From 08af923ad821dc86723ba43cc0bac3da2da51800 Mon Sep 17 00:00:00 2001 From: bigtea Date: Sat, 22 Mar 2025 17:50:45 +0800 Subject: [PATCH] Add access_token dfx event after idl Signed-off-by: bigtea --- hisysevent.yaml | 35 +++ .../accesstoken/include/hap_token_info.h | 4 +- .../main/cpp/include/dfx/hisysevent_adapter.h | 50 +++- .../include/permission/permission_manager.h | 2 + .../service/accesstoken_manager_service.h | 8 +- .../include/token/accesstoken_info_manager.h | 8 +- .../cpp/include/token/hap_token_info_inner.h | 1 + .../main/cpp/src/database/access_token_db.cpp | 30 ++- .../main/cpp/src/dfx/hisysevent_adapter.cpp | 112 +++++++- .../src/permission/permission_data_brief.cpp | 8 +- .../cpp/src/permission/permission_manager.cpp | 53 +++- .../permission/temp_permission_observer.cpp | 4 +- .../service/accesstoken_manager_service.cpp | 250 +++++++++++++++--- .../src/token/accesstoken_info_manager.cpp | 232 ++++++++++------ .../cpp/src/token/hap_token_info_inner.cpp | 14 +- .../permission_manager_coverage_test.cpp | 6 +- .../accesstoken_info_manager_test.cpp | 18 +- .../deleteremotedevicetokensstub_fuzzer.cpp | 6 +- .../deleteremotetokenstub_fuzzer.cpp | 6 +- .../gethaptokeninfofromremotestub_fuzzer.cpp | 6 +- .../getremotenativetokenidstub_fuzzer.cpp | 6 +- .../grantpermissionstub_fuzzer.cpp | 6 +- .../setremotehaptokeninfostub_fuzzer.cpp | 6 +- 23 files changed, 691 insertions(+), 180 deletions(-) diff --git a/hisysevent.yaml b/hisysevent.yaml index 9db48c4d2..f149bf205 100644 --- a/hisysevent.yaml +++ b/hisysevent.yaml @@ -19,6 +19,8 @@ ACCESSTOKEN_SERVICE_START: HAP_SIZE: {type: UINT32, desc: hap token size} NATIVE_SIZE: {type: UINT32, desc: native token size} PERM_DEFINITION_SIZE: {type: UINT32, desc: permission definition size} + DLP_PERMISSION_SIZE: {type: UINT32, desc: dlp permission size} + PARSE_CONFIG_FLAG: {type: UINT32, desc: parse config policy file value flag} ACCESSTOKEN_SERVICE_START_ERROR: __BASE: {type: FAULT, level: CRITICAL, desc: service startup error} @@ -62,6 +64,17 @@ ADD_HAP: USERID: {type: INT32, desc: user id} BUNDLENAME: {type: STRING, desc: bundle name} INSTINDEX: {type: INT32, desc: inst index} + SCENE_CODE: {type: INT32, desc: scene code} + ORI_TOKENID: {type: UINT32, desc: original token id} + TOKENIDEX: {type: UINT64, desc: token id ex} + DLP_TYPE: {type: UINT32, desc: dlp type} + IS_RESTORE: {type: BOOL, desc: is restore scene} + PERM_INFO: {type: STRING, desc: request permission list} + ACL_INFO: {type: STRING, desc: acl permission list} + PREAUTH_INFO: {type: STRING, desc: preauth permission list} + EXTEND_INFO: {type: STRING, desc: extend permission map} + DURATION: {type: UINT64, desc: time required for installing an application} + ERROR_CODE: {type: INT32, desc: error code} DEL_HAP: __BASE: {type: STATISTIC, level: MINOR, tag: usability, desc: delete a hap from device} @@ -69,6 +82,9 @@ DEL_HAP: USERID: {type: INT32, desc: user id} BUNDLENAME: {type: STRING, desc: bundle name} INSTINDEX: {type: INT32, desc: inst index} + SCENE_CODE: {type: INT32, desc: scene code} + ERROR_CODE: {type: INT32, desc: error code} + DURATION: {type: INT64, desc: duration} PERM_DIALOG_STATUS_INFO: __BASE: {type: STATISTIC, level: MINOR, desc: status information of permission dialog} @@ -93,6 +109,11 @@ UPDATE_PERMISSION: PERMISSION_NAME: {type: STRING, desc: permission name} PERMISSION_FLAG: {type: UINT32, desc: permission flag} GRANTED_FLAG: {type: BOOL, desc: grant or revoke} + SCENE_CODE: {type: INT32, desc: scene code} + ERROR_CODE: {type: INT32, desc: error code} + USERID: {type: INT32, desc: user id} + BUNDLENAME: {type: STRING, desc: bundle name} + INSTINDEX: {type: INT32, desc: inst index} UPDATE_HAP: __BASE: {type: STATISTIC, level: MINOR, tag: usability, desc: update hap to device} @@ -100,6 +121,14 @@ UPDATE_HAP: USERID: {type: INT32, desc: user id} BUNDLENAME: {type: STRING, desc: bundle name} INSTINDEX: {type: INT32, desc: inst index} + SCENE_CODE: {type: INT32, desc: scene code} + ERROR_CODE: {type: INT32, desc: error code} + TOKENIDEX: {type: UINT64, desc: tokenIDEx} + PERM_INFO: {type: STRING, desc: perm info} + ACL_INFO: {type: STRING, desc: acl info} + PREAUTH_INFO: {type: STRING, desc: pre-auth info} + EXTEND_INFO: {type: STRING, desc: extend info} + DURATION: {type: INT64, desc: duration} CLEAR_USER_PERMISSION_STATE: __BASE: {type: BEHAVIOR, level: MINOR, desc: clear user permission state} @@ -136,3 +165,9 @@ VERIFY_ACCESS_TOKEN_EVENT: SELF_TOKENID: {type: UINT32, desc: self tokenID} CONTEXT_TOKENID: {type: UINT32, desc: context tokenID} +ACCESSTOKEN_EXCEPTION: + __BASE: {type: FAULT, level: CRITICAL, desc: accesstoken exception} + SCENE_CODE: {type: INT32, desc: scene code} + ERROR_CODE: {type: INT32, desc: error code} + ERROR_MSG: {type: STRING, desc: error reason} + diff --git a/interfaces/innerkits/accesstoken/include/hap_token_info.h b/interfaces/innerkits/accesstoken/include/hap_token_info.h index 5e80c3ced..0292fc395 100644 --- a/interfaces/innerkits/accesstoken/include/hap_token_info.h +++ b/interfaces/innerkits/accesstoken/include/hap_token_info.h @@ -96,12 +96,12 @@ public: class HapTokenInfo final { public: char ver; - int userID; + int userID = 0; std::string bundleName; /** which version of the SDK is used to develop this hap */ int32_t apiVersion; /** instance index */ - int instIndex; + int instIndex = 0; /** * dlp type, for details about the valid values, * see the definition of HapDlpType in the access_token.h file. diff --git a/services/accesstokenmanager/main/cpp/include/dfx/hisysevent_adapter.h b/services/accesstokenmanager/main/cpp/include/dfx/hisysevent_adapter.h index be526063a..f5c3fbee7 100644 --- a/services/accesstokenmanager/main/cpp/include/dfx/hisysevent_adapter.h +++ b/services/accesstokenmanager/main/cpp/include/dfx/hisysevent_adapter.h @@ -18,6 +18,8 @@ #include +#include "access_token.h" + namespace OHOS { namespace Security { namespace AccessToken { @@ -34,11 +36,55 @@ enum UpdatePermStatusErrorCode { DLP_CHECK_FAILED = 1, UPDATE_PERMISSION_STATUS_FAILED = 2, }; +enum UpdateHapTokenSceneCode { + UPDATE_HAP_START = 0, + UPDATE_HAP_FINISH = 1, +}; +enum DeleteTokenInfoSceneCode { + DELETE_HAP_START = 0, + DELETE_HAP_FINISH = 1, +}; +enum UpdatePermSceneCode { + UPDATE_PERM_START = 0, + UPDATE_PERM_FINISH = 1, +}; +enum AddHapSceneCode { + INSTALL_START = 0, + TOKEN_ID_CHANGE, + INIT, + MAP, + INSTALL_FINISH, +}; + +struct AccessTokenDfxInfo { + AddHapSceneCode sceneCode; + AccessTokenID tokenId; + AccessTokenID oriTokenId; + AccessTokenIDEx tokenIdEx; + int32_t userId; + std::string bundleName; + int32_t instIndex; + HapDlpType dlpType; + bool isRestore; + std::string permInfo; + std::string aclInfo; + std::string preauthInfo; + std::string extendInfo; + uint64_t duration; + int32_t errorCode; + int32_t pid; + uint32_t hapSize; + uint32_t nativeSize; + uint32_t permDefSize; + uint32_t dlpSize; + uint32_t parseConfigFlag; +}; + void ReportSysEventPerformance(); -void ReportSysEventServiceStart(int32_t pid, uint32_t hapSize, uint32_t nativeSize, uint32_t permDefSize); +void ReportSysEventServiceStart(const AccessTokenDfxInfo& info); void ReportSysEventServiceStartError(SceneCode scene, const std::string& errMsg, int32_t errCode); void ReportSysCommonEventError(int32_t ipcCode, int32_t errCode); - +void ReportSysEventAddHap(const AccessTokenDfxInfo& info); } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h index e0b4eb58c..7406a1990 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h @@ -65,6 +65,8 @@ public: int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag); int32_t RequestAppPermOnSetting(const HapTokenInfo& hapInfo, const std::string& bundleName, const std::string& abilityName); + int32_t CheckAndUpdatePermissionInner(AccessTokenID tokenID, const std::string& permissionName, + bool isGranted, uint32_t flag); int32_t CheckAndUpdatePermission(AccessTokenID tokenID, const std::string& permissionName, bool isGranted, uint32_t flag); int32_t UpdatePermission(AccessTokenID tokenID, const std::string& permissionName, diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h index c90a9a26b..b4abba79c 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h @@ -125,10 +125,16 @@ public: private: void GetValidConfigFilePathList(std::vector& pathList); bool GetConfigGrantValueFromFile(std::string& fileContent); - void GetConfigValue(); + void SetDefaultValueIfNeed(int32_t cancelTime, uint32_t& parseConfigFlag); + void GetConfigValue(uint32_t& parseConfigFlag); bool Initialize(); void AccessTokenServiceParamSet() const; PermissionOper GetPermissionsState(AccessTokenID tokenID, std::vector& reqPermList); + int32_t UpdateHapTokenCore(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, + const HapPolicyParcel& policyParcel, HapInfoCheckResultIdl& resultInfoIdl); + void ReportAddHap(const HapInfoParcel& info, const HapPolicyParcel& policy); + void ReportAddHapFinish(AccessTokenIDEx fullTokenId, const HapInfoParcel& info, int64_t beginTime, + int32_t errorCode); ServiceRunningState state_; std::string grantBundleName_; std::string grantAbilityName_; diff --git a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h index 6b328c568..80e7faf3e 100644 --- a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h +++ b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h @@ -46,7 +46,7 @@ class AccessTokenInfoManager final { public: static AccessTokenInfoManager& GetInstance(); ~AccessTokenInfoManager(); - void Init(); + void Init(uint32_t& hapSize, uint32_t& nativeSize, uint32_t& pefDefSize, uint32_t& dlpSize); void