessTokenManagerClient::GetTokenType(AccessTokenID tokenID) { ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__); auto proxy = GetProxy(); if (proxy == nullptr) { ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: proxy is null", __func__); - return RET_FAILED; + return TOKEN_INVALID; } - return proxy->GetTokenType(tokenID); + return (ATokenTypeEnum)(proxy->GetTokenType(tokenID)); } -int AccessTokenManagerClient::CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap) const +int AccessTokenManagerClient::CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap) { ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__); auto proxy = GetProxy(); @@ -196,7 +197,7 @@ int AccessTokenManagerClient::CheckNativeDCap(AccessTokenID tokenID, const std:: return proxy->CheckNativeDCap(tokenID, dcap); } -AccessTokenID AccessTokenManagerClient::GetHapTokenID(int userID, const std::string& bundleName, int instIndex) const +AccessTokenID AccessTokenManagerClient::GetHapTokenID(int userID, const std::string& bundleName, int instIndex) { ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__); auto proxy = GetProxy(); @@ -208,7 +209,7 @@ AccessTokenID AccessTokenManagerClient::GetHapTokenID(int userID, const std::str } AccessTokenID AccessTokenManagerClient::AllocLocalTokenID( - const std::string& remoteDeviceID, AccessTokenID remoteTokenID) const + const std::string& remoteDeviceID, AccessTokenID remoteTokenID) { ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__); auto proxy = GetProxy(); @@ -220,7 +221,7 @@ AccessTokenID AccessTokenManagerClient::AllocLocalTokenID( } int AccessTokenManagerClient::UpdateHapToken( - AccessTokenID tokenID, const std::string& appIDDesc, const HapPolicyParams& policy) const + AccessTokenID tokenID, const std::string& appIDDesc, const HapPolicyParams& policy) { ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__); auto proxy = GetProxy(); @@ -233,7 +234,7 @@ int AccessTokenManagerClient::UpdateHapToken( return proxy->UpdateHapToken(tokenID, appIDDesc, hapPolicyParcel); } -int AccessTokenManagerClient::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& hapTokenInfoRes) const +int AccessTokenManagerClient::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& hapTokenInfoRes) { ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__); auto proxy = GetProxy(); @@ -248,7 +249,7 @@ int AccessTokenManagerClient::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInf return res; } -int AccessTokenManagerClient::GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfo& nativeTokenInfoRes) const +int AccessTokenManagerClient::GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfo& nativeTokenInfoRes) { ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__); auto proxy = GetProxy(); @@ -262,26 +263,33 @@ int AccessTokenManagerClient::GetNativeTokenInfo(AccessTokenID tokenID, NativeTo return res; } -sptr AccessTokenManagerClient::GetProxy() const +sptr AccessTokenManagerClient::GetProxy() { - auto sam = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); - if (sam == nullptr) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: GetSystemAbilityManager is null", __func__); - return nullptr; - } - auto accesstokenSa = sam->GetSystemAbility(IAccessTokenManager::SA_ID_ACCESSTOKEN_MANAGER_SERVICE); - if (accesstokenSa == nullptr) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: GetSystemAbility %{public}d is null", __func__, - IAccessTokenManager::SA_ID_ACCESSTOKEN_MANAGER_SERVICE); - return nullptr; - } + if (proxy_ == nullptr) { + std::lock_guard lock(proxyMutex_); + if (proxy_ == nullptr) { + auto sam = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); + if (sam == nullptr) { + ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: GetSystemAbilityManager is null", __func__); + return nullptr; + } + auto accesstokenSa = sam->GetSystemAbility(IAccessTokenManager::SA_ID_ACCESSTOKEN_MANAGER_SERVICE); + if (accesstokenSa == nullptr) { + ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: GetSystemAbility %{public}d is null", __func__, + IAccessTokenManager::SA_ID_ACCESSTOKEN_MANAGER_SERVICE); + return nullptr; + } - auto proxy = iface_cast(accesstokenSa); - if (proxy == nullptr) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: iface_cast get null", __func__); - return nullptr; + auto proxy = iface_cast(accesstokenSa); + if (proxy == nullptr) { + ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: iface_cast get null", __func__); + return nullptr; + } + proxy_ = proxy; + } } - return proxy; + + return proxy_; } } // namespace AccessToken } // namespace Security diff --git a/interfaces/innerkits/accesstoken/main/cpp/src/accesstoken_manager_client.h b/interfaces/innerkits/accesstoken/main/cpp/src/accesstoken_manager_client.h index cedcdae1086c94fb5a8b7a6d82f435fe925184b9..e3a9263f951243640a2463a7c96c59c9f064fd4d 100755 --- a/interfaces/innerkits/accesstoken/main/cpp/src/accesstoken_manager_client.h +++ b/interfaces/innerkits/accesstoken/main/cpp/src/accesstoken_manager_client.h @@ -16,6 +16,7 @@ #ifndef ACCESSTOKEN_MANAGER_CLIENT_H #define ACCESSTOKEN_MANAGER_CLIENT_H +#include #include #include @@ -38,31 +39,32 @@ public: virtual ~AccessTokenManagerClient(); - int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) const; - int GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult) const; - int GetDefPermissions(AccessTokenID tokenID, std::vector& permList) const; + int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName); + int GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult); + int GetDefPermissions(AccessTokenID tokenID, std::vector& permList); int GetReqPermissions( - AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) const; - int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName) const; - int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag) const; - int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag) const; - int ClearUserGrantedPermissionState(AccessTokenID tokenID) const; - AccessTokenIDEx AllocHapToken(const HapInfoParams& info, const HapPolicyParams& policy) const; - int DeleteToken(AccessTokenID tokenID) const; - int GetTokenType(AccessTokenID tokenID) const; - int CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap) const; - AccessTokenID GetHapTokenID(int userID, const std::string& bundleName, int instIndex) const; - AccessTokenID AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID) const; - int UpdateHapToken(AccessTokenID tokenID, const std::string& appIDDesc, const HapPolicyParams& policy) const; - int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& hapTokenInfoRes) const; - int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfo& nativeTokenInfoRes) const; + AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant); + int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName); + int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag); + int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag); + int ClearUserGrantedPermissionState(AccessTokenID tokenID); + AccessTokenIDEx AllocHapToken(const HapInfoParams& info, const HapPolicyParams& policy); + int DeleteToken(AccessTokenID tokenID); + ATokenTypeEnum GetTokenType(AccessTokenID tokenID); + int CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap); + AccessTokenID GetHapTokenID(int userID, const std::string& bundleName, int instIndex); + AccessTokenID AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID); + int UpdateHapToken(AccessTokenID tokenID, const std::string& appIDDesc, const HapPolicyParams& policy); + int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& hapTokenInfoRes); + int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfo& nativeTokenInfoRes); private: AccessTokenManagerClient(); DISALLOW_COPY_AND_MOVE(AccessTokenManagerClient); - - sptr GetProxy() const; + std::mutex proxyMutex_; + sptr proxy_ = nullptr; + sptr GetProxy(); }; } // namespace AccessToken } // namespace Security diff --git a/interfaces/innerkits/accesstoken/main/cpp/src/accesstoken_manager_proxy.cpp b/interfaces/innerkits/accesstoken/main/cpp/src/accesstoken_manager_proxy.cpp index e031e8c025d46d67bca37119127bdd6baeb92210..0f330c8d5cf96ec14741a5aeb09fd3b4dbf92341 100644 --- a/interfaces/innerkits/accesstoken/main/cpp/src/accesstoken_manager_proxy.cpp +++ b/interfaces/innerkits/accesstoken/main/cpp/src/accesstoken_manager_proxy.cpp @@ -183,11 +183,11 @@ int AccessTokenManagerProxy::GetPermissionFlag(AccessTokenID tokenID, const std: data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); if (!data.WriteUint32(tokenID)) { ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: Failed to write tokenID", __func__); - return RET_FAILED; + return DEFAULT_PERMISSION_FLAGS; } if (!data.WriteString(permissionName)) { ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: Failed to write permissionName", __func__); - return RET_FAILED; + return DEFAULT_PERMISSION_FLAGS; } MessageParcel reply; @@ -195,13 +195,13 @@ int AccessTokenManagerProxy::GetPermissionFlag(AccessTokenID tokenID, const std: sptr remote = Remote(); if (remote == nullptr) { ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: remote service null.", __func__); - return RET_FAILED; + return DEFAULT_PERMISSION_FLAGS; } int32_t requestResult = remote->SendRequest( static_cast(IAccessTokenManager::InterfaceCode::GET_PERMISSION_FLAG), data, reply, option); if (requestResult != NO_ERROR) { ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s send request fail, result: %{public}d", __func__, requestResult); - return RET_FAILED; + return DEFAULT_PERMISSION_FLAGS; } int32_t result = reply.ReadInt32(); @@ -341,7 +341,7 @@ AccessTokenIDEx AccessTokenManagerProxy::AllocHapToken( return res; } - uint64_t result = reply.ReadUint64(); + unsigned long long result = reply.ReadUint64(); ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s get result from server data = %{public}llu", __func__, result); res.tokenIDEx = result; return res; diff --git a/interfaces/innerkits/accesstoken/test/unittest/cpp/src/accesstoken_kit_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/cpp/src/accesstoken_kit_test.cpp index cce73330e8752b833d29957f1f146311a1459549..6d38f1ee338867705fa2213abafbbe06d635828a 100755 --- a/interfaces/innerkits/accesstoken/test/unittest/cpp/src/accesstoken_kit_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/cpp/src/accesstoken_kit_test.cpp @@ -14,14 +14,107 @@ */ #include "accesstoken_kit_test.h" +#include #include "accesstoken_kit.h" using namespace testing::ext; using namespace OHOS::Security::AccessToken; +namespace { +static PermissionStateFull g_grantPermissionReq = { + .permissionName = "ohos.permission.GRANT_SENSITIVE_PERMISSIONS", + .isGeneral = true, + .resDeviceID = {"device"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED} +}; +static PermissionStateFull g_revokePermissionReq = { + .permissionName = "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS", + .isGeneral = true, + .resDeviceID = {"device"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED} +}; + +static PermissionDef g_infoManagerTestPermDef1 = { + .permissionName = "ohos.permission.test1", + .bundleName = "accesstoken_test", + .grantMode = 1, + .label = "label", + .labelId = 1, + .description = "open the door", + .descriptionId = 1, + .availableLevel = APL_NORMAL +}; + +static PermissionDef g_infoManagerTestPermDef2 = { + .permissionName = "ohos.permission.test2", + .bundleName = "accesstoken_test", + .grantMode = 1, + .label = "label", + .labelId = 1, + .description = "break the door", + .descriptionId = 1, + .availableLevel = APL_NORMAL +}; + +static PermissionStateFull g_infoManagerTestState1 = { + .grantFlags = {1}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .isGeneral = true, + .permissionName = "ohos.permission.test1", + .resDeviceID = {"local"} +}; + +static PermissionStateFull g_infoManagerTestState2 = { + .permissionName = "ohos.permission.test2", + .isGeneral = false, + .grantFlags = {1, 2}, + .grantStatus = {PermissionState::PERMISSION_GRANTED, PermissionState::PERMISSION_GRANTED}, + .resDeviceID = {"device 1", "device 2"} +}; + +static HapInfoParams g_infoManagerTestInfoParms = { + .bundleName = "accesstoken_test", + .userID = 1, + .instIndex = 0, + .appIDDesc = "testtesttesttest" +}; + +static HapPolicyParams g_infoManagerTestPolicyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain", + .permList = {g_infoManagerTestPermDef1, g_infoManagerTestPermDef2}, + .permStateList = {g_infoManagerTestState1, g_infoManagerTestState2} +}; + +static HapInfoParams g_infoManagerTestInfoParms_bak = { + .bundleName = "accesstoken_test", + .userID = 1, + .instIndex = 0, + .appIDDesc = "testtesttesttest" +}; + +static HapPolicyParams g_infoManagerTestPolicyPrams_bak = { + .apl = APL_NORMAL, + .domain = "test.domain", + .permList = {g_infoManagerTestPermDef1, g_infoManagerTestPermDef2}, + .permStateList = {g_infoManagerTestState1, g_infoManagerTestState2} +}; +} + void AccessTokenKitTest::SetUpTestCase() -{} +{ + // make test case clean + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); +} void AccessTokenKitTest::TearDownTestCase() { @@ -29,12 +122,15 @@ void AccessTokenKitTest::TearDownTestCase() void AccessTokenKitTest::SetUp() { + g_infoManagerTestInfoParms = g_infoManagerTestInfoParms_bak; + g_infoManagerTestPolicyPrams = g_infoManagerTestPolicyPrams_bak; HapInfoParams info = { .userID = TEST_USER_ID, .bundleName = TEST_BUNDLE_NAME, .instIndex = 0, .appIDDesc = "appIDDesc", }; + HapPolicyParams policy = { .apl = APL_NORMAL, .domain = "domain" @@ -44,14 +140,18 @@ void AccessTokenKitTest::SetUp() .permissionName = TEST_PERMISSION_NAME_ALPHA, .bundleName = TEST_BUNDLE_NAME, .grantMode = GrantMode::USER_GRANT, - .availableScope = AVAILABLE_SCOPE_ALL, + .availableLevel = APL_NORMAL, + .provisionEnable = false, + .distributedSceneEnable = false }; PermissionDef permissionDefBeta = { .permissionName = TEST_PERMISSION_NAME_BETA, .bundleName = TEST_BUNDLE_NAME, .grantMode = GrantMode::SYSTEM_GRANT, - .availableScope = AVAILABLE_SCOPE_ALL, + .availableLevel = APL_NORMAL, + .provisionEnable = false, + .distributedSceneEnable = false }; policy.permList.emplace_back(permissionDefAlpha); policy.permList.emplace_back(permissionDefBeta); @@ -72,8 +172,14 @@ void AccessTokenKitTest::SetUp() }; policy.permStateList.emplace_back(permStatAlpha); policy.permStateList.emplace_back(permStatBeta); + policy.permStateList.emplace_back(g_grantPermissionReq); + policy.permStateList.emplace_back(g_revokePermissionReq); AccessTokenKit::AllocHapToken(info, policy); + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); } void AccessTokenKitTest::TearDown() @@ -86,47 +192,91 @@ unsigned int AccessTokenKitTest::GetAccessTokenID(int userID, std::string bundle { return AccessTokenKit::GetHapTokenID(userID, bundleName, instIndex); } + +void AccessTokenKitTest::DeleteTestToken() const +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + int ret = AccessTokenKit::DeleteToken(tokenID); + if (tokenID != 0) { + ASSERT_EQ(RET_SUCCESS, ret); + } +} + +void AccessTokenKitTest::AllocTestToken() const +{ + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_NE(0, tokenIdEx.tokenIdExStruct.tokenID); +} + /** - * @tc.name: AllocHapToken001 + * @tc.name: GetDefPermission001 * @tc.desc: Get permission definition info after AllocHapToken function has been invoked. * @tc.type: FUNC - * @tc.require: + * @tc.require:AR000GM5FC AR000GK6TG */ -HWTEST_F(AccessTokenKitTest, AllocHapToken001, TestSize.Level1) +HWTEST_F(AccessTokenKitTest, GetDefPermission001, TestSize.Level1) { PermissionDef permDefResultAlpha; int ret = AccessTokenKit::GetDefPermission(TEST_PERMISSION_NAME_ALPHA, permDefResultAlpha); - ASSERT_EQ(TEST_PERMISSION_NAME_ALPHA, permDefResultAlpha.permissionName); ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(TEST_PERMISSION_NAME_ALPHA, permDefResultAlpha.permissionName); PermissionDef permDefResultBeta; ret = AccessTokenKit::GetDefPermission(TEST_PERMISSION_NAME_BETA, permDefResultBeta); - ASSERT_EQ(TEST_PERMISSION_NAME_BETA, permDefResultBeta.permissionName); ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(TEST_PERMISSION_NAME_BETA, permDefResultBeta.permissionName); } /** - * @tc.name: AllocHapToken002 - * @tc.desc: Get permission definition info that permission is not exist. + * @tc.name: GetDefPermission002 + * @tc.desc: Get permission definition info that permission is invalid. * @tc.type: FUNC - * @tc.require: + * @tc.require:AR000GM5FC */ -HWTEST_F(AccessTokenKitTest, AllocHapToken002, TestSize.Level1) +HWTEST_F(AccessTokenKitTest, GetDefPermission002, TestSize.Level1) { PermissionDef permDefResult; int ret = AccessTokenKit::GetDefPermission(TEST_PERMISSION_NAME_GAMMA, permDefResult); ASSERT_EQ(RET_FAILED, ret); + + ret = AccessTokenKit::GetDefPermission("", permDefResult); + ASSERT_EQ(RET_FAILED, ret); + + std::string invalidPerm(INVALID_PERMNAME_LEN, 'a'); + ret = AccessTokenKit::GetDefPermission(invalidPerm, permDefResult); + ASSERT_EQ(RET_FAILED, ret); } /** - * @tc.name: AllocHapToken003 + * @tc.name: GetDefPermission003 + * @tc.desc: GetDefPermission is invoked multiple times. + * @tc.type: FUNC + * @tc.require:AR000GM5FC + */ +HWTEST_F(AccessTokenKitTest, GetDefPermission003, TestSize.Level0) +{ + int ret = RET_FAILED; + for (int i = 0; i < CYCLE_TIMES; i++) { + PermissionDef permDefResultAlpha; + ret = AccessTokenKit::GetDefPermission(TEST_PERMISSION_NAME_ALPHA, permDefResultAlpha); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(TEST_PERMISSION_NAME_ALPHA, permDefResultAlpha.permissionName); + } +} + +/** + * @tc.name: GetDefPermissions001 * @tc.desc: Get permission definition info list after AllocHapToken function has been invoked. * @tc.type: FUNC - * @tc.require: + * @tc.require:AR000GM5FC AR000GK6TG */ -HWTEST_F(AccessTokenKitTest, AllocHapToken003, TestSize.Level1) +HWTEST_F(AccessTokenKitTest, GetDefPermissions001, TestSize.Level1) { AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); std::vector permDefList; int ret = AccessTokenKit::GetDefPermissions(tokenID, permDefList); ASSERT_EQ(RET_SUCCESS, ret); @@ -134,27 +284,81 @@ HWTEST_F(AccessTokenKitTest, AllocHapToken003, TestSize.Level1) } /** - * @tc.name: AllocHapToken004 + * @tc.name: GetDefPermissions002 + * @tc.desc: Get permission definition info list after clear permission definition list + * @tc.type: FUNC + * @tc.require:AR000GM5FC + */ +HWTEST_F(AccessTokenKitTest, GetDefPermissions002, TestSize.Level1) +{ + HapPolicyParams TestPolicyPrams = g_infoManagerTestPolicyPrams; + TestPolicyPrams.permList.clear(); + AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, TestPolicyPrams); + + AccessTokenID tokenID = GetAccessTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + ASSERT_NE(0, tokenID); + + std::vector permDefList; + int ret = AccessTokenKit::GetDefPermissions(tokenID, permDefList); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(0, permDefList.size()); + + AccessTokenKit::DeleteToken(tokenID); +} + +/** + * @tc.name: GetDefPermissions003 * @tc.desc: Get permission definition info list that tokenID is invalid. * @tc.type: FUNC - * @tc.require: + * @tc.require:AR000GM5FC */ -HWTEST_F(AccessTokenKitTest, AllocHapToken004, TestSize.Level1) +HWTEST_F(AccessTokenKitTest, GetDefPermissions003, TestSize.Level1) { + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + AccessTokenKit::DeleteToken(tokenID); + std::vector permDefList; int ret = AccessTokenKit::GetDefPermissions(TEST_TOKENID_INVALID, permDefList); ASSERT_EQ(RET_FAILED, ret); + + std::vector permDefListRes; + ret = AccessTokenKit::GetDefPermissions(tokenID, permDefListRes); + ASSERT_EQ(RET_FAILED, ret); + ASSERT_EQ(0, permDefListRes.size()); +} + +/** + * @tc.name: GetDefPermissions004 + * @tc.desc: GetDefPermissions is invoked multiple times. + * @tc.type: FUNC + * @tc.require:AR000GM5FC + */ +HWTEST_F(AccessTokenKitTest, GetDefPermissions004, TestSize.Level0) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + int ret = RET_FAILED; + for (int i = 0; i < CYCLE_TIMES; i++) { + std::vector permDefList; + ret = ret = AccessTokenKit::GetDefPermissions(tokenID, permDefList); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(2, permDefList.size()); + } } /** * @tc.name: GetReqPermissions001 * @tc.desc: Get user granted permission state info. * @tc.type: FUNC - * @tc.require: + * @tc.require:AR000GM5FC AR000GK6TG */ HWTEST_F(AccessTokenKitTest, GetReqPermissions001, TestSize.Level1) { AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); std::vector permStatList; int ret = AccessTokenKit::GetReqPermissions(tokenID, permStatList, false); ASSERT_EQ(RET_SUCCESS, ret); @@ -169,30 +373,109 @@ HWTEST_F(AccessTokenKitTest, GetReqPermissions001, TestSize.Level1) * @tc.name: GetReqPermissions002 * @tc.desc: Get system granted permission state info. * @tc.type: FUNC - * @tc.require: + * @tc.require:AR000GM5FC */ HWTEST_F(AccessTokenKitTest, GetReqPermissions002, TestSize.Level1) { AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); std::vector permStatList; int ret = AccessTokenKit::GetReqPermissions(tokenID, permStatList, true); ASSERT_EQ(RET_SUCCESS, ret); - ASSERT_EQ(1, permStatList.size()); + ASSERT_EQ(3, permStatList.size()); ASSERT_EQ(TEST_PERMISSION_NAME_BETA, permStatList[0].permissionName); ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_BETA); ASSERT_EQ(ret, permStatList[0].grantStatus[0]); } +/** + * @tc.name: GetReqPermissions003 + * @tc.desc: Get user granted permission state info after clear request permission list. + * @tc.type: FUNC + * @tc.require:AR000GM5FC + */ +HWTEST_F(AccessTokenKitTest, GetReqPermissions003, TestSize.Level1) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + + HapTokenInfo hapInfo; + int ret = AccessTokenKit::GetHapTokenInfo(tokenID, hapInfo); + ASSERT_EQ(RET_SUCCESS, ret); + + HapPolicyParams policy = { + .apl = hapInfo.apl, + .domain = "domain" + }; + policy.permStateList.clear(); + + ret = AccessTokenKit::UpdateHapToken(tokenID, hapInfo.appID, policy); + ASSERT_EQ(RET_SUCCESS, ret); + + std::vector permStatUserList; + ret = AccessTokenKit::GetReqPermissions(tokenID, permStatUserList, false); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(0, permStatUserList.size()); + + std::vector permStatSystemList; + ret = AccessTokenKit::GetReqPermissions(tokenID, permStatSystemList, true); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(0, permStatSystemList.size()); +} + +/** + * @tc.name: GetReqPermissions004 + * @tc.desc: Get permission state info list that tokenID is invalid. + * @tc.type: FUNC + * @tc.require:AR000GM5FC + */ +HWTEST_F(AccessTokenKitTest, GetReqPermissions004, TestSize.Level1) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + + std::vector permStatList; + int ret = AccessTokenKit::GetReqPermissions(TEST_TOKENID_INVALID, permStatList, false); + ASSERT_EQ(RET_FAILED, ret); + + AccessTokenKit::DeleteToken(tokenID); + + ret = AccessTokenKit::GetReqPermissions(tokenID, permStatList, false); + ASSERT_EQ(RET_FAILED, ret); + ASSERT_EQ(0, permStatList.size()); +} + +/** + * @tc.name: GetReqPermissions005 + * @tc.desc: GetReqPermissions is invoked multiple times. + * @tc.type: FUNC + * @tc.require:AR000GM5FC + */ +HWTEST_F(AccessTokenKitTest, GetReqPermissions005, TestSize.Level0) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + int ret = RET_FAILED; + for (int i = 0; i < CYCLE_TIMES; i++) { + std::vector permStatList; + ret = ret = AccessTokenKit::GetReqPermissions(tokenID, permStatList, false); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(1, permStatList.size()); + ASSERT_EQ(TEST_PERMISSION_NAME_ALPHA, permStatList[0].permissionName); + } +} + /** * @tc.name: GetPermissionFlag001 * @tc.desc: Get permission flag after grant permission. * @tc.type: FUNC - * @tc.require: + * @tc.require:AR000GM5FC AR000GK6TG */ HWTEST_F(AccessTokenKitTest, GetPermissionFlag001, TestSize.Level1) { AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); int ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED); ASSERT_EQ(RET_SUCCESS, ret); @@ -200,15 +483,66 @@ HWTEST_F(AccessTokenKitTest, GetPermissionFlag001, TestSize.Level1) ASSERT_EQ(PERMISSION_USER_FIXED, ret); } +/** + * @tc.name: GetPermissionFlag002 + * @tc.desc: Get permission flag that tokenID or permission is invalid. + * @tc.type: FUNC + * @tc.require:AR000GM5FC + */ +HWTEST_F(AccessTokenKitTest, GetPermissionFlag002, TestSize.Level1) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + + int ret = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_GAMMA); + ASSERT_EQ(DEFAULT_PERMISSION_FLAGS, ret); + + ret = AccessTokenKit::GetPermissionFlag(tokenID, ""); + ASSERT_EQ(DEFAULT_PERMISSION_FLAGS, ret); + + std::string invalidPerm(INVALID_PERMNAME_LEN, 'a'); + ret = AccessTokenKit::GetPermissionFlag(tokenID, invalidPerm); + ASSERT_EQ(DEFAULT_PERMISSION_FLAGS, ret); + + ret = AccessTokenKit::GetPermissionFlag(TEST_TOKENID_INVALID, TEST_PERMISSION_NAME_ALPHA); + ASSERT_EQ(DEFAULT_PERMISSION_FLAGS, ret); + + AccessTokenKit::DeleteToken(tokenID); + + ret = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_ALPHA); + ASSERT_EQ(DEFAULT_PERMISSION_FLAGS, ret); +} + +/** + * @tc.name: GetPermissionFlag003 + * @tc.desc: GetPermissionFlag is invoked multiple times. + * @tc.type: FUNC + * @tc.require:AR000GM5FC + */ +HWTEST_F(AccessTokenKitTest, GetPermissionFlag003, TestSize.Level0) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + int ret = RET_FAILED; + for (int i = 0; i < CYCLE_TIMES; i++) { + ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = ret = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_ALPHA); + ASSERT_EQ(PERMISSION_USER_FIXED, ret); + } +} + /** * @tc.name: VerifyAccessToken001 * @tc.desc: Verify user granted permission. * @tc.type: FUNC - * @tc.require: + * @tc.require:AR000GK6T8 AR000GK6TG */ HWTEST_F(AccessTokenKitTest, VerifyAccessToken001, TestSize.Level0) { AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); int ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED); ASSERT_EQ(RET_SUCCESS, ret); @@ -226,11 +560,12 @@ HWTEST_F(AccessTokenKitTest, VerifyAccessToken001, TestSize.Level0) * @tc.name: VerifyAccessToken002 * @tc.desc: Verify system granted permission. * @tc.type: FUNC - * @tc.require: + * @tc.require:AR000GK6T8 */ HWTEST_F(AccessTokenKitTest, VerifyAccessToken002, TestSize.Level0) { AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); int ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_BETA, PERMISSION_USER_FIXED); ASSERT_EQ(RET_SUCCESS, ret); @@ -246,63 +581,1378 @@ HWTEST_F(AccessTokenKitTest, VerifyAccessToken002, TestSize.Level0) /** * @tc.name: VerifyAccessToken003 - * @tc.desc: Verify permission that has not been defined. + * @tc.desc: Verify permission that tokenID or permission is invalid. * @tc.type: FUNC - * @tc.require: + * @tc.require:AR000GK6T8 */ HWTEST_F(AccessTokenKitTest, VerifyAccessToken003, TestSize.Level0) { AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); int ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_GAMMA); ASSERT_EQ(PERMISSION_DENIED, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, ""); + ASSERT_EQ(PERMISSION_DENIED, ret); + + std::string invalidPerm(INVALID_PERMNAME_LEN, 'a'); + ret = AccessTokenKit::VerifyAccessToken(tokenID, invalidPerm); + ASSERT_EQ(PERMISSION_DENIED, ret); + + AccessTokenKit::VerifyAccessToken(TEST_TOKENID_INVALID, TEST_PERMISSION_NAME_BETA); + ASSERT_EQ(PERMISSION_DENIED, ret); + + AccessTokenKit::DeleteToken(tokenID); + + AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_BETA); + ASSERT_EQ(PERMISSION_DENIED, ret); } /** - * @tc.name: ClearUserGrantedPermissionState001 - * @tc.desc: Clear user granted permission fater ClearUserGrantedPermissionState has been invoked. + * @tc.name: VerifyAccessToken004 + * @tc.desc: Verify permission after update. * @tc.type: FUNC - * @tc.require: + * @tc.require:AR000GK6T8 */ -HWTEST_F(AccessTokenKitTest, ClearUserGrantedPermissionState001, TestSize.Level0) +HWTEST_F(AccessTokenKitTest, VerifyAccessToken004, TestSize.Level0) { AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); - int ret = AccessTokenKit::ClearUserGrantedPermissionState(tokenID); + ASSERT_NE(0, tokenID); + + int ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + HapTokenInfo hapInfo; + ret = AccessTokenKit::GetHapTokenInfo(tokenID, hapInfo); + ASSERT_EQ(RET_SUCCESS, ret); + + std::vector permDefList; + ret = AccessTokenKit::GetDefPermissions(tokenID, permDefList); + ASSERT_EQ(RET_SUCCESS, ret); + + std::vector permStatList; + ret = AccessTokenKit::GetReqPermissions(tokenID, permStatList, false); + ASSERT_EQ(RET_SUCCESS, ret); + + HapPolicyParams policy = { + .apl = hapInfo.apl, + .domain = "domain", + .permList = permDefList, + .permStateList = permStatList + }; + + ret = AccessTokenKit::UpdateHapToken(tokenID, hapInfo.appID, policy); ASSERT_EQ(RET_SUCCESS, ret); ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA); - ASSERT_EQ(PERMISSION_DENIED, ret); + ASSERT_EQ(PERMISSION_GRANTED, ret); } /** - * @tc.name: DeleteToken001 - * @tc.desc: Cannot get permission definition info after DeleteToken function has been invoked. + * @tc.name: GrantPermission001 + * @tc.desc: Grant permission that has ohos.permission.GRANT_SENSITIVE_PERMISSIONS * @tc.type: FUNC - * @tc.require: + * @tc.require:AR000GK6TF AR000GK6TG */ -HWTEST_F(AccessTokenKitTest, DeleteToken001, TestSize.Level1) +HWTEST_F(AccessTokenKitTest, GrantPermission001, TestSize.Level0) { AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); - PermissionDef permDefResultAlpha; - int ret = AccessTokenKit::GetDefPermission(TEST_PERMISSION_NAME_ALPHA, permDefResultAlpha); - ASSERT_EQ(TEST_PERMISSION_NAME_ALPHA, permDefResultAlpha.permissionName); + ASSERT_NE(0, tokenID); + int ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED); ASSERT_EQ(RET_SUCCESS, ret); - ret = AccessTokenKit::DeleteToken(tokenID); + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA); + ASSERT_EQ(PERMISSION_GRANTED, ret); + + ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_BETA, PERMISSION_USER_FIXED); ASSERT_EQ(RET_SUCCESS, ret); - PermissionDef defResult; - ret = AccessTokenKit::GetDefPermission(TEST_PERMISSION_NAME_ALPHA, defResult); + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA); + ASSERT_EQ(PERMISSION_GRANTED, ret); +} + +/** + * @tc.name: GrantPermission002 + * @tc.desc: Grant permission that tokenID or permission is invalid. + * @tc.type: FUNC + * @tc.require:AR000GK6TF + */ +HWTEST_F(AccessTokenKitTest, GrantPermission002, TestSize.Level0) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + + int ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_GAMMA, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::GrantPermission(tokenID, "", PERMISSION_USER_FIXED); + ASSERT_EQ(RET_FAILED, ret); + + std::string invalidPerm(INVALID_PERMNAME_LEN, 'a'); + ret = AccessTokenKit::GrantPermission(tokenID, invalidPerm, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_FAILED, ret); + + ret = AccessTokenKit::GrantPermission(TEST_TOKENID_INVALID, TEST_PERMISSION_NAME_BETA, PERMISSION_USER_FIXED); ASSERT_EQ(RET_FAILED, ret); + + AccessTokenKit::DeleteToken(tokenID); + + ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_BETA, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); } /** - * @tc.name: DeleteToken002 - * @tc.desc: Delete invalid tokenID. + * @tc.name: GrantPermission003 + * @tc.desc: GrantPermission is invoked multiple times. * @tc.type: FUNC - * @tc.require: + * @tc.require:AR000GK6TF */ -HWTEST_F(AccessTokenKitTest, DeleteToken002, TestSize.Level1) +HWTEST_F(AccessTokenKitTest, GrantPermission003, TestSize.Level0) { - int ret = AccessTokenKit::DeleteToken(TEST_USER_ID_INVALID); + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + int ret = RET_FAILED; + for (int i = 0; i < CYCLE_TIMES; i++) { + ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA); + ASSERT_EQ(PERMISSION_GRANTED, ret); + + ret = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_ALPHA); + ASSERT_EQ(PERMISSION_USER_FIXED, ret); + } +} + +/** + * @tc.name: RevokePermission001 + * @tc.desc: Revoke permission that has ohos.permission.GRANT_SENSITIVE_PERMISSIONS + * @tc.type: FUNC + * @tc.require:AR000GK6TF AR000GK6TG + */ +HWTEST_F(AccessTokenKitTest, RevokePermission001, TestSize.Level0) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + int ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA); + ASSERT_EQ(PERMISSION_DENIED, ret); + + ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_BETA, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA); + ASSERT_EQ(PERMISSION_DENIED, ret); +} + +/** + * @tc.name: RevokePermission002 + * @tc.desc: Revoke permission that tokenID or permission is invalid. + * @tc.type: FUNC + * @tc.require:AR000GK6TF + */ +HWTEST_F(AccessTokenKitTest, RevokePermission002, TestSize.Level0) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + + int ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_GAMMA, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::RevokePermission(tokenID, "", PERMISSION_USER_FIXED); + ASSERT_EQ(RET_FAILED, ret); + + std::string invalidPerm(INVALID_PERMNAME_LEN, 'a'); + ret = AccessTokenKit::RevokePermission(tokenID, invalidPerm, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_FAILED, ret); + + ret = AccessTokenKit::RevokePermission(TEST_TOKENID_INVALID, TEST_PERMISSION_NAME_BETA, PERMISSION_USER_FIXED); ASSERT_EQ(RET_FAILED, ret); + + AccessTokenKit::DeleteToken(tokenID); + + ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_BETA, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); +} + +/** + * @tc.name: RevokePermission003 + * @tc.desc: RevokePermission is invoked multiple times. + * @tc.type: FUNC + * @tc.require:AR000GK6TF + */ +HWTEST_F(AccessTokenKitTest, RevokePermission003, TestSize.Level0) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + int ret = RET_FAILED; + for (int i = 0; i < CYCLE_TIMES; i++) { + ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA); + ASSERT_EQ(PERMISSION_DENIED, ret); + + ret = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_ALPHA); + ASSERT_EQ(PERMISSION_USER_FIXED, ret); + } +} + +/** + * @tc.name: ClearUserGrantedPermissionState001 + * @tc.desc: Clear user/system granted permission after ClearUserGrantedPermissionState has been invoked. + * @tc.type: FUNC + * @tc.require:AR000GK6TF AR000GK6TG + */ +HWTEST_F(AccessTokenKitTest, ClearUserGrantedPermissionState001, TestSize.Level0) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + int ret = AccessTokenKit::ClearUserGrantedPermissionState(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA); + ASSERT_EQ(PERMISSION_DENIED, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_BETA); + ASSERT_EQ(PERMISSION_GRANTED, ret); +} + +/** + * @tc.name: ClearUserGrantedPermissionState002 + * @tc.desc: Clear user/system granted permission that tokenID or permission is invalid. + * @tc.type: FUNC + * @tc.require:AR000GK6TF + */ +HWTEST_F(AccessTokenKitTest, ClearUserGrantedPermissionState002, TestSize.Level0) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + + int ret = AccessTokenKit::ClearUserGrantedPermissionState(TEST_TOKENID_INVALID); + ASSERT_EQ(RET_FAILED, ret); + + AccessTokenKit::DeleteToken(tokenID); + + ret = AccessTokenKit::ClearUserGrantedPermissionState(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); +} + +/** + * @tc.name: ClearUserGrantedPermissionState003 + * @tc.desc: ClearUserGrantedPermissionState is invoked multiple times. + * @tc.type: FUNC + * @tc.require:AR000GK6TF + */ +HWTEST_F(AccessTokenKitTest, ClearUserGrantedPermissionState003, TestSize.Level0) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + int ret = RET_FAILED; + for (int i = 0; i < CYCLE_TIMES; i++) { + ret = AccessTokenKit::ClearUserGrantedPermissionState(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA); + ASSERT_EQ(PERMISSION_DENIED, ret); + } +} + +/** + * @tc.name: GetTokenType001 + * @tc.desc: get the token type. + * @tc.type: FUNC + * @tc.require:AR000GK6TH + */ +HWTEST_F(AccessTokenKitTest, GetTokenType001, TestSize.Level0) +{ + AllocTestToken(); + AccessTokenID tokenID = GetAccessTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + int ret = AccessTokenKit::GetTokenType(tokenID); + ASSERT_EQ(TOKEN_HAP, ret); + DeleteTestToken(); +} + +/** + * @tc.name: GetHapTokenInfo001 + * @tc.desc: get the token info and verify. + * @tc.type: FUNC + * @tc.require:AR000GK6TH + */ +HWTEST_F(AccessTokenKitTest, GetHapTokenInfo001, TestSize.Level0) +{ + HapTokenInfo hapTokenInfoRes; + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + int ret = AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes); + ASSERT_EQ(RET_SUCCESS, ret); + + ASSERT_EQ(hapTokenInfoRes.apl, APL_NORMAL); + ASSERT_EQ(hapTokenInfoRes.userID, TEST_USER_ID); + ASSERT_EQ(hapTokenInfoRes.tokenID, tokenID); + ASSERT_EQ(hapTokenInfoRes.tokenAttr, 0); + ASSERT_EQ(hapTokenInfoRes.instIndex, 0); + + ASSERT_EQ(hapTokenInfoRes.appID, "appIDDesc"); + + ASSERT_EQ(hapTokenInfoRes.bundleName, TEST_BUNDLE_NAME); +} + +/** + * @tc.name: GetHapTokenInfo002 + * @tc.desc: try to get the token info with invalid tokenId. + * @tc.type: FUNC + * @tc.require:AR000GK6TH + */ +HWTEST_F(AccessTokenKitTest, GetHapTokenInfo002, TestSize.Level0) +{ + HapTokenInfo hapTokenInfoRes; + int ret = AccessTokenKit::GetHapTokenInfo(TEST_TOKENID_INVALID, hapTokenInfoRes); + ASSERT_EQ(RET_FAILED, ret); +} + +/** + * @tc.name: DeleteToken001 + * @tc.desc: Cannot get permission definition info after DeleteToken function has been invoked. + * @tc.type: FUNC + * @tc.require:AR000GK6TI + */ +HWTEST_F(AccessTokenKitTest, DeleteToken001, TestSize.Level1) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + PermissionDef permDefResultAlpha; + int ret = AccessTokenKit::GetDefPermission(TEST_PERMISSION_NAME_ALPHA, permDefResultAlpha); + ASSERT_EQ(TEST_PERMISSION_NAME_ALPHA, permDefResultAlpha.permissionName); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); + + PermissionDef defResult; + ret = AccessTokenKit::GetDefPermission(TEST_PERMISSION_NAME_ALPHA, defResult); + ASSERT_EQ(RET_FAILED, ret); +} + +/** + * @tc.name: DeleteToken002 + * @tc.desc: Delete invalid tokenID. + * @tc.type: FUNC + * @tc.require:AR000GK6TI + */ +HWTEST_F(AccessTokenKitTest, DeleteToken002, TestSize.Level1) +{ + int ret = AccessTokenKit::DeleteToken(TEST_USER_ID_INVALID); + ASSERT_EQ(RET_FAILED, ret); +} + +/** + * @tc.name: DeleteToken002 + * @tc.desc: Delete invalid tokenID. + * @tc.type: FUNC + * @tc.require:AR000GK6TI + */ +HWTEST_F(AccessTokenKitTest, DeleteToken003, TestSize.Level1) +{ + HapTokenInfo hapTokenInfoRes; + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + + int ret = AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes); + ASSERT_EQ(RET_FAILED, ret); +} + +/** + * @tc.name: DeleteToken004 + * @tc.desc: alloc a tokenId successfully, delete it successfully the first time and fail to delte it again. + * @tc.type: FUNC + * @tc.require:AR000GK6TI + */ +HWTEST_F(AccessTokenKitTest, DeleteToken004, TestSize.Level1) +{ + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + GTEST_LOG_(INFO) << "tokenIdEx.tokenIdExStruct.tokenID :" << tokenIdEx.tokenIdExStruct.tokenID; + AccessTokenID tokenID = GetAccessTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + + int ret = AccessTokenKit::DeleteToken(tokenID); + GTEST_LOG_(INFO) << "g_infoManagerTestInfoParms.userID :" << g_infoManagerTestInfoParms.userID; + GTEST_LOG_(INFO) << "g_infoManagerTestInfoParms.bundleName :" << g_infoManagerTestInfoParms.bundleName.c_str(); + GTEST_LOG_(INFO) << "g_infoManagerTestInfoParms.instIndex :" << g_infoManagerTestInfoParms.instIndex; + GTEST_LOG_(INFO) << "tokenID :" << tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + ret = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_FAILED, ret); +} + +/** + * @tc.name: GetHapTokenID001 + * @tc.desc: get hap tokenid. + * @tc.type: FUNC + * @tc.require:AR000GK6TH + */ +HWTEST_F(AccessTokenKitTest, GetHapTokenID001, TestSize.Level1) +{ + HapTokenInfo hapTokenInfoRes; + AccessTokenID tokenID; + tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + + int ret = AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(hapTokenInfoRes.bundleName, TEST_BUNDLE_NAME); +} + +/** + * @tc.name: GetHapTokenID002 + * @tc.desc: cannot get hap tokenid with invalid userId. + * @tc.type: FUNC + * @tc.require:AR000GK6TH + */ +HWTEST_F(AccessTokenKitTest, GetHapTokenID002, TestSize.Level1) +{ + AccessTokenID tokenID; + tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID_INVALID, TEST_BUNDLE_NAME, 0); + ASSERT_EQ(0, tokenID); +} + +/** + * @tc.name: GetHapTokenID003 + * @tc.desc: cannot get hap tokenid with invalid bundlename. + * @tc.type: FUNC + * @tc.require:AR000GK6TH + */ +HWTEST_F(AccessTokenKitTest, GetHapTokenID003, TestSize.Level1) +{ + AccessTokenID tokenID; + tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, "invalid bundlename", 0); + ASSERT_EQ(0, tokenID); +} + +/** + * @tc.name: GetHapTokenID003 + * @tc.desc: cannot get hap tokenid with invalid bundlename. + * @tc.type: FUNC + * @tc.require:AR000GK6TH + */ +HWTEST_F(AccessTokenKitTest, GetHapTokenID004, TestSize.Level1) +{ + AccessTokenID tokenID; + tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0xffff); + ASSERT_EQ(0, tokenID); +} + +/** + * @tc.name: AllocHapToken001 + * @tc.desc: alloc a tokenId successfully, delete it successfully the first time and fail to delte it again. + * @tc.type: FUNC + * @tc.require:AR000GK6TJ + */ +HWTEST_F(AccessTokenKitTest, AllocHapToken001, TestSize.Level1) +{ + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + GTEST_LOG_(INFO) << "tokenIdEx.tokenIdExStruct.tokenID :" << tokenIdEx.tokenIdExStruct.tokenID; + AccessTokenID tokenID = GetAccessTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + GTEST_LOG_(INFO) << "tokenID :" << tokenID; + int ret = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); + ret = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_FAILED, ret); +} + +/** + * @tc.name: AllocHapToken002 + * @tc.desc: alloc a tokenId successfully, + * and fail to alloc it with the same info and policy again. + * @tc.type: FUNC + * @tc.require:AR000GK6TJ + */ +HWTEST_F(AccessTokenKitTest, AllocHapToken002, TestSize.Level1) +{ + AccessTokenIDEx tokenIdEx = {0}; + AccessTokenID tokenID; + int ret; + + tokenID = GetAccessTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + + ret = AccessTokenKit::DeleteToken(tokenID); + GTEST_LOG_(INFO) << "DeleteToken ret:" << ret; + GTEST_LOG_(INFO) << "tokenID :" << tokenID; + + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + GTEST_LOG_(INFO) << "tokenIdEx.tokenIdExStruct.tokenID :" << tokenIdEx.tokenIdExStruct.tokenID; + + tokenID = GetAccessTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + GTEST_LOG_(INFO) << "tokenID :" << tokenID; + ASSERT_NE(0, tokenID); + + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_EQ(0, tokenIdEx.tokenIdExStruct.tokenID); + + ret = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); +} + +/** + * @tc.name: AllocHapToken003 + * @tc.desc: cannot alloc a tokenId with invalid bundlename. + * @tc.type: FUNC + * @tc.require:AR000GK6TJ + */ +HWTEST_F(AccessTokenKitTest, AllocHapToken003, TestSize.Level1) +{ + std::string invalidBundleName (INVALID_BUNDLENAME_LEN, 'x'); + AccessTokenIDEx tokenIdEx = {0}; + int ret; + AccessTokenID tokenID; + + DeleteTestToken(); + GTEST_LOG_(INFO) << "get hap token info:" << invalidBundleName.length(); + g_infoManagerTestInfoParms.bundleName = invalidBundleName; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + + ASSERT_EQ(0, tokenIdEx.tokenIdExStruct.tokenID); + + tokenID = GetAccessTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + ASSERT_EQ(0, tokenID); + ret = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_FAILED, ret); + + g_infoManagerTestInfoParms.bundleName = "accesstoken_test"; +} + +/** + * @tc.name: AllocHapToken004 + * @tc.desc: cannot alloc a tokenId with invalid apl. + * @tc.type: FUNC + * @tc.require:AR000GK6TJ + */ +HWTEST_F(AccessTokenKitTest, AllocHapToken004, TestSize.Level1) +{ + AccessTokenIDEx tokenIdEx = {0}; + AccessTokenID tokenID; + ATokenAplEnum typeBackUp = g_infoManagerTestPolicyPrams.apl; + DeleteTestToken(); + + g_infoManagerTestPolicyPrams.apl = (ATokenAplEnum)5; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + + ASSERT_EQ(0, tokenIdEx.tokenIdExStruct.tokenID); + + tokenID = GetAccessTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + ASSERT_EQ(0, tokenID); + int ret = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_FAILED, ret); + g_infoManagerTestPolicyPrams.apl = typeBackUp; +} + +/** + * @tc.name: AllocHapToken005 + * @tc.desc: can alloc a tokenId when bundlename in permdef is different with bundlename in info. + * @tc.type: FUNC + * @tc.require:AR000GK6TJ + */ +HWTEST_F(AccessTokenKitTest, AllocHapToken005, TestSize.Level1) +{ + AccessTokenIDEx tokenIdEx = {0}; + std::string backUp; + std::string backUpPermission; + std::string bundleNameBackUp = g_infoManagerTestPermDef1.bundleName; + DeleteTestToken(); + + backUp = g_infoManagerTestPolicyPrams.permList[0].bundleName; + backUpPermission = g_infoManagerTestPolicyPrams.permList[0].permissionName; + + g_infoManagerTestPolicyPrams.permList[0].bundleName = "invalid_bundleName"; + g_infoManagerTestPolicyPrams.permList[0].permissionName = "ohos.permission.testtmp01"; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_NE(0, tokenIdEx.tokenIdExStruct.tokenID); + + PermissionDef permDefResultBeta; + int ret = AccessTokenKit::GetDefPermission( + g_infoManagerTestPolicyPrams.permList[0].permissionName, permDefResultBeta); + ASSERT_EQ(RET_SUCCESS, ret); + ret = AccessTokenKit::GetDefPermission(g_infoManagerTestPolicyPrams.permList[1].permissionName, permDefResultBeta); + ASSERT_EQ(RET_SUCCESS, ret); + g_infoManagerTestPolicyPrams.permList[0].bundleName = backUp; + g_infoManagerTestPolicyPrams.permList[0].permissionName = backUpPermission; +} + +/** + * @tc.name: AllocHapToken006 + * @tc.desc: can alloc a tokenId with a invalid permList permissionName. + * @tc.type: FUNC + * @tc.require:AR000GK6TJ + */ +HWTEST_F(AccessTokenKitTest, AllocHapToken006, TestSize.Level1) +{ + AccessTokenIDEx tokenIdEx = {0}; + std::string backUp; + DeleteTestToken(); + + const std::string invalidPermissionName (INVALID_PERMNAME_LEN, 'x'); + backUp = g_infoManagerTestPolicyPrams.permList[0].permissionName; + g_infoManagerTestPolicyPrams.permList[0].permissionName = invalidPermissionName; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_NE(0, tokenIdEx.tokenIdExStruct.tokenID); + + PermissionDef permDefResultBeta; + int ret = AccessTokenKit::GetDefPermission(invalidPermissionName, permDefResultBeta); + ASSERT_EQ(RET_FAILED, ret); + ret = AccessTokenKit::GetDefPermission(g_infoManagerTestPolicyPrams.permList[1].permissionName, permDefResultBeta); + ASSERT_EQ(RET_SUCCESS, ret); + g_infoManagerTestPolicyPrams.permList[0].permissionName = backUp; +} + +/** + * @tc.name: AllocHapToken007 + * @tc.desc: can alloc a tokenId with invalid permdef. + * @tc.type: FUNC + * @tc.require:AR000GK6TJ + */ +HWTEST_F(AccessTokenKitTest, AllocHapToken007, TestSize.Level1) +{ + AccessTokenIDEx tokenIdEx = {0}; + std::string backUp; + std::string backUpPermission; + DeleteTestToken(); + + const std::string invalidBundleName (INVALID_BUNDLENAME_LEN, 'x'); + backUp = g_infoManagerTestPolicyPrams.permList[0].bundleName; + backUpPermission = g_infoManagerTestPolicyPrams.permList[0].permissionName; + + g_infoManagerTestPolicyPrams.permList[0].permissionName = "ohos.permission.testtmp02"; + g_infoManagerTestPolicyPrams.permList[0].bundleName = invalidBundleName; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_NE(0, tokenIdEx.tokenIdExStruct.tokenID); + + PermissionDef permDefResultBeta; + int ret = AccessTokenKit::GetDefPermission( + g_infoManagerTestPolicyPrams.permList[0].permissionName, permDefResultBeta); + ASSERT_EQ(RET_FAILED, ret); + ret = AccessTokenKit::GetDefPermission(g_infoManagerTestPolicyPrams.permList[1].permissionName, permDefResultBeta); + ASSERT_EQ(RET_SUCCESS, ret); + g_infoManagerTestPolicyPrams.permList[0].bundleName = backUp; + g_infoManagerTestPolicyPrams.permList[0].permissionName = backUpPermission; +} + +/** + * @tc.name: AllocHapToken008 + * @tc.desc: can alloc a tokenId with invalid permdef. + * @tc.type: FUNC + * @tc.require:AR000GK6TJ + */ +HWTEST_F(AccessTokenKitTest, AllocHapToken008, TestSize.Level1) +{ + AccessTokenIDEx tokenIdEx = {0}; + std::string backUp; + std::string backUpPermission; + DeleteTestToken(); + + const std::string invalidLabel (INVALID_LABEL_LEN, 'x'); + backUp = g_infoManagerTestPolicyPrams.permList[0].label; + backUpPermission = g_infoManagerTestPolicyPrams.permList[0].permissionName; + g_infoManagerTestPolicyPrams.permList[0].permissionName = "ohos.permission.testtmp03"; + g_infoManagerTestPolicyPrams.permList[0].label = invalidLabel; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_NE(0, tokenIdEx.tokenIdExStruct.tokenID); + + PermissionDef permDefResultBeta; + int ret = AccessTokenKit::GetDefPermission( + g_infoManagerTestPolicyPrams.permList[0].permissionName, permDefResultBeta); + ASSERT_EQ(RET_FAILED, ret); + ret = AccessTokenKit::GetDefPermission(g_infoManagerTestPolicyPrams.permList[1].permissionName, permDefResultBeta); + ASSERT_EQ(RET_SUCCESS, ret); + g_infoManagerTestPolicyPrams.permList[0].label = backUp; + g_infoManagerTestPolicyPrams.permList[0].permissionName = backUpPermission; +} + +/** + * @tc.name: AllocHapToken009 + * @tc.desc: can alloc a tokenId with invalid permdef. + * @tc.type: FUNC + * @tc.require:AR000GK6TJ + */ +HWTEST_F(AccessTokenKitTest, AllocHapToken009, TestSize.Level1) +{ + AccessTokenIDEx tokenIdEx = {0}; + std::string backUp; + std::string backUpPermission; + DeleteTestToken(); + + const std::string invalidDescription (INVALID_DESCRIPTION_LEN, 'x'); + backUp = g_infoManagerTestPolicyPrams.permList[0].description; + backUpPermission = g_infoManagerTestPolicyPrams.permList[0].permissionName; + + g_infoManagerTestPolicyPrams.permList[0].permissionName = "ohos.permission.testtmp04"; + g_infoManagerTestPolicyPrams.permList[0].description = invalidDescription; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_NE(0, tokenIdEx.tokenIdExStruct.tokenID); + + PermissionDef permDefResultBeta; + int ret = AccessTokenKit::GetDefPermission( + g_infoManagerTestPolicyPrams.permList[0].permissionName, permDefResultBeta); + ASSERT_EQ(RET_FAILED, ret); + ret = AccessTokenKit::GetDefPermission( + g_infoManagerTestPolicyPrams.permList[1].permissionName, permDefResultBeta); + ASSERT_EQ(RET_SUCCESS, ret); + + g_infoManagerTestPolicyPrams.permList[0].description = backUp; + g_infoManagerTestPolicyPrams.permList[0].permissionName = backUpPermission; +} + +static bool ExistInVector(vector array, unsigned int value) +{ + vector::iterator it; + it = find(array.begin(), array.end(), value); + if (it != array.end()) { + return true; + } else { + return false; + } +} + +/** + * @tc.name: AllocHapToken010 + * @tc.desc: alloc and delete in a loop. + * @tc.type: FUNC + * @tc.require:AR000GK6TJ + */ +HWTEST_F(AccessTokenKitTest, AllocHapToken010, TestSize.Level1) +{ + AccessTokenIDEx tokenIdEx = {0}; + AccessTokenID tokenID; + int ret; + bool exist = false; + + DeleteTestToken(); + vector obj; + for (int i = 0; i < CYCLE_TIMES; i++) { + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + tokenID = GetAccessTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + + exist = ExistInVector(obj, tokenID); + ASSERT_EQ(false, exist); + obj.push_back(tokenID); + + ret = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); + } +} + +/** + * @tc.name: AllocHapToken011 + * @tc.desc: cannot alloc a tokenId with invalid appIDDesc. + * @tc.type: FUNC + * @tc.require:AR000GK6TJ + */ +HWTEST_F(AccessTokenKitTest, AllocHapToken011, TestSize.Level1) +{ + std::string invalidAppIDDesc (INVALID_APPIDDESC_LEN, 'x'); + std::string backup; + AccessTokenIDEx tokenIdEx = {0}; + + DeleteTestToken(); + backup = g_infoManagerTestInfoParms.appIDDesc; + g_infoManagerTestInfoParms.appIDDesc = invalidAppIDDesc; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_EQ(0, tokenIdEx.tokenIdExStruct.tokenID); + g_infoManagerTestInfoParms.appIDDesc = backup; +} + +/** + * @tc.name: AllocHapToken012 + * @tc.desc: cannot alloc a tokenId with invalid bundleName. + * @tc.type: FUNC + * @tc.require:AR000GK6TJ + */ +HWTEST_F(AccessTokenKitTest, AllocHapToken012, TestSize.Level1) +{ + std::string backup; + AccessTokenIDEx tokenIdEx = {0}; + + backup = g_infoManagerTestInfoParms.bundleName; + g_infoManagerTestInfoParms.bundleName = ""; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_EQ(0, tokenIdEx.tokenIdExStruct.tokenID); + g_infoManagerTestInfoParms.bundleName = backup; +} + +/** + * @tc.name: AllocHapToken013 + * @tc.desc: cannot alloc a tokenId with invalid appIDDesc. + * @tc.type: FUNC + * @tc.require:AR000GK6TJ + */ +HWTEST_F(AccessTokenKitTest, AllocHapToken013, TestSize.Level1) +{ + std::string backup; + AccessTokenIDEx tokenIdEx = {0}; + + backup = g_infoManagerTestInfoParms.appIDDesc; + g_infoManagerTestInfoParms.appIDDesc = ""; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_EQ(0, tokenIdEx.tokenIdExStruct.tokenID); + g_infoManagerTestInfoParms.appIDDesc = backup; +} + +/** + * @tc.name: AllocHapToken014 + * @tc.desc: can alloc a tokenId with permList permissionName as "". + * @tc.type: FUNC + * @tc.require:AR000GK6TJ + */ +HWTEST_F(AccessTokenKitTest, AllocHapToken014, TestSize.Level1) +{ + std::string backup; + AccessTokenIDEx tokenIdEx = {0}; + + backup = g_infoManagerTestPolicyPrams.permList[0].permissionName; + g_infoManagerTestPolicyPrams.permList[0].permissionName = ""; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + PermissionDef permDefResultBeta; + int ret = AccessTokenKit::GetDefPermission("", permDefResultBeta); + ASSERT_EQ(RET_FAILED, ret); + g_infoManagerTestPolicyPrams.permList[0].permissionName = backup; +} + +/** + * @tc.name: AllocHapToken015 + * @tc.desc: can alloc a tokenId with permList bundleName as "". + * @tc.type: FUNC + * @tc.require:AR000GK6TJ + */ +HWTEST_F(AccessTokenKitTest, AllocHapToken015, TestSize.Level1) +{ + std::string backup; + std::string backUpPermission; + AccessTokenIDEx tokenIdEx = {0}; + + backup = g_infoManagerTestPolicyPrams.permList[0].bundleName; + backUpPermission = g_infoManagerTestPolicyPrams.permList[0].permissionName; + g_infoManagerTestPolicyPrams.permList[0].bundleName = ""; + g_infoManagerTestPolicyPrams.permList[0].permissionName = "ohos.permission.testtmp05"; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + + PermissionDef permDefResultBeta; + int ret = AccessTokenKit::GetDefPermission( + g_infoManagerTestPolicyPrams.permList[0].permissionName, permDefResultBeta); + ASSERT_EQ(RET_FAILED, ret); + ret = AccessTokenKit::GetDefPermission(g_infoManagerTestPolicyPrams.permList[1].permissionName, permDefResultBeta); + ASSERT_EQ(RET_SUCCESS, ret); + g_infoManagerTestPolicyPrams.permList[0].bundleName = backup; + g_infoManagerTestPolicyPrams.permList[0].permissionName = backUpPermission; +} + +/** + * @tc.name: AllocHapToken016 + * @tc.desc: can alloc a tokenId with label as "". + * @tc.type: FUNC + * @tc.require:AR000GK6TJ + */ +HWTEST_F(AccessTokenKitTest, AllocHapToken016, TestSize.Level1) +{ + std::string backup; + std::string backUpPermission; + AccessTokenIDEx tokenIdEx = {0}; + + backup = g_infoManagerTestPolicyPrams.permList[0].label; + g_infoManagerTestPolicyPrams.permList[0].label = ""; + backUpPermission = g_infoManagerTestPolicyPrams.permList[0].permissionName; + g_infoManagerTestPolicyPrams.permList[0].permissionName = "ohos.permission.testtmp06"; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + + PermissionDef permDefResult; + int ret = AccessTokenKit::GetDefPermission(g_infoManagerTestPolicyPrams.permList[0].permissionName, permDefResult); + ASSERT_EQ(ret, RET_SUCCESS); + g_infoManagerTestPolicyPrams.permList[0].label = backup; + g_infoManagerTestPolicyPrams.permList[0].permissionName = backUpPermission; +} + +/** + * @tc.name: AllocHapToken017 + * @tc.desc: cannot alloc a tokenId with invalid permdef. + * @tc.type: FUNC + * @tc.require:AR000GK6TJ + */ +HWTEST_F(AccessTokenKitTest, AllocHapToken017, TestSize.Level1) +{ + std::string backUpPermission; + std::string backup; + AccessTokenIDEx tokenIdEx = {0}; + + backup = g_infoManagerTestPolicyPrams.permList[0].description; + g_infoManagerTestPolicyPrams.permList[0].description = ""; + backUpPermission = g_infoManagerTestPolicyPrams.permList[0].permissionName; + g_infoManagerTestPolicyPrams.permList[0].permissionName = "ohos.permission.testtmp07"; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + + PermissionDef permDefResult; + int ret = AccessTokenKit::GetDefPermission(g_infoManagerTestPolicyPrams.permList[0].permissionName, permDefResult); + ASSERT_EQ(ret, RET_SUCCESS); + g_infoManagerTestPolicyPrams.permList[0].description = backup; + g_infoManagerTestPolicyPrams.permList[0].permissionName = backUpPermission; +} + +/** + * @tc.name: UpdateHapToken001 + * @tc.desc: alloc a tokenId successfully, update it successfully and verify it. + * @tc.type: FUNC + * @tc.require:AR000GK6TJ + */ +HWTEST_F(AccessTokenKitTest, UpdateHapToken001, TestSize.Level1) +{ + int userID = g_infoManagerTestInfoParms.userID; + const std::string bundleName = g_infoManagerTestInfoParms.bundleName; + int instIndex = g_infoManagerTestInfoParms.instIndex; + + const std::string appIDDesc = "housework app"; + + DeleteTestToken(); + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + GTEST_LOG_(INFO) << "tokenID :" << tokenIdEx.tokenIdExStruct.tokenID; + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(userID, bundleName, instIndex); + GTEST_LOG_(INFO) << "tokenID :" << tokenID; + g_infoManagerTestPolicyPrams.apl = APL_SYSTEM_BASIC; + + int ret = AccessTokenKit::UpdateHapToken(tokenID, appIDDesc, g_infoManagerTestPolicyPrams); + ASSERT_EQ(0, ret); + + HapTokenInfo hapTokenInfoRes; + ret = AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes); + ASSERT_EQ(RET_SUCCESS, ret); + + ASSERT_EQ(hapTokenInfoRes.appID, "housework app"); + ASSERT_EQ(hapTokenInfoRes.apl, APL_SYSTEM_BASIC); + + ret = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); +} + +/** + * @tc.name: UpdateHapToken002 + * @tc.desc: cannot update hap token info with invalid userId. + * @tc.type: FUNC + * @tc.require:AR000GK6TJ + */ +HWTEST_F(AccessTokenKitTest, UpdateHapToken002, TestSize.Level1) +{ + int ret = AccessTokenKit::UpdateHapToken(TEST_USER_ID_INVALID, "appIDDesc", g_infoManagerTestPolicyPrams); + ASSERT_EQ(RET_FAILED, ret); +} + +/** + * @tc.name: UpdateHapToken003 + * @tc.desc: cannot update hap token info with invalid appIDDesc. + * @tc.type: FUNC + * @tc.require:AR000GK6TJ + */ +HWTEST_F(AccessTokenKitTest, UpdateHapToken003, TestSize.Level1) +{ + int userID = g_infoManagerTestInfoParms.userID; + const std::string bundleName = g_infoManagerTestInfoParms.bundleName; + int instIndex = g_infoManagerTestInfoParms.instIndex; + + const std::string appIDDesc (INVALID_APPIDDESC_LEN, 'x'); + + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(userID, bundleName, instIndex); + + int ret = AccessTokenKit::UpdateHapToken(tokenID, appIDDesc, g_infoManagerTestPolicyPrams); + ASSERT_EQ(RET_FAILED, ret); + + HapTokenInfo hapTokenInfoRes; + ret = AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes); + ASSERT_EQ(RET_SUCCESS, ret); + + ASSERT_EQ(hapTokenInfoRes.appID, "testtesttesttest"); + + ret = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); +} + +/** + * @tc.name: UpdateHapToken004 + * @tc.desc: cannot update a tokenId with invalid apl. + * @tc.type: FUNC + * @tc.require:AR000GK6TJ + */ +HWTEST_F(AccessTokenKitTest, UpdateHapToken004, TestSize.Level1) +{ + int userID = g_infoManagerTestInfoParms.userID; + const std::string bundleName = g_infoManagerTestInfoParms.bundleName; + int instIndex = g_infoManagerTestInfoParms.instIndex; + + const std::string appIDDesc = "housework app"; + + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(userID, bundleName, instIndex); + + g_infoManagerTestPolicyPrams.apl = (ATokenAplEnum)5; + + int ret = AccessTokenKit::UpdateHapToken(tokenID, appIDDesc, g_infoManagerTestPolicyPrams); + ASSERT_EQ(RET_FAILED, ret); + + HapTokenInfo hapTokenInfoRes; + ret = AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes); + ASSERT_EQ(RET_SUCCESS, ret); + + ASSERT_EQ(hapTokenInfoRes.apl, APL_NORMAL); + + ret = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); +} + +/** + * @tc.name: UpdateHapToken005 + * @tc.desc: cannot update a tokenId with invalid string value. + * @tc.type: FUNC + * @tc.require:AR000GK6TJ + */ +HWTEST_F(AccessTokenKitTest, UpdateHapToken005, TestSize.Level1) +{ + std::string backUpPermission; + const std::string appIDDesc = g_infoManagerTestInfoParms.appIDDesc; + PermissionDef permDefResult; + + DeleteTestToken(); + g_infoManagerTestInfoParms.bundleName = "test_UpdateHapToken005"; + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ASSERT_NE(0, tokenID); + + std::string backup = g_infoManagerTestPolicyPrams.permList[0].permissionName; + g_infoManagerTestPolicyPrams.permList[0].permissionName = ""; + int ret = AccessTokenKit::UpdateHapToken(tokenID, appIDDesc, g_infoManagerTestPolicyPrams); + ret = AccessTokenKit::GetDefPermission(g_infoManagerTestPolicyPrams.permList[0].permissionName, permDefResult); + ASSERT_EQ(RET_FAILED, ret); + g_infoManagerTestPolicyPrams.permList[0].permissionName = backup; + + backUpPermission = g_infoManagerTestPolicyPrams.permList[0].permissionName; + g_infoManagerTestPolicyPrams.permList[0].permissionName = "ohos.permission.testtmp11"; + backup = g_infoManagerTestPolicyPrams.permList[0].bundleName; + g_infoManagerTestPolicyPrams.permList[0].bundleName = ""; + ret = AccessTokenKit::UpdateHapToken(tokenID, appIDDesc, g_infoManagerTestPolicyPrams); + ret = AccessTokenKit::GetDefPermission(g_infoManagerTestPolicyPrams.permList[0].permissionName, permDefResult); + ASSERT_EQ(RET_FAILED, ret); + g_infoManagerTestPolicyPrams.permList[0].bundleName = backup; + g_infoManagerTestPolicyPrams.permList[0].permissionName = backUpPermission; + + backUpPermission = g_infoManagerTestPolicyPrams.permList[0].permissionName; + g_infoManagerTestPolicyPrams.permList[0].permissionName = "ohos.permission.testtmp12"; + backup = g_infoManagerTestPolicyPrams.permList[0].label; + g_infoManagerTestPolicyPrams.permList[0].label = ""; + ret = AccessTokenKit::UpdateHapToken(tokenID, appIDDesc, g_infoManagerTestPolicyPrams); + ASSERT_EQ(RET_SUCCESS, ret); + ret = AccessTokenKit::GetDefPermission(g_infoManagerTestPolicyPrams.permList[0].permissionName, permDefResult); + ASSERT_EQ(RET_SUCCESS, ret); + g_infoManagerTestPolicyPrams.permList[0].label = backup; + g_infoManagerTestPolicyPrams.permList[0].permissionName = backUpPermission; + + backUpPermission = g_infoManagerTestPolicyPrams.permList[0].permissionName; + g_infoManagerTestPolicyPrams.permList[0].permissionName = "ohos.permission.testtmp13"; + backup = g_infoManagerTestPolicyPrams.permList[0].description; + g_infoManagerTestPolicyPrams.permList[0].description = ""; + ret = AccessTokenKit::UpdateHapToken(tokenID, appIDDesc, g_infoManagerTestPolicyPrams); + ASSERT_EQ(RET_SUCCESS, ret); + ret = AccessTokenKit::GetDefPermission(g_infoManagerTestPolicyPrams.permList[0].permissionName, permDefResult); + ASSERT_EQ(RET_SUCCESS, ret); + g_infoManagerTestPolicyPrams.permList[0].description = backup; + g_infoManagerTestPolicyPrams.permList[0].permissionName = backUpPermission; + + ret = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); +} + +/** + * @tc.name: UpdateHapToken006 + * @tc.desc: update a batch of tokenId. + * @tc.type: FUNC + * @tc.require:AR000GK6TJ + */ +HWTEST_F(AccessTokenKitTest, UpdateHapToken006, TestSize.Level1) +{ + AccessTokenIDEx tokenIdEx = {0}; + AccessTokenID tokenID; + int ret; + vector obj; + bool exist; + const std::string appIDDesc = g_infoManagerTestInfoParms.appIDDesc; + HapInfoParams infoManagerTestInfo = g_infoManagerTestInfoParms; + DeleteTestToken(); + + for (int i = 0; i < CYCLE_TIMES; i++) { + tokenIdEx = AccessTokenKit::AllocHapToken(infoManagerTestInfo, g_infoManagerTestPolicyPrams); + tokenID = GetAccessTokenID(infoManagerTestInfo.userID, + infoManagerTestInfo.bundleName, + infoManagerTestInfo.instIndex); + + exist = ExistInVector(obj, tokenID); + ASSERT_EQ(false, exist); + obj.push_back(tokenID); + infoManagerTestInfo.userID++; + } + + infoManagerTestInfo.instIndex = 1; + g_infoManagerTestPolicyPrams.apl = APL_SYSTEM_BASIC; + for (int i = 0; i < obj.size(); i++) { + ret = AccessTokenKit::UpdateHapToken(obj[i], appIDDesc, g_infoManagerTestPolicyPrams); + ASSERT_EQ(RET_SUCCESS, ret); + } + g_infoManagerTestPolicyPrams.apl = APL_NORMAL; + + for (int i = 0; i < obj.size(); i++) { + ret = AccessTokenKit::DeleteToken(obj[i]); + ASSERT_EQ(RET_SUCCESS, ret); + } +} + +/** + * @tc.name: UpdateHapToken007 + * @tc.desc: add new permissdef. + * @tc.type: FUNC + * @tc.require:AR000GK6TJ + */ +HWTEST_F(AccessTokenKitTest, UpdateHapToken007, TestSize.Level1) +{ + int ret; + std::string backup; + const std::string appIDDesc = g_infoManagerTestInfoParms.appIDDesc; + DeleteTestToken(); + + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + GTEST_LOG_(INFO) << "tokenID :" << tokenID; + + PermissionDef permDefResult; + /* check permission define befor update */ + ret = AccessTokenKit::GetDefPermission("ohos.permission.test3", permDefResult); + ASSERT_EQ(RET_FAILED, ret); + + backup = g_infoManagerTestPolicyPrams.permList[0].permissionName; + g_infoManagerTestPolicyPrams.permList[0].permissionName = "ohos.permission.test3"; + ret = AccessTokenKit::UpdateHapToken(tokenID, appIDDesc, g_infoManagerTestPolicyPrams); + ASSERT_EQ(RET_SUCCESS, ret); + g_infoManagerTestPolicyPrams.permList[0].permissionName = backup; + + GTEST_LOG_(INFO) << "permissionName :" << g_infoManagerTestPolicyPrams.permList[0].permissionName; + + ret = AccessTokenKit::GetDefPermission("ohos.permission.test3", permDefResult); + if (ret != RET_SUCCESS) { + ret = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); + } + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ("ohos.permission.test3", permDefResult.permissionName); + + ret = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); +} +/** + * @tc.name: UpdateHapToken008 + * @tc.desc: modify permissdef's grantMode. + * @tc.type: FUNC + * @tc.require:AR000GK6TJ + */ +HWTEST_F(AccessTokenKitTest, UpdateHapToken008, TestSize.Level1) +{ + int ret; + std::string backup; + const std::string appIDDesc = g_infoManagerTestInfoParms.appIDDesc; + DeleteTestToken(); + + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + GTEST_LOG_(INFO) << "tokenID :" << tokenID; + + PermissionDef permDefResult; + /* check permission define befor update */ + ret = AccessTokenKit::GetDefPermission(g_infoManagerTestPolicyPrams.permList[0].permissionName, permDefResult); + ASSERT_EQ(g_infoManagerTestPolicyPrams.permList[0].permissionName, permDefResult.permissionName); + ASSERT_EQ("label", permDefResult.label); + ASSERT_EQ(1, permDefResult.grantMode); + ASSERT_EQ(RET_SUCCESS, ret); + + backup = g_infoManagerTestPolicyPrams.permList[0].label; + g_infoManagerTestPolicyPrams.permList[0].grantMode = 0; + g_infoManagerTestPolicyPrams.permList[0].label = "updated label"; + ret = AccessTokenKit::UpdateHapToken(tokenID, appIDDesc, g_infoManagerTestPolicyPrams); + ASSERT_EQ(RET_SUCCESS, ret); + g_infoManagerTestPolicyPrams.permList[0].label = backup; + g_infoManagerTestPolicyPrams.permList[0].grantMode = 1; + + /* check permission define after update */ + ret = AccessTokenKit::GetDefPermission(g_infoManagerTestPolicyPrams.permList[0].permissionName, permDefResult); + ASSERT_EQ(g_infoManagerTestPolicyPrams.permList[0].permissionName, permDefResult.permissionName); + ASSERT_EQ("updated label", permDefResult.label); + ASSERT_EQ(0, permDefResult.grantMode); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); +} + +/** + * @tc.name: UpdateHapToken009 + * @tc.desc: old permission define will not update its grantStatus. + * @tc.type: FUNC + * @tc.require:AR000GK6TJ + */ +HWTEST_F(AccessTokenKitTest, UpdateHapToken009, TestSize.Level1) +{ + int ret; + std::vector permDefList; + const std::string appIDDesc = g_infoManagerTestInfoParms.appIDDesc; + PermissionDef infoManagerTestPermDef = g_infoManagerTestPermDef1; + PermissionStateFull infoManagerTestState = { + .grantFlags = {PermissionState::PERMISSION_DENIED}, + .grantStatus = {3}, + .isGeneral = true, + .permissionName = "ohos.permission.test1", + .resDeviceID = {"local"}}; + + HapPolicyParams infoManagerTestPolicyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain", + .permList = {infoManagerTestPermDef}, + .permStateList = {infoManagerTestState}}; + + DeleteTestToken(); + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + GTEST_LOG_(INFO) << "tokenID :" << tokenID; + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.test1"); + ASSERT_EQ(ret, g_infoManagerTestState1.grantStatus[0]); + + ret = AccessTokenKit::UpdateHapToken(tokenID, appIDDesc, infoManagerTestPolicyPrams); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.test1"); + ASSERT_EQ(ret, PermissionState::PERMISSION_DENIED); + + ret = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); +} + +static void *ThreadTestFunc01(void *args) +{ + ATokenTypeEnum type; + AccessTokenID tokenID; + + for (int i = 0; i < CYCLE_TIMES; i++) { + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + type = AccessTokenKit::GetTokenType(tokenID); + if (type != TOKEN_HAP) { + GTEST_LOG_(INFO) << "ThreadTestFunc01 failed" << tokenID; + } + } + return NULL; +} + +static void *ThreadTestFunc02(void *args) +{ + int ret; + AccessTokenID tokenID; + HapTokenInfo hapTokenInfoRes; + + for (int i = 0; i < CYCLE_TIMES; i++) { + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + ret = AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes); + if (ret != RET_SUCCESS) { + GTEST_LOG_(INFO) << "ThreadTestFunc02 failed" << tokenID; + } + } + return NULL; +} + +/** + * @tc.name: AllocHapToken011 + * @tc.desc: Mulitpulthread test. + * @tc.type: FUNC + * @tc.require:AR000GK6TJ + */ +HWTEST_F(AccessTokenKitTest, Mulitpulthread001, TestSize.Level1) +{ + int ret; + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_NE(0, tokenIdEx.tokenIdExStruct.tokenID); + pthread_t tid[2]; + (void)pthread_create(&tid[0], 0, &ThreadTestFunc01, NULL); + (void)pthread_create(&tid[1], 0, &ThreadTestFunc01, NULL); + pthread_join(tid[0], NULL); + pthread_join(tid[1], NULL); + + (void)pthread_create(&tid[0], 0, &ThreadTestFunc02, NULL); + (void)pthread_create(&tid[1], 0, &ThreadTestFunc02, NULL); + pthread_join(tid[0], NULL); + pthread_join(tid[1], NULL); + + ret = AccessTokenKit::DeleteToken(tokenIdEx.tokenIdExStruct.tokenID); + ASSERT_EQ(RET_SUCCESS, ret); +} + +void ConcurrencyTask(unsigned int tokenID) +{ + for (int i = 0; i < CYCLE_TIMES; i++) { + AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED); + AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_ALPHA); + AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA); + + AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_SET); + AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_ALPHA); + AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA); + } +} + +/** + * @tc.name: ConcurrencyTest001 + * @tc.desc: Concurrency testing + * @tc.type: FUNC + * @tc.require:AR000GM5FC AR000GK6T8 AR000GK6TF + */ +HWTEST_F(AccessTokenKitTest, ConcurrencyTest001, TestSize.Level1) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(0, tokenID); + std::vector threadVec; + for (int i = 0; i < THREAD_NUM; i++) { + threadVec.emplace_back(std::thread(ConcurrencyTask, tokenID)); + } + for (auto it = threadVec.begin(); it != threadVec.end(); it++) { + it->join(); + } } diff --git a/interfaces/innerkits/accesstoken/test/unittest/cpp/src/accesstoken_kit_test.h b/interfaces/innerkits/accesstoken/test/unittest/cpp/src/accesstoken_kit_test.h index 25de97777f62a265f66b7da8e7911faa359495fd..06eb17525accc67cea3d65e4d39dcb329b418b53 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/cpp/src/accesstoken_kit_test.h +++ b/interfaces/innerkits/accesstoken/test/unittest/cpp/src/accesstoken_kit_test.h @@ -28,6 +28,13 @@ static const std::string TEST_PERMISSION_NAME_GAMMA = "ohos.permission.GAMMA"; static const int TEST_USER_ID = 0; static const int TEST_USER_ID_INVALID = -1; static const unsigned int TEST_TOKENID_INVALID = 0; +static const int INVALID_BUNDLENAME_LEN = 260; +static const int INVALID_APPIDDESC_LEN = 10244; +static const int INVALID_LABEL_LEN = 260; +static const int INVALID_DESCRIPTION_LEN = 260; +static const int INVALID_PERMNAME_LEN = 260; +static const int CYCLE_TIMES = 100; +static const int THREAD_NUM = 3; class AccessTokenKitTest : public testing::Test { public: static void SetUpTestCase(); @@ -38,6 +45,8 @@ public: void TearDown(); unsigned int GetAccessTokenID(int userID, std::string bundleName, int instIndex); + void DeleteTestToken() const; + void AllocTestToken() const; }; } // namespace AccessToken } // namespace Security diff --git a/interfaces/innerkits/nativetoken/BUILD.gn b/interfaces/innerkits/atlib/BUILD.gn similarity index 76% rename from interfaces/innerkits/nativetoken/BUILD.gn rename to interfaces/innerkits/atlib/BUILD.gn index 29099e670ad8d321e457f6b211fdc347261b8f57..b24aa1ff738ad6f26f26e808fd64d7469c337124 100644 --- a/interfaces/innerkits/nativetoken/BUILD.gn +++ b/interfaces/innerkits/atlib/BUILD.gn @@ -29,27 +29,27 @@ ohos_shared_library("libaccesstoken_lib") { public_configs = [ ":accesstokenlib" ] cflags = [ "-Wall" ] + cflags += [ "-pthread" ] include_dirs = [ "//utils/native/base/include", + "//base/security/access_token/frameworks/common/include", "main/include", "main/src", "//third_party/cJSON", "//third_party/bounds_checking_function/include", - "//base/hiviewdfx/hilog_lite/interfaces/native/kits", + "//base/startup/syspara_lite/interfaces/innerkits/native/syspara/include/", ] - sources = [ - "main/src/accesstoken_lib.c", - ] + sources = [ "main/src/accesstoken_lib.c" ] deps = [ - "//utils/native/base:utils", + "//base/security/access_token/frameworks/common:accesstoken_common_cxx", + "//base/startup/syspara_lite/interfaces/innerkits/native/syspara:syspara", "//third_party/cJSON:cjson_static", + "//utils/native/base:utils", "//utils/native/base:utilsecurec_shared", ] - external_deps = [ - "hiviewdfx_hilog_native:libhilog", - ] + external_deps = [ "hiviewdfx_hilog_native:libhilog" ] } diff --git a/interfaces/innerkits/nativetoken/main/include/accesstoken_lib.h b/interfaces/innerkits/atlib/main/include/accesstoken_lib.h similarity index 79% rename from interfaces/innerkits/nativetoken/main/include/accesstoken_lib.h rename to interfaces/innerkits/atlib/main/include/accesstoken_lib.h index da37447118b727d4d3f5bea57060b0dc4fc9b725..e28f4b5e6bec1496d41080ad7280368c6df234e1 100644 --- a/interfaces/innerkits/nativetoken/main/include/accesstoken_lib.h +++ b/interfaces/innerkits/atlib/main/include/accesstoken_lib.h @@ -34,13 +34,18 @@ extern "C" { #define MAX_PROCESS_NAME_LEN 256 #define TOKEN_ID_CFG_PATH "/data/token.json" -#define SOCKET_FILE "/data/token_unix_socket" -#define ERR 1 -#define SUCCESS 0 +#define SOCKET_FILE "/data/system/token_unix_socket.socket" +#define ATRET_FAILED 1 +#define ATRET_SUCCESS 0 #define TOKEN_NATIVE_TYPE 1 #define DEFAULT_AT_VERSION 1 #define TRANSFER_KEY_WORDS "NativeTokenInfo" #define MAX_JSON_FILE_LEN 102400 +#define MAX_DCAPS_NUM 32 +#define MAX_DCAP_LEN 1024 +#define MAX_PARAMTER_LEN 128 +#define SYSTEM_PROP_NATIVE_RECEPTOR "rw.nativetoken.receptor.startup" +#define PATH_MAX_LEN 4096 typedef unsigned int NativeAtId; typedef unsigned int NativeAtAttr; @@ -73,8 +78,8 @@ typedef struct TokenQueue { struct TokenQueue *next; } NativeTokenQueue; -#define TOKEN_QUEUE_NODE_INFO_SET(tmp, aplStr, processname, tokenId, exist, dcap, dacpNum) do { \ - (tmp).apl = GetAplLevel((aplStr)); \ +#define TOKEN_QUEUE_NODE_INFO_SET(tmp, apl, processname, tokenId, exist, dcap, dacpNum) do { \ + (tmp).apl = (apl); \ (tmp).processName = (processname); \ (tmp).tokenId = (tokenId); \ (tmp).flag = (exist); \ @@ -82,8 +87,7 @@ typedef struct TokenQueue { (tmp).dcapsNum = (dacpNum); \ } while (0) -extern void *ThreadTransferFunc(const void *args); - +extern char *GetFileBuff(const char *cfg); #ifdef __cplusplus } #endif diff --git a/interfaces/innerkits/nativetoken/main/include/accesstoken_log.h b/interfaces/innerkits/atlib/main/include/accesstoken_log.h similarity index 71% rename from interfaces/innerkits/nativetoken/main/include/accesstoken_log.h rename to interfaces/innerkits/atlib/main/include/accesstoken_log.h index cdf5fa761840922ab558017cb9a08e202e77f755..a0338d25e7ee0b78321a60a69805dfbb1331d6ac 100644 --- a/interfaces/innerkits/nativetoken/main/include/accesstoken_log.h +++ b/interfaces/innerkits/atlib/main/include/accesstoken_log.h @@ -38,11 +38,11 @@ /* define LOG_TAG as "security_*" at your submodule, * means your submodule name such as "security_dac" */ #define LOG_TAG "accssToken_" -#define ACCESSTOKEN_LOG_DEBUG(fmt, ...) printf("[%s] debug: %s: " fmt "\n", LOG_TAG, __func__, ##__VA_ARGS__) -#define ACCESSTOKEN_LOG_INFO(fmt, ...) printf("[%s] info: %s: " fmt "\n", LOG_TAG, __func__, ##__VA_ARGS__) -#define ACCESSTOKEN_LOG_WARN(fmt, ...) printf("[%s] warn: %s: " fmt "\n", LOG_TAG, __func__, ##__VA_ARGS__) -#define ACCESSTOKEN_LOG_ERROR(fmt, ...) printf("[%s] error: %s: " fmt "\n", LOG_TAG, __func__, ##__VA_ARGS__) -#define ACCESSTOKEN_LOG_FATAL(fmt, ...) printf("[%s] fatal: %s: " fmt "\n", LOG_TAG, __func__, ##__VA_ARGS__) +#define ACCESSTOKEN_LOG_DEBUG(fmt, ...) printf("[%s] debug: " fmt "\n", LOG_TAG, ##__VA_ARGS__) +#define ACCESSTOKEN_LOG_INFO(fmt, ...) printf("[%s] info: " fmt "\n", LOG_TAG, ##__VA_ARGS__) +#define ACCESSTOKEN_LOG_WARN(fmt, ...) printf("[%s] warn: " fmt "\n", LOG_TAG, ##__VA_ARGS__) +#define ACCESSTOKEN_LOG_ERROR(fmt, ...) printf("[%s] error: " fmt "\n", LOG_TAG, ##__VA_ARGS__) +#define ACCESSTOKEN_LOG_FATAL(fmt, ...) printf("[%s] fatal: " fmt "\n", LOG_TAG, ##__VA_ARGS__) #endif // HILOG_ENABLE diff --git a/interfaces/innerkits/nativetoken/main/include/accesstokenlib_kit.h b/interfaces/innerkits/atlib/main/include/accesstokenlib_kit.h similarity index 100% rename from interfaces/innerkits/nativetoken/main/include/accesstokenlib_kit.h rename to interfaces/innerkits/atlib/main/include/accesstokenlib_kit.h diff --git a/interfaces/innerkits/nativetoken/main/src/accesstoken_lib.c b/interfaces/innerkits/atlib/main/src/accesstoken_lib.c similarity index 41% rename from interfaces/innerkits/nativetoken/main/src/accesstoken_lib.c rename to interfaces/innerkits/atlib/main/src/accesstoken_lib.c index 7a921900ee11fce8eb03420afeceba6ae03a30a1..e227657be755480bacabed3a2316f0c201b9f541 100644 --- a/interfaces/innerkits/nativetoken/main/src/accesstoken_lib.c +++ b/interfaces/innerkits/atlib/main/src/accesstoken_lib.c @@ -12,14 +12,15 @@ * See the License for the specific language governing ACCESSTOKENs and * limitations under the License. */ - #include "accesstoken_lib.h" #include "accesstokenlib_kit.h" +#include "parameter.h" +#include "random.h" NativeTokenQueue *g_tokenQueueHead; NativeTokenList *g_tokenListHead; -int g_isAtmExist; -int g_signalFd; +int32_t g_isAtmExist; +int32_t g_signalFd; static pthread_mutex_t g_tokenQueueHeadLock = PTHREAD_MUTEX_INITIALIZER; char *GetFileBuff(const char *cfg) @@ -27,33 +28,39 @@ char *GetFileBuff(const char *cfg) char *buff = NULL; FILE *cfgFd = NULL; struct stat fileStat; - int fileSize; + int32_t fileSize; if (stat(cfg, &fileStat) != 0) { - ACCESSTOKEN_LOG_ERROR("stat file failed."); + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:stat file failed.", __func__); return NULL; } - fileSize = (int)fileStat.st_size; + fileSize = (int32_t)fileStat.st_size; if ((fileSize < 0) || (fileSize > MAX_JSON_FILE_LEN)) { - ACCESSTOKEN_LOG_ERROR("stat file size is invalid."); + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:stat file size is invalid.", __func__); + return NULL; + } + + char filePath[PATH_MAX_LEN + 1] = {0}; + if (realpath(cfg, filePath) == NULL) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:invalid filePath.", __func__); return NULL; } - cfgFd = fopen(cfg, "r"); + cfgFd = fopen(filePath, "r"); if (cfgFd == NULL) { - ACCESSTOKEN_LOG_ERROR("fopen file failed."); + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:fopen file failed.", __func__); return NULL; } buff = (char *)malloc((size_t)(fileSize + 1)); if (buff == NULL) { - ACCESSTOKEN_LOG_ERROR("memory alloc failed."); + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:memory alloc failed.", __func__); fclose(cfgFd); return NULL; } if (fread(buff, fileSize, 1, cfgFd) != 1) { - ACCESSTOKEN_LOG_ERROR("fread failed."); + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:fread failed.", __func__); free(buff); buff = NULL; } else { @@ -64,51 +71,61 @@ char *GetFileBuff(const char *cfg) return buff; } -int GetTokenList(const cJSON *object) +int32_t GetTokenList(const cJSON *object) { + cJSON *cjsonItem = NULL; + int32_t arraySize; + int32_t i; + cJSON *processNameJson = NULL; + cJSON *tokenIdJson = NULL; + NativeTokenList *tmp = NULL; + if (object == NULL) { - return ERR; + return ATRET_FAILED; } - int arraySize = cJSON_GetArraySize(object); - - for (int i = 0; i < arraySize; i++) { - cJSON *cjsonItem = cJSON_GetArrayItem(object, i); - cJSON *processNameJson = cJSON_GetObjectItem(cjsonItem, "processName"); - cJSON *tokenIdJson = cJSON_GetObjectItem(cjsonItem, "tokenId"); + arraySize = cJSON_GetArraySize(object); + for (i = 0; i < arraySize; i++) { + cjsonItem = cJSON_GetArrayItem(object, i); + processNameJson = cJSON_GetObjectItem(cjsonItem, "processName"); + tokenIdJson = cJSON_GetObjectItem(cjsonItem, "tokenId"); if (cJSON_IsString(processNameJson) == 0 || (strlen(processNameJson->valuestring) > MAX_PROCESS_NAME_LEN)) { - ACCESSTOKEN_LOG_ERROR("processNameJson is invalid."); - return ERR; + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:processNameJson is invalid.", __func__); + return ATRET_FAILED; } if ((cJSON_IsNumber(tokenIdJson) == 0) || (cJSON_GetNumberValue(tokenIdJson) <= 0)) { - ACCESSTOKEN_LOG_ERROR("tokenIdJson is invalid."); - return ERR; + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:tokenIdJson is invalid.", __func__); + return ATRET_FAILED; } - NativeTokenList *tmp = (NativeTokenList *)malloc(sizeof(NativeTokenList)); + tmp = (NativeTokenList *)malloc(sizeof(NativeTokenList)); if (tmp == NULL) { - ACCESSTOKEN_LOG_ERROR("memory alloc failed."); - return ERR; + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:memory alloc failed.", __func__); + return ATRET_FAILED; + } + if (strcpy_s(tmp->processName, MAX_PROCESS_NAME_LEN, processNameJson->valuestring) != EOK) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:strcpy_s failed.", __func__); + free(tmp); + return ATRET_FAILED; } - (void)strcpy_s(tmp->processName, MAX_PROCESS_NAME_LEN, processNameJson->valuestring); tmp->tokenId = tokenIdJson->valueint; tmp->next = g_tokenListHead->next; g_tokenListHead->next = tmp; } - return SUCCESS; + return ATRET_SUCCESS; } -int ParseTokenInfoCfg(const char *filename) +int32_t ParseTokenInfoCfg(const char *filename) { - char *fileBuff; - cJSON *record; - int ret; + char *fileBuff = NULL; + cJSON *record = NULL; + int32_t ret; if (filename == NULL || filename[0] == '\0') { - return ERR; + return ATRET_FAILED; } fileBuff = GetFileBuff(filename); if (fileBuff == NULL) { - return ERR; + return ATRET_FAILED; } record = cJSON_Parse(fileBuff); free(fileBuff); @@ -120,20 +137,21 @@ int ParseTokenInfoCfg(const char *filename) return ret; } -int AtlibInit(void) +int32_t AtlibInit(void) { g_tokenListHead = (NativeTokenList *)malloc(sizeof(NativeTokenList)); if (g_tokenListHead == NULL) { - ACCESSTOKEN_LOG_ERROR("g_tokenListHead memory alloc failed."); - return ERR; + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:g_tokenListHead memory alloc failed.", __func__); + return ATRET_FAILED; } g_tokenListHead->next = NULL; g_tokenQueueHead = (NativeTokenQueue *)malloc(sizeof(NativeTokenQueue)); if (g_tokenQueueHead == NULL) { free(g_tokenListHead); - ACCESSTOKEN_LOG_ERROR("g_tokenQueueHead memory alloc failed."); - return ERR; + g_tokenListHead = NULL; + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:g_tokenQueueHead memory alloc failed.", __func__); + return ATRET_FAILED; } g_tokenQueueHead->next = NULL; g_isAtmExist = 0; @@ -141,33 +159,13 @@ int AtlibInit(void) return ParseTokenInfoCfg(TOKEN_ID_CFG_PATH); } -int GetRandomTokenId(unsigned int *randNum) +NativeAtId CreateNativeTokenId(void) { - unsigned int random; - int len; - int fd = open("/dev/urandom", O_RDONLY); - if (fd == -1) { - return ERR; - } - len = read(fd, &random, sizeof(random)); - (void)close(fd); - if (len != sizeof(random)) { - ACCESSTOKEN_LOG_ERROR("read failed."); - return ERR; - } - *randNum = random; - return SUCCESS; -} - -NativeAtId CreateNativeTokenId(const char *processName) -{ - unsigned int rand; + uint32_t rand; NativeAtId tokenId; AtInnerInfo *innerId = (AtInnerInfo *)(&tokenId); - if (GetRandomTokenId(&rand) == ERR) { - return 0; - } + rand = GetRandomUint32(); innerId->reserved = 0; innerId->tokenUniqueId = rand & (0xFFFFFF); @@ -176,28 +174,28 @@ NativeAtId CreateNativeTokenId(const char *processName) return tokenId; } -int TriggerTransfer() +int32_t TriggerTransfer() { - int ret; + int32_t ret; static const uint64_t increment = 1; ret = write(g_signalFd, &increment, sizeof(increment)); if (ret == -1) { - ACCESSTOKEN_LOG_ERROR("TriggerTransfer write failed."); - return ERR; + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:TriggerTransfer write failed.", __func__); + return ATRET_FAILED; } - return SUCCESS; + return ATRET_SUCCESS; } -int TokenInfoSave(const NativeTokenQueue *node) +int32_t TokenInfoSave(const NativeTokenQueue *node) { if (node->apl == 0) { - return ERR; + return ATRET_FAILED; } NativeTokenQueue *curr; curr = (NativeTokenQueue *)malloc(sizeof(NativeTokenQueue)); if (curr == NULL) { - ACCESSTOKEN_LOG_ERROR("memory alloc failed."); - return ERR; + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:memory alloc failed.", __func__); + return ATRET_FAILED; } curr->apl = node->apl; curr->processName = node->processName; @@ -214,10 +212,10 @@ int TokenInfoSave(const NativeTokenQueue *node) if (g_isAtmExist == 1) { return TriggerTransfer(); } - return SUCCESS; + return ATRET_SUCCESS; } -int GetAplLevel(const char *aplStr) +int32_t GetAplLevel(const char *aplStr) { if (strcmp(aplStr, "system_core") == 0) { return 3; // system_core means apl level is 3 @@ -228,86 +226,46 @@ int GetAplLevel(const char *aplStr) if (strcmp(aplStr, "normal") == 0) { return 1; } + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:aplStr is invalid.", __func__); return 0; } -uint64_t GetAccessTokenId(const char *processname, const char **dcap, int dacpNum, const char *aplStr) +int32_t SendString(const char *str, int32_t fd) { - NativeAtId tokenId; - NativeTokenList *tokenNode = g_tokenListHead; - NativeTokenQueue tmp; - - int exist = 0; - int ret; - uint64_t result = 0; - NativeAtIdEx *atPoint = (NativeAtIdEx *)(&result); - - while (tokenNode != NULL) { - if (strcmp(tokenNode->processName, processname) == 0) { - exist = 1; - tokenId = tokenNode->tokenId; - break; - } - tokenNode = tokenNode->next; - } - - if (exist == 0) { - tokenId = CreateNativeTokenId(processname); - tokenNode = (NativeTokenList *)malloc(sizeof(NativeTokenList)); - if (tokenNode == NULL) { - ACCESSTOKEN_LOG_ERROR("memory alloc failed."); - return 0; - } - (void)strcpy_s(tokenNode->processName, MAX_PROCESS_NAME_LEN, processname); - tokenNode->tokenId = tokenId; - tokenNode->next = g_tokenListHead->next; - g_tokenListHead->next = tokenNode; - ACCESSTOKEN_LOG_INFO("tokenNode->tokenId :%d, tokenNode->processName: %s\n", tokenNode->tokenId, tokenNode->processName); - } - - TOKEN_QUEUE_NODE_INFO_SET(tmp, aplStr, processname, tokenId, exist, dcap, dacpNum); - ret = TokenInfoSave(&tmp); - if (ret == 0) { - return result; - } - atPoint->tokenId = tokenId; - atPoint->tokenAttr = 0; - return result; -} - -int SendString(const char *str, int fd) -{ - int writtenSize; - int len = strlen(str); + int32_t writtenSize; + int32_t len = strlen(str); writtenSize = write(fd, str, len); if (len != writtenSize) { - ACCESSTOKEN_LOG_ERROR("SendString write failed."); - return ERR; + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:SendString write failed.", __func__); + return ATRET_FAILED; } - return SUCCESS; + return ATRET_SUCCESS; } void WriteToFile(const cJSON *root) { - char *jsonStr; + int32_t strLen; + int32_t writtenLen; + + char *jsonStr = NULL; jsonStr = cJSON_PrintUnformatted(root); if (jsonStr == NULL) { - ACCESSTOKEN_LOG_ERROR("cJSON_PrintUnformatted failed."); + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_PrintUnformatted failed.", __func__); return; } - ACCESSTOKEN_LOG_INFO("jsonStr %s.\n", jsonStr); do { - int fd = open(TOKEN_ID_CFG_PATH, O_RDWR | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR); + int32_t fd = open(TOKEN_ID_CFG_PATH, O_RDWR | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR); if (fd < 0) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:open failed.", __func__); break; } - int strLen = strlen(jsonStr); - int writtenLen = write(fd, (void *)jsonStr, strLen); + strLen = strlen(jsonStr); + writtenLen = write(fd, (void *)jsonStr, strLen); close(fd); if (writtenLen != strLen) { - ACCESSTOKEN_LOG_ERROR("write failed."); + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:write failed, writtenLen is %d.", __func__, writtenLen); break; } } while (0); @@ -316,7 +274,7 @@ void WriteToFile(const cJSON *root) return; } -int ExistNewTokenInfo(const NativeTokenQueue *head) +int32_t ExistNewTokenInfo(const NativeTokenQueue *head) { const NativeTokenQueue *iter = head; while (iter != NULL) { @@ -330,13 +288,13 @@ int ExistNewTokenInfo(const NativeTokenQueue *head) void SaveTokenIdToCfg(const NativeTokenQueue *head) { const NativeTokenQueue *iter = head; - char *fileBuff; - cJSON *record; - int ret; + char *fileBuff = NULL; + cJSON *record = NULL; + int32_t ret; ret = ExistNewTokenInfo(head); if (ret == 0) { - ACCESSTOKEN_LOG_INFO("there is no new info.