InitNativeTokenInfos(const std::vector& tokenInfos); int32_t GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenIdList); std::shared_ptr GetHapTokenInfoInner(AccessTokenID id); @@ -104,10 +104,14 @@ private: AccessTokenInfoManager(); DISALLOW_COPY_AND_MOVE(AccessTokenInfoManager); + int32_t AddHapInfoToCache(uint32_t& hapSize, const GenericValues& tokenValue, + const std::vector& permStateRes, const std::vector& extendedPermRes); void InitHapTokenInfos(uint32_t& hapSize); - int AddHapTokenInfo(const std::shared_ptr& info); + void ReportAddHapIdChange(const std::shared_ptr& hapInfo, AccessTokenID oriTokenId); + int AddHapTokenInfo(const std::shared_ptr& info, AccessTokenID& oriTokenId); std::string GetHapUniqueStr(const std::shared_ptr& info) const; std::string GetHapUniqueStr(const int& userID, const std::string& bundleName, const int& instIndex) const; + int32_t RegisterTokenId(const HapInfoParams& info, AccessTokenID& tokenId); int AddHapTokenInfoToDb(const std::shared_ptr& hapInfo, const std::string& appId, const HapPolicy& policy, bool isUpdate); int RemoveHapTokenInfoFromDb(const std::shared_ptr& info); diff --git a/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h b/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h index 4b0c7ef82..e0d3ad63e 100644 --- a/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h +++ b/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h @@ -52,6 +52,7 @@ public: HapTokenInfo GetHapInfoBasic() const; int GetUserID() const; int GetDlpType() const; + AccessTokenAttr GetAttr() const; std::string GetBundleName() const; int GetInstIndex() const; AccessTokenID GetTokenID() const; diff --git a/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp b/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp index b1c4631b9..c460e8693 100644 --- a/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp +++ b/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp @@ -182,13 +182,13 @@ int32_t AccessTokenDb::RemoveValues(const AtmDataType type, const GenericValues& std::string tableName; AccessTokenDbUtil::GetTableNameByType(type, tableName); if (tableName.empty()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Table name is empty."); + LOGC(ATM_DOMAIN, ATM_TAG, "Table name is empty."); return AccessTokenError::ERR_PARAM_INVALID; } std::shared_ptr db = GetRdb(); if (db == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "db is nullptr."); + LOGC(ATM_DOMAIN, ATM_TAG, "db is nullptr."); return AccessTokenError::ERR_DATABASE_OPERATE_FAILED; } @@ -202,6 +202,7 @@ int32_t AccessTokenDb::RemoveValues(const AtmDataType type, const GenericValues& tableName.c_str(), res); int32_t result = RestoreAndDeleteIfCorrupt(res, deletedRows, predicates, db); if (result != NativeRdb::E_OK) { + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to restore and delete, result is %{public}d.", result); return result; } } @@ -244,6 +245,7 @@ int32_t AccessTokenDb::Modify(const AtmDataType type, const GenericValues& modif std::string tableName; AccessTokenDbUtil::GetTableNameByType(type, tableName); if (tableName.empty()) { + LOGC(ATM_DOMAIN, ATM_TAG, "Get table name failed!"); return AccessTokenError::ERR_PARAM_INVALID; } @@ -251,6 +253,7 @@ int32_t AccessTokenDb::Modify(const AtmDataType type, const GenericValues& modif AccessTokenDbUtil::ToRdbValueBucket(modifyValue, bucket); if (bucket.IsEmpty()) { + LOGC(ATM_DOMAIN, ATM_TAG, "To rdb value bucket failed!"); return AccessTokenError::ERR_PARAM_INVALID; } @@ -262,7 +265,7 @@ int32_t AccessTokenDb::Modify(const AtmDataType type, const GenericValues& modif OHOS::Utils::UniqueWriteGuard lock(this->rwLock_); auto db = GetRdb(); if (db == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "db is nullptr."); + LOGC(ATM_DOMAIN, ATM_TAG, "db is nullptr."); return AccessTokenError::ERR_DATABASE_OPERATE_FAILED; } @@ -272,6 +275,7 @@ int32_t AccessTokenDb::Modify(const AtmDataType type, const GenericValues& modif tableName.c_str(), res); int32_t result = RestoreAndUpdateIfCorrupt(res, changedRows, bucket, predicates, db); if (result != NativeRdb::E_OK) { + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to restore and update, result is %{public}d.", result); return result; } } @@ -298,19 +302,19 @@ int32_t AccessTokenDb::RestoreAndQueryIfCorrupt(const NativeRdb::RdbPredicates& LOGW(ATM_DOMAIN, ATM_TAG, "Detech database corrupt, restore from backup!"); res = db->Restore(""); if (res != NativeRdb::E_OK) { - LOGE(ATM_DOMAIN, ATM_TAG, "Db restore failed, res is %{public}d.", res); + LOGC(ATM_DOMAIN, ATM_TAG, "Db restore failed, res is %{public}d.", res); return res; } LOGI(ATM_DOMAIN, ATM_TAG, "Database restore success, try query again!"); queryResultSet = db->Query(predicates, columns); if (queryResultSet == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to find records from table %{public}s again.", + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to find records from table %{public}s again.", predicates.GetTableName().c_str()); return AccessTokenError::ERR_DATABASE_OPERATE_FAILED; } } else { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to get result count."); + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to get result count."); return AccessTokenError::ERR_DATABASE_OPERATE_FAILED; } } @@ -337,19 +341,20 @@ int32_t AccessTokenDb::Find(AtmDataType type, const GenericValues& conditionValu OHOS::Utils::UniqueReadGuard lock(this->rwLock_); auto db = GetRdb(); if (db == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "db is nullptr."); + LOGC(ATM_DOMAIN, ATM_TAG, "db is nullptr."); return AccessTokenError::ERR_DATABASE_OPERATE_FAILED; } auto queryResultSet = db->Query(predicates, columns); if (queryResultSet == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to find records from table %{public}s.", + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to find records from table %{public}s.", tableName.c_str()); return AccessTokenError::ERR_DATABASE_OPERATE_FAILED; } int32_t res = RestoreAndQueryIfCorrupt(predicates, columns, queryResultSet, db); if (res != 0) { + LOGC(ATM_DOMAIN, ATM_TAG, "Restore and query failed!"); return res; } @@ -382,14 +387,14 @@ int32_t AccessTokenDb::RestoreAndCommitIfCorrupt(const int32_t resultCode, LOGW(ATM_DOMAIN, ATM_TAG, "Detech database corrupt, restore from backup!"); int32_t res = db->Restore(""); if (res != NativeRdb::E_OK) { - LOGE(ATM_DOMAIN, ATM_TAG, "Db restore failed, res is %{public}d.", res); + LOGC(ATM_DOMAIN, ATM_TAG, "Db restore failed, res is %{public}d.", res); return res; } LOGI(ATM_DOMAIN, ATM_TAG, "Database restore success, try commit again!"); res = db->Commit(); if (res != NativeRdb::E_OK) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to Commit again, res is %{public}d.", res); + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to Commit again, res is %{public}d.", res); return res; } @@ -406,7 +411,7 @@ int32_t AccessTokenDb::DeleteAndInsertValues( OHOS::Utils::UniqueWriteGuard lock(this->rwLock_); std::shared_ptr db = GetRdb(); if (db == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "db is nullptr."); + LOGC(ATM_DOMAIN, ATM_TAG, "db is nullptr."); return AccessTokenError::ERR_DATABASE_OPERATE_FAILED; } @@ -418,6 +423,7 @@ int32_t AccessTokenDb::DeleteAndInsertValues( res = RemoveValues(delDataTypes[i], delValues[i]); if (res != 0) { db->RollBack(); + LOGC(ATM_DOMAIN, ATM_TAG, "Remove values failed, res is %{public}d.", res); return res; } } @@ -427,6 +433,7 @@ int32_t AccessTokenDb::DeleteAndInsertValues( res = AddValues(addDataTypes[i], addValues[i]); if (res != 0) { db->RollBack(); + LOGC(ATM_DOMAIN, ATM_TAG, "Add values failed, res is %{public}d.", res); return res; } } @@ -436,6 +443,7 @@ int32_t AccessTokenDb::DeleteAndInsertValues( LOGE(ATM_DOMAIN, ATM_TAG, "Failed to commit, res is %{public}d.", res); int32_t result = RestoreAndCommitIfCorrupt(res, db); if (result != NativeRdb::E_OK) { + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to restore and commit, result is %{public}d.", result); return result; } } diff --git a/services/accesstokenmanager/main/cpp/src/dfx/hisysevent_adapter.cpp b/services/accesstokenmanager/main/cpp/src/dfx/hisysevent_adapter.cpp index 19ce1ffbb..acd6d13b8 100644 --- a/services/accesstokenmanager/main/cpp/src/dfx/hisysevent_adapter.cpp +++ b/services/accesstokenmanager/main/cpp/src/dfx/hisysevent_adapter.cpp @@ -22,8 +22,44 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { -static const std::string ACCESSTOKEN_PROCESS_NAME = "accesstoken_service"; -static constexpr char ADD_DOMAIN[] = "PERFORMANCE"; +// CPU_SCENE_ENTRY +static constexpr char CPU_SCENE_ENTRY[] = "CPU_SCENE_ENTRY"; +static constexpr char ACCESSTOKEN_PROCESS_NAME[] = "accesstoken_service"; +static constexpr char PERFORMANCE_DOMAIN[] = "PERFORMANCE"; +static constexpr char PACKAGE_NAME[] = "PACKAGE_NAME"; +static constexpr char SCENE_ID[] = "SCENE_ID"; +static constexpr char HAPPEN_TIME[] = "HAPPEN_TIME"; + +// ACCESSTOKEN_SERVICE_START +static constexpr char ACCESSTOKEN_SERVICE_START[] = "ACCESSTOKEN_SERVICE_START"; +static constexpr char PID[] = "PID"; +static constexpr char HAP_SIZE[] = "HAP_SIZE"; +static constexpr char NATIVE_SIZE[] = "NATIVE_SIZE"; +static constexpr char PERM_DEFINITION_SIZE[] = "PERM_DEFINITION_SIZE"; +static constexpr char DLP_PERMISSION_SIZE[] = "DLP_PERMISSION_SIZE"; +static constexpr char PARSE_CONFIG_FLAG[] = "PARSE_CONFIG_FLAG"; + +// ACCESSTOKEN_SERVICE_START_ERROR +static constexpr char ACCESSTOKEN_SERVICE_START_ERROR[] = "ACCESSTOKEN_SERVICE_START_ERROR"; +static constexpr char SCENE_CODE[] = "SCENE_CODE"; +static constexpr char ERROR_CODE[] = "ERROR_CODE"; +static constexpr char ERROR_MSG[] = "ERROR_MSG"; + +// ADD_HAP +static constexpr char ADD_HAP[] = "ADD_HAP"; +static constexpr char TOKENID[] = "TOKENID"; +static constexpr char USERID[] = "USERID"; +static constexpr char BUNDLENAME[] = "BUNDLENAME"; +static constexpr char INSTINDEX[] = "INSTINDEX"; +static constexpr char DLP_TYPE[] = "DLP_TYPE"; +static constexpr char IS_RESTORE[] = "IS_RESTORE"; +static constexpr char PERM_INFO[] = "PERM_INFO"; +static constexpr char ACL_INFO[] = "ACL_INFO"; +static constexpr char PREAUTH_INFO[] = "PREAUTH_INFO"; +static constexpr char EXTEND_INFO[] = "EXTEND_INFO"; +static constexpr char ORI_TOKENID[] = "ORI_TOKENID"; +static constexpr char TOKENIDEX[] = "TOKENIDEX"; +static constexpr char DURATION[] = "DURATION"; } void ReportSysEventPerformance() @@ -32,18 +68,26 @@ void ReportSysEventPerformance() long id = 1 << 0; // first scene int64_t time = AccessToken::TimeUtil::GetCurrentTimestamp(); - int32_t ret = HiSysEventWrite(ADD_DOMAIN, "CPU_SCENE_ENTRY", HiviewDFX::HiSysEvent::EventType::BEHAVIOR, - "PACKAGE_NAME", ACCESSTOKEN_PROCESS_NAME, "SCENE_ID", std::to_string(id).c_str(), "HAPPEN_TIME", time); + int32_t ret = HiSysEventWrite(PERFORMANCE_DOMAIN, CPU_SCENE_ENTRY, + HiviewDFX::HiSysEvent::EventType::BEHAVIOR, + PACKAGE_NAME, std::string(ACCESSTOKEN_PROCESS_NAME), + SCENE_ID, std::to_string(id).c_str(), + HAPPEN_TIME, time); if (ret != 0) { LOGE(ATM_DOMAIN, ATM_TAG, "Failed to report performance, ret %{public}d.", ret); } } -void ReportSysEventServiceStart(int32_t pid, uint32_t hapSize, uint32_t nativeSize, uint32_t permDefSize) +void ReportSysEventServiceStart(const AccessTokenDfxInfo& info) { - int32_t ret = HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "ACCESSTOKEN_SERVICE_START", + int32_t ret = HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, ACCESSTOKEN_SERVICE_START, HiviewDFX::HiSysEvent::EventType::STATISTIC, - "PID", pid, "HAP_SIZE", hapSize, "NATIVE_SIZE", nativeSize, "PERM_DEFINITION_SIZE", permDefSize); + PID, info.pid, + HAP_SIZE, info.hapSize, + NATIVE_SIZE, info.nativeSize, + PERM_DEFINITION_SIZE, info.permDefSize, + DLP_PERMISSION_SIZE, info.dlpSize, + PARSE_CONFIG_FLAG, info.parseConfigFlag); if (ret != 0) { LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write hisysevent write, ret %{public}d.", ret); } @@ -51,8 +95,11 @@ void ReportSysEventServiceStart(int32_t pid, uint32_t hapSize, uint32_t nativeSi void ReportSysEventServiceStartError(SceneCode scene, const std::string& errMsg, int32_t errCode) { - int32_t ret = HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "ACCESSTOKEN_SERVICE_START_ERROR", - HiviewDFX::HiSysEvent::EventType::FAULT, "SCENE_CODE", scene, "ERROR_CODE", errCode, "ERROR_MSG", errMsg); + int32_t ret = HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, ACCESSTOKEN_SERVICE_START_ERROR, + HiviewDFX::HiSysEvent::EventType::FAULT, + SCENE_CODE, scene, + ERROR_CODE, errCode, + ERROR_MSG, errMsg); if (ret != 0) { LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write hisysevent write, ret %{public}d.", ret); } @@ -63,13 +110,58 @@ void ReportSysCommonEventError(int32_t ipcCode, int32_t errCode) if (GetThreadErrorMsgLen() == 0) { return; } - int32_t ret = HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "ACCESSTOKEN_SERVICE_START_ERROR", + int32_t ret = HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "ACCESSTOKEN_EXCEPTION", HiviewDFX::HiSysEvent::EventType::FAULT, "SCENE_CODE", ipcCode, "ERROR_CODE", errCode, "ERROR_MSG", GetThreadErrorMsg()); if (ret != 0) { LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write hisysevent write, ret %{public}d.", ret); } } + +void ReportSysEventAddHap(const AccessTokenDfxInfo& info) +{ + int32_t res = 0; + if (info.sceneCode == AddHapSceneCode::INSTALL_START) { + res = HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, ADD_HAP, + HiviewDFX::HiSysEvent::EventType::STATISTIC, + SCENE_CODE, info.sceneCode, TOKENID, info.tokenId, + USERID, info.userId, BUNDLENAME, info.bundleName, + INSTINDEX, info.instIndex, DLP_TYPE, info.dlpType, + IS_RESTORE, info.isRestore, PERM_INFO, info.permInfo, + ACL_INFO, info.aclInfo, PREAUTH_INFO, info.preauthInfo, + EXTEND_INFO, info.extendInfo); + } else if (info.sceneCode == AddHapSceneCode::TOKEN_ID_CHANGE) { + res = HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, ADD_HAP, + HiviewDFX::HiSysEvent::EventType::STATISTIC, + SCENE_CODE, info.sceneCode, TOKENID, info.tokenId, + ORI_TOKENID, info.oriTokenId, USERID, info.userId, + BUNDLENAME, info.bundleName, INSTINDEX, info.instIndex); + } else if (info.sceneCode == AddHapSceneCode::INIT) { + res = HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, ADD_HAP, + HiviewDFX::HiSysEvent::EventType::STATISTIC, + SCENE_CODE, info.sceneCode, TOKENID, info.tokenId, + TOKENIDEX, static_cast(info.tokenIdEx.tokenIDEx), + USERID, info.userId, BUNDLENAME, info.bundleName, + INSTINDEX, info.instIndex); + } else if (info.sceneCode == AddHapSceneCode::MAP) { + res = HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, ADD_HAP, + HiviewDFX::HiSysEvent::EventType::STATISTIC, + SCENE_CODE, info.sceneCode, TOKENID, info.tokenId, + USERID, info.userId, BUNDLENAME, info.bundleName, + INSTINDEX, info.instIndex); + } else if (info.sceneCode == AddHapSceneCode::INSTALL_FINISH) { + res = HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, ADD_HAP, + HiviewDFX::HiSysEvent::EventType::STATISTIC, + SCENE_CODE, info.sceneCode, TOKENID, info.tokenId, + TOKENIDEX, static_cast(info.tokenIdEx.tokenIDEx), + USERID, info.userId, BUNDLENAME, info.bundleName, + INSTINDEX, info.instIndex, DURATION, info.duration, + ERROR_CODE, info.errorCode); + } + if (res != 0) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write hisysevent write, ret %{public}d.", res); + } +} } // namespace AccessToken } // namespace Security } // namespace OHOS \ No newline at end of file diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp index 3c76de837..f9f9ca828 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp @@ -411,7 +411,7 @@ int32_t PermissionDataBrief::UpdatePermStateList( { auto iterPermData = requestedPermData_.find(tokenId); if (iterPermData == requestedPermData_.end()) { - LOGE(ATM_DOMAIN, ATM_TAG, "TokenID %{public}d is not exist.", tokenId); + LOGC(ATM_DOMAIN, ATM_TAG, "TokenID %{public}d is not exist.", tokenId); return ERR_TOKEN_INVALID; } std::vector& permBriefDatalist = requestedPermData_[tokenId]; @@ -420,12 +420,12 @@ int32_t PermissionDataBrief::UpdatePermStateList( return opCode == permData.permCode; }); if (iter == permBriefDatalist.end()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission not request!"); + LOGC(ATM_DOMAIN, ATM_TAG, "Permission not request!"); return AccessTokenError::ERR_PARAM_INVALID; } if ((static_cast(iter->flag) & PERMISSION_SYSTEM_FIXED) == PERMISSION_SYSTEM_FIXED) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission fixed by system!"); + LOGC(ATM_DOMAIN, ATM_TAG, "Permission fixed by system!"); return AccessTokenError::ERR_PARAM_INVALID; } iter->status = isGranted ? PERMISSION_GRANTED : PERMISSION_DENIED; @@ -450,7 +450,7 @@ int32_t PermissionDataBrief::UpdateSecCompGrantedPermList(AccessTokenID tokenId, if (status == PERMISSION_GRANTED) { return RET_SUCCESS; } else { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission has been revoked by user."); + LOGC(ATM_DOMAIN, ATM_TAG, "Permission has been revoked by user."); return ERR_PERMISSION_DENIED; } } else { diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index 30d1882b3..f5305f8a0 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -32,6 +32,7 @@ #ifdef SUPPORT_SANDBOX_APP #include "dlp_permission_set_manager.h" #endif +#include "iaccess_token_manager.h" #include "ipc_skeleton.h" #include "hisysevent_adapter.h" #include "parameter.h" @@ -345,7 +346,7 @@ int32_t PermissionManager::UpdateTokenPermissionState( { std::shared_ptr infoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(id); if (infoPtr == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "tokenInfo is null, tokenId=%{public}u", id); + LOGC(ATM_DOMAIN, ATM_TAG, "tokenInfo is null, tokenId=%{public}u", id); return AccessTokenError::ERR_TOKENID_NOT_EXIST; } @@ -359,6 +360,7 @@ int32_t PermissionManager::UpdateTokenPermissionState( bool statusChanged = false; ret = infoPtr->UpdatePermissionStatus(permission, isGranted, flag, statusChanged); if (ret != RET_SUCCESS) { + LOGC(ATM_DOMAIN, ATM_TAG, "Update info perm status failed, ret is %{public}d", ret); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_PERMISSION_STATUS_ERROR", HiviewDFX::HiSysEvent::EventType::FAULT, "ERROR_CODE", UPDATE_PERMISSION_STATUS_FAILED, "TOKENID", id, "PERM", permission, "BUNDLE_NAME", infoPtr->GetBundleName(), "INT_VAL1", ret, @@ -389,12 +391,12 @@ int32_t PermissionManager::UpdateTokenPermissionStateCheck(const std::shared_ptr AccessTokenID id, const std::string& permission, bool isGranted, uint32_t flag) { if (infoPtr->IsRemote()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Remote token can not update"); + LOGC(ATM_DOMAIN, ATM_TAG, "Remote token can not update"); return AccessTokenError::ERR_IDENTITY_CHECK_FAILED; } if ((flag == PERMISSION_ALLOW_THIS_TIME) && isGranted) { if (!TempPermissionObserver::GetInstance().IsAllowGrantTempPermission(id, permission)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Id:%{public}d fail to grant