\n"); + ACCESSTOKEN_LOG_INFO("[ATLIB-%s]:there is no new info.", __func__); return; } fileBuff = GetFileBuff(TOKEN_ID_CFG_PATH); @@ -349,17 +307,18 @@ void SaveTokenIdToCfg(const NativeTokenQueue *head) fileBuff = NULL; if (record == NULL) { - ACCESSTOKEN_LOG_ERROR("cJSON_Parse failed."); + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_Parse failed.", __func__); return; } while (iter != NULL) { if (iter->flag == 1) { + iter = iter->next; continue; } cJSON *node = cJSON_CreateObject(); if (node == NULL) { - ACCESSTOKEN_LOG_ERROR("cJSON_CreateObject failed."); + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_CreateObject failed.", __func__); cJSON_Delete(record); return; } @@ -373,42 +332,109 @@ void SaveTokenIdToCfg(const NativeTokenQueue *head) return; } -char * GetStringToBeSync(NativeTokenQueue *head) +static cJSON *CreateNativeTokenJsonObject(const NativeTokenQueue *curr) { - if (head == NULL) { + cJSON *object = cJSON_CreateObject(); + if (object == NULL) { return NULL; } + cJSON *item = cJSON_CreateString(curr->processName); + if (item == NULL || !cJSON_AddItemToObject(object, "processName", item)) { + cJSON_Delete(item); + return NULL; + } + + item = cJSON_CreateNumber(curr->apl); + if (item == NULL || !cJSON_AddItemToObject(object, "APL", item)) { + cJSON_Delete(item); + return NULL; + } + + item = cJSON_CreateNumber(DEFAULT_AT_VERSION); + if (item == NULL || !cJSON_AddItemToObject(object, "version", item)) { + cJSON_Delete(item); + return NULL; + } + + item = cJSON_CreateNumber(curr->tokenId); + if (item == NULL || !cJSON_AddItemToObject(object, "tokenId", item)) { + cJSON_Delete(item); + return NULL; + } + + item = cJSON_CreateNumber(0); + if (item == NULL || !cJSON_AddItemToObject(object, "tokenAttr", item)) { + cJSON_Delete(item); + return NULL; + } + + cJSON *dcapsArr = cJSON_CreateArray(); + if (dcapsArr == NULL) { + return NULL; + } + for (int32_t i = 0; i < curr->dcapsNum; i++) { + item = cJSON_CreateString(curr->dcaps[i]); + if (item == NULL || !cJSON_AddItemToArray(dcapsArr, item)) { + cJSON_Delete(item); + cJSON_Delete(dcapsArr); + return NULL; + } + } + if (!cJSON_AddItemToObject(object, "dcaps", dcapsArr)) { + cJSON_Delete(dcapsArr); + return NULL; + } + + return object; +} + +static char *GetStrFromJson(const cJSON *root) +{ + char *jsonStr = cJSON_PrintUnformatted(root); + if (jsonStr == NULL) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_PrintUnformatted failed.", __func__); + return NULL; + } + + char *str = (char *)malloc(sizeof(char) * (strlen(jsonStr) + 1)); + if (str == NULL) { + cJSON_free(jsonStr); + return NULL; + } + + if (strcpy_s(str, strlen(jsonStr) + 1, jsonStr) != EOK) { + free(str); + str = NULL; + } + cJSON_free(jsonStr); + return str; +} + +static char *GetStringToBeSync(NativeTokenQueue *head) +{ + cJSON *object = NULL; + NativeTokenQueue *node = NULL; cJSON *array = cJSON_CreateArray(); if (array == NULL) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_CreateArray failed.", __func__); return NULL; } NativeTokenQueue *curr = head; while (curr != 0) { - cJSON *object = cJSON_CreateObject(); + object = CreateNativeTokenJsonObject(curr); if (object == NULL) { cJSON_Delete(array); + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:CreateNativeTokenJsonObject failed.", __func__); return NULL; } - cJSON_AddItemToObject(object, "processName", cJSON_CreateString(curr->processName)); - cJSON_AddItemToObject(object, "APL", cJSON_CreateNumber(curr->apl)); - cJSON_AddItemToObject(object, "version", cJSON_CreateNumber(DEFAULT_AT_VERSION)); - cJSON_AddItemToObject(object, "tokenId", cJSON_CreateNumber(curr->tokenId)); - cJSON_AddItemToObject(object, "tokenAttr", cJSON_CreateNumber(0)); - - cJSON *dcapsArr = cJSON_CreateArray(); - if (dcapsArr == NULL) { + if (!cJSON_AddItemToArray(array, object)) { + cJSON_Delete(object); cJSON_Delete(array); + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_AddItemToArray failed.", __func__); return NULL; } - for (int i = 0; i < curr->dcapsNum; i++) { - cJSON_AddItemToArray(dcapsArr, cJSON_CreateString(curr->dcaps[i])); - } - cJSON_AddItemToObject(object, "dcaps", dcapsArr); - cJSON_AddItemToArray(array, object); - - NativeTokenQueue *node; node = curr; curr = curr->next; free(node); @@ -418,97 +444,209 @@ char * GetStringToBeSync(NativeTokenQueue *head) cJSON *root = cJSON_CreateObject(); if (root == NULL) { cJSON_Delete(array); + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_CreateObject failed.", __func__); return NULL; } - cJSON_AddItemToObject(root, TRANSFER_KEY_WORDS, array); - - char *jsonStr = cJSON_PrintUnformatted(root); - if (jsonStr == NULL) { - cJSON_Delete(root); - return NULL; - } - - char *str = (char *)malloc(sizeof(char) * (strlen(jsonStr) + 1)); - if (str == NULL) { - cJSON_free(jsonStr); + if (!cJSON_AddItemToObject(root, TRANSFER_KEY_WORDS, array)) { cJSON_Delete(root); + cJSON_Delete(array); return NULL; } - - (void)strcpy_s(str, strlen(jsonStr) + 1, jsonStr); - cJSON_free(jsonStr); + char *str = GetStrFromJson(root); cJSON_Delete(root); return str; } -int SyncToAtm(void) +static int32_t SyncToAtm(void) { - int result; + int32_t result; struct sockaddr_un addr; - int fd; - char *str; + int32_t fd = -1; + char *str = NULL; - /* get data to be processed */ pthread_mutex_lock(&g_tokenQueueHeadLock); NativeTokenQueue *begin = g_tokenQueueHead->next; g_tokenQueueHead->next = NULL; pthread_mutex_unlock(&g_tokenQueueHeadLock); - /* update the token file */ + if (begin == NULL) { + ACCESSTOKEN_LOG_INFO("[ATLIB-%s]:noting to be sent.", __func__); + return ATRET_SUCCESS; + } + SaveTokenIdToCfg(begin); str = GetStringToBeSync(begin); if (str == NULL) { - return SUCCESS; + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:str is null.", __func__); + return ATRET_FAILED; } - /* set socket */ - fd = socket(AF_UNIX, SOCK_STREAM, 0); - (void)memset_s(&addr, sizeof(struct sockaddr_un), 0, sizeof(struct sockaddr_un)); - addr.sun_family = AF_UNIX; - if (memcpy_s(addr.sun_path, sizeof(addr.sun_path), SOCKET_FILE, sizeof(addr.sun_path) - 1) != EOK) { - ACCESSTOKEN_LOG_ERROR("memcpy_s failed."); - return ERR; - } - result = connect(fd, (struct sockaddr *)&addr, sizeof(addr)); // 建立socket后默认connect()函数为阻塞连接状态 - if (result != 0) { - ACCESSTOKEN_LOG_ERROR("connect failed %d.", result); - return ERR; - } + do { + fd = socket(AF_UNIX, SOCK_STREAM, 0); + if (fd < 0) { + result = ATRET_FAILED; + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:socket failed.", __func__); + break; + } + (void)memset_s(&addr, sizeof(struct sockaddr_un), 0, sizeof(struct sockaddr_un)); + addr.sun_family = AF_UNIX; + if (strncpy_s(addr.sun_path, sizeof(addr.sun_path), SOCKET_FILE, sizeof(addr.sun_path) - 1) != EOK) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:strncpy_s failed.", __func__); + close(fd); + result = ATRET_FAILED; + break; + } + result = connect(fd, (struct sockaddr *)&addr, sizeof(addr)); + if (result != 0) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:connect failed. errno %d", __func__, errno); + close(fd); + result = ATRET_FAILED; + break; + } + ACCESSTOKEN_LOG_INFO("[ATLIB-%s]:str is to be sent %s.", __func__, str); + result = SendString(str, fd); + close(fd); + } while (0); - result = SendString(str, fd); free(str); - close(fd); return result; } void *ThreadTransferFunc(const void *args) { + int32_t ret; uint64_t result; - /* - getpram - */ + /* getpram */ + while (1) { + char buffer[MAX_PARAMTER_LEN] = {0}; + ret = GetParameter(SYSTEM_PROP_NATIVE_RECEPTOR, "false", buffer, MAX_PARAMTER_LEN - 1); + if (ret > 0 && !strncmp(buffer, "true", strlen("true"))) { + break; + } + ACCESSTOKEN_LOG_INFO("[ATLIB-%s]: %s get failed.", __func__, SYSTEM_PROP_NATIVE_RECEPTOR); + sleep(1); + } g_signalFd = eventfd(0, 0); if (g_signalFd == -1) { - ACCESSTOKEN_LOG_ERROR("eventfd failed."); + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:eventfd failed.", __func__); return NULL; } g_isAtmExist = 1; + while (1) { - int ret; ret = read(g_signalFd, &result, sizeof(uint64_t)); if (ret == -1) { - ACCESSTOKEN_LOG_ERROR("read failed."); + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:read failed.", __func__); continue; } + ret = SyncToAtm(); - if (ret == -1) { - ACCESSTOKEN_LOG_ERROR("SyncToAtm failed."); + if (ret != ATRET_SUCCESS) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:SyncToAtm failed.", __func__); } } return NULL; } + +int32_t CheckProcessInfo(const char *processname, const char **dcaps, int32_t dacpNum, const char *aplStr) +{ + if ((processname == NULL) || strlen(processname) > MAX_PROCESS_NAME_LEN + || strlen(processname) == 0) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:processname is invalid.", __func__); + return ATRET_FAILED; + } + + if ((dcaps == NULL) || dacpNum > MAX_DCAPS_NUM || dacpNum < 0) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:dcaps is null or dacpNum is invalid.", __func__); + return ATRET_FAILED; + } + for (int i = 0; i < dacpNum; i++) { + if (strlen(dcaps[i]) > MAX_DCAP_LEN) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:dcap length is invalid.", __func__); + return ATRET_FAILED; + } + } + + if (aplStr == NULL) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:aplStr is null.", __func__); + return ATRET_FAILED; + } + return ATRET_SUCCESS; +} + +static int32_t AddNewNativeTokenToList(const char *processname, NativeAtId *tokenId) +{ + NativeTokenList *tokenNode; + NativeAtId id; + id = CreateNativeTokenId(); + tokenNode = (NativeTokenList *)malloc(sizeof(NativeTokenList)); + if (tokenNode == NULL) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:memory alloc failed.", __func__); + return ATRET_FAILED; + } + if (strcpy_s(tokenNode->processName, MAX_PROCESS_NAME_LEN, processname) != EOK) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:strcpy_s failed.", __func__); + free(tokenNode); + return ATRET_FAILED; + } + tokenNode->tokenId = id; + tokenNode->next = g_tokenListHead->next; + g_tokenListHead->next = tokenNode; + + *tokenId = id; + return ATRET_SUCCESS; +} + +uint64_t GetAccessTokenId(const char *processname, const char **dcaps, int32_t dacpNum, const char *aplStr) +{ + NativeAtId tokenId; + NativeTokenList *tokenNode = g_tokenListHead; + NativeTokenQueue tmp = {0}; + pthread_t tid; + int32_t exist = 0; + uint64_t result = 0; + NativeAtIdEx *atPoint = (NativeAtIdEx *)(&result); + + int32_t ret = CheckProcessInfo(processname, dcaps, dacpNum, aplStr); + if (ret != ATRET_SUCCESS) { + return 0; + } + int32_t apl = GetAplLevel(aplStr); + if (apl == 0) { + return 0; + } + + if (strcmp("foundation", processname) == 0) { + (void)pthread_create(&tid, 0, (void*)ThreadTransferFunc, NULL); + } + + while (tokenNode != NULL) { + if (strcmp(tokenNode->processName, processname) == 0) { + exist = 1; + tokenId = tokenNode->tokenId; + break; + } + tokenNode = tokenNode->next; + } + + if (tokenNode == NULL) { + ret = AddNewNativeTokenToList(processname, &tokenId); + if (ret != ATRET_SUCCESS) { + return 0; + } + } + + TOKEN_QUEUE_NODE_INFO_SET(tmp, apl, processname, tokenId, exist, dcaps, dacpNum); + ret = TokenInfoSave(&tmp); + if (ret != 0) { + return result; + } + atPoint->tokenId = tokenId; + atPoint->tokenAttr = 0; + return result; +} diff --git a/interfaces/innerkits/nativetoken/test/BUILD.gn b/interfaces/innerkits/atlib/test/BUILD.gn similarity index 89% rename from interfaces/innerkits/nativetoken/test/BUILD.gn rename to interfaces/innerkits/atlib/test/BUILD.gn index 913506e798fe9602c0ad44eb394c9f0aba84f5f3..0ec2f8404452b134af7c8fb4e651992042ace131 100644 --- a/interfaces/innerkits/nativetoken/test/BUILD.gn +++ b/interfaces/innerkits/atlib/test/BUILD.gn @@ -22,19 +22,20 @@ ohos_unittest("libaccesstoken_lib_test") { "//utils/native/base/include", "//third_party/cJSON", "//third_party/bounds_checking_function/include", - "//base/security/access_token/interfaces/innerkits/atlib/main/include" + "//base/security/access_token/interfaces/innerkits/atlib/main/include", ] sources = [ "unittest/cpp/src/accesstokenlib_kit_test.cpp" ] - cflags_cc = ["-fexceptions" ] - ldflags = ["-lpthread",] + cflags_cc = [ "-fexceptions" ] + cflags_cc += [ "-pthread" ] + deps = [ + "//base/security/access_token/interfaces/innerkits/atlib:libaccesstoken_lib", + "//third_party/bounds_checking_function:libsec_static", "//third_party/cJSON:cjson_static", - "//utils/native/base:utils", "//third_party/googletest:gmock", "//third_party/googletest:gtest", - "//third_party/libuv:uv_static", - "//third_party/bounds_checking_function:libsec_static", + "//utils/native/base:utils", ] } diff --git a/interfaces/innerkits/atlib/test/unittest/cpp/src/accesstokenlib_kit_test.cpp b/interfaces/innerkits/atlib/test/unittest/cpp/src/accesstokenlib_kit_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..be80fe735ff2fd62d0d04c15d290d93580cd004f --- /dev/null +++ b/interfaces/innerkits/atlib/test/unittest/cpp/src/accesstokenlib_kit_test.cpp @@ -0,0 +1,353 @@ +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "accesstokenlib_kit_test.h" +#include +#include "accesstoken_lib.h" +#include "accesstokenlib_kit.h" + +using namespace testing::ext; +using namespace OHOS::Security; + +extern NativeTokenQueue *g_tokenQueueHead; +extern NativeTokenList *g_tokenListHead; +extern char *GetFileBuff(const char *cfg); +namespace { +static NativeTokenQueue g_readRes; +static string g_jsonStr = "[" + "{\"processName\":\"asdf\", \"tokenId\":15}," + "{\"processName\":\"GetAccessTokenId008\", \"tokenId\":16}," + "{\"processName\":\"GetAccessTokenId009\", \"tokenId\":17}" + "]"; +} +void TokenLibKitTest::SetUpTestCase() +{} + +void TokenLibKitTest::TearDownTestCase() +{} + +void TokenLibKitTest::SetUp() +{ + AtlibInit(); + ResetFile(); + g_readRes.next = nullptr; +} + +void TokenLibKitTest::TearDown() +{ + while (g_tokenQueueHead->next != nullptr) { + NativeTokenQueue *tmp = g_tokenQueueHead->next; + g_tokenQueueHead->next = tmp->next; + free(tmp); + tmp = nullptr; + } + while (g_tokenListHead->next != nullptr) { + NativeTokenList *tmp = g_tokenListHead->next; + g_tokenListHead->next = tmp->next; + free(tmp); + tmp = nullptr; + } + while (g_readRes.next != nullptr) { + NativeTokenQueue *tmp = g_readRes.next; + g_readRes.next = tmp->next; + free(tmp); + tmp = nullptr; + } +} + +void TokenLibKitTest::ResetFile(void) +{ + int32_t fd = open(TOKEN_ID_CFG_PATH, O_RDWR | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR); + if (fd < 0) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:open failed.", __func__); + return; + } + int32_t strLen = strlen(g_jsonStr.c_str()); + int32_t writtenLen = write(fd, (void *)g_jsonStr.c_str(), strLen); + close(fd); + if (writtenLen != strLen) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:write failed, writtenLen is %d.", __func__, writtenLen); + } +} + +void TokenLibKitTest::PthreadCloseTrigger(void) +{ + struct sockaddr_un addr; + int32_t fd = socket(AF_UNIX, SOCK_STREAM, 0); + if (fd < 0) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:socket failed.", __func__); + return; + } + (void)memset_s(&addr, sizeof(struct sockaddr_un), 0, sizeof(struct sockaddr_un)); + addr.sun_family = AF_UNIX; + if (strncpy_s(addr.sun_path, sizeof(addr.sun_path), SOCKET_FILE, sizeof(addr.sun_path) - 1) != EOK) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:strncpy_s failed.", __func__); + close(fd); + return; + } + int result = connect(fd, (struct sockaddr *)&addr, sizeof(addr)); + if (result != 0) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:connect failed.", __func__); + close(fd); + return; + } + int32_t writtenSize = write(fd, "over", 4); + if (writtenSize != 4) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:SendString write failed.", __func__); + } + close(fd); + return; +} + + +int Start(const char *processName) +{ + const char *processname = processName; + const char **dcaps = (const char **)malloc(sizeof(char *) * 2); + dcaps[0] = "AT_CAP"; + dcaps[1] = "ST_CAP"; + int dcapNum = 2; + uint64_t tokenId; + tokenId = GetAccessTokenId(processname, dcaps, dcapNum, "system_core"); + return tokenId; +} + +HWTEST_F(TokenLibKitTest, GetAccessTokenId001, TestSize.Level1) +{ + const char **dcaps = (const char **)malloc(sizeof(char *) * 2); + dcaps[0] = "AT_CAP"; + dcaps[1] = "ST_CAP"; + int dcapNum = 2; + uint64_t tokenId; + tokenId = GetAccessTokenId("", dcaps, dcapNum, "system_core"); + ASSERT_EQ(tokenId, 0); + tokenId = GetAccessTokenId(nullptr, dcaps, dcapNum, "system_core"); + ASSERT_EQ(tokenId, 0); + const std::string invalidProcName (257, 'x'); + tokenId = GetAccessTokenId(invalidProcName.c_str(), dcaps, dcapNum, "system_core"); + ASSERT_EQ(tokenId, 0); +} + +HWTEST_F(TokenLibKitTest, GetAccessTokenId002, TestSize.Level1) +{ + const char **dcaps = (const char **)malloc(sizeof(char *) * 2); + dcaps[0] = "AT_CAP"; + dcaps[1] = "ST_CAP"; + int dcapNum = -1; + uint64_t tokenId; + tokenId = GetAccessTokenId("GetAccessTokenId002", dcaps, dcapNum, "system_core"); + ASSERT_EQ(tokenId, 0); + + dcapNum = 1025; + tokenId = GetAccessTokenId("GetAccessTokenId002", dcaps, dcapNum, "system_core"); + ASSERT_EQ(tokenId, 0); +} + +HWTEST_F(TokenLibKitTest, GetAccessTokenId003, TestSize.Level1) +{ + const char **dcaps = (const char **)malloc(sizeof(char *) * 2); + dcaps[0] = "AT_CAP"; + dcaps[1] = "ST_CAP"; + int dcapNum = 2; + uint64_t tokenId; + tokenId = GetAccessTokenId("GetAccessTokenId003", nullptr, dcapNum, "system_core"); + ASSERT_EQ(tokenId, 0); + + const std::string invalidDcaps (1025, 'x'); + dcaps[0] = invalidDcaps.c_str(); + tokenId = GetAccessTokenId("GetAccessTokenId003", dcaps, dcapNum, "system_core"); + ASSERT_EQ(tokenId, 0); +} + +HWTEST_F(TokenLibKitTest, GetAccessTokenId004, TestSize.Level1) +{ + const char **dcaps = (const char **)malloc(sizeof(char *) * 2); + dcaps[0] = "AT_CAP"; + dcaps[1] = "ST_CAP"; + int dcapNum = 2; + uint64_t tokenId; + tokenId = GetAccessTokenId("GetAccessTokenId003", dcaps, dcapNum, nullptr); + ASSERT_EQ(tokenId, 0); + + tokenId = GetAccessTokenId("GetAccessTokenId003", dcaps, dcapNum, "system_invalid"); + ASSERT_EQ(tokenId, 0); +} + +HWTEST_F(TokenLibKitTest, GetAccessTokenId005, TestSize.Level1) +{ + uint64_t tokenId01 = Start("GetAccessTokenId005"); + ASSERT_NE(tokenId01, 0); + uint64_t tokenId02 = Start("GetAccessTokenId005"); + ASSERT_NE(tokenId02, 0); + + ASSERT_EQ(tokenId01, tokenId02); +} + +HWTEST_F(TokenLibKitTest, GetAccessTokenId007, TestSize.Level1) +{ + uint64_t tokenID; + NativeAtIdEx *tokenIdEx = (NativeAtIdEx *)(&tokenID); + tokenID = Start("GetAccessTokenId007"); + + int ret = strcmp("GetAccessTokenId007", g_tokenListHead->next->processName); + ASSERT_EQ(ret, 0); + ASSERT_EQ(tokenIdEx->tokenId, g_tokenListHead->next->tokenId); + + ret = strcmp("GetAccessTokenId007", g_tokenQueueHead->next->processName); + ASSERT_EQ(ret, 0); + ASSERT_EQ(tokenIdEx->tokenId, g_tokenQueueHead->next->tokenId); + + char *fileBuff = GetFileBuff(TOKEN_ID_CFG_PATH); + string s = "GetAccessTokenId007"; + char *pos = strstr(fileBuff, s.c_str()); + ASSERT_EQ(pos, nullptr); +} + +HWTEST_F(TokenLibKitTest, GetAccessTokenId008, TestSize.Level1) +{ + uint64_t tokenID; + NativeAtIdEx *tokenIdEx = (NativeAtIdEx *)(&tokenID); + tokenID = Start("GetAccessTokenId008"); + + string s = "GetAccessTokenId008"; + int ret = strcmp(s.c_str(), g_tokenQueueHead->next->processName); + ASSERT_EQ(ret, 0); + ASSERT_EQ(tokenIdEx->tokenId, g_tokenQueueHead->next->tokenId); +} + +HWTEST_F(TokenLibKitTest, GetAccessTokenId009, TestSize.Level1) +{ + char *fileBuffBefore = GetFileBuff(TOKEN_ID_CFG_PATH); + char *posMatch = strstr(fileBuffBefore, "GetAccessTokenId009"); + ASSERT_NE(posMatch, nullptr); + free(fileBuffBefore); + + uint64_t tokenIdFoundation = Start("foundation"); + ASSERT_NE(tokenIdFoundation, 0); + sleep(DELAY_ONE_SECONDS); + uint64_t tokenID009 = Start("GetAccessTokenId009"); + ASSERT_NE(tokenID009, 0); + + tokenID009 = Start("GetAccessTokenId009_01"); + ASSERT_NE(tokenID009, 0); + + tokenID009 = Start("GetAccessTokenId009_02"); + ASSERT_NE(tokenID009, 0); + + sleep(DELAY_ONE_SECONDS); + char *fileBuff = GetFileBuff(TOKEN_ID_CFG_PATH); + char *pos = strstr(fileBuff, "GetAccessTokenId009"); + ASSERT_NE(pos, nullptr); + pos = strstr(fileBuff, "GetAccessTokenId009_01"); + ASSERT_NE(pos, nullptr); + pos = strstr(fileBuff, "GetAccessTokenId009_02"); + ASSERT_NE(pos, nullptr); + free(fileBuff); + PthreadCloseTrigger(); +} + +HWTEST_F(TokenLibKitTest, GetAccessTokenId010, TestSize.Level1) +{ + char *fileBuffBefore = GetFileBuff(TOKEN_ID_CFG_PATH); + char *posMatch = strstr(fileBuffBefore, "GetAccessTokenId010"); + ASSERT_EQ(posMatch, nullptr); + free(fileBuffBefore); + + uint64_t tokenIdFoundation = Start("foundation"); + ASSERT_NE(tokenIdFoundation, 0); + sleep(DELAY_ONE_SECONDS); + uint64_t tokenID010 = Start("GetAccessTokenId010"); + ASSERT_NE(tokenID010, 0); + + sleep(DELAY_ONE_SECONDS); + char *fileBuff = GetFileBuff(TOKEN_ID_CFG_PATH); + char *pos = strstr(fileBuff, "GetAccessTokenId010"); + ASSERT_NE(pos, nullptr); + free(fileBuff); + + PthreadCloseTrigger(); +} + + HWTEST_F(TokenLibKitTest, GetAccessTokenId011, TestSize.Level1) +{ + Start("process1"); + Start("process2"); + Start("process3"); + Start("process4"); + Start("process5"); + sleep(5); + + Start("foundation"); + Start("process6"); + Start("process7"); + Start("process8"); + Start("process9"); + Start("process10"); + sleep(5); + Start("process15"); + Start("process16"); + sleep(5); + Start("process17"); + sleep(5); + Start("process18"); + sleep(5); + Start("process19"); + sleep(5); + char *fileBuff = GetFileBuff(TOKEN_ID_CFG_PATH); + char *pos = strstr(fileBuff, "process1"); + ASSERT_NE(pos, nullptr); + pos = strstr(fileBuff, "process2"); + ASSERT_NE(pos, nullptr); + pos = strstr(fileBuff, "process3"); + ASSERT_NE(pos, nullptr); + pos = strstr(fileBuff, "process4"); + ASSERT_NE(pos, nullptr); + pos = strstr(fileBuff, "process5"); + ASSERT_NE(pos, nullptr); + pos = strstr(fileBuff, "process6"); + ASSERT_NE(pos, nullptr); + pos = strstr(fileBuff, "process7"); + ASSERT_NE(pos, nullptr); + pos = strstr(fileBuff, "process8"); + ASSERT_NE(pos, nullptr); + pos = strstr(fileBuff, "process9"); + ASSERT_NE(pos, nullptr); + pos = strstr(fileBuff, "foundation"); + ASSERT_NE(pos, nullptr); + free(fileBuff); + PthreadCloseTrigger(); +} + + HWTEST_F(TokenLibKitTest, GetAccessTokenId012, TestSize.Level1) +{ + sleep(5); + Start("process1"); + Start("process2"); + Start("process3"); + Start("process4"); + Start("process5"); + sleep(5); + Start("foundation"); + Start("process6"); + sleep(5); + Start("process11"); + Start("process12"); + Start("process13"); + Start("process15"); + Start("process16"); + Start("process17"); + sleep(1); + PthreadCloseTrigger(); +} diff --git a/interfaces/innerkits/nativetoken/test/unittest/cpp/src/accesstokenlib_kit_test.h b/interfaces/innerkits/atlib/test/unittest/cpp/src/accesstokenlib_kit_test.h similarity index 84% rename from interfaces/innerkits/nativetoken/test/unittest/cpp/src/accesstokenlib_kit_test.h rename to interfaces/innerkits/atlib/test/unittest/cpp/src/accesstokenlib_kit_test.h index f03660d8ce29bf1a927c1da060fdfedbb9bdd99b..8aa651750f1c4f3574a207244d2ab18b9748b7aa 100644 --- a/interfaces/innerkits/nativetoken/test/unittest/cpp/src/accesstokenlib_kit_test.h +++ b/interfaces/innerkits/atlib/test/unittest/cpp/src/accesstokenlib_kit_test.h @@ -20,9 +20,11 @@ namespace OHOS { namespace Security { +static const int BUFF_LEN = 102400; +static const int DELAY_ONE_SECONDS = 5; +static const int DELAY_FIVE_SECONDS = 10; class TokenLibKitTest : public testing::Test { public: - static char buffer[102400]; static void SetUpTestCase(); static void TearDownTestCase(); @@ -30,6 +32,8 @@ public: void SetUp(); void TearDown(); + void ResetFile(void); + void PthreadCloseTrigger(void); }; } // namespace Security } // namespace OHOS diff --git a/interfaces/innerkits/nativetoken/test/unittest/cpp/src/accesstokenlib_kit_test.cpp b/interfaces/innerkits/nativetoken/test/unittest/cpp/src/accesstokenlib_kit_test.cpp deleted file mode 100644 index 04a1e5ffb90622d6c0452f0590e5c4810b45e816..0000000000000000000000000000000000000000 --- a/interfaces/innerkits/nativetoken/test/unittest/cpp/src/accesstokenlib_kit_test.cpp +++ /dev/null @@ -1,123 +0,0 @@ -/* - * Copyright (c) 2021 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "accesstokenlib_kit_test.h" - -#include "accesstokenlib_kit.h" -#include "accesstoken_lib.h" - -using namespace testing::ext; -using namespace OHOS::Security; - -void TokenLibKitTest::SetUpTestCase() -{} - -void TokenLibKitTest::TearDownTestCase() -{} - -void TokenLibKitTest::SetUp() -{} - -void TokenLibKitTest::TearDown() -{} - -extern char *GetFileBuff(const char *cfg); - -void * ThreadATMFuncBackUp(void *args) -{ - socklen_t len = sizeof(struct sockaddr_un); - struct sockaddr_un addr; - struct sockaddr_un clientAddr; - int listenFd, ret; - int readLen; - - /* set socket */ - (void)memset_s(&addr, sizeof(addr), 0, sizeof(addr)); - addr.sun_family = AF_UNIX; - if (memcpy_s(addr.sun_path, sizeof(addr.sun_path), SOCKET_FILE, sizeof(addr.sun_path) - 1) != EOK) { - return NULL; - } - unlink(SOCKET_FILE); - listenFd = socket(AF_UNIX, SOCK_STREAM, 0); - if (listenFd < 0) { - ACCESSTOKEN_LOG_INFO("socket failed %d\n", listenFd); - return NULL; - } - - ::bind(listenFd, (struct sockaddr *)(&addr), (unsigned int)len); - - ret = listen(listenFd, 1); - if (ret < 0) { - ACCESSTOKEN_LOG_INFO("listenFd failed %d\n", errno); - remove(SOCKET_FILE); - close(listenFd); - return NULL; - } - while (1) { - int sockFd = accept(listenFd, (struct sockaddr *)(&clientAddr), &len); - ACCESSTOKEN_LOG_INFO("accept sockFd %d\n", sockFd); - do { - readLen = read(sockFd, OHOS::Security::TokenLibKitTest::buffer, 102400); - OHOS::Security::TokenLibKitTest::buffer[readLen] = '\0'; - ACCESSTOKEN_LOG_INFO("read :%s\n", OHOS::Security::TokenLibKitTest::buffer); - } while (readLen > 0); - - close(sockFd); - if (readLen < 0) { - break; - } - } - close(listenFd); - return NULL; -} - -int Start(const char *processName) -{ - const char *processname = processName; - const char **dcaps = (const char **)malloc(sizeof(char *) * 2); - dcaps[0] = "AT_CAP"; - dcaps[1] = "ST_CAP"; - int dcapNum = 2; - pthread_t tid[2]; - (void)GetAccessTokenId(processname, dcaps, dcapNum, "system_core"); - - if (strcmp("foundation", processname) == 0) { - (void)pthread_create(&tid[0], 0, ThreadTransferFunc, NULL); - } - return 0; -} - -HWTEST_F(TokenLibKitTest, TestAtlib, TestSize.Level1) -{ - pthread_t tid[2]; - - AtlibInit(); - (void)pthread_create(&tid[1], 0, ThreadATMFuncBackUp, NULL); - sleep(5); - Start("process1"); - Start("process2"); - Start("process3"); - Start("process4"); - sleep(5); - Start("foundation"); - Start("process5"); - Start("process6"); - sleep(20); - Start("process7"); - Start("process8"); - Start("process9"); - sleep(50); - -} diff --git a/interfaces/innerkits/token_setproc/BUILD.gn b/interfaces/innerkits/token_setproc/BUILD.gn index 74e429ff14dcf5e45983af44d6f8d9bac66dba83..1cdcc6f30fa29c6f692687978be72557a8d4818b 100644 --- a/interfaces/innerkits/token_setproc/BUILD.gn +++ b/interfaces/innerkits/token_setproc/BUILD.gn @@ -24,7 +24,6 @@ config("token_setproc") { ohos_static_library("libtoken_setproc") { subsystem_name = "security" part_name = "access_token" - output_name = "libtoken_setproc" public_configs = [ ":token_setproc" ] diff --git a/interfaces/innerkits/token_setproc/include/token_setproc.h b/interfaces/innerkits/token_setproc/include/token_setproc.h index 2a6b47574e4f802a8b78dd0c5cc1959927bdd6f2..81c75d92a8e3ee037873e1f005da985311305c72 100644 --- a/interfaces/innerkits/token_setproc/include/token_setproc.h +++ b/interfaces/innerkits/token_setproc/include/token_setproc.h @@ -1,37 +1,36 @@ -/* - * Copyright (c) 2021 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - - -#ifndef TOKEN_setproc_H -#define TOKEN_setproc_H -#include - -#ifdef __cplusplus -extern "C" { -#endif - -uint64_t GetSelfTokenID(void); - -int SetSelfTokenID(uint64_t tokenID); - -uint64_t GetFirstCallerTokenID(void); - -int SetFirstCallerTokenID(uint64_t tokenID); - -#ifdef __cplusplus -} -#endif - -#endif \ No newline at end of file +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TOKEN_SETPROC_H +#define TOKEN_SETPROC_H +#include + +#ifdef __cplusplus +extern "C" { +#endif + +uint64_t GetSelfTokenID(); + +int SetSelfTokenID(uint64_t tokenID); + +uint64_t GetFirstCallerTokenID(); + +int SetFirstCallerTokenID(uint64_t tokenID); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/interfaces/innerkits/token_setproc/src/token_setproc.c b/interfaces/innerkits/token_setproc/src/token_setproc.c index 8a793c25d3f1fced1f0bc76e01ecfc66305e40a9..b2d09dbef5e0e164992bdfe4069f57214e58b470 100644 --- a/interfaces/innerkits/token_setproc/src/token_setproc.c +++ b/interfaces/innerkits/token_setproc/src/token_setproc.c @@ -1,114 +1,116 @@ -/* - * Copyright (C) 2021 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "token_setproc.h" -#include -#include -#include -#include -#include - -#define ACCESS_TOKEN_ID_IOCTL_BASE 'A' - -enum { - GET_TOKEN_ID = 1, - SET_TOKEN_ID, - GET_FTOKEN_ID, - SET_FTOKEN_ID, - ACCESS_TOKENID_MAX_NR, -}; - -#define ACCESS_TOKENID_GET_TOKENID \ - _IOR(ACCESS_TOKEN_ID_IOCTL_BASE, GET_TOKEN_ID, unsigned long long) -#define ACCESS_TOKENID_SET_TOKENID \ - _IOW(ACCESS_TOKEN_ID_IOCTL_BASE, SET_TOKEN_ID, unsigned long long) -#define ACCESS_TOKENID_GET_FTOKENID \ - _IOR(ACCESS_TOKEN_ID_IOCTL_BASE, GET_FTOKEN_ID, unsigned long long) -#define ACCESS_TOKENID_SET_FTOKENID \ - _IOW(ACCESS_TOKEN_ID_IOCTL_BASE, SET_FTOKEN_ID, unsigned long long) - -#define ACCESS_TOKEN_OK 0 -#define ACCESS_TOKEN_ERROR (-1) - -#define INVAL_TOKEN_ID 0x0 -#define TOKEN_ID_LOWMASK 0xffffffff - -#define TOKENID_DEVNODE "/dev/access_token_id" - -uint64_t GetSelfTokenID(void) -{ - uint64_t token = INVAL_TOKEN_ID; - int fd = open(TOKENID_DEVNODE, O_RDWR); - if (fd < 0) { - return INVAL_TOKEN_ID; - } - int ret =ioctl(fd, ACCESS_TOKENID_GET_TOKENID, &token); - if (ret) { - close(fd); - return INVAL_TOKEN_ID; - } - - close(fd); - return token; -} - -int SetSelfTokenID(uint64_t tokenID) -{ - int fd = open(TOKENID_DEVNODE, O_RDWR); - if (fd < 0) { - return ACCESS_TOKEN_ERROR; - } - int ret = ioctl(fd, ACCESS_TOKENID_SET_TOKENID, &tokenID); - if (ret) { - close(fd); - return ACCESS_TOKEN_ERROR; - } - - close(fd); - return ACCESS_TOKEN_OK; -} - -uint64_t GetFirstCallerTokenID(void) -{ - uint64_t token = INVAL_TOKEN_ID; - int fd = open(TOKENID_DEVNODE, O_RDWR); - if (fd < 0) { - return INVAL_TOKEN_ID; - } - int ret = ioctl(fd, ACCESS_TOKENID_GET_FTOKENID, &token); - if (ret) { - close(fd); - return INVAL_TOKEN_ID; - } - - close(fd); - return token; -} - -int SetFirstCallerTokenID(uint64_t tokenID) -{ - int fd = open(TOKENID_DEVNODE, O_RDWR); - if (fd < 0) { - return ACCESS_TOKEN_ERROR; - } - int ret = ioctl(fd, ACCESS_TOKENID_SET_FTOKENID, &tokenID); - if (ret) { - close(fd); - return ACCESS_TOKEN_ERROR; - } - - close(fd); - return ACCESS_TOKEN_OK; -} \ No newline at end of file +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "token_setproc.h" + +#include +#include +#include +#include +#include + +#define ACCESS_TOKEN_ID_IOCTL_BASE 'A' + +enum { + GET_TOKEN_ID = 1, + SET_TOKEN_ID, + GET_FTOKEN_ID, + SET_FTOKEN_ID, + ACCESS_TOKENID_MAX_NR, +}; + +#define ACCESS_TOKENID_GET_TOKENID \ + _IOR(ACCESS_TOKEN_ID_IOCTL_BASE, GET_TOKEN_ID, unsigned long long) +#define ACCESS_TOKENID_SET_TOKENID \ + _IOW(ACCESS_TOKEN_ID_IOCTL_BASE, SET_TOKEN_ID, unsigned long long) +#define ACCESS_TOKENID_GET_FTOKENID \ + _IOR(ACCESS_TOKEN_ID_IOCTL_BASE, GET_FTOKEN_ID, unsigned long long) +#define ACCESS_TOKENID_SET_FTOKENID \ + _IOW(ACCESS_TOKEN_ID_IOCTL_BASE, SET_FTOKEN_ID, unsigned long long) + +#define ACCESS_TOKEN_OK 0 +#define ACCESS_TOKEN_ERROR (-1) + +#define INVAL_TOKEN_ID 0x0 +#define TOKEN_ID_LOWMASK 0xffffffff + +#define TOKENID_DEVNODE "/dev/access_token_id" + +uint64_t GetSelfTokenID() +{ + uint64_t token = INVAL_TOKEN_ID; + int fd = open(TOKENID_DEVNODE, O_RDWR); + if (fd < 0) { + return INVAL_TOKEN_ID; + } + int ret = ioctl(fd, ACCESS_TOKENID_GET_TOKENID, &token); + if (ret) { + close(fd); + return INVAL_TOKEN_ID; + } + + close(fd); + return token; +} + +int SetSelfTokenID(uint64_t tokenID) +{ + int fd = open(TOKENID_DEVNODE, O_RDWR); + if (fd < 0) { + return ACCESS_TOKEN_ERROR; + } + int ret = ioctl(fd, ACCESS_TOKENID_SET_TOKENID, &tokenID); + if (ret) { + close(fd); + return ACCESS_TOKEN_ERROR; + } + + close(fd); + return ACCESS_TOKEN_OK; +} + +uint64_t GetFirstCallerTokenID() +{ + uint64_t token = INVAL_TOKEN_ID; + int fd = open(TOKENID_DEVNODE, O_RDWR); + if (fd < 0) { + return INVAL_TOKEN_ID; + } + int ret = ioctl(fd, ACCESS_TOKENID_GET_FTOKENID, &token); + if (ret) { + close(fd); + return INVAL_TOKEN_ID; + } + + close(fd); + return token; +} + + +int SetFirstCallerTokenID(uint64_t tokenID) +{ + int fd = open(TOKENID_DEVNODE, O_RDWR); + if (fd < 0) { + return ACCESS_TOKEN_ERROR; + } + int ret = ioctl(fd, ACCESS_TOKENID_SET_FTOKENID, &tokenID); + if (ret) { + close(fd); + return