permission:%{public}s", id, permission.c_str()); + LOGC(ATM_DOMAIN, ATM_TAG, "Id:%{public}d fail to grant permission:%{public}s", id, permission.c_str()); return ERR_IDENTITY_CHECK_FAILED; } } @@ -404,7 +406,7 @@ int32_t PermissionManager::UpdateTokenPermissionStateCheck(const std::shared_ptr if (hapDlpType != DLP_COMMON) { int32_t permDlpMode = DlpPermissionSetManager::GetInstance().GetPermDlpMode(permission); if (!DlpPermissionSetManager::GetInstance().IsPermDlpModeAvailableToDlpHap(hapDlpType, permDlpMode)) { - LOGD(ATM_DOMAIN, ATM_TAG, "%{public}s cannot to be granted to %{public}u", permission.c_str(), id); + LOGC(ATM_DOMAIN, ATM_TAG, "%{public}s cannot to be granted to %{public}u", permission.c_str(), id); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_PERMISSION_STATUS_ERROR", HiviewDFX::HiSysEvent::EventType::FAULT, "ERROR_CODE", DLP_CHECK_FAILED, "TOKENID", id, "PERM", permission, "BUNDLE_NAME", infoPtr->GetBundleName(), "INT_VAL1", hapDlpType, "INT_VAL2", permDlpMode); @@ -420,6 +422,8 @@ int32_t PermissionManager::UpdatePermission(AccessTokenID tokenID, const std::st { int32_t ret = UpdateTokenPermissionState(tokenID, permissionName, isGranted, flag, needKill); if (ret != RET_SUCCESS) { + LOGC(ATM_DOMAIN, ATM_TAG, "Update permission %{public}u %{public}s failed, ret is %{public}d", tokenID, + permissionName.c_str(), ret); return ret; } @@ -432,26 +436,22 @@ int32_t PermissionManager::UpdatePermission(AccessTokenID tokenID, const std::st } #endif - // DFX - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_PERMISSION", - HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "TOKENID", tokenID, "PERMISSION_NAME", - permissionName, "PERMISSION_FLAG", flag, "GRANTED_FLAG", isGranted); return RET_SUCCESS; } -int32_t PermissionManager::CheckAndUpdatePermission(AccessTokenID tokenID, const std::string& permissionName, +int32_t PermissionManager::CheckAndUpdatePermissionInner(AccessTokenID tokenID, const std::string& permissionName, bool isGranted, uint32_t flag) { if (!PermissionValidator::IsPermissionNameValid(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "permissionName: %{public}s, Invalid params!", permissionName.c_str()); + LOGC(ATM_DOMAIN, ATM_TAG, "permissionName: %{public}s, Invalid params!", permissionName.c_str()); return AccessTokenError::ERR_PARAM_INVALID; } if (!IsDefinedPermission(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "No definition for permission: %{public}s!", permissionName.c_str()); + LOGC(ATM_DOMAIN, ATM_TAG, "No definition for permission: %{public}s!", permissionName.c_str()); return AccessTokenError::ERR_PERMISSION_NOT_EXIST; } if (!PermissionValidator::IsPermissionFlagValid(flag)) { - LOGE(ATM_DOMAIN, ATM_TAG, "flag: %{public}d, Invalid params!", flag); + LOGC(ATM_DOMAIN, ATM_TAG, "flag: %{public}d, Invalid params!", flag); return AccessTokenError::ERR_PARAM_INVALID; } bool needKill = false; @@ -465,6 +465,33 @@ int32_t PermissionManager::CheckAndUpdatePermission(AccessTokenID tokenID, const return UpdatePermission(tokenID, permissionName, isGranted, flag, needKill); } +int32_t PermissionManager::CheckAndUpdatePermission(AccessTokenID tokenID, const std::string& permissionName, + bool isGranted, uint32_t flag) +{ + HapTokenInfo hapInfo; + AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenID, hapInfo); + ClearThreadErrorMsg(); + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_PERMISSION", + HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "SCENE_CODE", UpdatePermSceneCode::UPDATE_PERM_START, + "TOKENID", tokenID, "USERID", hapInfo.userID, "BUNDLENAME", hapInfo.bundleName, "INSTINDEX", hapInfo.instIndex, + "PERMISSION_NAME", permissionName, "PERMISSION_FLAG", flag, "GRANTED_FLAG", isGranted); + + int32_t ret = CheckAndUpdatePermissionInner(tokenID, permissionName, isGranted, flag); + + uint32_t newFlag = flag; + if (ret == RET_SUCCESS && GetPermissionFlag(tokenID, permissionName, flag) == RET_SUCCESS) { + flag = newFlag; + } + + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_PERMISSION", + HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "SCENE_CODE", UpdatePermSceneCode::UPDATE_PERM_FINISH, + "TOKENID", tokenID, "PERMISSION_NAME", permissionName, "PERMISSION_FLAG", flag, "GRANTED_FLAG", isGranted, + "ERROR_CODE", ret); + ReportSysCommonEventError(static_cast(isGranted ? IAccessTokenManagerIpcCode::COMMAND_GRANT_PERMISSION : + IAccessTokenManagerIpcCode::COMMAND_REVOKE_PERMISSION), ret); + return ret; +} + int32_t PermissionManager::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) { LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}u, permissionName: %{public}s, flag: %{public}d", @@ -867,7 +894,7 @@ bool PermissionManager::InitDlpPermissionList(const std::string& bundleName, int std::shared_ptr infoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenId.tokenIdExStruct.tokenID); if (infoPtr == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Token %{public}u is invalid.", tokenId.tokenIdExStruct.tokenID); + LOGC(ATM_DOMAIN, ATM_TAG, "Token %{public}u is invalid.", tokenId.tokenIdExStruct.tokenID); return false; } (void)infoPtr->GetPermissionStateList(initializedList); diff --git a/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp b/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp index ccb878ac6..d965600c0 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp @@ -425,12 +425,12 @@ bool TempPermissionObserver::IsAllowGrantTempPermission(AccessTokenID tokenID, c { HapTokenInfo tokenInfo; if (AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenID, tokenInfo) != RET_SUCCESS) { - LOGE(ATM_DOMAIN, ATM_TAG, "Invalid tokenId(%{public}d)", tokenID); + LOGC(ATM_DOMAIN, ATM_TAG, "Invalid tokenId(%{public}d)", tokenID); return false; } auto iterator = std::find(g_tempPermission.begin(), g_tempPermission.end(), permissionName); if (iterator == g_tempPermission.end()) { - LOGW(ATM_DOMAIN, ATM_TAG, "Permission is not available to temp grant: %{public}s!", permissionName.c_str()); + LOGC(ATM_DOMAIN, ATM_TAG, "Permission is not available to temp grant: %{public}s!", permissionName.c_str()); return false; } return CheckPermissionState(tokenID, permissionName, tokenInfo.bundleName); diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index 353ad782c..515d1b52c 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -24,6 +24,7 @@ #include "accesstoken_dfx_define.h" #include "accesstoken_id_manager.h" #include "accesstoken_info_manager.h" +#include "accesstoken_service_ipc_interface_code.h" #include "constant_common.h" #include "data_validator.h" #include "hap_token_info.h" @@ -45,6 +46,7 @@ #include "short_grant_manager.h" #include "string_ex.h" #include "system_ability_definition.h" +#include "time_util.h" #include "token_field_const.h" #ifdef TOKEN_SYNC_ENABLE #include "token_modify_notifier.h" @@ -83,6 +85,14 @@ static constexpr int32_t SA_ID_ACCESSTOKEN_MANAGER_SERVICE = 3503; constexpr uint32_t TIMEOUT = 40; // 40s thread_local int32_t g_timerId = 0; #endif // HICOLLIE_ENABLE + +constexpr uint32_t BITMAP_INDEX_0 = 0; +constexpr uint32_t BITMAP_INDEX_1 = 1; +constexpr uint32_t BITMAP_INDEX_2 = 2; +constexpr uint32_t BITMAP_INDEX_3 = 3; +constexpr uint32_t BITMAP_INDEX_4 = 4; +constexpr uint32_t BITMAP_INDEX_5 = 5; +constexpr uint32_t BITMAP_INDEX_6 = 6; } const bool REGISTER_RESULT = @@ -609,10 +619,73 @@ static void TransferHapPolicy(const HapPolicy& policyIn, HapPolicy& policyOut) policyOut.aclExtendedMap = policyIn.aclExtendedMap; } +static void DumpEventInfo(const HapPolicy& policy, AccessTokenDfxInfo& dfxInfo) +{ + dfxInfo.permInfo = std::to_string(policy.permStateList.size()) + " : ["; + for (const auto& permState : policy.permStateList) { + dfxInfo.permInfo.append(permState.permissionName + ", "); + } + dfxInfo.permInfo.append("]"); + + dfxInfo.aclInfo = std::to_string(policy.aclRequestedList.size()) + " : ["; + for (const auto& perm : policy.aclRequestedList) { + dfxInfo.aclInfo.append(perm + ", "); + } + dfxInfo.aclInfo.append("]"); + + dfxInfo.preauthInfo = std::to_string(policy.preAuthorizationInfo.size()) + " : ["; + for (const auto& preAuthInfo : policy.preAuthorizationInfo) { + dfxInfo.preauthInfo.append(preAuthInfo.permissionName + ", "); + } + dfxInfo.preauthInfo.append("]"); + + dfxInfo.extendInfo = std::to_string(policy.aclExtendedMap.size()) + " : {"; + for (const auto& aclExtend : policy.aclExtendedMap) { + dfxInfo.extendInfo.append(aclExtend.first + ": " + aclExtend.second + ", "); + } + dfxInfo.extendInfo.append("}"); +} + +void AccessTokenManagerService::ReportAddHap(const HapInfoParcel& info, const HapPolicyParcel& policy) +{ + AccessTokenDfxInfo dfxInfo; + dfxInfo.sceneCode = AddHapSceneCode::INSTALL_START; + dfxInfo.tokenId = info.hapInfoParameter.tokenID; + dfxInfo.userId = info.hapInfoParameter.userID; + dfxInfo.bundleName = info.hapInfoParameter.bundleName; + dfxInfo.instIndex = info.hapInfoParameter.instIndex; + dfxInfo.dlpType = static_cast(info.hapInfoParameter.dlpType); + dfxInfo.isRestore = info.hapInfoParameter.isRestore; + + DumpEventInfo(policy.hapPolicy, dfxInfo); + + ReportSysEventAddHap(dfxInfo); +} + +void AccessTokenManagerService::ReportAddHapFinish(AccessTokenIDEx fullTokenId, const HapInfoParcel& info, + int64_t beginTime, int32_t errorCode) +{ + int64_t endTime = TimeUtil::GetCurrentTimestamp(); + AccessTokenDfxInfo dfxInfo; + dfxInfo.sceneCode = AddHapSceneCode::INSTALL_FINISH; + dfxInfo.tokenId = fullTokenId.tokenIdExStruct.tokenID; + dfxInfo.tokenIdEx = fullTokenId; + dfxInfo.userId = info.hapInfoParameter.userID; + dfxInfo.bundleName = info.hapInfoParameter.bundleName; + dfxInfo.instIndex = info.hapInfoParameter.instIndex; + dfxInfo.duration = endTime - beginTime; + dfxInfo.errorCode = errorCode; + ReportSysEventAddHap(dfxInfo); + ReportSysCommonEventError(static_cast(IAccessTokenManagerIpcCode::COMMAND_INIT_HAP_TOKEN), errorCode); +} + int32_t AccessTokenManagerService::InitHapToken(const HapInfoParcel& info, const HapPolicyParcel& policy, uint64_t& fullTokenId, HapInfoCheckResultIdl& resultInfoIdl) { LOGI(ATM_DOMAIN, ATM_TAG, "Init hap %{public}s.", info.hapInfoParameter.bundleName.c_str()); + int64_t beginTime = TimeUtil::GetCurrentTimestamp(); + ReportAddHap(info, policy); + AccessTokenID tokenID = IPCSkeleton::GetCallingTokenID(); if (!IsPrivilegedCalling() && (VerifyAccessToken(tokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) { @@ -633,11 +706,13 @@ int32_t AccessTokenManagerService::InitHapToken(const HapInfoParcel& info, const resultInfoIdl.permissionName = permCheckResult.permCheckResult.permissionName; int32_t rule = permCheckResult.permCheckResult.rule; resultInfoIdl.rule = static_cast(rule); + ReportAddHapFinish({0}, info, beginTime, ERR_PERM_REQUEST_CFG_FAILED); return ERR_OK; } } else { if (!PermissionManager::GetInstance().InitDlpPermissionList( info.hapInfoParameter.bundleName, info.hapInfoParameter.userID, initializedList)) { + ReportAddHapFinish({0}, info, beginTime, ERR_PERM_REQUEST_CFG_FAILED); return ERR_PERM_REQUEST_CFG_FAILED; } } @@ -647,9 +722,7 @@ int32_t AccessTokenManagerService::InitHapToken(const HapInfoParcel& info, const int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo( info.hapInfoParameter, policyCopy.hapPolicy, tokenIdEx); fullTokenId = tokenIdEx.tokenIDEx; - if (ret != RET_SUCCESS) { - return ret; - } + ReportAddHapFinish(tokenIdEx, info, beginTime, ret); return ret; } @@ -666,8 +739,25 @@ int AccessTokenManagerService::DeleteToken(AccessTokenID tokenID) if (this->GetTokenType(tokenID) != TOKEN_HAP) { return AccessTokenError::ERR_PARAM_INVALID; } + + int64_t beginTime = TimeUtil::GetCurrentTimestamp(); + + HapTokenInfo hapInfo; + AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenID, hapInfo); + ClearThreadErrorMsg(); + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "DEL_HAP", + HiviewDFX::HiSysEvent::EventType::STATISTIC, "SCENE_CODE", DeleteTokenInfoSceneCode::DELETE_HAP_START, + "TOKENID", tokenID, "USERID", hapInfo.userID, "BUNDLENAME", hapInfo.bundleName, "INSTINDEX", hapInfo.instIndex); + // only support hap token deletion - return AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); + int32_t ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); + + int64_t endTime = TimeUtil::GetCurrentTimestamp(); + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "DEL_HAP", + HiviewDFX::HiSysEvent::EventType::STATISTIC, "SCENE_CODE", DeleteTokenInfoSceneCode::DELETE_HAP_FINISH, + "TOKENID", tokenID, "DURATION", endTime - beginTime, "ERROR_CODE", ret); + ReportSysCommonEventError(static_cast(IAccessTokenManagerIpcCode::COMMAND_DELETE_TOKEN), ret); + return ret; } int AccessTokenManagerService::GetTokenType(AccessTokenID tokenID) @@ -715,6 +805,31 @@ int32_t AccessTokenManagerService::AllocLocalTokenID( return ERR_OK; } +int32_t AccessTokenManagerService::UpdateHapTokenCore(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, + const HapPolicyParcel& policyParcel, HapInfoCheckResultIdl& resultInfoIdl) +{ + std::vector InitializedList; + + resultInfoIdl.realResult = ERR_OK; + HapInfoCheckResult permCheckResult; + if (!PermissionManager::GetInstance().InitPermissionList( + info.appDistributionType, policyParcel.hapPolicy, InitializedList, permCheckResult)) { + resultInfoIdl.realResult = ERROR; + resultInfoIdl.permissionName = permCheckResult.permCheckResult.permissionName; + int32_t rule = permCheckResult.permCheckResult.rule; + resultInfoIdl.rule = static_cast(rule); + LOGC(ATM_DOMAIN, ATM_TAG, "InitPermissionList failed, tokenId=%{public}u.", tokenIdEx.tokenIdExStruct.tokenID); + ReportSysCommonEventError(static_cast(IAccessTokenManagerIpcCode::COMMAND_UPDATE_HAP_TOKEN), + ERR_PERM_REQUEST_CFG_FAILED); + ClearThreadErrorMsg(); + return ERR_OK; + } + int32_t ret = AccessTokenInfoManager::GetInstance().UpdateHapToken(tokenIdEx, info, + InitializedList, policyParcel.hapPolicy); + + return ret; +} + int32_t AccessTokenManagerService::UpdateHapToken(uint64_t& fullTokenId, const UpdateHapInfoParamsIdl& infoIdl, const HapPolicyParcel& policyParcel, HapInfoCheckResultIdl& resultInfoIdl) { @@ -732,23 +847,34 @@ int32_t AccessTokenManagerService::UpdateHapToken(uint64_t& fullTokenId, const U info.apiVersion = infoIdl.apiVersion; info.isSystemApp = infoIdl.isSystemApp; info.appDistributionType = infoIdl.appDistributionType; - std::vector InitializedList; - resultInfoIdl.realResult = ERR_OK; - HapInfoCheckResult permCheckResult; - if (!PermissionManager::GetInstance().InitPermissionList( - info.appDistributionType, policyParcel.hapPolicy, InitializedList, permCheckResult)) { - resultInfoIdl.realResult = ERROR; - resultInfoIdl.permissionName = permCheckResult.permCheckResult.permissionName; - int32_t rule = permCheckResult.permCheckResult.rule; - resultInfoIdl.rule = static_cast(rule); - return ERR_OK; - } - int32_t ret = AccessTokenInfoManager::GetInstance().UpdateHapToken(tokenIdEx, info, - InitializedList, policyParcel.hapPolicy); + int64_t beginTime = TimeUtil::GetCurrentTimestamp(); + HapTokenInfo hapInfo; + AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID, hapInfo); + ClearThreadErrorMsg(); + + AccessTokenDfxInfo dfxInfo; + DumpEventInfo(policyParcel.hapPolicy, dfxInfo); + + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_HAP", + HiviewDFX::HiSysEvent::EventType::STATISTIC, "SCENE_CODE", UpdateHapTokenSceneCode::UPDATE_HAP_START, + "TOKENID", tokenIdEx.tokenIdExStruct.tokenID, "TOKENIDEX", tokenIdEx.tokenIDEx, + "USERID", hapInfo.userID, "BUNDLENAME", hapInfo.bundleName, "INSTINDEX", hapInfo.instIndex, + "PERM_INFO", dfxInfo.permInfo, "ACL_INFO", dfxInfo.aclInfo, "PREAUTH_INFO", dfxInfo.preauthInfo, + "EXTEND_INFO", dfxInfo.extendInfo); + + int32_t ret = UpdateHapTokenCore(tokenIdEx, info, policyParcel, resultInfoIdl); fullTokenId = tokenIdEx.tokenIDEx; + + int64_t endTime = TimeUtil::GetCurrentTimestamp(); + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_HAP", + HiviewDFX::HiSysEvent::EventType::STATISTIC, "SCENE_CODE", UpdateHapTokenSceneCode::UPDATE_HAP_FINISH, + "TOKENID", tokenIdEx.tokenIdExStruct.tokenID, "TOKENIDEX", tokenIdEx.tokenIDEx, + "DURATION", endTime - beginTime, "ERROR_CODE", ret); + ReportSysCommonEventError(static_cast(IAccessTokenManagerIpcCode::COMMAND_UPDATE_HAP_TOKEN), ret); return ret; } + int32_t AccessTokenManagerService::GetTokenIDByUserID(int32_t userID, std::vector& tokenIds) { LOGD(ATM_DOMAIN, ATM_TAG, "UserID: %{public}d", userID); @@ -1129,7 +1255,48 @@ void AccessTokenManagerService::AccessTokenServiceParamSet() const } } -void AccessTokenManagerService::GetConfigValue() +void AccessTokenManagerService::SetDefaultValueIfNeed(int32_t cancelTime, uint32_t& parseConfigFlag) +{ + parseConfigFlag = 0x1 | 0x1 << BITMAP_INDEX_1 | 0x1 << BITMAP_INDEX_2 | 0x1 << BITMAP_INDEX_3 | + 0x1 << BITMAP_INDEX_4 | 0x1 << BITMAP_INDEX_5 | 0x1 << BITMAP_INDEX_6; + + if (grantBundleName_.empty()) { + grantBundleName_ = GRANT_ABILITY_BUNDLE_NAME; + // clear bit + parseConfigFlag &= ~(1 << BITMAP_INDEX_0); + } + + if (grantAbilityName_.empty()) { + grantAbilityName_ = GRANT_ABILITY_ABILITY_NAME; + parseConfigFlag &= ~(1 << BITMAP_INDEX_1); + } + + if (grantServiceAbilityName_.empty()) { + grantServiceAbilityName_ = GRANT_ABILITY_ABILITY_NAME; + parseConfigFlag &= ~(1 << BITMAP_INDEX_2); + } + + if (permStateAbilityName_.empty()) { + permStateAbilityName_ = PERMISSION_STATE_SHEET_ABILITY_NAME; + parseConfigFlag &= ~(1 << BITMAP_INDEX_3); + } + + if (globalSwitchAbilityName_.empty()) { + globalSwitchAbilityName_ = GLOBAL_SWITCH_SHEET_ABILITY_NAME; + parseConfigFlag &= ~(1 << BITMAP_INDEX_4); + } + + if (cancelTime == 0) { + parseConfigFlag &= ~(1 << BITMAP_INDEX_5); + } + + if (applicationSettingAbilityName_.empty()) { + applicationSettingAbilityName_ = APPLICATION_SETTING_ABILITY_NAME; + parseConfigFlag &= ~(1 << BITMAP_INDEX_6); + } +} + +void AccessTokenManagerService::GetConfigValue(uint32_t& parseConfigFlag) { LibraryLoader loader(CONFIG_PARSE_LIBPATH); ConfigPolicyLoaderInterface* policy = loader.GetObject(); @@ -1140,29 +1307,17 @@ void AccessTokenManagerService::GetConfigValue() AccessTokenConfigValue value; if (policy->GetConfigValue(ServiceType::ACCESSTOKEN_SERVICE, value)) { // set value from config - grantBundleName_ = value.atConfig.grantBundleName.empty() ? - GRANT_ABILITY_BUNDLE_NAME : value.atConfig.grantBundleName; - grantAbilityName_ = value.atConfig.grantAbilityName.empty() ? - GRANT_ABILITY_ABILITY_NAME : value.atConfig.grantAbilityName; - grantServiceAbilityName_ = value.atConfig.grantServiceAbilityName.empty() ? - GRANT_ABILITY_ABILITY_NAME : value.atConfig.grantServiceAbilityName; - permStateAbilityName_ = value.atConfig.permStateAbilityName.empty() ? - PERMISSION_STATE_SHEET_ABILITY_NAME : value.atConfig.permStateAbilityName; - globalSwitchAbilityName_ = value.atConfig.globalSwitchAbilityName.empty() ? - GLOBAL_SWITCH_SHEET_ABILITY_NAME : value.atConfig.globalSwitchAbilityName; - applicationSettingAbilityName_ = value.atConfig.applicationSettingAbilityName.empty() ? - APPLICATION_SETTING_ABILITY_NAME : value.atConfig.applicationSettingAbilityName; + grantBundleName_ = value.atConfig.grantBundleName; + grantAbilityName_ = value.atConfig.grantAbilityName; + grantServiceAbilityName_ = value.atConfig.grantServiceAbilityName; + permStateAbilityName_ = value.atConfig.permStateAbilityName; + globalSwitchAbilityName_ = value.atConfig.globalSwitchAbilityName; TempPermissionObserver::GetInstance().SetCancelTime(value.atConfig.cancleTime); - } else { - LOGI(ATM_DOMAIN, ATM_TAG, "No config file or config file is not valid, use default values"); - grantBundleName_ = GRANT_ABILITY_BUNDLE_NAME; - grantAbilityName_ = GRANT_ABILITY_ABILITY_NAME; - grantServiceAbilityName_ = GRANT_ABILITY_ABILITY_NAME; - permStateAbilityName_ = PERMISSION_STATE_SHEET_ABILITY_NAME; - globalSwitchAbilityName_ = GLOBAL_SWITCH_SHEET_ABILITY_NAME; - applicationSettingAbilityName_ = APPLICATION_SETTING_ABILITY_NAME; + applicationSettingAbilityName_ = value.atConfig.applicationSettingAbilityName; } + SetDefaultValueIfNeed(value.atConfig.cancleTime, parseConfigFlag); + LOGI(ATM_DOMAIN, ATM_TAG, "GrantBundleName_ is %{public}s, grantAbilityName_ is %{public}s, " "grantServiceAbilityName_ is %{public}s, permStateAbilityName_ is %{public}s, " "globalSwitchAbilityName_ is %{public}s, applicationSettingAbilityName_ is %{public}s.", @@ -1205,13 +1360,26 @@ bool AccessTokenManagerService::Initialize() { MemoryGuard guard; ReportSysEventPerformance(); - AccessTokenInfoManager::GetInstance().Init(); + + uint32_t hapSize = 0; + uint32_t nativeSize = 0; + uint32_t pefDefSize = 0; + uint32_t dlpSize = 0; + AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize); #ifdef EVENTHANDLER_ENABLE TempPermissionObserver::GetInstance().InitEventHandler(); ShortGrantManager::GetInstance().InitEventHandler(); #endif - GetConfigValue(); + AccessTokenDfxInfo dfxInfo; + dfxInfo.pid = getpid(); + dfxInfo.hapSize = hapSize; + dfxInfo.nativeSize = nativeSize; + dfxInfo.permDefSize = pefDefSize; + dfxInfo.dlpSize = dlpSize; + GetConfigValue(dfxInfo.parseConfigFlag); + + ReportSysEventServiceStart(dfxInfo); LOGI(ATM_DOMAIN, ATM_TAG, "Initialize success"); return true; } @@ -1270,7 +1438,7 @@ int32_t AccessTokenManagerService::CallbackExit(uint32_t code, int32_t result) #ifdef HICOLLIE_ENABLE HiviewDFX::XCollie::GetInstance().CancelTimer(g_timerId); #endif // HICOLLIE_ENABLE - ReportSysCommonEventError(code, 0); + ClearThreadErrorMsg(); return ERR_OK; } } // namespace AccessToken diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index 3b517f9b7..e48cd3520 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -85,7 +85,7 @@ AccessTokenInfoManager::~AccessTokenInfoManager() this->hasInited_ = false; } -void AccessTokenInfoManager::Init() +void AccessTokenInfoManager::Init(uint32_t& hapSize, uint32_t& nativeSize, uint32_t& pefDefSize, uint32_t& dlpSize) { OHOS::Utils::UniqueWriteGuard lk(this->managerLock_); if (hasInited_) { @@ -105,23 +105,26 @@ void AccessTokenInfoManager::Init() ReportSysEventServiceStartError( INIT_NATIVE_TOKENINFO_ERROR, "GetAllNativeTokenInfo fail from native json.", ret); } - uint32_t hapSize = 0; - uint32_t nativeSize = tokenInfos.size(); - InitHapTokenInfos(hapSize); - InitNativeTokenInfos(tokenInfos); - uint32_t pefDefSize = GetDefPermissionsSize(); - ReportSysEventServiceStart(getpid(), hapSize, nativeSize, pefDefSize); - LOGI(ATM_DOMAIN, ATM_TAG, "InitTokenInfo end, hapSize %{public}d, nativeSize %{public}d, pefDefSize %{public}d.", - hapSize, nativeSize, pefDefSize); #ifdef SUPPORT_SANDBOX_APP std::vector dlpPerms; ret = policy->GetDlpPermissions(dlpPerms); + dlpSize = dlpPerms.size(); if (ret == RET_SUCCESS) { - LOGI(ATM_DOMAIN, ATM_TAG, "Load dlpPer size=%{public}zu.", dlpPerms.size()); + LOGI(ATM_DOMAIN, ATM_TAG, "Load dlpPer size=%{public}zu.", dlpSize); DlpPermissionSetManager::GetInstance().ProcessDlpPermInfos(dlpPerms); } #endif + + InitHapTokenInfos(hapSize); + nativeSize = tokenInfos.size(); + InitNativeTokenInfos(tokenInfos); + pefDefSize = GetDefPermissionsSize(); + + LOGI(ATM_DOMAIN, ATM_TAG, + "InitTokenInfo end, hapSize %{public}u, nativeSize %{public}u, pefDefSize %{public}u, dlpSize %{public}u.", + hapSize, nativeSize, pefDefSize, dlpSize); + hasInited_ = true; LOGI(ATM_DOMAIN, ATM_TAG, "Init success"); } @@ -151,6 +154,58 @@ void AccessTokenInfoManager::InitDmCallback(void) } #endif +int32_t AccessTokenInfoManager::AddHapInfoToCache(uint32_t& hapSize, const GenericValues& tokenValue, + const std::vector& permStateRes, const std::vector& extendedPermRes) +{ + AccessTokenID tokenId = (AccessTokenID)tokenValue.GetInt(TokenFiledConst::FIELD_TOKEN_ID); + std::string bundle = tokenValue.GetString(TokenFiledConst::FIELD_BUNDLE_NAME); + int result = AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_HAP); + if (result != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenId %{public}u add id failed, error=%{public}d.", tokenId, result); + ReportSysEventServiceStartError(INIT_HAP_TOKENINFO_ERROR, + "RegisterTokenId fail, " + bundle + std::to_string(tokenId), result); + return result; + } + std::shared_ptr hap = std::make_shared(); + result = hap->RestoreHapTokenInfo(tokenId, tokenValue, permStateRes, extendedPermRes); + if (result != RET_SUCCESS) { + AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); + LOGE(ATM_DOMAIN, ATM_TAG, "TokenId %{public}u restore failed.", tokenId); + return result; + } + + AccessTokenID oriTokenId = 0; + result = AddHapTokenInfo(hap, oriTokenId); + if (result != RET_SUCCESS) { + AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); + LOGE(ATM_DOMAIN, ATM_TAG, "TokenId %{public}u add failed.", tokenId); + ReportSysEventServiceStartError(INIT_HAP_TOKENINFO_ERROR, + "AddHapTokenInfo fail, " + bundle + std::to_string(tokenId), result); + return result; + } + + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx.tokenIdExStruct.tokenID = tokenId; + tokenIdEx.tokenIdExStruct.tokenAttr = hap->GetAttr(); + + AccessTokenDfxInfo dfxInfo; + dfxInfo.sceneCode = AddHapSceneCode::INIT; + dfxInfo.tokenId = tokenId; + dfxInfo.tokenIdEx = tokenIdEx; + dfxInfo.userId = hap->GetUserID(); + dfxInfo.bundleName = hap->GetBundleName(); + dfxInfo.instIndex = hap->GetInstIndex(); + ReportSysEventAddHap(dfxInfo); + + hapSize++; + LOGI(ATM_DOMAIN, ATM_TAG, + " Restore hap token %{public}u bundle name %{public}s user %{public}d," + " permSize %{public}d, inst %{public}d ok!", + tokenId, hap->GetBundleName().c_str(), hap->GetUserID(), hap->GetReqPermissionSize(), hap->GetInstIndex()); + + return RET_SUCCESS; +} + void AccessTokenInfoManager::InitHapTokenInfos(uint32_t& hapSize) { GenericValues conditionValue; @@ -171,36 +226,10 @@ void AccessTokenInfoManager::InitHapTokenInfos(uint32_t& hapSize) ReportSysEventServiceStartError(INIT_HAP_TOKENINFO_ERROR, "Load exetended value from db fail.", ret); } for (const GenericValues& tokenValue : hapTokenRes) { - AccessTokenID tokenId = (AccessTokenID)tokenValue.GetInt(TokenFiledConst::FIELD_TOKEN_ID); - std::string bundle = tokenValue.GetString(TokenFiledConst::FIELD_BUNDLE_NAME); - int result = AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_HAP); - if (result != RET_SUCCESS) { - LOGE(ATM_DOMAIN, ATM_TAG, "TokenId %{public}u add id failed, error=%{public}d.", tokenId, result); - ReportSysEventServiceStartError(INIT_HAP_TOKENINFO_ERROR, - "RegisterTokenId fail, " + bundle + std::to_string(tokenId), result); - continue; - } - std::shared_ptr hap = std::make_shared(); - result = hap->RestoreHapTokenInfo(tokenId, tokenValue, permStateRes, extendedPermRes); - if (result != RET_SUCCESS) { - AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); - LOGE(ATM_DOMAIN, ATM_TAG, "TokenId %{public}u restore failed.", tokenId); - continue; - } - - result = AddHapTokenInfo(hap); - if (result != RET_SUCCESS) { - AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); - LOGE(ATM_DOMAIN, ATM_TAG, "TokenId %{public}u add failed.", tokenId); - ReportSysEventServiceStartError(INIT_HAP_TOKENINFO_ERROR, - "AddHapTokenInfo fail, " + bundle + std::to_string(tokenId), result); + ret = AddHapInfoToCache(hapSize, tokenValue, permStateRes, extendedPermRes); + if (ret != RET_SUCCESS) { continue; } - hapSize++; - LOGI(ATM_DOMAIN, ATM_TAG, - " Restore hap token %{public}u bundle name %{public}s user %{public}d," - " permSize %{public}d, inst %{public}d ok!", - tokenId, hap->GetBundleName().c_str(), hap->GetUserID(), hap->GetReqPermissionSize(), hap->GetInstIndex()); } } @@ -218,7 +247,7 @@ std::string AccessTokenInfoManager::GetHapUniqueStr(const std::shared_ptrGetUserID(), info->GetBundleName(), info->GetInstIndex()); } -int AccessTokenInfoManager::AddHapTokenInfo(const std::shared_ptr& info) +int AccessTokenInfoManager::AddHapTokenInfo(const std::shared_ptr& info, AccessTokenID& oriTokenId) { if (info == nullptr) { LOGE(ATM_DOMAIN, ATM_TAG, "Token info is null."); @@ -245,13 +274,9 @@ int AccessTokenInfoManager::AddHapTokenInfo(const std::shared_ptrGetTokenID(), "USERID", info->GetUserID(), "BUNDLENAME", info->GetBundleName(), - "INSTINDEX", info->GetInstIndex()); - // add hap to kernel int32_t userId = info->GetUserID(); { @@ -275,14 +300,14 @@ std::shared_ptr AccessTokenInfoManager::GetHapTokenInfoInnerF std::vector hapTokenResults; int32_t ret = AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_HAP_INFO, conditionValue, hapTokenResults); if (ret != RET_SUCCESS || hapTokenResults.empty()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to find Id(%{public}u) from hap_token_table, err: %{public}d, " + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to find Id(%{public}u) from hap_token_table, err: %{public}d, " "hapSize: %{public}zu, mapSize: %{public}zu.", id, ret, hapTokenResults.size(), hapTokenInfoMap_.size()); return nullptr; } std::vector permStateRes; ret = AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_PERMISSION_STATE, conditionValue, permStateRes); if (ret != RET_SUCCESS) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to find Id(%{public}u) from perm_state_table, err: %{public}d, " + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to find Id(%{public}u) from perm_state_table, err: %{public}d, " "mapSize: %{public}zu.", id, ret, hapTokenInfoMap_.size()); return nullptr; } @@ -291,7 +316,7 @@ std::shared_ptr AccessTokenInfoManager::GetHapTokenInfoInnerF ret = AccessTokenDb::GetInstance().Find( AtmDataType::ACCESSTOKEN_PERMISSION_EXTEND_VALUE, conditionValue, extendedPermRes); if (ret != RET_SUCCESS) { // extendedPermRes may be empty - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to find Id(%{public}u) from perm_extend_value_table, err: %{public}d, " + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to find Id(%{public}u) from perm_extend_value_table, err: %{public}d, " "mapSize: %{public}zu.", id, ret, hapTokenInfoMap_.size()); return nullptr; } @@ -299,7 +324,7 @@ std::shared_ptr AccessTokenInfoManager::GetHapTokenInfoInnerF std::shared_ptr hap = std::make_shared(); ret = hap->RestoreHapTokenInfo(id, hapTokenResults[0], permStateRes, extendedPermRes); if (ret != RET_SUCCESS) { - LOGE(ATM_DOMAIN, ATM_TAG, "Id %{public}u restore failed, err: %{public}d, mapSize: %{public}zu.", + LOGC(ATM_DOMAIN, ATM_TAG, "Id %{public}u restore failed, err: %{public}d, mapSize: %{public}zu.", id, ret, hapTokenInfoMap_.size()); return nullptr; } @@ -404,7 +429,7 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id) { ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdType(id); if (type != TOKEN_HAP) { - LOGE(ATM_DOMAIN, ATM_TAG, "Token %{public}u is not hap.", id); + LOGC(ATM_DOMAIN, ATM_TAG, "Token %{public}u is not hap.", id); return ERR_PARAM_INVALID; } std::shared_ptr info; @@ -415,17 +440,17 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id) AccessTokenIDManager::GetInstance().ReleaseTokenId(id); if (hapTokenInfoMap_.count(id) == 0) { - LOGE(ATM_DOMAIN, ATM_TAG, "Hap token %{public}u no exist.", id); + LOGC(ATM_DOMAIN, ATM_TAG, "Hap token %{public}u no exist.", id); return ERR_TOKENID_NOT_EXIST; } info = hapTokenInfoMap_[id]; if (info == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Hap token %{public}u is null.", id); + LOGC(ATM_DOMAIN, ATM_TAG, "Hap token %{public}u is null.", id); return ERR_TOKEN_INVALID; } if (info->IsRemote()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Remote hap token %{public}u can not delete.", id); + LOGC(ATM_DOMAIN, ATM_TAG, "Remote hap token %{public}u can not delete.", id); return ERR_IDENTITY_CHECK_FAILED; } std::string HapUniqueKey = GetHapUniqueStr(info); @@ -435,7 +460,13 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id) } hapTokenInfoMap_.erase(id); } - RemoveHapTokenInfoFromDb(info); + + int32_t ret = RemoveHapTokenInfoFromDb(info); + if (ret != RET_SUCCESS) { + LOGC(ATM_DOMAIN, ATM_TAG, "Remove info from db failed, ret is %{public}d", ret); + ReportSysCommonEventError(0, ret); + ClearThreadErrorMsg(); + } LOGI(ATM_DOMAIN, ATM_TAG, "Remove hap token %{public}u ok!", id); PermissionStateNotify(info, id); @@ -443,10 +474,6 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id) TokenModifyNotifier::GetInstance().NotifyTokenDelete(id); #endif - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "DEL_HAP", HiviewDFX::HiSysEvent::EventType::STATISTIC, - "TOKENID", info->GetTokenID(), "USERID", info->GetUserID(), "BUNDLENAME", info->GetBundleName(), - "INSTINDEX", info->GetInstIndex()); - return RET_SUCCESS; } @@ -490,27 +517,40 @@ int32_t AccessTokenInfoManager::CheckHapInfoParam(const HapInfoParams& info, con continue; } if (!DataValidator::IsAclExtendedMapContentValid(extendValue.first, extendValue.second)) { - LOGC(ATM_DOMAIN, ATM_TAG, "acl extended content is unvalid."); + LOGC(ATM_DOMAIN, ATM_TAG, "Acl extended content is invalid."); return AccessTokenError::ERR_PARAM_INVALID; } } return ERR_OK; } -int AccessTokenInfoManager::CreateHapTokenInfo( - const HapInfoParams& info, const HapPolicy& policy, AccessTokenIDEx& tokenIdEx) +void AccessTokenInfoManager::ReportAddHapIdChange(const std::shared_ptr& hapInfo, + AccessTokenID oriTokenId) { - if (CheckHapInfoParam(info, policy) != ERR_OK) { - return AccessTokenError::ERR_PARAM_INVALID; - } - AccessTokenID tokenId = info.tokenID; + AccessTokenDfxInfo dfxInfo; + dfxInfo.sceneCode = AddHapSceneCode::TOKEN_ID_CHANGE; + dfxInfo.tokenId = hapInfo->GetTokenID(); + dfxInfo.oriTokenId = oriTokenId; + dfxInfo.userId = hapInfo->GetUserID(); + dfxInfo.bundleName = hapInfo->GetBundleName(); + dfxInfo.instIndex = hapInfo->GetInstIndex(); + ReportSysEventAddHap(dfxInfo); +} + +int32_t AccessTokenInfoManager::RegisterTokenId(const HapInfoParams& info, AccessTokenID& tokenId) +{ + int32_t res = RET_SUCCESS; + if (info.isRestore) { - LOGI(ATM_DOMAIN, ATM_TAG, "isRestore is true, tokenId is %{public}u", tokenId); - int32_t res = AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_HAP); + LOGI(ATM_DOMAIN, ATM_TAG, "IsRestore is true, tokenId is %{public}u.", info.tokenID); + + res = AccessTokenIDManager::GetInstance().RegisterTokenId(info.tokenID, TOKEN_HAP); if (res != RET_SUCCESS) { - LOGC(ATM_DOMAIN, ATM_TAG, "Token Id register failed, res is %{public}d", res); + LOGC(ATM_DOMAIN, ATM_TAG, "Token Id register failed, errCode is %{public}d.", res); return res; } + + tokenId = info.tokenID; } else { int32_t dlpFlag = (info.dlpType > DLP_COMMON) ? 1 : 0; int32_t cloneFlag = ((dlpFlag == 0) && (info.instIndex) > 0) ? 1 : 0; @@ -521,6 +561,20 @@ int AccessTokenInfoManager::CreateHapTokenInfo( } } + return res; +} + +int AccessTokenInfoManager::CreateHapTokenInfo( + const HapInfoParams& info, const HapPolicy& policy, AccessTokenIDEx& tokenIdEx) +{ + if (CheckHapInfoParam(info, policy) != ERR_OK) { + return AccessTokenError::ERR_PARAM_INVALID; + } + AccessTokenID tokenId; + int32_t ret = RegisterTokenId(info, tokenId); + if (ret != RET_SUCCESS) { + return ret; + } #ifdef SUPPORT_SANDBOX_APP std::shared_ptr tokenInfo; HapPolicy policyNew = policy; @@ -531,14 +585,26 @@ int AccessTokenInfoManager::CreateHapTokenInfo( #else std::shared_ptr tokenInfo = std::make_shared(tokenId, info, policy); #endif - AddHapTokenInfoToDb(tokenInfo, info.appIDDesc, policy, false); - int ret = AddHapTokenInfo(tokenInfo); + ret = AddHapTokenInfoToDb(tokenInfo, info.appIDDesc, policy, false); + if (ret != RET_SUCCESS) { + LOGC(ATM_DOMAIN, ATM_TAG, "AddHapTokenInfoToDb failed, errCode is %{public}d.", ret); + AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); + return ret; + } + + AccessTokenID oriTokenID = 0; + ret = AddHapTokenInfo(tokenInfo, oriTokenID); if (ret != RET_SUCCESS) { LOGC(ATM_DOMAIN, ATM_TAG, "%{public}s add token info failed", info.bundleName.c_str()); AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); RemoveHapTokenInfoFromDb(tokenInfo); return ret; } + + if (oriTokenID != 0) { + ReportAddHapIdChange(tokenInfo, oriTokenID); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Create hap token %{public}u bundleName %{public}s user %{public}d inst %{public}d isRestore %{public}d ok", tokenId, tokenInfo->GetBundleName().c_str(), tokenInfo->GetUserID(), tokenInfo->GetInstIndex(), info.isRestore); @@ -630,17 +696,17 @@ int32_t AccessTokenInfoManager::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const { AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; if (!DataValidator::IsAppIDDescValid(info.appIDDesc)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Token %{public}u parm format error!", tokenID); + LOGC(ATM_DOMAIN, ATM_TAG, "Token %{public}u parm format error!", tokenID); return AccessTokenError::ERR_PARAM_INVALID; } std::shared_ptr infoPtr = GetHapTokenInfoInner(tokenID); if (infoPtr == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Token %{public}u is invalid, can not update!", tokenID); + LOGC(ATM_DOMAIN, ATM_TAG, "Token %{public}u is invalid, can not update!", tokenID); return AccessTokenError::ERR_TOKENID_NOT_EXIST; } if (infoPtr->IsRemote()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Remote hap token %{public}u can not update!", tokenID); + LOGC(ATM_DOMAIN, ATM_TAG, "Remote hap token %{public}u can not update!", tokenID); return ERR_IDENTITY_CHECK_FAILED; } if (info.isSystemApp) { @@ -655,15 +721,12 @@ int32_t AccessTokenInfoManager::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const int32_t ret = AddHapTokenInfoToDb(infoPtr, info.appIDDesc, hapPolicy, true); if (ret != RET_SUCCESS) { + LOGC(ATM_DOMAIN, ATM_TAG, "Add hap info %{public}u to db failed!", tokenID); return ret; } LOGI(ATM_DOMAIN, ATM_TAG, "Token %{public}u bundle name %{public}s user %{public}d \ inst %{public}d tokenAttr %{public}d update ok!", tokenID, infoPtr->GetBundleName().c_str(), infoPtr->GetUserID(), infoPtr->GetInstIndex(), infoPtr->GetHapInfoBasic().tokenAttr); - // DFX - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_HAP", - HiviewDFX::HiSysEvent::EventType::STATISTIC, "TOKENID", tokenID, "USERID", - infoPtr->GetUserID(), "BUNDLENAME", infoPtr->GetBundleName(), "INSTINDEX", infoPtr->GetInstIndex()); #ifdef TOKEN_SYNC_ENABLE TokenModifyNotifier::GetInstance().NotifyTokenModify(tokenID); @@ -726,12 +789,21 @@ int AccessTokenInfoManager::CreateRemoteHapTokenInfo(AccessTokenID mapID, HapTok std::shared_ptr hap = std::make_shared(mapID, hapSync); hap->SetRemote(true); - int