ACCESS_TOKEN_ERROR; + } + + close(fd); + return ACCESS_TOKEN_OK; +} diff --git a/interfaces/innerkits/token_setproc/test/BUILD.gn b/interfaces/innerkits/token_setproc/test/BUILD.gn index 14c1dbf802d841ae0aef55d985ec4b19e6e964c7..ce6cf8dd1065401ad081bda17d62a691f4fdfebe 100644 --- a/interfaces/innerkits/token_setproc/test/BUILD.gn +++ b/interfaces/innerkits/token_setproc/test/BUILD.gn @@ -23,7 +23,6 @@ ohos_unittest("libtoken_setproc_test") { ] sources = [ "unittest/cpp/src/tokensetproc_kit_test.cpp" ] - cflags_cc = [ "-fexceptions" ] deps = [ diff --git a/interfaces/innerkits/token_setproc/test/unittest/cpp/src/tokensetproc_kit_test.cpp b/interfaces/innerkits/token_setproc/test/unittest/cpp/src/tokensetproc_kit_test.cpp index 4463b0954af40fe887bfef94071d4a06dfa22280..5fe3f833c5a6486f5b489479abf2c07136ba771e 100644 --- a/interfaces/innerkits/token_setproc/test/unittest/cpp/src/tokensetproc_kit_test.cpp +++ b/interfaces/innerkits/token_setproc/test/unittest/cpp/src/tokensetproc_kit_test.cpp @@ -1,33 +1,33 @@ -/* - * Copyright (c) 2021 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "tokensetproc_kit_test.h" - -#include "token_setproc.h" - -using namespace testing::ext; -using namespace OHOS::Security; - -void TokensetprocKitTest::SetUpTestCase() -{} - -void TokensetprocKitTest::TearDownTestCase() -{} - -void TokensetprocKitTest::SetUp() -{} - -void TokensetprocKitTest::TearDown() +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "tokensetproc_kit_test.h" + +#include "token_setproc.h" + +using namespace testing::ext; +using namespace OHOS::Security; + +void TokensetprocKitTest::SetUpTestCase() +{} + +void TokensetprocKitTest::TearDownTestCase() +{} + +void TokensetprocKitTest::SetUp() +{} + +void TokensetprocKitTest::TearDown() {} \ No newline at end of file diff --git a/interfaces/innerkits/token_setproc/test/unittest/cpp/src/tokensetproc_kit_test.h b/interfaces/innerkits/token_setproc/test/unittest/cpp/src/tokensetproc_kit_test.h index c215f7a969c03e13ea2707563999aa9d622a4188..29bef17d2590d7867c5693ac490d95bd9756d104 100644 --- a/interfaces/innerkits/token_setproc/test/unittest/cpp/src/tokensetproc_kit_test.h +++ b/interfaces/innerkits/token_setproc/test/unittest/cpp/src/tokensetproc_kit_test.h @@ -1,35 +1,35 @@ -/* - * Copyright (c) 2021 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef TOKENSYNC_KIT_TEST_H -#define TOKENSYNC_KIT_TEST_H - -#include - -namespace OHOS { -namespace Security { -class TokensetprocKitTest : public testing::Test { -public: - static void SetUpTestCase(); - - static void TearDownTestCase(); - - void SetUp(); - - void TearDown(); -}; -} // namespace Security -} // namespace OHOS -#endif \ No newline at end of file +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TOKENSYNC_KIT_TEST_H +#define TOKENSYNC_KIT_TEST_H + +#include + +namespace OHOS { +namespace Security { +class TokensetprocKitTest : public testing::Test { +public: + static void SetUpTestCase(); + + static void TearDownTestCase(); + + void SetUp(); + + void TearDown(); +}; +} // namespace Security +} // namespace OHOS +#endif diff --git a/interfaces/kits/accesstoken/BUILD.gn b/interfaces/kits/accesstoken/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..d385180a64cfa5c45eb688338b5f08f333bc3e60 --- /dev/null +++ b/interfaces/kits/accesstoken/BUILD.gn @@ -0,0 +1,66 @@ +# Copyright (c) 2021 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/ohos.gni") + +group("napi_packages") { + deps = [ "//base/security/access_token/interfaces/kits/accesstoken:libabilityaccessctrl" ] +} + +ohos_shared_library("libabilityaccessctrl") { + include_dirs = [ + "//foundation/appexecfwk/standard/interfaces/innerkits/libeventhandler/include", + "//foundation/distributedschedule/samgr/interfaces/innerkits/samgr_proxy/include", + "//foundation/ace/napi/interfaces/kits", + "//third_party/json/single_include", + "//third_party/node/src", + "//utils/system/safwk/native/include", + "//foundation/communication/dsoftbus/interfaces/kits/transport", + "//foundation/communication/dsoftbus/interfaces/kits/common", + "//foundation/communication/dsoftbus/interfaces/kits/bus_center", + "//third_party/json/include", + "//foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_base/include", + "//foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_core/include/bundlemgr", + "//foundation/aafwk/standard/interfaces/innerkits/ability_manager/include", + "//base/security/access_token/frameworks/common/include", + "//base/security/access_token/interfaces/kits/accesstoken/napi/include", + "//base/security/access_token/interfaces/innerkits/accesstoken/main/cpp/include", + ] + + sources = [ "//base/security/access_token/interfaces/kits/accesstoken/napi/src/napi_atmanager.cpp" ] + + deps = [ + "//base/notification/ans_standard/frameworks/ans/core:ans_core", + "//base/notification/ans_standard/frameworks/wantagent:wantagent_innerkits", + "//base/security/access_token/interfaces/innerkits/accesstoken:libaccesstoken_sdk", + "//base/startup/syspara_lite/interfaces/innerkits/native/syspara:syspara", + "//foundation/aafwk/standard/interfaces/innerkits/base:base", + "//foundation/ace/napi:ace_napi", + "//foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_base:appexecfwk_base", + "//foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_core:appexecfwk_core", + "//foundation/appexecfwk/standard/interfaces/innerkits/libeventhandler:libeventhandler", + "//foundation/distributedschedule/safwk/interfaces/innerkits/safwk:system_ability_fwk", + "//foundation/distributedschedule/samgr/interfaces/innerkits/samgr_proxy:samgr_proxy", + "//utils/native/base:utils", + ] + cflags_cc = [ "-DHILOG_ENABLE" ] + external_deps = [ + "aafwk_standard:want", + "hiviewdfx_hilog_native:libhilog", + "ipc:ipc_core", + ] + + relative_install_dir = "module" + subsystem_name = "security" + part_name = "access_token" +} diff --git a/interfaces/kits/accesstoken/napi/include/napi_atmanager.h b/interfaces/kits/accesstoken/napi/include/napi_atmanager.h new file mode 100644 index 0000000000000000000000000000000000000000..3fee43806253cab76c5cefd05943e9037f532000 --- /dev/null +++ b/interfaces/kits/accesstoken/napi/include/napi_atmanager.h @@ -0,0 +1,88 @@ +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef NAPI_ATMANAGER_H_ +#define NAPI_ATMANAGER_H_ + +#include +#include +#include +#include + +#include "napi/native_api.h" +#include "napi/native_node_api.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +#define ASYN_THREAD_EXEC_SUCC 0 +#define ASYN_THREAD_EXEC_FAIL -1 +#define ACCESSTOKEN_PERMISSION_GRANT_FAIL -1 +#define ACCESSTOKEN_PERMISSION_GRANT_SUCC 0 +#define ACCESSTOKEN_PERMISSION_REVOKE_FAIL -1 +#define ACCESSTOKEN_PERMISSION_REVOKE_SUCC 0 +#define VALUE_BUFFER_SIZE 128 + +const std::string ATMANAGER_CLASS_NAME = "atManager"; + +struct AtManagerAsyncContext { + napi_env env = nullptr; + uint32_t tokenId = 0; + char permissionName[ VALUE_BUFFER_SIZE ] = { 0 }; + size_t pNameLen = 0; + int flag = 0; + int result = 0; // callback or promise return result + int status = ASYN_THREAD_EXEC_FAIL; // napi_create_async_work-execute function exec result, default failure + + napi_deferred deferred = nullptr; // promise handle + napi_ref callbackRef = nullptr; // callback handle + napi_async_work work = nullptr; // work handle +}; + +class NapiAtManager { +public: + static napi_value Init(napi_env env, napi_value exports); + +private: + static napi_value JsConstructor(napi_env env, napi_callback_info cbinfo); + static napi_value CreateAtManager(napi_env env, napi_callback_info cbInfo); + static napi_value VerifyAccessToken(napi_env env, napi_callback_info info); + static napi_value GrantUserGrantedPermission(napi_env env, napi_callback_info info); + static napi_value RevokeUserGrantedPermission(napi_env env, napi_callback_info info); + static napi_value GetPermissionFlags(napi_env env, napi_callback_info info); + + static void ParseInputVerifyPermissionOrGetFlag(const napi_env env, const napi_callback_info info, + AtManagerAsyncContext& asyncContext); + static void VerifyAccessTokenExecute(napi_env env, void *data); + static void VerifyAccessTokenComplete(napi_env env, napi_status status, void *data); + static void ParseInputGrantOrRevokePermission(const napi_env env, const napi_callback_info info, + AtManagerAsyncContext& asyncContext); + static void GrantUserGrantedPermissionExcute(napi_env env, void *data); + static void GrantUserGrantedPermissionComplete(napi_env env, napi_status status, void *data); + static void RevokeUserGrantedPermissionExcute(napi_env env, void *data); + static void RevokeUserGrantedPermissionComplete(napi_env env, napi_status status, void *data); + static void GetPermissionFlagsExcute(napi_env env, void *data); + static void GetPermissionFlagsComplete(napi_env env, napi_status status, void *data); + + static napi_ref constructorRef_; +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +/* + * function for module exports + */ +static napi_value Init(napi_env env, napi_value exports); + +#endif /* NAPI_ATMANAGER_H_ */ diff --git a/interfaces/kits/accesstoken/napi/src/napi_atmanager.cpp b/interfaces/kits/accesstoken/napi/src/napi_atmanager.cpp new file mode 100644 index 0000000000000000000000000000000000000000..02dd841c4922adfbf9249e6adfdbd9602063059c --- /dev/null +++ b/interfaces/kits/accesstoken/napi/src/napi_atmanager.cpp @@ -0,0 +1,589 @@ +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "napi_atmanager.h" + +#include +#include +#include +#include + +#include "accesstoken_kit.h" +#include "accesstoken_log.h" +#include "napi/native_api.h" +#include "napi/native_node_api.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { + LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AccessTokenAbilityAccessCtrl" +}; +} // namespace + +napi_ref NapiAtManager::constructorRef_; + +napi_value NapiAtManager::Init(napi_env env, napi_value exports) +{ + ACCESSTOKEN_LOG_DEBUG(LABEL, "enter init."); + + napi_property_descriptor descriptor[] = { DECLARE_NAPI_FUNCTION("createAtManager", CreateAtManager) }; + + NAPI_CALL(env, napi_define_properties(env, + exports, sizeof(descriptor) / sizeof(napi_property_descriptor), descriptor)); + + napi_property_descriptor properties[] = { + DECLARE_NAPI_FUNCTION("verifyAccessToken", VerifyAccessToken), + DECLARE_NAPI_FUNCTION("grantUserGrantedPermission", GrantUserGrantedPermission), + DECLARE_NAPI_FUNCTION("revokeUserGrantedPermission", RevokeUserGrantedPermission), + DECLARE_NAPI_FUNCTION("getPermissionFlags", GetPermissionFlags) + }; + + napi_value cons = nullptr; + NAPI_CALL(env, napi_define_class(env, ATMANAGER_CLASS_NAME.c_str(), ATMANAGER_CLASS_NAME.size(), + JsConstructor, nullptr, sizeof(properties) / sizeof(napi_property_descriptor), properties, &cons)); + + NAPI_CALL(env, napi_create_reference(env, cons, 1, &constructorRef_)); + NAPI_CALL(env, napi_set_named_property(env, exports, ATMANAGER_CLASS_NAME.c_str(), cons)); + + return exports; +} + +napi_value NapiAtManager::JsConstructor(napi_env env, napi_callback_info cbinfo) +{ + ACCESSTOKEN_LOG_DEBUG(LABEL, "enter JsConstructor"); + + napi_value thisVar = nullptr; + + NAPI_CALL(env, napi_get_cb_info(env, cbinfo, nullptr, nullptr, &thisVar, nullptr)); + + return thisVar; +} + +napi_value NapiAtManager::CreateAtManager(napi_env env, napi_callback_info cbInfo) +{ + ACCESSTOKEN_LOG_DEBUG(LABEL, "enter CreateAtManager"); + + napi_value instance = nullptr; + napi_value cons = nullptr; + + if (napi_get_reference_value(env, constructorRef_, &cons) != napi_ok) { + return nullptr; + } + + ACCESSTOKEN_LOG_DEBUG(LABEL, "Get a reference to the global variable constructorRef_ complete"); + + if (napi_new_instance(env, cons, 0, nullptr, &instance) != napi_ok) { + return nullptr; + } + + ACCESSTOKEN_LOG_DEBUG(LABEL, "New the js instance complete"); + + return instance; +} + +void NapiAtManager::ParseInputVerifyPermissionOrGetFlag(const napi_env env, const napi_callback_info info, + AtManagerAsyncContext& asyncContext) +{ + size_t argc = 2; + + napi_value argv[2] = { 0 }; + napi_value thisVar = nullptr; + + void *data = nullptr; + + napi_get_cb_info(env, info, &argc, argv, &thisVar, &data); + + asyncContext.env = env; + + // parse input tokenId and permissionName + for (size_t i = 0; i < argc; i++) { + napi_valuetype valueType = napi_undefined; + napi_typeof(env, argv[i], &valueType); + + if (valueType == napi_number) { + napi_get_value_uint32(env, argv[i], &(asyncContext.tokenId)); // get tokenId + } else if (valueType == napi_string) { + napi_get_value_string_utf8(env, argv[i], asyncContext.permissionName, + VALUE_BUFFER_SIZE, &(asyncContext.pNameLen)); // get permissionName + } else { + ACCESSTOKEN_LOG_ERROR(LABEL, "Type matching failed"); + asyncContext.result = -1; + } + } + + ACCESSTOKEN_LOG_DEBUG(LABEL, "tokenID = %{public}d", asyncContext.tokenId); + ACCESSTOKEN_LOG_DEBUG(LABEL, "permissionName = %{public}s", asyncContext.permissionName); +} + +void NapiAtManager::VerifyAccessTokenExecute(napi_env env, void *data) +{ + AtManagerAsyncContext* asyncContext = (AtManagerAsyncContext *)data; + + // use innerkit class method to verify permission + asyncContext->result = AccessTokenKit::VerifyAccessToken(asyncContext->tokenId, + asyncContext->permissionName); + + // set status according to the innerkit class method return + if ((asyncContext->result == PERMISSION_GRANTED) || (asyncContext->result == PERMISSION_DENIED)) { + asyncContext->status = ASYN_THREAD_EXEC_SUCC; // granted and denied regard as function exec success + } else { + asyncContext->status = ASYN_THREAD_EXEC_FAIL; // other regard as function exec failure + } +} + +void NapiAtManager::VerifyAccessTokenComplete(napi_env env, napi_status status, void *data) +{ + AtManagerAsyncContext* asyncContext = (AtManagerAsyncContext*)data; + napi_value result; + + ACCESSTOKEN_LOG_DEBUG(LABEL, "tokenId = %{public}d, permissionName = %{public}s, verify result = %{public}d.", + asyncContext->tokenId, asyncContext->permissionName, asyncContext->result); + + if (asyncContext->status == ASYN_THREAD_EXEC_SUCC) { + // execute succ, use resolve to return result by the deferred create before + napi_create_int32(env, asyncContext->result, &result); // verify result + napi_resolve_deferred(env, asyncContext->deferred, result); + } else { + // execute fail, use reject to return default PERMISSION_DENIED by the deferred create before + napi_create_int32(env, PERMISSION_DENIED, &result); // verify result + napi_reject_deferred(env, asyncContext->deferred, result); + } + + // after return the result, free resources + napi_delete_async_work(env, asyncContext->work); + delete asyncContext; +} + +napi_value NapiAtManager::VerifyAccessToken(napi_env env, napi_callback_info info) +{ + ACCESSTOKEN_LOG_DEBUG(LABEL, "VerifyAccessToken begin."); + + auto *asyncContext = new AtManagerAsyncContext(); // for async work deliver data + if (asyncContext == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "new struct fail."); + return nullptr; + } + + ParseInputVerifyPermissionOrGetFlag(env, info, *asyncContext); + if (asyncContext->result == -1) { + delete asyncContext; + return nullptr; + } + + napi_value result = nullptr; + + napi_create_promise(env, &(asyncContext->deferred), &result); // create delay promise object + + napi_value resource = nullptr; // resource name + napi_create_string_utf8(env, "VerifyAccessToken", NAPI_AUTO_LENGTH, &resource); + + napi_create_async_work( // define work + env, nullptr, resource, VerifyAccessTokenExecute, VerifyAccessTokenComplete, + (void *)asyncContext, &(asyncContext->work)); + napi_queue_async_work(env, asyncContext->work); // add async work handle to the napi queue and wait for result + + ACCESSTOKEN_LOG_DEBUG(LABEL, "VerifyAccessToken end."); + + return result; +} + +void NapiAtManager::ParseInputGrantOrRevokePermission(const napi_env env, const napi_callback_info info, + AtManagerAsyncContext& asyncContext) +{ + size_t argc = 4; + + napi_value argv[4] = { 0 }; + napi_value thisVar = nullptr; + + void *data = nullptr; + + napi_get_cb_info(env, info, &argc, argv, &thisVar, &data); + + asyncContext.env = env; + + // parse input tokenId and permissionName + for (size_t i = 0; i < argc; i++) { + napi_valuetype valueType = napi_undefined; + napi_typeof(env, argv[i], &valueType); + + if ((i == 0) && (valueType == napi_number)) { + napi_get_value_uint32(env, argv[i], &(asyncContext.tokenId)); // get tokenId + } else if (valueType == napi_string) { + napi_get_value_string_utf8(env, argv[i], asyncContext.permissionName, + VALUE_BUFFER_SIZE, &(asyncContext.pNameLen)); // get permissionName + } else if (valueType == napi_number) { + napi_get_value_int32(env, argv[i], &(asyncContext.flag)); // get flag + } else if (valueType == napi_function) { + napi_create_reference(env, argv[i], 1, &asyncContext.callbackRef); // get probably callback + } else { + ACCESSTOKEN_LOG_ERROR(LABEL, "Type matching failed"); + asyncContext.result = -1; + } + } + + ACCESSTOKEN_LOG_DEBUG(LABEL, "tokenID = %{public}d", asyncContext.tokenId); + ACCESSTOKEN_LOG_DEBUG(LABEL, "permissionName = %{public}s", asyncContext.permissionName); + ACCESSTOKEN_LOG_DEBUG(LABEL, "flag = %{public}d", asyncContext.flag); +} + +void NapiAtManager::GrantUserGrantedPermissionExcute(napi_env env, void *data) +{ + AtManagerAsyncContext* asyncContext = (AtManagerAsyncContext *)data; + PermissionDef permissionDef; + + // struct init, can not use = { 0 } or memset otherwise program crashdump + permissionDef.grantMode = 0; + permissionDef.availableLevel = APL_NORMAL; + permissionDef.provisionEnable = false; + permissionDef.distributedSceneEnable = false; + permissionDef.labelId = 0; + permissionDef.descriptionId = 0; + + // use innerkit class method to check if the permission grantmode is USER_GRANT-0 + AccessTokenKit::GetDefPermission(asyncContext->permissionName, permissionDef); + + ACCESSTOKEN_LOG_DEBUG(LABEL, "permissionName = %{public}s, grantmode = %{public}d.", asyncContext->permissionName, + permissionDef.grantMode); + + if (permissionDef.grantMode != USER_GRANT) { + // system_grant permission, return fail directly + asyncContext->result = ACCESSTOKEN_PERMISSION_GRANT_FAIL; + asyncContext->status = ASYN_THREAD_EXEC_SUCC; + } else { + // user_grant permission, use innerkit class method to grant permission + asyncContext->result = AccessTokenKit::GrantPermission(asyncContext->tokenId, + asyncContext->permissionName, + asyncContext->flag); + + ACCESSTOKEN_LOG_DEBUG(LABEL, + "tokenId = %{public}d, permissionName = %{public}s, flag = %{public}d, grant result = %{public}d.", + asyncContext->tokenId, asyncContext->permissionName, asyncContext->flag, asyncContext->result); + + // set status according to the innerkit class method return + if ((asyncContext->result == ACCESSTOKEN_PERMISSION_GRANT_SUCC) + || (asyncContext->result == ACCESSTOKEN_PERMISSION_GRANT_FAIL)) { + asyncContext->status = ASYN_THREAD_EXEC_SUCC; // success or failure regard as function exec success + } else { + asyncContext->status = ASYN_THREAD_EXEC_FAIL; // other regard as function exec failure + } + } +} + +void NapiAtManager::GrantUserGrantedPermissionComplete(napi_env env, napi_status status, void *data) +{ + AtManagerAsyncContext* asyncContext = (AtManagerAsyncContext*)data; + napi_value result = nullptr; + + if (asyncContext->status == ASYN_THREAD_EXEC_SUCC) { + // execute succ, consider asyncContext->result as return result + napi_create_int32(env, asyncContext->result, &result); + } else { + // execute fail, set default failure result + napi_create_int32(env, ACCESSTOKEN_PERMISSION_GRANT_FAIL, &result); + } + + if (asyncContext->deferred) { + // promise type + if (asyncContext->status == ASYN_THREAD_EXEC_SUCC) { + // innerkit class methon exec success, use resolve to return result + napi_resolve_deferred(env, asyncContext->deferred, result); + } else { + // innerkit class methon exec failure, use reject to return result + napi_reject_deferred(env, asyncContext->deferred, result); + } + } else { + // callback type + napi_value callback = nullptr; + napi_value thisValue = nullptr; // recv napi value + napi_value thatValue = nullptr; // result napi value + + // set call function params->napi_call_function(env, recv, func, argc, argv, result) + napi_get_undefined(env, &thisValue); // can not null otherwise js code can not get return + napi_create_int32(env, 0, &thatValue); // can not null otherwise js code can not get return + napi_get_reference_value(env, asyncContext->callbackRef, &callback); + napi_call_function(env, thisValue, callback, 1, &result, &thatValue); + napi_delete_reference(env, asyncContext->callbackRef); // release callback handle + } + + // after return the result, free resources + napi_delete_async_work(env, asyncContext->work); + delete asyncContext; +} + +napi_value NapiAtManager::GrantUserGrantedPermission(napi_env env, napi_callback_info info) +{ + ACCESSTOKEN_LOG_DEBUG(LABEL, "GrantUserGrantedPermission begin."); + + auto *asyncContext = new (std::nothrow) AtManagerAsyncContext(); // for async work deliver data + if (asyncContext == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "new struct fail."); + return nullptr; + } + + ParseInputGrantOrRevokePermission(env, info, *asyncContext); + if (asyncContext->result == -1) { + delete asyncContext; + return nullptr; + } + + napi_value result = nullptr; + + if (asyncContext->callbackRef == nullptr) { + // when callback null, create delay promise object for returning result in async work complete function + napi_create_promise(env, &(asyncContext->deferred), &result); + } else { + // callback not null, use callback type to return result + napi_get_undefined(env, &result); + } + + napi_value resource = nullptr; // resource name + napi_create_string_utf8(env, "GrantUserGrantedPermission", NAPI_AUTO_LENGTH, &resource); + + napi_create_async_work( // define work + env, nullptr, resource, GrantUserGrantedPermissionExcute, GrantUserGrantedPermissionComplete, + (void *)asyncContext, &(asyncContext->work)); + + napi_queue_async_work(env, asyncContext->work); // add async work handle to the napi queue and wait for result + + ACCESSTOKEN_LOG_DEBUG(LABEL, "GrantUserGrantedPermission end."); + + return result; +} + +void NapiAtManager::RevokeUserGrantedPermissionExcute(napi_env env, void *data) +{ + AtManagerAsyncContext* asyncContext = (AtManagerAsyncContext *)data; + PermissionDef permissionDef; + + // struct init, can not use = { 0 } or memset otherwise program crashdump + permissionDef.grantMode = 0; + permissionDef.availableLevel = APL_NORMAL; + permissionDef.provisionEnable = false; + permissionDef.distributedSceneEnable = false; + permissionDef.labelId = 0; + permissionDef.descriptionId = 0; + + // use innerkit class method to check if the permission grantmode is USER_GRANT-0 + AccessTokenKit::GetDefPermission(asyncContext->permissionName, permissionDef); + + ACCESSTOKEN_LOG_DEBUG(LABEL, "permissionName = %{public}s, grantmode = %{public}d.", asyncContext->permissionName, + permissionDef.grantMode); + + if (permissionDef.grantMode != USER_GRANT) { + // system_grant permission, return fail directly + asyncContext->result = ACCESSTOKEN_PERMISSION_REVOKE_FAIL; + asyncContext->status = ASYN_THREAD_EXEC_SUCC; + } else { + // user_grant permission, use innerkit class method to grant permission + asyncContext->result = AccessTokenKit::RevokePermission(asyncContext->tokenId, + asyncContext->permissionName, asyncContext->flag); + + ACCESSTOKEN_LOG_DEBUG(LABEL, + "tokenId = %{public}d, permissionName = %{public}s, flag = %{public}d, revoke result = %{public}d.", + asyncContext->tokenId, asyncContext->permissionName, asyncContext->flag, asyncContext->result); + + // set status according to the innerkit class method return + if ((asyncContext->result == ACCESSTOKEN_PERMISSION_REVOKE_SUCC) + || (asyncContext->result == ACCESSTOKEN_PERMISSION_REVOKE_FAIL)) { + asyncContext->status = ASYN_THREAD_EXEC_SUCC; // success or failure regard as function exec success + } else { + asyncContext->status = ASYN_THREAD_EXEC_FAIL; // other regard as function exec failure + } + } +} + +void NapiAtManager::RevokeUserGrantedPermissionComplete(napi_env env, napi_status status, void *data) +{ + AtManagerAsyncContext* asyncContext = (AtManagerAsyncContext*)data; + napi_value result = nullptr; + + if (asyncContext->status == ASYN_THREAD_EXEC_SUCC) { + // execute succ, consider asyncContext->result as return result + napi_create_int32(env, asyncContext->result, &result); + } else { + // execute fail, set default failure result + napi_create_int32(env, ACCESSTOKEN_PERMISSION_GRANT_FAIL, &result); + } + + if (asyncContext->deferred) { + // promise type + if (asyncContext->status == ASYN_THREAD_EXEC_SUCC) { + // innerkit class methon exec success, use resolve to return result + napi_resolve_deferred(env, asyncContext->deferred, result); + } else { + // innerkit class methon exec failure, use reject to return result + napi_reject_deferred(env, asyncContext->deferred, result); + } + } else { + // callback type + napi_value callback = nullptr; + napi_value thisValue = nullptr; // recv napi value + napi_value thatValue = nullptr; // result napi value + + // set call function params->napi_call_function(env, recv, func, argc, argv, result) + napi_get_undefined(env, &thisValue); // can not null otherwise js code can not get return + napi_create_int32(env, 0, &thatValue); // can not null otherwise js code can not get return + napi_get_reference_value(env, asyncContext->callbackRef, &callback); + napi_call_function(env, thisValue, callback, 1, &result, &thatValue); + napi_delete_reference(env, asyncContext->callbackRef); // release callback handle + } + + // after return the result, free resources + napi_delete_async_work(env, asyncContext->work); + delete asyncContext; +} + +napi_value NapiAtManager::RevokeUserGrantedPermission(napi_env env, napi_callback_info info) +{ + ACCESSTOKEN_LOG_DEBUG(LABEL, "RevokeUserGrantedPermission begin."); + + auto *asyncContext = new AtManagerAsyncContext(); // for async work deliver data + if (asyncContext == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "new struct fail."); + return nullptr; + } + + ParseInputGrantOrRevokePermission(env, info, *asyncContext); + if (asyncContext->result == -1) { + delete asyncContext; + return nullptr; + } + + napi_value result = nullptr; + + if (asyncContext->callbackRef == nullptr) { + // when callback null, create delay promise object for returning result in async work complete function + napi_create_promise(env, &(asyncContext->deferred), &result); + } else { + // callback not null, use callback type to return result + napi_get_undefined(env, &result); + } + + napi_value resource = nullptr; // resource name + napi_create_string_utf8(env, "RevokeUserGrantedPermission", NAPI_AUTO_LENGTH, &resource); + + napi_create_async_work( // define work + env, nullptr, resource, RevokeUserGrantedPermissionExcute, RevokeUserGrantedPermissionComplete, + (void *)asyncContext, &(asyncContext->work)); + + napi_queue_async_work(env, asyncContext->work); // add async work handle to the napi queue and wait for result + + ACCESSTOKEN_LOG_DEBUG(LABEL, "RevokeUserGrantedPermission end."); + + return result; +} + +void NapiAtManager::GetPermissionFlagsExcute(napi_env env, void *data) +{ + AtManagerAsyncContext* asyncContext = (AtManagerAsyncContext *)data; + + // use innerkit class method to get permission flag + asyncContext->flag = AccessTokenKit::GetPermissionFlag(asyncContext->tokenId, + asyncContext->permissionName); + asyncContext->status = ASYN_THREAD_EXEC_SUCC; // status default failure +} + +void NapiAtManager::GetPermissionFlagsComplete(napi_env env, napi_status status, void *data) +{ + AtManagerAsyncContext* asyncContext = (AtManagerAsyncContext*)data; + napi_value result; + + ACCESSTOKEN_LOG_DEBUG(LABEL, "permissionName = %{public}s, tokenId = %{public}d, flag = %{public}d.", + asyncContext->permissionName, asyncContext->tokenId, asyncContext->flag); + + if (asyncContext->status == ASYN_THREAD_EXEC_SUCC) { + // execute succ, use resolve to return result by the deferred create before + napi_create_int32(env, asyncContext->flag, &result); + napi_resolve_deferred(env, asyncContext->deferred, result); + } else { + // execute fail, this way may not match, but for code strict, still keep + napi_create_int32(env, asyncContext->flag, &result); + napi_reject_deferred(env, asyncContext->deferred, result); + } + + // after return the result, free resources + napi_delete_async_work(env, asyncContext->work); + delete asyncContext; +} + +napi_value NapiAtManager::GetPermissionFlags(napi_env env, napi_callback_info info) +{ + ACCESSTOKEN_LOG_DEBUG(LABEL, "GetPermissionFlags begin."); + + auto *asyncContext = new AtManagerAsyncContext(); // for async work deliver data + if (asyncContext == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "new struct fail."); + return nullptr; + } + + ParseInputVerifyPermissionOrGetFlag(env, info, *asyncContext); + if (asyncContext->result == -1) { + delete asyncContext; + return nullptr; + } + + napi_value result = nullptr; + + napi_create_promise(env, &(asyncContext->deferred), &result); // create delay promise object + + napi_value resource = nullptr; // resource name + napi_create_string_utf8(env, "VerifyAccessToken", NAPI_AUTO_LENGTH, &resource); + + napi_create_async_work( // define work + env, nullptr, resource, GetPermissionFlagsExcute, GetPermissionFlagsComplete, + (void *)asyncContext, &(asyncContext->work)); + napi_queue_async_work(env, asyncContext->work); // add async work handle to the napi queue and wait for result + + ACCESSTOKEN_LOG_DEBUG(LABEL, "GetPermissionFlags end."); + + return result; +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS + +EXTERN_C_START +/* + * function for module exports + */ +static napi_value Init(napi_env env, napi_value exports) +{ + ACCESSTOKEN_LOG_DEBUG(OHOS::Security::AccessToken::LABEL, "Register end, start init."); + + return OHOS::Security::AccessToken::NapiAtManager::Init(env, exports); +} +EXTERN_C_END + +/* + * Module define + */ +static napi_module _module = { + .nm_version = 1, + .nm_flags = 0, + .nm_filename = nullptr, + .nm_register_func = Init, + .nm_modname = "abilityAccessCtrl", + .nm_priv = ((void *)0), + .reserved = {0} +}; + +/* + * Module register function + */ +extern "C" __attribute__((constructor)) void AbilityAccessCtrlmoduleRegister(void) +{ + napi_module_register(&_module); +} diff --git a/services/accesstokenmanager/BUILD.gn b/services/accesstokenmanager/BUILD.gn index 4622a3086d424227e49d9ced179cd855fbd27fae..a46905ab6ebf1a57413b7809738cb0b695e24a15 100644 --- a/services/accesstokenmanager/BUILD.gn +++ b/services/accesstokenmanager/BUILD.gn @@ -13,7 +13,6 @@ import("//build/ohos.gni") - ohos_prebuilt_etc("access_token.rc") { source = "access_token.cfg" relative_install_dir = "init" @@ -35,19 +34,10 @@ ohos_shared_library("accesstoken_manager_service") { "//base/security/access_token/frameworks/accesstoken/include", "//base/security/access_token/interfaces/innerkits/accesstoken/main/cpp/include", "//third_party/json/include", + "//base/startup/syspara_lite/interfaces/innerkits/native/syspara/include/", ] sources = [ - "main/cpp/src/service/accesstoken_manager_service.cpp", - "main/cpp/src/service/accesstoken_manager_stub.cpp", - "main/cpp/src/token/accesstoken_id_manager.cpp", - "main/cpp/src/token/accesstoken_info_manager.cpp", - "main/cpp/src/token/hap_token_info_inner.cpp", - "main/cpp/src/token/native_token_info_inner.cpp", - "main/cpp/src/permission/permission_manager.cpp", - "main/cpp/src/permission/permission_definition_cache.cpp", - "main/cpp/src/permission/permission_policy_set.cpp", - "main/cpp/src/permission/permission_validator.cpp", "main/cpp/src/database/data_storage.cpp", "main/cpp/src/database/data_translator.cpp", "main/cpp/src/database/generic_values.cpp", @@ -55,6 +45,17 @@ ohos_shared_library("accesstoken_manager_service") { "main/cpp/src/database/sqlite_storage.cpp", "main/cpp/src/database/statement.cpp", "main/cpp/src/database/variant_value.cpp", + "main/cpp/src/permission/permission_definition_cache.cpp", + "main/cpp/src/permission/permission_manager.cpp", + "main/cpp/src/permission/permission_policy_set.cpp", + "main/cpp/src/permission/permission_validator.cpp", + "main/cpp/src/service/accesstoken_manager_service.cpp", + "main/cpp/src/service/accesstoken_manager_stub.cpp", + "main/cpp/src/token/accesstoken_id_manager.cpp", + "main/cpp/src/token/accesstoken_info_manager.cpp", + "main/cpp/src/token/hap_token_info_inner.cpp", + "main/cpp/src/token/native_token_info_inner.cpp", + "main/cpp/src/token/native_token_receptor.cpp", ] cflags_cc = [ "-DHILOG_ENABLE" ] @@ -62,10 +63,11 @@ ohos_shared_library("accesstoken_manager_service") { deps = [ #"//base/security/accesstoken/frameworks/accesstooken/permissioncommunicationadapter:permission_standard_communication_adapter_cxx", #"//base/security/accesstoken/frameworks/accesstooken/common:permission_standard_infrastructure_cxx", - "//third_party/sqlite:sqlite", - "//base/security/access_token/frameworks/common:accesstoken_common_cxx", "//base/security/access_token/frameworks/accesstoken:accesstoken_communication_adapter_cxx", + "//base/security/access_token/frameworks/common:accesstoken_common_cxx", "//base/security/access_token/services/accesstokenmanager:access_token.rc", + "//base/startup/syspara_lite/interfaces/innerkits/native/syspara:syspara", + "//third_party/sqlite:sqlite", "//utils/native/base:utils", ] diff --git a/services/accesstokenmanager/main/cpp/include/database/field_const.h b/services/accesstokenmanager/main/cpp/include/database/field_const.h index 3d9ec533f0af94d8ccb66757bf87655eabe224a8..a73a3a9d314fda1c6c70ad8461ab5681645cf8b4 100644 --- a/services/accesstokenmanager/main/cpp/include/database/field_const.h +++ b/services/accesstokenmanager/main/cpp/include/database/field_const.h @@ -34,7 +34,9 @@ const std::string FIELD_PROCESS_NAME = "process_name"; const std::string FIELD_DCAP = "dcap"; const std::string FIELD_PERMISSION_NAME = "permission_name"; const std::string FIELD_GRANT_MODE = "grant_mode"; -const std::string FIELD_AVAILABLE_SCOPE = "available_scope"; +const std::string FIELD_AVAILABLE_LEVEL = "available_level"; +const std::string FIELD_PROVISION_ENABLE = "provision_enable"; +const std::string FIELD_DISTRIBUTED_SCENE_ENABLE = "distributed_scene_enable"; const std::string FIELD_LABEL = "label"; const std::string FIELD_LABEL_ID = "label_id"; const std::string FIELD_DESCRIPTION = "description"; diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h b/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h index 76e492897fac0c2b023a75626e0446a6962211f8..969509549fa13748ead6a52ffc47dce33b82ec83 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h @@ -35,6 +35,8 @@ public: bool Insert(const PermissionDef& info); + bool Update(const PermissionDef& info); + void DeleteByBundleName(const std::string& bundleName); int FindByPermissionName(const std::string& permissionName, PermissionDef& info); diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h index 5925deec7907f15420c4a6499702f9e490f6a46a..fcc3087cc2f0876d193a737b6fe6937ffc146a39 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h @@ -30,13 +30,12 @@ namespace OHOS { namespace Security { namespace AccessToken { -static const int DEFAULT_PERMISSION_FLAGS = 0; class PermissionManager final { public: static PermissionManager& GetInstance(); virtual ~PermissionManager(); - void AddDefPermissions(const std::vector& permList); + void AddDefPermissions(std::shared_ptr tokenInfo, bool updateFlag); void RemoveDefPermissions(AccessTokenID tokenID); int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName); int GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult); @@ -49,17 +48,9 @@ public: void ClearUserGrantedPermissionState(AccessTokenID tokenID); private: PermissionManager(); - int UpdatePermissionStatus(PermissionStateFull& permStat, bool isGranted, int flag); void UpdateTokenPermissionState( AccessTokenID tokenID, const std::string& permissionName, bool isGranted, int flag); - - int QueryPermissionFlag(const PermissionStateFull& permStat); - int QueryPermissionStatus(const PermissionStateFull& permStat); std::string TransferPermissionDefToString(const PermissionDef& inPermissionDef); - bool IsPermissionFlagValid(int flag) const; - bool IsGrantModeValid(const int grantMode) const; - bool IsAvailableScopeValid(const int availableScope) const; - bool IsPermissionDefValid(const PermissionDef& permissionDef) const; DISALLOW_COPY_AND_MOVE(PermissionManager); }; diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h b/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h index b51fe07132ad4a52be5925cf2fb6fa4c01d1c780..84dc327c731040c2c2996c8a298deb7f1c4e1938 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h @@ -16,14 +16,15 @@ #ifndef PERMISSION_POLICY_SET_H #define PERMISSION_POLICY_SET_H -#include "permission_def.h" -#include "permission_state_full.h" +#include +#include +#include + #include "access_token.h" #include "generic_values.h" - -#include -#include -#include +#include "permission_def.h" +#include "permission_state_full.h" +#include "rwlock.h" namespace OHOS { namespace Security { @@ -31,28 +32,35 @@ namespace AccessToken { struct PermissionPolicySet final { public: PermissionPolicySet() : tokenId_(0) {}; - virtual ~PermissionPolicySet() {}; + virtual ~PermissionPolicySet(); static std::shared_ptr BuildPermissionPolicySet(AccessTokenID tokenId, const std::vector& permList, const std::vector& permStateList); static std::shared_ptr RestorePermissionPolicy(AccessTokenID tokenId, const std::vector& permDefRes, const std::vector& permStateRes); void StorePermissionPolicySet(std::vector& permDefValueList, - std::vector& permStateValueList) const; + std::vector& permStateValueList); void Update(const std::vector& permList, const std::vector& permStateList); - void ToString(std::string& info) const; - std::vector permList_; - std::vector permStateList_; + + int VerifyPermissStatus(const std::string& permissionName); + void GetDefPermissions(std::vector& permList); + void GetPermissionStateFulls(std::vector& permList); + int QueryPermissionFlag(const std::string& permissionName); + void UpdatePermissionStatus(const std::string& permissionName, bool isGranted, int flag); + void ToString(std::string& info); private: static void MergePermissionStateFull(std::vector& permStateList, const PermissionStateFull& state); - void UpdatePermStateFull(PermissionStateFull& permOld, const PermissionStateFull& permNew); - void UpdatePermDef(PermissionDef& permOld, const PermissionDef& permNew); + void UpdatePermStateFull(const PermissionStateFull& permOld, PermissionStateFull& permNew); void StorePermissionDef(std::vector& valueList) const; void StorePermissionState(std::vector& valueList) const; void PermDefToString(const PermissionDef& def, std::string& info) const; void PermStateFullToString(const PermissionStateFull& state, std::string& info) const; + + OHOS::Utils::RWLock permPolicySetLock_; + std::vector permList_; + std::vector permStateList_; AccessTokenID tokenId_; }; } // namespace AccessToken diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_validator.h b/services/accesstokenmanager/main/cpp/include/permission/permission_validator.h index ebfb0b73b23230706a5bc122c47164043dd83f77..99dad5945bc90c0c8c5397c1af0c2e8b1f9a249d 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_validator.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_validator.h @@ -35,7 +35,6 @@ public: static void FilterInvalidPermisionState( const std::vector& permList, std::vector& result); static bool IsGrantModeValid(int grantMode); - static bool IsAvailableScopeValid(int availableScope); static bool IsGrantStatusValid(int grantStaus); private: static void DeduplicateResDevID(const PermissionStateFull& permState, PermissionStateFull& result); diff --git a/services/accesstokenmanager/main/cpp/include/token/accesstoken_id_manager.h b/services/accesstokenmanager/main/cpp/include/token/accesstoken_id_manager.h index b74934975a25efc67d469617e40a78c072298c93..1ad68ac8e8f643dbcb3adf48f7e14aebe85c8b7c 100644 --- a/services/accesstokenmanager/main/cpp/include/token/accesstoken_id_manager.h +++ b/services/accesstokenmanager/main/cpp/include/token/accesstoken_id_manager.h @@ -39,6 +39,7 @@ public: int RegisterTokenId(AccessTokenID id, ATokenTypeEnum type); void ReleaseTokenId(AccessTokenID id); ATokenTypeEnum GetTokenIdType(AccessTokenID id); + static ATokenTypeEnum GetTokenIdTypeEnum(AccessTokenID id); private: AccessTokenIDManager() = default; diff --git a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h index 7b282ec13e7d9a18109c391d4c4f68b6544026b4..40786992f72a6154e623441c243beaf45e803c01 100644 --- a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h +++ b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h @@ -42,7 +42,8 @@ public: std::shared_ptr GetNativeTokenInfoInner(AccessTokenID id); int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfo& InfoParcel); std::shared_ptr GetHapPermissionPolicySet(AccessTokenID id); - int RemoveTokenInfo(AccessTokenID id); + int RemoveHapTokenInfo(AccessTokenID id); + int RemoveNativeTokenInfo(AccessTokenID id); int CreateHapTokenInfo(const HapInfoParams& info, const HapPolicyParams& policy, AccessTokenIDEx& tokenIdEx); int CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap); AccessTokenID GetHapTokenID(int userID, const std::string& bundleName, int instIndex); @@ -76,6 +77,7 @@ private: std::map> hapTokenInfoMap_; std::map hapTokenIdMap_; std::map> nativeTokenInfoMap_; + std::map nativeTokenIdMap_; }; } // namespace AccessToken } // namespace Security diff --git a/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h b/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h index 53fea91adae84997a3e4c5afdc7f7e4ff7099dc4..9d3557e4341a3b583c69a89f5a24de87bf9c13d6 100644 --- a/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h +++ b/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h @@ -34,7 +34,7 @@ class HapTokenInfoInner final { public: HapTokenInfoInner() : ver_(DEFAULT_TOKEN_VERSION), tokenID_(0), tokenAttr_(0), userID_(0), instIndex_(0), apl_(APL_NORMAL) {}; - virtual ~HapTokenInfoInner() = default; + virtual ~HapTokenInfoInner(); void Init(AccessTokenID id, const HapInfoParams& info, const HapPolicyParams& policy); void Update(const std::string& appIDDesc, const HapPolicyParams& policy); diff --git a/services/accesstokenmanager/main/cpp/include/token/native_token_info_inner.h b/services/accesstokenmanager/main/cpp/include/token/native_token_info_inner.h index f24c27b59a0fddca082911a970a608d1dc10af3c..1a646f8c13eaa552fdb787402f713b669df98370 100644 --- a/services/accesstokenmanager/main/cpp/include/token/native_token_info_inner.h +++ b/services/accesstokenmanager/main/cpp/include/token/native_token_info_inner.h @@ -35,9 +35,10 @@ static const std::string JSON_DCAPS = "dcaps"; class NativeTokenInfoInner final { public: NativeTokenInfoInner() : ver_(DEFAULT_TOKEN_VERSION), tokenID_(0), tokenAttr_(0), apl_(APL_NORMAL) {}; - virtual ~NativeTokenInfoInner() = default; + NativeTokenInfoInner(NativeTokenInfo& info); + virtual ~NativeTokenInfoInner(); - void Init(AccessTokenID id, const std::string& processName, ATokenAplEnum apl, + int Init(AccessTokenID id, const std::string& processName, int apl, const std::vector& dcap); void StoreNativeInfo(std::vector& valueList) const; void TranslateToNativeTokenInfo(NativeTokenInfo& InfoParcel) const; diff --git a/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h b/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h new file mode 100644 index 0000000000000000000000000000000000000000..2d3e6de456f26a8c9eb7bf7eed5956d72cd8f2aa --- /dev/null +++ b/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h @@ -0,0 +1,69 @@ +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ACCESSTOKEN_NATIVE_TOKEN_RECEPTOR_H +#define ACCESSTOKEN_NATIVE_TOKEN_RECEPTOR_H + +#include +#include +#include +#include + +#include "access_token.h" +#include "nlohmann/json.hpp" +#include "native_token_info_inner.h" +#include "nocopyable.h" +#include "parameter.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +const std::string JSON_KEY_NATIVE_TOKEN_INFO_JSON = "NativeTokenInfo"; +const std::string SOCKET_FILE = "/data/system/token_unix_socket.socket"; +constexpr int MAX_RECEPTOR_SIZE = 1024; +const std::string SYSTEM_PROP_NATIVE_RECEPTOR = "rw.nativetoken.receptor.startup"; +class NativeTokenReceptor final { +public: + static NativeTokenReceptor& GetInstance(); + virtual ~NativeTokenReceptor() = default; + int Init(); + void Release(); + void LoopHandler(); + static void ThreadFunc(NativeTokenReceptor *receptor); + +private: + NativeTokenReceptor() : receptorThread_(nullptr), listenSocket_(-1), + connectSocket_(-1), ready_(false), socketPath_(SOCKET_FILE) {}; + DISALLOW_COPY_AND_MOVE(NativeTokenReceptor); + + void FromJson(const nlohmann::json &jsonObject, + std::vector>& tokenInfos); + void ParserNativeRawData(const std::string& nativeRawData, + std::vector>& tokenInfos); + int InitNativeTokenSocket(); + void from_json(const nlohmann::json& j, NativeTokenInfo& p); + + std::unique_ptr receptorThread_; + std::mutex receptorThreadMutex_; + int listenSocket_; + int connectSocket_; + bool ready_; + std::string socketPath_; +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // ACCESSTOKEN_NATIVE_TOKEN_RECEPTOR_H + diff --git a/services/accesstokenmanager/main/cpp/src/database/data_translator.cpp b/services/accesstokenmanager/main/cpp/src/database/data_translator.cpp index 1f039a1747a3f1f1c0808aee116e60afa506d2c3..4052d8210ca38dabcf33b78e3c8e36ce642b95c5 100644 --- a/services/accesstokenmanager/main/cpp/src/database/data_translator.cpp +++ b/services/accesstokenmanager/main/cpp/src/database/data_translator.cpp @@ -18,17 +18,25 @@ #include #include "accesstoken_log.h" +#include "data_validator.h" #include "field_const.h" +#include "permission_validator.h" namespace OHOS { namespace Security { namespace AccessToken { +namespace { +static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "DataTranslator"}; +} + int DataTranslator::TranslationIntoGenericValues(const PermissionDef& inPermissionDef, GenericValues& outGenericValues) { outGenericValues.Put(FIELD_PERMISSION_NAME, inPermissionDef.permissionName); outGenericValues.Put(FIELD_BUNDLE_NAME, inPermissionDef.bundleName); outGenericValues.Put(FIELD_GRANT_MODE, inPermissionDef.grantMode); - outGenericValues.Put(FIELD_AVAILABLE_SCOPE, inPermissionDef.availableScope); + outGenericValues.Put(FIELD_AVAILABLE_LEVEL, inPermissionDef.availableLevel); + outGenericValues.Put(FIELD_PROVISION_ENABLE, inPermissionDef.provisionEnable ? 1 : 0); + outGenericValues.Put(FIELD_DISTRIBUTED_SCENE_ENABLE, inPermissionDef.distributedSceneEnable ? 1 : 0); outGenericValues.Put(FIELD_LABEL, inPermissionDef.label); outGenericValues.Put(FIELD_LABEL_ID, inPermissionDef.labelId); outGenericValues.Put(FIELD_DESCRIPTION, inPermissionDef.description); @@ -41,7 +49,14 @@ int DataTranslator::TranslationIntoPermissionDef(const GenericValues& inGenericV outPermissionDef.permissionName = inGenericValues.GetString(FIELD_PERMISSION_NAME); outPermissionDef.bundleName = inGenericValues.GetString(FIELD_BUNDLE_NAME); outPermissionDef.grantMode = inGenericValues.GetInt(FIELD_GRANT_MODE); - outPermissionDef.availableScope = inGenericValues.GetInt(FIELD_AVAILABLE_SCOPE); + int aplNum = inGenericValues.GetInt(FIELD_AVAILABLE_LEVEL); + if (!DataValidator::IsAplNumValid(aplNum)) { + ACCESSTOKEN_LOG_WARN(LABEL, "%{public}s:Apl is wrong.", __func__); + return RET_FAILED; + } + outPermissionDef.availableLevel = (ATokenAplEnum)aplNum; + outPermissionDef.provisionEnable = (inGenericValues.GetInt(FIELD_PROVISION_ENABLE) == 1); + outPermissionDef.distributedSceneEnable = (inGenericValues.GetInt(FIELD_DISTRIBUTED_SCENE_ENABLE) == 1); outPermissionDef.label = inGenericValues.GetString(FIELD_LABEL); outPermissionDef.labelId = inGenericValues.GetInt(FIELD_LABEL_ID); outPermissionDef.description = inGenericValues.GetString(FIELD_DESCRIPTION); @@ -54,6 +69,7 @@ int DataTranslator::TranslationIntoGenericValues(const PermissionStateFull& inPe { if (grantIndex >= inPermissionState.resDeviceID.size() || grantIndex >= inPermissionState.grantStatus.size() || grantIndex >= inPermissionState.grantFlags.size()) { + ACCESSTOKEN_LOG_WARN(LABEL, "%{public}s: perm status grant size is wrong", __func__); return RET_FAILED; } outGenericValues.Put(FIELD_PERMISSION_NAME, inPermissionState.permissionName); @@ -69,9 +85,31 @@ int DataTranslator::TranslationIntoPermissionStateFull(const GenericValues& inGe { outPermissionState.isGeneral = ((inGenericValues.GetInt(FIELD_GRANT_IS_GENERAL) == 1) ? true : false); outPermissionState.permissionName = inGenericValues.GetString(FIELD_PERMISSION_NAME); - outPermissionState.resDeviceID.push_back(inGenericValues.GetString(FIELD_DEVICE_ID)); - outPermissionState.grantStatus.push_back((PermissionState)inGenericValues.GetInt(FIELD_GRANT_STATE)); - outPermissionState.grantFlags.push_back(inGenericValues.GetInt(FIELD_GRANT_FLAG)); + if (!DataValidator::IsPermissionNameValid(outPermissionState.permissionName)) { + ACCESSTOKEN_LOG_WARN(LABEL, "%{public}s: permission name is wrong", __func__); + return RET_FAILED; + } + + std::string devID = inGenericValues.GetString(FIELD_DEVICE_ID); + if (!DataValidator::IsDeviceIdValid(devID)) { + ACCESSTOKEN_LOG_WARN(LABEL, "%{public}s: devID is wrong", __func__); + return RET_FAILED; + } + outPermissionState.resDeviceID.push_back(devID); + + int grantStatus = (PermissionState)inGenericValues.GetInt(FIELD_GRANT_STATE); + if (!PermissionValidator::IsGrantStatusValid(grantStatus)) { + ACCESSTOKEN_LOG_WARN(LABEL, "%{public}s: grantStatus is wrong", __func__); + return RET_FAILED; + } + outPermissionState.grantStatus.push_back(grantStatus); + + int grantFlag = (PermissionState)inGenericValues.GetInt(FIELD_GRANT_FLAG); + if (!PermissionValidator::IsPermissionFlagValid(grantFlag)) { + ACCESSTOKEN_LOG_WARN(LABEL, "%{public}s: grantFlag is wrong", __func__); + return RET_FAILED; + } + outPermissionState.grantFlags.push_back(grantFlag); return RET_SUCCESS; } } // namespace AccessToken diff --git a/services/accesstokenmanager/main/cpp/src/database/sqlite_storage.cpp b/services/accesstokenmanager/main/cpp/src/database/sqlite_storage.cpp index 421ab572af0a3fddb3441324abfa663f0e8cdec1..46c1d3797aa50ca2598308a0a3fcfe061cf7a44f 100644 --- a/services/accesstokenmanager/main/cpp/src/database/sqlite_storage.cpp +++ b/services/accesstokenmanager/main/cpp/src/database/sqlite_storage.cpp @@ -66,7 +66,7 @@ SqliteStorage::SqliteStorage() : SqliteHelper(DATABASE_NAME, DATABASE_PATH, DATA NativeTokenInfoTable.tableColumnNames_ = { FIELD_TOKEN_ID, FIELD_PROCESS_NAME, FIELD_TOKEN_VERSION, FIELD_TOKEN_ATTR, - FIELD_DCAP + FIELD_DCAP, FIELD_APL }; SqliteTable permissionDefTable; @@ -74,7 +74,8 @@ SqliteStorage::SqliteStorage() : SqliteHelper(DATABASE_NAME, DATABASE_PATH, DATA permissionDefTable.tableColumnNames_ = { FIELD_TOKEN_ID, FIELD_PERMISSION_NAME, FIELD_BUNDLE_NAME, FIELD_GRANT_MODE, - FIELD_AVAILABLE_SCOPE, FIELD_LABEL, + FIELD_AVAILABLE_LEVEL, FIELD_PROVISION_ENABLE, + FIELD_DISTRIBUTED_SCENE_ENABLE, FIELD_LABEL, FIELD_LABEL_ID, FIELD_DESCRIPTION, FIELD_DESCRIPTION_ID }; @@ -315,6 +316,7 @@ int SqliteStorage::CreateNativeTokenInfoTable() const .append(FIELD_TOKEN_VERSION + " integer not null,") .append(FIELD_TOKEN_ATTR + " integer not null,") .append(FIELD_DCAP + " text not null,") + .append(FIELD_APL + " integer not null,") .append("primary key(" + FIELD_TOKEN_ID) .append("))"); return ExecuteSql(sql); @@ -332,7 +334,9 @@ int SqliteStorage::CreatePermissionDefinitionTable() const .append(FIELD_PERMISSION_NAME + " text not null,") .append(FIELD_BUNDLE_NAME + " text not null,") .append(FIELD_GRANT_MODE + " integer not null,") - .append(FIELD_AVAILABLE_SCOPE + " integer not null,") + .append(FIELD_AVAILABLE_LEVEL + " integer not null,") + .append(FIELD_PROVISION_ENABLE + " integer not null,") + .append(FIELD_DISTRIBUTED_SCENE_ENABLE + " integer not null,") .append(FIELD_LABEL + " text not null,") .append(FIELD_LABEL_ID + " integer not null,") .append(FIELD_DESCRIPTION + " text not null,") diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp index d9894dac64661c5ade432b78923cc8e6e5642a65..c7636c150d41a13e89a874639c86eff57e6e018e 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp @@ -52,6 +52,13 @@ bool PermissionDefinitionCache::Insert(const PermissionDef& info) return true; } +bool PermissionDefinitionCache::Update(const PermissionDef& info) +{ + Utils::UniqueWriteGuard cacheGuard(this->cacheLock_); + permissionDefinitionMap_[info.permissionName] = info; + return true; +} + void PermissionDefinitionCache::DeleteByBundleName(const std::string& bundleName) { Utils::UniqueWriteGuard cacheGuard(this->cacheLock_); diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index 35bf38fa4f22783e025b166d5c6fbba8d3fee771..f648a59b3880a005f60ace4f0514b4074e2f8a9f 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -41,15 +41,34 @@ PermissionManager::~PermissionManager() { } -void PermissionManager::AddDefPermissions(const std::vector& permList) +void PermissionManager::AddDefPermissions(std::shared_ptr tokenInfo, bool updateFlag) { - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, permList size: %{public}d", __func__, permList.size()); + if (tokenInfo == nullptr) { + return; + } + std::shared_ptr permPolicySet = tokenInfo->GetHapInfoPermissionPolicySet(); + if (permPolicySet == nullptr) { + return; + } + std::vector permList; + permPolicySet->GetDefPermissions(permList); for (auto perm : permList) { if (!PermissionValidator::IsPermissionDefValid(perm)) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s: invalid permission definition info: %{public}s", __func__, TransferPermissionDefToString(perm).c_str()); - } else { + continue; + } + + if (updateFlag) { + PermissionDefinitionCache::GetInstance().Update(perm); + continue; + } + + if (!PermissionDefinitionCache::GetInstance().HasDefinition(perm.permissionName)) { PermissionDefinitionCache::GetInstance().Insert(perm); + } else { + ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s: permission %{public}s has define", __func__, + TransferPermissionDefToString(perm).c_str()); } } } @@ -87,13 +106,7 @@ int PermissionManager::VerifyAccessToken(AccessTokenID tokenID, const std::strin return PERMISSION_DENIED; } - std::vector permList = permPolicySet->permStateList_; - for (auto perm : permList) { - if (perm.permissionName == permissionName) { - return QueryPermissionStatus(perm); - } - } - return PERMISSION_DENIED; + return permPolicySet->VerifyPermissStatus(permissionName); } int PermissionManager::GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult) @@ -120,8 +133,8 @@ int PermissionManager::GetDefPermissions(AccessTokenID tokenID, std::vector permListGet = permPolicySet->permList_; - permList.assign(permListGet.begin(), permListGet.end()); + + permPolicySet->GetDefPermissions(permList); return RET_SUCCESS; } @@ -138,8 +151,9 @@ int PermissionManager::GetReqPermissions( } GrantMode mode = isSystemGrant ? SYSTEM_GRANT : USER_GRANT; - std::vector permList = permPolicySet->permStateList_; - for (auto perm : permList) { + std::vector tmpList; + permPolicySet->GetPermissionStateFulls(tmpList); + for (auto perm : tmpList) { PermissionDef permDef; GetDefPermission(perm.permissionName, permDef); if (permDef.grantMode == mode) { @@ -168,24 +182,7 @@ int PermissionManager::GetPermissionFlag(AccessTokenID tokenID, const std::strin ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: invalid params!", __func__); return DEFAULT_PERMISSION_FLAGS; } - - std::vector permList = permPolicySet->permStateList_; - for (auto perm : permList) { - if (perm.permissionName == permissionName) { - return QueryPermissionFlag(perm); - } - } - return DEFAULT_PERMISSION_FLAGS; -} - - -int PermissionManager::UpdatePermissionStatus(PermissionStateFull& permStat, bool isGranted, int flag) -{ - if (permStat.isGeneral == true) { - permStat.grantStatus[0] = isGranted ? PERMISSION_GRANTED : PERMISSION_DENIED; - permStat.grantFlags[0] = flag; - } - return RET_FAILED; + return permPolicySet->QueryPermissionFlag(permissionName); } void PermissionManager::UpdateTokenPermissionState( @@ -198,13 +195,8 @@ void PermissionManager::UpdateTokenPermissionState( return; } - std::vector& permList = permPolicySet->permStateList_; - for (auto& perm : permList) { - if (perm.permissionName == permissionName) { - UpdatePermissionStatus(perm, isGranted, flag); - break; - } - } + permPolicySet->UpdatePermissionStatus(permissionName, isGranted, flag); + AccessTokenInfoManager::GetInstance().RefreshTokenInfoIfNeeded(); } void PermissionManager::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag) @@ -259,30 +251,16 @@ void PermissionManager::ClearUserGrantedPermissionState(AccessTokenID tokenID) return; } - std::vector& permList = permPolicySet->permStateList_; + std::vector permList; + permPolicySet->GetPermissionStateFulls(permList); for (auto& perm : permList) { PermissionDef permDef; - bool isGranted; + bool isGranted = false; GetDefPermission(perm.permissionName, permDef); isGranted = (permDef.grantMode == SYSTEM_GRANT) ? true : false; - UpdatePermissionStatus(perm, isGranted, DEFAULT_PERMISSION_FLAGS); - } -} - -int PermissionManager::QueryPermissionFlag(const PermissionStateFull& permStat) -{ - if (permStat.isGeneral == true) { - return permStat.grantFlags[0]; - } - return DEFAULT_PERMISSION_FLAGS; -} - -int PermissionManager::QueryPermissionStatus(const PermissionStateFull& permStat) -{ - if (permStat.isGeneral == true) { - return permStat.grantStatus[0]; + permPolicySet->UpdatePermissionStatus(perm.permissionName, isGranted, DEFAULT_PERMISSION_FLAGS); } - return PERMISSION_DENIED; + AccessTokenInfoManager::GetInstance().RefreshTokenInfoIfNeeded(); } std::string PermissionManager::TransferPermissionDefToString(const PermissionDef& inPermissionDef) @@ -291,7 +269,9 @@ std::string PermissionManager::TransferPermissionDefToString(const PermissionDef infos.append(R"({"permissionName": ")" + inPermissionDef.permissionName + R"(")"); infos.append(R"(, "bundleName": ")" + inPermissionDef.bundleName + R"(")"); infos.append(R"(, "grantMode": )" + std::to_string(inPermissionDef.grantMode)); - infos.append(R"(, "availableScope": )" + std::to_string(inPermissionDef.availableScope)); + infos.append(R"(, "availableLevel": )" + std::to_string(inPermissionDef.availableLevel)); + infos.append(R"(, "provisionEnable": )" + std::to_string(inPermissionDef.provisionEnable)); + infos.append(R"(, "distributedSceneEnable": )" + std::to_string(inPermissionDef.distributedSceneEnable)); infos.append(R"(, "label": ")" + inPermissionDef.label + R"(")"); infos.append(R"(, "labelId": )" + std::to_string(inPermissionDef.labelId)); infos.append(R"(, "description": ")" + inPermissionDef.description + R"(")"); diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp index 176e4afff8a509f0c099d84f0bf86ce136e680b8..31e64a4a0758448f66b234d2a71ce3da057e01be 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp @@ -28,6 +28,12 @@ namespace { static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "PermissionPolicySet"}; } +PermissionPolicySet::~PermissionPolicySet() +{ + ACCESSTOKEN_LOG_DEBUG(LABEL, + "%{public}s called, tokenID: 0x%{public}x destruction", __func__, tokenId_); +} + std::shared_ptr PermissionPolicySet::BuildPermissionPolicySet( AccessTokenID tokenId, const std::vector& permList, const std::vector& permStateList) @@ -41,49 +47,48 @@ std::shared_ptr PermissionPolicySet::BuildPermissionPolicyS return policySet; } -void PermissionPolicySet::UpdatePermDef(PermissionDef& permOld, const PermissionDef& permNew) +void PermissionPolicySet::UpdatePermStateFull(const PermissionStateFull& permOld, PermissionStateFull& permNew) { - permOld.bundleName = permNew.bundleName; - permOld.grantMode = permNew.grantMode; - permOld.availableScope = permNew.availableScope; - permOld.label = permNew.label; - permOld.labelId = permNew.labelId; - permOld.description = permNew.description; - permOld.descriptionId = permNew.descriptionId; -} - -void PermissionPolicySet::UpdatePermStateFull(PermissionStateFull& permOld, const PermissionStateFull& permNew) -{ - if (permOld.isGeneral != permNew.isGeneral) { - permOld.resDeviceID.clear(); - permOld.grantStatus.clear(); - permOld.grantFlags.clear(); - permOld.isGeneral = permNew.isGeneral; + if (permNew.isGeneral == permOld.isGeneral) { + permNew.resDeviceID = permOld.resDeviceID; + permNew.grantStatus = permOld.grantStatus; + permNew.grantFlags = permOld.grantFlags; } } void PermissionPolicySet::Update(const std::vector& permList, const std::vector& permStateList) { - for (const PermissionDef& permNew : permList) { + std::vector permFilterList; + std::vector permStateFilterList; + + PermissionValidator::FilterInvalidPermisionDef(permList, permFilterList); + PermissionValidator::FilterInvalidPermisionState(permStateList, permStateFilterList); + + Utils::UniqueWriteGuard infoGuard(this->permPolicySetLock_); + for (const PermissionDef& permNew : permFilterList) { + bool found = false; for (PermissionDef& permOld : permList_) { if (permNew.permissionName == permOld.permissionName) { - UpdatePermDef(permOld, permNew); + permOld = permNew; + found = true; break; } } - permList_.emplace_back(permNew); + if (!found) { + permList_.emplace_back(permNew); + } } - for (const PermissionStateFull& permStateNew : permStateList) { - for (PermissionStateFull& permStateOld : permStateList_) { + for (PermissionStateFull& permStateNew : permStateFilterList) { + for (const PermissionStateFull& permStateOld : permStateList_) { if (permStateNew.permissionName == permStateOld.permissionName) { UpdatePermStateFull(permStateOld, permStateNew); break; } } - permStateList_.emplace_back(permStateNew); } + permStateList_ = permStateFilterList; } std::shared_ptr PermissionPolicySet::RestorePermissionPolicy(AccessTokenID tokenId, @@ -99,16 +104,25 @@ std::shared_ptr PermissionPolicySet::RestorePermissionPolic for (GenericValues defValue : permDefRes) { if ((AccessTokenID)defValue.GetInt(FIELD_TOKEN_ID) == tokenId) { PermissionDef def; - DataTranslator::TranslationIntoPermissionDef(defValue, def); - policySet->permList_.emplace_back(def); + int ret = DataTranslator::TranslationIntoPermissionDef(defValue, def); + if (ret == RET_SUCCESS) { + policySet->permList_.emplace_back(def); + } else { + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: tokenId 0x%{public}x permDef is wrong.", __func__, tokenId); + } } } for (GenericValues stateValue : permStateRes) { if ((AccessTokenID)stateValue.GetInt(FIELD_TOKEN_ID) == tokenId) { PermissionStateFull state; - DataTranslator::TranslationIntoPermissionStateFull(stateValue, state); - MergePermissionStateFull(policySet->permStateList_, state); + int ret = DataTranslator::TranslationIntoPermissionStateFull(stateValue, state); + if (ret == RET_SUCCESS) { + MergePermissionStateFull(policySet->permStateList_, state); + } else { + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: tokenId 0x%{public}x permState is wrong.", + __func__, tokenId); + } } } return policySet; @@ -160,18 +174,78 @@ void PermissionPolicySet::StorePermissionState(std::vector& value } void PermissionPolicySet::StorePermissionPolicySet(std::vector& permDefValueList, - std::vector& permStateValueList) const + std::vector& permStateValueList) { + Utils::UniqueReadGuard infoGuard(this->permPolicySetLock_); StorePermissionDef(permDefValueList); StorePermissionState(permStateValueList); } +int PermissionPolicySet::VerifyPermissStatus(const std::string& permissionName) +{ + Utils::UniqueReadGuard infoGuard(this->permPolicySetLock_); + for (auto perm : permStateList_) { + if (perm.permissionName == permissionName) { + if (perm.isGeneral == true) { + return perm.grantStatus[0]; + } else { + return PERMISSION_DENIED; + } + } + } + return PERMISSION_DENIED; +} + +void PermissionPolicySet::GetDefPermissions(std::vector& permList) +{ + Utils::UniqueReadGuard infoGuard(this->permPolicySetLock_); + permList.assign(permList_.begin(), permList_.end()); +} + +void PermissionPolicySet::GetPermissionStateFulls(std::vector& permList) +{ + Utils::UniqueReadGuard infoGuard(this->permPolicySetLock_); + permList.assign(permStateList_.begin(), permStateList_.end()); +} + +int PermissionPolicySet::QueryPermissionFlag(const std::string& permissionName) +{ + Utils::UniqueReadGuard infoGuard(this->permPolicySetLock_); + for (auto perm : permStateList_) { + if (perm.permissionName == permissionName) { + if (perm.isGeneral == true) { + return perm.grantFlags[0]; + } else { + return DEFAULT_PERMISSION_FLAGS; + } + } + } + return DEFAULT_PERMISSION_FLAGS; +} + +void PermissionPolicySet::UpdatePermissionStatus(const std::string& permissionName, bool isGranted, int flag) +{ + Utils::UniqueWriteGuard infoGuard(this->permPolicySetLock_); + for (auto& perm : permStateList_) { + if (perm.permissionName == permissionName) { + if (perm.isGeneral == true) { + perm.grantStatus[0] = isGranted ? PERMISSION_GRANTED : PERMISSION_DENIED; + perm.grantFlags[0] = flag; + } else { + return; + } + } + } +} + void PermissionPolicySet::PermDefToString(const PermissionDef& def, std::string& info) const { info.append(R"({"permissionName": ")" + def.permissionName + R"(")"); info.append(R"(, "bundleName": ")" + def.bundleName + R"(")"); info.append(R"(, "grantMode": )" + std::to_string(def.grantMode)); - info.append(R"(, "availableScope": )" + std::to_string(def.availableScope)); + info.append(R"(, "availableLevel": )" + std::to_string(def.availableLevel)); + info.append(R"(, "provisionEnable": )" + std::to_string(def.provisionEnable)); + info.append(R"(, "distributedSceneEnable": )" + std::to_string(def.distributedSceneEnable)); info.append(R"(, "label": ")" + def.label + R"(")"); info.append(R"(, "labelId": )" + std::to_string(def.labelId)); info.append(R"(, "description": ")" + def.description + R"(")"); @@ -211,8 +285,9 @@ void PermissionPolicySet::PermStateFullToString(const PermissionStateFull& state info.append(R"(]})"); } -void PermissionPolicySet::ToString(std::string& info) const +void PermissionPolicySet::ToString(std::string& info) { + Utils::UniqueReadGuard infoGuard(this->permPolicySetLock_); info.append(R"(, "permDefList": [)"); for (auto iter = permList_.begin(); iter != permList_.end(); iter++) { PermDefToString(*iter, info); diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp index 47f39b62e938bf5f973cf06a17d82f8a6b778283..148a9369a00dd65d87f2d36a5ed6ad877f5a5326 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp @@ -28,13 +28,6 @@ bool PermissionValidator::IsGrantModeValid(int grantMode) return grantMode == GrantMode::SYSTEM_GRANT || grantMode == GrantMode::USER_GRANT; } -bool PermissionValidator::IsAvailableScopeValid(int availableScope) -{ - return availableScope == AvailableScope::AVAILABLE_SCOPE_ALL || - availableScope == AvailableScope::AVAILABLE_SCOPE_RESTRICTED || - availableScope == AvailableScope::AVAILABLE_SCOPE_SIGNATURE; -} - bool PermissionValidator::IsGrantStatusValid(int grantStaus) { return grantStaus == PermissionState::PERMISSION_GRANTED || grantStaus == PermissionState::PERMISSION_DENIED; @@ -42,7 +35,8 @@ bool PermissionValidator::IsGrantStatusValid(int grantStaus) bool PermissionValidator::IsPermissionFlagValid(int flag) { - return flag == PermissionFlag::PERMISSION_USER_SET || + return flag == DEFAULT_PERMISSION_FLAGS || + flag == PermissionFlag::PERMISSION_USER_SET || flag == PermissionFlag::PERMISSION_USER_FIXED || flag == PermissionFlag::PERMISSION_SYSTEM_FIXED; } @@ -54,13 +48,22 @@ bool PermissionValidator::IsPermissionNameValid(const std::string& permissionNam bool PermissionValidator::IsPermissionDefValid(const PermissionDef& permDef) { + if (!DataValidator::IsLabelValid(permDef.label)) { + return false; + } + if (!DataValidator::IsDescValid(permDef.description)) { + return false; + } + if (!DataValidator::IsBundleNameValid(permDef.bundleName)) { + return false; + } if (!DataValidator::IsPermissionNameValid(permDef.permissionName)) { return false; } if (!IsGrantModeValid(permDef.grantMode)) { return false; } - return IsAvailableScopeValid(permDef.availableScope); + return DataValidator::IsAplNumValid(permDef.availableLevel); } bool PermissionValidator::IsPermissionStateValid(const PermissionStateFull& permState) @@ -137,4 +140,4 @@ void PermissionValidator::FilterInvalidPermisionState( } } // namespace AccessToken } // namespace Security -} // namespace OHOS \ No newline at end of file +} // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index a0c17654209b903a87aaf8de8fe54e2029f5f829..df942dcf38c7292ff635002031117943db9f18bf 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -22,6 +22,7 @@ #include "hap_token_info.h" #include "hap_token_info_inner.h" #include "native_token_info_inner.h" +#include "native_token_receptor.h" #include "permission_manager.h" namespace OHOS { @@ -175,7 +176,8 @@ int AccessTokenManagerService::DeleteToken(AccessTokenID tokenID) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: 0x%{public}x", __func__, tokenID); - return AccessTokenInfoManager::GetInstance().RemoveTokenInfo(tokenID); + // only support hap token deletion + return AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); } int AccessTokenManagerService::GetTokenType(AccessTokenID tokenID) @@ -219,26 +221,20 @@ int AccessTokenManagerService::GetHapTokenInfo(AccessTokenID tokenID, HapTokenIn { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: 0x%{public}x", __func__, tokenID); - HapTokenInfo hapTokenInfo; - AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenID, hapTokenInfo); - InfoParcel.hapTokenInfoParams = hapTokenInfo; - return RET_SUCCESS; + return AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenID, InfoParcel.hapTokenInfoParams); } int AccessTokenManagerService::GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoParcel& InfoParcel) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: 0x%{public}x", __func__, tokenID); - NativeTokenInfo nativeTokenInfo; - AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(tokenID, nativeTokenInfo); - InfoParcel.nativeTokenInfoParams = nativeTokenInfo; - - return RET_SUCCESS; + return AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(tokenID, InfoParcel.nativeTokenInfoParams); } bool AccessTokenManagerService::Initialize() const { AccessTokenInfoManager::GetInstance().Init(); + NativeTokenReceptor::GetInstance().Init(); return true; } } // namespace AccessToken diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp index cc6e8e07f64b3f6fc2935f56732fc53055f37877..15a1a86abde9de6d488bf8472f7bb4d6252410c4 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp @@ -70,11 +70,6 @@ void AccessTokenManagerStub::VerifyAccessTokenInner(MessageParcel& data, Message void AccessTokenManagerStub::GetDefPermissionInner(MessageParcel& data, MessageParcel& reply) { - if (!IsAuthorizedCalling()) { - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, permission denied", __func__); - reply.WriteInt32(RET_FAILED); - return; - } std::string permissionName = data.ReadString(); PermissionDefParcel permissionDefParcel; int result = this->GetDefPermission(permissionName, permissionDefParcel); @@ -84,11 +79,6 @@ void AccessTokenManagerStub::GetDefPermissionInner(MessageParcel& data, MessageP void AccessTokenManagerStub::GetDefPermissionsInner(MessageParcel& data, MessageParcel& reply) { - if (!IsAuthorizedCalling()) { - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, permission denied", __func__); - reply.WriteInt32(RET_FAILED); - return; - } AccessTokenID tokenID = data.ReadUint32(); std::vector permList; @@ -103,11 +93,6 @@ void AccessTokenManagerStub::GetDefPermissionsInner(MessageParcel& data, Message void AccessTokenManagerStub::GetReqPermissionsInner(MessageParcel& data, MessageParcel& reply) { - if (!IsAuthorizedCalling()) { - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, permission denied", __func__); - reply.WriteInt32(RET_FAILED); - return; - } AccessTokenID tokenID = data.ReadUint32(); int isSystemGrant = data.ReadInt32(); std::vector permList; @@ -125,45 +110,50 @@ void AccessTokenManagerStub::GetPermissionFlagInner(MessageParcel& data, Message { AccessTokenID tokenID = data.ReadUint32(); std::string permissionName = data.ReadString(); + if (!IsAuthorizedCalling() && + VerifyAccessToken(tokenID, "ohos.permission.GRANT_SENSITIVE_PERMISSIONS") == PERMISSION_DENIED && + VerifyAccessToken(tokenID, "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS") == PERMISSION_DENIED && + VerifyAccessToken(tokenID, "ohos.permission.GET_SENSITIVE_PERMISSIONS") == PERMISSION_DENIED) { + ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, permission denied", __func__); + reply.WriteInt32(DEFAULT_PERMISSION_FLAGS); + return; + } int result = this->GetPermissionFlag(tokenID, permissionName); reply.WriteInt32(result); } void AccessTokenManagerStub::GrantPermissionInner(MessageParcel& data, MessageParcel& reply) { - if (!IsAuthorizedCalling()) { + AccessTokenID tokenID = data.ReadUint32(); + std::string permissionName = data.ReadString(); + int flag = data.ReadInt32(); + if (!IsAuthorizedCalling() && + VerifyAccessToken(tokenID, "ohos.permission.GRANT_SENSITIVE_PERMISSIONS") == PERMISSION_DENIED) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, permission denied", __func__); reply.WriteInt32(RET_FAILED); return; } - AccessTokenID tokenID = data.ReadUint32(); - std::string permissionName = data.ReadString(); - int flag = data.ReadInt32(); int result = this->GrantPermission(tokenID, permissionName, flag); reply.WriteInt32(result); } void AccessTokenManagerStub::RevokePermissionInner(MessageParcel& data, MessageParcel& reply) { - if (!IsAuthorizedCalling()) { + AccessTokenID tokenID = data.ReadUint32(); + std::string permissionName = data.ReadString(); + int flag = data.ReadInt32(); + if (!IsAuthorizedCalling() && + VerifyAccessToken(tokenID, "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS") == PERMISSION_DENIED) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, permission denied", __func__); reply.WriteInt32(RET_FAILED); return; } - AccessTokenID tokenID = data.ReadUint32(); - std::string permissionName = data.ReadString(); - int flag = data.ReadInt32(); int result = this->RevokePermission(tokenID, permissionName, flag); reply.WriteInt32(result); } void AccessTokenManagerStub::ClearUserGrantedPermissionStateInner(MessageParcel& data, MessageParcel& reply) { - if (!IsAuthorizedCalling()) { - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, permission denied", __func__); - reply.WriteInt32(RET_FAILED); - return; - } AccessTokenID tokenID = data.ReadUint32(); int result = this->ClearUserGrantedPermissionState(tokenID); reply.WriteInt32(result); diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp index bdd34a724f956f6ef0dad6288a25d93954a2d9b9..4237a5104fe68ace77470a9276a70cea10100c72 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp @@ -28,6 +28,12 @@ namespace { static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AccessTokenIDManager"}; } +ATokenTypeEnum AccessTokenIDManager::GetTokenIdTypeEnum(AccessTokenID id) +{ + AccessTokenIDInner *idInner = (AccessTokenIDInner *)&id; + return (ATokenTypeEnum)idInner->type; +} + ATokenTypeEnum AccessTokenIDManager::GetTokenIdType(AccessTokenID id) { { @@ -36,8 +42,7 @@ ATokenTypeEnum AccessTokenIDManager::GetTokenIdType(AccessTokenID id) return TOKEN_INVALID; } } - AccessTokenIDInner *idInner = (AccessTokenIDInner *)&id; - return (ATokenTypeEnum)idInner->type; + return GetTokenIdTypeEnum(id); } int AccessTokenIDManager::RegisterTokenId(AccessTokenID id, ATokenTypeEnum type) diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index 7577192279a6eb1f90342ae7c9e8d27330b7b388..1c7483c473c2cd33fa4f032c14394fa785daf14f 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -179,10 +179,8 @@ int AccessTokenInfoManager::AddHapTokenInfo(const std::shared_ptr permPolicySet = info->GetHapInfoPermissionPolicySet(); - if (permPolicySet != nullptr) { - PermissionManager::GetInstance().AddDefPermissions(permPolicySet->permList_); - } + PermissionManager::GetInstance().AddDefPermissions(info, false); + return RET_SUCCESS; } @@ -194,13 +192,17 @@ int AccessTokenInfoManager::AddNativeTokenInfo(const std::shared_ptrGetTokenID(); + std::string processName = info->GetProcessName(); Utils::UniqueWriteGuard infoGuard(this->nativeTokenInfoLock_); - if (nativeTokenInfoMap_.count(id) > 0) { + if (nativeTokenInfoMap_.count(id) > 0 + || nativeTokenIdMap_.count(processName) > 0) { ACCESSTOKEN_LOG_ERROR( - LABEL, "%{public}s: token %{public}x has exist.", __func__, id); + LABEL, "%{public}s: token %{public}x process name %{public}s has exist.", + __func__, id, processName.c_str()); return RET_FAILED; } nativeTokenInfoMap_[id] = info; + nativeTokenIdMap_[processName] = id; return RET_SUCCESS; } @@ -262,12 +264,17 @@ int AccessTokenInfoManager::GetNativeTokenInfo(AccessTokenID tokenID, NativeToke return RET_SUCCESS; } -int AccessTokenInfoManager::RemoveTokenInfo(AccessTokenID id) +int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id) { ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdType(id); - if (type == TOKEN_HAP) { - // make sure that RemoveDefPermissions is called outside of the lock to avoid deadlocks. - PermissionManager::GetInstance().RemoveDefPermissions(id); + if (type != TOKEN_HAP) { + ACCESSTOKEN_LOG_ERROR( + LABEL, "%{public}s: token %{public}x is not hap.", __func__, id); + } + + // make sure that RemoveDefPermissions is called outside of the lock to avoid deadlocks. + PermissionManager::GetInstance().RemoveDefPermissions(id); + { Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); if (hapTokenInfoMap_.count(id) == 0) { ACCESSTOKEN_LOG_ERROR( @@ -287,20 +294,35 @@ int AccessTokenInfoManager::RemoveTokenInfo(AccessTokenID id) } hapTokenInfoMap_.erase(id); - } else if (type == TOKEN_NATIVE) { + } + AccessTokenIDManager::GetInstance().ReleaseTokenId(id); + ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s:remove hap token 0x%{public}x ok!", __func__, id); + RefreshTokenInfoIfNeeded(); + return RET_SUCCESS; +} + +int AccessTokenInfoManager::RemoveNativeTokenInfo(AccessTokenID id) +{ + ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdType(id); + if (type != TOKEN_NATIVE) { + ACCESSTOKEN_LOG_ERROR( + LABEL, "%{public}s: token %{public}x is not hap.", __func__, id); + } + + { Utils::UniqueWriteGuard infoGuard(this->nativeTokenInfoLock_); if (nativeTokenInfoMap_.count(id) == 0) { ACCESSTOKEN_LOG_ERROR( LABEL, "%{public}s: native token %{public}x is null.", __func__, id); return RET_FAILED; } + + std::string processName = nativeTokenInfoMap_[id]->GetProcessName(); + if (nativeTokenIdMap_.count(processName) != 0) { + nativeTokenIdMap_.erase(processName); + } nativeTokenInfoMap_.erase(id); - } else { - ACCESSTOKEN_LOG_ERROR( - LABEL, "%{public}s: token %{public}x unknown type.", __func__, id); - return RET_FAILED; } - AccessTokenIDManager::GetInstance().ReleaseTokenId(id); ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s:remove hap token 0x%{public}x ok!", __func__, id); RefreshTokenInfoIfNeeded(); @@ -390,43 +412,33 @@ bool AccessTokenInfoManager::TryUpdateExistNativeToken(const std::shared_ptr infoGuard(this->nativeTokenInfoLock_); AccessTokenID id = infoPtr->GetTokenID(); - // if native token is exist, update it - if (nativeTokenInfoMap_.count(id) == 0) { - return false; - } - std::shared_ptr oldTokenInfoPtr = nativeTokenInfoMap_[id]; - if (oldTokenInfoPtr != nullptr) { - nativeTokenInfoMap_[id] = infoPtr; - } else { + std::string processName = infoPtr->GetProcessName(); + bool idExist = (nativeTokenInfoMap_.count(id) > 0); + bool processExist = (nativeTokenIdMap_.count(processName) > 0); + // id is exist, but it is not this process, so neither update nor add. + if (idExist && !processExist) { ACCESSTOKEN_LOG_ERROR( - LABEL, "%{public}s: native token exist, but is null.", __func__); - } - return true; -} - -int AccessTokenInfoManager::AllocNativeToken(const std::shared_ptr& infoPtr) -{ - if (infoPtr == nullptr) { - ACCESSTOKEN_LOG_WARN(LABEL, "%{public}s called, token info is null", __func__); - return RET_FAILED; + LABEL, "%{public}s: token Id is exist, but process name is not exist, can not update.", __func__); + return true; } - AccessTokenID id = infoPtr->GetTokenID(); - int ret = AccessTokenIDManager::GetInstance().RegisterTokenId(id, TOKEN_NATIVE); - if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s called, token Id register fail", __func__); - return RET_FAILED; + // this process is exist, but id is not same, perhaps libat lose his data, we need delete old, add new later. + if (!idExist && processExist) { + AccessTokenID idRemove = nativeTokenIdMap_[processName]; + nativeTokenIdMap_.erase(processName); + if (nativeTokenInfoMap_.count(idRemove) > 0) { + nativeTokenInfoMap_.erase(idRemove); + } + AccessTokenIDManager::GetInstance().ReleaseTokenId(idRemove); + return false; } - ret = AddNativeTokenInfo(infoPtr); - if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s called, %{public}s add token info failed", - __func__, infoPtr->GetProcessName().c_str()); - AccessTokenIDManager::GetInstance().ReleaseTokenId(id); - return RET_FAILED; + if (!idExist && !processExist) { + return false; } - return RET_SUCCESS; + nativeTokenInfoMap_[id] = infoPtr; + return true; } void AccessTokenInfoManager::ProcessNativeTokenInfos( @@ -442,8 +454,15 @@ void AccessTokenInfoManager::ProcessNativeTokenInfos( ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s: token 0x%{public}x process name %{public}s is new, add to manager!", __func__, infoPtr->GetTokenID(), infoPtr->GetProcessName().c_str()); - int ret = AllocNativeToken(infoPtr); + AccessTokenID id = infoPtr->GetTokenID(); + int ret = AccessTokenIDManager::GetInstance().RegisterTokenId(id, TOKEN_NATIVE); if (ret != RET_SUCCESS) { + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s called, token Id register fail", __func__); + continue; + } + ret = AddNativeTokenInfo(infoPtr); + if (ret != RET_SUCCESS) { + AccessTokenIDManager::GetInstance().ReleaseTokenId(id); ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: token 0x%{public}x process name %{public}s add to manager failed!", __func__, infoPtr->GetTokenID(), infoPtr->GetProcessName().c_str()); @@ -456,18 +475,25 @@ void AccessTokenInfoManager::ProcessNativeTokenInfos( int AccessTokenInfoManager::UpdateHapToken(AccessTokenID tokenID, const std::string& appIDDesc, const HapPolicyParams& policy) { + if (!DataValidator::IsAppIDDescValid(appIDDesc)) { + ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s:token 0x%{public}x parm format error!", __func__, tokenID); + return RET_FAILED; + } std::shared_ptr infoPtr = GetHapTokenInfoInner(tokenID); if (infoPtr == nullptr) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s:token 0x%{public}x is null, can not update!", __func__, tokenID); return RET_FAILED; } - Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); - infoPtr->Update(appIDDesc, policy); - ACCESSTOKEN_LOG_INFO(LABEL, - "%{public}s: token 0x%{public}x bundle name %{public}s user %{public}d inst %{public}d update ok!", - __func__, tokenID, infoPtr->GetBundleName().c_str(), infoPtr->GetUserID(), infoPtr->GetInstIndex()); + { + Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); + infoPtr->Update(appIDDesc, policy); + ACCESSTOKEN_LOG_INFO(LABEL, + "%{public}s: token 0x%{public}x bundle name %{public}s user %{public}d inst %{public}d update ok!", + __func__, tokenID, infoPtr->GetBundleName().c_str(), infoPtr->GetUserID(), infoPtr->GetInstIndex()); + } + PermissionManager::GetInstance().AddDefPermissions(infoPtr, true); RefreshTokenInfoIfNeeded(); return RET_SUCCESS; } diff --git a/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp b/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp index 0d71b74463af31649c5c629f98afed14a97fdf7f..e08142fa1859d355c62c670b5038a517b3e0bbfb 100644 --- a/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp @@ -27,6 +27,13 @@ namespace AccessToken { namespace { static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "HapTokenInfoInner"}; } + +HapTokenInfoInner::~HapTokenInfoInner() +{ + ACCESSTOKEN_LOG_DEBUG(LABEL, + "%{public}s called, tokenID: 0x%{public}x destruction", __func__, tokenID_); +} + void HapTokenInfoInner::Init(AccessTokenID id, const HapInfoParams &info, const HapPolicyParams &policy) { tokenID_ = id; @@ -42,6 +49,7 @@ void HapTokenInfoInner::Init(AccessTokenID id, const HapInfoParams &info, const void HapTokenInfoInner::Update(const std::string& appIDDesc, const HapPolicyParams& policy) { appID_ = appIDDesc; + apl_ = policy.apl; if (permPolicySet_ == nullptr) { permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(tokenID_, policy.permList, policy.permStateList); @@ -82,9 +90,26 @@ int HapTokenInfoInner::RestoreHapTokenBasicInfo(const GenericValues& inGenericVa { userID_ = inGenericValues.GetInt(FIELD_USER_ID); bundleName_ = inGenericValues.GetString(FIELD_BUNDLE_NAME); + if (!DataValidator::IsBundleNameValid(bundleName_)) { + ACCESSTOKEN_LOG_ERROR(LABEL, + "%{public}s called, tokenID: 0x%{public}x bundle name is error", __func__, tokenID_); + return RET_FAILED; + } + instIndex_ = inGenericValues.GetInt(FIELD_INST_INDEX); appID_ = inGenericValues.GetString(FIELD_APP_ID); + if (!DataValidator::IsAppIDDescValid(appID_)) { + ACCESSTOKEN_LOG_ERROR(LABEL, + "%{public}s called, tokenID: 0x%{public}x appID is error", __func__, tokenID_); + return RET_FAILED; + } + deviceID_ = inGenericValues.GetString(FIELD_DEVICE_ID); + if (!DataValidator::IsDeviceIdValid(deviceID_)) { + ACCESSTOKEN_LOG_ERROR(LABEL, + "%{public}s called, tokenID: 0x%{public}x devId is error", __func__, tokenID_); + return RET_FAILED; + } int aplNum = inGenericValues.GetInt(FIELD_APL); if (DataValidator::IsAplNumValid(aplNum)) { apl_ = (ATokenAplEnum)aplNum; diff --git a/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp b/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp index e57208456f75bf35ac94d118ea07489166ca6c5f..0278b5eff61159b9490203938d23915f90495249 100644 --- a/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp @@ -29,13 +29,36 @@ namespace { static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "NativeTokenInfoInner"}; } -void NativeTokenInfoInner::Init(AccessTokenID id, const std::string& processName, - ATokenAplEnum apl, const std::vector& dcap) +NativeTokenInfoInner::NativeTokenInfoInner(NativeTokenInfo& native) + : ver_(native.ver), tokenID_(native.tokenID), tokenAttr_(native.tokenAttr), + processName_(native.processName), apl_(native.apl), dcap_(native.dcap) +{} + +NativeTokenInfoInner::~NativeTokenInfoInner() +{ + ACCESSTOKEN_LOG_DEBUG(LABEL, + "%{public}s called, tokenID: 0x%{public}x destruction", __func__, tokenID_); +} + +int NativeTokenInfoInner::Init(AccessTokenID id, const std::string& processName, + int apl, const std::vector& dcap) { tokenID_ = id; + if (!DataValidator::IsProcessNameValid(processName)) { + ACCESSTOKEN_LOG_ERROR(LABEL, + "%{public}s called, tokenID: 0x%{public}x process name is null", __func__, tokenID_); + return RET_FAILED; + } processName_ = processName; - apl_ = apl; + if (!DataValidator::IsAplNumValid(apl)) { + ACCESSTOKEN_LOG_ERROR(LABEL, + "%{public}s called, tokenID: 0x%{public}x init failed, apl %{public}d is invalid", + __func__, tokenID_, apl); + return RET_FAILED; + } + apl_ = (ATokenAplEnum)apl; dcap_ = dcap; + return RET_SUCCESS; } std::string NativeTokenInfoInner::DcapToString(const std::vector& dcap) const @@ -66,14 +89,18 @@ int NativeTokenInfoInner::RestoreNativeTokenInfo(AccessTokenID tokenId, const Ge { tokenID_ = tokenId; processName_ = inGenericValues.GetString(FIELD_PROCESS_NAME); + if (!DataValidator::IsProcessNameValid(processName_)) { + ACCESSTOKEN_LOG_ERROR(LABEL, + "%{public}s called, tokenID: 0x%{public}x process name is null", __func__, tokenID_); + return RET_FAILED; + } int aplNum = inGenericValues.GetInt(FIELD_APL); - if (DataValidator::IsAplNumValid(aplNum)) { - apl_ = (ATokenAplEnum)aplNum; - } else { + if (!DataValidator::IsAplNumValid(aplNum)) { ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s called, tokenID: 0x%{public}x apl is error, value %{public}d", __func__, tokenID_, aplNum); return RET_FAILED; } + apl_ = (ATokenAplEnum)aplNum; ver_ = inGenericValues.GetInt(FIELD_TOKEN_VERSION); if (ver_ != DEFAULT_TOKEN_VERSION) { ACCESSTOKEN_LOG_ERROR(LABEL, @@ -159,7 +186,7 @@ void NativeTokenInfoInner::SetDcaps(const std::string& dcapStr) { int start = 0; while (true) { - unsigned int offset = dcapStr.find(',', start); + std::string::size_type offset = dcapStr.find(',', start); if (offset == std::string::npos) { dcap_.push_back(dcapStr.substr(start)); break; diff --git a/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp b/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp new file mode 100644 index 0000000000000000000000000000000000000000..815acd9f4569ad1abadb4a25408bf222c6e2be58 --- /dev/null +++ b/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp @@ -0,0 +1,249 @@ +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include +#include + +#include "accesstoken_id_manager.h" +#include "accesstoken_info_manager.h" +#include "accesstoken_log.h" +#include "data_validator.h" +#include "native_token_receptor.h" +#include "parameter.h" +#include "securec.