ret = AddHapTokenInfo(hap); + AccessTokenID oriTokenId = 0; + int ret = AddHapTokenInfo(hap, oriTokenId); if (ret != RET_SUCCESS) { LOGE(ATM_DOMAIN, ATM_TAG, "Add local token failed."); return ret; } + AccessTokenDfxInfo dfxInfo; + dfxInfo.sceneCode = AddHapSceneCode::MAP; + dfxInfo.tokenId = hap->GetTokenID(); + dfxInfo.userId = hap->GetUserID(); + dfxInfo.bundleName = hap->GetBundleName(); + dfxInfo.instIndex = hap->GetInstIndex(); + ReportSysEventAddHap(dfxInfo); + return RET_SUCCESS; } @@ -961,11 +1033,11 @@ int AccessTokenInfoManager::AddHapTokenInfoToDb(const std::shared_ptrIsRemote()) { - LOGE(ATM_DOMAIN, ATM_TAG, "It is a remote hap!"); + LOGC(ATM_DOMAIN, ATM_TAG, "It is a remote hap!"); return AccessTokenError::ERR_TOKENID_NOT_EXIST; } AccessTokenID tokenID = hapInfo->GetTokenID(); @@ -1044,7 +1116,7 @@ int AccessTokenInfoManager::RemoveHapTokenInfoFromDb(const std::shared_ptr(tokenInfoBasic_.tokenID)); conditions.Put(TokenFiledConst::FIELD_PERMISSION_NAME, permissionName); - AccessTokenDb::GetInstance().Modify( + ret = AccessTokenDb::GetInstance().Modify( AtmDataType::ACCESSTOKEN_PERMISSION_STATE, permStateValues[i], conditions); + if (ret != RET_SUCCESS) { + LOGC(ATM_DOMAIN, ATM_TAG, "Modify info from db failed, ret is %{public}d", ret); + ReportSysCommonEventError(0, ret); + ClearThreadErrorMsg(); + } } return RET_SUCCESS; } diff --git a/services/accesstokenmanager/test/coverage/permission_manager_coverage_test.cpp b/services/accesstokenmanager/test/coverage/permission_manager_coverage_test.cpp index e3beda2e4..39c357004 100644 --- a/services/accesstokenmanager/test/coverage/permission_manager_coverage_test.cpp +++ b/services/accesstokenmanager/test/coverage/permission_manager_coverage_test.cpp @@ -72,7 +72,11 @@ public: void PermissionRecordManagerCoverageTest::SetUpTestCase() { - AccessTokenInfoManager::GetInstance().Init(); + uint32_t hapSize = 0; + uint32_t nativeSize = 0; + uint32_t pefDefSize = 0; + uint32_t dlpSize = 0; + AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize); } void PermissionRecordManagerCoverageTest::TearDownTestCase() {} diff --git a/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp b/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp index a519fd132..89c64022e 100644 --- a/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp +++ b/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp @@ -126,7 +126,11 @@ public: void AccessTokenInfoManagerTest::SetUpTestCase() { g_selfTokenId = GetSelfTokenID(); - AccessTokenInfoManager::GetInstance().Init(); + uint32_t hapSize = 0; + uint32_t nativeSize = 0; + uint32_t pefDefSize = 0; + uint32_t dlpSize = 0; + AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize); } void AccessTokenInfoManagerTest::TearDownTestCase() @@ -1560,7 +1564,11 @@ HWTEST_F(AccessTokenInfoManagerTest, DumpTokenInfo007, TestSize.Level1) HWTEST_F(AccessTokenInfoManagerTest, AccessTokenInfoManager001, TestSize.Level1) { AccessTokenInfoManager::GetInstance().hasInited_ = true; - AccessTokenInfoManager::GetInstance().Init(); + uint32_t hapSize = 0; + uint32_t nativeSize = 0; + uint32_t pefDefSize = 0; + uint32_t dlpSize = 0; + AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize); AccessTokenInfoManager::GetInstance().hasInited_ = false; ASSERT_EQ(false, AccessTokenInfoManager::GetInstance().hasInited_); } @@ -1586,7 +1594,8 @@ HWTEST_F(AccessTokenInfoManagerTest, GetHapUniqueStr001, TestSize.Level1) HWTEST_F(AccessTokenInfoManagerTest, AddHapTokenInfo001, TestSize.Level1) { std::shared_ptr info = nullptr; - ASSERT_NE(0, AccessTokenInfoManager::GetInstance().AddHapTokenInfo(info)); + AccessTokenID oriTokenId = 0; + ASSERT_NE(0, AccessTokenInfoManager::GetInstance().AddHapTokenInfo(info, oriTokenId)); } /** @@ -1613,7 +1622,8 @@ HWTEST_F(AccessTokenInfoManagerTest, AddHapTokenInfo002, TestSize.Level1) ASSERT_NE(static_cast(0), tokenId); std::shared_ptr infoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenId); - ASSERT_NE(0, AccessTokenInfoManager::GetInstance().AddHapTokenInfo(infoPtr)); + AccessTokenID oriTokenId = 0; + ASSERT_NE(0, AccessTokenInfoManager::GetInstance().AddHapTokenInfo(infoPtr, oriTokenId)); ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenId)); } diff --git a/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/deleteremotedevicetokensstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/deleteremotedevicetokensstub_fuzzer.cpp index ac5977c12..fd45b2931 100644 --- a/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/deleteremotedevicetokensstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/deleteremotedevicetokensstub_fuzzer.cpp @@ -58,7 +58,11 @@ namespace OHOS { if (enable) { AccessTokenID accesstoken = AccessTokenKit::GetNativeTokenId("token_sync_service"); SetSelfTokenID(accesstoken); - AccessTokenInfoManager::GetInstance().Init(); + uint32_t hapSize = 0; + uint32_t nativeSize = 0; + uint32_t pefDefSize = 0; + uint32_t dlpSize = 0; + AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize); } DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); AccessTokenID hdcd = AccessTokenKit::GetNativeTokenId("hdcd"); diff --git a/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/deleteremotetokenstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/deleteremotetokenstub_fuzzer.cpp index b9f55622a..cc7f7dca3 100644 --- a/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/deleteremotetokenstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/deleteremotetokenstub_fuzzer.cpp @@ -62,7 +62,11 @@ namespace OHOS { if (enable) { AccessTokenID accesstoken = AccessTokenKit::GetNativeTokenId("token_sync_service"); SetSelfTokenID(accesstoken); - AccessTokenInfoManager::GetInstance().Init(); + uint32_t hapSize = 0; + uint32_t nativeSize = 0; + uint32_t pefDefSize = 0; + uint32_t dlpSize = 0; + AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize); } DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); AccessTokenID hdcd = AccessTokenKit::GetNativeTokenId("hdcd"); diff --git a/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/gethaptokeninfofromremotestub_fuzzer.cpp b/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/gethaptokeninfofromremotestub_fuzzer.cpp index 98b432e1a..63a282eb8 100644 --- a/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/gethaptokeninfofromremotestub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/gethaptokeninfofromremotestub_fuzzer.cpp @@ -57,7 +57,11 @@ namespace OHOS { if (enable) { AccessTokenID accesstoken = AccessTokenKit::GetNativeTokenId("token_sync_service"); SetSelfTokenID(accesstoken); - AccessTokenInfoManager::GetInstance().Init(); + uint32_t hapSize = 0; + uint32_t nativeSize = 0; + uint32_t pefDefSize = 0; + uint32_t dlpSize = 0; + AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize); } DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); AccessTokenID hdcd = AccessTokenKit::GetNativeTokenId("hdcd"); diff --git a/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/getremotenativetokenidstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/getremotenativetokenidstub_fuzzer.cpp index 1fb794568..d1aa64cfe 100644 --- a/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/getremotenativetokenidstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/getremotenativetokenidstub_fuzzer.cpp @@ -62,7 +62,11 @@ namespace OHOS { if (enable) { AccessTokenID accesstoken = AccessTokenKit::GetNativeTokenId("token_sync_service"); SetSelfTokenID(accesstoken); - AccessTokenInfoManager::GetInstance().Init(); + uint32_t hapSize = 0; + uint32_t nativeSize = 0; + uint32_t pefDefSize = 0; + uint32_t dlpSize = 0; + AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize); } DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); AccessTokenID hdcd = AccessTokenKit::GetNativeTokenId("hdcd"); diff --git a/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/grantpermissionstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/grantpermissionstub_fuzzer.cpp index 34aa2513d..4aad6e7e3 100644 --- a/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/grantpermissionstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/grantpermissionstub_fuzzer.cpp @@ -75,7 +75,11 @@ namespace OHOS { AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_InfoParms, g_PolicyPrams); tokenIdHap = tokenIdEx.tokenIDEx; SetSelfTokenID(tokenIdHap); - AccessTokenInfoManager::GetInstance().Init(); + uint32_t hapSize = 0; + uint32_t nativeSize = 0; + uint32_t pefDefSize = 0; + uint32_t dlpSize = 0; + AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize); } bool enable = ((size % CONSTANTS_NUMBER_TWO) == 0); if (enable) { diff --git a/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/setremotehaptokeninfostub_fuzzer.cpp b/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/setremotehaptokeninfostub_fuzzer.cpp index db20383d4..5e224d983 100644 --- a/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/setremotehaptokeninfostub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/setremotehaptokeninfostub_fuzzer.cpp @@ -96,7 +96,11 @@ namespace OHOS { if (enable) { AccessTokenID accesstoken = AccessTokenKit::GetNativeTokenId("token_sync_service"); SetSelfTokenID(accesstoken); - AccessTokenInfoManager::GetInstance().Init(); + uint32_t hapSize = 0; + uint32_t nativeSize = 0; + uint32_t pefDefSize = 0; + uint32_t dlpSize = 0; + AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize); } DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); AccessTokenID hdcd = AccessTokenKit::GetNativeTokenId("hdcd"); -- Gitee