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "NativeTokenReceptor"}; +} + +// nlohmann json need the function named from_json to parse NativeTokenInfo +void from_json(const nlohmann::json& j, std::shared_ptr& p) +{ + NativeTokenInfo native; + if (j.find(JSON_PROCESS_NAME) != j.end()) { + native.processName = j.at(JSON_PROCESS_NAME).get(); + if (!DataValidator::IsProcessNameValid(native.processName)) { + return; + } + } else { + return; + } + + if (j.find(JSON_APL) != j.end()) { + int aplNum = j.at(JSON_APL).get(); + if (DataValidator::IsAplNumValid(aplNum)) { + native.apl = (ATokenAplEnum)aplNum; + } else { + return; + } + } else { + return; + } + + if (j.find(JSON_VERSION) != j.end()) { + native.ver = j.at(JSON_VERSION).get(); + if (native.ver != DEFAULT_TOKEN_VERSION) { + return; + } + } else { + return; + } + + if (j.find(JSON_TOKEN_ID) != j.end()) { + native.tokenID = j.at(JSON_TOKEN_ID).get(); + if (native.tokenID == 0 && + AccessTokenIDManager::GetTokenIdTypeEnum(native.tokenID) != TOKEN_NATIVE) { + return; + } + } else { + return; + } + + if (j.find(JSON_TOKEN_ATTR) != j.end()) { + native.tokenAttr = j.at(JSON_TOKEN_ATTR).get(); + } else { + return; + } + + if (j.find(JSON_DCAPS) != j.end()) { + native.dcap = j.at(JSON_DCAPS).get>(); + } else { + return; + } + p = std::make_shared(native); +} + +int NativeTokenReceptor::Init() +{ + std::lock_guard lock(receptorThreadMutex_); + if (ready_) { + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: receptor thread is already running.", __func__); + return RET_SUCCESS; + } + if (receptorThread_ != nullptr && receptorThread_->joinable()) { + receptorThread_->join(); + } + + receptorThread_ = std::make_unique(NativeTokenReceptor::ThreadFunc, this); + if (receptorThread_ == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: receptor thread is nullptr.", __func__); + return RET_FAILED; + } + ready_ = true; + ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s: init ok.", __func__); + return RET_SUCCESS; +} + +void NativeTokenReceptor::Release() +{ + std::lock_guard lock(receptorThreadMutex_); + ready_ = false; + if (listenSocket_ >= 0) { + close(listenSocket_); + listenSocket_ = -1; + } + + if (connectSocket_ >= 0) { + close(connectSocket_); + connectSocket_ = -1; + } + + int ret = SetParameter(SYSTEM_PROP_NATIVE_RECEPTOR.c_str(), "false"); + if (ret != 0) { + ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s: set parameter failed.", __func__); + return; + } + + ACCESSTOKEN_LOG_INFO(LABEL, "Release ok."); +} + +NativeTokenReceptor& NativeTokenReceptor::GetInstance() +{ + static NativeTokenReceptor instance; + return instance; +} + +void NativeTokenReceptor::ParserNativeRawData(const std::string& nativeRawData, + std::vector>& tokenInfos) +{ + nlohmann::json jsonRes = nlohmann::json::parse(nativeRawData, nullptr, false); + if (jsonRes.find(JSON_KEY_NATIVE_TOKEN_INFO_JSON) != jsonRes.end()) { + auto nativeTokenVect = + jsonRes.at(JSON_KEY_NATIVE_TOKEN_INFO_JSON).get>>(); + for (auto& token : nativeTokenVect) { + if (token != nullptr) { + tokenInfos.emplace_back(token); + } + } + } +} + +int NativeTokenReceptor::InitNativeTokenSocket() +{ + struct sockaddr_un addr; + (void)memset_s(&addr, sizeof(addr), 0, sizeof(addr)); + addr.sun_family = AF_UNIX; + if (memcpy_s(addr.sun_path, sizeof(addr.sun_path), socketPath_.c_str(), sizeof(addr.sun_path) - 1) != EOK) { + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: init socket path failed.", __func__); + return -1; + } + + unlink(socketPath_.c_str()); + listenSocket_ = socket(AF_UNIX, SOCK_STREAM, 0); + if (listenSocket_ < 0) { + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: init socket failed.", __func__); + return -1; + } + + socklen_t len = sizeof(struct sockaddr_un); + int ret = bind(listenSocket_, (struct sockaddr *)(&addr), len); + if (ret == -1) { + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: bind socket failed.", __func__); + close(listenSocket_); + listenSocket_ = -1; + return -1; + } + ret = listen(listenSocket_, 1); + if (ret < 0) { + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: listen socket failed.", __func__); + remove(socketPath_.c_str()); + close(listenSocket_); + listenSocket_ = -1; + return -1; + } + return 0; +} + +void NativeTokenReceptor::LoopHandler() +{ + int ret = InitNativeTokenSocket(); + if (ret < 0) { + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: InitNativeTokenSocket failed.", __func__); + return; + } + + ret = SetParameter(SYSTEM_PROP_NATIVE_RECEPTOR.c_str(), "true"); + if (ret != 0) { + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: set parameter failed.", __func__); + return; + } + + while (true) { + socklen_t len = sizeof(struct sockaddr_un); + struct sockaddr_un clientAddr; + int connectSocket_ = accept(listenSocket_, (struct sockaddr *)(&clientAddr), &len); + if (connectSocket_ < 0) { + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: accept fail errno %{public}d.", __func__, errno); + continue; + } + std::string nativeRawData; + char buff[MAX_RECEPTOR_SIZE + 1]; + while (true) { + int readLen = read(connectSocket_, buff, MAX_RECEPTOR_SIZE); + if (readLen <= 0) { + break; + } + buff[readLen] = '\0'; + nativeRawData.append(buff); + } + close(connectSocket_); + connectSocket_ = -1; + + std::vector> tokenInfos; + ParserNativeRawData(nativeRawData, tokenInfos); + AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); + } +} + +void NativeTokenReceptor::ThreadFunc(NativeTokenReceptor *receptor) +{ + if (receptor != nullptr) { + ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s: start handler loop.", __func__); + receptor->LoopHandler(); + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: native token loop end, native token can not sync.", __func__); + receptor->Release(); + } +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS + diff --git a/services/accesstokenmanager/test/BUILD.gn b/services/accesstokenmanager/test/BUILD.gn index b22343c7f45be05b674e7e99a8ec8cd00f37916c..be37ead413e823846f67202e6bf9a1755dfc085b 100644 --- a/services/accesstokenmanager/test/BUILD.gn +++ b/services/accesstokenmanager/test/BUILD.gn @@ -28,18 +28,22 @@ ohos_unittest("libaccesstoken_manager_service_standard_test") { "//base/security/access_token/frameworks/common/include", "//base/security/access_token/frameworks/accesstoken/include", "//base/security/access_token/interfaces/innerkits/accesstoken/main/cpp/include", + "//third_party/json/include", + "//base/startup/syspara_lite/interfaces/innerkits/native/syspara/include/", ] sources = [ "unittest/cpp/src/accesstoken_info_manager_test.cpp", + "unittest/cpp/src/native_token_receptor_test.cpp", ] cflags_cc = [ "-DHILOG_ENABLE" ] deps = [ - "//base/security/access_token/services/accesstokenmanager/:accesstoken_manager_service", - "//base/security/access_token/frameworks/common:accesstoken_common_cxx", "//base/security/access_token/frameworks/accesstoken:accesstoken_communication_adapter_cxx", + "//base/security/access_token/frameworks/common:accesstoken_common_cxx", + "//base/security/access_token/services/accesstokenmanager/:accesstoken_manager_service", + "//base/startup/syspara_lite/interfaces/innerkits/native/syspara:syspara", "//third_party/googletest:gtest_main", "//utils/native/base:utils", ] diff --git a/services/accesstokenmanager/test/unittest/cpp/src/accesstoken_info_manager_test.cpp b/services/accesstokenmanager/test/unittest/cpp/src/accesstoken_info_manager_test.cpp index 89bec7c8883596fc8022cf2610777436a359bf76..d981b08d9fade47f44b341d5b427d44009afee1d 100644 --- a/services/accesstokenmanager/test/unittest/cpp/src/accesstoken_info_manager_test.cpp +++ b/services/accesstokenmanager/test/unittest/cpp/src/accesstoken_info_manager_test.cpp @@ -36,7 +36,9 @@ static PermissionDef g_infoManagerTestPermDef1 = { .labelId = 1, .description = "open the door", .descriptionId = 1, - .availableScope = 1 + .availableLevel = APL_NORMAL, + .provisionEnable = false, + .distributedSceneEnable = false }; static PermissionDef g_infoManagerTestPermDef2 = { @@ -47,7 +49,9 @@ static PermissionDef g_infoManagerTestPermDef2 = { .labelId = 1, .description = "break the door", .descriptionId = 1, - .availableScope = 1 + .availableLevel = APL_NORMAL, + .provisionEnable = false, + .distributedSceneEnable = false }; static PermissionStateFull g_infoManagerTestState1 = { @@ -105,7 +109,7 @@ HWTEST_F(AccessTokenInfoManagerTest, Init001, TestSize.Level1) g_infoManagerTestInfoParms.bundleName, g_infoManagerTestInfoParms.instIndex); if (getTokenId != 0) { - int ret = AccessTokenInfoManager::GetInstance().RemoveTokenInfo(getTokenId); + int ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(getTokenId); ASSERT_EQ(RET_SUCCESS, ret); } @@ -133,7 +137,7 @@ HWTEST_F(AccessTokenInfoManagerTest, CreateHapTokenInfo001, TestSize.Level1) tokenInfo->ToString(infoDes); GTEST_LOG_(INFO) << "get hap token info:" << infoDes.c_str(); - ret = AccessTokenInfoManager::GetInstance().RemoveTokenInfo(tokenIdEx.tokenIdExStruct.tokenID); + ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID); ASSERT_EQ(RET_SUCCESS, ret); GTEST_LOG_(INFO) << "remove the token info"; @@ -172,7 +176,7 @@ HWTEST_F(AccessTokenInfoManagerTest, CreateHapTokenInfo002, TestSize.Level1) tokenInfo->ToString(infoDes); GTEST_LOG_(INFO) << "get hap token info:" << infoDes.c_str(); - ret = AccessTokenInfoManager::GetInstance().RemoveTokenInfo(tokenIdEx.tokenIdExStruct.tokenID); + ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID); ASSERT_EQ(RET_SUCCESS, ret); GTEST_LOG_(INFO) << "remove the token info"; } @@ -201,7 +205,7 @@ HWTEST_F(AccessTokenInfoManagerTest, GetHapTokenID001, TestSize.Level1) ASSERT_NE(nullptr, tokenInfo); GTEST_LOG_(INFO) << "remove the token info"; - ret = AccessTokenInfoManager::GetInstance().RemoveTokenInfo(tokenIdEx.tokenIdExStruct.tokenID); + ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID); ASSERT_EQ(RET_SUCCESS, ret); GTEST_LOG_(INFO) << "remove the token info"; } @@ -234,7 +238,7 @@ HWTEST_F(AccessTokenInfoManagerTest, UpdateHapToken001, TestSize.Level1) tokenInfo->ToString(infoDes); GTEST_LOG_(INFO) << "get hap token info:" << infoDes.c_str(); - ret = AccessTokenInfoManager::GetInstance().RemoveTokenInfo(tokenIdEx.tokenIdExStruct.tokenID); + ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID); ASSERT_EQ(RET_SUCCESS, ret); GTEST_LOG_(INFO) << "remove the token info"; } diff --git a/services/accesstokenmanager/test/unittest/cpp/src/native_token_receptor_test.cpp b/services/accesstokenmanager/test/unittest/cpp/src/native_token_receptor_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..226415ee15ddec14c1bd5cacb140ca8fc5bddc0a --- /dev/null +++ b/services/accesstokenmanager/test/unittest/cpp/src/native_token_receptor_test.cpp @@ -0,0 +1,716 @@ +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +#include "native_token_receptor_test.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "accesstoken_info_manager.h" +#include "data_storage.h" +#include "field_const.h" +#define private public +#include "native_token_receptor.h" +#undef private +#include "securec.h" + +using namespace testing::ext; +using namespace OHOS::Security::AccessToken; + +namespace { +static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "NativeTokenReceptorTest"}; +} + +void NativeTokenReceptorTest::SetUpTestCase() +{ + // delete all test 0x28100000 - 0x28100007 + for (unsigned int i = 0x28100000; i <= 0x28100007; i++) { + AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(i); + } +} + +void NativeTokenReceptorTest::TearDownTestCase() +{} + +void NativeTokenReceptorTest::SetUp() +{} + +void NativeTokenReceptorTest::TearDown() +{ + ACCESSTOKEN_LOG_INFO(LABEL, "test down!"); +} + +/** + * @tc.name: Init001 + * @tc.desc: Verify socket init result. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(NativeTokenReceptorTest, Init001, TestSize.Level1) +{ + NativeTokenReceptor::GetInstance().socketPath_ = "/data/system/token_unix_socket.test.socket"; + NativeTokenReceptor::GetInstance().Init(); + NativeTokenReceptor::GetInstance().receptorThread_->detach(); + ASSERT_LT(NativeTokenReceptor::GetInstance().listenSocket_, 0); + sleep(3); + char buffer[128] = {0}; + int ret = GetParameter(SYSTEM_PROP_NATIVE_RECEPTOR.c_str(), "false", buffer, 127); + GTEST_LOG_(INFO) << "ret " << ret << " buffer " << buffer; + ASSERT_EQ(ret, strlen("true")); + ASSERT_EQ(strcmp(buffer, "true"), 0); +} + +/** + * @tc.name: ParserNativeRawData001 + * @tc.desc: Verify processing right native token json. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(NativeTokenReceptorTest, ParserNativeRawData001, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "test ParserNativeRawData001!"); + std::string testStr = R"({"NativeTokenInfo":[)"\ + R"({"processName":"process6","APL":3,"version":1,"tokenId":685266937,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"]},)"\ + R"({"processName":"process5","APL":3,"version":1,"tokenId":678065606,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"]}]})"; + + NativeTokenReceptor& receptor = NativeTokenReceptor::GetInstance(); + std::vector> tokenInfos; + receptor.ParserNativeRawData(testStr, tokenInfos); + int size = tokenInfos.size(); + ASSERT_EQ(2, size); + ASSERT_NE(nullptr, tokenInfos[0]); + ASSERT_NE(nullptr, tokenInfos[1]); + + ASSERT_EQ("process6", tokenInfos[0]->GetProcessName()); + ASSERT_EQ(685266937, tokenInfos[0]->GetTokenID()); + ASSERT_EQ(2, tokenInfos[0]->GetDcap().size()); + ASSERT_EQ("AT_CAP", (tokenInfos[0]->GetDcap())[0]); + ASSERT_EQ("ST_CAP", (tokenInfos[0]->GetDcap())[1]); + + ASSERT_EQ("process5", tokenInfos[1]->GetProcessName()); + ASSERT_EQ(678065606, tokenInfos[1]->GetTokenID()); + ASSERT_EQ(2, tokenInfos[1]->GetDcap().size()); + ASSERT_EQ("AT_CAP", (tokenInfos[1]->GetDcap())[0]); + ASSERT_EQ("ST_CAP", (tokenInfos[1]->GetDcap())[1]); +} + +/** + * @tc.name: ParserNativeRawData002 + * @tc.desc: Verify processing wrong native token json. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(NativeTokenReceptorTest, ParserNativeRawData002, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "test ParserNativeRawData002!"); + std::string testStr = R"({"NativeTokenInfo":[{"processName":""}]})"; + std::vector> tokenInfos; + + NativeTokenReceptor& receptor = NativeTokenReceptor::GetInstance(); + + receptor.ParserNativeRawData(testStr, tokenInfos); + ASSERT_EQ(0, tokenInfos.size()); + + testStr = R"({"NativeTokenInfo":[{"processName":"", }]})"; + receptor.ParserNativeRawData(testStr, tokenInfos); + ASSERT_EQ(0, tokenInfos.size()); + + testStr = R"({"NativeTokenInfo":[{"processName":"process6"}, {}]})"; + receptor.ParserNativeRawData(testStr, tokenInfos); + ASSERT_EQ(0, tokenInfos.size()); + + testStr = R"({"NativeTokenInfo":[{"processName":""}, {"":"", ""}]})"; + receptor.ParserNativeRawData(testStr, tokenInfos); + ASSERT_EQ(0, tokenInfos.size()); + + testStr = R"({"NativeTokenInfo":[{"processName":"process6", "tokenId":685266937, "APL":3, "version":new}]})"; + receptor.ParserNativeRawData(testStr, tokenInfos); + ASSERT_EQ(0, tokenInfos.size()); + + testStr = R"({"NativeTokenInfo":[{"processName":"process6", "tokenId":685266937, "APL":7, "version":1}]})"; + receptor.ParserNativeRawData(testStr, tokenInfos); + ASSERT_EQ(0, tokenInfos.size()); +} + +namespace OHOS { +namespace Security { +namespace AccessToken { + extern void from_json(const nlohmann::json& j, std::shared_ptr& p); +} +} +} + +/** + * @tc.name: from_json001 + * @tc.desc: Verify from json right case. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(NativeTokenReceptorTest, from_json001, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "test from_json001!"); + nlohmann::json j = nlohmann::json{ + {"processName", "process6"}, + {"APL", APL_SYSTEM_CORE}, + {"version", 1}, + {"tokenId", 685266937}, + {"tokenAttr", 0}, + {"dcaps", {"AT_CAP", "ST_CAP"}}}; + std::shared_ptr p; + from_json(j, p); + ASSERT_NE((p == nullptr), true); +} + +/** + * @tc.name: from_json002 + * @tc.desc: Verify from json wrong case. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(NativeTokenReceptorTest, from_json002, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "test from_json002!"); + // version wrong + nlohmann::json j = nlohmann::json{ + {"processName", "process6"}, {"APL", APL_SYSTEM_CORE}, + {"version", 2}, {"tokenId", 685266937}, + {"tokenAttr", 0}, + {"dcaps", {"AT_CAP", "ST_CAP"}}}; + std::shared_ptr p; + from_json(j, p); + ASSERT_EQ((p == nullptr), true); + + // APL wrong + j = nlohmann::json{ + {"processName", "process6"}, + {"APL", -1}, {"version", 1}, + {"tokenId", 685266937}, {"tokenAttr", 0}, + {"dcaps", {"AT_CAP", "ST_CAP"}}}; + from_json(j, p); + ASSERT_EQ((p == nullptr), true); + + // tokenId wrong + j = nlohmann::json{ + {"processName", "process6"}, + {"APL", APL_SYSTEM_BASIC}, {"version", 1}, + {"tokenId", 0}, {"tokenAttr", 0}, + {"dcaps", {"AT_CAP", "ST_CAP"}}}; + from_json(j, p); + ASSERT_EQ((p == nullptr), true); + + // process name empty + j = nlohmann::json{ + {"processName", ""}, + {"APL", APL_SYSTEM_BASIC}, {"version", 1}, + {"tokenId", 685266937}, {"tokenAttr", 0}, + {"dcaps", {"AT_CAP", "ST_CAP"}}}; + from_json(j, p); + ASSERT_EQ((p == nullptr), true); + + // process name too long + std::string name(512, 'c'); + j = nlohmann::json{ + {"processName", name}, + {"APL", APL_SYSTEM_BASIC}, {"version", 1}, + {"tokenId", 685266937}, {"tokenAttr", 0}, + {"dcaps", {"AT_CAP", "ST_CAP"}}}; + from_json(j, p); + ASSERT_EQ((p == nullptr), true); + + // lose process name + j = nlohmann::json{ + {"APL", APL_SYSTEM_BASIC}, + {"version", 1}, {"tokenId", 685266937}, + {"tokenAttr", 0}, {"dcaps", {"AT_CAP", "ST_CAP"}}}; + from_json(j, p); + ASSERT_EQ((p == nullptr), true); +} + +/** + * @tc.name: ProcessNativeTokenInfos001 + * @tc.desc: test add one native token + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos001, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "test ProcessNativeTokenInfos001!"); + std::vector> tokenInfos; + + // test process one + NativeTokenInfo info = { + .apl = APL_NORMAL, + .ver = 1, + .processName = "native_token_test0", + .tokenID = 0x28100000, + .tokenAttr = 0, + .dcap = {"AT_CAP", "ST_CAP"} + }; + std::shared_ptr nativeToken = std::make_shared(info); + tokenInfos.emplace_back(nativeToken); + AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); + NativeTokenInfo findInfo; + int ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(info.tokenID, findInfo); + ASSERT_EQ(ret, RET_SUCCESS); + ASSERT_EQ(findInfo.apl, info.apl); + ASSERT_EQ(findInfo.ver, info.ver); + ASSERT_EQ(findInfo.processName, info.processName); + ASSERT_EQ(findInfo.tokenID, info.tokenID); + ASSERT_EQ(findInfo.tokenAttr, info.tokenAttr); + ASSERT_EQ(findInfo.dcap, info.dcap); + + // wait fresh tokens to sql. + sleep(3); + + // get sql data + std::vector nativeTokenResults; + DataStorage::GetRealDataStorage().Find(DataStorage::ACCESSTOKEN_NATIVE_INFO, nativeTokenResults); + for (GenericValues nativeTokenValue : nativeTokenResults) { + AccessTokenID tokenId = (AccessTokenID)nativeTokenValue.GetInt(FIELD_TOKEN_ID); + if (tokenId != info.tokenID) { + continue; + } + GTEST_LOG_(INFO) <<"apl " << nativeTokenValue.GetInt(FIELD_APL); + std::shared_ptr native = std::make_shared(); + ASSERT_NE(native, nullptr); + ret = native->RestoreNativeTokenInfo(tokenId, nativeTokenValue); + ASSERT_EQ(ret, RET_SUCCESS); + ASSERT_EQ(native->GetTokenID(), info.tokenID); + ASSERT_EQ(native->GetProcessName(), info.processName); + ASSERT_EQ(native->GetDcap(), info.dcap); + } + + ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info.tokenID); + ASSERT_EQ(ret, RET_SUCCESS); +} + +/** + * @tc.name: ProcessNativeTokenInfos002 + * @tc.desc: test add two native tokens. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos002, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "test ProcessNativeTokenInfos002!"); + std::vector> tokenInfos; + + NativeTokenInfo info1 = { + .apl = APL_NORMAL, + .ver = 1, + .processName = "native_token_test1", + .tokenID = 0x28100001, + .tokenAttr = 0, + .dcap = {"AT_CAP", "ST_CAP"} + }; + + NativeTokenInfo info2 = { + .apl = APL_NORMAL, + .ver = 1, + .processName = "native_token_test2", + .tokenID = 0x28100002, + .tokenAttr = 0, + .dcap = {"AT_CAP", "ST_CAP"} + }; + + std::shared_ptr nativeToken1 = std::make_shared(info1); + tokenInfos.emplace_back(nativeToken1); + + std::shared_ptr nativeToken2 = std::make_shared(info2); + tokenInfos.emplace_back(nativeToken2); + + AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); + NativeTokenInfo findInfo; + + int ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(info1.tokenID, findInfo); + ASSERT_EQ(ret, RET_SUCCESS); + ASSERT_EQ(findInfo.apl, info1.apl); + ASSERT_EQ(findInfo.ver, info1.ver); + ASSERT_EQ(findInfo.processName, info1.processName); + ASSERT_EQ(findInfo.tokenID, info1.tokenID); + ASSERT_EQ(findInfo.tokenAttr, info1.tokenAttr); + ASSERT_EQ(findInfo.dcap, info1.dcap); + + ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(info2.tokenID, findInfo); + ASSERT_EQ(ret, RET_SUCCESS); + ASSERT_EQ(findInfo.apl, info2.apl); + ASSERT_EQ(findInfo.ver, info2.ver); + ASSERT_EQ(findInfo.processName, info2.processName); + ASSERT_EQ(findInfo.tokenID, info2.tokenID); + ASSERT_EQ(findInfo.tokenAttr, info2.tokenAttr); + ASSERT_EQ(findInfo.dcap, info2.dcap); + + ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info1.tokenID); + ASSERT_EQ(ret, RET_SUCCESS); + + ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info2.tokenID); + ASSERT_EQ(ret, RET_SUCCESS); +} + +/** + * @tc.name: ProcessNativeTokenInfos003 + * @tc.desc: test add nullptr tokenInfo. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos003, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "test ProcessNativeTokenInfos003!"); + std::vector> tokenInfos; + + std::shared_ptr nativeToken1 = std::make_shared(); + tokenInfos.emplace_back(nativeToken1); + AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); + ASSERT_EQ(RET_SUCCESS, RET_SUCCESS); +} + +/** + * @tc.name: ProcessNativeTokenInfos004 + * @tc.desc: test add repeat id, but process doesnt + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos004, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "test ProcessNativeTokenInfos004!"); + std::vector> tokenInfos; + + NativeTokenInfo info3 = { + .apl = APL_NORMAL, + .ver = 1, + .processName = "native_token_test3", + .tokenID = 0x28100003, + .tokenAttr = 0, + .dcap = {"AT_CAP", "ST_CAP"} + }; + + NativeTokenInfo info4 = { + .apl = APL_NORMAL, + .ver = 1, + .processName = "native_token_test4", + .tokenID = 0x28100003, + .tokenAttr = 0, + .dcap = {"AT_CAP", "ST_CAP"} + }; + + std::shared_ptr nativeToken3 = std::make_shared(info3); + tokenInfos.emplace_back(nativeToken3); + + std::shared_ptr nativeToken4 = std::make_shared(info4); + tokenInfos.emplace_back(nativeToken4); + + AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); + + NativeTokenInfo findInfo; + int ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(info3.tokenID, findInfo); + ASSERT_EQ(ret, RET_SUCCESS); + ASSERT_EQ(findInfo.apl, info3.apl); + ASSERT_EQ(findInfo.ver, info3.ver); + ASSERT_EQ(findInfo.processName, info3.processName); + ASSERT_EQ(findInfo.tokenID, info3.tokenID); + ASSERT_EQ(findInfo.tokenAttr, info3.tokenAttr); + ASSERT_EQ(findInfo.dcap, info3.dcap); + + ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info3.tokenID); + ASSERT_EQ(ret, RET_SUCCESS); +} + +/** + * @tc.name: ProcessNativeTokenInfos005 + * @tc.desc: test add repeat process, but id doesnt + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos005, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "test ProcessNativeTokenInfos005!"); + std::vector> tokenInfos; + + NativeTokenInfo info5 = { + .apl = APL_NORMAL, + .ver = 1, + .processName = "native_token_test5", + .tokenID = 0x28100005, + .tokenAttr = 0, + .dcap = {"AT_CAP", "ST_CAP"} + }; + + NativeTokenInfo info6 = { + .apl = APL_NORMAL, + .ver = 1, + .processName = "native_token_test5", + .tokenID = 0x28100006, + .tokenAttr = 0, + .dcap = {"AT_CAP", "ST_CAP"} + }; + + std::shared_ptr nativeToken5 = std::make_shared(info5); + tokenInfos.emplace_back(nativeToken5); + + std::shared_ptr nativeToken6 = std::make_shared(info6); + tokenInfos.emplace_back(nativeToken6); + + AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); + + NativeTokenInfo findInfo; + int ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(info5.tokenID, findInfo); + ASSERT_EQ(ret, RET_FAILED); + + ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(info6.tokenID, findInfo); + ASSERT_EQ(ret, RET_SUCCESS); + ASSERT_EQ(findInfo.apl, info6.apl); + ASSERT_EQ(findInfo.ver, info6.ver); + ASSERT_EQ(findInfo.processName, info6.processName); + ASSERT_EQ(findInfo.tokenID, info6.tokenID); + ASSERT_EQ(findInfo.tokenAttr, info6.tokenAttr); + ASSERT_EQ(findInfo.dcap, info6.dcap); + + ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info6.tokenID); + ASSERT_EQ(ret, RET_SUCCESS); +} + +/** + * @tc.name: ProcessNativeTokenInfos006 + * @tc.desc: test add repeat process and id + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos006, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "test ProcessNativeTokenInfos006!"); + std::vector> tokenInfos; + + NativeTokenInfo info7 = { + .apl = APL_NORMAL, + .ver = 1, + .processName = "native_token_test7", + .tokenID = 0x28100007, + .tokenAttr = 0, + .dcap = {"AT_CAP", "ST_CAP"} + }; + + NativeTokenInfo info8 = { + .apl = APL_SYSTEM_BASIC, + .ver = 1, + .processName = "native_token_test7", + .tokenID = 0x28100007, + .tokenAttr = 0, + .dcap = {"AT_CAP"} + }; + + std::shared_ptr nativeToken7 = std::make_shared(info7); + tokenInfos.emplace_back(nativeToken7); + + std::shared_ptr nativeToken8 = std::make_shared(info8); + tokenInfos.emplace_back(nativeToken8); + + AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); + + NativeTokenInfo findInfo; + int ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(info7.tokenID, findInfo); + ASSERT_EQ(ret, RET_SUCCESS); + ASSERT_EQ(findInfo.apl, info8.apl); + ASSERT_EQ(findInfo.ver, info8.ver); + ASSERT_EQ(findInfo.processName, info8.processName); + ASSERT_EQ(findInfo.tokenID, info8.tokenID); + ASSERT_EQ(findInfo.tokenAttr, info8.tokenAttr); + ASSERT_EQ(findInfo.dcap, info8.dcap); + + ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info8.tokenID); + ASSERT_EQ(ret, RET_SUCCESS); +} + +static int initClientSocket() +{ + struct sockaddr_un addr; + int fd = -1; + + /* set socket */ + fd = socket(AF_UNIX, SOCK_STREAM, 0); + if (fd < 0) { + return -1; + } + (void)memset_s(&addr, sizeof(struct sockaddr_un), 0, sizeof(struct sockaddr_un)); + addr.sun_family = AF_UNIX; + if (strncpy_s(addr.sun_path, sizeof(addr.sun_path), + "/data/system/token_unix_socket.test.socket", sizeof(addr.sun_path) - 1) != EOK) { + close(fd); + return -1; + } + int ret = connect(fd, (struct sockaddr *)&addr, sizeof(addr)); + if (ret != 0) { + close(fd); + return -1; + } + return fd; +} + +void LibatConcurrencyTask(const char* syncMesg) +{ + int fd = initClientSocket(); + if (fd <= 0) { + GTEST_LOG_(INFO) << "initClientSocket failed"; + return; + } + int writtenSize; + int len = strlen(syncMesg); + + writtenSize = write(fd, syncMesg, len); + ASSERT_EQ(writtenSize, len); + if (writtenSize != len) { + GTEST_LOG_(INFO) << "send mesg failed"; + } + close(fd); +} + +/** + * @tc.name: ClientConnect001 + * @tc.desc: client connect and send a nativetoken, and close + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(NativeTokenReceptorTest, ClientConnect001, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "test ClientConnect001!"); + // 672137216 = 0x28100000 + std::string testStr = R"({"NativeTokenInfo":[)"\ + R"({"processName":"process6","APL":3,"version":1,"tokenId":672137216,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"]}]})"; + + LibatConcurrencyTask(testStr.c_str()); + sleep(5); + + NativeTokenInfo findInfo; + int ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(672137216, findInfo); + ASSERT_EQ(ret, RET_SUCCESS); + ASSERT_EQ(findInfo.apl, 3); + ASSERT_EQ(findInfo.ver, 1); + ASSERT_EQ(findInfo.processName, "process6"); + ASSERT_EQ(findInfo.tokenID, 672137216); + ASSERT_EQ(findInfo.tokenAttr, 0); + std::vector dcap = {"AT_CAP", "ST_CAP"}; + ASSERT_EQ(findInfo.dcap, dcap); + + ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(672137216); + ASSERT_EQ(ret, RET_SUCCESS); +} + +/** + * @tc.name: ClientConnect002 + * @tc.desc: client connect and send two nativetokens at same time by two threads + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(NativeTokenReceptorTest, ClientConnect002, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "test ClientConnect002!"); + std::string testStr1 = R"({"NativeTokenInfo":[)"\ + R"({"processName":"process6","APL":3,"version":1,"tokenId":672137216,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"]}]})"; + + std::string testStr2 = R"({"NativeTokenInfo":[)"\ + R"({"processName":"process7","APL":3,"version":1,"tokenId":672137217,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"]}]})"; + + std::thread threadClient1(LibatConcurrencyTask, testStr1.c_str()); + + std::thread threadClient2(LibatConcurrencyTask, testStr2.c_str()); + threadClient1.join(); + threadClient2.join(); + + sleep(5); + + NativeTokenInfo findInfo; + int ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(672137216, findInfo); + ASSERT_EQ(ret, RET_SUCCESS); + ASSERT_EQ(findInfo.apl, 3); + ASSERT_EQ(findInfo.ver, 1); + ASSERT_EQ(findInfo.processName, "process6"); + ASSERT_EQ(findInfo.tokenID, 672137216); + ASSERT_EQ(findInfo.tokenAttr, 0); + std::vector dcap = {"AT_CAP", "ST_CAP"}; + ASSERT_EQ(findInfo.dcap, dcap); + + ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(672137216); + ASSERT_EQ(ret, RET_SUCCESS); + + ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(672137217, findInfo); + ASSERT_EQ(ret, RET_SUCCESS); + ASSERT_EQ(findInfo.apl, 3); + ASSERT_EQ(findInfo.ver, 1); + ASSERT_EQ(findInfo.processName, "process7"); + ASSERT_EQ(findInfo.tokenID, 672137217); + ASSERT_EQ(findInfo.tokenAttr, 0); + ASSERT_EQ(findInfo.dcap, dcap); + + ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(672137217); + ASSERT_EQ(ret, RET_SUCCESS); +} + +/** + * @tc.name: ClientConnect003 + * @tc.desc: client connect and send two nativetokens at one time + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(NativeTokenReceptorTest, ClientConnect003, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "test ClientConnect003!"); + std::string testStr = R"({"NativeTokenInfo":[)"\ + R"({"processName":"process6","APL":3,"version":1,"tokenId":672137216,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"]},)"\ + R"({"processName":"process7","APL":3,"version":1,"tokenId":672137217,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"]}]})"; + + LibatConcurrencyTask(testStr.c_str()); + + sleep(5); + + NativeTokenInfo findInfo; + int ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(672137216, findInfo); + ASSERT_EQ(ret, RET_SUCCESS); + ASSERT_EQ(findInfo.apl, 3); + ASSERT_EQ(findInfo.ver, 1); + ASSERT_EQ(findInfo.processName, "process6"); + ASSERT_EQ(findInfo.tokenID, 672137216); + ASSERT_EQ(findInfo.tokenAttr, 0); + std::vector dcap = {"AT_CAP", "ST_CAP"}; + ASSERT_EQ(findInfo.dcap, dcap); + + ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(672137216); + ASSERT_EQ(ret, RET_SUCCESS); + + ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(672137217, findInfo); + ASSERT_EQ(ret, RET_SUCCESS); + ASSERT_EQ(findInfo.apl, 3); + ASSERT_EQ(findInfo.ver, 1); + ASSERT_EQ(findInfo.processName, "process7"); + ASSERT_EQ(findInfo.tokenID, 672137217); + ASSERT_EQ(findInfo.tokenAttr, 0); + ASSERT_EQ(findInfo.dcap, dcap); + + ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(672137217); + ASSERT_EQ(ret, RET_SUCCESS); +} diff --git a/interfaces/innerkits/accesstoken/main/cpp/include/accesstoken.h b/services/accesstokenmanager/test/unittest/cpp/src/native_token_receptor_test.h similarity index 68% rename from interfaces/innerkits/accesstoken/main/cpp/include/accesstoken.h rename to services/accesstokenmanager/test/unittest/cpp/src/native_token_receptor_test.h index f0084d34728248555694e1f359ed659f7a6f43b2..1df01e7d45c2a77f575ca71b99762bf2b5ec7a14 100644 --- a/interfaces/innerkits/accesstoken/main/cpp/include/accesstoken.h +++ b/services/accesstokenmanager/test/unittest/cpp/src/native_token_receptor_test.h @@ -13,24 +13,26 @@ * limitations under the License. */ -#ifndef INTERFACES_INNER_KITS_ACCESSTOKEN_H -#define INTERFACES_INNER_KITS_ACCESSTOKEN_H +#ifndef NATIVE_TOKEN_RECEPTOR_TEST_H +#define NATIVE_TOKEN_RECEPTOR_TEST_H + +#include +#include "accesstoken_log.h" namespace OHOS { namespace Security { namespace AccessToken { -typedef unsigned int AccessTokenID; -enum AccessTokenKitRet { - RET_FAILED = -1, - RET_SUCCESS = 0, -}; +class NativeTokenReceptorTest : public testing::Test { +public: + static void SetUpTestCase(); + + static void TearDownTestCase(); -typedef enum TypePermissionState { - PERMISSION_DENIED = -1, - PERMISSION_GRANTED = 0, -} PermissionState; + void SetUp(); + + void TearDown(); +}; } // namespace AccessToken } // namespace Security } // namespace OHOS - -#endif +#endif // NATIVE_TOKEN_RECEPTOR_TEST_H diff --git a/services/tokensyncmanager/main/cpp/tokensync_manager_service.cpp b/services/tokensyncmanager/main/cpp/tokensync_manager_service.cpp index 6e011816a5aa090fcfa644ff4762e87984da78ab..eda9f78cce4ba52744397e417b1407d6ffe2ba30 100644 --- a/services/tokensyncmanager/main/cpp/tokensync_manager_service.cpp +++ b/services/tokensyncmanager/main/cpp/tokensync_manager_service.cpp @@ -45,6 +45,10 @@ void TokenSyncManagerService::OnStart() return; } ACCESSTOKEN_LOG_INFO(LABEL, "TokenSyncManagerService is starting"); + if (!Initialize()) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to initialize"); + return; + } state_ = ServiceRunningState::STATE_RUNNING; bool ret = Publish(DelayedSingleton::GetInstance().get()); if (!ret) {